- Version 2.0 last updated 3rd July 2020
At Caxino, transparency is very important to us and we take your privacy extremely seriously. We appreciate that you are trusting us with your personal information and we want to be transparent about how we use it.
Rootz LTD, acting as data controller, is committed to protecting your personal data and processing it in compliance with applicable laws – notably: The Maltese Data Protection Act (Chapter 586 of the Laws of Malta) as well as the various subsidiary legislation issued under the same – the ‘DPA’; The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – the ‘GDPR’.
If you have any questions please contact us at [email protected].
- Who We Are and How to Contact Us
- Why We Collect Information
- Where We Get Your Information From
- Information We Collect
- How We Use Information
- How We Communicate With You
- How Information is Shared
- Your Rights to Access and Control Your Personal Data
- Data Retention
- Promoting Safety and Security
- International Operations and Data Transfers
- Privacy Compliance
If you live in the European Economic Area or Switzerland, then Rootz LTD, a Maltese company, controls your personal data and provides you with the Services. If you are seeking to exercise any of your statutory rights, please contact our Data Protection Officer at [email protected]. You may also contact us at the following address:
Ewropa Business Centre
Level 3 - 701, Dun Karm Street
Birkirkara BKR 9034
Email: [email protected]
As Rootz is based in Malta, we are subject to the General Data Protection Regulation (GDPR). This means that whenever we process personal data, we always adhere to the following GDPR principles:
- Lawfulness, fairness and transparency;
- Purpose limitation;
- Data minimisation;
- Storage limitation;
- Integrity and confidentiality;
If you have questions, suggestions, or concerns about this policy, or about our use of your information, please contact us at [email protected]
2. Why We Collect Personal Information
We need to process your personal information in order to provide you with our Services. We will only ever ask you for the minimum amount of information that we need and we only ever use it for lawful purposes.
When you register for an account with Caxino, you enter into a contract with us, as set out in our Terms and Conditions. For us to be able to keep up our end of the contract and provide you with access to our Services, we need to process some personal information about you. We will always make it clear which information is mandatory and which information you can decide not to give us if you don’t want to. If there are pieces of information that are mandatory and you don’t want to provide to us, then you will not be able to hold an account with us and use our Services. We use your information for the following purposes:
- Help you create, operate and manage your personal profile, allowing you to access our games and services;
- Manage loyalty points and reward schemes;
- Protection of your personal profile and account;
- Process your bets and transactions, including your use of credit/debit cards and online payment systems;
- Provide customer support and service updates;
- Analyse user trends and improve the services we provide;
- Monitor the registration of multiple accounts
Some of the information we process about you is also necessary for us to comply with the legal and regulatory obligations that we have as a gaming company, such as licensing requirements, responsible gaming, and Anti Money Laundering (AML) Regulations. This information is processed in order to:
- Carry out age and identity verification checks
- Verify source of wealth
- Carry out due diligence checks
- Monitor and investigate transactions and game play in order to prevent and detect fraud, money laundering, problem gambling, and other irregular gaming activities
- Consult self-exclusion registers and manage problem gambling
- Manage registration of duplicate accounts and individuals from jurisdictions where gambling is prohibited
Where we have your consent, Caxino will contact you about news, promotions, and bonuses. We will only ever contact you for these reasons if we have your prior consent to do so. You have full control over whether and how we get in touch through the settings in your account. You can access and change these settings at any time.
Caxino will never ask you to provide any sensitive personal information, such as information about your health, your race or ethnic origin. There may be times when you may choose to disclose information like this to us, such as when you are speaking with us. Any chats or emails are assigned to your account with us, and where you disclose a health condition which we feel may impact your ability to make rational decisions around your gameplay, we may take the decision to block you from our Services for your own safety.
3. Where We Get Your Information From
The majority of the information that we have about you is the information you provide to us yourselves. However, sometimes we also obtain information about you from other sources.
