You can drag me around
Swipe up to continue playing
Please enter the phone number which is registered on your Spinz account and we will send a confirmation code to change your password.
At Rootz, transparency is very important to us and we take your privacy extremely seriously. We appreciate that you are trusting us with your personal data and we want to be transparent about how we use it.
Rootz Ltd., acting as data controller, is committed to protecting your Personal Data and processing it in compliance with applicable laws – notably: The Inter-State Treaty on Gambling in Germany 2021 (hereafter: ISTG 2021 – esp. sections 4, 4b, 4c, 6g, 8, 23), the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – the ‘GDPR’, the German Federal Data Protection Act (Bundesdatenschutzgesetz – “BDSG”) and the the German Act on Data Protection in Telecommunications and Telemedia (Telekommunikations- und Telemediendatenschutzgesetzt – “TTDSG”).
This Policy applies to the company and its directly or indirectly controlled wholly-owned subsidiaries conducting business within the European Union (EU), the European Economic Area (EEA) or processing the Personal Data of Data Subjects within the EU/EEA.
In this Privacy Policy, we describe the privacy practices for our applications, software, websites, APIs, products, and services (the “Services”). You will learn about the data we collect, how we use it, the controls we give you over your information and the measures we take to keep it safe.
If you have any questions please contact us at [email protected].
Specifically, in this Privacy Policy we will cover:
Rootz Ltd., a Maltese company with the registration number: C83903 at the Malta Business Registry, collects, processes and retains your Personal Data and provides you with the Services.
The person responsible within the meaning of the General Data Protection Regulation (“GDPR”) and other national data protection laws of the member states as well as other data protection provisions for determining the purposes and means of the processing of Personal Data (“data controller”) is:
Rootz LTD., Ewropa Business Centre, Level 3 - 701, Dun Karm Street, Birkirkara BKR 9034, Malta, E-Mail: [email protected].
If you are seeking to exercise any of your statutory rights, please contact our Data Protection Officer on [email protected] through physical mail on:
Rootz LTD.
c/o Data Protection Officer
Ewropa Business Centre
Level 3 - 701, Dun Karm Street
Birkirkara BKR 9034
Malta
2.1. “Personal Data” means any information, by which the Data Subject may be personally identified or may be identifiable, including, but not limited to, the first name, surname, maiden name, email address, home address, telephone number, mobile phone number, date of birth, place of birth, governmental ID information, electronic location information and electronic device information – this covers the passport/license-number of the device, and the IP address.
2.2. By utilising our Services, you acknowledge that you have read, and agree to, the terms of this Privacy Policy and that you consent to the use of your Personal Data by the Rootz Ltd. for the purposes set out in section 3 of this Privacy Policy. If you do not wish to provide your Personal Data on the basis set out in this Privacy Policy, you should not enter the relevant information on the Website or provide your Personal Data to us otherwise. However, if you do not provide your Personal Data, you may not be able to use all of the Services.
The following terms “Anonymisation”, “Controller”, “Processor”, “Data Subject”, “Data Portability”, “Personal Data”, “Processed/Processing”, “Pseudonymisation”, “Cross-Border processing of Personal Data” and “Supervisory Authority” used in this document shall have the same meaning as in the GDPR;
“Visitor” means an individual, other than a user, who uses the public area, but has no access to the restricted areas of the Site or Service, which may only be used with a player account.
This Policy is based on the following GDPR principles:
In the following, we outline the scope of and the legal basis for the processing of your Personal Data and provide information on the retention period.
We need to process your Personal Data in order to provide you with our Services.
As a matter of principle, we process Personal Data of our users only insofar, as this is necessary for the provision of a functional website and our content and services. The processing of Personal Data of our users is regularly done only with the consent of the user. An exception applies in cases, where it is not possible to obtain prior consent for factual reasons, and, the processing of the Personal Data is necessary to perform our contractual obligations or is permitted or even required by legal provisions.
Insofar as we obtain the consent of the data subject for the processing of Personal Data, Art. 6 par. 1 sent. 1 lit. a) GDPR serves as the legal basis.
