Privacy & Management of Personal Data
MULTILOTTO is committed to protecting and respecting your privacy and managing your personal data transparently and in a fair and lawful manner. We want to ensure that as our customer you feel safe in the knowledge that we shall treat all your personal data as highly confidential.This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices in processing your data, as well as your rights regarding your personal data and how we will treat it.
This Privacy Policy must be read in conjunction with our Terms and Conditions any other privacy notices we may provide you with from time-to-time. MULTILOTTO shall inform you of any changes to our privacy policy; any such changes will become effective upon posting of the revised Privacy Policy. Please check back frequently to see any updates or changes to our privacy policy; if we make any material or substantial changes to this Privacy Policy, we will use reasonable endeavours to inform you by email.
About Us
This Privacy Policy is intended to give you a complete understanding of how we process your personal data which is gathered when you decide to setup a MULTILOTTO account through our website, and which includes any data which you may provide us with upon registration and through your use of our services.
Unless otherwise defined within this Privacy Policy, capitalised terms contained herein shall have the same meaning as set out in the Terms and Conditions.
MULTILOTTO vows to protect your personal data and to always respect your privacy in accordance with the best business practices and applicable laws. You are responsible to provide us with personal data that is correct and inform us of any changes occurring in your data in writing, in order that we may take all reasonable measures to keep our records in your regard correct and up to date.
Data Controller
MultiPay N.V. of Abraham de Veerstraat 2, Willemstad, Curaçao is the Controller of Data under the terms of Regulation (EU) 2016/679 and is therefore responsible for your personal data ("MULTILOTTO" or "we", "us", "our" in this Privacy Policy).
Should you have any queries, concerns, requests or complaints in relation to the manner in which we process your personal data, you may contact our Privacy Officer by email on [email protected].
Your Data
Any information and personal details which identify you or make you easily identifiable as an individual is known as, and shall hereinafter be referred to as, your 'personal data' as better defined in Regulation (EU) 2016/679; this however does not include data where the identifiers relating to you as a data subject have been removed through anonymization.
MULTILOTTO may collect, use, store, and transfer different kinds of personal data. The table below contains information regarding the data we collect, how such data is collected, the proposed use of such data and the legal basis for processing your data, which may include legal obligations, legitimate interest, the performance of a contract and consent. These legal grounds are explained as follows:
a. Legal Obligations - Some data may be collected and processed due to laws or regulations requiring MULTILOTTO do so for the fulfilment of its legal obligations.
b. Legitimate interest - MULTILOTTO may process your personal data in the interest of conducting and managing its business and to ultimately provide you the best service and experience we possibly could. This may include sending you direct marketing communication and promotions. Before relying on this ground, we ensure that we evaluate that potential impact such processing may have on you and your rights.
c. Performance of contract - MULTILOTTO may process your personal data for the performance of contractual obligations we enter into with you and which you are a party to, in this case, our Terms and Conditions.
d. Consent - Where consent is used as a legal basis for processing your data, MULTILOTTO only processes your data in such a manner for as long as we have your consent to do so. If, at any time, you feel that you no longer wish for us to process your data in such a manner, we will no longer do so. However, this will not affect any processing of personal data that we carried out with your consent prior to the withdrawal of your consent.
Data collected |
How do we collect your data? |
What is the purpose for collection? |
The legal basis for processing of your data |
Identification data -this includes full name, username of choice, postal address, date of birth, gender, telephone number, email address |
Provided at registration |
(1) Customer identification and creation of unique customer profile (2) Customer verification for AML purposes (3) Identification of customer when contact is made (4) Contacting customers for support purposes (5) Direct Marketing communications. (6) Sharing data with third parties for personalized advertising. |
(1) Performance of contract (2) Legal obligation (3) Performance of contract / Legitimate interest (4) Performance of contract / Legitimate interest (5) Legitimate interest (6) Consent |
Data required for verification purposes - this includes your identification documents, proof of address, and possibly source of funds, source of wealth. |
Must be uploaded on player profile upon request; may be requested either through pop up on website or via email. |
(1) Verification of player identity (2) Required in order for us to comply with AML law |
(1) Legal obligation (2) Legal obligation |
Financial data - this data includes financial details relating to the deposit and withdrawal methods of your choice such as your bank details, credit card details, or other relevant details relating to the chosen payment methods. |
Collected upon deposit or withdrawal of funds into the player account. Could also be collected where we have queries via email / chat / calls |
(1) Required to provide you with the service (i.e. to deposit funds into player account) (2) Required for Know-Your-Customer ("KYC") checks (source of funds) (3) Required for cybercrime checks (4) To ensure a closed-loop policy |
(1) Performance of contract (2) Legal obligation (3) Legitimate interest (4) Legal obligation |
Transaction data - this includes details relating to payments made to and by you; |
Automatically generated when deposits and withdrawals are made |
