Privacy Notice Bethard Group Limited
Bethard Group plc is committed to respecting and protecting your privacy, including any personal data which you may provide to us, in accordance with applicable data protection laws and regulations.
This Privacy Notice sets out how your personal information is collected, the basis on which it is collected, and how it will be processed and kept secure. Additional measures are in place to protect the confidentiality of any data which may be considered as sensitive.
Please read the following policy carefully to fully understand our practices and how we deal with personal data.
2 Who are we?
We are BETHARD GROUP LIMITED, a company incorporated in Malta and registered under company number C 69565 with its registered address at 6 Paceville Avenue, St. Julians STJ3109, Malta. All references to "Bethard", "we", "our" and "us" are references to Bethard Group Limited.
Bethard is the owner and operator of the domain www.bethard.com (the Site) and acts as the ‘data controller’ for the purposes of applicable data protection legislation and regulations.
3 What information we collect
The following types of information may be collected when you use our services:
• Information we collect about you: Certain personal information is collected automatically when you visit our Site. This information includes, but is not limited to, technical information about the devices used (such as model, operating system, IP address, browser type, mobile device identifier), log-in information, traffic data, online-browsing habits and other information about your visit based on how you interact with our products.
• Information you give us: At registration, you provide us with your personal details such as name, surname, mobile number, gender, date of birth, email address and your country of residence. During the course of play, we may also request additional information and documentation including identity cards, bank cards, bank statement, source of wealth, source of funds, utility bill, and other relevant information you may provide to us. We keep records of correspondence, whether via the Website, email, or other means. (Telephone calls may be monitored or recorded - We might do this to check that we have carried out your instructions correctly; to resolve queries or issues; for regulatory purposes; to help improve our quality of service; to help us train our staff; or to help detect or prevent fraud or other crimes).
• Information from third-parties: We may also obtain personal data about you from third-parties such as specialist companies providing verification services, credit reference agencies, and fraud prevention agencies.
• Public Information: In effort of promoting responsible gambling we do consider our customers’ financial ability to gamble, and prevent our products and services from being used for illegal purposes. We continuously observe account activity that could present a risk, by doing so we may look publicly available information about you such as social media pages, property ownership details and insolvency registers. Although this information is public, we remain very careful of your privacy and use it only as and where necessary for carrying out these checks
4 Basis of collecting Data
Bethard collects, processes and stores personal information for the following reasons:
• To comply with our legal and regulatory obligations and commitments, including those relating to responsible gaming and anti-money laundering. We may be required to use and store personal data, including medical data, for the prevention, detection or investigation of any suspicious behaviour, fraudulent activity, crime, problem gambling, or other potential risk;
Below is a non-exhaustive list of when personal data may be collected or used in complying with legal and regulatory obligations:
• to redirect the prospective player to the correct country site, in accordance with our license conditions;
• to ensure our services are only offered to eligible persons;
• to screen players against anti-fraud software
• prevent, detect and prosecute all types of crime
• verify your identity and establish the source of funding in any transaction;
• For direct marketing and event communications of our goods and services through various platforms, including e-mail, phone, SMS, push notification or any other appropriate means. Upon registration with us, we will ask you if you would like to receive marketing communications. Thereby, we will be requesting your consent upon registration. You may choose not to opt in and therefore not to receive direct marketing at all. You may also choose to opt in from one medium and not another. In the latter case you will only receive direct marketing communications via the medium which you opted in for. The consent you give or don’t give in relation to receiving direct marketing communications, can be changed at any time by amending your preferences through your Account once logged in or by contacting customer support via e-mail or live chat. Alternatively, you may also send an email to our Data Protection Officer (DPO) on email@example.com
• For any other purpose which is in accordance with our legitimate interests. In such cases, your personal data will still be protected and will not be processed in any manner which would be unfair to you. We will not process your personal data in our legitimate interests if it is the case that our interests are overridden by the interests, rights or freedoms of affected individuals (such as you). To determine if we can process your data on this basis, we shall consider a number of factors, such as, what your reasonable expectations are about the processing of the data, the nature of the data, and the impact of the processing on you.
