Privacy Policy

This Privacy Policy explains the processing of personal data by Cashpoint (Malta) Ltd., Salvu Psaila Street 172, Birkirkara BKR 9077, Malta (hereinafter referred to as: CASHPOINT or “We”).
 

1. Processing of personal data

All personal data is processed in accordance with statutory provisions and in compliance with the General Data Protection Regulation. Personal data is only seen by people who are authorised by CASHPOINT and are entitled to have to know this data to do their job.
 

1.1 Registration and establishing identity

In the course of personal registration and setting up a betting account for the first time, the customer provides the following personal data in accordance with the relevant laws:

· master data (first name and surname, place of residence, date of birth, nationality, etc.)

· contact details (valid email address, optional: valid telephone number)

· user name and password or PIN (freely selected by the customer)

· account settings (standard use, currency, bonus, etc.)

· details or copy of a valid, official identification document with photograph, which meets national passport and identification requirements

· optional: photograph (if a customer card is ordered)

The provision of this data by the customer (with the exception of account settings) is prescribed by law and/or required to comply with the CASHPOINT contract. Without this data, CASHPOINT cannot comply with its statutory and contractual obligations and cannot therefore enter into the contractual relationship. (The account settings are used to be able to customise the management of the betting account and the standard gambling settings for bets.)

Furthermore, on registration and thereafter partly on an ongoing basis, data is processed or obtained as follows:

· On registration, a comparison of the data provided by the customer may be made with the database of a service provider specialised in carrying out identity checks to assist CASHPOINT in checking the customer's identity and home address.

· Furthermore, firstly at the time of registration and at periodic intervals thereafter, a check is required by law to establish whether the customer is a politically exposed person. This is done by comparing the data provided by the customer with a suitable database.

· Furthermore, firstly on registration and thereafter whenever the customer logs in or places a bet, there is a legal requirement for the data provided by the customer to be compared with the relevant blacklists or sanctions lists of the region(s) concerned.

· In order to prevent money laundering and to comply with player protection, additional risk-appropriate proof may be required on registration and at periodic intervals thereafter in accordance with the relevant statutory provisions. Personal data may also be checked by specialist providers if necessary. Such proof may, for example, be a notarised copy of the passport, proof of registration, customer's occupation, origin of assets used in betting, credit reports, etc.

· At the time of registration, default payment and gambling limits are set.

· If the optional customer card is ordered, a customer card is issued with a photograph and a card number is allocated to the customer.

The recipients of this data include:

· authorities, public institutions and courts due to statutory obligations to provide information

· database providers that carry out identity and credit checks

· database providers holding registers of politically exposed persons

· IT service providers

· tax consultants

· authorities and public institutions carrying out the database comparison required by law to check whether the customer is blocked

The aforementioned data collected upon registration and updated later if necessary is stored for as long as the business relationship exists and for as long as required to comply with statutory retention obligations.
 

1.2 Payments into and out of the account

Every customer is provided with a betting account during the registration process and this is used to make and receive payments.

No later than when the first winnings are paid, CASHPOINT must have checked the customer's identity because of legal requirements to ensure that each person receiving a payment is also the registered customer. CASHPOINT also requires bank details to make the payment if no alternative method of payment is chosen.

In the course of payments, the following data is collected:

· transaction data for the payment (ID, date and time, IP address, etc.)

· billing and payment details (amount, payment confirmation or refusal, etc.)

· bank details (name of the account holder, name of the bank, IBAN, BIC)

· specific details about the payment (mobile phone number, bonus code, credit card type, etc.)

· compliance with bonus terms and conditions

· compliance with the limit

The provision of this data by the customer is required to comply with the contract and statutory obligations. Without this data, CASHPOINT cannot make a payment or pay out any winnings.

The recipients of this data include:

· authorities, public institutions and courts due to statutory obligations to provide information

· banks and payment providers

· IT service providers

· tax consultants

The aforementioned data is stored for as long as the business relationship exists and for as long as required to comply with statutory retention obligations.
 

1.3 Gambling process

If the customer places a bet, the following personal data is collected from the customer:

· transaction data for the bet (ID, date and time, IP address, etc.)

· details about the bet (number, subject of the bet, event and odds, stake, winnings, etc.)

· compliance with the limit

· compliance with bonus terms and conditions

The collection of this data is required for CASHPOINT to comply with statutory obligations and the contract. Without this data, CASHPOINT cannot accept any bets or games in the casino.

