Privacy Policy

This Privacy Policy (hereafter referred to as “This Policy”) outlines the manner in which Game Lounge Limited C-53144 handles the information and personal data which You have provided to Us and which enables Us to be able to effectively manage the relationship which You have with Us.

This Policy applies to Our websites, applications, products and/or services that link to this policy or do not have a separate privacy policy (hereinafter referred to as Our services). This privacy policy is intended to give You a better understanding of the data We collect, the reason why We collect such data, the manner in which We process this data, the entities with whom We share the said personal data, Your rights in relation to the collection, processing and sharing of such data and any other pertinent matter relating to privacy and security.

Any personal data You will provide or which We already hold will be processed in line with and in the manner set out in this Privacy Policy. Any and all information will be provided through any of the betlookr.com website (“The Website”) or any other means which Game Lounge may make available from time to time.

By reading This Policy You understand and acknowledge that Your personal data may be processed in the manner set out in this policy. If You do not agree with the terms of this Privacy Policy please do not use the Website or otherwise provide Us with Your Personal Data.

Any references in this Policy to “Game Lounge”, “Us”, “We” or “Our” relate to the Data Controller, namely, Game Lounge Limited, a Maltese company bearing registration number C53144 and having its registered address at Spinola Park Level 5 Triq Mikiel Ang Borg St Julians SPK 1000 and which is the owner of the website dev.betlookr.com.

All processing of Personal Data performed by Game Lounge as envisaged in this Privacy Policy shall be carried out in line with:

The Maltese Data Protection Act (hereafter referred to as the “DPA” – Chapter 586 of the Laws of Malta) as well as any other subsidiary legislation issued under the DPA as may be amended from time to time; and
Regulation (EU) 2016/679 of The European Parliament And of The Council of 27 April 2016 On The Protection of Natural Persons With Regard to The Processing of Personal Data And On The Free Movement of Such Data, And Repealing Directive 95/46/EC (General Data Protection Regulation)” (hereinafter referred to as “the Regulation” or “GDPR”).

The DPA and the GDPR shall hereafter be collectively referred to as the “Data Protection Laws”.

Game Lounge determines the means and purposes of the processing of Personal Data and therefore acts as the “Data Controller” in terms of the applicable Data Protection Laws.

Definitions

“Cookies” means small set of data stored in the User’s device

“The Data Controller” means Game Lounge Limited C53144 of Spinola Parks Level 5 Triq Dun Mikiel Ang Borg St Julians, Malta forming part of the Game Lounge Group

Data Protection Officer (DPO) contact Email: [email protected].

“The Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“The Data Subject” is the natural person to whom the Personal Data refers.

“Game Lounge Group” means any entity holding shares in Game Lounge whether directly or indirectly or in which the Game Lounge holds shares whether indirectly or directly or which is owned (directly or indirectly) by the same shareholder where ‘ownership’ means holding even at least one share in the entity in question or any sister company within the Group

“Personal Data” means any information that identifies You individually or relates to an identified or identifiable natural person.

“Usage Data” means information collected automatically through the website (or third-party services employed by Game Lounge), which can include: IP addresses, the various tie details per visit and the details about the path followed with special reference to the sequence of the pages visited and other parameters about the device operating system and/or User’s IT environment.

“User” the individual using Betlookr who unless otherwise specified coincides with the Data Subject

Security

Game Lounge stores Your Personal Data digitally on encrypted hard drives.

Which Data Do We Collect From You:

Data Collected from You: Through your interactions with us and our Services, we gather various types of personal information about you, that maybe categorized as follows:

Registration Information: You provide the data when creating or opening the Account (as detailed in our Terms & Conditions) including your first name, last name, email address, password, age confirmation.

Contact Data includes name, surname and email address.

Analytical data: This encompass a range of information generated from your interactions with our Website. This includes may your language preferences, geographic location, browser details, utilized campaigns, communication channels, device information and usage patterns. For online acquisition analytics, this may also involve tracking pages visited, and scroll depth. Some of this information is collected through cookies or similar tracking technologies – please refer to the “Cookies” section for more details

Marketing Communications Data: Encompasses your preferences regarding receiving marketing materials from us (whether you have opted in or out), along with your Contact Data and Registration Information.

