Register

Privacy Policy

ComeOn Connect  accessible on www.comeoneconnect.com (“Website”), is operated by, or on behalf of ComeOn. Any reference to “We”, “Us”, “Our” or the “Company” in this Privacy Policy shall be construed as reference to the ComeOn Connect operations of and/or the Website. 

Date: 10.09.2024 Version: 1.0

Contents

  1. PRIVACY POLICY TERMS 
  2. ABOUT US
  3. YOUR DATA
  4. LEGAL BASIS FOR DATA PROCESSING
  5. PURPOSE OF THE PROCESSING
  6. SHARING OF PERSONAL DATA
  7. INTERNATIONAL TRANSFER OF PERSONAL DATA
  8. DATA SECURITY
  9. DATA RETENTION
  10. YOUR RIGHTS

1. PRIVACY POLICY TERMS 

This Privacy Policy is to be read in conjunction with the Company’s Terms and Conditions and Cookie Policy. This Privacy Policy explains how We collect, store and use your personal data when visiting, registering and/ or using the website “www.comeoneconnect.com”. It also refers to your data protection rights and the options available in relation to the use of your personal data by the Company (“Privacy Policy”).

Unless otherwise stated in this Privacy Policy, the applicable terms herein shall have the same meaning as set forth in the Company Terms and Conditions.

We aim to safeguard your personal data and respect your privacy rights, in accordance with the applicable law(s), in particular in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the applicable local laws of the jurisdiction in which We operate and/ hold a licence.  

We reserve the right, at our complete discretion, to change, modify, add and/or remove sections of this Privacy Policy at any time. In the event of changes that will significantly affect any of your rights, We will notify you and/or  announce this on www.comeoneconnect.com before the changes take effect. We encourage you to periodically review this Privacy Policy for the latest information regarding our privacy practices. 

We shall store previous versions of this Privacy Policy for your review upon request.

2. ABOUT US

We are data controllers of your personal data in accordance with the GDPR and have appointed a data protection officer (“DPO”) to oversee and monitor that We act and process your personal data in compliance with applicable rules and regulations. The DPO is your contact person for any questions relating to the collection, storage and usage of your personal data and/or this Privacy Policy. 

Should you have any queries regarding the collection, storage and usage of your personal data and/or this Privacy Policy, please contact the DPO at [email protected].  

3. YOUR DATA

As an affiliate of the Company, you are referred to as the “data subject” under the GDPR as well as this Privacy Policy and all personal data relating to you falls within the scope of both the GDPR and this Privacy Policy. Data that has been anonymised to an extent that the data subject is no longer identifiable is outside the scope of the GDPR and consequently this Policy. Anonymised data refers to such data where the identifiers relating to a “data item” have been removed in such a way that the data is rendered completely anonymous. 

In relation to your personal data, you are responsible for providing personal data that is complete and accurate and also for informing the Company in writing of any changes that may apply so that We can use all reasonable means to maintain information regarding you accurate, current and up-to-date. In addition, We reserve the right to implement data accuracy checks in accordance with the GDPR at any time, requiring you to verify personal data We hold on you.

4. LEGAL BASIS FOR PROCESSING 

The legal basis for the collection, storage and usage of your personal data may include either one or more of the following: 

  • Consent: Refers to the processing of personal data based on the explicit consent of the data subject for one or more specific purposes. When processing personal data based on explicit consent We do so for as long as you do not withdraw your consent, save for exceptional circumstances which may be provided for by law. You have a right to withdraw consent at any time to stop processing operations by the Company. Such withdrawal does not however affect any processing of personal data undertaken by the Company prior to withdrawing your consent.  


  • Performance of a Contract: Refers to the processing of personal data undertaken when necessary for the performance and/or fulfilment of the contractual obligations that you and the Company are a party to, including but not limited to the Terms and Conditions of this Website.


  • Compliance with Legal Obligations: Refers to the processing of personal data, including retention, as required by law or regulations to which the Company is subject to. 


  • Legitimate Interest: Refers to the processing of personal data in order to operate and provide you the best possible service and experience through Our Website. Processing undertaken on the basis of a legitimate interest is done taking account of the impact that such processing operations may have on your interests and fundamental rights and freedoms. 

5. PURPOSE OF THE PROCESSING  

The below table explains what personal data We collect, at which point and the how and why We process it.

Categories of data collected

When is this data collected?

What is the purpose for the collection of this data?

What is the legal basis for the collection of this data?

Identification Data – this includes name, surname, date of birth, et cetera.

Requested upon registration on the Website (and may be requested thereafter for data validation).