In addition, the following data will be collected in the event of suspected fraud:

· To fight fraud, when bets are placed, information will be obtained from specialist service providers about any existing cases of suspected fraud

The collection of this data is a legal requirement to fight fraud. Without this information, CASHPOINT cannot accept any bets.

The recipients of this data include:

· authorities, public institutions and courts due to statutory obligations to provide information

· service providers/organisations specialised in fighting fraud

· IT service providers

· tax consultants

The transfer of data to authorities, public institutions and tax consultants is necessary for legal reasons. To protect Cashpoint's legitimate interests, the transfer of data together with the necessary master data to specialist service providers is necessary to fight fraud. The transfer of data to IT service providers is necessary to process the bets.

The aforementioned data is stored for as long as the business relationship exists and for as long as required to comply with statutory retention obligations.

The customer is required to provide the data.
 

1.4 Support and complaint management

In the course of support queries and complaints from customers, the following personal data is collected:

· master data and contact details acquired from the customer during registration

· content of the query or complaint

This data must be provided to comply with the contract. Without this data, CASHPOINT cannot provider user-specific support or process complaints.

The following data will also be collected from the customer:

· If customers contact the support hotline, they can help to improve the service quality by voluntarily agreeing to the conversation being recorded. In this case, the sound recording will be used for internal evaluation and to improve the service.

The recipients of this data include:

· authorities, public institutions and courts due to statutory obligations to provide information

· IT service providers

· support providers

This data must be transferred to IT and support providers for support management and to process customer queries and complaints.

In this case, the data will also be transferred to various recipients in a third country (outside the European Economic Area). The level of data protection in third countries is not necessarily of the same level as that of member states of the European Economic Area. However, CASHPOINT only transfers customers' personal data to countries, for which the EU Commission has decided that they have an appropriate level of data protection or implements measures to guarantee that all recipients have an appropriate level of data protection. To this end, for example, CASHPOINT concludes standard contract clauses. These are available on request using the contact email address.

The aforementioned data is stored for as long as the business relationship exists and for as long as required to comply with statutory retention obligations.
 

1.5 Player protection

If the customer applies for a player protection measure or sets limits, the following personal data will be collected from the customer:

· transaction data and master data

· payment and betting limits

· own personal block

The provision of this data by the customer is required to comply with the contract and statutory obligations.

The recipients of this data include:

· authorities, public institutions and courts due to statutory obligations to provide information

· IT service providers

The aforementioned data is stored for as long as the business relationship exists and for as long as required to comply with statutory retention obligations.
 

1.6 Technical information

If the customer is active on the CASHPOINT website or if the app is used, the following data is collected:

· usage and session data (ID, date and time, IP address, browser information, etc.)

· technical data enabling identification of a terminal device

· login data

The collection of this data is necessary for the protection of CASHPOINT's equipment from attack or from any subsequent criminal prosecution of attackers and to prevent cases of fraud. Due to existing statutory regional restrictions on betting services, the collection of this data is also required to determine the region in which the customer is located at the time of login ("geo IP restrictions").

The recipients of this data include:

· authorities, public institutions and courts due to statutory obligations to provide information

· IT service providers

The disclosure of data to (criminal prosecution) authorities is necessary to investigate possible attacks on CASHPOINT. The transfer of data to IT service providers is necessary to process the bets and casino.

The processing of this data is in CASHPOINT's legitimate interest to ensure integrity, fraud prevention and the protection of its systems.

The aforementioned data is stored for as long as the business relationship exists and for as long as required to comply with statutory retention obligations. In contrast, log files are stored for 3 years.
 

1.7 Marketing

The following data is processed to send information about CASHPOINT, newsletters, offers relating to particular services, vouchers and other advertising materials if the customer agrees to this processing:

· contact details (name, address, email address, mobile phone number)

· details about the newsletter or news and sending data

The processing of this data is required for the transfer of information, newsletters, vouchers and other advertising materials by post, via email, text and push-message.

The recipients of this data include:

· marketing service providers

· IT service providers

This data is processed only subject to the customer's consent, which can be withdrawn at any time without stating a reason using the support email address or using the account settings after logging in.

The aforementioned data is stored for as long as the customer's consent has been given.
 

1.8 Further purposes

CASHPOINT will inform the customer if the provided personal data is processed for any purpose other than the purpose stated above.
 

2. Cookies

CASHPOINT also uses cookies and other technologies to design its website and apps to be more personalised, clearer and more secure for users, to improve its website and apps, to facilitate the use of specific features or to carry out specific statistical analysis.

