CHRISTMAS-LOTTO is committed to protecting and respecting your privacy and managing your personal data transparently and in a fair and lawful manner. We want to ensure that as our customer you feel safe in the knowledge that we shall treat all your personal data as highly confidential.This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices in processing your data, as well as your rights regarding your personal data and how we will treat it.
CHRISTMAS-LOTTO vows to protect your personal data and to always respect your privacy in accordance with the best business practices and applicable laws. You are responsible to provide us with personal data that is correct and inform us of any changes occurring in your data in writing, in order that we may take all reasonable measures to keep our records in your regard correct and up to date.
Should you have any queries, concerns, requests or complaints in relation to the manner in which we process your personal data, you may contact our Privacy Officer by email on Privacyofficer@christmas-lotto.com.
Any information and personal details which identify you or make you easily identifiable as an individual is known as, and shall hereinafter be referred to as, your ‘personal data’ as better defined in Regulation (EU) 2016/679; this however does not include data where the identifiers relating to you as a data subject have been removed through anonymization.
CHRISTMAS-LOTTO may collect, use, store, and transfer different kinds of personal data. The table below contains information regarding the data we collect, how such data is collected, the proposed use of such data and the legal basis for processing your data, which may include legal obligations, legitimate interest, the performance of a contract and consent. These legal grounds are explained as follows:
a. Legal Obligations – Some data may be collected and processed due to laws or regulations requiring CHRISTMAS-LOTTO do so for the fulfilment of its legal obligations.
b. Legitimate interest – CHRISTMAS-LOTTO may process your personal data in the interest of conducting and managing its business and to ultimately provide you the best service and experience we possibly could. This may include sending you direct marketing communication and promotions. Before relying on this ground, we ensure that we evaluate that potential impact such processing may have on you and your rights.
c. Performance of contract – CHRISTMAS-LOTTO may process your personal data for the performance of contractual obligations we enter into with you and which you are a party to, in this case, our Terms and Conditions.
d. Consent – Where consent is used as a legal basis for processing your data, CHRISTMAS-LOTTO only processes your data in such a manner for as long as we have your consent to do so. If, at any time, you feel that you no longer wish for us to process your data in such a manner, we will no longer do so. However, this will not affect any processing of personal data that we carried out with your consent prior to the withdrawal of your consent.
Marketing – CHRISTMAS-LOTTO ensures that you have the utmost control over the marketing material you receive from us or from other third parties on our behalf. You may see and amend your choices relating to marketing in your user account here. If you feel you would like more control over what kind of marketing material we send to you, please feel free to send your suggestions to our Privacy Officer on the contact details listed above.
· AML and social responsibility – CHRISTMAS-LOTTO is committed to providing you with the safest and most secure gaming environment we could possibly provide. For this reason, we may process certain personal data relating to you to an extent which slightly exceeds the statutory requirements, however this is done for your own safety and peace of mind. We have a legitimate interest to do so, as we feel responsible for your online safety, however we can assure you that none of the checks we carry out are unnecessarily invasive to your rights and freedoms as a data subject.
Cookie data – A cookie is a piece of data stored on the user’s computer tied to information about the user. Usage of a cookie is in no way linked to any personally identifiable information while on our site. We use both session ID cookies and persistent cookies. For the session ID cookie, once users close the browser, the cookie simply terminates. A persistent cookie is a small text file stored on the user’s hard drive for an extended period of time.
CHRISTMAS-LOTTO shall not process your personal data for purposes other than those it was collected for; should further processing be required, you will be informed of that purpose and provided with all necessary information.
CHRISTMAS-LOTTO will use the email address which you have provided us with to send you an email welcoming you to our site; we may from time to time send out service related emails announcing for instance a temporary suspension of one or more of our services due to maintenance.
Sharing of Data
CHRISTMAS-LOTTO may need to share your personal data with a number of trusted third parties due to the nature of the services it provides you with. These third parties include:
(i) Game providers – sometimes our game providers would require access to select data attributes (such as username, IP address, for instance), in order to provide us with the games you play on our website;
(ii) Payments providers – similarly, we may share some of your personal data with the payment providers you use to make and receive payments on our website;
(iii) Marketing partners – where we have your consent to send you marketing and promotions, we may share your contact details (such as email address or mailing address) with our marketing partners who take care of sending out all our marketing material to you;
(iv) Governmental or regulatory authorities – where we are legally obliged to disclose your data, we may have to share your personal data with such bodies.
