Privacy Notice dated 23.09.2022
This Privacy Notice ( “Notice”) sets out how Funstage GmbH, registered in Austria under company registration number 258215d and with its business address at Wiedner Hauptstraße 94, 1050 Vienna, Austria, (“Company, “we” “us” or “our”), collects and processes personal data through the websites https://www.slotpark.com, play.slotpark.com and the mobile application Slotpark (“Website/Apps”). Personal data means any information from which the user (“you”, “your”) can be directly or indirectly identified, such as a name, location, online identifier, gender, financial data, etc., (“Personal Data”). This Notice also provides you also with an overview of your rights related to the processing of this Personal Data.
You should read this Notice carefully before using our Website/Apps. If you use or register via the Website/Apps, or submit a query to us via the Website/Apps or via other means, including telephone or mail, you accept this Notice.
This Notice is formulated in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (“GDPR”) and the Austrian Data Protection Act (Datenschutzgesetz).
We are fully committed to preserving your privacy and delivering secure and legally compliant services. This Notice has the following sections:
- Who controls the data, i.e., who is the data controller?
- How can I send queries regarding personal data protection?
- What kind of Personal Data does the Company process?
- For what purposes is the Personal Data processed?
- On what legal basis is the Personal Data processed?
- What is the data retention period?
- Security and privacy measures
- Who can access the Personal Data?
- Is Personal Data transferred abroad?
- What are my rights related to Personal Data processing?
- Notice modifications
Who controls the data, i.e., who is the data controller?
The Company controls the processing of your Personal Data and is therefore the data controller. This activity is supervised by the Austrian Data Protection Authority.
How can I send queries regarding personal data protection?
Please read first our FAQ Section and this Notice. In all cases, you can send the queries related to this Notice to the following email address firstname.lastname@example.org or to our Data Protection Officer (“DPO”) at email@example.com. Our support teams and DPO shall give them due attention.
What kind of Personal Data does the Company process?
Depending on your activities and services chosen on the Website/Apps, we shall process all or part of the following data:
- Data provided by you during the creation of the account. This may include, but is not limited to: nickname, first name, surname, email address, address, telephone number, date of birth, gender and ID number;
- Website/Apps activity data, this may include but is not limited to: device information, source and destination data, nickname, user ID, account nickname and password, gaming transactions, online payments data, data provided to customer services (including emails and phone calls);
- Data that may be provided by government authorities or authorised third party companies in order for us to comply with the T&C, fulfil regulatory obligations and exercise our legal rights; and
- Data provided by third parties who’ve obtained in advance your permission to share the data with us for certain services e.g., social media or various mobile applications (where applicable);
We may allow the Website/Apps users to play as guests, also known as “try-mode”. These accounts involve a very limited amount of data such as device information and tokens. The users may decide to convert the try-mode into a user account by completing the registration process.
For what purposes is the Personal Data processed?
We process your data for the following purposes:
- To administer the Website/Apps, including setting up and operating your account;
- To ensure the accuracy of your data for the purposes of age verification, preventing fraud, cheating, reducing business risks and protecting the integrity of our games. These activities will include a degree of semi-automatic profiling, based on your registration and gaming activity data;
- To fulfil the provisions contained in the Website/Apps T&C;
- To process online payments with third party payment providers and/or financial institutions;
- To provide you with customer support including, where applicable, telephone support;
- To comply with applicable laws, regulatory obligations or respond to requests from government authorities. These obligations are mainly laid down in financial and anti-fraud and responsible gaming guidelines. These activities may include a degree of semi-automatic profiling, based on your registration and gaming activity data;
- To protect our rights, including those of our related parties. In some cases, we may believe that it is necessary, including in good faith, to record and disclose data in order to: (i) protect, enforce, or defend our legal rights, privacy, safety or property, (ii) protect your and public safety, privacy and security, or (iii) for business risk management;
- To improve the user experience, services and features provided by the Website/Apps. This may include VIP-program communication, research, surveys, asking for your optional feedback, internal training and Affiliates services;
- To complete potential mergers or sales of assets. If we sell all or part of the business or assets, or are involved in a merger or transfer, we may disclose and transfer your data to the other party(s);
- To provide customised marketing communications in line with your interests and expectations. These are based on registration and gaming activity data; and
- To provide direct marketing communications that are of (i) a generic nature or partially based on your gaming activities and/or (ii) customised via: email, instant messages, and, where applicable, chats, SMS and telephone.
On what legal basis is the Personal Data processed?
- Processing for purposes (1) to (5) above is necessary for the proper execution of our Website/Apps T&C (the performance of the contract or in order to take steps prior to entering into a contract (legal basis pursuant to Article 6 (1) (b) of the GDPR)). The provision of Personal Data is therefore mandatory as otherwise our services could not be provided and you would not be able to enjoy the entertainment experience of our Website/App;
- Processing for purpose (6) above is necessary for compliance with our legal obligations arising under applicable law (legal basis pursuant to Article 6 (1) (c) of the GDPR) and is therefore also mandatory;
- Processing for purposes (7) to (9) is based on our legitimate interest (legal basis pursuant to Article 6 (1) (f) of the GDPR), which includes business risk management and protection of our product’s integrity, effective information of players about their newly unlocked benefits as well as about new exclusive offers and account features, the development of the Company’s reputation and attractiveness in the eyes of its players, proper rewarding of loyal players. These legitimate interests are the result of an assessment of legitimate interests. These assessments are conducted whenever we want to review whether we can rely on a legitimate interest for a processing activity. We always make sure we review whether such activities are adequately balanced with your interests and make sure that the data processing is performed within the limits strictly necessary for these activities. You can object to this processing at any time as provided in this Notice but please note that refusal would mean that you would not be able to obtain information on your newly unlocked benefits, privileges, special contents, and exclusive offers;
- Processing for purposes (10) and (11) is optional and based on your consent (legal basis pursuant to Article 1 (1) (a) of the GDPR). Without your consent we shall not provide customised marketing communications.
