Dialinvest International N.V. respects your privacy and is committed to protecting your personal data and processing it in compliance with applicable laws, notably the Privacy Ordinance of Curacao; the Regulation (EU) 2016/679 of the European Parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – the “GDPR”.
1. Important Information
GDPR is a regulation by which the European Parliament, the council of the European Union and the EuropeanCommission intended to strengthen and unify data protection for EU residents. The scope of applicability of the law is intended to ensure comprehensive protection of data subjects’ rights and companies operating internationally must conduct careful assessment of whether the GDPR applies to their processing activities.
Dialinvest International N.V. (refered to as “Dialinvest International N.V.”, “We”, “us” or “our”) as the controller and in some cases, processor is responsible for your personal data.
2. The Data We Collect
2.1 Personal Data:
Under the GDPR, personal data is defined as any information relating to an identified or identifiable natural person. Hence, it can include obvious identifiers such as your name but also identification numbers, online identifiers and/or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Whenever is not possible or feasible for us to make use of anonymous and/or anonymised data, we are nevertheless committed to protecting your privacy and the security of your personal data at all times.
2.2 Types of Personal Data collected:
We collect from You, through interaction with you or through interaction with us our services, different kinds of personal data about You which is grouped as:
a) Registration Data provided by you when you register and/or open your account, including first name, last name, username, date of birth, gender and country.
b) Contact Data such as permanent address, email address and telephone number
c) Identification and Verification Data (for Anti-Money Laundering / Due Diligence / KYC purposes) that include your name, surname, permanent address, Date of Birth, nationality, financial status information (e.g bank statement, source of income and source of wealth, tax returns/information), masked credit card details, proof of e-wallet ownership such as Neteller, Skrill etc.
d) Responsible Gaming Data includes name, surname, postal code, email, phone number, country of residence, date of birth, approved and denied transactions (Deposits and Withdrawals), Identification and Verification Data, self-exclusion and self-limitation related data.
e) Payments Data such as bank/payment account details, as well as information pertaining to a transaction such as currency, location, amount, client IP, user ID and token.
f) Transaction and Usage Data which are generated through your use of our services (e.g. playing games) and contain payments to and from you (deposits, withdrawals, failed deposits and reversed withdrawals) and other details of services you use (bets, wagers (real, bonus and wins) date and time of the transactions, account balance (bonus and real), bonuses used, bonuses turnover, bonuses balance, channels used, transaction games played, language, country, account balances.
g) Sign-in Data includes internet Protocol (IP) address, your signings (first / last / failed) duration of sessions, browser type and version, time zone settings and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our services
h) Profile Data includes internal notes to your account, interests, preferences, feedback, information about events which you have attended; your preferences as to whether you wish to attend any events, and what type of events you prefer; Any bonus/cash back deals, or bonus preference you have been offered or benefitted from; Whether you have received any giveaways or, and your preferences regarding what type of gifts you would like to receive; Your preferences as to contact channels; information regarding your hobbies and interests;
i) Marketing Communications Data includes your preferences in receiving marketing from us (opt in/out) as well as your Contact and Registration Data.
j) Other communication Data provided by yourself in communication with us (via recorded calls, chats, emails or SMS) which may include various data such as your intentions, interests, complaints, preferences as well as internal communications.
k) Analytics Data include various data provided by your observed with respect to your use of our Website and Services such as your Player ID, language, location, browser data, campaigns utilised, channels used, device, payment provider, Transaction and Usage data and in case of online acquisition analytics also pages visited, media clicked, scroll depth. Certain information is collected using cookies and/or similar tracking technology.
2.3 Data from Different Sources
We collect information for AML/CTF purposes regarding the background of a player, which we source from HooYu Ltd and demonstrates whether a player is a Politically Exposed Person (PEP) and whether any International and/or Financial Sanctions have been imposed. Information on any corporate or property ownership, court judgement and whether the individual has been involved in insolvency/bankruptcy proceedings. Furthermore, background information is using so-called OSINT analyses (Open-Source Intelligence) collected from publicly available sources (e.g Google search, online articles, social media platforms such as Facebook, Twitter Pinterest, Instagram, LinkedIn as well as other available sites. In order to prevent and detect fraud and misuse of our system of our systems (e.g use of VPN), certain Sign in Data such as IP address, device model/type, browser information, operating system and other device identification data are sourced and processed by us utilizing services of third-party fraud detection software provider.
2.4 Special Categories of Personal Data:
Special categories of data include details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data. We do not collect any special category of personal data nor we collect any information regarding criminal convictions and/or offences. To the contrary, from our experience we may unintentionally receive such data from You during a communication with us.