(1) Required to provide you with the service (2) Required to comply with AML law and gaming licence requirements (3) Required to track your activity for social responsibility measures |
(1) Performance of contract (2) Legal obligation (3) Legal obligation / legitimate interest |
Gaming data – this includes details relating to the games you play on our website (i.e. your gaming activity) |
Automatically generated with gaming activity |
(1) Required to provide you with the service (2) Required to comply with remote gaming law |
(1) Performance of contract (2) Legal obligation |
Data relating to your communications with us (via email, live chat, phone call) |
Email correspondence and live chat when contact is made, phone calls may be recorded for record-keeping requirements |
(1) Required to provide you with the service (for customer queries, communicating necessary issues) |
(1) Performance of contract/ legal obligation |
Profile data - Data relating to your gaming habits and your preferences |
Automatically generated with game play, or using cookies to log preferences |
(1) May be used in aggregated and anonymised form to improve service (2) May be used to for a more personalised user experience (3) Segmentation purposes – segmenting you into different groups depending on several factors, such as your game play, etc. This is mainly for us to improve our product and service by understanding our customers better (4) Segmentation for AML and social responsibility measures (5) Targeted marketing |
(1) Legitimate interest – data in anonymised form is not personal data (2) Consent (3) Legitimate interest (4) Legitimate interest (5) Consent |
Technical data - this may include your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website. |
Cookie data |
(1) Location data / IP used to ensure customer is not from a restricted or high risk country, (2) Location data / IP address also used to ensure that they do not use proxies or VPNs, to ensure that they do not abuse bonuses or defraud by application fraud (3) All other data (including location and IP) is used to improve website functionality, troubleshoot technical issues, create more products for different platforms |
(1)Performance of contract (2)Legitimate interest (3)Legitimate interest |
Usage data – includes data relating to how you use our website |
|||
Marketing and communications data – includes your preferences relating to receiving marketing messages from us and other third parties (such as affiliates), as well as your communication preferences. |
(1) Own marketing via different communication channels |
(1) Legitimate interest |
You may find further information below relating to how we may process your data for the following reasons:
· Marketing – MULTILOTTO ensures that you have the utmost control over the marketing material you receive from us or from other third parties on our behalf. You may see and amend your choices relating to marketing in your user account here. If you feel you would like more control over what kind of marketing material we send to you, please feel free to send your suggestions to our Privacy Officer on the contact details listed above.
· AML and social responsibility – MULTILOTTO is committed to providing you with the safest and most secure gaming environment we could possibly provide. For this reason, we may process certain personal data relating to you to an extent which slightly exceeds the statutory requirements, however this is done for your own safety and peace of mind. We have a legitimate interest to do so, as we feel responsible for your online safety, however we can assure you that none of the checks we carry out are unnecessarily invasive to your rights and freedoms as a data subject.
Cookie data – A cookie is a piece of data stored on the user's computer tied to information about the user. Usage of a cookie is in no way linked to any personally identifiable information while on our site. We use both session ID cookies and persistent cookies. For the session ID cookie, once users close the browser, the cookie simply terminates. A persistent cookie is a small text file stored on the user's hard drive for an extended period of time.
Some of our business partners use cookies on our site (for example, advertisers), however, we have no access to or control over these cookies. You may consult our Privacy Officer for further information on how and for which purposes we collect your cookies.
MULTILOTTO shall not process your personal data for purposes other than those it was collected for; should further processing be required, you will be informed of that purpose and provided with all necessary information.
MULTILOTTO will use the email address which you have provided us with to send you an email welcoming you to our site; we may from time to time send out service related emails announcing for instance a temporary suspension of one or more of our services due to maintenance.
Sharing of Data
MULTILOTTO may need to share your personal data with a number of trusted third parties due to the nature of the services it provides you with. These third parties include:
(i) Game providers – sometimes our game providers would require access to select data attributes (such as username, IP address, for instance), in order to provide us with the games you play on our website;
(ii) Payments providers – similarly, we may share some of your personal data with the payment providers you use to make and receive payments on our website;
(iii) Marketing partners - where we have your consent to send you marketing and promotions, we may share your contact details (such as email address or mailing address) with our marketing partners who take care of sending out all our marketing material to you;
(iv) Governmental or regulatory authorities - where we are legally obliged to disclose your data, we may have to share your personal data with such bodies.
We may, if necessary or authorised by law, provide your personal data to law enforcement agencies, governmental or regulatory organisations, courts or other public authorities. We attempt to notify all our customers about legal demands for their personal data unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe that the requests are disproportionate, vague or lack proper authority, but we do not promise to challenge every demand.
