Sample Privacy Policy (Tard Games OÜ)

1. Introduction

We are committed to processing your personal data fairly and transparently in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This Privacy Policy outlines how we collect, use, disclose, and protect your personal data when you visit our website or use our services.

To ensure compliance with data protection laws and to uphold your rights as a data subject, we have appointed a Data Protection Officer (DPO). If you have any questions about how your personal data is handled, wish to exercise your rights under the GDPR, or have privacy-related concerns, you can contact our Data Protection Officer at: [email protected].

We reserve the right to update this Privacy Policy if legal or operational changes emerge. We encourage you to review this page periodically. If we make any significant changes that affect your rights or the way we process your personal data, we will take appropriate steps to notify you, such as through a pop-up notice on our website or by direct communication.

Please note that our services are not intended for individuals under the legal gambling age as defined in the applicable jurisdiction. We do not knowingly collect data from minors. If we discover that personal data of an underage individual has been collected, we will take steps to delete it promptly.

2. About Us

This Privacy Policy applies to data processing carried out by Tard Games OÜ as the data controller. Tard Games OÜ (“We,” “Us,” “Our”, “Company)” is registered at Narva mnt 5, Tallinn, Harjumaa, 10117.

3. Purposes of Processing, Categories of Personal Data and Legal Basis

• To provide our services and manage your user account

Processed data: personal data such as your name, nickname, date of birth, contact details (email, phone, address), identification documents, details about the games you play on our website, login/logout times, wagering activity, bonuses claimed, transaction history, financial data (bank account details, payment card information) and technical data (like IP address and browser information).

Legal basis: implementation of pre-contractual measures, performance of a contract.

• To comply with legal obligations, namely under Anti-Money Laundering (AML) and counter-terrorism financing laws

Processed data: name, personal identity code or date of birth and place of residence or location, contact details, identification data, source of funds proof, financial data (bank account details, payment card information), transaction history, risk assessment records, details about the games you play on our website, login/logout times.

Legal basis: legal obligation.

• To detect and prevent fraud, abuse of bonuses, or unauthorized use of our platform

Processed data: details about the games you play on our website, login/logout times, wagering activity, bonuses claimed, history of responsible gaming measures, source of funds proof, financial data (bank account details, payment card information), transaction history, technical data (like IP address and browser information).

Legal basis: our legitimate interest in protecting our business and maintaining the integrity of our services.

• To send marketing offers, promotions/newsletters, to display relevant content

Processed data: personal data such as your name, nickname, date of birth, contact details (email, phone, address), details about the games you play on our website, login/logout times, wagering activity, bonuses claimed, transaction history, financial data (bank account details, payment card information) and technical data (like IP address and browser information), your marketing preferences and communications with us.

Legal basis: If required, we will ask for your consent. In some cases, where consent is not required, the legal basis will be our legitimate interest in promoting our services.

• To analyze performance and improve our website and services

Processed data: technical and usage data (IP address and browser information, traffic patterns, session logs).

Legal basis: our legitimate interest in optimizing and improving our services.

• To ensure the security of our systems and user accounts

Processed data: technical and usage data (IP address and browser information, traffic patterns, session logs), suspicious behaviour.

Legal basis: legal obligation/ our legitimate interest in securing our systems and protecting users’ data.

4. Sources of Data

We collect your personal data directly from you when you register, contact us, or use our services. We also receive data from third-party sources including:

• Verification providers (e.g., age, identity, or address verification services).
• Financial institutions.
• AML and PEP (Politically Exposed Persons) databases.
• Regulatory authorities and databases of problem gamblers.
• Partners such as affiliate networks, advertising platforms, and analytics providers, which may provide pseudonymous data for targeted marketing purposes.

5. Data Sharing and Cross-Border Transfers

We may share your personal data with authorized service providers acting as data processors who assist in service delivery, IT infrastructure, payment processing, marketing, or verification. Rest assured that all such processors operate under data processing agreements that ensure compliance with data protection obligations.

Your personal data may also be disclosed to separate data controllers, who themselves determine the purposes of the processing of personal data. These may include competent authorities, courts, AML, PEP and problem gamblers databases, or legal advisors if required to comply with legal obligations or to exercise or defend legal claims.

Where data is transferred outside the European Economic Area, we ensure that appropriate safeguards are in place (adequacy decisions by the European Commission, Standard Contractual Clauses). Upon your request we will make available further information on the safeguards applied.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes set out in this policy and to comply with legal retention periods. To determine the suitable retention period for personal data, we evaluate several factors: the volume, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure; the purposes of processing and whether these can be fulfilled through alternative methods; and relevant legal obligations. During the retention of personal data, we also consider the necessity to resolve disputes, enforce contractual agreements.

For instance, AML regulations require us to retain your financial and identification data for a minimum of five years after the end of your relationship with us. After that period, your data will be securely deleted or anonymized.

7. Automated Decision-Making and Profiling

We do not have any decision-making processes that are solely based on automated processing, including profiling.

We may use automated tools to support risk assessment, fraud prevention, or responsible gambling monitoring (e.g., identifying unusual transaction patterns or high-risk behaviour), still any decisions are always reviewed and confirmed by a human before any action is taken.

If you have questions about how automated tools are used in our processes, you are welcome to contact us or our Data Protection Officer.

8. Data Security

We implement a list of different appropriate technical and organizational measures to protect your data from loss, misuse, unauthorized access, or disclosure. Those measures include:

• Access Controls: Only authorized personnel can access personal data, and our systems are hosted in secure facilities.
• System Access Controls: Systems are protected by authentication measures, including unique user IDs and, where applicable, multi-factor authentication.
• Organizational Measures: We prevent accidental data mixing through clear internal procedures and regular staff training. A designated Data Protection Officer (DPO) is thus responsible for overseeing our data protection strategy and monitoring internal compliance.

9. Your Data Protection Rights

You have the following data protection rights which you can exercise by contacting us as set out in section 10:

• Right of access: Obtain information about whether and how your personal data is processed.
• Right to rectification: Request correction of inaccurate or incomplete personal data.
• Right to erasure: Request deletion of your data for example when it is no longer needed or if processing is unlawful, unless retention is required by law.
• Right to restrict processing: Ask for processing to be limited under certain conditions.
• Right to data portability: Receive your data in a commonly used and machine-readable format and transmit it to another controller, where applicable under certain conditions.
• Right to object: Object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent: Withdraw consent at any time where processing is based on your consent.
• Right to lodge a complaint: File a complaint with a supervisory authority.

10. Contacts

If you have any questions about this Privacy Policy or your personal information and/or want to exercise your rights, please contact our DPO at [email protected]. You can also contact our support teams via *support email* and website's online chat.

11. Cookie Policy

We use cookies to enhance your browsing experience, analyze site traffic, and personalize content.

Cookies are small text files stored on your device when you visit a website. They help us remember your preferences and improve functionality.

Types of cookies we use:

• Essential cookies: Necessary for website functionality.

• Analytics cookies: Help us understand how you interact with our site.

• Preference cookies: Remember your settings and preferences.

You can manage cookies through your browser settings at any time.