Privacy Policy
Overview
Below you will find our Privacy Policy which tells you about how we will process your
personal data and about rights that you have under data protection. We strongly recommend that you familiarize
yourself with this Privacy Policy. However, we understand that people have busy lives and so want to provide you
with a quick overview of how we will use your personal data
- please remember though that this first section is an overview only and should not be read instead of
reading the full Privacy Policy below.
We process your personal data for the purposes discussed in detail below, but the two main purposes are to enable us to provide you with services and to comply with our regulatory obligations, specifically:
On the regulatory aspect, we are required to monitor our customers and to keep records of transactions to ensure that we are offering a fair, responsible and safe service â and this includes verifying your age and monitoring our customers to ensure that they are playing within their means.
Introduction
This Privacy Policy applies to our websites, applications, goods and services that link to this policy or which do not have a separate privacy policy. The purpose of this Privacy Policy is to provide you with information about how we use your personal data. This Privacy Policy may be updated from time-to-time so we recommend that you review it regularly, however where we make material changes, we will make sure to alert you to this.
How we collect your personal data
In order to provide you services, you will need to create a user account. When creating this user account, you will need to submit certain personal data such as your name, age, address and email. Additional information will also be required for you to utilize some of our services, such as your bank card details.
We also collect information about the transactions you make, including your gaming activity. We may collect personal data through surveys which we, or companies engaged by us for such purpose, undertake. In addition, we collect information about your use of our websites, mobile applications and services. We will also collect other information necessary for us to process your personal data for the purposes set out in this Privacy Policy.
Where you contact us, we will process any personal data you provide in these communications.
We may also collect personal data from third party service providers, such as credit reference agencies and fraud prevention companies.
Finally, we also use "cookies" and similar technologies which may collect certain information about you, such as your devices' IP addresses and online activity, some of which will constitute your personal data. You can learn more about the cookies we use in the 'Cookies' section below.
How will we use your personal data
In accordance with data protection laws, we will only process your personal data when we have a lawful basis for doing so in respect of your personal data. We process your personal data if: (i) it is necessary to provide services to you under the performance of the contract we have with you; (ii) we are required to do so in accordance with legal or regulatory obligations; (iii) you have given your consent; or, (iv) it is in our legitimate interests to process your personal data, provided that none of these interests prejudice your own rights, freedoms and interests.
With the exception of limited circumstances, we do not process special categories of personal data about you (such as personal data relating to your health, ethnicity, religion, political persuasion, trade union membership or sexuality) or personal data relating to criminal offences or convictions. For the limited circumstances in which we process special categories of personal data, we have set out the additional lawful basis required in italics below.
The following is a list of the purposes for which we process your personal data, and the lawful basis on which it carries out such processing:
Purpose |
Lawful Basis |
To set-up, administer and manage your user account |
Necessary for the performance of a contract |
To provide you with our services (including to allow you to play our games) |
Necessary for the performance of a contract |
To receive and respond to your communications and requests |
Necessary for the performance of a contract if the communication relates specifically to our services, otherwise legitimate interests |
To notify you with important updates to our websites, mobile applications and services |
Necessary for the performance of a contract |
To ensure that we are able to fulfil our regulatory obligations regarding your use of our services, including by verifying the accuracy of any information you provide us, verifying your identity and verifying your age (which may involve us disclosing your personal data to third parties or supplementing your personal data with information received from third parties (such as credit reference agencies)) |
Necessary to comply with a legal or regulatory obligation |
To ascertain sources of funds and wealth, and to determine your ability to afford the amount you spend |
Necessary to comply with a legal or regulatory obligation |
To comply with our obligations under applicable laws |
Necessary to comply with a legal or regulatory obligation |
To identify and disclose any suspected unlawful, fraudulent, or other improper activity connected with our websites, mobile applications and services (including money laundering) |
Necessary to comply with a legal or regulatory obligation Substantial Public Interest: Preventing or detecting unlawful acts / protecting the public against dishonesty / regulatory requirements relating to unlawful acts and dishonesty / preventing fraud / suspicion of terrorist financing or money laundering |
To prevent you from using our websites, mobile applications and services if you have requested that we do so (such as self-exclusion) |
Necessary to comply with a legal or regulatory obligation Substantial Public Interest: Safeguarding of individuals at risk / safeguarding of economic well-being of certain individuals |
To comply with any deposit, spend or loss limits that you have set or which have been applied to your user account |
Consent |
To support any other purpose necessary for the performance of our contractual obligations or specifically stated at the time at which you provide your personal data |
Necessary for the performance of a contract |
To identify any fraudulent use of our services |
Necessary for a legal or regulatory obligation |
To identify any breach of our terms of use |
Necessary for the performance of a contract |
To carry out market research campaigns |
Legitimate interests of better understanding the products and services that our customers most enjoy |
To send out surveys to better understand our products and services |
Legitimate interests of better understanding the products and services that our customers most enjoy |
To review the results of surveys completed by you |
Consent |
