BetArena Interactive Ltd. - PRIVACY STATEMENT
BetArena Interactive Limited, a company registered in Malta under Company Uniform Identification Number C81168 and seated Level G, office 1/5597, Quantum House, 75 Abate Rigord Street, Ta‘Xbiex, Malta (hereinafter referred to as “BA”, “we,” or “our”) , is a gambling organizer trading under the brand name BetArena and part of the Superbet group of companies. BA respects your right to privacy and is committed to protect your personal data and use it appropriately.
This Privacy Statement explains how BA processes (collects, stores, shares, uses) the personal data you share with us when you visit our internet page and or communicate with us otherwise or which we generate about you and what your rights are.
Before sharing with us any information, we kindly ask you to read carefully and thoroughly this Privacy Statement. IF YOU DO NOT UNDERSTAND WITH THIS PRIVACY STATEMENT, DO NOT REGISTER ON OUR WEBSITE AND DO NOT SHARE WITH US YOUR PERSONAL DATA. You hereby acknowledge that the personal data you provide to us is supplied of your own free will to be used in accordance with the purposes described in this Privacy Statement. For data protection purposes, BA is the data controller of your personal data you submit to us.
We reserve the right to change and or update from time to time this Privacy at our discretion at any time. You will be accordingly notified in advance of such changes and or updates, which we also urge you to read carefully and make sure you understand and agree with.
The personal data that we collect about you
As used in this Privacy Statement, personal data means any information that can be used to individually identify you directly or indirectly, alone or along with other information, or contact you online or elsewhere. The categories and volume of personal data that we collect vary depending on the activities in relation to which the data is collected and include:
We also process personal data about which we do not receive directly from you, such as:
How we collect your personal data
We solely collect your personal data with your informed knowledge i.e. when you voluntarily submit it to us or when it is generated in the course of your relationship with us.
Collection of data occurs in various ways, by way of paper flyers or forms, filled in by you or at your request by our employees or other dedicated personnel (such as hostesses), fiscal receipts, or electronically. For example, personal data collection happens:
Once collected, we shall at all time ensure that any processing of personal data is carried out with the observance of the applicable laws, this Privacy Statement and for the purpose for which you submitted such data to us.
For what purpose we use your personal data
You need to know that for the processing of the personal data that you voluntarily submit to us, in certain cases your express prior written consent is required, however there are other cases where we may lawfully process this data in order to:
Your consent shall be considered granted when you actively give us your permission in view of such processing, most usually by ticking the relevant tick box or clicking a button whereby you express your wish to register in an event or to subscribe to our newsletter service.
The data we collect is only used for the purpose for which you submitted it to us, and such purpose is made clear to you at the point it is collected or here in this Privacy Statement. Thus, we intend to use your personal data as follows:
(A) We shall process your personal data in order to perform the contract based on which we provide our services to you, or in order to take steps at your request prior to entering into the contract for our services, in the following cases:
(B) Based on your prior consent, we shall process your personal data in the following cases:
(C) Based on our legal obligations, we shall process your personal data in the following cases:
(D) For pursuing our following legitimate interests, we shall process your personal data as follows:
Purpose and availability of the Privacy Statement
This Privacy Statement is meant to inform you with respect to the processing activities we perform in connection with your personal data so we urge you to read it carefully prior to sharing with us any personal data. This Privacy Statement is located on www.betarena.ro and is also available on other pages or locations where personal data are requested. At such time as the data is collected, further information may be provided, as may be necessary, in other documents (such as, but not limited to, promotional campaigns etc.) as to the purposes for which the personal data will be used. Nevertheless, the collection by us in all circumstances of personal data shall be governed by the general terms of this Privacy Statement, which shall prevail upon other documents in case of discrepancies.
What happens if you do not provide and let us use your personal data
You may at any time decide not to submit the required personal data. However, in case of your refusal to share your personal data if and when requested, we might not be able to fulfill our contractual obligations when collecting and processing the respective data represents for us a legal obligation (for example, if you refuse to provide us with your personal identification number, we cannot grant you the betting winnings, further to your acquiring our services/products). Also, you may not be eligible to participate in certain activities or events if you do not provide the minimum required information (for example, should you refuse to share with us your contact details, you may not participate in a promotional activity, as we would have no possibility to contact you to collect your winnings).
Your refusal to share your personal data in order to benefit from certain services may also limit the services and special offers we can provide you. As an example, if you fail to give your consent for receiving our newsletter, you will not be able to receive any of our newsletters. However, please be informed that we do not process your personal data should you just want to browse our website and find out more about our services and products.
