| Terms & Conditions | Betting and sporting rules | Privacy Policy | Betting terms Tote |
|
Privacy policy Contents 1 Privacy policy 2 Controller within the meaning of Art. 4 (7) GDPR 3 Provision of the website and creation of log files 4 Special functions of the website 4.1 Contact form/Chat 4.2 Login area 5 Further identity and compliance checks 5.1 SCHUFA 5.2 insic 5.3 Tolerant 5.4 Immediately Ident 5.5 IDENTT 5.6 Sports radar 5.7 OASIS 5.8 LUGAS 5.9 yes 6 Credit and security checks 6.1 finAPI 6.2 Schufa G 7 Payment service provider 8 Statistical analysis of visits to this website - web tracker 9 Integration of external web services and processing of data within the EU 10 Integration of external web services and processing of data outside the EU 11 Information on the use of cookies 11.1 Performance cookies 11.2 Marketing cookies 11.3 Strictly necessary cookies 11.4 List of all cookies used 12 Data security and data protection, communication by e-mail 13 Contact and address of the data protection officer 14 Legitimate interests in the processing pursued by the controller or a third party 15 Use of service providers 16 Right of appeal 17 Right to data portability 18 Data storage 19 Right to information 20 Right to rectification 21 Right to restriction of processing 22 Right to erasure 22.1 Obligation to delete 22.2 Information to third parties 22.3 Exceptions 23 Right to information 24 Right to data portability 25 Right of objection 26 Right to revoke the declaration of consent under data protection law 27 Automated decision in individual cases including profiling 1 Privacy policy Thank you for visiting our website www.onextwo.de and for your interest in our company. The protection of your personal data is important to us. Personal data is information about the personal or material circumstances of an identified or identifiable natural person. This includes, for example, the civil name, address, telephone number and date of birth, but also all other data that can be related to an identifiable person. As personal data enjoys special legal protection, we only collect it insofar as this is necessary for the provision of our website and the provision of our services. Below we explain what personal information we collect during your visit to our website and how we use it. If you have given us your express consent to do so, your personal data will be stored beyond the processing of the contract and used for personal information about our products or campaigns as well as for internal evaluations and analyses. Our data protection practices comply with all relevant legal regulations, in particular those of the EU General Data Protection Regulation (GDPR). We will only collect, process and store your personal data insofar as this is necessary for the functional provision of this website and our content and services, as well as for processing inquiries and fulfilling contracts in accordance with Art. 6 para. 1 lit. b) GDPR and to ensure "Further identity and compliance checks" in accordance with Art. 6 para. 1 lit. c) GDPR, or insofar as there is a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR or other grounds for permission in accordance with Art. 6 para. 1 lit. a) GDPR. If you have given your consent separately, your data will also be used for further purposes precisely defined in the consent. The personal data of the data subject will be deleted or anonymized as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be anonymized or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract. Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties. We use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. For example, the controller uses a roles and rights concept according to which only designated departments within the controller may access and process your personal data - such as support, the billing and payment department or the compliance department. The computer/server on which the controller (or its processors) store your personal data is located in a secure environment with restricted access. The controller has invested heavily in server, database, data backup, firewall and encryption technologies to protect the data collected and processed. These technologies are installed as part of the state-of-the-art security architecture. In addition, security measures are continuously improved in line with technological developments. Personal data is processed until the purpose of collection or - in the case of further processing - the purpose of further processing has been fully achieved. Once the purpose has been fully achieved, the data is deleted. The controller also has a review and erasure concept that ensures the regular review of erasure obligations. 2 Controller within the meaning of Art. 4 (7) GDPR The controller within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is IBA Entertainment Ltd. OneOneO Block A Ix-Xatt Sliema, SLM 1020 Malta E-mail: datenschutz@onextwo.com 3 Provision of the website and creation of log files Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected: Scope of data processing (1) Information about the browser type and version used (2) The operating system of the retrieval device (3) The IP address of the retrieval device (4) Date and time of access (5) Websites and resources (images, files, other page content) accessed on our website. (6) Websites from which the user‘s system reached our website (referrer tracking) Legal basis for the processing of personal data Art. 6 para. 1 lit. f) GDPR (legitimate interest). Our legitimate interest is to ensure the achievement of the purpose described below. Purpose of data processing Logging is carried out to maintain the compatibility of our website for as many visitors as possible and to combat misuse and troubleshooting. For this purpose, it is necessary to log the technical data of the accessing computer in order to be able to react as early as possible to display errors, attacks on our IT systems and/or errors in the functionality of our website. We also use the data to optimize the website and to generally ensure the security of our IT systems. Duration of storage The aforementioned technical data will be deleted as soon as they are no longer required to ensure the compatibility of the website for all visitors, but no later than 3 months after accessing our website Possibility of objection and removal The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object. 