Last update: June 2021
Provision of information pursuant to Art 13 of the General Data Protection Regulation (EU) 2016/679 ("GDPR") by E-2 Communications Malta Ltd. ("E2"; "we") regarding the website https://www.bonusdecasasdeapostas.com/ ("Website") and the app ("App") being available for iOS as well as Android.
Subsequently, we inform you in detail to what extent we process your personal data and what rights you have in this regard. The protection of your privacy is of high priority to us. The following declaration is intended to inform you comprehensively on what (personal) data we collect while using our services as well as how we deal with it and which rights you have within this context. Our Data Protection Declaration complies with the General Data Protection Regulation of the European Union ("GDPR") as well as other relevant legal provisions.
Data protection laws are generally relevant in case any processing of personal data is concerned. The terms used within the scope of this Data Protection Declaration are defined in and by the GDPR. As such, the broad definition of "processing" of personal data means any operation or set of operations performed on personal data, such as, but not limited to, recording, organising, storage, alteration, and transfer of personal data. Any information allowing us or third parties – in a review or by additional knowledge – to potentially identify you in person can be considered personal data.
This Data Protection Declaration refers to the mentioned Website, our App as well as data processing activities with respect to our social media presences (see point 3). As far as subsequent explanations solely refer to the Website, they shall apply correspondingly to the App except where expressly stated otherwise.
Our Website is designed as a portal solely providing information and comparisons in regards to sports betting and various bookmakers (providers) within in this sector. Betting contracts are concluded exclusively with the respective providers via their websites which are not related to or operated by E2. E2 has no influence in this regard and is no party to said contracts.
1. Data processing operations
1.1. Processing of access data when visiting our Website/App
Type and extent of data processing: You can visit our Website without providing any personal information. When you access our Website, only certain access data are processed automatically in so-called server log files. In particular, the following data are processed in this context: (i) name of visited website; (ii) browser type/version used; (iii) operating system of the user; (iv) previously visited website (referrer URL); (v) time of the server request; (vi) data volume transferred; (vii) host name of the accessing computer (IP address used in shortened form). This information does not allow us to identify you personally; however, IP addresses are considered personal data within the meaning of the GDPR.
With regard to our App, we also process device-specific information (device ID, operating system, platform) in addition to your IP address. However, use of the App does not require any special permissions that would enable us access to personal information (such as your contact directory).
Legal basis and purpose: The purpose of this data processing operation is to establish and maintain technical security in regards to our Website, improve the Website's quality and generate non-personal statistical information. The processing is based on our legitimate interest (Art 6 para 1 lit f GDPR) in achieving the mentioned purposes.
Storage period: The server log files are, in general, automatically deleted after fourteen (14) days at the latest.
Type and extent of data processing: When contacting us via the contact information provided in the course of this Data Protection Declaration respectively on our Website/in our App, we will use your data as indicated in order to process your contact request and deal with it. The data processing involved is necessary to issue a response in respect of your request, as we would otherwise not be able to contact you.
Legal basis and purpose: Purpose of the data processing is to enable us an exchange with users of the Website. We answer your request on the basis of our legitimate interest (Art 6 para 1 lit f GDPR) in maintaining a properly functioning contact system, which is a prerequisite for the provision of any services. In case of repeated contact requests, we may also store your data for the purpose of cultivating existing/returning contacts, which you will be informed of in accordance with the requirements of data protection law.
Storage period: We delete your requests as well as your contact data if the request has been answered conclusively. Your data are, in general, stored for a period of six (6) months and subsequently erased if we do not receive follow-up requests and if the data must not be further processed for different purposes.
1.3. Push notifications
Type and extent of data processing: In respect of our Website/App, we provide and support the delivery of push notifications in order to directly inform you about relevant information regarding our offered products and services.
When accessing our Website using a browser that supports push notifications, a window will be displayed which asks for your explicit consent that you want to receive such notifications. Furthermore, you have the option to manage your browser's handling of push notifications via your respective browser settings. If you should choose to accept push notifications, the respective provider of your browser will assign an identification key to your device which will then allow us to send you notifications. This requires the processing of your IP address.