Cookies are small data files stored on the user's device, allocated to the browser or specific app, and through which the setter of the cookie obtains specific information. Cookies may contain specific (personal) data (e.g. IP address, your operating system/device's settings, website from which the data file is accessed, name of the file or date and time of access).

Visitors can prevent the use of cookies in their browser settings (Internet Explorer, Chrome, Firefox, etc.). To do this, it is necessary to select "Do not accept cookies" or such like in the settings (Settings > Privacy > Cookies). Depending on the browser, there is the option to be asked for your consent before cookies are used. Cookies that have been used can be deleted at any time. Instructions on how to block or delete cookies are provided at https://www.aboutcookies.org/.

If cookies are not accepted or are deleted, this may lead to the functionality of the website or app being restricted in some cases. Please also note that CASHPOINT cannot accept any liability for external content.

The following types of cookies may be used by CASHPOINT on its websites and apps:

· Essential cookies: these cookies are vital for websites or apps to operate properly. These cookies do not collect any personal data.

· Performance or web analytics cookies: these cookies monitor behaviour on our websites and in our apps and enable us to improve their performance. These cookies do not collect any personal data; they only collect anonymised or aggregate data. They are used in CASHPOINT's legitimate interests to analyse and optimise their online services and to operate them efficiently.

· Functionality cookies: these cookies ensure that aspects already selected by users are stored (e.g. language). They help to improve user-friendliness and allow your experience to be personalised. Only pseudonymous data is processed using these cookies.

· Advertising or targeting cookies: these cookies are used to provide you with customised content that could be of interest to you, as well as to measure the impact or effectiveness of campaigns. This is usually done using tools provided by specialized service providers. These cookies can be used to store the websites you have visited and share them with third parties, e.g. advertising agencies. These cookies mostly contain an encrypted key and basically pseudonymous or anonymous data are processed as part of these cookies. Advertising cookies are used by CASHPOINT to promote customers through online marketing and advertising campaigns, based on legitimate interests.

· Third-party cookies: these are cookies used on your device by third parties so that they can provide their services to you. The third-party vendor, typically an advertiser, uses such cookies to track a user's visits to any page displaying third-party advertising. The settings of these cookies are covered by the specific third party's cookie policy.
 

2.1 First-Party Cookies

The following cookies are used on our websites and apps that are only allowed to access to the used domain itself.

Cookie Name

Reason for setting and content

Type of cookie

c_utm_campaign

Setting the affiliate’s UTM tag (eg: 'worldcup')

Tracking

cbtag

Setting the affiliate’s BTag (encrypted tag)

Tracking

c_referer

Setting the referrer if not Cashpoint, XTiP or Merkur (URL)

Tracking

ad_network

Specifies the source of the registration (e.g. ‘DIRECT’, ‘PARTNER’, ‘AFFILIATION’)

Tracking

bettingslip

Setting the whole bettingslip in the cookie for later use by javascript (URL encoded JSON string)

Functional

cpLanguage, langid

Saving the selected website language (‘en’ or 1)

Functional

asked

Sets if a mobile user explicitly requested to see the Desktop website (‘1’)

Functional

depositvalue

Setting the amount that was deposited into the user’s account (‘1000’)

Tracking

sendmail

Marks that the current user has been sent the activation mail (true, false)

Essential

selectedBettingMarket

Saves selected betting markets (JSON string of sportIds and marketIds)

Functional

timetomidnight

Sets the time to midnight for the 24h filter in minutes (123)

Functional

worldcup_overlay_website, worldcup_overlay_mobile

Sets whether or not the Worldcup overlay should be shown again ('dont_show_again')

Functional

redirect

Sets if the user arrived through a redirect (‘1’)

Functional

lastpage

Sets the last page visited by the user, after login go back to lastpage (URL as string without trailing params)

Functional

visited

Sets if the mobile tutorial has been visited (‘1’)

Functional

client

Sets which internal API client is requesting the content, internal name of external partner (e.g. 'xtipfun')

Essential

oddsformat

Defines which oddsformat (Decimal, Fractional) is to be used (‘2’)

Functional

cookieConsent

Saves if the user has accepted the use of cookies by our company ('1')

Functional

PHP session_id

Session ID (encrypted key)

Essential

2.2 Third-Party Cookies and External Content

We use active JavaScript content from external providers on our websites. When you access our site, these external providers may receive personal information relating to your visit to our websites. It is possible that this data is processed outside of the EU. You can prevent this by installing a JavaScript blocker such as the browser plugin 'NoScript' (www.noscript.net) or Ghostery ( www.ghostery.com) or by disabling JavaScript in your browser. However, please note that if you do so you may not be able to use the full functionality of the websites you visit. Please also note that CASHPOINT cannot accept any responsibility for external content.