Under our AML obligations, we are required to carry out due diligence checks that confirm information about you. In some circumstances, we may also need to verify your source of wealth. We work with reputable external companies who work with the gaming industry to carry out these checks, and they provide a report which contains information about you and your background.
In some circumstances, payment services providers may supply us with a small amount of personal information when they carry out a transaction for you, so that we can connect transactions to you as a player.
4. Information We Collect
When you use our Services, we collect the following types of information:
Information you provide us
Some information is required to create an account on our Services, such as your name, address, email address, password, date of birth, gender, telephone number, and country of residency. This is important data for the ‘Know Your Customer’ process as imposed by the anti-money laundering regulations, applicable both in Malta and in the EU. This is the only information you have to provide to create an account with us.
In view of the strict legal obligations imposed upon us, we also ask for occupation and source of income. There might be situations in which you are also asked to provide documentary evidence to prove that you are only using legitimate funds.
To help improve your experience or to enable certain features of the Services, you may choose to provide us with additional information, your gameplay preferences, and payment transaction history.
If you contact us or participate in a survey, contest, or promotion, we collect the information you submit, such as your name, contact information, and message.
Information from Third-Party Services
If you choose to connect your account on our Services to your account on another service, we may receive information from the other service.
Payment and Card Information
In order to receive payments, you must provide certain information for identification and verification, such as your name, credit, debit or other card number, card expiration date, and CVV code. This information is encrypted and sent to your card network. Upon approval, this then sends back a token made up of random digits for engaging in transactions, without exposing your card number. For your convenience, we store the last four digits of your card number and your card issuer’s name and contact information.
We may also derive your approximate location from your IP address.
When you access or use our Services, we receive usage data. This includes information about your interaction with the Services, including when you view or search content, create or log into your account, play a game, or collect/use a bonus or loyalty points.
We also collect data about the devices and computers you use to access the Services, such as IP addresses, browser type, language, operating system, the referring web page, pages visited, location, and cookie information.
Our Websites use “cookies”. A “cookie” is a piece of software which may be sent to your computer. Cookies enable us to collect information about how our Websites and services are being used and to manage them more efficiently.
5. How We Use Information
We use the information we collect for the following purposes:
Provide and Maintain the Services
Using the information we collect, we are able to deliver the Services to you and honour our Terms of Service contract with you. For example, we need to use your information to provide you with your player dashboard, provide you with game suggestions, and any other relevant marketing promotions.
Improve, Personalise and Develop the Services
We use the information we collect to improve and personalise the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors, perform data analysis and testing, conduct research and surveys, and develop new features. We also use segmentation to split our players into groups based on their gaming behaviour. We do this to help us understand how people use the product and to help us develop our marketing approach, including bonuses and promotions.
When you allow us to collect location information, we use that information to provide and improve features of the Services. For example, we may present to you your favourite games or games that you might be interested in at the top of our games content based on the preferences you set, your country of residence, and your gameplay data.
We are required to take a number of steps to meet the rules around Anti-Money Laundering (AML) Counter Terrorist Financing and fraud. In order to do this, we employ programmes that monitor player behaviour and alert us to suspicious or fraudulent transactions. Where suspicious transactions are flagged, we escalate these to the necessary regulators and enforcement bodies.
As part of our license, we also have obligations around responsible gaming. In order to do this, we employ a system which flags any gambling patterns or behaviours exhibited by a player that could indicate problem gambling. When the system flags a player, one of our responsible gaming team members reviews the account and where necessary, will reach out to the player for a discussion on their gameplay and provide information and advice.
Third Party Websites
No third party is permitted to link any other Website to our Website without obtaining our prior written consent.
6. How We Communicate With You
We use your information when needed, to send you Service notifications and to respond to you when you contact us. We also use your information to promote new features or products that we think you would be interested in. You can control marketing communications and most Service notifications by using your notification preferences in your account settings, or via the “Unsubscribe” link in an email.
