Last Updated: 11th September 2019
“You”, “Your” and “User” refer to an identified or identifiable natural person being the User of the Site and/or client (or prospective client) of any of Our services.
- Applicable Laws
- What is Personal Data?
- Personal Data we collect about You
- How and why we collect Personal Data
- What we use Your Personal Data for (purpose of processing)
- Third Party Service Providers
- Special note on consent
- Accuracy of Personal Data
- Direct marketing
- Transfers to third countries
- Internet communications
- Authorized disclosures
- Sharing of Personal Data with other categories of recipients
- Security measures
- Retention periods
- Processing for research and statistical reasons
- Links to third-party sources
- Your rights under the data protection laws
- What we may require from You
- How quickly will we respond to Your request?
- Contact Us
- APPLICABLE LAWS
As an entity established in Malta (EU), the main privacy laws that are applicable to Us in so far as You are concerned, are the following:
- The Maltese Data Protection Act (Chapter 586 of the Laws of Malta) as well as the various subsidiary legislation issued under the same – the ‘DPA’ as may be amended or replaced from time to time;
- The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – the “GDPR” as may be amended or replaced from time to time; and
- Any successor legislation to the DPA and/or the GDPR.
All the above is referred to collectively as the “Data Protection Laws”
- WHAT IS PERSONAL DATA?
“PERSONAL DATA” means any information that identifies You as an individual or that relates to an identifiable individual.
Whenever it is not possible or feasible for Us to make use of anonymous and/or anonymized data (in a manner that does not identify any Users of the Site, Apps or users of Our services), We are nevertheless committed to protecting Your privacy and the security of Your Personal Data at all times. We collect Personal Data in various ways, mainly via Authorized Third Parties such as casinos, tournament organizers and other establishments who have obtained Your prior permission to providing us with such data for our database (‘Authorized Third Parties’).
- PERSONAL DATA WE COLLECT ABOUT YOU DIRECTLY THROUGH OUR SITE OR VIA AUTHORIZED THIRD PARTIES
We collect various categories of Personal Data from You or from Authorized Third Parties that have obtained Your prior consent, namely:
Contact Details –
Full legal name, nationality, state / city of residence and photograph.
IP address of the computer connected to the internet, location data through the mobile
phone and GPS data when browsing any of our Sites.
Details about how and when You use Our services (our Site).
We acquire information about You via Your access and participation in message boards, chat rooms, and/or forums on the Service, and contents of Your Customer Support requests.
Statistical data –
Details about tournament participation history, winnings history, ranking and awards.
We acquire this information about You either directly through events organized by Us or via Authorized Third Parties who have obtained Your prior consent for the compilation of such data.
Other types of data –
Other information We may collect includes Your language and time zone where a service is used, as well as information about Your computer, mobile, software, platform, incident data, IP address, network Media Access Control address and connection, browser type and language, and/or information relating to Your use and browsing habits, so that We can better understand customer behavior and improve products, services and advertising.
We or Authorized Third Parties may ask You for information when You enter a contest or promotion sponsored by Us/them, and when You report a problem with the Services; to customize the advertising and content You see, including the display of targeted advertisements; to generate anonymous and/or aggregated reporting; in the collection of Your responses to surveys that We might ask You to complete for research purposes; to administer loyalty programs, tailor offerings, or web pages and to enforce the legal terms that govern Your use of the Services and/or Your relationship with Us.
- HOW AND WHY WE COLLECT PERSONAL DATA
As a general rule, We do not collect any Personal Data, that is, information that identifies You as an individual other than that which You or Authorized Third Parties choose to provide to Us such as the data (including Contact Details) You provide when contacting Us with enquiries relating to Our services, when subscribing to any service offered by Us, such as any newsletters as may be issued by Us from time to time or even when subscribing to any offers We (and/or Our affiliates and/or corporate partners) may offer from time to time or when attending third party poker tournaments, events and casinos that have obtained Your prior consent to provide us such data.
However, we may also collect Personal Data from other sources, including data companies, publicly accessible databases, joint marketing partners, social media platform and other third parties. There are certain instances at law where We are specifically forbidden from disclosing to You such activity (for example, when carrying out due diligence for anti-money laundering purposes).