Payment Data encompasses bank or payment account details, along with transaction-specific information such as currency, location, amount or value, client IP address, user ID, and token

Login Data includes your Internet Protocol (IP) address, login details (such as first login, last login, and last failed login), duration of logins, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technologies used on the devices to access our services.

Additional Communication Data: Generated during interactions with us (via recorded calls, chats, emails, or SMS), which may include network communication data, the content of communications (including your intentions, interests, complaints, preferences), as well as internal communications and notes

Furthermore, to streamline the registration process, an alternative method like Google Sign-In can be utilized for identification and verification. If you choose any of these kind of methods, your personal information (Registration and Contact Data) will be automatically transferred to your Account from the third-party source once you authorize access and provide the necessary details during sign-up. This data will be used as outlined in this Privacy Policy.

We do not intentionally collect any Special Categories of Personal Data about you, which include details such as your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, and genetic or biometric data. However, based on our experience, we cannot exclude the possibility that you may choose to share such data with us at your own discretion during communications.

Purpose And Methods Of Using Your Personal Data

We will only use your personal data when legally permitted. Typically, we will use your personal data in the following situations:

To use of the Website.
To use the Services provided by the Website
To Open an Account
For identification and verification purposes.
To prevent and detect illegal or fraudulent behaviour.
For direct marketing of our own similar goods and services via email, based on our legitimate interests or consent.
For analytics purposes.

For research and development: We utilize the information we gather for our research and development activities, such as:

Enhancing and refining our services
Generating analytics and related reports

Adherence to Legal Obligations: We process your Personal Data as required to comply with relevant laws, respond to legitimate requests, and engage in legal proceedings, including addressing subpoenas or government inquiries.

Ensuring Compliance and Security: We use your Personal Data as necessary (a) protect our rights, privacy, safety, or property, as well as yours or others’; and (b) detect, investigate, and prevent fraudulent, harmful, unauthorized, unethical, or illegal activities.

Obtaining Your Approval: In certain regions, laws may necessitate that we obtain your consent to use your Personal Data for specific purposes, such as sending you promotional communications. If we ask for your approval, you can revoke it at any time by following the provided instructions or contacting us directly. If you have agreed to receive marketing messages from our third-party partners, you must contact those partners directly to withdraw your consent.

Generating Anonymous Data: We may convert your Personal Data and that of others into anonymous data. This involves removing identifiable information, enabling us to use the anonymized data for legitimate business purposes.

Personal Data We Collect From Your Device

We use Usage Data and Cookies to manage Our website and to make sure that content from Our website is presented in the most effective way for you and your device. For more information about cookies, please see our Cookie Policy.

Lawful Basis For Personal Processing

Purpose	Data Category	Legal Basis
To register an Account, to identify and verify you when you access the Account	Registration Information, Contact Data and Login Data	Fulfilling our contractual obligations to you
To proceed and manage payments transactions	Payment Data and Usage Data	Fulfilling our contractual obligations to you
To detect and investigate suspicious activity to safeguard our business against risks and fraud	Registration Information, Contact Data, Login Data, Payment Data and Usage Data	Fulfilling our contractual obligations to you and any legal compliance obligations
Direct Marketing of our service	Marketing Communication Information	Legitimate Interest and Consent
Social Media Marketing	Contact Data	Legitimate Interest and Consent
Business analysis for the creation of routine periodic reports and special ad hoc reports.	Analytics Data, including pseudonymised Data, Payment Data and Usage Data	Legitimate Interest
Web Analytics	Analytics Data, Payment Data and Usage Data	Legitimate Interest
Invoice Processing	Payment Data	Legal obligation

Other Purposes

We may be required to use and retain personal information for; loss prevention; and to protect Our rights, privacy, safety, or property, or those of other persons in accordance with Our legitimate interests.

Marketing

We may use your personal information to understand which services you might want, need, or find interesting. If you have shown interest in or used our services, and as long as you have not opted out, we may send you marketing communications using the personal information you provided, as allowed by law.
You can stop receiving marketing messages from us at any time by contacting us using the details provided below or by clicking the opt-out link in each marketing message or email. Even if you opt out of marketing communications, we will still use your personal information for other necessary activities, including sending non-marketing messages.
Direct Marketing: According to applicable laws and local regulations, and based on our legitimate interest or your consent, the Data Controller may occasionally notify you about similar products or services, including new services, promotions, bonuses, offers, and experiences. This information may be communicated through electronic mail (such as email, SMS, or instant messaging), social media, or push notifications (both desktop and app). When relying on legitimate interest, the Controller will offer you the option to opt out of direct marketing when you register on our site.