4 Special functions of the website Our website offers you various functions that collect, process and store personal data when you use them. Below we explain what happens to this data: 4.1 Contact form/Chat Scope of the processing of personal data The data you enter in our contact form or chat. Legal basis for the processing of personal data Art. 6 para. 1 lit. a) GDPR (consent). If you use the contact form or the chat, we assume that you are interested in contacting us and exchanging information. Purpose of data processing We will use the data collected via our contact form or chat to process the specific information request. Duration of storage If it is no longer required for the further fulfillment of the contract or provision of services or if there are statutory retention obligations, the data collected will be deleted after the information request has been processed. Possibility of objection and removal The objection and removal options are based on the general regulations on the right to object and the right to erasure under data protection law described below in this privacy policy. 4.2 Login area Scope of the processing of personal data The registration and login data you have entered with us and the data you have uploaded or transmitted. We collect the following personal data: Data that must be collected from the customer for the registration process in order to create the profile, such as 1. Name 2. Address 3. Date of birth 4. E-mail address 5. Landline number, cell phone number 6. Copy of the identity card 7. additional information from third parties such as Oasis lock. Legal basis for the processing of personal data The majority of data processing is based on Art. 6 para. 1 lit. a) GDPR (consent). This is necessary for the provision of our services. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, such as paper-based customer applications in betting agencies or registration on our website. We are also subject to legal obligations that require the processing of personal data, such as for the fulfillment of licensing obligations, money laundering prevention, responsible gambling prevention, tax obligations and others, so the processing is based on Art. 6 para. 1 lit. c) GDPR. If the processing of personal data is necessary in order to protect the vital interests of the data subject or another natural person (this would be the case, for example, if a visitor to our betting shops were injured and their known relevant data had to be passed on to a first aider, emergency doctor or similar), then the processing is based on Art. 6 (1) (d) GDPR. Processing operations that are not covered by any of the aforementioned legal bases but are necessary for the performance of business activities in the interests of the well-being of all our employees and our owners and for the provision of our services are based on Art. 6 para. 1 lit. f) GDPR, unless your overriding interests worthy of protection and your fundamental rights and freedoms conflict with this. Purpose of data processing You have the option of using a separate login area on our website. If you have forgotten your password or user name for this area, it is possible to have this data sent to you again after entering your contact details (e-mail address). We only collect, store and process the usage data generated in the course of using the login area for the purposes of fulfilling the contract, complying with regulatory requirements, combating misuse, comparing blocked files and troubleshooting or maintaining functionality. It is not used for any other purposes. Duration of storage The data collected as part of the ‘Forgot user name or password’ function will only be used to resend forgotten access data. Possibility of objection and removal The objection and removal options are based on the general regulations on the right to object and the right to erasure under data protection law described below in this privacy policy. We would like to inform you that the provision of personal data is partly required by law (e.g. license and tax regulations) and also results from contractual regulations. In order to conclude a contract (sports betting account with onextwo), it is necessary for you to provide us with personal data, which must subsequently be processed by us. Failure to provide your data means that the contract (the sports betting account) cannot be concluded with you. 5 Further identity and compliance checks 5.1 SCHUFA SCHUFA processes the following data to verify the identity of natural persons: First name, last name, date of birth, address. Please note that this is not a credit check, but merely an identity verification. Purpose of data processing IBA Entertainment Ltd. transmits the personal data described above concerning the application, execution and termination of this business relationship to SCHUFA Holding AG Kormoranweg 5 65201 Wiesbaden Legal basis for the processing of personal data The identity check is mandatory for the fulfillment of regulatory requirements and is therefore primarily based on Art. 6 para. 1 lit. c) GDPR (fulfillment of legal obligation) and Art. 6 para. 1 lit. a) GDPR (consent). furthermore, the legal bases of these transfers may be: Article 6(1)(b) and Article 6(1)(f) of the General Data Protection Regulation (GDPR). Transfers on the basis of Article 6(1)(f) GDPR may only take place insofar as this is necessary to safeguard the legitimate interests of IBA Entertainment Ltd. or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. The data exchange with SCHUFA also serves the fulfillment of legal obligations to carry out identity checks of customers § 4 para. 5 no. 1 State Treaty on Gambling and other license and regulatory requirements. Further information on SCHUFA‘s activities can be found in the SCHUFA information sheet in accordance with Art. 14 GDPR or online at www.schufa.de/datenschutz. SCHUFA only stores information about individuals for a certain period of time. The storage periods are set out in detail in a Code of Conduct of the association "Die Wirtschaftsauskunfteien e. V." (available at www.schufa.de/loeschfristen). Information about inquiries is deleted after 12 months to the day. 5.2 insic "Data transmission to insic" for identity verification as part of the mandatory KYC check. Purpose of data processing IBA Entertainment Ltd. transmits personal data collected within the scope of this contractual relationship for the sole purpose of personal identification regarding the application, execution and termination of this business relationship to insic GmbH Brookweg 6a D-22941 Jersbek Legal basis for the processing of personal data Identity verification is mandatory for the fulfillment of regulatory requirements and is therefore primarily based on Art. 6 para. 1 lit. a) GDPR (consent). Furthermore, the legal basis for these transfers may be Article 6(1)(b) and Article 6(1)(f) of the General Data Protection Regulation (GDPR). Transfers on the basis of Article 6(1)(f) GDPR may only take place insofar as this is necessary to safeguard the legitimate interests of IBA Entertainment Ltd. or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. The data exchange with insic also serves the fulfillment of legal obligations to carry out identity checks of customers § 4 para. 5 no. 1 State Treaty on Gambling and other license and regulatory requirements. Further information on insic‘s activities can be found online at www.insic.shop. 5.3 Tolerant "Data transfer to Tolerant" for comparison with lists of sanctioned and politically exposed persons. Purpose of data processing In order to identify sanctioned and politically exposed persons within the scope of this contractual relationship, IBA Entertainment Ltd. transmits the personal data collected on the application, execution and termination of this business relationship to the TOLERANT Software GmbH & Co KG Büchsenstr. 