After installing the App, receiving push notifications is either automatically activated or you will be asked if you want to activate push notifications, depending on the respective software on your device. Moreover, push notifications can be deactivated for apps individually in the settings of the device, although there may be differences depending on the platform and operating system. Furthermore, you have to consent to receive push notifications in the settings of our App. Without your prior consent, you will not receive any push notifications from us. If you agree to receive push notifications, your device will be registered at a particular service provider depending on your operating system (Google Cloud Messaging Service for Android and Apple Push Notification Service for iOS). Subsequently, your respective provider will assign a registration ID (Android) or a token (iOS) to your device. Such ID or token is stored on your device for future delivery of notifications and consists of a combination of letters and numbers. Additionally, the ID or token is transferred to and stored on our servers for later usage. Thus, when an event occurs to which a push notification shall be sent, the particular notification together with all responding IDs or tokens will be forwarded from our server to the respective service provider. Then, the notification will be forwarded by the respective service provider to your device.
Legal basis and purpose: We process your data for the purpose of delivering the requested information. Furthermore, we process your data for the purpose of the effective marketing of our offer as well as for the purpose of direct promotional communication. In no case will you receive push notifications without your prior consent (Art 6 para 1 lit a GDPR) which we gather from your respective actions described above.
Storage period: In the context of delivering push notifications, only the abovementioned device-specific identifiers are stored by us. We will delete your respective data in case that you withdraw your previously given consent for receiving push-notifications respectively demand erasure. Additionally, we automatically erase your data in case you are inactive for a period of three (3) years (in which you do not interact with our Website or App).
1.4. Data processing for the placement of advertisements
Type and extent of data processing: For the continued operation of our Website/App, it is essential to market advertising opportunities to third parties. To this end, we enable advertisers to display advertisements via our channels that are tailored to the activities of a certain group of users. To implement this process from a technical point of view, we analyse your behaviour when using our Website/App and enrich this information with additional data (e.g. device-specific information) to make the necessary evaluations. We process said information in order to assign you to the relevant user group, which ultimately allows us to display advertisements that are relevant to you and correspond to your interests. For the execution of the processing within the framework of our self-developed adsystem Oddsserve, we engage different service providers.
Namely, we use the following services:
- The tracking tool of Adform A/S (see point 1.6.2).
For the delivery of advertisements, we use adservers of the following service providers:
- Adform A/S, Wildersgade 10B, sal. 1, DK-1408 Copenhagen, Denmark;
- ADITION technologies AG, Oststraße 55, 40211 Düsseldorf, Germany;
- Epom Ltd, Nancy Whiticker House, 7 Old Street, Roseau, Commonwealth of Dominica.
Making use of adservers is necessary for the technical realisation of our business model. An adserver is an automatic advert management system which fulfils functions related to the storage, delivery and the performance measurement of online advertising. Within this context, we process, in particular, your IP address and related geographical information, date and time of your access request, device-specific or browser-specific information as well as data referring to the displayed advertising banners. Clicks on advertisements are subject to performance measurement in order to continuously improve effectiveness and efficiency of the displayed content.
Adform A/S, ADITION technologies AG and Epom Ltd act as our processers in the sense of Art 28 GDPR to the extent they provide services to us. Also, in the course of online marketing, we permanently cooperate with our partner E-Quadrat Communications GmbH (see point 2).
Legal basis and purpose: We process your data for the purpose of realising our business model in the field of online advertising and improving user experience with regard to our online offers by providing efficient and interesting advertisements. The processing is based on our legitimate interest (Art 6 Abs 1 lit f GDPR) in supporting our business activity and financing our Website/App by means of improved effectiveness of advertising measures. As far as we use storage technologies to process your data within this context, the processing is based on your prior consent (see point 1.5).
Storage period: We do not store data collected from you that are used for the placement of advertisements outside of data records which are generated through cookies or other storage technologies. Concrete storage periods are thus outlined in our detailed cookie overview under point 1.5.3.
