PRIVACY POLICY - LETSPOKER APP

LetsPoker is provided by LETSPOKER SOLUTIONS S.R.L., a limited liability company, incorporated and functioning according to Romanian laws, having its registered office in Romania, Bucharest, registered with Bucharest Trade Registry under no. J40/16280/2019, Sole Identification Code 41959783 (“Company” or “we” / “us” or “Controller”).

LetsPoker is accessible through an application for mobile devices (the “App”); LetsPoker also refers to the website https://lets.poker/ (“Site”). LetsPoker also offers an online platform dedicated to Poker Clubs (as defined below) for business management purposes. The App and the Site are collectively referred to as “LetsPoker” or the “Service”, and each concept shall be construed depending on the context.

The Service provides online intermediation services for both poker clubs published in the App (“Poker Clubs”) and App users who are registered in the App (“you” or “Users”), as provided within the Terms of Service. Users may become poker players if they attend poker games in Poker Clubs’ specialized premises (“Poker Players”). The aim of LetsPoker is to facilitate the initiation of direct transactions between Poker Clubs and Users/Poker Players, also offering social media features for Users/Poker Players and Poker Clubs.

The Site is widely accessible, whilst certain sections of the App are publicly available for App visitors (“Site Visitors” and “App Visitors”). However, the entire range of App functionalities may be used by Users.

This privacy policy (“Privacy Policy”) applies to Personal Data Processing (as defined below) and addresses natural persons whose personal data are processed (Data Subjects, as defined below) in the context of providing the Service, i.e. App Visitor, Site Visitor, User, Poker Player (“you”).

LetsPoker is the Controller of Personal Data (as defined below) and, in certain cases, Joint Controller (as defined below) of your Personal Data (as defined below), according to the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and any other applicable regulations at European or national level adopted in the context of such regulation (“GDPR”). This Privacy Policy informs you on the Personal Data we collect and process, the purposes and the legal basis of the Processing (as defined below), and any other relevant information according to the GDPR.

In certain circumstances we process Personal Data jointly with our Joint Controllers, as applicable (as defined below).

In accordance with Article 26 of the GDPR, Joint Controllers are:

We have entered into joint controller addenda with our Joint Controllers, to determine the respective responsibilities for compliance with the obligations under the GDPR with regard to the joint Processing. Relevant aspects of this joint Processing are illustrated in this Privacy Policy below.

We have also agreed with our Joint Controllers the following:

  1. that LetsPoker is responsible for providing Data Subjects with the information on joint Processing of Personal Data, as mentioned herein below;
  2. after the joint Processing, Poker Clubs and Facebook Ireland Ltd are responsible for the exercise of your rights under Articles 15-20 of the GDPR also provided herein below.

You may contact and exercise your rights provided herein against each of the Joint Controllers. However, the contact point for you regarding the processing of Personal Data related to this Privacy Policy shall be: LetsPoker at privacy@lets.poker

Please read this Privacy Policy attentively, and if you do not agree with the provisions herein, we might not be able to respond to your inquiries, but in any case, you will not incur any negative consequences.

By ticking the box regarding this Privacy Policy before using the Service, you agree that you have read, understood, and agree that your Personal Data will be processed in accordance with this Privacy Policy. Nevertheless, there are certain Processing operations requiring your explicit consent, such as for profiling or marketing purposes, and you will be duly informed in this respect before giving your consent.

1. DEFINITIONS

‘User Account’ means the User/Poker Player account you can create in the App, in order to benefit from the entire range of App functionalities;

‘Personal Data’ means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘Special Categories of Personal Data’ means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

‘Joint Controllers’ means controllers who jointly determine the purposes and means of Processing;

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;

‘Sub-processor’ means the processor engaged by the Processor for carrying out specific Processing activities on behalf of the Controller;

‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

‘Third Party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

‘Third Country’ means any country located outside of the European Economic Area.

2. PRINCIPLES OF PERSONAL DATA PROCESSING

LetsPoker processes Personal Data in accordance with legal principles, as follows:

  1. Personal Data shall be processed in a lawful and transparent manner, guaranteeing loyalty to the persons whose Personal Data are processed (“lawfulness, loyalty and transparency”);
  2. there shall be specific purposes for Processing the data and the Controller shall indicate these purposes to the Data Subjects when collecting their Personal Data (“purpose limitation”);
  3. the Company can only collect and process Personal Data that is necessary to achieve these purposes (“data minimization”);
  4. the Company shall ensure that Personal Data are accurate and kept up to date with regard to the purposes for which they are processed, and correct them where necessary (“accuracy”);
  5. the Company can no longer use Personal Data for other purposes which are not compatible with the purpose for which they were initially collected;
  6. the Company shall ensure that Personal Data is not kept longer than necessary to achieve the purposes for which they were collected (“limitation of conservation”);
  7. the Company shall put in place technical measures and appropriate organizational structures that ensure the security of Personal Data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technology (“integrity and confidentiality”).

CONTEXT:

LetsPoker will take appropriate safeguards for your rights and freedoms, including pseudonymisation. Following pseudonymisation, further processing does not permit or no longer permits the identification of your data.

Notwithstanding other provisions herein, LetsPoker will not process Personal Data for automated individual decision-making, direct marketing and advertising profiling without your express prior consent for such purposes.

LetsPoker shall not process Special Categories of Personal Data.