Processing On The Basis Of Our Legitimate Interests

A legitimate interest exists when We have a business or commercial reason upon which personal data will be processed. In such a case We undertake to protect any and all of Your personal data and the manner in which such data is processed and to ensure that such processing would not be unfair to You or Your interest.

Consent is not the only ground we may be permitted or obliged to rely on to process Your personal data. We will only process personal data on the basis of Your consent where we cannot or otherwise choose not to rely on any ulterior legal ground (such as compliance with a legal obligation or legitimate interest). Where we process Your personal data on the basis of Your consent, you shall have the right to withdraw your consent at any time and in the same manner as it had been previously provided by Yourself. In the case that You exercise Your right to withdraw consent, we would then determine whether we are able (or obliged) to process Your personal data on the basis of any other legal ground other than consent. If this is the case We will notify You accordingly. Any such withdrawal of Your consent will not invalidate any processing operations carried out prior to You have withdrawn Your consent.

For the avoidance of all doubt, We would like to point out that in those limited cases where We cannot or choose not to rely on another legal ground (for example, Our legitimate interests), We will process Your Personal Data on the basis of Your consent.

In those cases where We process on the basis of Your consent (which We will never presume but which We shall have obtained in a clear and manifest manner from You), YOU HAVE THE RIGHT TO WITHDRAW YOUR CONSENT AT ANY TIME and this, in the same manner as You shall have provided it to Us.

Should You exercise Your right to withdraw Your consent at any time (by writing to Us at the physical or email address below), We will determine whether at that stage an alternative legal basis exists for processing Your Personal Data (for example, on the basis of a legal obligation to which We are subject) where We would be legally authorized (or even obliged) to process Your Personal Data without needing Your consent and if so, notify You accordingly.

When We ask for such Personal Data, You may always decline, however, should You decline to provide Us with the necessary data that We require to provide requested services, We may not necessarily be able to provide You with such services (especially if consent is the only legal ground that is available to Us).

Just to clarify, consent is not the only ground that permits Us to process Your Personal Data. In the last preceding section above We pointed out the various grounds that We rely on when processing Your Personal Data for specific purposes.

Data Retention

We will retain your personal data only as long as necessary to fulfill the purposes for which it was collected, including to meet any legal, accounting, or reporting requirements.

The criteria we use to determine what is ‘necessary’ depends on the specific personal data in question. Typically, we check if any specific EU and/or national laws (such as license requirements, tax, or corporate laws) require or oblige us to retain certain personal data for a period (in which case we will retain the data for the maximum period indicated by such laws). If no such laws apply, we consider if there are any laws or contractual provisions that may be invoked against us by you and/or third parties, and if so, we determine the prescriptive periods for such actions. In this case, we will retain any relevant personal data needed to defend ourselves against any claims, challenges, or other actions by you and/or third parties.

Once your personal data is no longer required, we will securely delete or anonymize it. Generally, we will retain your personal data for a maximum period of ten years from the closure of your account. Exceptions to this retention period include:

If you are under investigation or if we have identified possible fraudulent or other criminal activity, we may retain your personal data for a longer period as required to cooperate with the relevant authorities.
If there is a legal dispute, we will retain your personal data for at least the duration of the dispute and as necessary to defend our rights in any subsequent claims or proceedings.

We share your personal data with third-party suppliers to provide you with the best service.

3rd Party	Service	Place	Data
Google Ireland Limited Privacy Policy	Google Analytics: track and examine the use of (www.betlookr.com) Google Tag Manager: tag management services; Google drive: save and manage backups	Ireland	Cookies, Usage of Data
Xtremepush	Xtremepush is a multi-channel analytics and engagement marketplace that we use for analytics purposes, to fill out web forms, to enable web push notifications, and for marketing purposes.	Ireland	Cookies and Contact Data, Country
Firebase Authentication Privacy Policy	Firebase Authentication uses data to enable end-user authentication and facilitate account management. It also utilizes user-agent strings and IP addresses to enhance security and prevent abuse during sign-up and authentication processes.	United States	Hashed Passwords, Email addresses, User Agents and IP Addresses
Firebase Hosting Privacy Policy	Hosting uses IP addresses of incoming requests to detect abuse and provide customers with detailed analysis of usage data	Global	IP Addresses
Cloud Firestore Privacy Policy	Cloud Functions uses IP addresses to execute event-handling functions and HTTP functions based on end-user actions.	Europe	Contact Data
Stripe Privacy Policy	Stripe is a payment processing platform that allows businesses to accept payments from customers through their website, e-commerce platform or apps.	United States	If applicable, Stripe may Process Payment Account Details, bank account details, billing/shipping address, name, order description (including date, time, amount, product or service description), device ID, email address, IP address/location, order ID, payment card details, tax ID/status, unique customer identifier, identity information including government issued documents (e.g., national IDs, driver’s licences and passports).