26 70174 Stuttgart Legal basis for the processing of personal data The identification of sanctioned and politically exposed persons is mandatory for the fulfillment of regulatory requirements and is therefore primarily based on Art. 6 para. 1 lit. a) GDPR (consent). Furthermore, the legal basis for these transfers may be Article 6(1)(b) and Article 6(1)(f) of the General Data Protection Regulation (GDPR). Transfers on the basis of Article 6(1)(f) GDPR may only take place insofar as this is necessary to safeguard the legitimate interests of IBA Entertainment Ltd. or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. The data exchange with Tolerant also serves the fulfillment of legal obligations to carry out identity checks of customers § 4 para. 5 no. 1 State Treaty on Gambling and other license and regulatory requirements. Further information on Tolerant‘s activities can be found online at https://www.tolerant-software.de/firma/datenschutz/. 5.4 Immediately Ident "Data transmission to Sofort" for identity verification as part of the mandatory KYC check. Purpose of data processing IBA Entertainment Ltd. transmits personal data collected within the scope of this contractual relationship for the sole purpose of personal identification regarding the application, execution and termination of this business relationship to Sofort GmbH Theresienhöhe 12 80339 Munich Legal basis for the processing of personal data Identity verification is mandatory for the fulfillment of regulatory requirements and is therefore primarily based on Art. 6 para. 1 lit. a) GDPR (consent). Furthermore, the legal basis for these transfers may be Article 6(1)(b) and Article 6(1)(f) of the General Data Protection Regulation (GDPR). Transfers on the basis of Article 6(1)(f) GDPR may only take place insofar as this is necessary to safeguard the legitimate interests of IBA Entertainment Ltd. or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. The data exchange with Sofort also serves the fulfillment of legal obligations to carry out identity checks of customers § 4 para. 5 no. 1 State Treaty on Gambling and other license and regulatory requirements. Further information on Sofort‘s activities can be found online at https://www.sofort.com/payment/wizard/getCmsContent/agecheck_data_protection/DE/0/de. 5.5 IDENTT "Data transmission to IDENTT" for identity verification as part of the mandatory KYC check. Purpose of data processing IBA Entertainment Ltd. transmits personal data collected within the scope of this contractual relationship for the sole purpose of personal identification regarding the application, execution and termination of this business relationship to IDENTT GmbH Verification Systems Arndtstr. 16 22085 Hamburg Deutschland Legal basis for the processing of personal data Identity verification is mandatory for the fulfillment of regulatory requirements and is therefore primarily based on Art. 6 para. 1 lit. a) GDPR (consent). Furthermore, the legal basis for these transfers may be Article 6(1)(b) and Article 6(1)(f) of the General Data Protection Regulation (GDPR). Transfers on the basis of Article 6(1)(f) GDPR may only take place insofar as this is necessary to safeguard the legitimate interests of IBA Entertainment Ltd. or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. The data exchange with ID now also serves the fulfillment of legal obligations to carry out identity checks of customers § 4 para. 5 no. 1 State Treaty on Gambling and other license and regulatory requirements. Further information on Sofort‘s activities can be found online at https://www.identt.com/de/datenschutzerklarung-dsgvo/. 5.6 Sports radar Purpose of data processing We are actively committed to the integrity of sport and against match-fixing. We cooperate with various organizations and early detection systems to investigate betting manipulation. In the event of suspected manipulation, we are entitled to transmit the necessary data to the following organizations, among others: Sportradar AG Feldlistrasse 2 CH-9000 St. Gallen, Switzerland Legal basis for the processing of personal data The transfer takes place on the basis of consent in accordance with Art. 6 para. 1 lit. a) GDPR. Insofar as further contractual requirements make this necessary, the transfer takes place on the basis of Art. 6 para. 1 f) GDPR. Transfers on the basis of Article 6(1)(f) GDPR may only take place insofar as this is necessary to safeguard the legitimate interests of IBA Entertainment Ltd. or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. The data exchange with Sportradar also serves the fulfillment of legal obligations to carry out identity checks of customers § 4 para. 5 no. 1 State Treaty on Gambling and other license and regulatory requirements. Further information on the activities of Sportradar can be found online at https://www.sportradar.com/about-us/privacy/. 5.7 OASIS To the extent required by law or the applicable license conditions, IBA Entertainment Ltd. may carry out checks against the player blocking system of the Darmstadt Regional Council ("OASIS"). The checks are carried out to determine whether a player is included in the list of banned players. As part of the check, the betting operator must provide the player‘s first name, surname and date of birth. In the case of an entry in the OASIS player suspension system, in addition to the player‘s first and last names and date of birth, the home address and the reason for the suspension are also provided. Your name, date of birth, current address and place of birth will be transmitted to the operator of the OASIS blocking system for comparison with the OASIS database of the competent gambling supervisory authority. As part of the transfer, a check is made to see whether you are listed as a blocked person in the blocking system. The operator of the cross-border blocking system is the Darmstadt Regional Council, Wilhelminenstraße 1-3, 64283 Darmstadt, pursuant to Section 23 (1) sentence 1 in conjunction with Section 8 (1) GlüStV. § Section 8 (1) GlüStV. All information provided and queries made are logged accordingly by the operator of the blocking system. Further information on the OASIS blocking system can be found at https://rp-darmstadt.hessen.de/spielersperrsystem-oasis. The OASIS survey is carried out on three occasions: -Registration of the customer account -With every login -Before sending advertising and promotions The legal basis for the transfer is Art. 6 (1) (a), (b) and (c) GDPR. The transfer of data prior to participation in the game is necessary to fulfill legal obligations for player protection in accordance with Section 8 (1) and (2) GlüStV. 