1.5. (Storage) Technologies utilised
Cookies are small data sets that are stored on your end device. They help us to make our offer more user-friendly. They are placed by a web server and sent back to it as soon as a new connection is established in order to recognise the user and his settings. In this sense, a cookie is a small local text file that assigns a specific identity consisting of numbers and letters to your end device.
Cookies can fulfil different purposes, e.g. helping to maintain the functionality of websites with regard to state of the art functions and user experience. The actual content of a specific cookie is always determined by the website that created it.
Cookies always contain the following information:
- name of the cookie;
- name of the server the cookie originates from;
- ID number of the cookie;
- an end date at the end of which the cookie is automatically deleted.
Cookies can be differentiated according to type and purpose as follows:
- Necessary/Essential cookies: Technically necessary (also: essential) cookies are required for the proper functioning of websites by enabling basic functions, such as site navigation and access to protected areas. Without such cookies, a website regularly fails to be fully functional. Necessary cookies are always first-party cookies. They can only be deactivated in the settings of your browser by rejecting all cookies without exception (see below) and are also used on our Website legally permissible without obtaining prior consent.
- Preference cookies: Preference cookies allow websites to remember information which affects their appearances or behaviour, for example, your preferred language or the region you are located in.
- Performance cookies: Performance cookies help website operators to understand how users interact with websites by collecting information anonymously and analysing it. Such cookies are thus used to collect information on user behaviour. In particular, the following information may be stored: accessed sub-pages (duration and frequency); order of pages visited; search terms used having led to the visit of the respective website; mouse movements (scrolling and clicking); country and region of access. These cookies allow to determine what a user is interested in and thereby adapt the content and functionality of a website to individual user needs.
- Tracking cookies: Tracking cookies are used to track users on websites. Their purpose is to display advertisements which are relevant and attractive for the individual user an hence valuable for publishers and third-party advertisers. This is possible by means of analysing your user behaviour and determining interests on the basis of which tailored advertising becomes possible.
With regard to the storage period cookies can be further differentiated as follows:
- Session cookies: Such cookies will be deleted without any action on your part as soon as you close your current browser session.
- Persistent cookies: Such cookies (e.g. to save your language settings) remain stored on your end device until a previously defined expiration date or until you have them manually removed.
Furthermore, cookies may be differentiated by their subject of attribution:
- First-party cookies: Such cookies are used by ourselves and placed directly from our Website. Browsers generally do not make them accessible across domains which is why the user can only be recognised by the page from which the cookie originates.
- Third-party cookies: Such cookies are not placed by the website operator itself, but by third parties when visiting a specific website, in particular, for advertising purposes (e.g. to track surfing behavior). They allow, for example, to evaluate different page views as well as their frequency.
Most browsers automatically accept cookies. However, you have the option to customise your browser settings so that cookies are either generally declined or only allowed in certain ways (e.g. limiting refusal to third-party cookies). However, if you change your browser's cookie settings, our Website may no longer be fully usable. Via the browser settings, you also have the option to delete the entirety of cookies already stored on your end device. This corresponds to a withdrawal of your consent.
1.5.2. Tracking pixel
We also use so-called tracking pixels (also: pixel tags or web beacons) to collect certain data via our Website. Tracking pixels are transparent images which are practically invisible as they consist of a single pixel. The tracking pixel is placed on a server and loaded therefrom as soon as a respective subpage of our Website is accessed. They allow us to track that a subpage was accessed as well as any subsequent user activity on this page for the purpose of tailored marketing activities. By means of the tracking pixel, in particular, the following information can be collected: (i) operating system used; (ii) browser type/version used; (iii) time of access; (iv) user behaviour on the visited page; (v) IP address and approximate location of the user.
Tracking pixels are used on our Website on the basis of our legitimate interest (Art 6 Abs 1 lit f GDPR) in analysing user accesses in a state of the art manner. As a tracking pixel is merely an image loaded from a server, its lifetime is limited to your current browser session. However, information collected via a tracking pixel may be subsequently stored in cookies (see point 1.5.1).
