Privacy Policy

This Privacy Policy explains the processing of personal data by CASHPOINT (Malta) Ltd., Level 3, St Julians Business Centre, Triq Elija Zammit, STJ 3155 St Julians, MALTA (hereinafter referred to as CASHPOINT).

  1. Processing of personal data

All personal data is processed in accordance with statutory provisions and in compliance with the General Data Protection Regulation (GDPR). Personal data is only seen by people who are authorised by CASHPOINT and are entitled to have to know this data to do their job.

1.1. Registration

In the course of personal registration and setting up a betting account for the first time, the customer provides the following personal data in accordance with the relevant laws:

  • master data (first name and surname, place of residence, birth data, citizenship, etc.)
  • contact details (valid email address, optional: valid telephone number)
  • username and password or PIN (freely selected by the customer)
  • account settings (standard stake, currency, bonus, etc.)
  • photograph (if a customer card is ordered)

The provision of this data by the customer (with the exception of account settings) is prescribed by law and/or required to comply with the CASHPOINT contract. Without this data, CASHPOINT cannot comply with its statutory and contractual obligations and cannot therefore enter into the contractual relationship. (The account settings are used to be able to customise the management of the betting account and the standard gambling settings for bets.)

Furthermore, on registration and thereafter partly on an ongoing basis, data is processed or obtained as follows:

  • First at the time of registration and at periodic intervals thereafter, a check is required by law to establish whether the customer is a politically exposed person. This is done by comparing the data provided by the customer with a suitable database.
  • Furthermore, firstly on registration and thereafter whenever the customer logs in or places a bet, there is a legal requirement for the data provided by the customer to be compared with the relevant blacklists of the region(s) concerned or sanctions lists.
  • At the time of registration, deposit and gambling limits selected by CASHPOINT and/or by the customer are set.
  • If the optional customer card is ordered, a customer card is issued with a photograph and a card number is allocated to the customer.

1.2. Identity verification and/or legitimation

The identity is verified during or after registration. This requires:

  • details or copy of a valid, official identification document with photograph, which meets national passport and identification requirements

Furthermore, on identity verification and thereafter partly on an ongoing basis, data is processed or obtained as follows:

  • On registration, a comparison of the data provided by the customer may be made with the database of a service provider specialised in carrying out identity checks or a state or regional database to assist CASHPOINT in checking the customer’s identity, the minimum age and home address.
  • In order to prevent money laundering and to comply with player protection, additional risk-appropriate proof may be required on registration and at periodic intervals thereafter in accordance with the relevant statutory provisions. Personal data may also be checked by specialist providers if necessary. Such proof may, for example, be a notarised copy of the passport, proof of registration, customer’s occupation, origin of assets used in betting, credit reports, etc.

Identity verification is required by law, among other things, due to the Gambling Act, the protection of minors and the prevention of money laundering.

1.3. Payments into and out of the account

Every customer is provided with a betting account during the registration process and this is used to make and receive payments.

No later than when the first winnings are paid, CASHPOINT must have checked the customer’s identity because of legal requirements to ensure that each person receiving a payment is also the registered customer. Depending on the payment method chosen, bank details may be required to make a payout.

In the course of payments, the following data can be collected:

  • transaction data for the payment (ID, date and time, IP address, etc.)
  • billing and payment details (amount, payment confirmation or refusal, etc.)
  • bank details (name of the account holder, name of the bank, IBAN, BIC)
  • specific details about the payment (account ID, mobile phone number, bonus code, credit card type, etc.)
  • compliance with bonus terms and conditions
  • compliance with the limits

The provision of this data by the customer is required to comply with the contract and statutory obligations. Without this data, CASHPOINT cannot make a payment or pay out any winnings.

1.4. Gambling process

If the customer places a bet, the following personal data is collected from the customer:

  • transaction data for the bet (ID, date and time, IP address, etc.)
  • details about the bet (number, subject of the bet, event and odds, stake, winnings, etc.)
  • compliance with the limits
  • compliance with bonus terms and conditions

The collection of this data is required for CASHPOINT to comply with statutory obligations and the contract. Without this data, CASHPOINT cannot accept any bets.