We always ensure that any third party having access to your personal data is bound to respect the security of your personal data, and to process it in a lawful manner at all times and in compliance with our Privacy Policy and strict codes of conduct. We do not allow any third-party service providers to use your personal data for their own purposes. Processing by such third parties (also known as “Data Processors”) is solely carried out for specific purposes and in accordance with our instructions as Data Controller and on our behalf, and such third parties may only use your personal data to the extent to which we ourselves are entitled. Furthermore, in all cases, we strive to ensure that we do not share more data than is necessary to be shared for the service providers to carry out the processing activities in accordance with our instructions.
MULTILOTTO shall only be responsible for its own privacy policy and it does not warrant the standard of the privacy policies of any of the third parties who may have links placed on our site; we strongly recommend that whenever you leave our site you consult the privacy policy of any new site you may be visiting. MULTILOTTO shall in no manner whatsoever be held responsible for the manner in which third parties process the personal data you yourself provide them with.
Transfers of Personal Data
Some of the service providers mentioned above may be based in countries which do not form part of the European Economic Area (“EEA”). This may mean that your data may be stored in a location outside of the EEA. Whenever any transfers of your personal data are made to Data Processors located outside of the EEA, we always ensure that your data is protected in the same way as it is in the EEA. In order to ensure the protection of your data, we implement at least one of the following safeguards:
(i) Adequacy decision – we ensure that we transfer your personal data to countries providing an adequate level of protection according to the European Commission;
(ii) US / Swiss Privacy Shield - where the Data Processors we use are based in the United States of America or Switzerland, we try to ensure that such Data Processors are approved under the Privacy Shield. This Privacy Shield ensures that the Data Processors provide similar protection to personal data shared between the EEA and the United States or Switzerland;
(iii) Standard clauses – where the Data Processor is not based in a country benefiting from an adequacy decision or is not part of the US/Swiss privacy shield, as explained in (i) and (ii) above, we may use specific contracts, known as standard contract clauses, which are model contracts approved by the European Commission. These contracts also ensure that the personal data is afforded the same protection as it is in the EEA.
Automated Decision Making
In establishing and carrying out our business relationship, MULTILOTTO does not generally make use of fully automated decision making. If we use this procedure in individual cases, we shall inform you of this separately.
Data Security Measures
Multilotto always strives to ensure that your data is safe, both in our hands and in the hands of any third-party to whom we may disclose your data. Internally, we have put in place a number of security measures, both from a technical aspect as well as from an organisational aspect, to ensure that your data is not accidentally lost, used, accessed in an unauthorised manner, altered, or disclosed. To protect your personal data during communication with your web browser, the company uses secure and tested encryption technology from Thawt. Online transactions continue to be protected by the extremely reliable security system of a worldwide-accredited partner.
We also ensure that access to your personal data is determined on a ‘need-to-know’ basis, meaning that only the persons who have a direct need to access your personal data will have access to it. Furthermore, anyone having access to your personal data is subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected or actual personal data breaches. We will notify both you as an affected data subject and the supervisory authority concerned of any such data breach whenever we are legally required to do so and we shall maintain a log of any such breaches.
Data Retention
MULTILOTTO will only process and retain your personal data for as long as it is necessary in order to fulfill our contractual, regulatory and statutory obligations. We will assess and respond to requests to delete data. We will delete data provided that the data is no longer required in order to fulfill contractual, accounting, or reporting requirements, regulatory or statutory obligations, or the fulfillment of any obligations to preserve records according to law.
We will normally retain your records for a minimum of ten years from the date of your last recorded account activity to comply with legal, regulatory and contractual requirements unless there is a particular reason to hold the records for longer; your personal data may be retained for longer periods in the event of prospective or pending debt collecting, legal or law-enforcement proceedings and until such proceedings are formally and definitively concluded.
Please feel free to contact our Privacy Officer on the contact details provided above for further information regarding our retention periods.
Your Rights
In relation to your personal data, you have the right to:
- access to your personal data;
- rectification of your personal data;
- request erasure of your personal data.
- object to processing;
- restrict processing;
- data portability;
Request access to your personal data:
As our customer and as a data subject, you have a right to request, free of charge, a copy of the personal information we hold about you.
Request the correction or rectification of your personal data:
If any personal information we hold about you is incomplete or incorrect, you have a right to have this corrected. In order to allow your request, you may need to provide us with evidence and documentation (such as your ID, passport or proof of address);
Request the erasure of your personal data;
You shall have the right to request the erasure of your personal data where we no longer have a legitimate reason to continue using or retaining it. We will not be able to fulfil your request until you are still our customer and for a further period of five years thereafter as well as if we are under a legal obligation to retain this information, or where the retention of your information is necessary for us to defend ourselves in a legal dispute or to execute a legal title against you.
