Privacy policy

Introduction

Personal data is any information that can be used to identify an individual person. All actions are in place to provide that all User's personal data, which is available to the controller, is safe and that User's data is processed in accordance with all in force data protection laws, internal policies, guidelines and procedures.

1. Personal Data Processing Controller and Applicable Law

1.1 EVERBET BG EOOD, registration number 207058661, legal address at ul. "Otets Paisiy" 42, 9000 Varna, Bulgaria (hereinafter - the Organiser). This Privacy policy is in place for the participants in a licensed and organised gambling activities by EVERBET BG EOOD by registering on the website www.everbet.bg under the Bulgarian Gambling Act. Personal Data Protection Act, Regulation 2016/679 of the European Parliament and Council of 27 April 2016 (“General Data Protection Regulation” or GDPR) on the protection of individuals with regard to the processing of personal data and on the free movement of such data (Regulation) as well as other special requirements of the applicable regulations for gambling activity, such as, but not limited to the Gambling Act, the Anti-Money Laundering Measures Act, as well as the obligatory gambling conditions, rules and requirements adopted by the State Gambling Commission for the Organiser to carry out gambling activity in the region.

2. Definition and purpose of Privacy Policy

2.1 Privacy Policy is an agreement between the Organiser and an individual (hereinafter – User) who uses the Interactive Gambling Service provided by the Organiser. The User agrees to enter in this agreement by registering an account on Organisers website www.everbet.bg (hereinafter – Website).

2.2 The Organiser is committed to protect the User's personal data. Privacy Policy allows the User to understand what information is gathered when Organiser’s services are being used, when the User sends his personal data to the Organiser or the Organiser obtains it into his possession in other way, why does the Organiser obtain this information and how it will be used.

2.3 Additionally, the Privacy Policy is providing information about how the Organiser is obtaining, processing, storing, sharing, deleting and protecting the User's personal data. This way ensuring, that the personal data is processed lawfully, in good faith and to the User in a transparent manner. Privacy Policy is applicable to User's personal data, any physical personal data processing and provided services.

2.4 If the Organiser will update this policy, all changes will be published in the Organisers website and if required notify all Users who have a registered account in the Organisers website.

2.5 To be able to provide the User with better and more suitable services, as well as, to provide, maintain, protect and improve existing services, Organiser processes obtained data during service provision.

3. For what purposes User`s data is being gathered?

3.1 Organiser collects personal data about the User when the User uses the Website, registers an account or participates in the online gambling organised by the Organiser, as well as when the User is making bets and receives winnings. In most cases Organiser requires User's personal data for the purpose of providing its offered services, provide customised offering for the User or for the performance of an agreement. Organiser also requires User's personal data to comply with a legal obligation and to protect Organiser's and User's legitimate interest. If the User does not provide the necessary data for the Organiserr's carried out identification procedures, Organisator will not be able to provide the User with the relevant services. Depending on the services User uses, Organiser may collect and process the personal data for purposes, but not limited, to:

  • - provide suitable services, overlook transactions and protect the User from illegal or damaging, individual direct or indirect, intentional or unintentional activities, when processing information, which is at the disposal of the persons concerned, as well as to prevent fraudulent activities, illegal betting and money laundering;
  • - process any User`s requested informative requests;
  • - fulfil all Organiser's requirements in the regulatory enactments;
  • - provide User with support services;
  • - offer and provide User with products and services;
  • - inform User of any software or service updates;
  • - process User`s bets and card or online payments;
  • - create and manage User's player account;
  • - comply with Organiser’s legal and regulatory requirements;
  • - create User's account and User's private profiles;
  • - support and respond to the User when the Organiser is contacted via Live Chat or emails;
  • - carry out User's research, questionnaires and analyses;
  • - carry out risk management and fraud prevention procedures;
  • - carry out source of funds and the true beneficiary verification procedures;
  • - improve the quality of the provided services;
  • - carry out direct marketing;
  • - provide the User with the information about offers, services and products provided by the Organiser, if the User has agreed to receive such.