  1. Identification of the affiliate. 
  2. Creation of a unique affiliate profile.
  3. Verification of the affiliate for Anti-Money Laundering (AML) reasons.
  4. Identification of the affiliate in terms of performance of the contract.
  1. Performance of Contract.
  2. Performance of Contract.
  3. Compliance with Legal Obligations.
  4. Performance of Contract & Legitimate Interest.

Contact Data – this includes your email address, home address, registered company et cetera.

Requested upon registration on the Website (and may be requested thereafter for data validation) or upon making an enquiry via the website.

  1. Identification of the affiliate. 
  2. Creation of a unique affiliate profile.
  3. Contacting the affiliate.
  4. Dissemination of Newsletters.
  5. Respond to your enquiry. 
  1. Performance of contract.
  2. Performance of contract.
  3. Performance of contract.
  4. Legitimate Interest.
  5. Explicit Consent. 

Data which is necessary for verification purposes (this includes your ID document, proof of address, proof of income, proof of wealth, et cetera)

To be provided upon request (automated or otherwise), irrespective of the means of communication, frequency and request thereof.

  1. Verification of the affiliate’s identity.
  2. Required for compliance with AML legislation.
  1. Compliance with Legal obligation.
  2. Compliance with Legal obligation.

Communication data (this relates to all communication between you and the Company).

When contacted (irrespective of the means of communication thereof, automated or otherwise, and includes communication originating from the Company or you).

  1. Required, in order to offer you the service and answer your queries.
  2. Required to comply with Remote Gambling licensing requirements and legal obligations.
  1. Performance  of contract.
  2. Compliance with Legal obligation.

6. SHARING OF PERSONAL DATA

As the Company’s suppliers, service providers or business partners are required/responsible for certain parts of the overall functioning or operation of the Website, games and other services made available to you by Us, We may need to share your personal data for the above-mentioned purposes with the said suppliers, service providers or business partners. These include:

  • Customer Interaction Software Providers: We use third party software to help Us communicate with you, allowing Us to send emails to you and speak with you on our live chat function.
    • AML, Identity and Anti-Fraud Software Providers: We use third party software to perform certain AML, identification and fraud verification checks, which in this case are necessary to comply with our legal obligations. 
  • Government or Regulatory Authorities: We may, if necessary or authorized by law, provide your personal data to law enforcement agencies, government or regulatory organizations, courts or other public authorities. We may, at our discretion, contest such claims if We believe the requests are disproportionate, unclear or lack the proper authority.
  • External Auditors 
  • Group Companies or Third Party Suppliers: We may share your personal data with other companies that are within the same group of companies and/or third party supplier, that provide certain services/support for services and functions made available to you by the Company on Our Website.

We require all third parties to respect the security of your personal data and to treat it in accordance with this Privacy Policy and the applicable law. We do not allow any third party service provider to use your personal data for purposes other than those specified in this Privacy Policy and only permit them to process your personal data in accordance with Our instructions, unless expressly provided for by law such as in the case of government or regulatory authorities that are required to process personal data to fulfil legal obligations. 

Furthermore, We may share personal data if We enter any kind of merger, acquisition or business sale or part thereof (as affiliates/customers’ personal data generally is included in the sale or transfer thereof) and/or sale or transfer of      specific asset/s of the business which might include affiliates/customers’ personal data.

7. INTERNATIONAL TRANSFER OF PERSONAL DATA

Some of the service providers (listed above) may be based outside the European Economic Area (“EEA”), and accordingly, the processing of your personal data will involve a transfer of data outside the EEA. Whenever We transfer your personal data outside of the EEA, We do so ensuring a similar degree of protection to your personal data as provided by Us to you. To ensure the protection of your personal data, We will implement one of the following safeguards:

  • Adequacy Basis – We will ensure that the transfer of your personal data is undertaken with entities established in countries that are deemed to provide an adequate level of protection for personal data by the European Commission.
  • Standard Contractual Clauses – In absence of an adequacy decision basis, We may use the Standard Contractual Clauses approved by the European Commission, providing the same standard of protection to personal data as in the EEA. In accordance with the Court of Justice of the European Union Schrems II decision, We shall also implement complementary measures (including technical and organisational measures), in addition to the Standard Contractual Clauses as necessary.

8. DATA SECURITY

As a company, We aim to achieve the highest possible level of security and privacy, taking the confidentiality, integrity and availability of all data that is processed seriously. To deliver such value to our affiliates, employees and interested parties, We manage our Information Security Management System according to industry best practices and standards. We also review and update our security objectives and risk treatment on a regular basis and commit to procure all necessary resources for the continuous improvement of our established Information Security Program to sustain a professional level of protection.

