Last Modified: 26th April, 2019
Genesis Global Limited (“Genesis”) is concerned with protecting the privacy of any personal information that you may choose to provide to us (“Personal Information”). Genesis will attempt to ensure that its use of your Personal Information is compliant with the General Data Protection Regulation, (“GDPR”), (Regulation (EU) 2016/679). Accordingly, Genesis issues this policy to inform you of our use of your Personal Information.
As a global, online casino destination, Genesis is committed to providing a safe, responsible and secure gaming environment. Genesis is certified and strictly regulated by some of the most prestigious governing bodies worldwide and complies with all guidelines to ensure that our games and financial transactions are properly and transparently monitored to provide maximum player protection.
1.4 This website, Spela, is operated by Genesis of Level 6A, Tagliaferro Business Centre, Gaeity Lane (Triq Il-Kbira) c/w High Street, Sliema, SLM 1549, Malta. Genesis is a company incorporated under the laws of Malta with registration number C65325, operating under a B2C Gaming Service Licence number MGA/B2C/314/2015, issued on 5th August 2016. The Company is licensed and regulated by the Malta Gaming Authority with licence number MGA/B2C/314/2015 issued on the 5th August 2016, Spelinspektionen starting 1st January 2019 until 31st December 2023 and also by the UK Gambling Commission with licence number 000-045235-R-324169-007. UK persons wagering via the website are doing so in reliance on the licence issued by the UK Gambling Commission and Swedish persons by the licence issued by Spelinspektionen
1.5.1 “You” means the player who is using the services of Genesis Global Limited.
1.5.2 “Personal Data” means information that specifically identifies an individual or that is linked to information that identifies a specific individual.
1.5.3 “Visitor” means an individual other than a user, who uses the public area, but has no access to the restricted areas of the Site or Service.
This policy is based on the following data protection principles:
• The processing of personal data shall take place in a lawful, fair and transparent way;
• The collecting of personal data shall only be performed for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
• The collecting of personal data shall be adequate, relevant and limited to what is necessary in relation to the purpose for which they are processed;
• The personal data shall be accurate and where necessary, kept up to date;
• Every reasonable step shall be taken to ensure that personal data that are inaccurate having regard to the purposes for which they are processed, are erased or rectified without delay;
• Personal data shall be kept in a form which permits identification of the data subject for no longer than it is necessary for the purpose for which the personal data are processed;
• All personal data shall be kept confidential and stored in a manner that ensures appropriate security;
• Personal data shall not be shared with third parties except when necessary in order for them to provide services upon agreement;
• Data subjects shall have the right to request access to and rectification or erasure of personal data, or restriction of processing, or to object to processing as well as the right of data portability.
2. The information we collect
2.1 As part of providing you with the Services, we collect your Personal Information on registering an account. “Personal Information" means any information from which you can be personally identified, including your name, surname, email address, home address, telephone number, mobile number, inbound and outbound call recordings , Government issued personal identity number, date of birth, credit/debit card details and any other details as might be requested from you for the purpose of registration. We may also collect information from you if you request information or customer support.
2.2 As part of providing you with the Services, we also collect information about the transactions you undertake, including details of payment methods used, details of the games you played and underlying gaming transactions, details such as traffic information, location data, communication data including IP address and browser type, pages visited, content viewed, clicked links, URLs visited after you visited our website.
2.3 We may also collect information and communications on forums on websites, including chat rooms and message boards, profile comments, chat messaging with other operators or other users. We also collect your response to marketing campaigns from us or through our third parties, that is open/click on such emails; your social media profile details (name, profile photo and other information you make available to us) when you connect with or contact us through a social media account; information derived based on profiling activity (see below); and information from third party databases to comply with our legal and regulatory obligations.
2.4 Not all the personal information we hold about you will come always directly from you. We may also collect information from third parties such as our partners, service providers and publicly available websites (i.e. social media platforms) to comply with our legal and regulatory obligations, offer Services we think may be of interest, to help us maintain data accuracy and provide and enhance the Services.