When processing Personal Data that is necessary for the performance of a contract, to which the data subject is a party, Art. 6 par. 1 sent. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of Personal Data is necessary for the fulfilment of a legal obligation, to which our company is subject, Art. 6 par. 1 sent. 1 lit. c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of Personal Data, Art. 6 par. 1 sent. 1 lit. d) GDPR serves as the legal basis.
If the data processing is necessary for the performance of tasks, which are in the public interest, or take place in the exercise of public authority, with which the controller has been empowered, then Art. 6 par. 1 sent. 1 lit. e) GDPR will be the legal basis.
If the data processing is necessary to protect a legitimate interest of our company or of a third party, and, if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned legitimate interest of the company or of the third party, then Art. 6 par. 1 sent. 1 lit. f GDPR will serve as the legal basis for the data processing.
We will only retain your Personal Data for as long as this is necessary for the purposes identified in this privacy policy. In accordance with our internal data management policy, we will delete any Personal Data that we no longer need for the purposes, for which it was collected. This does not apply, if we are subject to a legal obligation to retain data for a longer period of time. For example, we are obliged by commercial and tax law to retain your master data, game participation data and payment data for a period of six to max. ten years.
In accordance with money laundering regulations, we are obliged to retain your Personal Data, which we have collected to fulfil our customer due diligence obligations, for a period of five years beginning with then end of the year, in which your player account has been closed, and your transaction data and monitoring results for a period of five years beginning with the end of the year, in which the data has been collected. According to sec. 6g par. 1 ISTG 2021, we are obliged to retain all of your personal data for a period of five years beginning with the closing of your player account.
When you close your account with us, the account will be marked as “closed” and the Personal Data associated with it will be held securely and processed only for the legally specified purposes until the legal retention period has expired. Subsequently, this data will be destroyed in a secure manner. For further information on retention periods, please see our Customer Data Retention Policy.
In the case of a mere informational visit of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the Personal Data that your browser transmits to our server.
We do this so that we can better understand the individuals, who visit our websites, and to help us identify, where there are problems, security issues or things going wrong for visitors to the site. We do this by using technical programmes and functionality cookies. When we process information in this way, it is necessary for the legitimate interests of Spinz to ensure that we provide an enjoyable, secure and smooth customer journey and that we protect the product from abuse that could compromise other users’ ability to use the service. Read more about this in our Cookie Policy. Each time a visitor accesses our website, our system automatically collects log-file-data and information from the computer system of the calling computer, which is technically necessary for us to display to you our website and to ensure its stability and security:
The following data is collected in this process:
This data is also stored in the log files of our system. This data is not stored together with other Personal Data of the user.
The legal basis for the temporary storage of the data and the log files is Art. 6 par. 1 f GDPR.
The temporary storage of the IP address and/or other personal data such as the passport/license-number of the device by the system is necessary to enable the delivery of the website to the user’s computer/device. For this purpose, the user’s IP address and/or other personal data such as the passport/license-number of the device must remain stored for the duration of the session.
These purposes are covered by our legitimate interest in the data processing according to Art. 6 par. 1 f GDPR.
In case of the storage of personal data in log files, this is the case after seven days at the very latest. A storage beyond this period is possible. In this case, the IP addresses and/or any further personal data of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
The collection of the aforementioned data for the provision of the website and the storage of the personal data in log files is strictly necessary for the operation of the website. Consequently, there is no possibility for the user to object.
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the internet browser on the user’s computer/device system. When a user calls up a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is opened again. Cookies can make the web more useful by storing information about your preferences on particular sites, thus enabling website owners to provide more useful features for their users. They contain no name or address information or any information that will enable anyone to contact you via telephone, e-mail or any other means. Most browsers are initially set to accept cookies. If you prefer, you can set your browser to disable cookies or inform you when they are set.
Please refer to our Cookie Policy to find out more on which exact cookies are used on our website and what type of cookie is involved in each case.
Spinz web pages may contain electronic images, known as web beacons or spotlight tags.
