Privacy Policy

Introduction

Privacy Notice dated 02.10.2018

This Privacy Notice (the “Notice”) sets out how Funstage GmbH.registered in Austria with and address at Wiedner Hauptstraße 94, 1050 Vienna, Austria, (the “Company“we” “us” or “our“) collects and process through the mobile applications “Golden Match”, “Slots Pharaoh’s Way” and “Slots Pharaoh’s Fire” (the “Apps“) the Player´s personal data. Personal data means any information from which the player (“you“, “your” or “Player“) can be directly or indirectly identified such as a name, location, online identifier, gender, financial data, etc., (“Personal Data”). This Notice provides also the Players´ rights related to their Personal Data.

You should read this Notice carefully before using the Apps. By using or registering via the Apps, or submitting a query to the Company via the Apps or other means, including telephone or mail, you accept this Notice. If you do not accept this Notice, please not use the Apps.

This Notice is integral part and applies together with the Apps General Terms and Conditions (the “GT&C“), available here. The terms not defined in this Notice shall have the same meanings as defined in the GT&C. Therefore you will need to read and understand the GT&C in addition to this Notice.

The Company is highly committed to preserving the privacy of all Players and deliver secure and legally compliant services. This Notice has the following sections:

Who controls the data?

How can I send queries on personal data protection?

What kind of Personal Data does the Company process?

For what purposes are the Personal Data processed?

On what legal basis are the Personal Data processed?

What is the data retention period?

Security and privacy measures

Who can have access to the Personal Data?

Is Personal Data transferred abroad?

What are the Players’ rights on Personal Data?

Notice modifications


Who controls the data?

The Company controls the processing of your Personal Data. This activity is supervised by the Austrian Data Protection Authority.


How can I send queries on personal data protection?

We kindly ask you to first read our this Notice. In all cases, you can send the queries related to this Notice in the following e-mail address support@cervomedia.com Our teams and Data Protection Officer (DPO) shall address them with the due attention.


What kind of Personal Data does the Company process?

The Apps allow users to create “guest accounts”. These accounts involve a very limited amount of data. In all cases these data are fully anonymized.

 

Depending on the activities performed and services chosen by you on the Apps, we processes all or part of the following data:

  • Apps guest user activity data, that may include but are not limited to: device data, source and destination data, user number, gaming transactions, online payments number, data provided by you to customer services via emails;
  • Data that may be provided by government authorities and/or duly authorized/licensed third party companies in order for us to deliver the GT&C services, fulfill our regulatory obligations and exercise our legal rights; and
  • Data provided by third parties who’ve obtained in advance your permission to share the data in order to offer certain services e.g. social media or various mobile applications (where applicable);


For what purposes are the Personal Data processed?

We process your data for the following purposes:

  • administer the Apps, including setting up and operating the your guest account;
  • ensure the accuracy of your data for the purpose of age verification, preventing fraud, cheating, reducing business risks and protecting the integrity of the games. These activities may include a degree of semi-automatic profiling, based on your activity data;
  • fulfil the provisions contained in Apps GT&C;
  • process online payments with third party payment providers;
  • provide you with customer support, including (where applicable) telephone;
  • comply with applicable laws, regulatory obligations or respond to requests from government authorities. These obligations are mainly set in financial laws, anti-fraud and responsible gaming. These activities may include a degree of semi-automatic profiling, based on your gaming activity data;
  • protect our rights and related parties. There may be instances when we believe that it is necessary, including in good faith, to record and disclose data to: (i) protect, enforce, or defend our legal rights, privacy, safety or property, (ii) protect your safety, privacy and security or members of the public, (iii) or for business risk management purposes;
  • improve the security, services and features provided by the Apps. This may include research, surveys, obtain your feedback, internal trainings and Affiliates services;
  • complete potential merger or sale of assets. If we sell all or part of our business or assets, or is otherwise involved in a merger or transfer, we may disclose and transfer your data to the party(s) involved in the transaction;
  • further to your specific and optional consent, offer customized marketing communications fitting your interests and expectations. These are based on gaming activity data; and
  • further to your specific and optional consent, offer direct marketing communications that are of (i) generic or partially based on your gaming journey and/or (ii) customized via email, instant messages, and (where applicable) chats, SMS and telephone.

You shall be notified in case the data may be processed for purposes and/or parties other than those provided above.


On what legal basis are the Personal Data processed?

The processing of the data for the purposes of:

  • The above sections from (1) to (5) are necessary for the execution of the Apps GT&C. Therefore are mandatory as otherwise the services could not be provided;
  • The above section (6) is requested by laws and therefore it is also mandatory;
  • The above section (7) to (9) are performed on the basis of our legitimate interest and our counterparties, including business risk management and protecting of gaming products integrity. These activities are adequately balanced with your interest since the data processing is performed within the limits strictly necessary for these activities. You can object the processing of the data at any time through the modalities of this Notice;
  • The above sections (10) and (11) are optional. Without your consent we shall not provide generic and/or customized marketing communications.