We may, if necessary or authorised by law, provide your personal data to law enforcement agencies, governmental or regulatory organisations, courts or other public authorities. We attempt to notify all our customers about legal demands for their personal data unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe that the requests are disproportionate, vague or lack proper authority, but we do not promise to challenge every demand.
Transfers of Personal Data
Some of the service providers mentioned above may be based in countries which do not form part of the European Economic Area (“EEA”). This may mean that your data may be stored in a location outside of the EEA. Whenever any transfers of your personal data are made to Data Processors located outside of the EEA, we always ensure that your data is protected in the same way as it is in the EEA. In order to ensure the protection of your data, we implement at least one of the following safeguards:
(i) Adequacy decision – we ensure that we transfer your personal data to countries providing an adequate level of protection according to the European Commission;
(ii) US / Swiss Privacy Shield – where the Data Processors we use are based in the United States of America or Switzerland, we try to ensure that such Data Processors are approved under the Privacy Shield. This Privacy Shield ensures that the Data Processors provide similar protection to personal data shared between the EEA and the United States or Switzerland;
(iii) Standard clauses – where the Data Processor is not based in a country benefiting from an adequacy decision or is not part of the US/Swiss privacy shield, as explained in (i) and (ii) above, we may use specific contracts, known as standard contract clauses, which are model contracts approved by the European Commission. These contracts also ensure that the personal data is afforded the same protection as it is in the EEA.
Automated Decision Making
In establishing and carrying out our business relationship, CHRISTMAS-LOTTO does not generally make use of fully automated decision making. If we use this procedure in individual cases, we shall inform you of this separately.
Data Security Measures
CHRISTMAS-LOTTO always strives to ensure that your data is safe, both in our hands and in the hands of any third-party to whom we may disclose your data. Internally, we have put in place a number of security measures, both from a technical aspect as well as from an organisational aspect, to ensure that your data is not accidentally lost, used, accessed in an unauthorised manner, altered, or disclosed. To protect your personal data during communication with your web browser, the company uses secure and tested encryption technology from Thawt. Online transactions continue to be protected by the extremely reliable security system of a worldwide-accredited partner.
We also ensure that access to your personal data is determined on a ‘need-to-know’ basis, meaning that only the persons who have a direct need to access your personal data will have access to it. Furthermore, anyone having access to your personal data is subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected or actual personal data breaches. We will notify both you as an affected data subject and the supervisory authority concerned of any such data breach whenever we are legally required to do so and we shall maintain a log of any such breaches.
CHRISTMAS-LOTTO will only process and retain your personal data for as long as it is necessary in order to fulfill our contractual, regulatory and statutory obligations. We will assess and respond to requests to delete data. We will delete data provided that the data is no longer required in order to fulfill contractual, accounting, or reporting requirements, regulatory or statutory obligations, or the fulfillment of any obligations to preserve records according to law.
We will normally retain your records for a minimum of ten years from the date of your last recorded account activity to comply with legal, regulatory and contractual requirements unless there is a particular reason to hold the records for longer; your personal data may be retained for longer periods in the event of prospective or pending debt collecting, legal or law-enforcement proceedings and until such proceedings are formally and definitively concluded.
Please feel free to contact our Privacy Officer on the contact details provided above for further information regarding our retention periods.
In relation to your personal data, you have the right to:
– access to your personal data;
– rectification of your personal data;
– request erasure of your personal data.
– object to processing;
– restrict processing;
– data portability;
Request access to your personal data:
As our customer and as a data subject, you have a right to request, free of charge, a copy of the personal information we hold about you.
Request the correction or rectification of your personal data:
If any personal information we hold about you is incomplete or incorrect, you have a right to have this corrected. In order to allow your request, you may need to provide us with evidence and documentation (such as your ID, passport or proof of address);
Request the erasure of your personal data;
You shall have the right to request the erasure of your personal data where we no longer have a legitimate reason to continue using or retaining it. We will not be able to fulfil your request until you are still our customer and for a further period of five years thereafter as well as if we are under a legal obligation to retain this information, or where the retention of your information is necessary for us to defend ourselves in a legal dispute or to execute a legal title against you.