5.8 LUGAS Due to regulatory requirements, we are obliged to transmit information about you and your gambling activities to the cross-state gambling evaluation system "LUGAS". The LUGAS gambling evaluation system is operated by the state of Saxony-Anhalt, represented by the Saxony-Anhalt State Administration Office, Department 208, Ernst-Kamieth-Straße 2 in 06112 Halle (Saale), under its own responsibility under data protection law. LUGAS consists of a file for monitoring the cross-provider deposit limit and a file for preventing parallel gambling with several gambling providers. The central files consist of a file for monitoring the cross-provider deposit limit (limit file) and a file for preventing parallel gaming with several gaming providers (activity file). The purpose of the limit file is to enable compliance with a deposit limit set by a player across all providers. If you have not already set an individual cross-provider deposit limit, you will be given the opportunity to set such a monthly deposit limit of up to EUR 1,000.00 during the registration and verification process. The deposit limit you set and the amounts deposited via the website during a calendar month must be transferred to the limit file together with the following personal data in accordance with Section 6c GlüStV 2021: 1. surnames, first names, maiden names 2nd date of birth 3rd place of birth 4. Address 5. provider-related identification of the player (player ID) 6. amount of the cross-provider deposit limit set by the player 7. date on which the limit was set 8. amount and date of the deposits made and 9. total amount of payments made. The legal basis for the transfer to and the collection of information from the limit file is Art. 6 para. 1 lit. c) GDPR in conjunction with Section 6c GlüStV 2021. § Since a gaming contract with you may only be executed if the transmissions have taken place, there is also a justification under Art. 6 para. b) GDPR. The GlüStV 2021 also aims to prevent simultaneous gambling with several gambling providers on the internet. The so-called activity file (Section 6h GlüStV) serves this purpose. As soon as you as a player wish to start a gaming activity, the responsible party is obliged to set you to "active" in the activity file. If you have already been set to "active" by another gambling provider at this time, this will be reported back and it will not be possible to start playing for as long as the other provider continues to set you to "active". If you have not yet been set to active, this will also be reported back and you can start playing. According to Section 6h (2) GlüStV 2021, the following information must be transmitted to the activity file: 1. surnames, first names, maiden names 2nd date of birth 3rd place of birth 4. Address 5. information on whether the player is active 6. provider-related identification of the player (player ID) The information that you are active as a player will be removed five minutes after the activity file has been notified that you are no longer active. This can happen either at your request or if more than 30 minutes have passed since your last entry on the website of the respective gambling offer. The legal basis for the transfer to and collection of information from the activity file is Art. 6 para. 1 lit. c) GDPR in conjunction with Section 6h GlüStV 2021. § Since a gaming contract with you may only be executed if the transmissions have taken place, there is also a justification under Art. 6 para. b) GDPR. 5.9 yes "Data transmission to the yes" for identity verification as part of the prescribed KYC check. Purpose of data processing IBA Entertainment Ltd. transmits personal data collected within the scope of this contractual relationship for the sole purpose of personal identification regarding the application, execution and termination of this business relationship to yes.com AG Hafenstrasse 2 8853 Lachen, Switzerland Legal basis for the processing of personal data Identity verification is mandatory for the fulfillment of regulatory requirements and is therefore primarily based on Art. 6 para. 1 lit. a) GDPR (consent). Furthermore, the legal basis for these transfers may be Article 6(1)(b) and Article 6(1)(f) of the General Data Protection Regulation (GDPR). Transfers on the basis of Article 6(1)(f) GDPR may only take place insofar as this is necessary to safeguard the legitimate interests of IBA Entertainment Ltd. or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. The data exchange with insic also serves the fulfillment of legal obligations to carry out identity checks of customers § 4 para. 5 no. 1 State Treaty on Gambling and other license and regulatory requirements. Further information on insic‘s activities can be found online at https://www.yes.com/datenschutz. 6 Credit and security checks 6.1 finAPI "Data transmission to finAPI" to determine creditworthiness as part of a limit increase requested by the customer. This includes information such as the purpose of use, the account holder, the IBAN of the account holder and the amount. Purpose of data processing IBA Entertainment Ltd. transmits personal data collected within the scope of this contractual relationship for the purpose of determining creditworthiness information about the application, execution and termination of this business relationship to finAPI GmbH Adams-Lehmann-Str. 44 80797 Munich Legal basis for the processing of personal data The transfer takes place on the basis of consent in accordance with Art. 6 para. 1 lit. a) GDPR. Insofar as further contractual requirements make this necessary, the transfer takes place on the basis of Art. 6 para. 1 lit. b) and f) GDPR. Transfers on the basis of Article 6(1)(f) GDPR may only take place insofar as this is necessary to safeguard the legitimate interests of IBA Entertainment Ltd. or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. The data exchange with finAPI also serves the fulfillment of legal obligations to carry out identity checks of customers § 4 para. 5 no. 1 State Treaty on Gambling and other licensing and regulatory requirements. Further information on finAPI‘s activities can be found online at https://www.finapi.io/datenschutz/. 