Privacy Policy
This overall privacy policy ("privacy policy") is related to the website https://www.casinoepic.com and / or any subpages and / or associated domains (and / or subpages). These will hereinafter be referred to as the "Page". It also applies to any service offered on the site (may also include sales of goods) by Kanon Gaming Limited, the owner of the site, ("we", "us", "our", "Kanon Gaming" or similar) and all related software applications (Apps) where personal data is handled. In this overall privacy policy, words such as "you", "your", "the player" and "the customer" will refer to a natural person using the site and / or related service.
Although this privacy policy is detailed and contains thorough information about how we handle personal data (via the site, via applications or in other ways), additions may be made in connection with various subpages and products that apply on top of the rules below.
Although our goal is to always be clear and concise with all information about personal data, we ask you to show understanding that certain legal documents can sometimes be difficult to read. However, we ask you to review this privacy policy (which we have tried to simplify as far as possible) to find out how we handle your data. Do not hesitate to contact us if you have any questions or want us to develop our information about an individual part of the document. You can, for example, contact us if you want to know how different processes we carry out are linked to individual laws in the country in which you operate. We can quickly and easily help you get answers to what you are wondering about.
Applicable laws
As a business established in Malta, within the EU, it is mainly the following laws that apply to us and that affect you when you use our site and / or our services:
• The Maltese Data Protection Act (formerly Chapter 440 and now Chapter 586) together with the additions under the same law - ‘DPA’
• Regulation 2016/679 of the European Parliament and of the Council, adopted on 27 April 2016, on the protection of personal data and the free movement of data. This also includes Regulation 95/46 / EC (General Data Protection Regulation) - ‘GDPR’.
We refer to all of the above together as the "data protection laws".
What is personal data?
By personal data is meant all types of information that identify you as a person, or that can identify another person. When it is not possible for us to use anonymous and / or anonymised information (in a way that does not identify any user of the website or the customers of our services), we are still active in protecting your privacy. We always work hard to protect your personal data.
We collect personal information in various ways, both digitally via the website (either when you choose to provide us with certain information or in some cases automatically or from a third party) as well as non-digitally (for example when you fill in a physical form to benefit of one or more of our services).
Personal data that we collect from you:
There are different categories of personal data that we collect about you, namely:
Contact information:
• First name
• Surname
• Address
• Mobile number
• Email address
Registration data:
• Username
• Password
• Social security number
• Country
• Gender
• Any other information transferred in connection with the use of BankID
Marketing data:
• Name
• Email address
• Address
• Interests
• Proof that you have accepted the terms and conditions (where required)
• If you said no to marketing (through us or through a third party)
• Website data
• Online identification tool (IP address and information from your browser)
• Time
Data for safe play:
• First name
• Surname
• Social security number
• Address
• Mobile number
• Email address
• Country
• Transactions approved and denied
• Self-exclusion data
Self-exclusion data:
• Registration information
• Contact information
• Social security number
• Information about self-exclusion such as date and time
Tracking data:
• IP address
• Location data
Financial information:
• Details related to your bank
• Credit card information
• Transaction-related information
Other information:
In some cases (for example, if you are a customer, or potential customer, of our services) we may request additional personal information as a way to securely identify you or for another similar legal purpose (which will be explained in the table below and / or in a summary policy that may have linked you here). The additional information we may request from you to be able to offer you our services includes:
Many of the categories of personal information above are collected directly from you (for example, your contact information and your registration data). However, we may also collect personal information from other sources, including computer companies, publicly available databases, joint marketing partners, social media and other third parties. We may also receive personal information about you from a third party when we need to confirm your identity, your contact information or certain financial information. If this is the case, we will take all measures required by law to further inform you about the source of such personal data and the categories of personal data we collect and process. There are certain cases in law where we are specifically prohibited from disclosing such activities to you (for example, when we carry out checks to counter money laundering).For a detailed description of the reasons behind why we use data in the categories above (and all other specific personal data we process) and the corresponding legal grounds for doing so, see "What we use your personal data for (the purpose of processing) here.• More secure identification methods
• Proof of address
• Proof of payment and origin of the money
• Documentation for verification (KYC)
To see the information and personal data that we automatically collect when you visit our site, you can read our policy for cookies which you will find in the menu at the bottom of our page.