3.2 In carrying out Organisers activities, Organiser is mandatory required to process data on the basis of a number of statutory obligations, such as:

  • - Gambling Act, Anti-Money Laundering Act, by-laws, as well as the mandatory gambling conditions and rules adopted by the NRA and the requirements for organised gambling;
  • - Ordinance on the terms and conditions for registration and identification of participants, the storage of data on organised online betting on the territory of the Republic of Bulgaria and for the submission of information on gambling to a server of the National Revenue Agency;
  • - The Accounting Act, the Corporate Income Tax Act, the Tax and Social Security Procedure Code and other related normative acts, in connection with the maintenance of correct and lawful accounting;
  • - obligations to provide information to all state institutions and regulatory bodies;
  • - obligations to provide information to the court and law enforcement authorities.

3.3 Data processing based on user's consent:

  • - when the Organiser process User's personal data for the purposes of the direct marketing for the products and services, as well as for the participation in the Website campaigns, User will grant an explicit consent.

3.4 Data processing on the basis of Organisation's legitimate interest:

  • - video surveillance in around Organiser's office;
  • - making of a voice and sound recording during a telephone conversation with the Organiser's call center on the following phone number: 052 802 507, in order to improve the quality of the Organiser's provided services, as well as to resolve arising disputes and to protect Organiser's legitimate interests.

4. What User data Organiser processes?

4.1 To identify an individual person and carry out its activities, Organiser may request from the User or collect itself if possible, process and take into consideration the following information, but not limited to:

  • - name;
  • - middle name;
  • - last name;
  • - date of birth;
  • - PIN or other identification number;
  • - gender;
  • - citizenship;
  • - credit institutions or other payment method account information;
  • - place of residence;
  • - email address;
  • - phone number;
  • - a copy of an identity document and/or a copy of a debit/credit card;
  • - source of funds;
  • - other essential information about the person (personal information), including information, which collection is intended by regulatory enactments of the Republic of Bulgaria.
  • - data from recordings of telephone conversations when contacting our support center;

4.2 When verifying the identity of the User, the Organiser may process additional data, at its discretion in accordance with regulatory requirements, in order to perform its obligations.

4.3 Organiser may request from the User other data or proof of data in case of suspicion of fraud, abuse, money laundering and other high risk actions and transactions.

4.4 When the User is interacting with the Organiser’s provided services, Organiser’s servers are holding an unique activity record for User’s safety, which stores certain administrative and data flow information, including:

4.5 Private information is not collected without User’s consent.

  • - IP адрес;
  • - current location;
  • - used language;
  • - access dates and times;
  • - used browsers software error report;
  • - websites previously visited;

5. The tools Organiser use for collecting and processing data.

5.1 Organiser can automatically collect the above mentioned data and receive personal data, which the User indicates by using the services or otherwise communicating and interacting with the Website. The Organiser can also receive personal information from other providers. Similarly, the Organiser may work with third-party providers to provide technical support for online transactions and for the successful maintenance of the User’s account. The Organiser has access to the information provided by the User to these service providers and third-party e-commerce service providers, in compliance with all Privacy Policies. The Organiser will use and process the personal information that will be obtained as described in the Privacy Policy.

6. Basis for processing of the personal data of the User.

6.1 User's personal consent - The User himself, as a personal data subject, gives consent to the collection and processing of User's personal data for the specified purposes. Similarly, User agrees to the processing of data for direct marketing purposes in order to express new and individual offers (this consent, of course, may be withdrawn by the User). User's consent is his free will and independent decision that can be made at any time, thus allowing the Organiser to process personal data for the specified purposes. User consent is binding if provided directly and unambiguously. User has the right at any time to withdraw his/her prior consent using the indicated communication channels with the Organiser. The requested changes will take effect within three working days. The withdrawal of consent does not affect the legality of the processing, which is based on consent before the withdrawal.

6.2 Provision of services - in order for the Organiser to provide the User with a qualitative opportunity to participate in interactive gambling, the Organiser must collect and process certain personal data collected prior to registering User's profile on the Organiser’s website.

6.3 Legitimate Interests - In keeping with the Organiser’s interests, based on the provision of quality services and timely support to the User, the Organiser has the right to process User’s personal data to the extent that it is objectively necessary and sufficient for the purposes specified in this Privacy Policy. The Organiser’s legitimate interests include the processing of personal data through direct marketing, resulting in the submission of new and/or individual offers for the Organiser’s products and services to the User. Given that the Organiser is part of a group of companies, it has a legitimate interest in processing its User's data by sending it to other group companies for internal administrative purposes, including, on group company level, provision with products and services that are up-to-date with the needs.