What is the data retention period?
The following periods and criteria will apply unless a different period is required or permitted by law, or we hold reasonable belief that it is necessary:
- Data collected for purposes (1) to (9) is retained during the provision of our services through the Website/Apps. In a few instances, we may need to retain your data after we cease to provide our services in order to comply with the data retention obligations imposed on us by particular laws or if necessary to fulfil the purposes mentioned in this Notice. In such instances, we will retain your data only for as long as strictly necessary.
- Data collected for purpose (10) and (11) is retained during the implementation of the Website/Apps T&C and/or until you have withdrawn your consent.
Security and privacy measures
We process the Personal Data using partially or fully automated electronic means and protect it with adequate security measures. The activities that may produce significant legal repercussions, such as decisions based on profiling, always involve human intervention and/or a final decision by a human. We use appropriate legal, administrative, technical, personnel and physical measures to safeguard the data against loss, theft and unauthorised use, disclosure and modification.
The Website/Apps may contain links to and from partner networks or third-party websites/apps. If you follow a link to any of these websites/apps, please note that they have their own privacy policies and terms. We do not accept any responsibility for their content. Please check such policies and terms before accepting and submitting any information to them.
Who can access the Personal Data?
The data can be processed by recipients located within or outside of the European Economic Area (EEA) in compliance with these limits:
- Our employees who are responsible for processing and safekeeping of the data;
- Our parent company, some sister companies and third-party providers which offer the T&C services, e.g., for payments and marketing services or services within our legitimate interests. This may include their employees, associates, agents, subcontractors and product providers. Such transfer is always subject to a respective data processing agreement;
- Public authorities to which we provide the necessary data to comply with our legal obligations. This may involve the reporting of suspicions of fraudulent or criminal activity and responsible gaming cases to relevant authorities or other authorised third parties.
Third-party access to your data is limited only to the information necessary to perform their function on our behalf or as required by law. They shall be made subject to confidentiality and data protection obligations provided under law and as considered necessary by us.
You can contact us if you need further information on the data processors.
Is Personal Data transferred abroad?
We shall not transfer your data outside the EEA unless there are appropriate safeguards in place.
Some non-EEA countries are recognised by the European Commission (EC) as providing an adequate level of data protection. The list of these countries is available at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
For transfers from the EEA to countries not considered adequate by the EC, the Company will put in place appropriate and suitable safeguards to protect the Personal Data and in compliance with the applicable data protection laws, such as standard contractual clauses adopted by the EC as per the GDPR.
Your data may be processed outside of the EEA to deliver some of the Website/Apps services:
- Some data may be processed in the USA, depending on the payment provider chosen by you and activities undertaken by the payment provider. These transfers not covered by an adequacy decision are safeguarded by standard contractual clauses adopted by the EC as per the GDPR.
You can contact us in case you need further information.
What are my rights related to Personal Data processing?
You can at any time:
- Obtain confirmation of the existence of personal data. This information is primarily provided in your account;
- Know the origin, purposes and method of data processing and the logic applied to electronic processing. This information is provided in this Notice and when you use the Website/Apps features.
- Request an update, correction or integration of further relevant data. This is provided via the customer services;
- Revoke your consent to data processing for the processing activities where we rely on your consent. You can revoke your consent through tools on our Platform/App (e.g., opt-out or un-subscriptions) or you can simply contact our DPO. Please note, however, that such revocation does not affect the lawfulness of the processing prior to revocation.
- Request a restriction of data processing where:
- You contest the accuracy of the data until we have taken sufficient steps to correct or verify the accuracy;
- The processing is unlawful but you do not want us to erase the data;
- We no longer need the data for the purposes provided, but you require it to establish, exercise or defend a legal claim; or
- You have objected to data processing justified by legitimate interests, pending verification of whether we have legitimate grounds to continue processing;
- Object to the data processing, including processing based on our legitimate interests, and, where applicable, the decisions being taken by fully automated means. This request may result in the termination of the services provided to you;
- Request the erasure of data without undue delay. This request may result in the termination of the services provided to you;
- Receive an electronic copy of the data provided, if you would like to port it to a different service provider. This is offered by the customer services; and
- Lodge a complaint with the Data Protection Authority.
You may exercise these rights at any time by contacting support at firstname.lastname@example.org or our DPO at email@example.com.
Unless otherwise provided, these rights must be requested in writing. They are free of charge, however in certain circumstances, we may charge a reasonable fee and fully or partially refuse the request. We will do our best to accommodate your requests but sometimes other legal obligations or third-party rights may take precedence.
Your requests shall be generally handled within one month of receipt. This period may be extended by two further months based on the complexity and number of the requests. We will do our best to respond to your request as quickly as possible, but it may happen that other legal obligations or third-party rights and procedures slow down the process. Should this be the case, we will always notify you about the extension within one month of receipt and inform you of its length and the reasons behind it.
This Notice is valid from the date indicated in its header. We may make further modifications due to business developments or legal and regulatory changes. We will alert you to material changes by placing the Notice on our Website/App. You can see for yourself when this Notice was last updated by checking the date at the top of this page.