Social media
If you choose to link one or more of your social media accounts to our site (if possible), certain categories of personal data will be shared with us from the providers of each social media account.
How and why we collect personal data
As a general rule, we will not collect personal data, ie information that identifies you as a person, which you have not personally agreed to share with us. This is data that you provide to us when you register, when you contact us, use any of our services or use a service from a third party via our site. It is also about when you manually request access to any service such as taking part in our newsletters and offers here).
Unless otherwise stated, or required by applicable laws and regulations, we will generally collect personal data only at times when:
• We must be able to offer you the products and services you demand;
• We are bound by laws and regulations to collect and retain information for a specified period of time; and
• We consider it necessary and in the best interests of our business.
For a more detailed description of reasons why we process different parts of your personal data, and how the different categories are on a legal basis in the areas we operate, you are welcome to contact our customer service at [email protected].
Personal data from a third party
By giving us access to, or allowing us to access, personal information related to others than yourself, you let us know that you have the authority to send us this personal information. It is your responsibility to ensure that you have the legal right to disclose personal data that is processed in accordance with what is stated in this privacy policy.
What we use your personal data for (the reason for handling)
The following is a description (in as clear a manner as possible) of what we use your personal data for, and what legal grounds we lean towards in order to do so. For more details on what is meant by terms such as "contact information", "registration data" and other categories of personal information used in the tables below, see the section above on personal data that we collect from you.
Please note that where we require your approval, you have the opportunity to change your mind and withdraw your approval when you so wish (see notes below).
Users of our site (customers and non-customers) and users of our services:
Reason for handling | Categories of personal data | Legal basis for handling |
Register as a new player | Registration data | Necessary to create contracts |
To take care of our contact and our service to you | Registration data | Necessary to create contracts.In accordance with requirements of applicable laws. |
AML / CTF and due diligence | Registration data | In accordance with requirements of applicable laws. |
To control and investigate suspicious behavior with the aim of preventing fraud and the like from affecting our business | Registration data | Reasonable interest (to counter fraud). |
Sign up for newsletters or similar | Registration data | Your consent. |
Requirements for safe play and limits in gambling | Game data | In accordance with requirements of applicable laws. |
Closing the account | Self-exclusion data | In accordance with requirements of applicable laws. |
In the ongoing use of our services:
Reason for handling | Categories of personal data | Legal basis for handling |
Your opportunity to stand in an online poll. | Registration data | Your consent |
Maintain and keep records of our systems | Registration data | Necessary to create contracts. |
Maintain and develop our relationship with you | Registration data | Necessary to create contracts |
Manage and execute payment transactions | Financial information | Necessary to create contracts. |
Be able to keep up with the services we have on the site - mainly related to online gaming | Registration data/ | Necessary to create contracts. |
Requirements for safe play and limits in gambling | Transaction and user data | In accordance with requirements from applicable laws. |
Closing of the account | Self-exclusion data | In accordance with requirements from applicable laws. |
Loyalty program | Profile data | Justifiable interest |
Comply with applicable laws and regulations in all jurisdictions | Contact information | In accordance with requirements of applicable laws. |
Sign up for newsletters or similar | Registration data | Your consent |
Be able to offer you marketing materials and information that you either wanted to receive from us, or that we are required by law to notify you | Marketing data | Your consent (where required) |
Should we need to process your data for a new purpose in the future, which is not related to the above, we will inform you of such processing in advance and you may exercise your rights to refuse in connection with such processing.
Please note that without some personal information, it may be impossible for us to provide some or all of the services you expect from us. Nor can we guarantee that our site works as it is expected to do.
