Privacy & Data Policy

Privacy Notice dated 14.10.2024

Introduction

This Privacy Notice (“Notice”) sets out how Funstage GmbH registered in Austria with company registration number 258215d and business address at Wiedner Hauptstraße 94, 1050 Vienna, Austria, (“Company, “we” “us” or “our”) collects and processes the Player’s personal data through the websites www.mx010.vip, lotto6855.com and mobile application Slotpark (“Website/Apps”). Personal data means any information from which the user (“you”, “your”) can be directly or indirectly identified such as a name, location, online identifier, gender, financial data, etc., (“Personal Data”). This Notice provides you also with an overview of your rights related to the processing of this Personal Data.

You should read this Notice carefully before using our Website/Apps. If you use or register via the Website/Apps, or submit a query to us via the Website/Apps or other means, including telephone or email, you accept this Notice.

This Privacy Notice applies to all users of our services worldwide. It is formulated in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (“GDPR”) and the Austrian Data Protection Act (Datenschutzgesetz). As a company based in Austria, we comply with these regulations. In addition, we adhere to relevant data protection laws in other jurisdictions where our services are available.

We are highly committed to preserving your privacy and delivering secure and legally compliant services. This Policy has the following sections:

• Who controls the data i.e., who is the data controller?
• How can I send queries on personal data protection?
• What kind of Personal Data does the Company process?
• For what purposes is Personal Data processed?
• On what legal basis is Personal Data processed?
• What is the data retention period?
• Security and privacy measures
• Who can access the Personal Data?
• Is Personal Data transferred abroad?
• What are the Users’ rights on Personal Data?
• Notice modifications

Who controls the data, i.e., who is the data controller?

The Company controls the processing of your Personal Data and is therefore the data controller. This activity is supervised by the Austrian Data Protection Authority.

How can I send queries on personal data protection?

Please read first our FAQ Section and this Notice. In all cases, you can send the queries related to this Policy to the following email address support@mx010.vip. Our support teams and Data Protection Officer (DPO) shall address them with due attention.

What kind of Personal Data does the Company process?

Depending on your activities and services chosen on the Website/Apps, we shall process all or part of the following data:

• Data provided by you during the creation of the account. They may include, but are not limited to: nickname, email address;
• Website/Apps activity data, that may include but are not limited to: device information, source and destination data, nickname, user ID, account nickname and password, gaming transactions, online payments data, data provided to customer services (including emails and phone calls);
• Data that may be provided by government authorities or authorised third party companies in order for us to deliver the GT&C, fulfill regulatory obligations and exercise our legal rights; and
• Data collected via cookies when using the Website/ Apps, including in log-out mode. For more information about cookies and how to manage them please see our Cookie Policy;
• Data provided by third parties who’ve obtained in advance your permission to share the data with us for certain services e.g., social media or various mobile applications (where applicable);

We may allow the Website/Apps users to play as guests, also known as the “try-mode”. These accounts involve a very limited amount of data such as device information and tokens. The users may decide to convert the try-mode into a user account by completing the registration process.

For what purposes is the Personal Data processed?

We process your data for the following purposes:

1. To administer the Website/Apps, including setting up and operating your account;
2. To ensure the accuracy of your data for the purposes of age verification, preventing fraud, cheating, reducing business risks and protecting the integrity of our games. These activities will include a degree of semi-automatic profiling, based on your registration and gaming activity data;
3. To fulfill the provisions contained in the Website/Apps GT&C;
4. To process online payments with third party payment providers and/or financial institutions;
5. To provide you with customer support, including (where applicable) telephone support;
6. To comply with applicable laws, regulatory obligations or respond to requests from government authorities. These obligations are mainly set in financial, anti-fraud and responsible gaming guidelines. These activities may include a degree of semi-automatic profiling, based on your registration and gaming activity data;
7. To protect our rights, including those of our related parties. In some cases, we may believe that it is necessary, including in good faith, to record and disclose data to: (i) protect, enforce, or defend our legal rights, privacy, safety or property, (ii) protect your and public safety, privacy and security, or (iii) for business risk management;
8. To improve the user experience, services and features provided by the Website/Apps. This may include VIP-program communication, research, surveys, asking for your optional feedback, internal training and Affiliates services;
9. To complete potential merger or sale of assets. If we sell all or part of the business or assets, or are involved in a merger or transfer, we may disclose and transfer your data to the other party(s);
10. To provide customised marketing communications in line with your interests and expectations. These are based on registration and gaming activity data; and
11. To provide direct marketing communications that are of (i) generic nature or partially based on your gambling journey and/or (ii) customised via: email, instant messages, and where applicable, chats, SMS and telephone.