We may share your personal data within the Game Lounge Group for the following purposes:

To administer offers and promotion;
Assess and analyse marketing strategies and trends and market research and training;
Respond to your access requests and answer your GDPR-related questions;
When we believe, in good faith, that sharing your personal information is necessary to defend your rights, your safety of others, to investigate fraud or to comply with government requests;
To provide you with secure access and maintenance of our Website;
To establish, exercise and defend our legal rights;
To fulfil our legal obligations to regulatory authorities, in addition to fulfilling our obligations under applicable laws and relevant authorities in other jurisdictions;
Investigation, prevention and prosecution of offences;
To provide customer support and respond to questions and complaints;

Details on the categories of recipients of the personal data may include:

Marketing Partners: This includes social media platforms and other business partners to carry out marketing activities such as advertising campaigns, optimization, market analysis, and research on our behalf.
Marketing Consultants: Professionals who provide marketing advice to us.
Communication Service Providers: Companies that facilitate communication with you via email, chat, SMS, and phone.
Technical Support Providers: Suppliers that support the operation of our website and technical systems, including both front-end and back-end functions.
Database Administrators: Technical administrators responsible for maintaining our Group database.
Cloud Service Providers: Companies that offer cloud-based services such as storage and hosting software.
Data Analytics and Business Intelligence Providers: Service providers that assist with data analytics and business intelligence.
Game Lounge Group Companies: Other companies within the Game Lounge Group that provide various services and support for our functions.
Professional Advisors: Lawyers, bankers, auditors, and insurers who offer consultancy, legal, banking, insurance, and accounting services.
Payment Service Providers: Companies that process payment services for you.

Corporate restructuring: We may share your personal data with third parties, including entities within our Group of Companies, to support our business operations or in scenarios where we decide to sell, transfer, or merge parts of our business, assets, or operations. Should we undergo a merger, acquisition, or sale, your personal information would typically be included in such transactions. Similarly, if we acquire or merge with another business, your personal data may be utilized by the new owners in accordance with the terms outlined in this privacy notice. If such situations arise, you will be informed via email and/or through updates on our website, or as stipulated by applicable guidelines, rules, or regulations. We have established or will establish contractual agreements with these entities to ensure that your personal data remains confidential, is safeguarded with appropriate security measures, and is not used by them for their own purposes.

Authorised Disclosures Of Personal Data To Third Parties

Without prejudice to anything else contained in this Privacy Policy, personal data relating to You may be shared with authorized third parties located in or outside of the EU/EEA where such disclosures are permitted or required pursuant to Data Protection Laws and/or any other applicable legislation. These authorized third parties may include but are not limited to entities within Game Lounge Group, other third parties and organizations such as law enforcement agencies, collaborating accounting and auditing firms, regulators, relevant authorities and digital marketing providers. We may also share such personal data with organisations who have introduced You to Us, third parties which whom You have asked Us or permitted Us to share Your data with or any other third party which We must necessarily share Your personal data with so as to be able to provide the products and/or services which You have requested. The personal data shared will depend on the product/s and or service/s You choose to use.

When any such personal data has to be transferred outside of the EEA – European Economic Area, We ensure that all the necessary and appropriate safeguards are in place. We may also disclose personal information to other companies within associated or subsidiary companies and to business partners, or successors in title to Our business. The manner in which data transfer outside the EEA is handled is detailed below.

Internet Communications

You will be aware that data sent via the Internet may be transmitted across international borders even where the sender and receiver of information are located in the same country. We cannot be held responsible for anything done or omitted to be done by You or any third party in connection with any Personal Data prior to Our receiving it including but not limited to any transfers of Personal Data from You to Us via a country having a lower level of data protection than that in place in the European Union, and this, by any technological means whatsoever (for example, WhatsApp, Skype, Dropbox etc.).