When the legal basis for processing your personal data solely our legitimate interests, a report on the balancing test used on this particular regard may be made available to you, upon request.
You may object at any time when legitimate interest reasons are being used as a ground to process your personal data, although this right may not be absolute.
Processing data for legitimate interests is done: • to personalise your experience when using our products and services - to offer a more relevant, customized service (eg use of player history to provide you with recommended products); If you don’t want to receive personalised services you may disable personalisation by contacting our Customer Support or sending an email to firstname.lastname@example.org
• to improve our products and services -for analysis and research purposes so that we may improve the services offered by us; statistical and trend analysis in order to be able to analyse popular products and services and improve on them;
• to communicate with you - such as responding to your queries, requests and complaints where we will be able to manage disputes with players, to direct players to responsible gaming support staff, and to generally improve the players’ experience. Such logs could also be used to identify recurring software issues; also personal data based on the grounds of legitimate interest can be used to contact you with news and information in relations to promotions and competitions you have chosen yourself to enter.
• to make your gaming experience more secure - Any network security activity undergone by us as a gaming operator is considered to be an essential processing activity intended to ensure that its customers are continually protected.
When it comes to special categories of data (sensitive data) we will only process such data if:
• you have given us your explicit consent;
• it is necessary for the purposes of carrying out our obligations and exercising our specific rights or those of the data subject in the field of employment and social security and social protection law;
• it relates to personal data which you have made public;
• it is necessary for the establishment, exercise or defence of legal claims;
• is necessary for reasons of substantial public interest, on the basis of European Union or Member State law.
If you choose to not provide us with certain personal data, this may mean that we would not be in a position to provide you with our products or services.
Cookies are essential to keep our websites functioning correctly and securely. We also use them to make things quicker, easier and more personal for you, thus providing a better overall experience when you visit our Site.
In order to enable us to do this, cookies collect some personal information about you whenever you navigate our websites. You can choose whether to accept or reject some or all types of cookies, and can control this through your device’s browser settings. We will make you aware of this by showing you our cookie banner when you visit our Site.
Please refer to our cookies policy for more information.
6 When do we share your personal information?
Some circumstances necessitate Bethard sharing certain data with third parties. In order to mitigate certain risks, checks are carried out in order to ensure that the companies we work and collaborate with are well-equipped to give your information the same level of care and protection as we do. Both Bethard and trusted third parties are obliged to handle your information in accordance with the applicable data protection laws, and we are also required to put in place contractual measures reinforcing those obligations.
Please find below circumstances in which we share data with third parties:
• To notify you about any important changes or developments to the features and operation of products or services;
• When ordered to do so by any authority/regulatory body under any legal provision contained in the governing law;
• We may instruct and authorize the Financial Institution with which an Account Holder’s account is held to disclose any information as may be requested by the Regulator in respect of an account holder’s account;
• In order to establish, exercise or defend our legal rights;
• For fraud detection and control purposes, in cases where Bethard has reasonable grounds to suspect irregularities with an account;
• With identity verification agencies;
• With service providers to enable us to provide our services requested by you; such as the financial institutions or entities we use to facilitate processing payments;
• With third party entities who introduce you to us;
• With external auditors, who perform an independent audit on our company to examine compliance with specific laws and rules applicable to gambling operators.
7 Data Transfer outside the EU
Currently we do not transfer your Personal Data outside of the EEA. If we were to transfer your Personal Data outside of the EEA, within the Group or to our business partners, we will take all necessary measures to ensure it is protected to the same standards as it would be within the EEA.
8 Retention of Data Period
We will only retain your information for as long as is reasonably necessary to carry out the purposes outlined above and to satisfy our legal obligations.
An existing customer, we will need to retain your information to meet our legal and contractual requirements. However, when you cease using our services, it is necessary to retain your personal information for a minimum length of time required to comply with the purposes set out in this policy and in order to comply with legal obligations under EU/local laws (for example, anti-money laundering regulations, or licensing regulations);to be able to establish or defend legal claims (for example negligence claims) which could be made against us.
Certain data can be stored for a period of ten (10) years from when you stop using our services.