6.4 Similarly, the Organiser uses personal information collected from the User to provide the service, provide customer support, perform the necessary security and identity verifications, process online payments, assist in the participation of third party's special offer, if the User agrees to it, to ensure compliance with business specifics and other purposes for which the service is to be provided.

6.5 By accepting any competition prize or winning, User agrees that the Organiser may use the User's name for advertising purposes, for no additional reward consideration, except in situations where it is prohibited by law.

6.6 Performance of legal obligations - The Organiser has the right to process personal data in order to comply with the requirements of regulatory enactments and to provide answers to legitimate requests of the state and local government.

7. Exceptions to User data disclosure

7.1 The Organiser may disclose personal data in cases stated in regulatory enactments. If, after the Organiser’s inquiry, it is found that the User has been cheating or attempting to defraud the Organiser, in a way, such as, but not limited to, manipulating with games, manipulating with payments, is suspect of fraudulent payments (using third party or stolen credit cards, fraudulent chargebacks of payments, etc.), by making illegal activities (for example, money laundering activities) to the company or one of the parties involved, the Organiser has the right to process User's personal data (including the User's identity) to prevent, detect, investigate, prosecute or execute a criminal offense or criminal punishment; in order to use personal data in administrative or civil proceedings, as well as in the activities of officials of state institutions authorised by law, if it involves the prevention, detection, investigation or prosecution of criminal offenses or the execution of criminal penalties; in order to prevent immediate imminent threat to public safety. For research purposes and the provision of preventive measures for gambling addiction, anonymous data may be transferred to the responsible authorities.

7.2 The Organiser reserves the right, if necessary, to share or transfer User's personal data to other Organisational Group companies or service providers if it is necessary for the provision of service and the provision of higher quality services to the User.

7.3 Depending on the games organised by the Organiser, in which User participate, Organiser may disclose User's personal data with the following categories of recipients:

  • - National Revenue Agency, State Agency National Security, in compliance with statutory requirements and obligations related to gambling activities. These authorities have the right to receive information about the registered Users, bets, paid winnings, as well as other data, in the cases and form provided by the law;
  • - Banks, payment institutions, postal money order companies, specifically identified in the relevant rules for organising and conducting the games, in compliance with the requirements and obligations for making bets and paying out winnings;
  • - Suppliers of systems or services for the games that Organiser provides or for the management and maintenance of the activity and quality of provided services, including those related to the information technologies with whom the Organiser has conducted contractual relations (e.g. IT providers, software suppliers, computer support providers, prizes providers, etc.), in compliance with the requirements and obligations for maintenance of regulatory system functionalities, identification of participants, making bets, determining results and paying out winnings;
  • - State authorities/institutions, persons with public functions, regulators and supervisory bodies (including Council of Ministers, National Revenue Agency, State Agency National Security, bodies of the court, prosecution and investigation, Consumer Protection Commission, Commission for Protection of Competition, Commission for Personal Data Protection, etc.), if the Orgoniser has a sufficient grounds to believe that their access, use, preservation or disclosure is necessary for: the implementation of an applicable law or other normative act of a binding nature; in response to an inquiry made by a supervisory body, regulator or other state institution in connection with or on the occasion of the performance of its statutory functions or initiated inspection, complaint, audit, etc.; detection, prevention or other actions related to fraud, money laundering, terrorist financing, technical or security issues.

7.4 Organiser uses third parties to support certain contractual activities or for the performance of a legal obligation. Organiser does not provide User's personal data to third parties until Organiser have made sure that all technical and organisational measures have been taken to protect User's personal data and strive to exercise strict control over the implementation of this purpose. Some of these recipients of personal data may be:

  • - courier companies, external consultants and specialists, debt collection companies and law firms, auditors, security companies;
  • - persons who on assignment maintain equipment, software and hardware used to process personal data by Organiser, hosting companies and sales agents, etc.;
  • - companies providing consumer support software;
  • - banks and other financial institutions, when making and verifying bets and paying out winnings;
  • - marketing agencies and telecommunications companies when sending direct marketing messages or providing services from our call center.