2.5 As part of providing you with the mobile application service, we may collect your mobile number via a dedicated landing page in order to download our mobile applications.
3. How we will use your Personal Information
3.1 We will process your Personal Information in accordance with the GDPR and to provide you with the Services. We will process your Personal Information to enable us to:
3.1.1 Set-up, administer and manage your Account and records (including processing deposits and withdrawals);
3.1.2 Provide and personalise the Services (including to allow you to wager and play our games);
3.1.3 Receive and respond to your communications and requests;
3.1.4 Notify you about updates to the Software and/or the Services;
3.1.5 Ensure that we can fulfil our regulatory obligations regarding your Account, including by verifying the accuracy of any information you give us;
3.1.6 Comply with our obligations under Applicable Laws and to Regulators in jurisdictions where we are licensed (including the Malta Gaming Authority, Sweden Spelinspektionen and UK Gambling Commission);
3.1.7 Investigate, and assist with the investigation of, suspected unlawful, fraudulent or other improper activity connected with the Services (including, where appropriate, dealing with requests from authorised entities/Authorities for the sharing of information);
3.1.8 Carry out market research campaigns;
3.1.9 Preparing statistics relating to the use of the Services by you and other customers;
3.1.11 Provided that you “opt-in” and don't "opt-out" from this option, keep you informed on offers and promotions in relation to our products and services;
3.1.12 Support any other purpose necessary for performance of our contractual obligations or specifically stated at the time at which you provided your Personal Information. These are the "Purposes" for which we may collect your Personal Information.
If at any time you wish us to stop processing your Personal Information for the above purposes, then you may contact us, and we will take the appropriate steps to stop doing so. Please note that when exercising your right to restrict processing, your Account will be closed and any promotional bonus, prizes or benefits which may have been acquired will be forfeited. Following the closure of your Account, we will retain and may continue to process your Personal Data as necessary to comply with our legal obligations. Under Malta Gaming Authority (MGA) licensing requirements, we are bound to satisfy a number of statutory obligations, specifically the Prevention of Money Laundering and Funding of Terrorism Regulations (LN 372/2017) Article 13, which obliges us to retain any information stored for a minimum period of five years from the closure of your Account, for the purposes of the prevention, detection, analysis and investigation of money laundering or funding of terrorism activities. After this period has elapsed, your Personal Data will be deleted from our records. To exercise any of your rights as set out under GDPR please email email@example.com
3.2.1 If you choose to stop receiving marketing communications (in the form of email, phone or SMS), it may take up to 72 hours to stop receiving these notifications.
3.3 To ensure a good quality of service and assess our legal and regulatory obligations we may monitor any communication you have with us whether in writing or by electronic mail (“recordings”) or any inbound and outbound calls done by any member of the Genesis team. Any recordings remain the property of Genesis and will be used only for the purposes listed above.
3.4 In the event that the purposes for processing change, then we will notify you as soon as practicable and seek any additional consent that may be required.
4. Disclosing your Personal Information
Except as described in this Policy, we will not intentionally disclose the Personal Data that we collect or store on the Service to third parties without your prior explicit consent. We may disclose information to third parties in the following circumstances:
4.1 Any company within our Group (including to its employees, and all sub-contractors) which assists us in providing the Services or which otherwise has a need to know such information;
4.2 Any third party which assists us in providing the Services, including (but not limited to) payment processors, regulators where there is a breach or suspicion of breach of the relevant law pertaining to the relevant jurisdiction including the UK Gambling Commission, the Malta Gaming Authority and Sweden Spelinspektionen.
4.3 Any third party which can assist us in verifying the accuracy of your Personal Information, including financial institutions and credit reference agencies (a record of the search may be retained by such third party) and also in the event of a merger, sale, restructure, joint venture, assignment, transfer, or other disposition of all or any portion of our business assets;
4.4 Any third party which assists us in monitoring use of the Services, including the detection and prevention of fraud and collusion;
4.5 Any third party processor for the purpose of assisting us in providing the SMS services with regards to our mobile application, irrespective of whether through a dedicated landing page or not;
4.6 Any contractors or other advisers auditing any of our business processes or who have the need to access such information for the purpose of advising us;
4.7 Any law enforcement body that may have reasonable and lawful requirement to access your Personal Information;
4.8 Any regulatory body or authorised entity that may have reasonable and lawful requirement to access your Personal Information; and
4.9 Any potential purchaser of Genesis or any investors in it or in any company within our Group (including in the event of insolvency).