Object to the processing of your data
If we rely on our legitimate interests (or those of a third party) to process your data and you feel that our processing of your data in such a manner impacts your fundamental rights and freedoms. However, in some cases, we may be able to demonstrate that we have a compelling legitimate ground to process your data which may override your rights and freedoms. You may submit your objections to processing of your personal data on the grounds of the above-mentioned legitimate company interests by contacting our Privacy Officer;
Request the restriction of the processing of your personal data
You may ask us to temporarily suspend the processing of your personal data in one of the following scenarios: (a) where you want us to establish the accuracy of the data, (b) where you believe our use of the data is unlawful but you do not wish for us to delete it, (c) where you need us to retain your data even when we no longer need it in order for you to establish, exercise, or defend legal claims, or (d) where you have objected the use of your data but we need to verify whether we have overriding legitimate grounds to use it;
Request the transfer of your personal data (aka data portability)
This means you may ask us to transfer certain data we process about you to you or others. This right only applies to data which you provided us with and consented us to use and which were necessary for us both to honour our mutual contractual obligations so long as such data is processed by us in an automated manner. This would include your contact details, billing and usage data.
Should you consider at any time that we are handling your personal information in a manner that leaves you dissatisfied or at a disadvantage, you may at any time file a complaint with Office of the Information and Data Protection Commissioner by email on email@example.com, by ordinary mail at Information and Data Protection Commissioner, Level 2, Airways House, High Street, Sliema, SLM 1549, Malta or by calling (+356) 2328 7100.
You shall also have the right to ask us not to process your personal data for marketing purposes by withdrawing your consent. You can exercise your right to prevent such processing by checking certain boxes in your account settings. You can also withdraw your consent at any time, simply by unchecking the same boxes or by contacting our Privacy Officer by email on Privacyofficer@christmas-lotto.com.
It may take up to 48 hours for us to ensure that the changes are implemented into our systems and those of our marketing partners (and therefore you might receive some emails or information from us within those 48 hours for this reason); withdrawing your consent will not affect the lawfulness of the processing carried out by us up until the time you withdrew your consent.
We hope to be able to resolve any difficulties or complaints you may have by bringing them to the attention of any of our customer support services or by forwarding whatever query, request or issue you may have to our Privacy Officer on the address indicated above.
Except for your right to file a complaint with a supervisory authority, in order for CHRISTMAS-LOTTO to be able to action any of your requests made in accordance with your rights described above, we may need to request specific information about you to help us verify your identity. This is a security measure to ensure that we are certain that the person to whom we disclose your personal data is really you.
We will do our utmost to respond to all legitimate requests within one-month from when we receive a request. If your request is particularly complex, or if you have made multiple requests in a certain time period, it may take us a little longer. In such a case, we will notify you of this extension.
Recommendations to refrain from divulging your personal data
CHRISTMAS-LOTTO strongly recommend that you do not divulge your personal data to strangers or third parties during chat rooms. Remember that your personal data is sensitive and stop and think before passing on information which you may come to regret.
CHRISTMAS-LOTTO strongly recommend that you do not choose your username as your alias. It is advisable for your alias to be different to your user name.
Unlawful Actions and Transactions
CHRISTMAS-LOTTO shall take measures against any person found cheating or attempting to cheat or defraud CHRISTMAS-LOTTO or any of CHRISTMAS-LOTTO’s customers or any other person using the services provided by CHRISTMAS-LOTTO. Cheating and defrauding shall be inclusive of but not limited to fraudulent payment, use of stolen credit cards, unauthorised chargeback or other reversal of a payment, money laundering or any other unlawful transaction.
This Web site takes every precaution to protect our users’ information.
When users submit sensitive information via the website, their information is protected by industry-standard encryption technologies such as SSL, the use of which can be verified by clicking on the padlock icon next to the website’s address on your web browser.
While CHRISTMAS-LOTTO use all endeavours to protect sensitive information online, we also do everything in our power to protect user-information off-line.
All of our users’ information, not just the sensitive information mentioned above, is restricted in our offices. Only authorised CHRISTMAS-LOTTO employees are granted access to personally identifiable information. CHRISTMAS-LOTTO perform checks on all our potential employees to ensure that none of them have a criminal record. Our employees must use password-protected screen-savers when they leave their desk. When they return, they must re-enter their password to re-gain access to user information. Furthermore, ALL employees are trained and kept up-to-date on our security and privacy practices to fulfill our data protection requirements and to offer you the best service possible.
When new policy is added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our users’ information is protected. Finally, the servers that store personally identifiable information are in a secure environment.
CHRISTMAS-LOTTO ensures that all your data is protected from unauthorised access by a so-called firewall – a computer that is fitted with complex security technology specifically designed to shield the company’s network from the Internet. Additionally, the company uses reliable internal data protection mechanisms combined with a restrictive security system.