Use of E-Mail for Communications
All e-mail messages are routinely scanned for viruses. In the case of e-mails, we may reject, delay or remove content from e-mails due to their nature, content or attachments, that have the potential to disrupt our systems, or because they may pose security issues such as viruses. We may also filter out e-mails which contain certain content on the basis that content is offensive, or the e-mail is unwanted or considered spam. In certain circumstances, this may unfortunately result in “innocent” e-mails being affected, but we do try and reduce such occurrences.
Please be aware, however, that data sent through the Internet may technically be transmitted across international borders, even where sender and receiver of information are located in the same country. Consequently, personal information relating to you may be transmitted via a country having a lower level of data protection than that existing in your country of residence.
7. How Information is Shared
For External Processing
There are some circumstances where we need to share your information with recipients who are outside of Caxino, in order to provide our Services. When we carry out any sharing with third parties, we always ensure that there is an appropriate contract in place, that the information being shared is transferred in a secure way, and that we only share the minimal amount of your information that we need to. Caxino will never sell your information to any third parties.
Third parties we work with include payment service and game providers, analytics services, identity verification and AML related services, social media platforms, website performance security systems affiliates, and other partners who process data for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for customer support, information technology, payments, marketing, data analysis, research, and surveys.
When You Agree or Direct us to Share
You may direct us to disclose your information to others, such as when you use our community features like the “Races”. For certain information, we provide you with privacy preferences in account settings and other tools to control how your information is visible to other users of the Services. Just remember that if you choose to participate in a “Race”, information like your first name will be visible to all other participants.
Analytics and Advertising Services Provided by Others
We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may prepare such information for research or statistical purposes.
We do not transfer your personal information to any third parties for marketing purposes, or for any other purposes other than those listed above.
For Legal Reasons or to Prevent Harm
- for the purpose of preventing, detecting or suppressing fraud or any other criminal offence;
- where it is necessary as a matter of national or public security;
- in the interest of national budgetary, monetary or taxation matters that can arise;
- to protect and defend our rights and property or that of users;
- to protect against abuse, misuse or unauthorised use of our Services;
- to protect the personal safety or property of users of our Services (e.g. if you provide false or deceptive information about yourself or attempt to pose as someone else, we shall disclose any information we may have about you in our possession so as to assist any type of investigation into your actions);
- for any purpose that may be necessary for the performance of any agreement you may have entered into with us; as may be required under any law
Our policy is to notify you of a legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period.
8. Your Rights to Access and Control Your Personal Data
We provide you with account settings and tools to access and control your personal data, as described below, regardless of where you live.
Accessing and Exporting Data
You have a number of rights that you can exercise when it comes to your information. These rights include:
- Having access to the information that we hold about you;
- Being able to rectify information we have about you that is incorrect;
- In very limited circumstances, having your information deleted;
- In some circumstances, have the use of your information restricted or “paused”;
- Have your information provided to you in a digital format and where possible, transferred to another organisation
By logging into your account, you can access much of your personal information, including your dashboard.
If you would like to exercise any of these rights, you should email our Support at [email protected] from your registered email address and provide:
- Your name
- Contact details
- Your registered email address
- Full details of your request
In some circumstances, we may request that you provide us with ID so that we can verify your identity. We will carry out your request, to the extent that it is possible
to do so.
Editing and Deleting Data
Your account settings let you change your personal information. For instance, you can edit the profile data you provide or delete your account if you wish, by contacting us at [email protected]
If you choose to delete your account, please note it may take up to 30 days to delete all your transactional data, like the data recorded during your games. This is due to the size and complexity of the systems we use to store data.
We recognise your right to be forgotten, however we have a legal obligation due to Anti-Money Laundering (AML) regulations to retain all personal account data, obtained for customer due diligence purposes, such as your name and address, and all documentation gathered during registration and payment processes for a period of five years after you close your account. You may also wish to note that this period may be extended by a further five years, where such extension would be considered necessary for the purposes of the
prevention, detection, analysis and investigation of money laundering or funding of terrorism activities by the Financial Intelligence Analysis Unit, relevant supervisory authorities or law
Customising or Restricting your Data Use
We provide you with account settings and tools to control your data use. For example, through your privacy settings, you can limit how your information is visible to other users of the Services; using your notification settings, you can limit the notifications you receive from us.