4.10 If at any time you wish us to stop processing your Personal Information for the above purposes, then you may contact us and we will take the appropriate steps to stop doing so. Please note that when exercising your right to restrict processing, your Account will be closed and any promotional bonus, prizes or benefits which may have been acquired will be forfeited. Following the closure of your Account, we will retain and may continue to process your Personal Data as necessary to comply with our legal obligations. Under Malta Gaming Authority (MGA) licensing requirements, we are bound to satisfy a number of statutory obligations, specifically the Prevention of Money Laundering and Funding of Terrorism Regulations (LN 372/2017) Article 13, which obliges us to retain any information stored for a minimum period of five years from the closure of your Account, for the purposes of the prevention, detection, analysis and investigation of money laundering or funding of terrorism activities. After this period has elapsed, your Personal Data will be deleted from our records. You may contact us to exercise your right set out under this article by sending an email to firstname.lastname@example.org
5. Data Subject Rights
5.1 We respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided through your use of the Services. Your principal rights under the GDPR are:
a. the right for information;
b. the right to access;
c. the right to rectification;
d. the right to erasure;
e. the right to restrict processing;
f. the right to object to processing;
g. the right to data portability;
h. the right to complain to a supervisory authority; and
i. the right to withdraw consent.
5.2 If you wish to access or amend any other Personal Data we hold about you, or to request that we delete any information about you, you may contact us by sending an email to email@example.com. Once your request is received, we will send you an acknowledgment and handle it promptly. Genesis has 30 days to respond to these requests with a possibility to extend this period for particularly complex requests in accordance with Applicable Law. We will retain your information for as long as your account is active, as needed to provide you services, or to comply with our legal obligations, resolve disputes and enforce our agreements. Please see 5.3 below when requesting that we delete any information about you
5.3 When you exercise the right to erasure, your Account will be closed and any promotional bonus, prizes or benefits which may have been acquired will be forfeited. Following the closure of your Account, we will retain and may continue to process your Personal Data as necessary to comply with our legal obligations. Under Malta Gaming Authority (MGA) licensing requirements, we are bound to satisfy a number of statutory obligations, specifically the Prevention of Money Laundering and Funding of Terrorism Regulations (LN 372/2017) Article 13, which obliges us to retain any information stored for a minimum period of five years from the closure of your Account, for the purposes of the prevention, detection, analysis and investigation of money laundering or funding of terrorism activities. After this period has elapsed, your Personal Data will be deleted from our records
5.4 You may update your preferences at any time by accessing your Player Account under ‘My Profile’. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
5.5 You may decline to share certain Personal Data with us, in which case we may not be able to provide to you some or all of the features and functionality of the Service.
5.6 At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law.
5.7 In accordance with Applicable Law, we reserve the right to withhold personal data if disclosing it would adversely affect the rights and freedoms of others. Moreover, we reserve the right to charge a fee for complying with such requests if they are deemed manifestly unfounded or excessive. Genesis may charge a reasonable administrative-cost fee if further copies are requested.
5.8 We may use your personal data for the purposes of automated decision-making when displaying marketing material and personalised advertisements based on your preferences or interests. For instance, we may show you adverts for certain games or VIP/Loyalty program offers depending upon your activity. When such processing takes place, we will request your specific and explicit consent and will always provide you with the option to opt-out.
We may use automated decision-making in order to fulfil obligations imposed by law to which we are subject, in which case we will inform you of any such processing. By way of example, to fulfil our obligations in relation to fraud, tax evasion, suspicious betting pattern reporting, providing alerts for responsible gaming amongst others.