Web beacons (also known as pixel tags or clear GIFs) are small graphic files used in connection with the provision of our services and are usually used in conjunction with cookies to track the use of an online service.
These enable Spinz to count users who have visited certain pages on our website. Web beacons and spotlight tags are not used by us to access your personal information, they are simply a tool we use to analyse which web pages customers view, in an aggregated manner.
When calling up our website, the user is informed about the use of functionality related, but not strictly necessary cookies, of performance cookies, of advertising cookies, of all third party cookies and his or her consent to the processing of Personal Data used in this context is obtained. In this context, a reference to this data protection declaration is also made. A website-visitor may choose, which cookies he/she wants to allow by enabling such cookies in the cookie-settings offered when the user accesses our website.
On our website, you have the possibility to subscribe to Marketing Communication. When registering with a double-opt-in-procedure for the granting of your consent to the receipt of the marketing communications, the complete data from the registration mask is transmitted to us, i.e.:
In addition, the following data is collected during the double-opt-in-procedure: (1) IP address of the calling computer; (2) Date and time of registration.
Moreover, we will not only gather your consent to the receipt of marketing communications by way of the double-opt-in-procedure, but in this course will also ask you for your consent that we may undertake an OASIS-request to ensure that there is no player-exclusion stored in OASIS for you. We are legally obliged to undertake such an OASIS request prior to the sending of newsletters by law according to sec. 5 par. 5 sent. 2 and 3 ISTG 2021. In connection with the data processing for the dispatch of newsletters, the data will not be passed on to third parties (except for the OASIS-request, to which you need to grant your consent). The data is used exclusively for sending out marketing communications.
The legal basis for the processing of your personal data after your subscription for the newsletter is, if you have given your consent, Art. 6 par. 1 sent. 1 lit. a) GDPR. The same applies to the data processing for the OASIS-request. Moreover, Art. 6 par. 1 sent. 1 lit. c) GDPR serves as a legal basis for the undertaking of this request, since we are legally obliged to do so by sec. 5 par. 5 sent. 2 and 3 ISTG 2021.
The collection of the user’s e-mail is used to deliver the marketing communication.
The collection of other Personal Data within the scope of the subscription process is required for the OASIS-request and serves to prevent a misuse of the services or of the e-mail used.
The data is deleted as soon as it is no longer required to achieve the purpose, for which it was collected. The user’s email address and further personal data is therefore stored for the purpose of marketing communications as long as the subscription is active.
The subscription can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found. Moreover, the consent will be deemed to be withdrawn, if a long-term player-exclusion (of at least three months) is inserted in OASIS. After the deletion of such a long-term player-exclusion in OASIS; a new consent must be granted for the receipt of marketing communications as well as for the undertaking of the OASIS-request.
7.1 Description and scope of the data processing in case of the registration of a player account and a subsequent undertaking of transactions and of a game participation.
When you register for an account with Spinz, you enter into a contract with us, as set out in our Terms and Conditions.
On our website, we offer users the opportunity to register a player account by providing Personal Data in order to participate in the games offered on our website. The data is entered into an input mask and is transmitted to us and stored.
The following personal data is collected during the registration process:
We use the above personal data to:
We also use segmentation to split our players into groups based on their gaming behaviour. We do this to help us understand how people use the product and to help us develop our marketing approach, including bonuses and promotions.
Furthermore, in order to comply with our statutory obligations arising of sec. 6a ISTG 2021, of the money laundering laws applicable both in Germany and the EU and youth protection laws, we are obliged to verify the following Personal Data provided by you during the registration upon the opening a player account, which serves to verify your identity and your age (‘Know Your Customer’ process, hereafter: KYC) :
We also ask you to provide your mobile phone number for identity verification purposes.
For the identity verification, we may use third party KYC-services providers, which act as our data processors in this case, and therefore have an according data processing agreement in place with us, and are of course bound to keep your Personal Data confidential. They will only process your Personal Data as requested by us.