8. Cookies and use of cookies in Website

8.1 The Organiser may use cookies as a means of collecting information from a web server for the above purposes following the User`s use of the Website. If the User registers with the Organiser or if the User continues to use the Website, the User agrees to Organiser`s use of cookies. Cookies contain information that is transferred to the User's computer hard drive. Cookies help the Organiser to improve the Website and deliver a better and more personalised service. Some of the cookies Organiser uses are essential for the Website to operate. If User wants to delete any cookies that are already stored on his computer or stop the cookies that keep track of User's browsing patterns on the Website, User can do so by deleting existing cookies and/or altering browser's privacy settings to block cookies (the process User follows will differ from browser to browser).

8.2 If the User wishes to have more information on this, the User can visit www.allaboutcookies.org. By deleting Organiser`s cookies or disabling future cookies means that the User may not be able to access certain areas or features of the Website.

8.3 Cookies, which are strictly necessary are essential for the User to navigate the Website and to benefit from the services, for example, when accessing parts of the Website that are protected by the safety tools, or in order to carry out money transactions. Without these cookies, the Organiser cannot ensure effective operation of the Website.

8.4 More information on Cookies and usage of it User can find in Cookie Policy published on the Website.

9. Duration of storage of User data

9.1 In order to make it possible to use the services of game play with real money, and in order to participate in gambling, as well as to receive winnings, the User must make a cash deposit into the Organiser's account. In order to ensure the highest quality of services, the Organiser uses third party services that allows it to electronically process such cash transactions. By agreeing to this Privacy Policy, User expressly agrees that personal information is necessary to perform such transaction processing, even if the mentioned information needs to be sent outside User’s resident country.

9.2 User's personal data will be stored in accordance with the statutory deadlines (including the Gambling Act, Ordinance on the terms and conditions for registration and identification of participants, storage of data on organized online betting in the Republic of Bulgaria and for submitting information about gambling to a server of the National Revenue Agency, etc.). The Organiser does not keep User data for an indefinite period and processes personal data on the basis of consent.

9.3 If the data processing is based on consent, personal data for these purposes will be processed until the withdrawal of consent. Consent can be revoked in one of the following ways:

  • - In User personal game profile, you can control the given consent, as well as in the channels for receiving marketing messages;
  • - by closing and sending signed request to [email protected];

9.4 When User revokes consent, the User's request will be considered immediately and within 72 hours of its receipt, the sending of marketing messages to the channels you have requested will be suspended. Personal data will stay processed on the basis of a legal obligation of the Organiser.

9.5 According to Art. 6, para. 4 of the Gambling Act, we are obliged to store all data about the activities of the participants (including the registration and identification of the participants, bets made and winnings paid) for a period of for a period of 5 years after the limitation period for repayment of public liabilities related to such data has expired. Please note that in general the limitation period for public liabilities is 5 years after January 1 of the year following the calendar year during which a transaction occurred but the same may be suspended or restarted subject to certain conditions established by law so our obligation to retain some personal data of participants may be valid for periods longer than 10 years.

9.6 According to art. 6, para. 5 of the Gambling Act, we are obliged to store for a period of not less than 12 months from the date of collection and processing the data related to the geographical location of the IP address, identification of date, time and duration of the gaming session of the person registered as a participant on our Website.

9.7 The data from the sound recording in connection with our call center are stored for a period of 12 months from the date of their creation.

10. Transfer of data outside EU / EEA

10.1 User’s personal data will not be transferred outside the European Union or the European Economic Area, however, in case if such necessity arises, User’s data can only be transferred to countries that provide the same level of data protection of individual persons as provided in the European Union. In the event that such a transfer is necessary and performed, it will be carried out in accordance with the provisions of Regulation 2016/679 - GDPR.

11. Security measures.

11.1 The Organiser reserves the right to carry out security inspections at any time to confirm or verify the User entered data to verify compliance with the use of the services and to verify the fund transactions made by the User. All this is done to prevent and detect potential violations of the terms and to ensure compliance with the law.

11.2 By using the Organiser’s services, the User agrees to the Organiser’s use of Terms and Conditions, the User authorises the Organiser to use the User’s personal information and disclose it to third parties, so that the Organiser can confirm the legitimacy of the information indicated by the User through the Organiser’s services, including cases where information is to be transmitted outside the borders of the User’s country.

11.3 Safety checks may include, but are not limited to, reports from the payment card issuing authority or in any other way verifying the information provided by the User in any third-party database. In order to facilitate these security checks, the User agrees to provide additional information or documents at the request of the Organiser.

