- Processing of personal data
All personal data is processed in accordance with statutory provisions and in compliance with the General Data Protection Regulation (GDPR). Personal data is only seen by people who are authorised by CASHPOINT and are entitled to have to know this data to do their job.
In the course of personal registration and setting up a betting account for the first time, the customer provides the following personal data in accordance with the relevant laws:
- master data (first name and surname, place of residence, birth data, citizenship, etc.)
- contact details (valid email address, optional: valid telephone number)
- username and password or PIN (freely selected by the customer)
- account settings (standard stake, currency, bonus, etc.)
- photograph (if a customer card is ordered)
The provision of this data by the customer (with the exception of account settings) is prescribed by law and/or required to comply with the CASHPOINT contract. Without this data, CASHPOINT cannot comply with its statutory and contractual obligations and cannot therefore enter into the contractual relationship. (The account settings are used to be able to customise the management of the betting account and the standard gambling settings for bets.)
Furthermore, on registration and thereafter partly on an ongoing basis, data is processed or obtained as follows:
- First at the time of registration and at periodic intervals thereafter, a check is required by law to establish whether the customer is a politically exposed person. This is done by comparing the data provided by the customer with a suitable database.
- Furthermore, firstly on registration and thereafter whenever the customer logs in or places a bet, there is a legal requirement for the data provided by the customer to be compared with the relevant blacklists of the region(s) concerned or sanctions lists.
- At the time of registration, deposit and gambling limits selected by CASHPOINT and/or by the customer are set.
- If the optional customer card is ordered, a customer card is issued with a photograph and a card number is allocated to the customer.
1.2. Identity verification and/or legitimation
The identity is verified during or after registration. This requires:
- details or copy of a valid, official identification document with photograph, which meets national passport and identification requirements
Furthermore, on identity verification and thereafter partly on an ongoing basis, data is processed or obtained as follows:
- On registration, a comparison of the data provided by the customer may be made with the database of a service provider specialised in carrying out identity checks or a state or regional database to assist CASHPOINT in checking the customer’s identity, the minimum age and home address.
- In order to prevent money laundering and to comply with player protection, additional risk-appropriate proof may be required on registration and at periodic intervals thereafter in accordance with the relevant statutory provisions. Personal data may also be checked by specialist providers if necessary. Such proof may, for example, be a notarised copy of the passport, proof of registration, customer’s occupation, origin of assets used in betting, credit reports, etc.
Identity verification is required by law, among other things, due to the Gambling Act, the protection of minors and the prevention of money laundering.
1.3. Payments into and out of the account
Every customer is provided with a betting account during the registration process and this is used to make and receive payments.
No later than when the first winnings are paid, CASHPOINT must have checked the customer’s identity because of legal requirements to ensure that each person receiving a payment is also the registered customer. Depending on the payment method chosen, bank details may be required to make a payout.
In the course of payments, the following data can be collected:
- transaction data for the payment (ID, date and time, IP address, etc.)
- billing and payment details (amount, payment confirmation or refusal, etc.)
- bank details (name of the account holder, name of the bank, IBAN, BIC)
- specific details about the payment (account ID, mobile phone number, bonus code, credit card type, etc.)
- compliance with bonus terms and conditions
- compliance with the limits
The provision of this data by the customer is required to comply with the contract and statutory obligations. Without this data, CASHPOINT cannot make a payment or pay out any winnings.
1.4. Gambling process
If the customer places a bet, the following personal data is collected from the customer:
- transaction data for the bet (ID, date and time, IP address, etc.)
- details about the bet (number, subject of the bet, event and odds, stake, winnings, etc.)
- compliance with the limits
- compliance with bonus terms and conditions
The collection of this data is required for CASHPOINT to comply with statutory obligations and the contract. Without this data, CASHPOINT cannot accept any bets.
In addition, the following data will be collected in the event of suspected fraud:
- To fight fraud, when bets are placed, information will be obtained from specialist service providers about any existing cases of suspected fraud
The collection of this data is a legal requirement to fight fraud. Without this information, CASHPOINT cannot accept any bets.
The customer is required to provide the data.
1.5. Support and complaint management
In the course of support queries and complaints from customers, the following personal data is collected:
- master data and contact details acquired from the customer during registration
- content of the query or complaint including the attachment
This data must be provided to comply with the contract. Without this data, CASHPOINT cannot provide user-specific support or process complaints.
The following data will also be collected from the customer:
- If customers contact the support hotline, they can help to improve the service quality by voluntarily agreeing to the conversation being recorded. In this case, the sound recording will be used for internal evaluation and to improve the service.
1.6. Player protection
If the customer applies for a player protection measure or sets limits, the following personal data will be collected from the customer:
- transaction data, master data
- payment and betting limits
- lock data (master data, duration, reason, etc.)
The provision of this data by the customer is required to comply with the contract and statutory obligations.