Third party

Details and opt-out

Type of cookie

Adjust

https://www.adjust.com/privacy-policy/

https://www.adjust.com/opt-out/

Performance, Tracking

Connextra

http://geniussportsmedia.com/privacy-policy/

Targeting

DoubleClick

http://www.google.de/policies/technologies/ads/

Targeting

Google-Analytics

http://www.google.com/analytics/learn/privacy.html

https://tools.google.com/dlpage/gaoptout/

Performance

Google Tag Manager

https://www.google.com/analytics/tag-manager/use-policy/

Performance, Tracking

Income Access

https://www.incomeaccess.com/privacy_policy.asp

Targeting

Optimove (Piwik)

https://www.optimove.com/privacy-policy

Performance, Targeting

Otherlevels

https://www.otherlevels.com/privacy/

Targeting

Rocket Fuel / Sizmek

http://www.sizmek.com/privacy-policy/

https://www.sizmek.com/privacy-policy/optedout/

Targeting


Adjust

Adjust GmbH, Adjust Inc. and Adjust KK is used to provide mobile analytics and attribution services to mobile apps. In connection with these services, we may collect, process and use certain data from the users of these mobile apps but the processing of personal data happens in a way that the data can no longer be assigned to a specific data subject without additional information being provided.

The collected data for providing mobile analytics and attribution services allow us to track our marketing performance, to match customers to our campaigns and to understand how customers engage with our app. The collected data is therefore used in order to analyse the performance of marketing campaigns and to provide performance reports. The collected data is not combined with any other data that would enable Adjust to personally identify customers.

We do not share or disclose the customer data with or to anyone else except in response to lawful requests by public authorities. The data is stored as long as the Adjust technology used. For more information, please visit: https://www.adjust.com/privacy-policy/ . If you want to opt-out of tracking by the Adjust technology, please click here: https://www.adjust.com/opt-out/

Connextra

JavaScript code from Genius Sports Group Limited (25a Soho Square, London, W1D 4FA, UK) is loaded on our website. Connextra is the gaming industry’s No 1 adserver, delivering live prices & messages into dynamically-built online adverts. If you have enabled JavaScript in your browser and have not installed a JavaScript blocker, your browser may transmit personal information to Connextra. Data is collected anonymously (date/time, page views) and pseudonymously (IP address). For more information about Connextra's privacy policy, please visit: http://geniussportsmedia.com/privacy-policy/ . To prevent execution of the Connextra JavaScript code altogether, you can install a JavaScript blocker (e.g.www.noscript.net or www.ghostery.com).

DoubleClick

DoubleClick is used on our website, a service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043). DoubleClick is used to display ads when you visit our website. DoubleClick uses information (but no personal data such as your name or email address) relating to your visits to this and other websites so that ads can appear regarding products and services of interest to you. If you want to find out more about these methods or wish to know what options are available to prevent this information from being used by DoubleClick, please click here: http://www.google.de/policies/technologies/ads/ .

Google-Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics uses various techniques, including so-called 'cookies', which are text files placed on your computer to help the website analyse how users use the site. The information obtained by Google Analytics about your use of the website will be transmitted to and stored by Google on servers which may be operated outside member states of the European Union as well outside states party to the Agreement on the European Economic Area. In case of activation of IP anonymisation within the Google Analytics tracking code for this website, Google will anonymise your IP address prior to transmission. This website uses a Google Analytics tracking code, to which the operator “gat._anonymizelp();” is added to enable anonymised collection of IP addresses (so-called IP masking). Google will use this information on behalf of the website operator for the purpose of evaluating your use of the website, compiling reports on website activity and for providing other services relating to website activity and internet usage to the website operator. Google Analytics will not associate your IP address with any other data held by Google. You may refuse the use of Google cookies by selecting the appropriate settings on your browser. However, please note that if you do so you may not be able to use the full functionality of this website. You can prevent Google’s collection and use of data relating to your use of the website (including your IP address) by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout/ . Further information concerning the terms and conditions of use and data privacy can be found at: http://www.google.com/analytics/learn/privacy.html/ .

Google Tag Manager

We use Google Tag Manager (GTM) for tracking and analytics. JavaScript code from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) is loaded on our website. GTM does not collect any personal information. To prevent execution of the Google JavaScript code altogether, you can install a JavaScript blocker (e.g. www.noscript.net). For more details, please see: https://www.google.com/analytics/tag-manager/use-policy/ .