In addition, the following data will be collected in the event of suspected fraud:

  • To fight fraud, when bets are placed, information will be obtained from specialist service providers about any existing cases of suspected fraud

The collection of this data is a legal requirement to fight fraud. Without this information, CASHPOINT cannot accept any bets.

The customer is required to provide the data.

1.5. Support and complaint management

In the course of support queries and complaints from customers, the following personal data is collected:

  • master data and contact details acquired from the customer during registration
  • content of the query or complaint including the attachment

This data must be provided to comply with the contract. Without this data, CASHPOINT cannot provide user-specific support or process complaints.

The following data will also be collected from the customer:

  • If customers contact the support hotline, they can help to improve the service quality by voluntarily agreeing to the conversation being recorded. In this case, the sound recording will be used for internal evaluation and to improve the service.

1.6. Player protection

If the customer applies for a player protection measure or sets limits, the following personal data will be collected from the customer:

  • transaction data, master data
  • payment and betting limits
  • lock data (master data, duration, reason, etc.)

The provision of this data by the customer is required to comply with the contract and statutory obligations.

1.7. Technical information

If the customer is active on the CASHPOINT website or if the app is used, the following data can be collected:

  • usage and session data (ID, date and time, IP address, browser information, etc.)
  • technical data enabling identification of a terminal device
  • login data
  • geo data depending on user settings

The collection of this data is necessary for the protection of CASHPOINT’s equipment from attack or from any subsequent criminal prosecution of attackers and to prevent cases of fraud. Due to existing statutory regional restrictions on betting services, the collection of this data is also required to determine the region in which the customer is located at the time of login (“geo IP restrictions”).

The processing of this data is in CASHPOINT’s legitimate interest to ensure integrity, fraud prevention and the protection of its systems.

1.8. Marketing

The following data is processed to send information about CASHPOINT, newsletters, offers relating to particular services, vouchers and other advertising materials if the customer agrees to this processing:

  • contact details (name, address, email address, mobile phone number)
  • details about the newsletter or news and sending data

We send you current offers and news about our products and services on various channels: by email, SMS, push message, post or phone.

This data is processed only subject to the customer’s consent, which can be withdrawn at any time without stating a reason via user account or by contacting support.

1.9. Further purposes

CASHPOINT will inform the customer if the provided personal data is processed for any purpose other than the purpose stated above.

  1. Recipients

Possible recipients of the above-mentioned data are the following:

  • authorities, public institutions and courts due to statutory obligations to provide information
  • authorities and public institutions carrying out the database comparison required by law to check
    • any existing national blocking of the customer
    • whether the customer has agreed or refused to receive advertising materials
  • IT service providers
  • tax consultants
  • database providers that carry out identity, and credit checks or that are holding registers of politically exposed persons
  • service providers/organisations specialised in fighting fraud
  • banks and payment providers
  • support providers
  • marketing service providers

The transfer of data to authorities, public institutions and tax consultants is necessary for legal reasons.

To protect CASHPOINT’s legitimate interests, the transfer of transaction data together with the necessary master data to specialized service providers is necessary to fight fraud. Furthermore, in order to safeguard our legitimate interests, master data and/or blocking data are transmitted to the Group of Companies for prevention purposes.

The disclosure of data to (criminal prosecution) authorities is necessary to investigate possible attacks on CASHPOINT.

The transfer of data to IT service providers is necessary to process the bets.

Support data must be transferred to IT and support providers for support management and to process customer queries and complaints.

CASHPOINT concludes corresponding contracts with all external service providers and, in cases of joint processing, the external processors / responsible parties.

Some data can also be transferred to various recipients in a third country (outside the European Economic Area). The level of data protection in third countries is not necessarily of the same level as that of member states of the European Economic Area. However, CASHPOINT only transfers customers’ personal data to countries, for which the EU Commission has decided that they have an appropriate level of data protection or implements measures to guarantee that all recipients have an appropriate level of data protection. To this end, CASHPOINT additionally concludes, amongst others, standard contract clauses. These are available on request using the contact email address.