Notes for approval
For the avoidance of doubt, we would like to point out that in the limited cases where we can not or choose not to rely on a legal basis (such as our own legitimate interests), we will process your personal data based on your consent. In cases where we handle data with your consent (which we will never count on, but which we should have received in a clear manner from you in cases where this happens), you have the right to revoke your consent at any time on the same way you left it to us.
Should you exercise your right to revoke your consent (by writing to us at the email address below) we will determine if there is a legal basis for processing your personal data at that time (for example due to a legal obligation that we is subject to) where we would be legally authorized (or even obliged) to process your personal data without the need for your consent and in that case notify you of this. When we request such personal information, you can always refuse, but if you do not want to provide us with the necessary information we need to provide the requested services, we may not necessarily provide such services (especially if consent is the only legal basis available to us).
Just to clarify, consent is not the only basis that allows us to process your personal data. In the previous section above, we pointed out the different bases that we lean on when we process your personal data for specific purposes.
Check that personal data is updated
Every reasonable effort is made to keep all personal information current and as accurate as possible. You can check the information we hold about you at any time by contacting us in the manner explained here. If you find any errors, we will correct them and, if necessary, remove them. Please see here for a detailed list of your legal rights in accordance with applicable data protection legislation.
Direct Marketing
We only send emails, messages and other communications related to marketing if it is legally legal. In most cases, we depend on your acceptance to send to you (especially when we use electronic communication). If at any time you no longer wish to receive marketing from us, please contact us in writing here, or update your settings on one of our pages or apps (if applicable).
In the case of direct marketing sent via electronic communication (where we are legally authorized to do so), you can easily unsubscribe via the settings on your gaming account. We only send out to those who have agreed to receive such marketing, and immediately shut down anyone who has registered in the state system for Game Break. If the information must reach you by law, we will still make the mailing. You can not turn off these messages.
Transfer to third countries
In general, the information we process about you (collected via the website, one of our apps or otherwise) is stored and processed within the European Union (EU) / European Economic Area (EEA) or any other country outside the EEA that the European Commission deems to have a high level of protection (the so-called "whitelisted" countries listed here: https://ec.europa.eu/info/law/law-topic/data-protection_en). In some cases, it may be necessary for us to transfer your personal data to a country outside the EEA that is not considered by the European Commission as a guaranteed secure country (for example, if one or more of our data processors are there). It may be that the execution of a transaction requires that we disclose your personal information with a bank located outside the EEA.
In such cases, in addition to all appropriate safeguards that we take in any case to protect your personal data, we have introduced additional measures. For example, we have ensured that the recipient is bound by EU standard contractual clauses (EU model clauses) which aim to protect your personal data as if it were a transfer within the EEA. You have the right to receive a copy of these measures by contacting us.
Communication over the internet
You will be aware that data sent over the Internet can be transmitted across international borders, even where the sender and recipient of the information are located in the same country. We can not be held responsible for what is done or omitted by you or any third party in connection with personal data before we receive it including, but not limited to, transfers of personal data from you to us via a country that has a lower level of data protection than in the European Union. This may apply to, but is not limited to, parties such as WhatsApp, Skype, Dropbox, etc.
In addition, we do not accept any responsibility for the security of your data during transport via the internet, unless our responsibility is expressly stated in a law in Malta.