With whom we share your personal data and why
In the situations when your consent is required in this respect, if you agree with such sharing, please note that we also share your personal data with data processors, acting as our contractors or service providers (also referred to as business partners in this document), for the purposes listed in the Section “For what purpose we use your personal data” above. For example, we use the services of:
- TELCOR COMMUNICATIONS SRL for bulk SMS delivery and IBM United Kingdom Ltd. through the product Watson Campaign Automation (Silverpop) for bulk email delivery;
- other group companies located in the EU and in Serbia, which assist us and provide services to us in the course of our day to day activities; such services include services provided in the bet approval process (i.e. book traders, trading teams), marketing services, customer support services, archiving and other ancillary activities related to betting industry;
- Software providers located in EU, SUA, EEA which provide us with the various software necessary for our activity.
These data processors are under the obligation to ensure the same level of diligence and security as us when it comes to the processing of your personal data. We also ensure that they are contractually obliged to process it solely based on our instructions, for the purposes set by us and in a manner that ensures its appropriate security and confidentiality, including for preventing unauthorised access to, or use of, such data and the equipment used for the processing.
Please note that we may have legal obligations to share your personal data with the Romanian authorities (such as tax authorities, the National Gambling Office, police, courts of law) if so required by the applicable laws. We may also share your personal data, in good faith, in order to protect, secure or prevent loss of our rights or for the legitimate interest of BA or its clients or the public, or to respond to various claims by other parties.
Personal data sharing may occur as part of our legal reorganization or merger or acquisition by another company or in case of a transfer of business on the basis of our legitimate interest to strengthen, expand or make our business activity more efficient. In any of the listed cases, the acquirer may have access to the data that we store, including your personal data, always subject to the applicable law.
We may also share aggregated statistical data or survey results, however, such data are anonymized and contain no personal data.
We will never share your personal data with any third party that intends to use it for direct marketing purposes, unless we have specifically informed you of this and you have given us explicit permission to do this.
Where your personal data is stored
Your personal data will be maintained, processed and stored by us and our services providers on the European Union territory, in Serbia, EEA and USA.
Each of our services providers that process and store your personal data is committed to keep it protected and secured, in accordance with industry standards and irrespective if any lesser legal requirements may apply in their jurisdiction.
Furthermore, the majority of the service providers which act as data processors on behalf of BA are enrolled in the US – EU Privacy Shield, which is a framework for transatlantic exchanges of personal data for commercial purposes between the EU and the United States of America, approved by the EU through the EU-US Privacy Shield Decision adopted on 12 July 2016. The US – EU Privacy Shield provides for a self-certification mechanism through which US based companies commit to comply with the privacy principles set out in the US – EU Privacy Shield framework, which is deemed as representing an adequate level of protection of personal data.
In the case of the data recipients which are located in third party countries for which the European Commission did not issue an adequacy decision or which are not enrolled in the EU – US Privacy Shield, BA concluded with each such recipient contracts which include contractual clauses aimed to ensure the appropriate level of protection.
Term of storage of your personal data
We assure you that your personal data will solely be stored just for as long as necessary, in accordance with the purposes for which they were collected.
For your information, we shall retain personal data:
- for as long as we are required to comply with our applicable laws and reporting and regulatory obligations (for example, archiving terms provided in the accounting legislation;
- for as long as needed to provide you with our services and fulfill our obligations to you;
- for a period of time as provided in the applicable statute of limitations, in order to be able to respond any potential claims and requests and protect our rights and any legitimate interests;
- for as long as necessary to respond your questions, offer guidance and solve your problems in connection with our services;
- to prevent fraud and abuse (for example, personal data collected in the course of “know your customer” procedures must be stored for a minimum period of 5 years according to the provisions of Law no. 656/2002 for the prevention and sanctioning of money laundering as well as for the implementation of measures for the prevention and fight against terrorism).
- until the moment you exercise the Right to erasure or the Right to data portability under the conditions mentioned in the section “Your rights” subsection D and respectively F)
Upon expiry of the terms mentioned above, your personal data will be deleted.
Should you desire at any time that we stop using your personal data to provide you with services, please contact us as described in Section How you can access, modify, delete or object to the use of your personal data.
Please note that in cases where your personal data deletion requests are conflicting with our legal and regulatory obligations or the data concerned by your deletion request are necessary for the exercise or defense of our legal claims, we might not be able to satisfy your request.
How we keep your personal data secure
BA has implemented all necessary technical and organizational measures, be them physical, electronic or procedural, to protect the confidentiality and security of the personal data you share with us.