In order to participate in the Services offered on our website, you first have to make a deposit into your player account in order to have the money for the placement of stakes for a game participation. With such deposits, we collect and process your payment information:
Moreover, we are legally obliged by sec. 6b par. 4 ISTG 2021 to verify that the payment accounts used by you are also operated in your name. For this purpose, we will obtain the name of the account owner from the bank/e-wallet-provider and will compare this name to the player name registered for your account. In case of a bank transfer or direct debit, we will obtain the name of the account owner with the transaction information provided by your bank. In case of the use of one of the payment initiation services, the latter will obtain the name of the bank account owner from the online-banking account used for the transaction and will pass-on this name to us. In case of a use of one of the e-wallets, we will obtain the name of the account-owner from the e-wallet-providers.
In case of credit card payments, we are only obliged to verify the identity of the card-owner with the player in case of transactions exceeding EUR 25 or EUR 100 in case of several transactions per calendar month. Therefore, Spinz will enforce the 3D-secure-procedure for all credit card payments exceeding those thresholds. Moreover, we will request you to provide us with a copy of your credit card in order to verify that it is issued in your name. We will ask you to blacken the two middle 4-digit-blocks prior to the filing of the credit card copy, since it is not possible for us to store your complete credit card number due to the GPDR, wherefore the two middle 4-digit-blocks need to be blackened.
Further, we use card-acquiring services for credit card payments (Visa and MasterCard). Moreover, Rootz has outsourced the processing of payment card payments to a payment gateway and external “card vault” provider. In addition, the credit card fields displayed on our checkout page are hosted by the provider instead of by Rootz. Therefore, Rootz at no time stores or even comes into contact with complete credit card data. Therefore not us (Rootz), but rather only the payment gateway and external “card vault” provider the aforementioned acquirers will obtain and process your credit card information for the processing of your credit card transactions. The provider is PCI-DSS (= payment card industry data security standard) certified. Besides the payment gateway and card vault-agreement, we also have a data processing-agreement in place with the provider, which regulates the handling of the Personal Data of the card paying players.
We also use a payment gateway for some of the payment methods offered for deposits and withdrawals. This means that those payment methods are integrated into our platform via an API to the payment platform of the provider, which means that your payments and payment data are processed via their platform.
With regard to the processing of your Personal Data for withdrawals, the same applies as to the processing of your Personal Data for deposits.
In order for you to participate in the games offered on our website, we process the following Personal Data:
Pursuant to the legal requirements applicable in Germany (see Section 6c (1) Inter-State Treaty on Gambling 2021), the player must be requested during the registration process to determine an individual monthly cross-operator deposit limit or to indicate that an already set individual monthly cross-operator deposit limit is to be retained unchanged. The competent authority maintains a central limit monitoring file (“limit file”) to monitor the cross-operator deposit limit. Whenever the cross-operator deposit limit is determined or changed, we as operators must transmit the following Personal Data of the player as well as the amount of the new deposit limit to the limit file, which we collect and process for this purpose:
Prior to the completion of each deposit transaction, we as operator must transmit to the limit file the data required for the clear identification of the player as well as the amount of the deposit intended by the player.
Pursuant to the legal requirements applicable in Germany (see Section 6h ISTG 2021), a parallel game participation in public games of chance with several operators by a player is prohibited. In order to prevent cross-operator parallel gaming on the Internet, the competent authority maintains an activity-file with the following Personal Data, which we collect and process for this purpose:
We may only allow a player to participate in public games of chance on the Internet, if we have previously transmitted the aforementioned Personal Data as well as the information that the player is to be set active in the file, and, if we have not immediately been informed back that the player is already set active in the file.