Authorized sharing
Without it affecting this privacy policy, and in order to promote transparency, we reserve the right to disclose (or otherwise process) relevant personal data which applies to youAuthorized Sharing / Without prejudice to this Privacy Policy, and in order to guarantee complete transparency, we reserve the right to disclose (and otherwise process) relevant personal data that applies to you (including in some cases relevant IP addresses) to authorized third parties in or outside the EU / EEA if such information is permitted to be disclosed under the Data Protection Act (regardless of whether you have given your consent). This includes, but is not limited to, the following:
1. In order to prevent, detect or trace fraudulent behaviour (for example, if you provide false or misleading information about yourself or try to imitate someone else, we may disclose any information we have about you, in order to assist in any type of investigation into your actions);
2. If Casino Epic is involved in a merger, sale, restructuring, acquisition, assignment or transfer.
3. In order to protect and defend our rights (including the right to property), the security of our affiliates, the security of users of our site and even your own security;
4. To protect us from misuse and unauthorized use of our site or our services;
5. For any purpose that may be necessary for the performance of a contract that you may have entered into with us (including a request for the provision of third party services) or to take action at your request before entering into a contract;
6. To comply with legal obligations that may arise in response to a court agenda or order or similar official request for personal data;
7. In cases where it may be expressly permitted or required by any applicable law (eg money laundering legislation)
Sharing of personal data with other categories of recipients
Relevant information will also be published or shared (at least in accordance with the data protection laws) to/with members and staff of Casino Epic, to/with other entities within Kanon Gaming Limited (for example in in accordance with safe gaming / responsible gaming obligations) and/or to/with affiliated entities and/or subcontractors established in the European Union if they are relevant for any of the purposes set out in this privacy policy (including our service providers that facilitate the functionality of the website and/or any service you may need). Personal information is only shared by us to provide the services you request from us or for any other legal reason (including authorized information that does not require your consent).
Authorized information will only be shared in accordance with the Data Protection Act (for example, all our processors are bound by the requirements of the said Data Protection Act, including a strict obligation to keep all information they receive confidential and to ensure that their employees / staff are also bound by similar obligations). The mentioned service providers (our processors) are also bound by a number of other obligations (in particular Article 28 of the GDPR). Your personal information will never be shared with third parties for their marketing purposes (unless you give your consent). The third parties to whom we may disclose and/or share your personal information are at the date of writing the privacy policy:
Name of third party | Reason for sharing |
SendGrid | Email addresses for marketing |
Security
The personal information we may hold (and/or transfer to our affiliates/partners/subcontractors, as the case may be) will be in safe custody in accordance with our internal security policies and applicable laws. We use reasonable efforts to protect the confidentiality of all your personal data that we process and regularly review (and improve) our technical and administrative procedures so that your data is protected from:
• Unauthorized access
• Improper use
• Unauthorized modification
• Illegal destruction or accidental loss
To this end, we have implemented a security policy, rules and technical and organizational measures in order to protect the personal data we may have under our control. Furthermore, all our employees, otherwise connected and our data processors (including specific subcontractors, including cloud service providers established in the European Union), who may have access to and are associated with the processing of personal data, are obliged (by contract) to respect the privacy of our users or customers' personal data and other obligations under laws on the protection of personal data.
Albeit all the effort mentioned above, we can not guarantee that a data transmission or storage system can be 100% secure. For more information about our security measures, please contact us by e-mail to our customer service. Authorized third parties and third party vendors, with permitted access to your information (as described in this privacy policy) are specifically required to apply appropriate technical and organizational security measures, which may be necessary to protect personal data processed from unauthorized or unintentional disclosure, loss or destruction and from illegal forms of treatment. As mentioned above, the mentioned service providers (our data processors) are also bound by a number of other obligations under data protection laws (in particular Article 28 of the GDPR).
Retention periods
We retain your personal information only for as long as necessary (taking into account the purpose for which it was originally obtained). The criteria we use to determine what is "necessary" depend on the current personal information and the specific relationship we have with you (including its duration).
Our normal practice is to determine if there is any specific EU and/or Maltese law (for example, tax law or company law) that allows or even obliges us to retain certain personal data for a certain period of time (in which case we will retain personal data during the maximum period specified in any such law). For example, data that can be considered "accounting" must be kept for ten (10) years. We are also subject to a number of rules that are specific to the gaming industry - for example, those around specific gaming rules and safe gaming. In some cases (for example in the case of permanent self-exclusions) we are legally obliged to keep your personal data (name, surname, social security number, etc.) indefinitely.