Income Access

We use tracking tags from Income Access (2020 University, Suite 1320, Montreal QC H3A 2A5, Canada) to measure and analyse the effectivity of affiliate networks. Cookies are used to assist us in tracking internet users' activities originating from an Affiliate's Website or email. The cookies do not intentionally reveal any personally identifiable information to the Affiliate Programme or to us about internet users. This data is processed in such a way that the data can no longer be assigned to a specific data subject without additional information being provided.

For more details, please visit: https://www.incomeaccess.com/privacy_policy.asp .

Ligatus

The use of cookies from Ligatus (Ligatus GmbH, Christophstraße 19, 50670 Cologne, Germany) on our websites enables us to optimise the quality of the advertisements viewed by our customers on the basis of customers’ browsing behaviour. The protection of customer data is a priority for Ligatus, also in the course of the delivery of behaviour-based advertising, and Ligatus only uses anonymised data to improve advertisement quality. Therefore, the identification of persons is not possible either for Ligatus or the respective operator of the website of our partners and customers which you are visiting. User data is processed exclusively in European computer centres.

Ligatus is certified by EDAA: https://www.eprivacy.eu/kunden/vergebene-siegel/firma/ligatus-gmbh/ . More information concerning our privacy policy can be found at: https://www.ligatus.com/de/privacy-policy and the opt-out at: https://www.ligatus.com/en/privacy-policy#cookie_status .

Optimove

Our websites use Optimove (Mobius Solutions, Ltd. at 18 Ben Avigdor St., P.O. Box 57048, Tel Aviv 61570 Israel) tracking in order to use the Optimove Relationship Marketing Hub to automate the execution of highly-personalised customer communications and to allow an efficient way to report data from our websites and trigger campaigns accordingly. The collected data is pseudonymised and includes User ID, PageURL and PageTitle. Data is not combined with any other data that would enable Optimove to personally identify customers. For more details, please see https://www.optimove.com/privacy-policy .

OtherLevels

OtherLevels is used on our websites and apps to send push messages to our customers and OtherLevels provides information to us about how customers use their mobile applications as well as how certain applications are performing across different types of mobile phones. OtherLevels may collect the following data: User ID (for your service), latitude and longitude tag data, events and other usage information. Finally, OtherLevels is able to identify the IP address, device type, locale and time zone of the customer through the HTTP request. Any data collected does not allow Otherlevels to identify visitors. OtherLevels solely uses this data to measure effects on our messaging campaigns and to provide us with segmenting information with respect to customers. For more details, please see: https://www.otherlevels.com/privacy/ .

Rocket Fuel/Sizmek

We use Sizmek’s services to provide a more tailored online advertising experience to our customers. Sizmek’s tools and services are used to create advertisements, to deliver advertisements to devices on behalf of advertisers, to monitor the success of and manage advertising campaigns, and to present you with advertisements that are more likely to be interesting and relevant to you.

To perform interest-based advertising, Sizmek’s technology is deployed on customers’ devices and third-party websites and mobile applications with which customers interact to collect information about customers’ interests and behaviour on the internet. Sizmek’s technology employs cookies, device identifiers and similar technologies (like pixels and statistical device identifiers) to collect information about customers’ browsers or devices, sites visited, advertisements served to them, interactions with those advertisements, and, where available, the geographic location of the devices (“behavioural information”), in the course of providing us with ad-serving and campaign management services and for the purpose of helping determine which advertisements are suitable for delivery to customers. This behavioural information does not enable Sizmek to determine the actual identity of customers. In some areas of the world, certain behavioural information, such as IP addresses, may be considered personal information. Where this is the case, Sizmek complies with applicable laws regarding our use and processing of personal information.

Sizmek complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set out by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland in connection with the United States, respectively. Sizmek has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more details on the privacy policy, please see: http://www.sizmek.com/privacy-policy/ and on the opt-out: https://www.sizmek.com/privacy-policy/optedout/ .

3. Rights of persons concerned

In addition to the right to information, customers also have the right to correct, delete, restrict, object to and transfer their personal data. The customer's right to deletion is only upheld insofar as it does not conflict with CASHPOINT's legitimate interests, and statutory retention obligations do not apply. In addition, the customer is free to lodge a complaint with the data protection authority.
 

4. Contact

Cashpoint (Malta) Ltd.

Address: Salvu Psaila Street 172, Birkirkara BKR 9077, Malta

Email: privacy@cashpoint.at

Version 2.0

Last updated: 22.05.2018