1.6. Third-party services
1.6.1. Google Analytics
In the context of the application of Google Analytics, your IP address as well as other client data, namely information about your use of our Website, for example, browser type/version, operating system, the previously visited website or the time of the server request, are transferred to and stored on Google servers. Based on our instructions, Google Ireland will use the information collected to analyse the use of our Website, draft reports on website activities and provide us with further services connected to the use of our Website and the Internet. The data concerning the use of our Website are deleted automatically after the retention period of fourteen (14) months, which we provided for, has expired.
The IP address transferred by your browser in the context of Google Analytics is not merged with other Google data. In order to protect you as comprehensively as possible, we utilise IP anonymisation by extending the code of our Website by "anonymizeIP". This ensures masking of your IP address, wherefore all data concerned are collected anonymously. Only in exceptional cases will the full IP address be transferred to a Google server and shortened there. Google Ireland intends to process data of users of the European Economic Area, where possible, in data centres situated in Europe; however, an outsourcing of processing activities to group companies may take place. An overview of Google data centres can be viewed under https://www.google.com/about/datacenters/inside/locations/?hl=en.
In regards to cookies, please review the relevant information under point 1.5.1. You may prevent Google Ireland from collecting data generated by cookies and relating to your use of the Website (including your IP address) and from processing this data by downloading an appropriate browser plug-in (available for Microsoft Internet Explorer 11, Google Chrome, Mozilla Firefox, Apple Safari and Opera) and installing it (https://tools.google.com/dlpage/gaoptout?hl=en).
For further information on data usage by Google Ireland and affiliated companies as well as your options in terms of settings and objection, please review the data protection declaration of Google under https://policies.google.com/privacy?hl=en.
On our Website (or in our App) we use the tracking tool of Adform A/S, Wildersgade 10B, sal. 1, DK-1408 Copenhagen, Denmark ("Adform") in order to ensure appropriate and effective marketing of our channels.
Adform uses the collected data to provide us with information regarding the efficiency of our adverts and to improve the perception and efficiency of the adverts displayed. Furthermore, the processing activities enable the display of interest-based advertising based on statistical probabilities. This also enables the assignment of user interests across different devices.
Further information concerning the processing activities performed by Adform can be found in the data protection declaration of Adform under https://site.adform.com/privacy-center/platform-privacy/product-and-services-privacy-policy/.
1.7. Links to third-party sites
On our Website we use links to the websites of third parties. These are, in particular, links to our presences in social networks (e.g. Facebook). If you click on one of these links, you will be forwarded directly to the respective page. For the website operators it is only evident that you have accessed our Website beforehand. Accordingly, we refer you, in general, to the separate data protection declarations of these websites. For further information on our processing of your data in connection with our social media presences, please review point 3.
2. Transfer of your data; recipients
For the purposes executing the data processing activities as indicated in the course of this Data Protection Declaration, we will transfer your personal data to the following recipients or make them available to them:
Within our organisation, your data will only be provided to those entities or employees who need them to fulfil their respectively our respective obligations.
In connection with data processing for the placement of advertisements (cf., in particular, point 1.4), we are to be considered joint controllers in the sense of Art 26 GDPR together with our partner E-Quadrat communications GmbH, Rathausstraße 19, 1010 Vienna (contact: firstname.lastname@example.org). In particular, any data processing agreements in the sense of Art 28 para 3 GDPR necessary for the cooperation with the processors outlined under point 1.4 have been concluded with E-Quadrat communications GmbH as contractual partner. In regards to the Website/App, we shall be mainly responsible for the provision of all necessary information pursuant to the GDPR as well as the fulfilment of your rights as data subject (cf. point 4).
Furthermore, (external) processors deployed by us receive your data if they need these data to provide their respective services (whereby the mere possibility to access personal data is sufficient). All processors are contractually obliged to keep your data confidential and to process it only within the scope of service provision.
This includes the following categories of recipients:
- website analysts (cf. point 1.6);
- service providers in the advertising sector (cf. point 1.4);
- hosting provider.
All deployed processors will process your data under strict observance of the requirements of the GDPR and solely based on our explicit instructions. Please note that some of the recipients mentioned above are located outside of the EEA region or process your (personal) data outside of the EEA region. As far as no adequacy decision of the European Commission is in existence with regard to such cases, we shall legitimise the third-country transfer on the basis of standard contractual clauses or other appropriate safeguards in the sense of Art 46 GDPR, which we have agreed upon accordingly with the respective provider.