To ensure the security of personal data, the Company has implemented a number of technical, contractual, as well as organizational measures to ensure that personal data is not accidentally lost, used or accessed in an unauthorized manner, altered or disclosed. We also limit access to personal data by employees, agents, contractors and other third parties on a “need-to-know” basis. This means that only persons with a need to access your personal data will have access to it (or parts of it – as applicable). In addition, the said persons will only process your personal data on Our instructions subject to a duty of confidentiality.

We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where We are legally required to do so. 

9. DATA RETENTION

The Company will only retain your personal data for as long as it is necessary to fulfil the purpose, we collected it for, including but not limited to the purposes of meeting and complying with any legal, accounting, or reporting requirements.

When determining how long a retention period is appropriate for your personal data, We take into account various factors, such as the nature and sensitivity of the personal data, the potential risk of unauthorized use or disclosure of such data, the purpose We collected and processed such data for and applicable laws and/or legal requirements to which We are subject. 

Upon the closing of your account, We retain your personal data to fulfil legal obligations to which We are subject to, and use them for the purpose of establishing, defending or exercising legal claims. When Your personal data is no longer required for such purposes, We will either securely delete or anonymise the personal data in question. 

Please contact the DPO for further information about Our retention periods.

10. YOUR RIGHTS

You have the following rights with respect to your personal data processed by the Company:

  • Right of Access: You can request to know if We are processing personal data relating to you and also request a copy thereof free of charge.
  • Right to Rectification: If any personal data We hold about you is incomplete or incorrect, you can request to have your personal data corrected. Please note that We may need you to provide proof and documentation (such as your proof of address) in order to verify accuracy of the data and comply with your request.
  • Right to Object to Certain Processing: You have a right to object to the processing of your personal data where personal data is processed for direct marketing or where We rely on legitimate interest (Ours or of a third-party), and you feel that your interests or fundamental rights and freedoms override the legitimate interest. However, in the latter circumstance, We may prove We have compelling legitimate reasons to process your personal data which may override your rights. When exercising this right you are to submit the reasons for objecting to the processing of personal data to Our DPO. 
  • Right to Restriction: You may, in some cases, request a restriction/suspension of the processing of your personal data. Instances of when this right may be exercised include instances where personal data is incorrect or where you have objected to the processing of your personal data, until such time that We verify whether We have compelling overriding legitimate reasons to reject your request to object.
  • Right to Withdraw Your Consent: Where We process personal data on the basis of Your consent, you have a right to withdraw consent at any time. Should you exercise your right to withdraw consent, We will determine whether at that stage an alternative legal basis (such as a legal obligation) exists for processing of your personal data. If We are authorised to process you personal data in absence of your consent We undertake to inform you accordingly. It is to be noted that withdrawal of your consent will not affect the legality of the processing performed until the time you withdrew your consent.
  • Right to Data Portability: You may request to receive your personal data in a structured, commonly used and machine-readable format for use by another data controller and, where technically feasible, to have such data directly transmitted to the other data controller.
  • Right to Erasure: You have a right to request the deletion of your personal data but this shall apply only where We do not have a legal ground for processing your data further. It is important to note that although you have the right to have your personal data deleted, We are often not in a position to delete the data in its entirety, due to compliance with a legal obligation and for the establishment, exercise and defence of legal claims entitling Us to retain personal data for a specific period.
  • Right to Lodge a Complaint: You have the right to submit a complaint with a supervisory authority at any time. However, We would encourage you to contact us in the first instance for the opportunity to resolve and/or answer any queries, concerns or issues that you may have before referring the matter to the supervisory authority. 

When exercising your rights, We may need to request further information from you to help Us verify and confirm your identity and ensure you are exercising your right in relation to your personal. Such information is requested as a security measure to ensure that personal data is not disclosed to persons who do not have a right to receive it.

We will do Our utmost to respond to all legitimate requests within a period of one month from the submission of a request and subsequent verification and confirmation of your identity. Occasionally it may take Us longer than a month if your request is particularly complex or you have made more than one request. In such circumstances, We will keep you updated and notify you of the need for an extension of the timeframe in accordance with the GDPR.

Promote over 15 top casino & sportsbook brands today!

ComeOn Group

Triq Mikiel Ang Borg Level 3

Saint Julian’s,

SPK 1000

Malta

Find Us

For Affiliate Queries Monday – Friday 09:00 – 17:00 CET [email protected]
Instagram Twitter Linkedin Facebook
Gaffg

Copyright of ComeOn Connect 2024