Please note that although ID cards are processed, images contained therein are not technically processed to allow or confirm unique identification, hence, such data is not to be considered as biometric data.
2.5 Failure to Provide Personal Data:
In cases we need to collect personal data as per the law, or under our Terms and Conditions (T&C) and you fail to provide such data, we may not be able to perform the obligations we have towards You (e.g. to provide you our services).
Please make sure that your username does not contain any personally identifiable information, as the username is shared with certain partners in order to provide you our services.
3. How and Why, we process personal data
We (which has the meaning of any company within the same group that operates Westpoint Casino) shall process and use your information where we have your consent, or we have a lawful basis for processing subject to applicable law. Generally, we will use your personal data in the following circumstances:
- Where You have consented to the processing;
- When it is necessary for the entry into, or performance of, a contract with You or in order to take steps at Your request prior to the entry into a contract;
- Where it is necessary for compliance with a legal obligation under EU law or national law;
- Where it is necessary to protect your or another natural person vital interest;
- Where it is necessary for the purposes of legitimate interest;
- To allow you to participate in Games to provide ancillary services to You.
- To allow you access and use of the Website.
- For purposes that constitute a legitimate interest regarding direct marketing of its own similar goods and services via e-mail;
Detailed purpose and legal basis for processing:
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal basis we rely on to do so. We have also identified our legitimate interests, where appropriate. Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data:
|Category of personal data
New player registration Identification and Verification Accessing the account
Registration Data Contact Data Sign-in Data
Performance of a contract
Participation in the game
Transaction and Usage Data
Performance of a contract
Managing payment transactions
Payments Data Transactions and usage data
Performance of a contract Compliance with legal obligation
Communication / Access to games
Registration / Contact / Data
Performance of a contract
AML / Due Diligence / KYC
Registration / Contact / Identification and Verification Data Transaction and usage data
Compliance with legal obligation
Risk & Fraud investigation based on suspicious behaviour
Registration/Contact/Identification and Verification Data Transaction and Usage Data
Compliance with legal obligation
Responsible gaming (RG) investigation
RG Data Transaction and usage data Communication data
Compliance with legal obligation Performance of a contract
Direct Marketing of Services (bonuses, offers, VIP experience, loyalty program)
Marketing communications data Profile data Registration data Contact data
Legitimate Interest Consent
Social media marketing
Transactional data Registration data
Performance of a contract
Analytics Data Transaction and usage data
Performance of a contract
3.1 Direct Marketing of goods and services via electronic mail:
In accordance with data protection laws as amended from time to time and the e-Privacy Directive, Dialinvest International N.V. may be informing you, from time to time, via electronic mail or SMS about its own similar products or services (e.g. changes on the Website, new games, new services and promotions, bonuses and offers, loyalty programme/VIP experience). You may opt out at any time free of charge either by:
- Activating the relevant link at the end of such message, or
- Contacting us, or
- Changing your settings in your profile
3.2 Live direct marketing calls and postal mails
In accordance with data protection laws as amended from time to time, Dialinvest International N.V. may place calls to you or send you postal mail for direct marketing purposes unless you object to this. If you do not wish to receive such direct marketing calls or postal mail, you may opt out at any time free of charge either by:
- Contacting us, or
- Inform the caller in the case of a phone call, or
- Changing your settings in your profile
Please note that even if you object to direct marketing, we may still need to send you certain important updates from which you cannot opt-out.
4. Data Retention Period
The GDPR impose obligations on Dialinvest International N.V., to process personal data in a fair manner which notifies data subjects of the purpose of data processing and to retain the data for no longer than is necessary to achieve those purposes.
Dialinvest International N.V. objectives and principles to Data Retention are to:
- Set out limits for the retention of personal data and ensure they are complied with
- Ensure the safe and secure disposal of confidential data and information assets
- Ensure that records and documents are retained for the legal, contractual and regulatory period stated in accordance with national and foreign laws
- Mitigate against risks or breaches in relation to confidential information
The criteria we use to determine what is necessary depends on the nature of the particular personal data in question. Our normal practise is to determine whether there is/re any specific EU and/or national law(s) (e.g. license requirement, tax, AML guidelines) permitting us or even obliging us to keep certain personal data for a specified period of time (in which case we will keep the personal data for the period indicated by any such law) and if not, whether there are any laws and/or contractual provisions that may be invoked against us by you and/or third parties and if so, what is the prescribe periods for such actions are.
In the latter case, we will keep any relevant personal data that we may need to defend ourselves against any claim(s), challenge(s) or other such action(s) by you and/or third parties.