To prepare statistics relating to the use of our websites, mobile applications and services by you and our other customers |
Legitimate interests of understanding the use of, and therefore improving, our products and services |
To send offers and promotions relating to our services that you may be interested in |
Consent |
To record telephone calls to and from, and live chats with, our customer services representatives for training purposes |
Legitimate interests of improving our customer services |
To record telephone calls to and from, and live chats with, our customer services for security and regulatory purposes |
Necessary for a legal or regulatory obligation |
To use your name, image, username or location in publicity and marketing, but only when you have provided express and informed consent for us to do so |
Consent |
Sharing: To share your personal information with other members of the Group who assist in providing the services to customers |
Legitimate interests to allow us to provide services |
Sharing: To share your personal data with our professional advisors, such as lawyers and consultants |
Legitimate interests to allow us to seek advice |
Sharing: To share your personal data with social media services to provide you with ads on social media sites, unless you have requested not to receive such ads via your social media account |
Legitimate interest of better advertising our products and services |
Sharing: To share your personal information with third parties for identity and geolocation verification |
Necessary to comply with a legal or regulatory obligation |
Sharing: To share your personal information with third parties for fraud and Illicit Funds Detection  detection purposes  |
Necessary to comply with a legal or regulatory obligation Substantial Public Interest: Preventing or detecting unlawful acts / protecting the public against dishonesty / regulatory requirements relating to unlawful acts and dishonesty / preventing fraud / suspicion of terrorist financing or money laundering |
Sharing: To share your personal data with law enforcement agencies for the prevention and detection of crime |
Legitimate interests of helping to protect our services and our community Substantial Public Interest: Preventing or detecting unlawful acts / protecting the public against dishonesty / regulatory requirements relating to unlawful acts and dishonesty / preventing fraud / suspicion of terrorist financing or money laundering |
Sharing: To share your personal data with national self-exclusion databases if you have self-excluded |
Necessary to comply with a legal or regulatory obligation Substantial Public Interest: Safeguarding of individuals at risk / safeguarding of economic well-being of certain individuals |
Sharing: To share your personal data with gaming regulators in order to assist and comply with any investigation |
Necessary for a legal or regulatory obligation |
Cookies: To operate our websites and mobile applications, including allowing you to interact with our websites and mobile applications and to recall selections as you move between pages  |
Legitimate interest of using a website with at least standard functionality to provide our services |
Cookies: To analyze your use of our website, monitor our web audience and populate certain content on our website in line with your usage |
Consent |
Cookies: To track your journey to and from our website so we can understand how customers come to and from our website and give effect to any commercial arrangements |
Consent |
Cookies: To comply with regulations, including identifying multiple user accounts, attempts to login to an unauthorized user account or potential fraud |
Necessary to comply with a legal or regulatory obligation |
Cookies: To present third party marketing |
Consent |
In addition to the purposes set out above, we may also process your personal data for other purposes that we deem compatible with those listed above. We will update this Privacy Policy accordingly, when we do this.
Please note that the lawful bases set out above are those which will primarily apply although it is possible that a change in circumstance may result in a change in lawful basis â for example, if you close your user account with us we will no longer process your personal data to perform a contract with you but will continue to do so in order to comply with legal requirements.
Intra-Group Sharing
We are part of the Group and there will be instances where your personal data is shared with other members of the Group. This will occur in the following circumstances:
- to enable us to identify and replicate responsible gaming measures (such as self-exclusion) to players across the Group (necessary to comply with a legal/regulatory requirement);
- to assist with account management, identification and verification of our customers as well as other regulatory checks (necessary to comply with a legal/regulatory requirement);
- to help ensure that customer information is up-to-date and accurate (necessary to comply with a legal/regulatory obligation);
- to identify customers who have committed or are suspected of fraud, money-laundering or other criminal acts (necessary to comply with a legal/regulatory requirement);
- to identify customers who have breached our Terms of Service or other terms and conditions related to our services  (legitimate interests);
- to send cross-brand marketing materials where customer has requested this (consent); and
- to analyze and better understand our business, customers, products and services across the group (legitimate interests).
We may also in the future share personal data with other members of our Group for purposes that are related to and compatible with those set out above. Finally, where we are required by law or regulation to share personal data throughout our Group for reasons beyond those set out above we will be required to do this.
Please check this Privacy Policy frequently to learn of any updates to our intra-group sharing.
Disclosing your personal data
In addition to the purposes involving the sharing of your personal data listed above, we will also disclose your personal data to processors we engage. We will have a contract in place with each such processor to ensure your personal data is kept secure.
We may also disclose your personal data in the following circumstances:
- when required by applicable law or regulation (disclosure to a governmental, regulatory or enforcement authority);
- in order to defend ourselves legally and/or in relation to legal proceedings; and
- whilst negotiating a takeover, purchase or merger, and pursuant to the same.
Transferring your personal data outside of the EEA
We store your personal data in the Isle of Man, a territory that has received an Adequacy Decision from the European Commission regarding its suitable data protection laws. Your personal data may also be accessed by members of the Group who are located outside of the European Union and in such cases we have implemented standard contractual clauses to ensure adequate protection of your personal data.