These measures were implemented to protect your data against unauthorized, destruction, loss, alteration, access, disclosure or use. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. Information sent and received through the BetArena site and our applications is encrypted using Secure Socket Layer (SSL) technology. BetArena owns a 24/7 network traffic monitoring system to detect signs of attacks or intrusions.
You will at all times have the following rights as to your personal data processed by us (the “Rights”):
(A) Right to basic information. You have the right to be provided with information on the identity of the controller, the controller's reasons for processing their personal data and other relevant information necessary to ensure the fair and transparent processing of your personal data.
(B) Right of access. You have the right to confirmation of whether, and where, our company is processing your personal data, information about the purposes of the processing, information about the categories of data being processed, information about the categories of recipients with whom the data may be shared, information about the period for which the data will be stored (or the criteria used to determine that period, information about the existence of the rights to erasure, to rectification, to restriction of processing and to object to processing, information about the existence of the right to complain to the Data Protection Authority (ANSPDC), where the data were not collected from you, information as to the source of the data, information about the existence of, and an explanation of the logic involved in, any automated processing that has a significant effect on you.
(C) Right to rectification. You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.
(D) Right to erasure (‘right to be forgotten’). You have the right to obtain from us the erasure of your personal data without undue delay and we shall have the obligation to erase your personal data without undue delay if: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw your consent on which the processing is based, if there is no other legal ground for the processing; (c) you object to the processing pursuant to your opposition right and there are no overriding legitimate grounds for the processing, or you object against the processing of your data for direct marketing purposes; (d) the personal data have been unlawfully processed; (e) the personal data have to be erased for compliance with a legal obligation in EU or other law applicable to us. Notwithstanding the above, we may continue to lawfully process your personal data to the extent that processing is necessary: (a) for exercising the right of freedom of expression and information; (b) for compliance with a legal obligation; (c) for the establishment, exercise or defense of legal claims.
(E) Right to restriction of processing. You have the right to obtain from us restriction of processing where one of the following applies: (a) if you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data; (b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; (c) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; (d) you objected to processing pending the verification whether our legitimate grounds of override those claimed by you.
(F) Right to data portability. You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, where: (a) the processing is based on consent or on a contract; and (b) the processing is carried out by automated means.
(G) Right to object. You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on the legitimate interests of ours or of a third party. However, we have the right to demonstrate that we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or that the purpose of the processing is for the establishment, exercise or defense of legal claims.
(H) Right not to be subject to a decision based solely on automated processing. Unless the decision (a) is necessary for entering into, or performance of, a contract between the you and us; (b) is authorised by the Union law or the law applicable to us; or (c) is based on your explicit consent, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
We will give effect to the rights of access, rectification, erasure and the right to object free of charge. We may charge a reasonable fee for repetitive requests, or requests which we find manifestly unfounded or excessive or for further copies.
We will respond to you in a time frame of 30 days after receiving a request from you made under those rights. If we receive large numbers of requests, or especially complex requests, the time limit may be extended by a maximum of two further months.
If will not meet this deadline, you can/ may complain to ANSPDC and may seek a judicial remedy.
How you can access, modify, delete or object to the use of your personal data
In order to exercise your Rights listed above, you can always contact us at: email@example.com You may at any time refuse to share any of your personal data with us or you may object to the processing of your personal data by us. However, you must understand that if you choose this option in certain cases, we might not be able to fulfil our contractual obligations to you, as mentioned in Section “What happens if you do not provide and let us use your personal data” above,
We recommend that you do not opt-in for communications or services when you first register, if you do not want to receive such services or communications (newsletters, calls, announcements or other communications and/or services from us). If you opted-in and you subsequently decide that you no longer desire to benefit from these services or communications, we inform you that we give you the option to discontinue receiving communications and services in the future by unsubscribing. For this, you just need to follow the unsubscribe process or instructions provided in our communications or notify us of your intention at firstname.lastname@example.org
Treatment of children's personal data
BA services and products are not intended for children (that is persons under 18 years). BA does not knowingly collect personal data from minors. You must be over 18 years old to benefit from the services and products of, and engage in communications with, BA. By registering in our events and contacting us, you confirm that you are at least 18 years old and are fully able to enter into, comply with and be legally bound by our any terms and conditions made available to you and this Privacy Statement. If we are notified or learn that a minor person has submitted personal data to us by any means of communication, we will immediately delete his/her personal data.
How you can contact us
For any questions or requests for clarification in connection with this Policy Statement, you are invited to contact us at: 021-9093 or at the address: email@example.com