1.7. Technical information
If the customer is active on the CASHPOINT website or if the app is used, the following data can be collected:
- usage and session data (ID, date and time, IP address, browser information, etc.)
- technical data enabling identification of a terminal device
- login data
- geo data depending on user settings
The collection of this data is necessary for the protection of CASHPOINT’s equipment from attack or from any subsequent criminal prosecution of attackers and to prevent cases of fraud. Due to existing statutory regional restrictions on betting services, the collection of this data is also required to determine the region in which the customer is located at the time of login (“geo IP restrictions”).
The processing of this data is in CASHPOINT’s legitimate interest to ensure integrity, fraud prevention and the protection of its systems.
The following data is processed to send information about CASHPOINT, newsletters, offers relating to particular services, vouchers and other advertising materials if the customer agrees to this processing:
- contact details (name, address, email address, mobile phone number)
- details about the newsletter or news and sending data
We send you current offers and news about our products and services on various channels: by email, SMS, push message, post or phone.
This data is processed only subject to the customer’s consent, which can be withdrawn at any time without stating a reason via user account or by contacting support.
1.9. Further purposes
CASHPOINT will inform the customer if the provided personal data is processed for any purpose other than the purpose stated above.
Possible recipients of the above-mentioned data are the following:
- authorities, public institutions and courts due to statutory obligations to provide information
- authorities and public institutions carrying out the database comparison required by law to check
- any existing national blocking of the customer
- whether the customer has agreed or refused to receive advertising materials
- IT service providers
- tax consultants
- database providers that carry out identity, and credit checks or that are holding registers of politically exposed persons
- service providers/organisations specialised in fighting fraud
- banks and payment providers
- support providers
- marketing service providers
The transfer of data to authorities, public institutions and tax consultants is necessary for legal reasons.
To protect CASHPOINT’s legitimate interests, the transfer of transaction data together with the necessary master data to specialized service providers is necessary to fight fraud. Furthermore, in order to safeguard our legitimate interests, master data and/or blocking data are transmitted to the Group of Companies for prevention purposes.
The disclosure of data to (criminal prosecution) authorities is necessary to investigate possible attacks on CASHPOINT.
The transfer of data to IT service providers is necessary to process the bets.
Support data must be transferred to IT and support providers for support management and to process customer queries and complaints.
CASHPOINT concludes corresponding contracts with all external service providers and, in cases of joint processing, the external processors / responsible parties.
Some data can also be transferred to various recipients in a third country (outside the European Economic Area). The level of data protection in third countries is not necessarily of the same level as that of member states of the European Economic Area. However, CASHPOINT only transfers customers’ personal data to countries, for which the EU Commission has decided that they have an appropriate level of data protection or implements measures to guarantee that all recipients have an appropriate level of data protection. To this end, CASHPOINT additionally concludes, amongst others, standard contract clauses. These are available on request using the contact email address.
- Data retention
The data retention of the processed data depends on the purpose of the processing and legal obligations.
In general, the above-mentioned data is stored for as long as the business relationship exists and for as long as required to comply with statutory retention obligations. The retention obligations can still exist even if the customer account is closed or the customer relationship is terminated.
Data that are only processed with the customer’s consent (e.g. marketing data) are stored as long as the customer’s consent has been given.
Cookies are small data files stored on the user’s device, allocated to the browser or specific app, and through which the setter of the cookie obtains specific information. Cookies may contain specific (personal) data (e.g. IP address, your operating system/device’s settings, website from which the data file is accessed, name of the file or date and time of access).
You can find more information as well as types of cookies which can be used on our websites, in applications and in newsletters under the Cookie Settings.
CASHPOINT engages in customer profiling, i.e. the automated processing of personal data for the purpose of evaluating, analysing or predicting specific personal aspects (e.g. aspects of betting behaviour) of customers.
The logic involved for this purpose helps CASHPOINT to implement the legal requirements with regard to the detection of anomalous transaction behaviour, to fulfil its obligations in connection with the prevention of gambling addiction (“responsible gaming”) and in doing so to create an appropriate risk management system. Another purpose of profiling is to prevent money laundering and the financing of terrorism and to detect suspicious transactions in this context. The risk management system classifies risks on the basis of a points system relating to specific risk factors.
- Rights of persons concerned
In addition to the right to information – in cases of joint processing with external partners – the customers can assert their right to information from both contractual partners – customers also have the right to correct, delete, restrict, object to and transfer their personal data. The customer’s right to deletion is only upheld insofar as it does not conflict with CASHPOINT’s legitimate interests, and statutory retention obligations do not apply. In addition, the customer is free to lodge a complaint with the data protection authority.
- Changes to our data protection declaration
Cashpoint (Malta) Ltd.
Address: Level 3, St Julians Business Centre, Triq Elija Zammit, STJ 3155 St Julians, MALTA
Last updated: 04.05.2021