Vista Gaming respects your privacy and is committed to protecting your personal data and processing it in compliance with applicable laws as well as the various subsidiary legislation issued under the same – the ‘DPA’; The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – the ‘GDPR’.
• Purpose of processing: We process your personal data for the purpose of providing you with the services, to allow your access to Website, to comply with our legal obligations such as anti-money laundering and responsible gaming, to detect and prevent fraud and to commercially grow our business (e.g. direct marketing, analyses); Controller: When processing your Personal Data, Vista Gaming acts as a controller;
• Your rights: You have a number of rights afforded by applicable laws, especially a right to object processing that is based on our legitimate interest such as direct marketing of our own goods and services, segmentation, loyalty program and risk management.
When we process your data on the basis of your consent, you can withdraw it at any time. Also, you have a right to receive an access to all of the personal data that is undergoing processing and a right to erasure of the data that are no longer necessary;
• Implications of processing: Processing of personal data will result in provision of services (or deny thereof if certain data is not provided), receiving marketing communication, segmentation with respect to risk categories or bonuses and similar offers.
1. IMPORTANT INFORMATION
This website is not intended for children and we do not knowingly collect data relating to children (below 18 years of age).
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise rights please contact Us or the DPO using the details set out below.
1.3. Contact Details
Our full details are:
General email address: [email protected]. Kaya Richard J. Beaujon, ZN, Wilemstad, Curaçao
1.4. Changes to the privacy notice and your duty to inform us of changes
2. THE DATA WE COLLECT ABOUT YOU
2.1. Personal Data
Means any information that identifies you as an individual or that relates to an identifiable individual. We are committed to protecting your privacy and the security of your Personal Data at all times.
2.2.Data obtained from you
We collect from you, through interaction with you or through your interaction with us or our Services different kinds of personal data about you which we have grouped together follows:
a) Registration Data
provided by you when you register and/or open your Member including first name, last name, username or similar identifier, date of birth, gender, country.
b) Contact Data
includes permanent address, email address and telephone numbers.
c) Identification and Verification Data (Anti-Money Laundering/Due Diligence/KYC data)
that include your name, surname, permanent address and proof, age, nationality, family members, degrees and qualifications, schools/universities attended, employment history and information, media involvement, financial status information (e.g. bank statement, source of income and source of wealth, tax information), masked credit card details, proof of e-wallet ownership.
d) Responsible Gambling Data (RG)
including name, surname, Zip Code, email, phone number, country, date of birth, approved transactions (deposits and withdrawals), denied transactions (deposits and withdrawals), Identification and Verification Data.
e) Payments Data
includes bank/payment account details, as well as information pertaining to a transaction such as currency, location, amount/value, client IP, user ID, token.
f) Transaction and Usage Data
generated through your use of our Services (e.g. playing Games) and include payments to and from you (deposits, withdrawals, failed deposits and reversed withdrawals) and other details of Services you have purchased from us (such as bets, wagers (real and bonus), wins), date and time of the transactions, account balances (bonus and real), bonuses used (conversion and forfeiture), bonuses turnover, bonuses balance, channels used, transaction games played, language, country, account balances.
g) Log in Data
includes internet protocol (IP) address, your logins (first log in last login, last failed login), duration of log ins, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Services.
h) Profile Data
includes internal notes to your account, interests, preferences, feedback, information about events which you have attended; Your preferences as to whether you wish to attend any events, and what type of events you prefer; Any bonus/cash back deals, or bonus preference you have been offered or benefitted from; Whether you have received any giveaways or, and your preferences regarding what type of gifts you would like to receive; Your preferences as to contact channels; information regarding your hobbies and interests;
i) Marketing Communications Data
includes your preferences in receiving marketing from us (opt in/opt out), as well as your Contact and Registration Data.
j) Other Communication Data
provided by you in communication with us (via recorded calls, chats, email, or SMS) which may include various data such as your intentions, interests, complaints, preferences, as well as internal communication and notes.
k) Analytics data
include various data provided by your observed with respect to your use of our Website and Services such as your player ID, language, location, browser data, campaigns utilized, channels used, device, payment provider, Transaction and Usage data and in case of online acquisition analytics also pages visited, postcards clicked, scroll depth. Certain information is collected using cookies and/or similar tracking technology – please see further section “Cookies”.
2.3. Data from different sources
2.3.1. We collect information for AML/CFT purposes on the background of the player, which we source from third party providers (private companies working mostly with public sources), namelyAcuityTec, Pipl, CheckMate, http://data.europa.eu, which includes information whether player is politically exposed person and whether any international and/or financial sanctions have been imposed and/or information on any corporate or property ownership, court judgements and/or insolvency during the AML risk monitoring and due diligence process, which information is also collected from publicly available sources (e.g. Google search, all social media services like Facebook, Twitter, Pinterest, Instagram, LinkedIn.