6.2 Schufa G The exchange of data with SCHUFA serves in particular to fulfill legal obligations for player protection and to check the economic performance of gambling, especially in the context of an intended limit increase. Schufa provides gambling information for the automated verification of financial standing in accordance with the provisions of the GlüStV. In order to determine the player, SCHUFA requires the user‘s personal master data: first name, surname, date of birth and address SCHUFA only stores information about individuals for a certain period of time. The storage periods are set out in detail in a Code of Conduct of the association "Die Wirtschaftsauskunfteien e. V." (available at www.schufa.de/loeschfristen). Information about inquiries is deleted after 12 months to the day. Only user registration data that has been verified in advance by means of a Schufa identity check or an ID check is used for the SCHUFA credit check. SCHUFA then transmits a so-called G report including a score to the gambling platform. If the user has a sufficiently high score, they will be granted an increase in the betting limit. If the query returns a score with negative characteristics, no limit increase to more than 1,000 euros is possible. Purpose of data processing IBA Entertainment Ltd. transmits personal data collected within the scope of this contractual relationship for the purpose of determining creditworthiness information about the application, execution and termination of this business relationship to SCHUFA Holding AG Kormoranweg 5 65201 Wiesbaden Legal basis for the processing of personal data The transfer takes place on the basis of consent in accordance with Art. 6 para. 1 lit. a) GDPR. Insofar as further contractual requirements make this necessary, the transfer is carried out on the basis of Art. 6 para. 1 lit. b) and f) GDPR. Transfers on the basis of Article 6(1)(f) GDPR may only take place insofar as this is necessary to safeguard the legitimate interests of IBA Entertainment Ltd. or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. The data exchange with SCHUFA also serves the fulfillment of legal obligations to carry out identity checks of customers § 4 para. 5 no. 1 State Treaty on Gambling and other license and regulatory requirements. Further information on SCHUFA‘s activities can be found in the SCHUFA information sheet in accordance with Art. 14 GDPR or online at https://www.schufa.de/global/datenschutz-dsgvo/eingesehen. 7 Payment service provider Several payment service providers are used for the financial transactions. For payment transactions, your data will be processed by IBA Entertainment Ltd. and the payment provider. The payment providers used act independently in data processing - as an autonomous body. The transaction data, which may include verification data about your identity, is also stored in the payment service providers‘ systems. The following payment service providers are used: • Trustly Trustly Malta Ltd Tagliaferro Business Center High Street c/w Gaeity Lane Sliema, Malta • PayPal Paypal (Europe) S.a.r.l. et Cie S.C.A. ("Paypal") 22-24 Boulevard Royal L-2449 Luxembourg • Skrill Skrill Limited 25 Canada Square London E14 5LQ, United Kingdom Purpose of data processing IBA Entertainment Ltd. uses the payment providers for the processing of payment transactions. Legal basis for the processing of personal data Data processing is based on Art. 6 para. 1 lit. a) GDPR (consent). The payment providers may pass on your data to third parties if this is necessary to fulfill the contract. The applicable data protection regulations can be viewed here: Trustly https://www.trustly.net/de-DE/uber-uns/privacy-policy PayPal https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE Skrill https://www.skrill.com/de/fusszeile/datenschutzbestimmungen 8 Statistical analysis of visits to this website - web tracker If you have expressly consented to the use of Google Analytics, this website uses functions of the web analysis service Google Analytics. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA We collect, process and store the following data when this website or individual files on the website are accessed: IP address or parts thereof, website from which the file was retrieved, name of the file, date and time of retrieval, amount of data transferred and notification of the success of the retrieval (so-called web log). This data collection is intended by us to ensure that as little personal data as possible is collected or processed. The focus of the processing is on improving the website and identifying problems. We use anonymized web trackers to evaluate visits to this website. We use cookies to analyze visits to this website: Google Analytics and Tag Manager (anonymized). Scope of the processing of personal data Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can find more information on how Google Analytics handles user data in Google‘s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de. We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics. Legal basis for the processing of personal data Art. 6 para. 1 lit. a) GDPR (consent), either in the context of registration with Google (opening a Google account and accepting the data protection information implemented there) or, if you have not registered with Google, by explicit consent when opening our site. Purpose of data processing Google will use this information on our behalf to evaluate your visit to this website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google LLC data. Duration of storage Google will store the data relevant for the provision of web tracking for as long as it is necessary to fulfill the booked web service. Data collection and storage is anonymized. If there is any personal reference, the data will be deleted immediately, provided that it is not subject to any statutory retention obligations. In any case, the deletion takes place after expiry of the retention obligation. Possibility of objection and removal You can prevent the collection and forwarding of personal data to Google (in particular your IP address) and the processing of this data by Google by deactivating the execution of script code in your browser, installing a script blocker in your browser (you can find this e.g. at www.noscript.net or www.ghostery.com) or activating the "Do Not Track" setting in your browser. You can also prevent the collection of data generated by the Google cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de). You can find Google‘s security and data protection principles at https://policies.google.com/privacy?hl=de. Hotjar (anonymized) On our website, we use a web tracking service provided by the company Hotjar Ltd (hereinafter: Hotjar) 20 Bisazza Street 1640 Sliema, Malta Hotjar uses cookies as part of web tracking, which are stored on your computer and which enable an analysis of the use of our website and your surfing behavior (so-called tracking). We carry out this analysis on the basis of Hotjar‘s tracking service in order to constantly optimize our website and make it more accessible. When you use our website, data, in particular your IP address and your user activities, are transmitted to Hotjar‘s servers and processed and stored within the European Union. The legal basis for data processing is Art. 6 para. 1 lit. a GDPR. The data will be deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transferred data can be found in Hotjar‘s privacy policy: https://www.hotjar.com/privacy. You can prevent the collection and forwarding of personal data (in particular your IP address) and the processing of this data by deactivating the execution of script code in your browser, installing a script blocker in your browser (you can find this