On what legal basis is the Personal Data processed?

• Processing for purposes (1) to (5) above is necessary for the proper execution of our Website/Apps T&C (the performance of the contract or in order to take steps prior to entering into a contract (legal basis pursuant to Article 6 (1) (b) of the GDPR)). The provision of Personal Data is therefore mandatory as otherwise our services could not be provided and you would not be able to enjoy the entertainment experience of our Website/App;
• Processing for purpose (6) above is necessary for compliance with our legal obligations arising under applicable law (legal basis pursuant to Article 6 (1) (c) of the GDPR) and is therefore also mandatory;
• Processing for purposes (7) to (9) is based on our legitimate interest (legal basis pursuant to Article 6 (1) (f) of the GDPR), which includes business risk management and protection of our product’s integrity, effective information of players about their newly unlocked benefits as well as about new exclusive offers and account features, the development of the Company’s reputation and attractiveness in the eyes of its players and proper rewarding of loyal players. These legitimate interests are the result of an assessment of legitimate interests. These assessments are conducted whenever we want to review whether we can rely on a legitimate interest for a processing activity. We always make sure we review whether such activities are adequately balanced with your interests and make sure that the data processing is performed within the limits strictly necessary for these activities. You can object to this processing at any time as provided in this Notice, but please note that refusal would mean that you would not be able to obtain information on your newly unlocked benefits, privileges, special contents, and exclusive offers;
• Processing for purposes (10) and (11) is optional and based on your consent (legal basis pursuant to Article 1 (1) (a) of the GDPR). Without your consent we shall not provide customised marketing communications.

What is the data retention period?

These periods and criteria will apply, unless a different period is required or permitted by law, or we have reasonable belief that it is necessary:

• Data collected for purposes (1) to (9) is retained during the provision of our services through the Website/Apps. You have the right to revoke your contract of account registration without providing any reason. Upon such revocation, we will process your personal data in accordance with the relevant data protection laws, ensuring that any data retained is only for the purpose of fulfilling legal obligations or resolving disputes.
• Data collected for purpose (10) and (11) is retained during the implementation of the Website/Apps T&C and/or until you have withdrawn your consent.

Security and privacy measures

We process the Personal Data using partially or fully automated electronic means and protect it with adequate security measures. The activities that may produce significant legal repercussions, such as decisions based on profiling, always involve human intervention and/or a final decision by a human. We use appropriate legal, administrative, technical, personnel and physical measures to safeguard the data against loss, theft and unauthorised use, disclosure and modification.

The Website/Apps may contain links to and from partner networks or third-party websites/apps. If you follow a link to any of these websites/apps, please note that they have their own privacy policies and terms. We do not accept any responsibility for their content. Please check such policies and terms before accepting and submitting any information to them.

Who can access the Personal Data?

The data can be processed by recipients located within or outside of the European Economic Area (EEA) in compliance with these limits:

• Our employees who are responsible for processing and safekeeping of the data;
• Our parent company, some sister companies and third-party providers which offer the T&C services, e.g., for payments and marketing services or services within our legitimate interests. This may include their employees, associates, agents, subcontractors and product providers. Such transfer is always subject to a respective data processing agreement;
• Public authorities to which we provide the necessary data to comply with our legal obligations. This may involve the reporting of suspicions of fraudulent or criminal activity and responsible gaming cases to relevant authorities or other authorised third parties.