Operators of sports bets, online casino games, online poker games and virtual slot machine games on the internet are obliged to implement and operate a technical system for the safe server at their own expense, which accurately records all data required for the implementation of gambling supervision. This obligation requires operators to store the aforementioned data digitally in a non-modifiable manner and to enable electronic control at any time, including an immediate access by the competent supervisory authority. The Personal Data must be pseudonymised, whereby it shall remain recognisable for the supervisory authority, which transactions and game participations stored in the safe-server concern the same player (see sec. 6i par. 2 ISTG 2021). For the safe server, the following data of the players (if applicable, pseudonymised by the player ID) are processed:
Pursuant to the legal requirements applicable in Germany (see Section 6i (1) ISTG 2021), we must use an automated system based on scientific findings and algorithms for the early detection of players at risk of gambling addiction and of gambling addicted players. The system for the early detection of (a risk of) gambling addiction evaluates the data recorded on the gambling account and is updated regularly. For this purpose, we collect and process the following Personal Data:
Moreover, we monitor your transactions and your game participations for the purpose of a prevention of money laundering, terrorist financing, fraud and other misuse of our offers. For this purpose, especially the following Personal Data is monitored and processed:
For the protection of players and to combat gambling addiction, a central blocking file is maintained across all forms of gambling in Germany (see Section 8 and Section 23 ISTG 2021). Banned players may not participate in public games of chance.
We are obliged to identify persons willing to play by checking an official identity document or a comparable identity check and to carry out a reconciliation with the central blocking file.
The identity verification is carried out prior to the reconciliation by means of suitable technical procedures (see above). The reconciliation with OASIS is done at the time, when the reconciliation with the cross-operator activity file is undertaken pursuant to Section 7.1.4.6 above. We transmit the following Personal Data to the central player-exclusion file (OASIS) for this purpose of the ensuring of an exclusion of blocked players from a game-participation:
On our site, wherever you can participate in our Services, there is a “Panic Button”. If you click on this Panic Button, this will result in a game interruption of 24 hours (cool down period). During this cooling off period, your player account will be disabled and you will not be able to log into it. It is mandatory for Rootz to enter the 24-hour gaming pause after a use of the Panic Button into the central player blocking file OASIS, so that it subsequently applies not only to our website, but to all online gambling sites connected to OASIS. For the insertion of this 24 hours gaming break into OASIS, Rootz will transmit the following Personal Data to OASIS:
Another exclusion-option is that you exclude yourself from using our and all other online gambling services on a long-term basis. They will then enter the requested self-exclusion into OASIS, so that you are subsequently blocked not only on our site, but also for all online gambling sites that are connected to OASIS. For the insertion of such a long-term-self-exclusion into OASIS, Rootz will transmit the following Personal Data to OASIS:
Such a long-term self-exclusion does not expire automatically, even if you have requested an exclusion for a specific period. A written deletion request from you is always required to remove such a long-term self-exclusion. You can either send this cancellation request to us or directly to OASIS. If you submit the cancellation request to us, we will immediately forward it to OASIS. The cancellation request requires the same Personal Data as was necessary for the insertion of the exclusion into OASIS, wherefore we will re-submit the same data as has been submitted for the insertion of the exclusion to OASIS, if you send the cancellation-request to us and we will forward it to OASIS.
In addition to the possibility of entering a self-exclusion into OASIS, Rootz also has to enter so-called third-party-exclusions into OASIS, if Rootz knows, based on the perception of its staff or based on reports from third parties, or must assume based on other factual indications, that a player is at risk of gambling addiction or is over-indebted, does not meet his/her financial obligations or risks gambling stakes that are disproportionate to his/her income or assets. Before such a third-party block is entered into OASIS, the player concerned must be given an opportunity to comment on it. Rootz will set you a specific deadline for this statement. For the granting of the possibility to submit such a statement to us, Rootz will process your contact details (your email-address and/or (as the case may be) your postal address). If you do not comment on the planned third-party exclusion within the set time limit, Rootz will insert it into OASIS. Otherwise, Rootz will evaluate your statement according to its own dutiful discretion and then decide on the registration of the third-party exclusion. If a third-party-blocking is registered at OASIS, Rootz transmits the same Personal Data to OASIS as for a self-exclusion (see above). Moreover, Spinz will inform you immediately about the insertion of the third-party-blocking and will again use your (aforementioned) contact details for the provision of this information.