at www.noscript.net or www.ghostery.com, for example) or activating the "Do Not Track" setting in your browser. Facebook Analytics is used to optimize advertisements on Facebook. The IP address is transmitted. Sets cookies for user identification. Facebook‘s compliance with data protection is explained in detail on the following page: https://de-de.facebook.com/business/gdpr. Bing Ads is used to optimize advertisements on Bing.com. The IP address is transmitted. Sets cookies for user identification. Compliance with data protection is explained in detail by Microsoft on the following page https://advertise.bingads.microsoft.com/de-de/ressourcen/Richtlinien/richtlinien-zur-datensicherheit-und-datnschutzerklaerung. Bannerflow Information is used to make IBA Entertainment Ltd. and its partners more relevant in their marketing, e.g. to display personalized, more appropriate banners based on a user‘s behavior on the website. Information about the user‘s surfing is recorded, e.g. pages visited or products viewed. You can access further information about Bannerflow cookies and how to opt out at: https://www.bannerflow.com/cookies Income Access IBA Entertainment Ltd. uses cookies by means of Income Access Tracking Software in order to be able to trace the origin of the conclusion of the contract. Among other things, IBA Entertainment Ltd. can recognize that visitors have clicked on the partner link to an affiliate website and subsequently concluded a contract with IBA Entertainment Ltd. Compliance with data protection is explained in detail by Income Access on the following page: https://incomeaccess.com/privacy-policy/. Retention period: 30 days Zendesk We use the Zendesk ticket system to process customer inquiries Zendesk Inc. 989 Market Street, San Francisco California 94103 For this purpose, necessary data (e.g. surname, first name, postal address, telephone number, e-mail address) is collected via our data in order to be able to respond to your request for information. Further information on data processing by Zendesk can be found in Zendesk‘s privacy policy at http://www.zendesk.com/company/privacy. If you have any questions, you can also contact Zendesk‘s data protection officer directly: privacy@zendesk.com. We have concluded a contract data processing agreement with Zendesk and fully implement the strict requirements of the German data protection authorities when using Zendesk. The legal basis for processing with Zendesk is Art. 6 para. 1 lit. a) if you have given your consent, Art. 6 para. 1 lit. b) if the processing of your request is for the preparation or execution of a contractual relationship and Art. 6 para. 1 lit. f) if there is no contractual relationship, whereby our legitimate interest in this case is to answer your request and to manage and communicate with customers as efficiently as possible. If a corresponding consent has been requested, the consent can be revoked at any time. AppsFlyer AppsFlyer provides attribution and marketing analytics services that enable advertisers and developers to measure and analyze the effectiveness of their marketing campaigns by understanding which marketing campaigns contributed to the download/install of their mobile applications or other conversion metric; and to measure and analyze certain events and actions within their application or websites, such as in-app purchases made by end users.AppsFlyer also helps us to detect and protect against abusive behavior in connection with our marketing campaigns. Further information on data processing by Appsflyer can be found in Appsflyer‘s privacy policy at https://www.appsflyer.com/privacy-policy/. AppsFlyer Inc. 100 First Street, Suite 2500 San Francisco, California 94105, USA Fastly A web service from Content Delivery Network ("CDN") is loaded on our website. We use this data to ensure the full functionality of our website. The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in the error-free functioning of the website. Further information about Fastly‘s activities can be found online at https://www.fastly.com/de/privacy/ Fastly Inc. (hereinafter: Fastly) 475 Brannan St. #300 San Francisco, CA 94107, USA 9 Integration of external web services and processing of data within the EU When you visit our website and/or use our service, your personal data will be transmitted by us to Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg, and processed by them. You can find more information on the handling of user data at AWS in the privacy policy of Amazon Web Services EMEA SARL at https://aws.amazon.com/de/compliance/germany-data-protection/ We have concluded a contract with Amazon Web Services EMEA SARL for commissioned data processing and fully implement the strict requirements of the data protection authorities when using the AWS service. The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if consent has been given. The data will be deleted as soon as it is no longer required for the purpose for which it was collected. You have the option to withdraw your consent to the processing of personal data at any time. In such a case, you may not be able to use our service. 10 Integration of external web services and processing of data outside the EU We store your information within the EEA. Your data may be transferred about you internationally (if your data was collected in the European Economic Area, this means that your data may be transferred outside this economic area). If your personal information is transferred to a country or territory outside the European Economic Area, and if this is a country that has not been subject to an adequate decision by the EU Commission, We will take the necessary steps to ensure the security of your information. For example, using the Binding Corporate Rules (BCR), data protection agreements within the Group, standard contractual clauses approved by the EU Commission or confirmation that third-party providers have an internationally recognized data protection certificate. On our website, we use active Java Script content from external providers, so-called web services. By accessing our website, these external providers may receive personal information about your visit to our website. This may result in data being processed outside the EU. You can prevent this by installing a JavaScript blocker such as the browser plug-in ‘NoScript’ (www.noscript.net) or deactivating JavaScript in your browser. This can lead to functional restrictions on websites that you visit. 