For additional information regarding the use of your Personal Data, please contact the Data Protection Officer who is available for any questions related to the protection of your Personal Data: privacy@lets.poker

4. TO WHOM IS YOUR PERSONAL DATA DISCLOSED

LetsPoker ensures confidentiality of Personal Data at all times. At the same time, there are circumstances when we will disclose Personal Data, as applicable, to certain Recipients as follows:

Within the European Economic Area:

  1. if we have legal obligations in this respect – for instance, we can disclose Personal Data to National Agency for Tax Administration and other authorities/ institutions requiring them;
  2. for the purpose of exercising or defending our legitimate rights and interests - for example, to enforce the Terms of Service (for instance, to lawyers etc.);
  3. you have given your consent for this purpose, as applicable; In your capacity as a User, your Personal Data will be transferred to Poker Clubs from the App through App functionalities, such as the feature of initiating a chat with Poker Clubs, or the possibility to preregistrer with Poker Clubs. When initiating a chat with a Poker Club, the respective Poker Club will have access to your profile data (name, profile photo and preferred language) and you can communicate with Poker Clubs only when you contact Poker Clubs.
  4. for the purpose of providing you our services, your Personal Data will be transferred, as follows: a) to the cloud service provider (located on the European Union territory), which is Amazon Web Services (AWS) and it has the capacity of Processor with respect to your Personal Data; b) the company that provides us with accounting services (located on the European Union territory), which has the capacity of Processor.

Outside the European Economic Area/ Third Countries:

LetsPoker collaborates with Poker Clubs from Israel, thus your Personal Data will be transferred to the respective Poker Clubs located in Israel, in order to provide you our Service. The European Commission has determined, on the basis of article 45 of the GDPR that Israel (country outside the EU) offers an adequate level of data protection. In light of the above, such transfers to Israel will be assimilated to intra-EU transmissions of data, and your Personal Data will be protected in the context of such transfer, without any further safeguard being necessary.

LetsPoker shall not transfer your Personal Data outside the European Economic Area/ Third Countries, other than provided herein above. To the extent other transfers outside the EU will be envisaged, LetsPoker will ensure that your Personal Data will be protected as required by the GDPR, and you will be duly informed in this respect.

5. THE PERIOD FOR WHICH PERSONAL DATA WILL BE PROCESSED AND STORED AND THE CONDITIONS THEREOF

LetsPoker will process your Personal Data for as long as is necessary to fulfil the Processing purposes, as follows:

  1. in case of performance of a contract with you or arrangements for the conclusion of such a contract - the duration of processing and storage is that required by law for the respective contract. After the termination of the contract, there may be legal obligations for LetsPoker to maintain records, in which case your Personal Data will be stored for the period provided by law, which will vary, and can be between 1 day and 10 years – under the legal basis provided at Article 6 (1) (c) of the GDPR;
  2. based on your consent - Personal Data are retained until the consent is withdrawn, unless there are legitimate reasons justifying further processing by LetsPoker (including a legal obligation in this respect) and prevailing over your interests, rights and freedoms or if this is necessary in order to establish, exercise or defend a right in court, but not later than 3 years from the date when such right could have been exercised;
  3. based on the requirement to fulfil our legal obligations - Personal Data are processed and stored during the existence of that legal obligation. Depending on the particular situation, this period will vary, and can be between 1 day and 10 years;
  4. under the legitimate interest of LetsPoker - during the existence of the legitimate interest, but not more than 3 years from the date when such legitimate interest could have been exercised.

6. YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM

In relation to your Personal Data Processing, you have the following rights:

  1. The right to access - You can request information related to the Personal Data that we process;
  2. The right to rectification - You can request the rectification of the data if the information is inaccurate;
  3. The right to the erasure of the data (‘right to be forgotten’) - You can request the erasure of the data, in certain conditions (specified in the GDPR), namely: (a) if personal data are no longer necessary for the purposes for which they were collected or processed; (b) if you withdraw your consent and there is no other legal ground for the processing; (c) if you object to the processing and there are no legitimate reasons to prevail; (d) if the personal data have been unlawfully processed; (e) if personal data must be deleted in order to comply with a legal obligation.
  4. The right to the restriction of the processing - You can request the restriction of your Personal Data Processing, when one of the following applies: (a) the accuracy of the Personal Data is contested by you, for a period enabling us to verify the accuracy of the Personal Data; (b) the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of their use instead; (c) we no longer need the Personal Data for the purposes of the processing, but these are required by you for the establishment, exercise or defence of legal claims; (d) you have objected to processing pending the verification whether our legitimate grounds override yours.
  5. The right to oppose - You can oppose to the Processing, in certain conditions (specified in GDPR), namely and where applicable, when we process Personal Data based on our legitimate interest or for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing.
  6. The right to the portability of your Personal Data - You can request a copy of your data in a structured, commonly used and easy-to-read format, and you can receive it in an electronic format, respectively the right for these data to be transmitted by us to another data controller, insofar as the conditions provided by law are met. The data to which the right to portability applies are either those obtained by your consent or by a contract with us.
  7. The right to oppose to an automatic individual decisional process, including profiles creation – as applicable and in other cases than based on your consent, you can oppose to any automatic individual decisional process including profiles creation.
  8. The right to withdraw consent - Where applicable, namely where Personal Data Processing is based on the legal basis of consent provided at Article 6 (1) (a) of the GDPR, you have the right to withdraw consent at any time, as easy as you originally gave it, without prejudice to the lawfulness of the processing carried out on the basis of the consent before its withdrawal.
  9. The right to file a complaint with the supervisory authority - You can file a complaint with the National Supervisory Authority for the Processing of Personal Data - https://www.dataprotection.ro.

7. AMENDMENTS OF THE PRIVACY POLICY

LetsPoker may change this Privacy Policy by notifying you in this respect at least 30 (thirty) days before the change takes effect via e-mail and/or through a notice/pop-up on the App. We will publish the new version in the App. You will have the opportunity to accept or refuse the revised Privacy Policy.

Updated on: 01 November 2021