11.4 The Organiser ensures, continually reviews and improves protection measures to protect User's personal data from unauthorised access, accidental loss, disclosure or destruction. To provide this, Organiser applies modern technology, technical and organisational requirements, including using firewalls, intrusion detection, and analysis

11.5 The Organiser carefully scrutinises all service providers that process User's Personal Data on behalf of the Organiser, and assess whether the cooperation partners (data controllers) apply appropriate security measures in order to process the User's personal data in accordance with the delegation of the Organiser and the requirements of the regulatory enactments. Cooperation partners are not allowed to process the Organiser’s personal data for their own purposes.

11.6 The Organiser does not take any responsibility for any unauthorised access to personal data and/or loss of personal data, if it does not depend on the Organiser, for example, the User himself discloses his personal data to third parties.

11.7 In case of compromise of User's personal data, the Organiser will notify the User thereof.

11.8. Similarly, the Organiser shall inform the authorities and the individual persons involved, as specified in the applicable laws and/or regulations, of the data/information security incident, without delay, within 72 hours of becoming aware of the breach of the data/information as it is expected in European Union’s law, unless, in accordance with the principle of accountability, the Organiser can demonstrate that a breach of personal data is unlikely to constitute a risk to the rights and freedoms of natural persons.

11.9 The Organiser stores all personal information received from the User in a protected database, part of the data encrypted, the connection of which is protected.

11.10 The Organiser’s services are not intended for persons under the age of eighteen (18) years. Any person who provides the Organiser with information through any Organisers provided services proves that he has attained at least eighteen (18) years of age. The Organiser’s policy is to conduct security checks to detect attempts by minors to access services. A suspicion of an underage’s participation in gambling is grounds for launching a security check. If the Organiser becomes aware that the minor has attempted or submitted personal information through any Organiser’s provided services, the Organiser does not accept the information provided by him and takes the necessary steps to deny access to the products.

12. Information about Organiser

12.1 The personal data of the participants in the organized online games can be processed by the following controllers:

12.2 When you participate in online games at the Website, the data is processed by EVERBET BG EOOD with the registered office and address of management in ul. "Otets Paisiy" 42, 9000 Varna, Bulgaria together with the companies operating under the brand Everbet, in their capacity as joint controllers for purpose of providing service to User.

12.3 In strict compliance with European and local legislation in the field of personal data and in order to guarantee the rights of data subjects, companies operating as joint controllers, have agreed on the rights, security measures and volume of information to be granted to companies with which Organiser has entered into agreement.

13. Rights of User

13.1 Contact the Organiser for a copy of the personal data held by the Organiser.

13.2 Correct all personal data held by the Organiser about one's self.

13.3 The User has the right to obtain information about those individual or legal persons who have received information about this User within a certain period of time from the Organiser. The Organiser will not provide the User with information about the state institutions of criminal proceedings, the operative bodies or other institutions for which the law prohibits disclosure of such information.

13.3 The User has the right to obtain information about those individual or legal persons who have received information about this User within a certain period of time from the Organiser. The Organiser will not provide the User with information about the state institutions of criminal proceedings, the operative bodies or other institutions for which the law prohibits disclosure of such information.

13.5 Request to revoke User's consent when Organiser processes User personal data on the basis of consent (without such withdrawal to affect the lawfulness of the processing carried out before its submission).

13.6 The User has the right to transfer his personal data.

13.7 Contact the Organiser or the processing of personal data in the supervisory institution CPDP (Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd. or www.cpdp.bg) for issues related to the processing of personal data.

13.8 User can use the email [email protected] to contact the Organiser.

13.9 All information security system issues and information/data security issues that are not covered by this Policy should be addressed to a data processor (email: [email protected]).

13.10 User can exercise his rights with a written application submitted to the office at the address: ul. "Otets Paisiy" 42, 9000 Varna, Bulgaria personally or by an explicitly authorised person with a power of attorney, unless a special law provides otherwise or submit an application electronically to the e-mail address [email protected], under the terms of the Electronic Document and Electronic Certification Services Act and the Electronic Identification Act as an electronic document signed with a qualified electronic signature.

13.11 When User contacts or submits an application for the exercise of rights under Regulation (EU) 2016/679 to the Organiser, User will be asked to identify himself by providing an identity document, an electronic signature or other means of identification. The Organiser is not obliged to respond to a request if it is unable to identify the data subject.