For information about the Personal Data that We may collect automatically via the Site, please see the Cookies section below.
Unless otherwise specified and subject to various controls, as a general rule, We only collect Personal Data (from You or elsewhere) that We:
- Are legally required to collect/use and to keep for a predetermined period of time
- Believe to be necessary for Our legitimate business interests
- Are authorized to collect from Authorized Third Parties which have obtained Your prior consent
- Are authorized to collect with Your consent
A detailed description of the reasons why we process specific categories of Personal Data as well as the corresponding legal ground(s) for doing so, please see the ‘What We Use Your Personal Data For (Purpose of Processing)’ below.
- WHAT WE USE YOUR PERSONAL DATA FOR (PURPOSE OF PROCESSING)
The Data Protection Laws permit us to use Personal Data only if We have a proper reason to do so. GDPR states that we must have one or more of these reasons:
- To render the services You have contracted to
- When it is Our legal duty
- When it is in Our legitimate interest – this refers to when We have a business or commercial reason to use Your Personal Data. If We rely on our legitimate interest, We will tell You what that is
- When You consent to it
Below is a description of what We use Your Personal Data for and the corresponding legal ground(s) we rely on for doing so.
Please note that where we rely on Your consent, this can be withdrawn at will at any time.
- Personal information You provide will allow Us to send to You or respond to Your emails, inquiries or requests; to notify You about information regarding the Services, or a third party service that may be of interest to You; to enable You to receive personalized content; for the purposes for which You provided the information to improve the content and navigability of the Services; to alert You to new features, special events, products and services, as well as for marketing and promotional purposes. You may also later opt out of certain of these communications.
- For the purposes of carrying out Our business comprising the collection of statistical data, producing rankings, compilation and updating of the global poker index database (available on the Site), uploading of general poker news and tournament information, categories of Personal Data we collect are mainly contact details comprising of Your name, surname, nationality, residence, photograph, tournament history and winnings history. All such Personal Data processing is done on the basis of Our legitimate interest to conduct Our business.
- For the purposes of establishing and investigating any suspicious behavior in order to protect our business from any risk, fraud or other illegal activities (such as money laundering or terrorist financing) categories of Personal Data we collect are mainly documentary data and contact details. The legal basis to collect this data is based on our compliance with legal obligations and legitimate interest in detection and prevention of fraud or other illegal activities.
- For the purposes of complying with legal and regulatory obligations including the detection and prevention of any financial crime we will be required to collect documentary data, special types of data, national identifiers and locational data based on our legal obligations.
- For the purposes of providing You with our services we will be required to collect contact details and tracking data based on Our contractual necessity.
- For the purposes of developing and managing Our brands and services We will be required to collect contact details based on legitimate interest to develop Our products and services.
- For the purposes of internal data analysis, We will be required to collect contact details and tracking data based on contractual necessity.
Finally, do note that without certain Personal Data relating to You, We may not be in the position to provide some or all of the services You expect from Us or even to guarantee the full functionality of Our Site.
- THIRD PARTY SERVICE PROVIDERS
We may employ third party companies and individuals to facilitate Our services, to provide the services on its behalf, to perform tasks (e.g. without limitation, maintenance services, database management, web analytics and improvement of the services) or to assist Us in analyzing how the services are used.
We may employ third party contractors to collect personal information on Our behalf to provide email delivery, product, prize or promotions, or other services through the service. When requesting these services, You may be asked to supply Your name, mailing address, telephone number and email address to Our contractors. We may ask some third-party contractors, data analytics or market research firms, to supplement personal information that You provide to Us for Our own marketing and demographic studies, so that We can consistently improve Our sites and related advertising to better meet Our users’ needs and preferences. To enrich Our understanding of individual users, We may tie this information to the information You provide to Us.
- SPECIAL NOTE ON CONSENT
In limited cases, We will process Your Personal Data on the basis of Your consent, which We will obtain from You or Authorized Third Parties You have consented to. In such cases where You provide Us directly or indirectly with Your consent, YOU SHALL HAVE THE RIGHT TO WITHDRAW YOUR CONSENT AT ANY TIME AND THIS, in the same manner as You shall have provided it to Us unless an alternative option is provided by Us.