If you need further assistance regarding your rights, please contact our Data Protection Officer at [email protected] and we will consider your request in accordance with applicable laws. You also have a right to lodge a complaint with your local data protection authority or with the Malta Data Protection Commissioner, our lead supervisory authority.
9. Data Retention
We keep your account information, like your name, email address and password, for as long as your account is in existence because we need it to operate your account. In some cases, when you give us information for a feature of the Services, we delete the data after it is no longer needed for the feature. We also keep information about you and your use of the Services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in the How We Use Information and How Information is Shared sections.
We use the information we collect to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
For personal data, we rely on several legal bases to process the data. These include when you have given your consent, which you may withdraw at any time using your account settings and other tools, when the processing is necessary to perform a contract with you, like the Terms & Conditions; and our legitimate business interests, such as in improving, personalising, and developing the Services, marketing new features or products that may be of interest, and promoting safety and security as described above.
We work hard to keep your data safe and make all reasonable efforts to safeguard the confidentiality of personal information that we process. We regularly review and enhance our technical, physical, and managerial procedures to ensure that your personal data is protected. These cover areas such as access control, authentication, audit, monitoring, alarms, data storage, and backup and transmission standards. This is to ensure there is no unauthorised access or modifications to data, no improper use or disclosure, or unlawful destruction or accidental loss.
Our security policies, rules and technical measures are dedicated to the protection of the personal information that we have under our control. All our employees and third-party data processors, who have access to and are associated with the processing of personal information, are further obliged to respect the confidentiality of this personal data and are subject to a code of conduct which requires them to adhere to privacy principles.
By its very nature, however, the Internet is not a secure medium and data sent via this medium can potentially be subject to unauthorised acts by third parties. No method of transmitting or storing data is completely secure, however, if you have a security-related concern, please contact Customer Support.
11. International Operations and Data Transfers
Wherever possible, Caxino keeps your information within the European Economic Area (EEA). However, in some circumstances, your information may have to leave the EEA, such as when we work with third parties. Caxino always makes sure that any transfers outside of Europe are carried out in line with the law and are made securely.
We rely on multiple legal bases to lawfully transfer personal data around the world. These include your consent, the EU-US and Swiss-US Privacy Shield, and EU Commission approved model contractual clauses, which require certain privacy and security protections. You may obtain copies of the model contractual clauses by contacting us.
12. Privacy Compliance
Making a complaint
If you are unhappy with how your information has been handled by Caxino, the first thing you can do is raise this with our Support team at [email protected] to try and resolve it.
If you are unable to resolve your complaint with the Support team, the next step is for you to make a complaint to our Data Protection Officer (DPO). You can do this by sending an email to [email protected] and detailing:
- Your name
- Your contact details
- Your registered email address
- Full details of the complaint that you have
The DPO will then look into your complaint and investigate whether your information has been handled appropriately and in line with this privacy notice, our legal obligations, and our internal policies and procedures. The DPO will then contact you regarding the outcome of the investigation and any steps that have been taken as a result.
If, after raising your complaint with the DPO you are unhappy with the resolution to your complaint, you can make a complaint to our lead supervisory authority, the Maltese Data Protection Commissioner:
Office of the Information and Data Protection Commissioner
Level 2, Airways House, High Street
Sliema, SLM 1549, Malta
Phone: (+356) 2328 7100
Email: [email protected]
Translations of this Privacy Notice
We have translated our privacy notice from English into the official languages of the countries that we provide our services to. We have done this to ensure that all of our customers are clear about how Caxino uses personal information.
If there are any conflicts or inconsistencies between the translated versions of this privacy notice, the English version will prevail.
Changes to this Policy
We will notify you before we make material changes to this policy, and give you an opportunity to review the revised policy before deciding if you would like to continue to use the Services.