9 Your Rights & Choices over your Personal Information
Personal data belongs exclusively to you as the data subject. As a result, you enjoy several rights over your personal data, including:
• Right to be Informed: As a data subject, you have the right to be informed about the collection and use of your personal data, so as to be able to make informed decisions regarding the processing of such personal information.
• Right to Access Information: You may request a copy of the personal information we hold about you. This is known as a Data Subject Access Request. Should you wish to make such a request, please do not hesitate to contact customer support or our DPO on email@example.com
• Right to Erasure (Right to be Forgotten): This right allows for you, as the data subject, to request the deletion of your data. However, where we are obliged to retain this data for a specific period of time in accordance with any other laws, this data will not be deleted until such period has lapsed. You may request the right to be forgotten when:
o the information is no longer necessary in relation to the purpose for which it was collected (as explained in our privacy notice);
o if you previously gave consent to the use of your information, but subsequently decide to withdraw it and we cannot justify another legal ground for using it under data protection law;
o we process your information based on our legitimate interests and we cannot demonstrate overriding legitimate grounds to continue processing the information;
o we do not have a lawful ground under data protection law to process the information;
o the data has to be erased to comply with a legal requirement.
• Right to Data Portability: A data subject has the right the copy or transfer personal data in a ‘commonly used machine-readable format’. This allows you to obtain and reuse your information for your own purposes across different services and data controllers in a safe and secure manner. This right however is limited as the data portability right only applies to data provided by the player directly; data processed by automated means (no paper records); and to data processed based on consent or where it is necessary for the performance of a contract.
• Right to Rectification: You have the right to contact us to correct and rectify any information we hold and process about you which may be incorrect or incomplete.
• Right to Restrict Processing of Personal Data: You have the right to limit the processing of your personal data in certain circumstances.
• Right to Object to Processing of Personal Data: This right provides you with the ability to expressly object to the processing of personal data based on legitimate interest as the basis to process your personal information; the processing of personal data for the purposes of direct marketing including profiling(when it comes to sales and marketing communications, you are always given the option to withdraw your previously given consent at any time for the processing of your personal data. This is possible from the footer of the communication, or by contacting customer support via email or live chat); the processing of personal data for scientific or historical research or statistical purposes.
• Right to withdraw consent: When we rely on your consent as the basis to process your personal information – such as for sales and marketing communications, you have the right to withdraw your consent at any time. It is made very easy for you to withdraw your consent, eg with an unsubscribe button on emails, however, if you would like to request that this is done by us, you may contact Customer Support or our DPO on firstname.lastname@example.org
• Right to not be Subject to Automated Processing: We sometimes use systems to make automated decisions based on your personal information. These automated decisions can affect the products, services or features we may offer you now or in the future, or the ability to use our service.You have the right to object to a decision made by means of the automated processing of your personal information, and to request human intervention be used in the decision-making process, if such decision has the potential to produce legal effects which concern you. This also applies for personal information that is used for direct marketing purposes (including profiling).
This right does not apply when the processing is:
• necessary for entering into or for the performance of a contract with you; or
• when it is authorised by law;
10 Security of your Data
We treat your data with the utmost care and in the strictest manner. We are committed to protecting the personal information you entrust to us. We take all reasonable steps to ensure that all information collected through our Sites is treated securely and in line with this Policy and strict data protection standards.
We strive to adhere to ISO27001 principles, and on a quarterly basis we also undergo information security audits in order to confirm our integrity.
11 Contact Us
If you require any further clarification regarding your personal information or how we use it, please do not hesitate to contact our Data Protection Officer (DPO) directly on email@example.com . Kindly note that any queries forwarded to the DPO will be answered during office hours only.
If you wish to raise a complaint on how we have handled your personal data, you may contact us to have the matter investigated on firstname.lastname@example.org
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you may lodge a complaint to our lead data protection authority, the Office of the Information and Data Protection Commissioner (IDPC), or alternatively, to your national data protection regulator.
13 Changes to our Privacy Notice
Bethard reserves the right to revise, amend or modify this policy from time to time. Please check back and review it frequently for any updates or changes.
This policy was last updated on the 17th of May 2019.