Should You exercise Your right to withdraw Your consent at any time (by writing to Us at the email address below), We will determine whether at that stage an alternative legal basis exists for processing Your Personal Data (for example, on the basis of a legal obligation to which We are subject) where We would be legally authorized (or even obliged) to process Your Personal Data without needing Your consent and if so, notify You accordingly.
When We directly ask Your consent for the processing of such Personal Data, You may always decline, however, should You withdraw Your consent or decline to provide Us with necessary data that We require You may not be eligible to participate in events, awards and / or rank in leaderboards or statistics organized by Us.
- ACCURACY OF PERSONAL DATA
All reasonable efforts are made to keep any Personal Data We may hold about You up-to-date and as accurate as possible. You can check the information that We hold about You at any time by contacting Us in the manner explained below. If You find any inaccuracies, We will correct them and where required, delete them as necessary. Please see below for a detailed list of Your legal rights in terms of any applicable Data Protection Laws.
- DIRECT MARKETING
We only send mail messages, emails and other communications relating to marketing where We are authorized to do so at law. In most cases We rely on Your consent to do so (especially where We use electronic communications). If, at any time, You no longer wish to receive direct marketing communications from Us please let Us know by contacting Us at the details below or update Your preference on Our Site.
In the case of direct marketing material sent by electronic communications (where We are legally authorized to do so) You shall be given an easy way of opting out (or unsubscribing) from any such communications.
Please note that even if You withdraw Your consent You may have given Us or if You object to receiving such direct marketing material from Us (in those cases where We do not need Your consent), from time to time We may still need to send You certain important communications from which You cannot opt out.
- TRANSFERS TO THIRD COUNTRIES
As a general principle, the Personal Data We process about You (collected via our Site) will be stored and processed within the European Union (EU)/European Economic Area (EEA) or any other non-EEA country deemed by the European Commission to offer an adequate level of protection.
In some cases, it may be necessary for Us to transfer Your Personal Data to a non-EEA country not considered by the European Commission to offer an adequate level of protection. In such cases, apart from all appropriate safeguards that We implement, in any case, to protect Your Personal Data, We have put in place additional adequate measures. For example, We will ensure that the recipient is bound by the EU Standard Contractual Clauses (the EU Model Clauses) designed to protect Your Personal Data as though it were an intra-EEA transfer. You are welcome to contact Us for more information regarding the adequate safeguards We have in place in relation to such data transfers.
- INTERNET COMMUNICATIONS
You will be aware that data sent via the Internet may be transmitted across international borders even where sender and receiver of information are located in the same country. We cannot be held responsible for anything done or omitted to be done by You or any Authorized Third Party in connection with any Personal Data prior to Our receiving it including but not limited to any transfers of Personal Data from You to Us via a country having a lower level of data protection than that in place in the European Union, and this, by any technological means whatsoever.
Moreover, We shall accept no responsibility or liability whatsoever for the security of Your data while in transit through the internet unless Our responsibility results explicitly from a law having effect in Malta.
- AUTHORIZED DISCLOSURES
- For the purpose of preventing, detecting or suppressing fraud (for example, if You provide false or deceptive information about Yourself or attempt to pose as someone else, We may disclose any information We may have about You in Our possession so as to assist any type of investigation into Your actions);
- In the event of Mediarex or any of its subsidiaries being involved in a merger, sale, restructure, acquisition, joint venture, assignment or transfer (of business, shares, assets or otherwise);
- To protect and defend Our rights (including the right to property), safety, or to those of Our affiliates, of Users of Our Site or even Your own;
- To protect against abuse, misuse or unauthorize use of Our Site;
- For any purpose that may be necessary for the performance of any agreement You may have entered into with Us (including the request for provision of services by third parties) or in order to take steps at Your request prior to entering into a contract;
- To comply with any legal obligations such as may arise by way of response to any Court subpoena or order or similar official request for Personal Data; or
- As may otherwise be specifically allowed or required by or under any applicable law (for example, under anti-money laundering legislation).
- SHARING OF PERSONAL DATA WITH OTHER CATEGORIES OF RECIPIENTS
Any such authorized disclosures will be done in accordance with the Data Protection Laws (for example all Our processors are contractually bound by the requirements in the said Data Protection Laws, including a strict obligation to keep any information they receive confidential and to ensure that their employees/personnel are also bound by similar obligations). The said service providers are also bound by a number of other obligations (in particular, Article 28 of the GDPR).