When your personal data is no longer required, we will either securely delete or anonymise the personal data in question.
4.1 Details on our retention period
Start of Period
Registration Data Transaction and usage data
Accounting & Tax
Legal / statutory obligation
Identification and verification data Payments data
Anti-money laundering laws and regulation
Registration data Transaction and usage data Other communication data
Profile data Payments data
Defence of legal claims
Legal/statutory obligation Legitimate interest
Registration data Contact data Identification and verification data Responsible gaming data Transaction and usage data Payments data Profile data
Defence of claims from authorities
Legal/statutory obligation Legitimate interest
Identification and verification data Responsible gaming data
Other communication data
Responsible gaming account closure
Registration and contact data Sign-in data
Responsible gaming / permanent self- exclusion
Account closure / permanent self- exclusion
Transaction and usage data Registration data
Possibility to communicate with the player in case of account re- opening by the player
5. Recipients of your personal data
As Dialinvest International N.V. business partners, suppliers or service providers are responsible for certain parts of the overall functioning or operation of the Website, Games and other services, personal data are processed also by them for the above-mentioned purposes on behalf of Dialinvest International N.V.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, after thorough vetting of these partners and on the basis of strict data processing agreements.
5.1 Details on the categories of the processors of the personal data:
- Game providers for the purpose of provision of games
- Payment service providers to perform payment transactions
- Marketing suppliers to perform certain marketing activities on behalf of Dialinvest International N.V .
- Marketing partners to perform certain marketing activities on behalf of Dialinvest International N.V.
- Service providers that technically enable communication with you (email, chat, SMS, phone)
- Technical suppliers to support functioning of the website and our technical systems (both front and back end)
- Technical administrators of the database to maintain the functioning of the database
- AML providers providing and/or processing certain data for the purposes of compliance with our AML obligations
- Service providers in reference to booking email, trips and/or delivery or presents and gifts with respect to our loyalty programme
- Cloud service providers for provision of cloud based services such as storage or hosting certain software
- Service providers for the purpose of data analytics
- Credit rating agencies, fraud detection agencies, anti-money laundering agencies for fraud detection and control purposes
- Companies within Dialinvest International N.V. group to provide certain services/support with functions of Dialinvest International N.V.
- Professional advisers (acting as processors or joint controllers) including lawyers, bankers, consultants, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services
5.2 Authorised disclosure:
If you are suspected to have breached our Terms and Conditions or any applicable law(s) (e.g., when we suspect that a crime may have been committed), or for the purpose of preventing, detecting or surpassing fraud Dialinvest International N.V. has a right to:
- Forward your personal data to the government authorities
- Share any of your personal data to the relevant gambling regulator
- Share your personal data with relevant law enforcement and/or crime investigation bodies and assist the same with any type of investigation into your actions
5.3 Group companies/other brands for AML purposes
Your identification and verification data such as first name, surname, date of birth and postcode is, for the purpose of compliance with legal obligations, shared between various brands under which Dialinvest International operates its gambling activities
5.4 Data sharing for AML and Responsible Gaming purposes between brands
Your identification and Verification Data, transaction and usage data, registration data and contact data are for the purpose of compliance with legal obligations, shared with as well as sourced via various brands under which Dialinvest International operates its gambling activities
6. International Transfers
Certain of the suppliers and partners (as listed above) are based outside the European Economic Area (EEA) so their processing of your personal data will involve transfers outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure that a similar degree of protection is afforded by ensuring that one of the following safeguards is implemented:
- Transfer your personal data is performed to countries that have been deemed to provide adequate level of protection for personal data by the European commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them by using Standard Contractual Clauses which will maintain, in practice, a level of protection that is essentially offered by the GDPR in light of the EU charter.
7. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In order to comply with GDPR, various technical controls ensure data and information are always encrypted during transit and at rest using industry standard encryption techniques across the board. This ensures confidentiality and integrity at all times. At an organisation level, the handling of all information is governed by our comprehensive information security policies.
In addition, we limit access to your personal data only employees, agents, contractors and specified third parties in order to be able to perform their tasks. Hence, they will only process your personal data on our instructions, and they are bound by a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Your rights under the data protection laws
You may, at any time, with reasonable intervals, request us to confirm whether or not we are processing personal data that concerns you and, if we are, you shall have the right to access that personal data and to the following information:
- What personal data we collect,
- Why we process them,
- Who we disclose them to,
- For how long we intend on keeping them for (where possible),
- Whether we transfer them abroad and the safeguards we take to protect them,
- Your rights,
- From where we got your personal data
The easiest way to obtain this information is to contact our Customer Service. You will be provided with a copy of all your transaction data and an exhaustive summary of all categories of data, their sources and recipients, all processing operations, the purposes thereof and retention periods.