Here, too, you can apply for the exclusion to be lifted at the earliest after this minimum exclusion period has expired. For this cancellation request, the same Personal Data will be processed, as for the insertion of the third-party-exclusion into OASIS, wherefore we will re-submit the same data as has been submitted for the insertion of the exclusion to OASIS, if you send the cancellation-request to us, and we will forward it to OASIS. If the third-party exclusion is based on the notification of third parties, they will be informed about your request for a deletion and the possibility to apply for a new third-party ban. For this information, the same Personal Data is provided to the third party, on whose request the exclusion was registered, as was inserted into OASIS for the exclusion (see above).
If you use our live-chat, we process the following Personal Data:
To ensure a good quality of our customer-service, we may monitor any communication you have with us, whether in writing or by electronic mail or via the live-chat (“recordings”). Such recordings will only and exclusively be used for the purposes of a quality control and to ensure that your matter is dealt with adequately. The storage of the recordings is based on our justified legal interest.
The data collection and processing described above is carried out for the purposes already described, and summarised again below and is assigned to the corresponding legal basis:
Pursuant to Art. 6 para. 1a GDPR based on the data subject’s consent to the processing of his or her Personal Data in order to carry out market research campaigns and to keep you informed on offers and promotions in relation to our products and services as well as to undertake the necessary OASIS-request prior to sending you any marketing-materials;
Pursuant to Art. 6 para. 1b GDPR for the performance of contractual obligations or for the performance of pre-contractual measures: for setting up, administering and managing your account, for the processing of your deposits and withdrawals, for the processing of your service orders - inter alia, for the verification of your identity, for the execution of your game participations, the collection of your stakes, for the distribution of winnings and in order to be able to offer you a customer service, for correspondence with you and to notify you of updates to the software and/or the Services or otherwise to provide you with information about and support for the Services, including changes to the Services, technical updates and changes to the T&Cs, for the settlement of claims by you or by us, to ensure the technical administration of our website and to manage our customer data; to enable you to communicate with other players;
Pursuant to Art. 6 para. 1b and c GDPR for the fulfilment of contractual obligations as well as for the compliance with legal obligations, to which we are subject: to send you important e-mails with information about the use of our software and our website as well as the services offered there, current information about technical problems or matters in connection with our legal or regulatory obligations; and especially to ensure that we fulfil all our regulatory and licence obligations;
Pursuant to Art. 6 para. 1c GDPR for the compliance with legal obligations to which we are subject or pursuant to Art. 6 para. 1e GDPR for the performance of a task carried out in the public interest: to protect you and us (including our affiliates) from fraud and tampering, for identity and age verification purposes (to comply with legal requirements for the protection of minors and to prevent money laundering and terrorist financing), to meet our payment method verification and payment transparency obligations to prevent money laundering and terrorist financing, as well as to meet the player protection requirements that form part of our licence obligations, which includes, in particular, the aforementioned cross-operator deposit limit, the cross-operator activity file, the use of an automated system for an early detection of gambling addiction and the undertaking of status requests at and the insertion of blockings into the central blocking file (OASIS); to fulfil our regulatory and licence obligations and to enforce the territorial restriction of our licence in order to determine your current location; investigate and assist in the investigation of suspected unlawful, fraudulent or other improper activity connected with the Services, including, where appropriate, dealing with requests from authorized entities/authorities for the disclosure/sharing of information;
Pursuant to Art. 6 para. 1f GDPR to protect our legitimate interests, in particular: to assert or exercise legal rights or claims that we have against you or, to defend ourselves against legal claims asserted by you; to maintain the network and information security - including the prevention of unauthorised accesses to our electronic communications network; for statistical analysis and research and development purposes; as well as for the improvement and further development of our offers.
As a user, you have the option to cancel your registration at any time. You can have the data stored about you changed at any time. If the data is required for the fulfilment of a contract, for the implementation of pre-contractual measures or the compliance with regulatory and/or licence requirements, an early deletion of the data is only possible insofar as contractual or legal obligations do not prevent the deletion. The ISTG 2021 obliges Rootz to retain your Personal Data for A period of five years beginning with the closure of your player account. AML-legislation, tax laws and/or commercial laws applicable to may require even longer storage periods – see already above thereon in section 3.3.