Moreover, We shall accept no responsibility or liability whatsoever for the security of Your data while in transit through the internet unless Our responsibility results explicitly from a law having an effect in Malta.

Accuracy Of Personal Data

All reasonable efforts are made to keep any Personal Data We may hold about You up-to-date and as accurate as possible. You can check the information that We hold about You at any time by contacting Us in the manner explained below. If You find any inaccuracies, We will correct them and where required, delete them as necessary. Please see below for a detailed list of Your legal rights in terms of any applicable data protection law. To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections.

Links To Third-Party Sites

Links that We provide to third-party websites are clearly marked and We are not in any way whatsoever responsible for (nor can We be deemed to endorse in any way) the content of such websites (including any applicable privacy policies or data processing operations of any kind). We suggest that You should read the privacy policies of any such third-party websites.

Surveys And Contest

We may occasionally offer you the opportunity to participate in competitions or surveys on our website. If you choose to participate, we may request certain personal information. Participation in these surveys or competitions is entirely voluntary, and it is your decision whether to provide the requested personal information.

Prize Notification

Announcements and messages may be related to specific promotions. For more details, please refer to our terms and conditions or promotion contest-specific terms and conditions. If you wish to complain or reduce the amount of information disclosed, please contact us at [email protected]

Transfer Of Data Outside Of The Eea

Your personal data will only be transferred outside of the EEA or any other non-EEA country which has been deemed by the European Commission to offer an adequate level of protection (also referred to as “white-listed countries” – listed here https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) in the following circumstances: When You have expressly consented Us to do so; or when it is necessary to constitute or execute a contract entered between You and Game Lounge; or to be compliant and in line with any and all legal obligations or duties.

In the event that personal data is transferred outside of the EEA, within Game Lounge or to any of Game Lounge Group’s business partners, We ensure to implement all appropriate safeguards to ensure that the same protection is afforded and the same standards are applied as would be within the EEA. In cases where we engage specific service providers, we may also utilize approved standard contractual clauses. These clauses are designed to provide equivalent protection to the data when it is transferred outside of the EU or the UK.

Data Subject Rights

Game Lounge undertakes to assist You in the best way possible should You choose to exercise any of Your rights with respect to Your personal data. In certain cases, We might need to verify Your identity prior to acceding to Your request to exercise any relevant right.

Access to your personal data
An electronic copy of your personal data (portability)
Correction of your personal data if it is incomplete or inaccurate
Deletion or restriction of your personal data in certain circumstances by applicable law.

The Right To Lodge A Complaint

You have the option to submit complaints to the relevant Data Protection Supervisory Authority. Given that our primary EU establishment is situated in Malta, the Maltese Information and Data Protection Commissioner (IDPC) serves as our Lead Supervisory Authority. We request that you first try to resolve any concerns with us directly, although you retain the right to contact the competent authority at any time, as previously mentioned.

Information We May Require From You

When you exercise your rights by contacting us, we may need to ask for specific information to verify your identity and confirm your right to access your personal data (or to exercise any other rights you have). This is a security measure designed to prevent unauthorized disclosure of personal data. Additionally, we may reach out to you for additional information related to your request in order to expedite our response.

Various Brands

The Data Controller operates its business under multiple brands and trademarks. For the exercise of your rights as outlined above, and to ensure clarity and comprehensibility in our response, we will initially address your requests concerning data processed under the specific brand from which your request originates. If you would like your requests to encompass all brands under which the Data Controller operates, please indicate this in your request.

Response Time Limit

We aim to respond to all valid requests within one month (unless a shorter time frame is mandated by law). If your request is particularly complex or if there are multiple requests, it may occasionally take us longer than a month to respond. If this occurs, we will notify you and keep you informed of the progress.

Cookies

Our site uses cookies. For more information on what cookies are, which cookies we use, how and why we use them, and how you can control which cookies are placed, please read our Cookies Policy.

Changes To This Privacy Policy

We reserve the right, at Our complete discretion, to change, modify, add and/or remove portions of this Privacy Policy at any time. You shall be informed by Us of any material changes made to this Privacy Policy (as well as other terms and conditions relevant to the Website).

June 2024; Version 1.0