11 Information on the use of cookies Scope of the processing of personal data We use so-called cookies on our website. Cookies are small files with configuration information that are sent from our web servers to your browser and stored on your computer when you visit our website. With the help of cookies, our website can retrieve or store information from your browser. They are mostly used to ensure that the website functions properly. Legal basis for the processing of personal data Art. 6 para. 1 lit. f) GDPR (legitimate interest). Our legitimate interest lies in maintaining the full functionality of our website, improving usability and enabling a more personalized customer approach. We are only able to identify individual website visitors with the help of cookie technology if the website visitor has previously provided us with corresponding personal data on the basis of a separate consent. Session cookies We use so-called session cookies (temporary cookies) on our website. Session cookies are only stored for the duration of your use of our website. Session cookies are used to identify you as long as you are logged in to our website. Session cookies are deleted at the end of the session. Session cookies are not used for any other purpose. These session cookies are used on the basis of Art. 6 para. 1 lit. a) GDPR. Without the use of these cookies, it is not technically possible for you to access and use the website. Persistent cookies We also use other cookies on our website that enable us to recognize your browser on your next visit. These cookies are automatically deleted after a specified period, which may vary depending on the cookie. The cookies remain stored on your end device until the validity period of the cookies has expired or you delete them. We use the following categories of cookies: 11.1 Performance cookies These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us answer questions about which pages are most popular, which are least used and how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our website. 11.2 Marketing cookies These cookies may be set through our website by our advertising partners. They may be used by these companies to build a profile of your interests and show you relevant ads on other websites. They do not directly store personal data, but are based on a unique identification of your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. We only use advertising cookies with your express consent. Third-party cookies (third-party cookies): Some of the performance and advertising cookies used on our website are so-called third-party cookies. These are cookies from third-party providers/service providers whose tools we use on our website. These include, for example, cookies used by the providers of the tracking and analysis tools we use. You can find more information on third-party cookies in our privacy policy on web tracking. 11.3 Strictly necessary cookies These cookies are necessary for the website to function and cannot be deactivated in your systems. As a rule, these cookies are only set in response to actions you take that correspond to a service request, such as setting your privacy preferences, logging in or filling out forms. You can set your browser to block these cookies or to notify you about these cookies. However, some areas of the website will then not work. These cookies do not store any personal data. Deactivation of the cookie settings: Deactivation is possible via the browser or via our Data Protection Preference Center. • Browser You can object to the generation of cookies by deactivating cookies in the system settings of your browser. Please note that some of the cookies are absolutely necessary for our website to function, otherwise the page cannot be accessed and displayed. You can also control the installation of cookies yourself at any time by changing your browser settings and/or deleting all cookies. IBA Entertainment Ltd. has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested by clicking a button, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be revoked at any time. • Data Protection Preference Center In our Privacy Preference Center you will find a list of all cookies used on this website, their function and their respective storage duration. You can consent to the use of cookies via the settings in the Privacy Preference Center. 11.4 List of all cookies used Cookie list A cookie is a small piece of data (text file) that your browser stores on your device at the instruction of a website you visit in order to "remember" information about you, such as your language settings or login information. These cookies are set by us and are known as first-party cookies. We also use third-party cookies, which come from a different domain to the website you are visiting. We use these cookies to support our advertising and marketing efforts. Performance cookies These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us answer questions about which pages are most popular, which are least used and how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our website. Cookies used MUID (Persistent) ANONCHK (Persistent) SM (Session) _ga (Persistent) _hjUserAttributesHash (Session) _hjSessionTooLarge (Session) _clck (Persistent) _hjLocalStorageTest (Session) _gid (Persistent) _hjid (Persistent) _hjIncludedInSessionSample (Persistent) _hjFirstSeen (Session) _hjCachedUserAttributes (Session) _hjSessionResumed (Session) _hjSession_2672017 (Persistent) _gclxxxx (Persistent) _hjSessionUser_2672017 (Persistent) _hjSessionRejected (Session) _hjViewportId (Session) _hjAbsoluteSessionInProgress(Persistent) _uetvid (Persistent) _clsk (Persistent) _gat_UA- (Persistent) _hjIncludedInPageviewSample(Persistent) Cookie subgroup Cookies Period of validity clarity.ms MUID (Persistent) ANONCHK (Persistent) SM (Session) 0 days 0 days 0 days onextwo.de _ga (Persistent) _hjUserAttributesHash (Session) _hjSessionTooLarge (Session) _clck (Persistent) _hjLocalStorageTest (Session) _gid (Persistent) _hjid (Persistent) _hjIncludedInSessionSample (Persistent) _hjFirstSeen (Session) _hjCachedUserAttributes (Session) _hjSessionResumed (Session) _hjSession_2672017 (Persistent) _gclxxxx (Persistent) _hjSessionUser_2672017 (Persistent) _hjSessionRejected (Session) _hjViewportId (Session) _hjAbsoluteSessionInProgress(Persistent) _uetvid (Persistent) _clsk (Persistent) _gat_UA- (Persistent) _hjIncludedInPageviewSample(Persistent) 729 days 0 days 0 days 364 days 0 days 0 days 365 days 1 day 0 days 0 days 0 days 1 day 89 days 365 days 0 days 0 days 1 day 389 days 0 days 0 days 0 days Cookies for marketing purposes These cookies may be set through our website by our advertising partners. They may be used by these companies to build a profile of your interests and show you relevant ads on other websites. They do not directly store personal data, but are based on a unique identification of your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Cookies used _fbp (Persistent) MUID (Persistent) _uetvid (Persistent) SRM_B Cookie subgroup Cookies Period of validity onextwo.de _fbp (Persistent) _uetvid (Persistent) 89 days 389 days bing.com MUID (Persistent) 389 days c.bing.com SRM_B 389 days Strictly necessary cookies These cookies are necessary for the website to function and cannot be deactivated in your systems. As a rule, these cookies are only set in response to actions you take that correspond to a service request, such as setting your privacy preferences, logging in or filling out forms. You can set your browser to block these cookies or to notify you about these cookies. However, some areas of the website will then not work. These cookies do not store any personal data. Cookies used OptanonAlertBoxClosed (Persistent) OptanonConsent (Persistent) btagCookieWithAffid (Persistent) Cookie subgroup Cookies Period of validity onextwo.de OptanonAlertBoxClosed (Persistent) OptanonConsent (Persistent) btagCookieWithAffid (Persistent) 365 days 364 days 30 days 12 Data security and data protection, communication by e-mail Your personal data is protected by technical and organizational measures during collection, storage and processing in such a way that it is not accessible to third parties. In the case of unencrypted communication by e-mail, we cannot guarantee complete data security on the transmission path to our IT systems, so we recommend encrypted communication or the postal service for information requiring a high level of confidentiality. 