Object to the processing of your data
If we rely on our legitimate interests (or those of a third party) to process your data and you feel that our processing of your data in such a manner impacts your fundamental rights and freedoms. However, in some cases, we may be able to demonstrate that we have a compelling legitimate ground to process your data which may override your rights and freedoms. You may submit your objections to processing of your personal data on the grounds of the above-mentioned legitimate company interests by contacting our Privacy Officer;
Request the restriction of the processing of your personal data
You may ask us to temporarily suspend the processing of your personal data in one of the following scenarios: (a) where you want us to establish the accuracy of the data, (b) where you believe our use of the data is unlawful but you do not wish for us to delete it, (c) where you need us to retain your data even when we no longer need it in order for you to establish, exercise, or defend legal claims, or (d) where you have objected the use of your data but we need to verify whether we have overriding legitimate grounds to use it;
Request the transfer of your personal data (aka data portability)
This means you may ask us to transfer certain data we process about you to you or others. This right only applies to data which you provided us with and consented us to use and which were necessary for us both to honour our mutual contractual obligations so long as such data is processed by us in an automated manner. This would include your contact details, billing and usage data.
Should you consider at any time that we are handling your personal information in a manner that leaves you dissatisfied or at a disadvantage, you may at any time file a complaint with Office of the Information and Data Protection Commissioner by email on [email protected], by ordinary mail at Information and Data Protection Commissioner, Level 2, Airways House, High Street, Sliema, SLM 1549, Malta or by calling (+356) 2328 7100.
You shall also have the right to ask us not to process your personal data for marketing purposes by withdrawing your consent. You can exercise your right to prevent such processing by checking certain boxes in your account settings. You can also withdraw your consent at any time, simply by unchecking the same boxes or by contacting our Privacy Officer by email on [email protected].
It may take up to 48 hours for us to ensure that the changes are implemented into our systems and those of our marketing partners (and therefore you might receive some emails or information from us within those 48 hours for this reason); withdrawing your consent will not affect the lawfulness of the processing carried out by us up until the time you withdrew your consent.
We hope to be able to resolve any difficulties or complaints you may have by bringing them to the attention of any of our customer support services or by forwarding whatever query, request or issue you may have to our Privacy Officer on the address indicated above.
Except for your right to file a complaint with a supervisory authority, in order for MULTILOTTO to be able to action any of your requests made in accordance with your rights described above, we may need to request specific information about you to help us verify your identity. This is a security measure to ensure that we are certain that the person to whom we disclose your personal data is really you.
We will do our utmost to respond to all legitimate requests within one-month from when we receive a request. If your request is particularly complex, or if you have made multiple requests in a certain time period, it may take us a little longer. In such a case, we will notify you of this extension.
Recommendations to refrain from divulging your personal data
MULTILOTTO strongly recommend that you do not divulge your personal data to strangers or third parties during chat rooms. Remember that your personal data is sensitive and stop and think before passing on information which you may come to regret.
MULTILOTTO strongly recommend that you do not choose your username as your alias. It is advisable for your alias to be different to your user name.
Unlawful Actions and Transactions
MULTILOTTO shall take measures against any person found cheating or attempting to cheat or defraud MULTILOTTO or any of MULTILOTTO's customers or any other person using the services provided by MULTILOTTO. Cheating and defrauding shall be inclusive of but not limited to fraudulent payment, use of stolen credit cards, unauthorised chargeback or other reversal of a payment, money laundering or any other unlawful transaction.
This Web site takes every precaution to protect our users' information.
When users submit sensitive information via the website, their information is protected by industry-standard encryption technologies such as SSL, the use of which can be verified by clicking on the padlock icon next to the website's address on your web browser.
While MULTILOTTO use all endeavours to protect sensitive information online, we also do everything in our power to protect user-information off-line.
All of our users' information, not just the sensitive information mentioned above, is restricted in our offices. Only authorised MULTILOTTO employees are granted access to personally identifiable information. MULTILOTTO perform checks on all our potential employees to ensure that none of them have a criminal record. Our employees must use password-protected screen-savers when they leave their desk. When they return, they must re-enter their password to re-gain access to user information. Furthermore, ALL employees are trained and kept up-to-date on our security and privacy practices to fulfill our data protection requirements and to offer you the best service possible.
When new policy is added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our users' information is protected. Finally, the servers that store personally identifiable information are in a secure environment.
MULTILOTTO ensures that all your data is protected from unauthorised access by a so-called firewall – a computer that is fitted with complex security technology specifically designed to shield the company's network from the Internet. Additionally, the company uses reliable internal data protection mechanisms combined with a restrictive security system.