We must also determine if there are any laws and/or contractual provisions that may be invoked by you and/or a third party against us and/or a third party and, if so, what time period applies to such actions (it is usually five (5) years). In the latter case, we will retain all relevant personal information that we may have in order to defend ourselves against any claims, challenges or other actions by you and/or third parties for the time necessary. If your personal information is no longer required by us, we will either securely delete or anonymize the current personal information.
Processing for research and for statistical reasons
Research and statistics that use user or customer information are performed only so that we can understand our users 'and/or customers' needs, develop and improve our services/activities and/or for philanthropic goals that are representative of Kanon Gaming purpose. In any case, we will always make sure to get the consent we legally need from you in advance. As in all other cases, we will also ensure that all appropriate protective measures are taken as necessary.
Links to third parties
Links which we provide to third party websites are clearly marked and we are not responsible in any way for (nor can we consider that we support in any way) the content of such websites (including any applicable privacy policies and data processing).
Cookies
When you visit our website, we collect certain categories of personal information automatically by using cookies and similar technology. For more detailed information including which cookies are available and how and why we process such data in this way (including the difference between necessary and non-necessary cookies), read our detailed but easy-to-read Policy for Cookies.
Minors
The Website and our services are not intended for use by persons under the age of 18 and therefore we will never intentionally collect personal information from such persons. If you are under the age of consent, contact and get your parents 'or guardians' permission to use the site and use our services.
Your rights under the Data Retention Directive
Before we address any request you make with us, we may first need to verify your identity. We will always try to act on your wishes as quickly as possible. As explained in the section on retention periods above, we may need to retain certain personal information in order to fulfill our legal storage obligations. It is also to complete transactions that you requested before changing or deleting your information.
Your statutory rights include:
• Your right to access
• Your right to correction
• Your right to be erased (the right to be forgotten)
• Your right to data restriction
• Your right to transfer data
• Your right to withdraw approval (where we needed your approval)
• Your right to protest against certain handling and use
• Your right to direct a complaint
Your right of access
You can at any time request that we confirm whether we process personal data that concerns you. If this is the case, you have the right to access this personal data and the following:
• What personal data do we have;
• Why we have access to it;
• Who we share it with;
• How long do we intend to save it (if we have the opportunity to answer);
• If we transfer it to other countries and jurisdictions, and if so how do we protect it;
• What your rights are;
• How to address a complaint;
• Where we got your personal data from;
• If we have performed any automated decision making based on your information.
Upon request, we will (without affecting the rights and freedoms of others, including our own) provide you with a copy of the personal data processed within one month of receipt of the request, which period can be extended by two months if necessary, taking into account the complexity and number of requests. We will inform you of such an extension within one month of receipt of the request together with the reasons for the delay.
Your right to correction
You have the right to ask us to correct incorrect personal information and to complete incomplete personal information about you. We can try to verify the accuracy of the information before we fix it. Some information comes directly from the bank or authorities, and we then have no possibility of change but will ask you to contact a third party to change the information at the provider of the information. It will then also be updated with us.
Your right to deletion (the right to be forgotten)
You have the right to ask us to delete your personal data and we will follow without undue delay but only where:
• The personal data is no longer necessary for the purposes for which it was collected. or
• You have withdrawn your consent (where your consent has been required for access to the data) and we have no other legal basis for retaining your personal data, or
• You have received a positive result through a complaint, (see below) ; or
• Your personal data has been handled illegally, or
• There is a settled decision regarding your data against our activities, or
• A special case has arisen which concerns the rights of children and minors.