13 Contact and address of the data protection officer Contact with the data protection officer of the controller E-mail: datenschutz@onextwo.com Any data subject can contact our data protection officer directly with any questions or suggestions regarding data protection. 14 Legitimate interests in the processing pursued by the controller or a third party If the processing of personal data is based on Article 6 (f) GDPR, it is based on the legitimate interest in carrying out business activities when weighing up interests in favor of the well-being of all our employees and our owners in terms of providing our services, unless this is opposed by overriding interests worthy of protection or fundamental rights and freedoms. 15 Use of service providers IBA Entertainment Ltd. also uses other external partners in the following categories to provide its services: Bookmakers, support, marketing, data center operation, data storage - cloud, mailing service providers - land-based and electronic mail, newsletter mailing, payment service providers, money laundering prevention, service providers for unique customer identity verification, betting agencies, comparison of regulatory blocking databases. 16 Right of appeal Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR. 17 Right to data portability You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where (1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and (2) the processing is carried out by automated means. In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. 18 Data storage We do not store your personal data for longer than you are our customer and we need it for the respective processing purpose. The data will then be blocked appropriately until it is finally deleted after the statutory retention period has expired. 19 Right to information You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing has taken place, you can request the following information from the controller: (1) the purposes for which the personal data are processed; (2) the categories of personal data that are processed; (3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed; (4) the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the duration of storage; (5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing; (6) the existence of a right of appeal to a supervisory authority; (7) all available information on the origin of the data if the personal data are not collected from the data subject; (8) the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject. You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer. 20 Right to rectification You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay. 21 Right to restriction of processing You may request the restriction of the processing of your personal data under the following conditions: (1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data; (2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; (3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or (4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been established whether the legitimate reasons of the controller override your reasons. If the processing of personal data concerning you has been restricted, such data may only be processed - apart from being stored - with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted. 22 Right to erasure 22.1 Obligation to delete You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: (1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed. (2) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing. (3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR. (4) The personal data concerning you has been processed unlawfully. (5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject. (6) The personal data concerning you were collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR. 22.2 Information to third parties If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) GDPR, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. 22.3 Exceptions The right to erasure does not exist if the processing is necessary (1) to exercise the right to freedom of expression and information; (2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (3) for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR; (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or (5) for the assertion, exercise or defense of legal claims. 23 Right to information If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the controller. 24 Right to data portability You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where (1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and (2) the processing is carried out by automated means. In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. 25 Right of objection You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures using technical specifications. 26 Right to revoke the declaration of consent under data protection law You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 27 Automated decision in individual cases including profiling You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision (1) is necessary for the conclusion or performance of a contract between you and the controller, (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or (3) with your express consent. However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests. In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision. You have a right to free information about your stored data and, if applicable, a right to correction, blocking or deletion or restriction of the processing of your data. Your data will be deleted immediately upon request, unless legal regulations or retention obligations prevent this. You can revoke any permission you have given us at any time. You can send requests for information, deletion and correction of your data and suggestions at any time to the following address: IBA Entertainment Ltd. OneOneO Block A Ix-Xatt Sliema, SLM 1020 Malta Email: service@onextwo.com Datum 01.05.2024 |