  1. Data retention

The data retention of the processed data depends on the purpose of the processing and legal obligations.

In general, the above-mentioned data is stored for as long as the business relationship exists and for as long as required to comply with statutory retention obligations. The retention obligations can still exist even if the customer account is closed or the customer relationship is terminated.

Data that are only processed with the customer’s consent (e.g. marketing data) are stored as long as the customer’s consent has been given.

  1. Cookies

CASHPOINT also uses cookies and other technologies to design its website and apps to be more personalised, clearer and more secure for users, to improve its website and apps, to facilitate the use of specific features or to carry out specific statistical analysis.

Cookies are small data files stored on the user’s device, allocated to the browser or specific app, and through which the setter of the cookie obtains specific information. Cookies may contain specific (personal) data (e.g. IP address, your operating system/device’s settings, website from which the data file is accessed, name of the file or date and time of access).

Visitors can prevent the use of cookies in their browser settings. Depending on the browser, there is the option to be asked for your consent before cookies are used. Instructions on how to block or delete cookies are provided at If cookies are not accepted or are deleted, this may lead to the functionality of the website or app being restricted in some cases.

First-party cookies are directly set and stored by our website (or domain) or any JavaScript loaded on the website. These cookies allow us to collect analytics data, remember language settings and perform other useful functions that provide a good user experience. First-party cookies are supported by all browsers and can be blocked or deleted by the user.

Third-Party Cookie and External Content: We use cookies and active JavaScript content from external providers on our websites, in applications and in newsletters. A third-party cookie can be set and created by a third-party server. These are usually used for online-advertising purposes and placed on a website through a script or tag. When you access our site, these external providers might receive personal information relating to your visit to our websites. It is possible that this data is processed outside of the EU. Third-party cookies are supported by all browsers, but many are blocking the creation of third-party cookies by default. Users are also taking matters into their own hands and deleting third-party cookies on their own. Please also note that CASHPOINT cannot accept any liability for external content and for the settings of these cookies and the cookies policy of the respective third party is applicable.

You can find more information as well as types of cookies which can be used on our websites, in applications and in newsletters under the Cookie Settings.

  1. Profiling

CASHPOINT engages in customer profiling, i.e. the automated processing of personal data for the purpose of evaluating, analysing or predicting specific personal aspects (e.g. aspects of betting behaviour) of customers.

The logic involved for this purpose helps CASHPOINT to implement the legal requirements with regard to the detection of anomalous transaction behaviour, to fulfil its obligations in connection with the prevention of gambling addiction (“responsible gaming”) and in doing so to create an appropriate risk management system. Another purpose of profiling is to prevent money laundering and the financing of terrorism and to detect suspicious transactions in this context. The risk management system classifies risks on the basis of a points system relating to specific risk factors.

  1. Rights of persons concerned

In addition to the right to information – in cases of joint processing with external partners – the customers can assert their right to information from both contractual partners – customers also have the right to correct, delete, restrict, object to and transfer their personal data. The customer’s right to deletion is only upheld insofar as it does not conflict with CASHPOINT’s legitimate interests, and statutory retention obligations do not apply. In addition, the customer is free to lodge a complaint with the data protection authority.

  1. Changes to our data protection declaration

Our privacy policy may occasionally be subject to necessary changes, in particular, due to current case law, the coming into force of new laws or the change or expansion of our offer, of which we inform the customer by providing the changed privacy policy on our website. It is therefore recommended that the customer read the privacy policy regularly.

  1. Contact

Cashpoint (Malta) Ltd.

Address: Level 3, St Julians Business Centre, Triq Elija Zammit, STJ 3155 St Julians, MALTA


Version 3.1

Last updated: 04.05.2021

Stay Connected

MERKUR is the leading brand of the MERKUR GROUP which was founded in 1957. We are always happy to help so feel free to reach out.