Lastly, we may transfer your data to independent controllers, as far as this is strictly necessary and we are legally obliged to do so. Such controllers may be, for example, authorities or courts in the course of their statutory competence.
3. Social media presences
For the purpose of promoting our business activity and our service offer, we maintain presences in various social networks. The processing of your data in this context is based on our legitimate interest (Art 6 para 1 lit f GDPR) in expanding our reach as well as providing additional information and means of communication to users of social networks. In order to reach said purposes at the best possible rate, we may utilise functions provided by the respective service provider to measure our reach in detail (access statistics, identification of returning users etc.).
In the course of accessing any of the online presences outlined subsequently, we process the general information being evident due to your profile in the respective network as well as additional continuance, contact or content data, as far as you provide us with such data by interacting with our online presence and its contents. We do not store those data separately outside of the respective social network.
Since we jointly decide with the relevant service provider (respectively entity expressly outlined as controller) upon purposes and means of data processing in the course of a respective online presence, we are to be considered joint controllers in the sense of Art 26 GDPR. The provider of each social network mentioned shall act as the primary point of contact with regard to all general and technical questions in respect of our online presences; this also applies to fulfilling rights of the data subjects in the sense of point 4. However, in case of requests concerning the specific operation of our online presences, your interactions with them or information published/collected via such channels, we shall be the primary point of contact; point 4 as well as other stipulations in this Data Protection Declaration apply correspondingly.
For the EEA region, the social network "Twitter" is controlled by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland ("Twitter International") from a data protection point of view. In respect of the operation of our Twitter account (https://twitter.com/BApostas), we are joint controllers in the sense of Art 26 GDPR with Twitter International.
Please note that we have no influence on the programming and design of the social network; thus, we can only use the options provided by Twitter in order to personalise and maintain our Twitter account. Hence, please carefully review the terms which the service provider prescribes for the use of the social network (https://twitter.com/de/tos) as well as the separate data protection declaration (https://twitter.com/de/privacy) and consider the settings options in your Twitter account. In regards to any information provided by us via mechanisms made available by Twitter (Tweets etc.), we are naturally fully responsible.
4. Rights of the data subject
You may decide to exercise any of the following rights concerning our processing of your personal data at any time free of charge by means of a notification being sent to one of the contact options outlined under point 5; we shall then answer your request as soon as possible and within one (1) month at the latest (in exceptional cases, restrictions on these rights are possible, for instance, if otherwise the rights of third parties would be affected):
- access to and further information concerning your individual data processed by us (right of access, Art 15 GDPR);
- rectification of wrongly recorded data or data that have become inaccurate or incomplete (right to rectification, Art 16 GDPR);
- erasure of data which (i) are not necessary in light of the purpose of data processing, (ii) are processed unlawfully, (iii) must be erased due to a legal obligation or an objection to the processing (right to erasure, Art 17 GDPR);
- emporary restriction of processing under certain circumstances (right to restriction of processing, Art 18 GDPR);
- withdrawal of consent granted for the processing of your personal data at any time; however, please note that the withdrawal of your consent does not retroactively affect the lawfulness of data processing based on such consent – it solely affects subsequent processing activities (right to withdraw; Art 7 para 3 GDPR);
- objection to any processing of your data being based on our legitimate interest on grounds relating to your particular situation or being executed for direct marketing purposes(right to object; Art 21 para 1 and 2 GDPR);
- transfer of your personal data which are processed on the basis of your consent in a machine-readable format to you or directly to another controller upon request (right to data portability; Art 20 GDPR);
- right to lodge a complaint with a supervisory authority in respect of our processing of your data; the website of the Malta supervisory authority can be accessed under: https://idpc.org.mt.
5. Contact details regarding data protection issues
For data protection questions, messages or requests, please use the following contact address:
E-2 Communications Malta Ltd.
10, Lapsi Street, Fl. No.1
STJ 1261 St. Julians