Upon such request, we shall (without adversely affecting the rights and freedoms of others including Our own) provide you with such additional information and/or with a copy of the personal data undergoing processing within one month of receipt of the request, which period may be extended by two months where necessary, taking into account the complexity and number of the requests. We shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
8.1. The Right of Access
You have the right to obtain a copy of your ID and to be fully informed about your Data, the purposes of processing, the categories of Personal Data, the storage period and the criteria used to determine that period, the recipients to whom the Data has been disclosed and the source of any Data that has not been collected by Dialinvest.
8.2. The Right to Rectification
Although all reasonable efforts will be made to keep your Personal Data updated, you are kindly requested to inform us promptly. With respect to your residential address and phone number, you can notify us of the change by amending your profile of any changes to your Personal Data. If the change pertains to data that cannot be amended by changing your profile, please contact us. To this end you have the right to ask us to rectify inaccurate personal data and to complete incomplete personal data concerning you. We may seek to verify the accuracy of the data before rectifying it.
8.3. The right to Erasure (The right to be Forgotten)
You have the right to ask us to delete your personal data and we shall comply without undue delay but only where:
- The personal data are no longer necessary for the purposes for which they were collected; or
- You have withdrawn your consent (in those instances where we process on the basis of Your consent) and we have no other legal ground to process your personal data. or
- You shall have successfully exercised your right to object (as explained below);
- Your personal data are deemed to have been processed unlawfully; or
- A legal obligation to which we are subject exists
- Special circumstances exist in connection with certain children’s rights.
In any case, we shall not be legally bound to comply with your erasure request if the processing of your personal data is necessary:
- For compliance with a legal obligation to which we are subject (including but not limited to Our data retention obligations); or
- For the establishment, exercise or defence of legal claims.
There are other legal grounds entitling us to refuse erasure requests although the two instances above are the most likely grounds that may be invoked by us to deny such requests. You may request the erasure by contacting us.
8.4. The Right to Restriction of Processing
You have the right to ask us to restrict (that is, store but not further process) your personal data but only where:
- The accuracy of your personal data is contested (see the right to data rectification above), for a period enabling Us to verify the accuracy of the personal data; or
- The processing is unlawful, and you oppose the erasure of your personal data; or
- We no longer need the personal data for the purposes for which they were collected but you need the personal data for the establishment, exercise or defence of legal claims; or
- You exercised Your right to object and verification of Our legitimate grounds to override your objection is pending .
Following your request for restriction, except for storing your personal data, we may only process your personal data:
- Where we have your consent; or
- For the establishment, exercise or defence of legal claims; or
- For the protection of the rights of another natural or legal person; or
- For reasons of important public interest.
You may request the restriction by contacting us.
8.5. The Right to Data Portability
You have the right to ask us to provide your personal data (that you shall have provided to us) to you in a structured, commonly used, machine- readable format, or (where technically feasible) to have it 'ported' directly to another data controller, provided this does not adversely affect the rights and freedoms of others. This right shall only apply where:
- The processing is based on your consent or on the performance of a contract with you; and
- The processing is carried out by automated means.
To a great extent, you may enact this right by activating “download my data” functionality of your profile. For any request over and above the data such provided or if you would like us to assist you with the actual transfer of such data to other operator, please contact us.
If you are a customer of other gaming operator and would like to have your data “ported” to Us, please contact us. In this respect please note that notwithstanding any portability right utilisation, you will still be expected to provide all Registration and Contact Data due to the requirements of our customer registration / sign up procedure requirements.
8.6. The Right to Object to Certain Processing
In those cases where we only process your personal data when this is 1.) necessary for the performance of a task carried out in the public interest or in the exercise of oficial authority vested in us or 2.) when processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (as indicated in the Table in clause 3.2 above), you shall have the right to object to processing of your personal data by us.
When your data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data, which includes profiling to the extent that it is related to such direct marketing.
For the avoidance of all doubt, when we process your personal data that is necessary for the performance of a contract, or for compliance with a legal obligation to which we are subject or the processing is necessary to protect your vital interests or those of another natural person, the general right to object shall not subsist.
With respect to Direct marketing of our own goods and services, you may object such processing at any time, by contacting us or by selecting your preferences on your account Profile – Settings page.