We will never be legally bound to comply with your removal request if the processing of your personal data is necessary for:
• Your right to correction
• Your right to erasure (the right to be forgotten)
• Your right to data restriction
• Your right to transfer data
• Your right to withdraw approval (where we needed your approval)
• our right to protest against certain handling and use
• Your right to file a complaint
Your right to data restriction
You have the right to ask us to limit (ie store but not use further) your personal data, but only there:
• The accuracy of your personal data is questioned (see your right to correction) for a period that makes it possible for us to verify the accuracy of the personal data; or,
• BProcessing is illegal and you object to the deletion of your personal data; or,
• We no longer need the personal data for the purposes for which it was collected but you need the personal data to create, exercise or defend legal claims; or,
• You have exercised your right to protest or file a complaint, and we need to save the information as a basis for the case.
Upon your request for limitation, with the exception of storing your personal data, we may only process your personal data:
• Where we have your consent; or,
• To establish, defend or prove in a legal dispute; or,
• To protect the rights of another person or company; or,
• For reasons of public interest.
Your right to transfer data
You have the right to ask us to provide your personal data (which you have provided to us) in a structured, regular, machine-readable format, or (if technically possible) to have it "sent" directly to another data controller, provided that this does not adversely affect the rights and freedoms of others. This right only applies where:
• The processing is based on your consent or on the performance of a contract with you; and
• The processing takes place automatically
Your right to withdraw approval (where we needed your approval)
See our note on the approval of personal data for more information about this right (which you can use at any time).
Your right to protest against certain handling and use
• In cases where we only process your personal data when it is: 1.) necessary for the performance of a task performed in the public interest or 2.) when the processing is necessary for the legitimate interests that we have at our disposal or by a third party, you have the right to object to the processing of your personal data by us. If an objection is made, the processing of data shall cease, unless we as an inspector provide convincing and legitimate grounds that require further data processing that exceeds the objections that you may have raised.
• When your data is processed for direct marketing, you have the right to object to the processing of your personal data at any time, which includes profiling insofar as it is related to such direct marketing.
• To avoid any doubt, when we process your personal data when it is necessary for the performance of a contract, when it is necessary to comply with a law to which we are subject or when the processing is necessary to protect your vital interests or another natural person, this general right of objection shall not exist.
Your right to file a complaint
• You also have the right to lodge a complaint with the appropriate supervisory authority. The competent authority in Malta is the Office of Information and Data Protection Commissioner (OIDPC).
• We ask that you try to solve any problems that you may have with us first (although of course you have the right to contact the relevant authority at any time)
What we demand from you
As one of the security measures we take, we may need to verify your identity to ensure that we do not disclose or share personal information with unauthorized persons before we are able to assist you in exercising your rights as described above.
Response time limit
We try to respond to all legitimate inquiries within one month of receiving them. In some special cases (for example, if the case is particularly complex or if you send us several requests), it may take us longer than a month. In such cases, we will notify you accordingly and keep you updated.
Kanon Gaming - company information
Kanon Gaming is the company responsible for the management of your personal data on the current site, in accordance with what is described above. If you have any questions about this, you can send an e-mail to [email protected] or write a letter to Kanon Gaming Ltd., JPR Building, The Penthouse, Triq taz-Zwejt, San Gwann, SGN3000 Malta. You can also call us if you wish (only in English and during office hours) on telephone number (+356) 27040626. Keep in mind that the call is not free, and counts as an international call to Malta. If you call, ask to speak to our Data Protection Officer.
If you want to get in direct contact with our Data Protection Officer, her name is Sarolta Sebes and you can reach her by email [email protected].
Updates
We reserve the right to change, add to and / or remove portions of this Privacy Policy at any time. If you are an existing customer with whom we have a contractual relationship, you must be informed by us of changes made to this policy (as well as other terms that are relevant to the site). We will also archive and store previous versions of our policy for your review. As a user of the site with which we have no contractual relationship or legal tracking, it is in your best interest to regularly check for updates to this policy (which is considered effective from the date it is published on the site), if our attempts to notify you of such updates does not reach you. You have the right to ask us to correct incorrect personal information and to complete incomplete personal information about you. We have the right to verify the accuracy of the information before we make a change.