Your Personal Data will also be shared with our partners, particularly the Casinos and Tournament Organizers that You have specifically opted to use. However, Your Personal Data will never be processed by such third parties for their marketing purposes (unless You give Your consent thereto).
- Cloud Service Provider for the hosting of data under state-of-the-art security protocols and our exclusive control.
- IT Service Providers for the maintenance and support of our IT systems/Site(s) with restricted access and under strict controls.
- Customer Support Software Providers for the provision of a customer support software.
- Marketing and Customer Retention Management Tools for the provision of marketing email communications sendouts under our strict control and management.
- Public Authorities for compliance with legal obligations and only after verifications are made into necessity of disclosure.
- Our independent financial and legal advisors for the provision of legal and financial support to Mediarex and affiliated entities
- Business partners with whom we have a co-operation or partnership agreement to facilitate and improve the services and goods referred to You, including the tailoring of such services and goods, if deemed appropriate.
- SECURITY MEASURES
The Personal Data which We may hold (and/or transfer to any affiliates/partners/subcontractors as the case may be) will be held securely in accordance with Our internal security policy and the applicable law.
We use reasonable efforts to safeguard the confidentiality of any and/or all Personal Data that We may process relating to You and regularly review and enhance Our technical, physical and managerial procedures so as to ensure that Your Personal Data is protected from:
- Unauthorized access
- Improper use or disclosure
- Unauthorized modification
- Unlawful destruction or accidental loss
We have implemented security policies, rules and technical and organizational measures to protect the Personal Data that We may have under Our control. All our members, staff and data processors (including specific subcontractors and cloud service providers established within the European Union), who may have access to and are associated with the processing of Personal Data, are further obliged (under contract) to respect the confidentiality of Our Users’ or clients’ Personal Data as well as other obligations as imposed by the Data Protection Laws.
As stated above, the said service providers are also bound by a number of other obligations in line with the Data Protection Laws (particularly, Article 28 of the GDPR).
- RETENTION PERIODS
We will retain Your Personal Data only for as long as is necessary (taking into consideration the purpose for which it was originally obtained). The criteria We use to determine what is ‘necessary’ depends on the particular Personal Data in question and the specific relationship We have with You (including its duration). We may also retain Your Personal Data for historical statistics.
Our standard practice is to determine whether there is/are any specific EU and/or Maltese law(s) permitting or even obliging Us to keep certain Personal Data for a certain period of time (in which case We will keep the Personal Data for the maximum period indicated by any such law).
We would also have to determine whether there are any laws and/or contractual provisions that may be invoked against Us by You and/or third parties and if so, what the prescriptive periods for such actions are (this is usually five (5) years). In the latter case, We will keep any relevant Personal Data that We may need to defend Ourselves against any claim(s), challenge(s) or other such action(s) by You and/or third parties for such time as is necessary.
We will retain Your Personal Data on Our systems for the longest of the following periods:
- Any retention period that is required by applicable law
- The end of the period in which litigation or investigations might arise in respect of Our products or services
- Until You inform us in writing Your desire to have Your details omitted from our website
Where Your Personal Data is no longer required by Us, We will either securely delete or anonymize the Personal Data in question.
- PROCESSING FOR RESEARCH AND STATISTICAL REASONS
Research and statistics using User or client information is carried out so that We may understand Our Users’ and/or clients’ needs and to develop and improve Our services/activities. In any case, We will always ensure to obtain any consent We may legally require from You beforehand. As in all other cases, We will also ensure to implement all appropriate safeguards as may be necessary.
- LINKS TO THIRD-PARTY SOURCES
Links that We may provide to third-party websites are clearly marked and We are not in any way whatsoever responsible for (nor can We be deemed to endorse in any way) the content of such websites (including any applicable privacy policies or data processing operations of any kind). We suggest that You should read the privacy policies of any such third-party websites.
For more detailed information including what cookies are and how and why We process such data in this manner (including the difference between ‘essential’ and ‘non-essential’ cookies) please read Our detailed Cookies Policy.
Our Site and services are not intended to be used by any person under the age of eighteen (18) and therefore We will never intentionally collect any Personal Data from such persons.