We may also share your personal data with third parties outside of the European Union and in all such cases we will ensure that standard contractual clauses or an Adequacy Decision is in place to protect your personal data.
Security
We will take appropriate security, technical and organizational measures to ensure that your personal data is kept secure and to prevent the theft, loss or unauthorized access to your personal data. It is important to understand however that security can never be guaranteed and you will not hold us liable save where the security of your personal data is compromised due to our negligence.
Marketing
If you have signed up to services offered by us we may send you direct marketing in relation to other services offered by us or our Group provided that you have given your consent to receive such marketing.
At any time you can manage your marketing consents via your user account. You can also unsubscribe by using the tools in any marketing communication you receive. Please note that if you unsubscribe from marketing it may take up to five working days for this to take effect.
Social Media Marketing
We may also use information you provide to us to show you relevant advertising and personalized content about our Group's services on certain third party social media platforms (Social Media Sites) made available to us through relevant service providers (e.g. Facebook, Twitter). If you do not wish to see these advertisements, you can change your settings on the Social Media Sites. If you do not want us to share this information with Social Media Sites you can contact us directly.
Cookies
In this Privacy Policy, we use the expression 'cookie' to refer to cookies and similar technologies we use to store information (such as web beacons). A cookie is a simple text file that is stored on your computer or mobile (or other) device by a website's server, and only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information, such as a unique identifier and the website name and some digits and characters.
Almost all websites and applications you visit, including our websites, will use cookies in order to improve your user experience by enabling that website and/or application to 'remember' you, either for the duration of your visit (using a 'session cookie') or for repeat visits (using a 'persistent cookie').
Cookies are used to improve your use of a website or application, for example through letting you navigate between pages efficiently and storing your preferences. Cookies make the interaction between you and the website faster and easier. If a website or application doesn't use cookies, it will think you are a new visitor every time you move to a new page on the website. Cookies can also be used to enable targeted advertising and analyzing your browsing of a website.
You can learn more about cookies generally and how to disable them on your browser here. Â
You can learn more about what advertising cookies exist on your device and you can disable them directly by clicking here.
Retention of your personal data
We retain your personal data for six years. Six years is calculated from the closure of your user account or where your user account has been dormant for this period. There are some exceptions to this retention period, namely:
- If you self-exclude from any of our services, we will retain this information indefinitely.
- If you are under investigation or we have identified possible fraud, money-laundering, criminal activity we may retain your personal data for longer.
- If there is a legal dispute, we will retain your personal data for the duration of the dispute and for six years thereafter.
Updating your personal data
You can update some of your personal data at any time via your user account. We request that when your personal data changes you update your user account as soon as possible. If you are unable to change your information via your user account, please contact support.Â
Your rights
You have the following rights in relation to your personal data:
- a right to access your personal data held by us (also known as a subject access request);
- a right to receive certain personal data in machine-readable format;
- a right to have inaccurate or out-of-date personal data rectified;
- where we have specifically requested your consent to process your personal data and have no other lawful conditions to rely on, you have the right to withdraw this consent;
- a right to have certain personal data erased where it is no longer necessary for us to process it, if you have withdrawn your consent pursuant to the paragraph above, where you have objected pursuant to the paragraph below, where your personal data has been unlawfully processed, or where erasing your personal data is required in accordance with a legal obligation;
- a right to object to the processing if the lawful basis is that it is in our legitimate interests to process your personal data, but please note that we may still process your personal data if there are other relevant lawful bases or if we have compelling grounds to continue processing your personal data in our interests which are not overridden by your rights, interests or freedoms;
- a right to request an explanation of the logic involved if we make decisions about you solely through automated means; and
- a right to object to direct marketing, which can be done by opting-out of direct marketing either through your user account or by opting out via the communication itself. You also have a right to object to any profiling to the extent that it relates to direct marketing only.
- Right to erasure: You may ask us to delete or remove your Personal Data and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion). If we have shared your data with others, we will tell them about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
If you are unsure about your rights or are concerned about how your personal data may be processed, you should contact our support or your national data protection supervisory authority.
If you would like to exercise any of your rights then you can do so by contacting support. Please be aware that while we will try to accommodate any request you make in respect of your rights, they are not absolute rights. This means that we may have to refuse your request or may only be able to comply with it in part.
When you make a request in respect of your rights, we will require proof of identification. We may also ask that you clarify your request. We will aim to respond to any request within one month of verifying your identity, but it may take longer (we will notify you if this is the case). If we receive repeated requests, or have reason to believe requests are being made unreasonably, we reserve the right not to respond.
Supervisory authorities
If you have any complaints you have the right to contact your own national data protection supervisory authority however we do ask that you contact us in the first instance to allow us the opportunity to address your concerns.
Contact us
If you have any questions regarding our use of your personal data, or you would like to exercise any of your rights, please contact our support in the first instance. You can also contact our Data Protection Officer at info@xwin90.com.
Privacy Policy last revised: April 24, 2022