2.3.2. Profile data (hobbies, interests) are also gathered by search of publicly available sources such as Facebook, LinkedIn, Twitter and Instagram, Google search.
2.3.3. In order to prevent and detect fraud and misuse of our systems (e.g. use of VPN), certain Log In Data, such as; IP address, device model/type, browser information, operating system and other device identification data are sourced and processed by us utilizing a services of third-party fraud detection software provider.
2.4. Special Categories of Personal Data
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. However, from our experience, we may not exclude that You, at your own discretion, send us such data in communication with Us.
Please note that although ID cards are processed, images contained therein are not specifically technically processed to allow or confirm unique identification. Therefore, such data is not to be considered biometric data (special category of data).
2.5. If You Fail To Provide Personal Data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with Our Services).
Please make sure that your username does not contain any personally identifiable information, as the username is shared with certain partners and in the course of the sharing of the username, this is not, separately, considered personal data. Please contact us if your user name contains your personally identifiable data, so we can make proper arrangements to protect your data and guide you as to how to change the username.
3. WHY AND HOW WE USE YOUR PERSONAL DATA
3.1. We will only use your personal data when the law allows us to.
Most commonly, we will use your personal data in the following circumstances:
• To allow You to participate in Games to provide ancillary services to you
• To allow You access and use of the Website
• For legal and regulatory reasons, to comply with our legal obligations and license conditions such as Anti-money laundering and responsible gaming.
• For identification and verification proposes
• For purposes that constitute a legitimate interest of Vista Gaming regarding direct marketing of its own similar goods and services via electronic mail as provided below; and
• For purposes that constitute a legitimate interest of Vista Gaming regarding direct marketing via live telephone calls or postal mail as provided below
• For analytics purposes
Detailed purposes and legal basis
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal grounds we are relying on to process your personal data where more than one ground has been set out in the table below.
|Register you as new player;
||Contract with you
|Identify you and verify you
|When you access your acct.
|to allow you to access our games.
|Allow you to access our games
||Contract with you
|Manage and process deposits And withdrawals
||Contract with you
|Manage our contact with you, Communicate with you, allow You access to our games and other services.
||Registration date Contact data Profile data Transaction data
||Contract with you
|For AML/CTF and due diligence
||Registration data Contact data ID data Login data Other communications data
||Our Legal obligations
|Investigate suspicious behavior to protect our business from risk and fraud
||Registration data Contact data ID data Login data Payment data Other communications data
||Other communications data
|Direct marketing of our own
||Promote our own games
|Games (bonus offers, promos…)
||develop our business
|Loyalty program/VIP program
||Promote our own games
|Segmentation based offers
||Offer tailored promos
3.3. Direct marketing of own similar goods and services
3.3.1. Direct Marketing of Own Similar Products and Services via electronic mail: In accordance with applicable laws and in reliance on Regulation 9(2) of the Processing of Personal Data (Electronic Communication sector) Regulations (S.L. 586.01) and Recital 47 of the GDPR, Vista Gaming may be informing you, from time to time, via electronic mail (email or SMS) about its own similar products or services (for example any changes on the Website, new Games, own new services and promotions, bonuses and offers, loyalty program/VIP experience). You may opt out at any time and free of charge of such service, as applicable, either by:
• Activating the relevant link at the end of such message, or
• Contacting us, or
• Changing your Settings in your profile.
3.3.2. Live Direct Marketing Calls & Postal Mail: In accordance with applicable laws and in reliance on Regulation 9(3) of the Processing of Personal Data (Electronic Communications Sector) Regulations (S.L. 586.01) as well as Recital 47 of the GDPR, Vista Gaming may place calls to you or send you postal mail for direct marketing purposes unless you oppose this. If you do not wish to receive such direct marketing calls or postal mail, you may opt out at any time and free of charge of such service either by:
• Contacting us, or
• Informing the caller in the case of a phone call, or
• Changing your settings in your profile.
3.3.3. Please note that even if you object to receiving direct marketing material from, from time to time we may still need to send You certain important communications from which you cannot opt-out.
4.1. Criteria used to determine retention period
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
The criteria we use to determine what is ‘necessary’ depends on the nature of the particular personal data in question. Our normal practice is to determine whether there is/are any specific EU and/or other countries’ national law(s) (for example license requirement, tax or corporate laws) permitting or even obliging us to keep certain personal data for a certain period of time (in which case we will keep the personal data for the maximum period indicated by any such law) and if not, whether there are any laws and/or contractual provisions that may be invoked against us by you and/or third parties and if so, what the prescriptive periods for such actions are.