What is the data retention period?

The following retention periods and criteria will apply, unless a different period is required or permitted by applicable law or we have reasonable belief that it is necessary:

  • data collected for the purposes of the above sections from (1) to (9) is retained during the execution of the Apps GT&C. Plus the applicable retention periods set or allowed by specific laws, after the termination of the services;
  • data collected for the purpose of the above sections (10) and (11) is retained during the execution of the Apps GT&C and/or until you have required their deletion.

In case of further queries you may contact us at the email address indicated in this Notice.


Security and privacy measures

The data is processed through partially or fully automated electronic means and protected with adequate security measures. Processing activities that may produce significant legal effects, such as decisions based on profiling, involve always a human intervention and/or final decision. In particular, we use appropriate legal, administrative, technical, personnel and physical measures to safeguard personal data in its possession against loss, theft and unauthorized use, disclosure or modification.

The Apps may contain links to and from partner networks and/or third party websites/apps e.g. social media. If you follow a link to any of these websites/apps, should note that they have their own privacy policies and general terms and conditions. We do not accept any responsibility or liability for their content. You should check such policies and terms before accepting and submitting any information to them.


Who can have access to the Personal Data?

The data can be processed by recipients located within or outside of the European Economic Area (EEA) in compliance with the following limits:

  • our employees who are responsible for the processing and safekeeping of the data;
  • our parent company and some subsidiaries, and third party service providers such as payments and marketing services for the purpose of providing the GT&C services and our legitimate interest. This may include employees, associates, agents, sub-contractors and product providers; and
  • government authorities to comply with the legal obligations. This may involve (if applicable) the reporting of fraudulent suspicion and responsible gambling cases, to the relevant authorities and other authorized third party companies.

Access to your data by third parties is limited only to the information necessary to perform their function on our behalf or as required by law. They shall be made subject to confidentiality and data protection obligations provided by law and as considered necessary by us.


Is Personal Data transferred abroad?

We will not transfer your data to a country outside the EEA unless the due safeguards are in place.

Some non-EEA countries are recognized by the European Commission (EC) as providing an adequate level of data protection. The list of these countries is available at: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm

For transfers from the EEA to countries not considered adequate by the EC, we will put in place appropriate and suitable safeguards to protect the Personal Data and in compliance with the applicable data protection laws, such as standard contractual clauses adopted by the EC as per the EU General Data Protection Regulation 2016/679 (the “Privacy Regulation”).

You may request further information by contacting us at the address indicated in this Notice.


What are the Players’ rights on Personal Data?

You can at any time:

 

  • obtain confirmation of the existence of personal data. This information is primarily provided on the Apps;
  • know the origin, purposes and method of processing of the data and the logic applied to processing carried out through electronic tools. This information is provided in this Notice, as well as when using the features of the Apps.
  • request the update, correction or integration of further relevant personal data. This service is provided via the customer service;
  • revoke at any time, the data processing consent. It does not prejudice in any way the lawfulness of the data processing based on prior consents. This service may be offered via specific tools e.g. opt-out or un-subscriptions;
  • request us to restrict the processing of personal data where:
    • you contests the accuracy of the personal data until we have taken sufficient steps to correct or verify its accuracy;
    • the processing is unlawful but you do not want that we erase the personal data;
    • we no longer need the data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims; or
    • you have objected processing justified on legitimate interests, pending verification if we had compelling legitimate grounds to continue processing;
  • object the data processing including those based on our legitimate interest and (where applicable) the decisions being taken by fully automated means.. This request may result in the termination of the services provided to you;
  • request the erasure of the data without undue delay. This request may result in the termination of the services provided to you;
  • receive an electronic copy of the provided data, if you would like to port them to a different service provider. This service is provided by sending a request to the customer service; and
  • lodge a complaint with the data protection authority.

Unless otherwise provided above, these services are offered by sending a written request.

The services are offered free of charge, however under certain circumstances, we may apply a reasonable fee and fully or partially refuse the request. We will do our best to accommodate the requests. However this will be limited to the extent applicable to the limited anonymous data processed by us. Sometimes other legal obligations or third party rights may take precedence.

The requests submitted by you shall be handled within one month of receipt. This may be extended by two further months, based on complexity and number of the requests.


Notice modifications

 

This Notice is valid from the date indicated in its header. We could make further modifications as a consequence of business developments or legal and regulatory changes. Significant changes to this Notice will be notified in advance.