(1) Obtaining of a consent for marketing purposes Without prejudice to the foregoing, we separately request your consent to use your Personal Data for marketing purposes, in particular for:
(2) Right of withdrawal You have the right to withdraw your consent to the uses described above at any time, Art. 7 par. 3 GDPR, by following the “unsubscribe” instructions at the end of each newsletter or by sending an email without content but with the word “Remove” in the subject line to our Customer Support at [email protected].
In this case, we will immediately remove your information from our marketing distribution lists and from any future lists we may share with our marketing partners. The revocation of your consent does not affect the lawfulness of the data processed until the revocation.
Your consent will be deemed to have been withdrawn, if there is a player-exclusion inserted for you in OASIS. According to sec. 5 par. 5 sent. 4 ISTG 2021, players, who are excluded in OASIS, have to re-grant their consent to the receipt of marketing communication and to the undertaking of status-requests for them prior to the sending of marketing communication after the deletion of their exclusion in OASIS.
(3) Deletion without revocation If you do not revoke your consent, your Personal Data processed for the purposes described above will be deleted in accordance with the deletion periods.
If you choose to delete your account, as the case may be, we may be obliged by law to retain your master, transaction and game play data, see above in sec. 3.3. In this case, the data will be kept separately from our active player data base and secured to ensure that the data is only and exclusively maintained for the purposes described in the statutory retention regulations.
If your Personal Data is processed, you are a data subject within the meaning of the GDPR, wherefore you have the rights established vis-à-vis the controller and outlined in detail below.
You may request a confirmation from us as the data controller as to whether Personal Data relating to you is being processed by us or not.
If there is such data processing, you can request any information from us as the data controller in relation to the services provided and the personal data processed within the context of the services and we will reply within thirty days.
You have a right to a rectification and/or completion vis-à-vis the controller, if the Personal Data processed concerning you is inaccurate or incomplete. The controller must make the rectification and/or completion without undue delay.
You may request the controller to erase the Personal Data concerning you without undue delay and the controller is obliged to erase such data without undue delay, unless the erasure of Personal Data is necessary to comply with a legal obligation to which the controller is subject.
If the controller has made the Personal Data concerning you public and is obliged to erase it pursuant to Art. 17 para. 1 GDPR, the controller shall take the necessary steps, taking into account the available technology and the costs for implementation measures, including those of a technical nature, to inform the party responsible for the processing of the Personal Data and who processes the data, that you, as the data subject, request the erasure of all links to such Personal Data or copies or replications of such Personal Data.
You may request the restriction of the processing of Personal Data concerning you under the following conditions:
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
If you have asserted the right to a rectification, erasure or restriction of the processing against the controller, the controller is obliged to inform all recipients, to whom the Personal Data concerning you have been disclosed, of this rectification or erasure of the data or the restriction of the processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed by the controller about these recipients.
You have the right to receive the Personal Data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance by the controller, to whom the Personal Data was provided, provided that (1) the processing is based on a consent pursuant to Art. 6 par. 1a GDPR or Art. 9 par. 2a GDPR or on a contract pursuant to Art. 6 par. 1b GDPR and (2) the processing is carried out with the help of automated processes.
In exercising this right, you also have the right to have the Personal Data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons. The right to a data portability does not apply to the processing of Personal Data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 par. 1 sent. 1e GDPR).
You have the right to object at any time, on grounds relating to your particular situation, to the processing of Personal Data concerning you, which is carried out on the basis of Article 6 par. 1e or f GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the Personal Data concerning you, unless it can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If the Personal Data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of Personal Data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the Personal Data concerning you will no longer be processed for these purposes. You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures involving the use of technical specifications.
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation (see also above in sec. 8 of this privacy policy).
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects vis-à-vis you, or similarly significantly affects you.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place where the alleged infringement has taken place, if you consider that the processing of your Personal Data is in breach of the GDPR.