Third parties access to your data is limited only to the information necessary to perform their function on our behalf or as required by law. They shall be made subject to confidentiality and data protection obligations provided by law and as considered necessary by us.

You can contact us in case you need further information on the data processors.

Is Personal Data transferred abroad?

We shall not transfer your data outside the EEA unless there are appropriate safeguards in place.

Some non-EEA countries are recognised by the European Commission (EC) as providing an adequate level of data protection. The list of these countries is available at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

For transfers from the EEA to countries not considered adequate by the EC, the Company will put in place appropriate and suitable safeguards to protect the Personal Data and in compliance with the applicable data protection laws, such as standard contractual clauses adopted by the EC as per the GDPR.

Your data may be processed outside of the EEA to deliver some of the Website/Apps services:

• Some data may be processed in the USA, depending on the payment provider chosen by you and activities undertaken by the payment provider. These transfers not covered by an adequacy decision are safeguarded by standard contractual clauses adopted by the EC as per the GDPR.

You can contact us in case you need further information.

What are the Users’ rights on Personal Data?

You can at any time:

• Obtain confirmation of the existence of personal data. This information is primarily provided in your account;
• Know the origin, purposes and method of data processing and the logic applied to electronic processing. This information is provided in this Notice and when you use the Website/Apps features.
• Request an update, correction or integration of further relevant data. This is provided via the customer services;
• Revoke your consent to data processing for the processing activities where we rely on your consent. You can revoke your consent through tools on our Platform/App (e.g., opt-out or un-subscriptions) or you can simply contact our DPO. Please note, however, that such revocation does not affect the lawfulness of the processing prior to revocation.
• Request a restriction of data processing where:
  • You contest the accuracy of the data until we have taken sufficient steps to correct or verify the accuracy;
  • The processing is unlawful but you do not want us to erase the data;
  • We no longer need the data for the purposes provided, but you require it to establish, exercise or defend a legal claim; or
  • You have objected to data processing justified by legitimate interests, pending verification of whether we have legitimate grounds to continue processing;
• Object to the data processing, including processing based on our legitimate interests, and, where applicable, the decisions being taken by fully automated means. This request may result in the termination of the services provided to you;
• Request the erasure of data without undue delay. This request may result in the termination of the services provided to you;
• Receive an electronic copy of the data provided, if you would like to port it to a different service provider. This is offered by the customer services; and
• Lodge a complaint with the Data Protection Authority.

You may exercise these rights at any time by contacting support at support@mx010.vip or our DPO at dpo@greentube.com.

We advise you to protect your own and others’ personal information by refraining from sharing private or sensitive data anywhere, such as on the website/app or any third-party platforms or applications. We disclaim any liability for the consequences resulting from such sharing of information, including but not limited to the leakage of personal data and any resultant harm or loss. You remain responsible for your actions and the content you share on the website/app or any third-party platforms or applications.

Unless otherwise provided, these services are offered by sending a written request. They are free of charge, however in certain circumstances, we may charge a reasonable fee and fully or partially refuse the request. We will do our best to accommodate your requests, but sometimes other legal obligations or third-party rights may take precedence.

Your requests shall generally be handled within one month of receipt. This period may be extended by two further months based on the complexity and number of the requests. We will do our best to respond to your request as quickly as possible, but it may happen that other legal obligations or third-party rights and procedures slow down the process. Should this be the case, we will always notify you about the extension within one month of receipt and inform you of its length and the reasons behind it.

Notice modifications

This Notice is valid from the date indicated in its header. We may make further modifications due to business developments or legal and regulatory changes. We will alert you to material changes by placing the Notice on our Website/App. You can see for yourself when this Notice was last updated by checking the date at the top of this page.