In the latter case, we will keep any relevant personal data that we may need to defend ourselves against any claim(s), challenge(s) or other such action(s) by you and/or third parties.
Where your personal data is no longer required by us, we will either securely delete or encrypt the personal data in question.
4.2. Details on our retention periods
|AML / CFT
||ID data Payment data
Due to gaming authority restrictions relating to the use of multiple accounts, players are only permitted to create and use a single account per site on the Vista Gaming Network as per our terms and conditions, therefore as long as we store, for the above mentioned purposes, all of the Personal Data of the player, the player may, following a closure only re-open their existing account, provided the account its eligible for opening.
Even further details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by Contacting us.
5. RECIPIENTS OF YOUR PERSONAL DATA
5.1. Recipients of your personal data
As Vista Gaming’s business partners, suppliers or service providers are responsible for certain parts of the overall functioning or operation of the Website, Games and other services, Personal data are processed also by them for the above-mentioned purposes on behalf of Vista Gaming.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, after thorough vetting of these partners and on the basis of strict data processing agreements
5.1.1. Details on the categories of the processors of the personal data:
• Game providers for the purpose of provision of games.
• Payment service providers to perform payment transactions (deposits / withdrawals).
• Marketing suppliers to perform certain marketing activities on behalf of Vista Gaming.
• Marketing partners to perform certain marketing activities on behalf of Vista Gaming.
• Marketing consultants to provide marketing advice to Vista Gaming.
• Service providers that technically enable communication with you (via email, chat, SMS, phone).
• Technical suppliers to support functioning of the Website and Our technical systems (both front and back end).
• Technical administrators of the database to maintain the functioning of the database.
• AML providers providing and/or processing certain data for the purposes of compliance with our AML obligations.
• Services providers regarding or organization and booking emails, trips and/or delivery of presents and gifts with respect to our loyalty program.
• Cloud services providers for provision of cloud based services such as storage or hosting certain software.
• Service providers for the purpose of data analytics.
• Credit rating agencies, fraud detection agencies, anti-money laundering agencies for fraud detection and control purposes, in the processing of Your Member Account and associated transactions.
• Professional advisers [acting as processors or joint controllers] including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
5.2. Authorized disclosure
If You are suspected to have breached our Terms and Conditions or any applicable laws (for example when we suspect that a crime may have been committed), or for the purpose of preventing, detecting or surpassing fraud Vista Gaming has a right to:
• Forward Your Personal Data to the government authorities;
• Share any of Your Personal Data to the relevant license provider;
• Share Your Personal Data with relevant law enforcement and/or crime investigation bodies and assist the same with any type of investigation into Your actions.
• To respond to any Court subpoena or order or similar official request for Personal Data.
5.3. Group companies/other brands for AML Purposes
Your Identification and Verification Data in the extend first name, surname, date of birth and postcode is, for the purpose of compliance with legal obligations, shared between various brands under Vista Gaming operates its gambling activities.
5.4. Data sharing for AML and Responsible Gaming Purposes between brands
Your Identification and Verification Data, Transaction and Usage Data, Registration Data and Contact data are for the purpose of compliance with legal obligations, shared with as well as sourced via various brands under Vista Gaming operates its gambling activities.
6. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In order to comply with GDPR, various technical controls ensure data and information are always encrypted during transit and at rest using industry standard encryption techniques across the board. This ensures confidentiality and integrity at all times. At an organization level, the handling of all information is governed by our comprehensive Information Security Policies. This is complemented by an information Security awareness program designed to specifically ensure we embrace security best practices whenever it comes to handling information.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a need to know business requirement. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7. YOUR RIGHTS UNDER THE DATA PROTECTION LAWS
You may, at any time, with reasonable intervals, request us to confirm whether or not we are processing personal data that concerns you and, if we are, you shall have the right to access that personal data and to the following information:
• What personal data we have,
• Who we disclose them to,
• How long we intend on keeping them for (where possible),
• Whether we transfer them abroad and the safeguards we take to protect them,
• Where we got your personal data from and
For queries please send us a request [email protected]. Upon such request, we shall (without adversely affecting the rights and freedoms of others including our own) provide you with such additional information and/or with a copy of the personal data undergoing processing within one month of receipt of the request, which period may be extended by two months where necessary, taking into account the complexity and number of the requests. We shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
7.1. The Right to Rectification
Although all reasonable efforts will be made to keep your Personal Data updated, you are kindly requested to inform us promptly. With respect to your residential address and phone number, you can notify us of the change by amending your profile of any changes to your Personal Data. If the change pertains to data that cannot be amended by changing your profile, please contact us. To this end you have the right to ask us to rectify inaccurate personal data and to complete incomplete personal data concerning you. We may seek to verify the accuracy of the data before rectifying it.