You may execute the rights outlined in sec. 9.1 to 9.9 above according to Art. 15 to Art. 22 GDPR by sending an email to our data protection officer under the following email-address: [email protected] or by sending us a letter in paper form via regular post to our business-address:
Ewropa Business Centre, Level 3
701, Dun Karm Street
Birkirkara BKR 9034
Malta
and/or as otherwise described in the foregoing. In your request, please provide:
We may request that you provide us with identity documents so that we can verify your identity to ensure that the requests really originate from you. We will carry out your request, to the extent that it is possible to do so.
10.1 Except as described in this Policy, we will not disclose the Personal Data that we collect and/or retain on the Service to third parties without your prior explicit consent.
10.2 In some cases, we use external service providers (order processors or third parties) to process your Personal Data. These have been carefully selected and commissioned by us. If they are data processors on commission, the service providers are bound by our instructions and are regularly audited. In all cases, where data is transferred, we always ensure that an appropriate contract is in place with the data recipients to ensure that the transferred data is transferred in a secure manner and that we only transfer the minimum amount of Personal Data required. Under no circumstances do we sell your data to third parties.
10.3 We work with the following data processors and/or third parties and may share your Personal Data with them as necessary:
10.4 Occasionally, we receive a request from law enforcement, regulatory and supervisory authorities to disclose data about players. We will always ensure that the entity requesting the information has the appropriate legal basis to do so and, in any event, will only disclose the minimum amount of information required in a secure manner. We will also disclose your personal information to law enforcement, regulatory and supervisory authorities, if we believe that a criminal offence has been committed or may be committed.
10.5 We shall keep the Data Subjects informed and ensure that these trusted partners and/or third parties will abide with the mandatory data protection measures. During such data transmission, we shall take all appropriate organizational, technical and legal protection measures. Any Personal Data transfers outside the EU/EEA will follow procedure as described in section 15.
11.1 We take appropriate technical and organizational security measures to protect our customers’ data against loss, misuse and unauthorized access, alteration, disclosure, or destruction of your information. Rootz has taken steps to ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services processing Personal Data, and will restore the availability and access to information in a timely manner in the event of a physical or technical incident.
11.2 Your winnings and cash-outs are kept strictly confidential, and winnings information is stored in secure operating environments. We do not provide winnings information to any third party, unless such information is required to be disclosed by law, regulation or a similar governmental authority.
11.3 No method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service. However, we shall ensure that adequate technical and organizational security mechanisms designed to protect Personal Data will be used to prevent Personal Data from being stolen, misused or abused, and to prevent Personal Data breaches. If you believe your Personal Data has been compromised, please contact us: [email protected].
Although we may allow you to adjust your privacy settings to limit access to certain Personal Data, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users, with whom you may choose to share your information. We cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorized persons. We have taken the necessary steps to protect as much as possible your Personal Data in transit by utilising adequate safeguards and security measures.
Wherever possible, Rootz keeps your information within the European Economic Area (EEA). However, in some circumstances your information may have to leave the EEA, such as when we work with third parties. Rootz always makes sure that any transfers outside of Europe are carried out in line with this Privacy Policy and in accordance with the GDPR (Art. 45 and 46) and other applicable laws.
As the Company evolves, there may be the need to update this Policy to keep pace with changes to the website, software, services, business and Applicable Laws from time to time. This may become necessary in particular due to further developments of our website and the offers made via it or due to changes in legal or official requirements. Modifications shall take effect immediately after publication on our site. We recommend that you check this Privacy Policy from time to time to ensure that you are aware of the current version and any changes we may make.
We will be happy to provide you with further information on how we protect and use your Personal Data. Please contact the support team at [email protected].
You can also obtain helpful information on the subject of data protection and privacy from the Office of the Federal Commissioner for Data Protection and Freedom of Information.
If you have questions regarding the processing of your Personal Data, you can contact us at:
Data Protection Officer
Email: [email protected]
Company Address:
Rootz Ltd
Ewropa Business Centre, Level 3
701, Dun Karm Street
Birkirkara BKR 9034
Malta
If there are any conflicts or inconsistencies between the translated versions of this privacy notice, the German version will prevail.