We may also use automated decision-making in the limited instances when this is necessary for entering into, or the performance of, a contract entered between us and the data subject. Decisions on the basis of profiling are not taken automatically without human intervention. Moreover, the process is based on our interest regarding providing customised, quality experience for the players and reward loyalty of the players. You have the right to object to the processing of your personal data for automated purposes at any time by contacting us via firstname.lastname@example.org
7. Minors and Children’s Privacy
Protecting the privacy of minors is especially important. Our Service is not directed to children under the age of 18, and we do not knowingly collect Personal Data from children under the age of 18. If you are under 18 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Data has been collected on the Service from persons under 18 years of age, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has obtained an Account on the Service, then you may alert us at email@example.com and request that we delete your child’s Personal Data from our systems.
8.1 We take appropriate security measures to protect against loss, misuse and unauthorized access, alteration, disclosure, or destruction of your information. Genesis has taken steps to ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services processing personal information, and will restore the availability and access to information in a timely manner in the event of a physical or technical incident.
8.2 Your winnings and cash-outs are kept strictly confidential, and winnings information is stored in secure operating environments. We may offer you the opportunity to appear in promotional material in relation to winnings and we shall request specific permission from you in advance. We do not provide winnings information to any third party unless such information is required to be disclosed by law, regulation or a similar governmental authority.
8.3 No method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or organisational safeguards. If you believe your Personal Data has been compromised, please contact firstname.lastname@example.org.
8.4 If we learn of a security systems breach, we will inform you of the occurrence of the breach in accordance with applicable law.
9. Privacy Settings
Although we may allow you to adjust your privacy settings to limit access to certain Personal Data, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users with whom you may choose to share your information. We cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorized persons. We have taken the necessary steps to protect as much as possible your Personal Information in transit by utilising HTTPS on our Website and TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_128_GCM (a strong cipher).
10. Data Retention
10.1 Although we may allow you to adjust your privacy settings to limit access to certain Personal Data, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users with whom you may choose to share your information. We cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorized persons. We have taken the neccassary steps to protect as much as possible your Personal Information in transit by utilising HTTPS on our Website and TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_128_GCM (a strong cipher).
10.2 We only retain the Personal Data collected from you for as long as your account is active or otherwise for a limited period of time as long as we need it to fulfil the purposes for which we have initially collected it, unless otherwise required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements as follows: For the unregulated jurisdictions in which operate, and subject to us not having a legal or regulatory requirement or a risk management reason for retaining your information for a longer period, your information will not be kept for longer than 7 years post account closure. Please note that we may be required in certain circumstances to retain your information indefinitely (for example under our procedures on responsible gambling and self-exclusion). We will take all necessary steps to ensure that the privacy of information is maintained for the period of retention.
10.3 We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
10.4 In case of the landing page (as described in section 2 above), information will be retained for a minimum period of 12 months reflecting the business needs and legal requirements of Genesis Global Limited.
11. International Transfers
11.2 Should the United Kingdom exit the EEA the personal information for British citizens shall be treated in accordance with GDPR and have the same protections as prior to that exit from the EEA. We must comply with GDPR rules on international transfers of personal data and we may implement standard contractual clauses to ensure safeguards of personal data remain in place for any British entity we share data with.
12. Data Protection Officer
Genesis has appointed a Data Protection Officer (“DPO”) who is responsible for matters relating to privacy and data protection. Genesis Global Limited’s DPO can be reached on: email@example.com
13.1 You can report a concern or file a complaint regarding your privacy or data protection by contacting our data protection officer via firstname.lastname@example.org or at the office of the Information and Data Protection Commissioner Malta via email@example.com.
ANTI SPAM POLICY
Spela is subjected to an Anti-Spam policy called *zero tolerance*. Spela is committed to keep you informed about any changes made to this policy by email or newsletter, if you have subscribed. This means that we do not send out any mass emails including information about our games or promotions. The options to register or to unsubscribe from our email list will always be offered when you register on Spela. Members of our website may use the unsubscribe link to be removed from our mailing lists. Spela also practices a *zero tolerance* policy for the purchase or sale of any email lists. Under no circumstances will we contact customers using purchased third party email lists.