7.2. The Right to Erasure (The Right to be Forgotten)
You have the right to ask Us to delete Your personal data and We shall comply without undue delay but only where:
• The personal data are no longer necessary for the purposes for which they were collected; or
• You have withdrawn your consent (in those instances where we process on the basis of your consent) and we have no other legal ground to process your personal data.
• In any case, we shall not be legally bound to comply with your erasure request if the processing of your personal data is necessary:
• For compliance with a legal obligation to which we are subject (including but not limited to our data retention obligations); or
• For the establishment, exercise or defence of legal claims
• There are other legal grounds entitling us to refuse erasure requests although the two instances above are the most likely grounds that may be invoked by us to deny such requests. You may request the erasure by contacting us.
7.3. The Right to Data Restriction
You have the right to ask us to restrict (that is, store but not further process) your personal data but only where:
• The accuracy of your personal data is contested (see the right to data rectification above), for a period enabling us to verify the accuracy of the personal data; or
• The processing is unlawful, and you oppose the erasure of your personal data; or
• We no longer need the personal data for the purposes for which they were collected but you need the personal data for the establishment, exercise or defence of legal claims; or
• You exercised your right to object and verification of our legitimate grounds to override your objection is pending
• Following your request for restriction, except for storing your personal data, we may only process your personal data:
• Where we have your consent; or
• For the establishment, exercise or defence of legal claims; or
• For the protection of the rights of another natural or legal person; or
• For reasons of important public interest
• You may request the restriction by contacting us.
7.4. The Right to Data Portability
You have the right to ask us to provide your personal data (that you shall have provided to us) to you in a structured, commonly used, machine-readable format, or (where technically feasible) to have it 'ported' directly to another data controller, provided this does not adversely affect the rights and freedoms of others. This right shall only apply where:
• The processing is based on your consent or on the performance of a contract with you; and
• The processing is carried out by automated means
7.5. The Right to Object to Certain Processing
In those cases where we only process your personal data when this is
1) necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us or
2) when processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (as indicated in the Table in clause 3.2 above), you shall have the right to object to processing of your personal data by us.
When your data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data, which includes profiling to the extent that it is related to such direct marketing.
For the avoidance of all doubt, when we process your personal data when this is necessary for the performance of a contract, when necessary for compliance with a legal obligation to which we are subject or when processing is necessary to protect your vital interests or those of another natural person, this general right to object shall not subsist.
With respect to Direct marketing of our own goods and services incl. related profiling, you may object such processing at any time, by contacting us or by selecting your preferences on your account Profile.
7.8. Right to withdraw consent (when we process your data on the basis of consent)
In those cases where we process on the basis of your consent (which we will never presume but which we shall have obtained in a clear and manifest manner from you), YOU HAVE THE RIGHT TO WITHDRAW YOUR CONSENT AT ANY TIME and this, in the same manner as you shall have provided it to us.
Should you exercise your right to withdraw your consent at any time (by writing to us at the physical or email address below), we will determine whether at that stage an alternative legal basis exists for processing your Personal Data (for example, on the basis of a legal obligation to which we are subject) where we would be legally authorized (or even obliged) to process your Personal Data without needing your consent and if so, notify you accordingly.
When we ask for such Personal Data, you may always decline, however should you decline to provide us with necessary data that we require to provide requested services, we may not necessarily be able to provide you with such services (especially if consent is the only legal ground that is available to Us).
Just to clarify, consent is not the only ground that permits us to process your Personal Data. In the last preceding section above we pointed out the various grounds that we rely on when processing your Personal Data for specific purposes.
7.9. What We May Need From You
When exercising your rights by contacting us, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
7.10. Time Limit To Respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
7.11. Different Brands
Vista Gaming is operating its gaming business also under several brands and trademarks. For the purpose of the exercise of your rights as provided above, and for the purpose of clarity and legibility of our reply, we will initially comply with the requests with respect to data processed under the brand from where the request is originating. Should you wish your requests to be complied with respect to all of the brands with respect to which Vista Gaming operates its business, please make sure to flag this in your request.
The Vegas Crest Casino website (domain owned and transactions processed by Palau Holdings NV) is part of the Vista Gaming Network and is operated by Palau Holdings NV under the License No. 1668/JAZ issued to Curacao Egaming, authorized and regulated by the Government of Curacao.
Dr. M.J. Hugenholtzweg Z/N
UTS Gebouw, Willemstad
You can contact us by writing by email to [email protected].