- YOUR RIGHTS UNDER THE DATA PROTECTION LAWS
Before addressing any request You make with Us, We may first need to verify Your identity.
As explained in the Retention Periods section above, We may need to keep certain Personal Data for compliance with Our legal retention obligations but also to complete transactions that You requested prior to the change or deletion that You requested.
Under certain circumstances, by law You have the right to:
- Be informed in a clear, transparent and easily understandable way about how We use Your Personal Data and about Your rights.
- Request access to Your personal information (commonly known as a “data subject access request”). This enables You to receive a copy of the Personal Data we hold about You and to check that We are lawfully processing it.
- Request rectification of the Personal Data that we hold about You. This enables You to have any incomplete or inaccurate information We hold about You corrected.
- Request erasure or anonymization of Your Personal Data. This enables You to ask Us to delete, anonymize or remove personal information where there is no good reason for Us continuing to process it (for instance, we may need to continue using Your Personal Data to comply with Our regulatory and legal obligations, if any).
- Object to the processing of Your Personal Data where We are relying on a legitimate interest (or those of an Authorized Third Party) and there is something that makes You want to object to Us using Your Personal Data and we do not have a legitimate basis for doing so, which overrides Your rights, interests and freedoms (for instance, We may need it to defend a legal case). You also have the right to object when We are processing Your personal information for direct marketing purposes.
- Request the restriction of processing of Your Personal Data. This enables You to ask us to suspend the processing of Personal Data about You, for example if You want Us to establish its accuracy or the reason for processing it.
- Request the transfer of Your Personal Data to another party where You provided it to Us and We are using it based on Your consent, or to carry out a contract with You, and we process it using automated means.
- Withdraw consent. In the limited circumstances where We are relying on Your consent (as opposed to the other legal grounds set out above) to the collection, processing and transfer of Your Personal Data for a specific purpose, You have the right to withdraw Your consent for that specific processing at any time. Once we have received notification that You have withdrawn Your consent, We will no longer process Your Personal Data for the purpose or purposes You originally agreed to, unless We have a legitimate interest in doing so or We are bound by regulatory requirements to continue doing so for a defined period of time.
- Lodge a complaint. If You think that We are using Your information in a way which breaches Data Protection Laws, You have the right to lodge a complaint with the appropriate Data Protection Supervisory Authority, if You are in Malta, this will be the Office of the Information and Data Protection Commissioner (‘OIDPC’) which may be accessed by clicking this link www.idpc.org.mt. We kindly ask that You please attempt to resolve any issues You may have with Us first by contacting us on [email protected].
- WHAT WE MAY REQUIRE FROM YOU
We may need to request specific information from You to help us understand the nature of Your complaint or request, to confirm Your identity and ensure Your right to access the information (or to exercise any of Your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Should Your requests in exercising Your abovementioned rights be manifestly unfounded or excessive, in particular because of their repetitive nature, We reserve the right to charge You a reasonable fee which shall be determined at Our sole discretion, taking into account the administrative costs incurred by us to provide the information or communication or taking the action requested by You. We shall communicate to You in advance the fee amount that will be charged in the given circumstances.
- HOW QUICKLY WILL WE RESPOND TO YOUR REQUEST?
In all cases, We will try to act on Your requests as soon as reasonably possible, within a maximum of one month of receipt of Your request, which period may be extended by two (2) more months where necessary, taking into account the complexity and number of the requests. We shall inform You of any such extension within one (1) month of receipt of the request, together with the reasons for the delay.
- CONTACT US
Mediarex Enterprises Limited, a company registered in Malta with company registration number C73768 and whose registered office address is at 14 East, Level 7, Triq Tas-Sliema, Gzira, GZR 1639, Malta is the data controller responsible for processing Your Personal Data that takes place via the Site or in the manner explained above.
If You have any questions/comments about privacy or should You wish to exercise any of Your individual rights, please contact Us by sending an email to the following address: [email protected] with the subject “PRIVACY REQUEST” or by writing to:
‘DATA PROTECTION OFFICER
MEDIAREX ENTERPRISES LIMITED,
14 EAST, LEVEL 7,
GZIRA GZR 1639 – MALTA.’