8.7. Right to withdraw consent (when we process your data on the basis of consent)
In those cases where we process on the basis of your consent (which we will never presume but which We shall have obtained in a clear and manifest manner from you), YOU HAVE THE RIGHT TO WITHDRAW YOUR CONSENT AT ANY TIME and this, in the same manner as You shall have provided it to Us.
Should you exercise your right to withdraw your consent at any time (by writing to Us at the physical or email address below), We will determine whether at that stage an alternative legal basis exists for processing your Personal Data (for example, on the basis of a legal obligation to which we are subject) where we would be legally authorised (or even obliged) to process your Personal Data without needing your consent and if so, notify you accordingly.
When we ask for such Personal Data, you may always decline, however should you decline to provide us with necessary data that we require to provide requested services, We may not necessarily be able to provide You with such services (especially if consent is the only legal ground that is available to Us).
Just to clarify, consent is not the only ground that permits us to process your Personal Data. In the last preceding section above we pointed out the various grounds that we rely on when processing your Personal Data for speci10c purposes.
8.8. The Right to lodge a Complaint
You also have the right to lodge complaints with the appropriate Data Protection Supervisory Authority. We kindly ask that you please attempt to resolve any issues you may have with us first.
8.9. What we May Need From You
When exercising your rights by contacting us, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
8.10. Time Limit To Respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we shall notify you and keep you updated.
8.11. Different Brands
Dialinvest International N.V. is operating its gaming business also under other brands and trademarks. For the purpose of the exercise of your rights as provided above, and for the purpose of clarity and legibility of our reply, we will initially comply with the requests with respect to data processed under the brand from where the request is originating. Should you wish your requests to be complied with respect to all of the brands with respect to which Dialinvest operates its business, please make sure to flag this in your request.
9. Automated Processing – Profiling
9.1. Meaningful information about the logic involved in the automated processing for responsible gaming purposes
Dialivest is on the basis of the applicable laws and license conditions legally obliged to monitor its players in order to identify people who may be experiencing, or at risk of developing, problems with their gambling, and interact with them to offer help or support. To this end, and to fulfill this obligation, by using historic data describing behaviour of players , in particular certain Responsible Gaming Data, Transaction and Usage Data, and Other Communication Data (in particular notably sentiment used in message) Dialivest has established rules regarding who is likely to suffer from gambling addiction and then take relevant action.
Our approach is based on classification trees because they allow for clear interpretation of why players get classified as potential gambling addicts. Based on data describing unique players, the algorithm provides us with an estimated probability of gambling addiction. Decisions, on the basis of the prediction, are not taken automatically without human intervention.
9.2. Meaningful information about the logic involved in the automated processing for AML purposes
Dialivest is, on the basis of the applicable laws and license conditions, legally obliged to monitor its players in order to identify potentially suspicious activities regarding AML/CFT. Based on data describing the behaviour of players, in particular Transaction and Usage Data, the algorithm suggests a risk profile. Decisions, on the basis of the prediction, are not taken automatically and require human intervention.
9.3 Meaningful information about the logic involved in the automated processing for loyalty/VIP segmentation purposes
By making use of the historical data that players generated in their first 2 days, we assess whether you will qualify for our VIP/loyalty program. This model is used on fresh players and depending on their involvement with our services the VIP status is predicted. The result of the model is a prediction as to whether the player will become a VIP. Apart from gender, country and age, we do not make use of personally identifiable information as input in the model. Decisions, on the basis of the prediction, are not taken automatically without human intervention. The process is based on our compliance with legal obligation and with respect to the loyalty offers, on legitimate interest of Dialivest regarding providing customised, quality experience for the players and reward loyalty of the players. You can object to such processing by contacting us or changing your preferences in your account.
9.4. Meaningful information about logic involved in automated processing with respect to direct marketing segments
By making use of your Transaction and Usage data, certain Registration Data such as gender, country, date of birth and your overall interaction with our services, We analyse and establish various segments of the customers. These segments are then processed manually, in order to ensure that we provide the most appropriate offers and bonuses to our customers. These decisions are not taken automatically without human intervention. The process is based on legitimate interest of Dialivest regarding providing customised, quality experience for the players and reward loyalty of the players. You can object to such processing by contacting us or changing your preferences in your account.
9.5. Meaningful information about the logic involved in the automated processing for loyalty/VIP segmentation purposes
By making use of your Transaction and Usage data, we provide you a list of games that is aligned with your taste. The system determines your affinity towards different games and generalise your preferences to unseen games. Ranking the computed preferences, am ordered list of games is produced and can be served as recommendations. The games recommendation is produced without human intervention. The process is based on legitimate interest of Dialivest regarding providing customised, quality experience for the players.