Why we need your persondal data
Account registration:
| Scope of personal data | e-mail address, phone number, date of birth, Facebook / Google + login (country, e-mail address and age), identity card / identity other document (e.g. driving license), proof of permanent residence, IP address, device details |
| Purpose | offering betting options, age and identity verification, checking with the register of persons excluded from gambling |
| Legal basis | compliance with legal obligations (Gambling Act, AML) and performance of contractual obligations (Game Plan) |
| Recipients | Digmia, s.r.o. |
| Retention period | 5 years from ending the contractual relationship, or longer upon FIU's request |
| Automated decision-making including profiling | AIR - IP address evaluation and geolocation |
| Legitimate interest | - |
Using the website / mobile app / Sportbox with a loyalty card:
| Scope of personal data | data processed during account registration, betting and gaming activity data, betting data (e.g., type of sport, ticket slip, winnings paid, bonuses, etc.), IP address, location data, sign-ups, device details |
| Purpose | offering betting options, fraud prevention, game integrity and functionality, identification of unusual business operations, system error analysis |
| Legal basis | compliance with legal obligations (Gambling Act, AML, Criminal Code), performance of contractual obligations (Game Plan) and legitimate interests |
| Recipients | Digmia, s.r.o. |
| Retention period | 5 years after making a bet |
| Automated decision-making including profiling | Profiling - Tracking of gaming activities to protect against fraudulent behaviour and to ensure the integrity and functionality of our services AIR - rejection of non-standard payment methods or rejection of a bet to protect your account from abuse to ensure the integrity and functionality of the games |
| Legitimate interest | protect our systems and ensure the integrity of our Products and Services |
Deposits and withdrawals (website / mobile app / Sportbox):
| Scope of personal data | data processed while using the account, identity document data, payment method information, bank account information, credit card details |
| Purpose | offering betting options, fraud prevention, identification of unusual business operations |
| Legal basis | compliance with legal obligations (Gambling Act, AML, Criminal Code), performance of contractual obligations (Game Plan) |
| Recipients | payment gates, banks |
| Retention period | 5 years from a transaction, possibly longer upon FIU’s request |
| Automated decision-making including profiling | Profiling - Tracking of standard payment methods to protect users from account misuse AIR - deposit / withdrawal refusal |
| Legitimate interest | - |
Withdrawals from the account (above EUR 2,000):
| Scope of personal data | data processed when using the account, identity document data, payment method information, bank account information, credit card details |
| Purpose | fraud prevention, identification of unusual business operations |
| Legal basis | compliance with legal obligations (AML, Criminal Code) |
| Recipients | payment gates, banks |
| Retention period | 5 years from a transaction, possibly longer upon FIU’s request |
| Automated decision-making including profiling | Profiling - Tracking of standard payment methods to protect users from account misuse AIR - withdrawal |
| Legitimate interest | - |
Loyalty program:
| Scope of personal data | data processed when using the account, data relating to bets, registration of points obtained on the basis of bets made, data on the benefits used |
| Purpose | providing member rewards and benefits, motivating players, brand promotion |
| Legal basis | compliance with contractual obligations (General Terms and Conditions of DOXXbet Club), legitimate interests |
| Recipients | Digmia, s.r.o. |
| Retention period | 5 years from closing an account |
| Automated decision-making including profiling | - |
| Legitimate interest | player motivation and branding |
Betforum:
| Scope of personal data | data processed when using the account, posts and related user content (e.g. tickets), name and surname of the person making bets, his/ her bets and related user content |
| Purpose | enabling the active use of Betforum |
| Legal basis | consent |
| Recipients | Digmia, s.r.o. |
| Retention period | 3 months from closing an account |
| Automated decision-making including profiling | - |
| Legitimate interest | - |
Competitions:
| Scope of personal data | data processed when using the account, the details of the competition-related bets |
| Purpose | enabling your participation in a competition and its subsequent evaluation |
| Legal basis | Legitimate interest |
| Recipients | Digmia, s.r.o. |
| Retention period | 2 years after the end of a competition |
| Automated decision-making including profiling | - |
| Legitimate interest | Player motivation and branding |
Customer support:
| Scope of personal data | contact details, account-related data, content of a requirement |
| Purpose | handling customer incentives, improving the quality of the Products and Services provided |
| Legal basis | compliance with contractual obligations (Game Plan), legitimate interest |
| Recipients | Digmia, s.r.o. |
| Retention period | 3 years from closing an account |
| Automated decision-making including profiling | - |
| Legitimate interest | to ensure the high quality of our Products and Services |
Sportbox (without registration):
| Scope of personal data | date of birth |
| Purpose | age verification |
| Legal basis | compliance with legal obligations (Gambling Act) |
| Recipients | - |
| Retention period | the time necessary to verify age |
| Automated decision-making including profiling | - |
| Legitimate interest | - |
Direct marketing:
| Scope of personal data | data processed when using the account (especially betting data and information on the use of our services), e-mail address, telephone number, correspondence address |
| Purpose | news about our Products and Services |
| Legal basis | Act on EC (e-mail), consent (text message) |
| Recipients | Digmia, s.r.o. |
| Retention period | 3 months from closing an account |
| Automated decision-making including profiling | - |
| Legitimate interest | - |
Claims:
| Scope of personal data | name and surname, correspondence address, account identifier, content of a claim, data identifying a bet (number, ticket code) or transaction (date, amount, transaction number) |
| Purpose | claim handling |
| Legal basis | compliance with legal obligations (Consumer Protection Act), compliance with contractual obligations (Game Plan) |
| Recipients | Digmia, s.r.o. |
| Retention period | 3 years after handling a claim |
| Automated decision-making including profiling | - |
| Legitimate interest | - |
| AIDM | Automatic individual decision-making |
| AML | Act no. 297/2008 Coll. on the prevention of legalization of proceeds of criminal activity and terrorist financing, as amended |
| FIU | Financial Intelligence Unit |
| GDPR | Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) |
| Personal Data Protection Act | Act no. 18/2018 Coll. on the protection of personal data, as amendedZákon č. 18/2018 Z. z. o ochrane osobných údajov a o zmene a doplnení niektorých predpisov |
| Game plan | Game plan of DOXXbet, s.r.o. of December 14, 2017 |
| Privacy Policy | Rules for processing personal data at DOXXbet |
| Criminal Code | Act 300/2005 Coll., the Criminal Code |
| Act on EC | Act no. 351/2011 Coll. on electronic communications |
| Gambling Act | Act no. 171/2005 Coll. on gambling games, as amended |
| Consumer Protection Act | Act no. 250/2007 Coll. on consumer protection and amendments to the Act of the Slovak National Council No. 372/1990 Coll. on Offences |
Protecting your personal information is extremely important to us. As the principle of transparency is one of the cornerstones of the new GDPR legislation, the Privacy Policy describes how we process your personal data. The following pages explain the following in more detail:
Operator’s contact details
There are several ways you can contact us: by telephone, e-mail or mail.
Our correspondence address:
DOXXbet, s.r.o.
Kálov 356,
010 01 Žilina
E-mail: info@doxxbet.sk
Telephone (information provision): +421 911 569 909
Contact details of the person responsible
For the purpose of supervising the processing of personal data, the Controller has designated a responsible person, KROČKA&PARTNERS s.r.o., who can be contacted by e-mail at dpo@krockapartners.sk or by post at DOXXbet, s.r.o., Responsible Person, Kálov 356, 010 01 Žilina, with the envelope marked "DO NOT OPEN".
How we collect personal data
We collect your personal data directly from you for one of the following reasons:
We may also collect your personal data from indirect sources, for example:
1. Right of access
Your fundamental right is to obtain confirmation whether we process your personal data or not. You can also request access to this data.
1.1
How do you access your personal data?
You can request access to your personal data through a simple request. In this regard, we would like you to state the following:
You may request the following:
What data and information can you access?
Based on your request, we will provide you with the following information:
Template of the request
[Address]
[Contact details]
[Date]
SUBJECT: Request for access to personal data
Dear sir/ madam,
in accordance with Art. 15 of GDPR I hereby request access to personal data you process about me. In particular, I request access to: (please, specify information/ data you are requesting, for example):]
I request the above-mentioned data/ information to be provided in an electronic form / via mail to: XY (address). Should you need any information to fulfil my request, please, do not hesitate to contact me.
Yours sincerely,
[Name and signature]
2. Right to rectification
If you feel that some personal data we process about you are incorrect, you may request us to rectify them. You may also request us to complete the data you consider incomplete.
2.1
How can you request personal data rectification?
You can request rectification and / or completion of incorrect and / or incomplete personal data through a simple request. In this regard, we would like to ask you to state the following:
3. Right to erasure (right to be forgotten)
You have the right to request erasure of personal data relating to you. In certain cases, we are obliged to comply with this request. In the media, this right is often referred to as "the right to be forgotten”.
3.1
How can you request personal data erasure?
You can request erasure of your personal data through a simple request. In this regard, we would like to ask you to state the following:
Is the right to erasure absolute?
No, the right to erasure is not absolute. GDPR in Art. 17, par. 1 states the reasons that must be met in order to oblige us to erase your personal data. The reasons are as follows:
In this context, we would like to inform you that in certain cases, GDPR allows us to refuse your request for erasure. The reasons for doing so are as follows:
4. Right to restrict processing
You have the right to restrict the extent to which we process personal data relating to you.
4.1
How can you request personal data processing restriction?
You can request personal data processing restriction through a simple request. In this regard, we would like to ask you to state the following:
Is the right to restrict processing absolute?
No, the right to restriction is not absolute. GDPR in Art. 18, par. 1 states the reasons for restricting the processing of your personal data. The reasons are as follows:
5. Right to data portability
You have the right to receive the personal data concerning you in a commonly used format and have the right to transmit those data to another controller. However, this right applies only to the data for the processing of which you have given us your consent on the basis of a contract. This right shall not adversely affect the rights and freedoms of others.
5.1
How can you exercise your right to data portability?
You can exercise your right to data portability through a simple request.
6. Right to object
On grounds relating to your particular situation, you have the right to object at any time to processing of personal data concerning you, in particular to processing we perform on the legal basis in line with our legitimate interests, including profiling.
You have the right to object at any time to processing of personal data for marketing purposes, including profiling to the extent that it is related to such direct marketing.
You have the right to object at any time to processing of personal data for scientific or historical research purposes or statistical purposes.
6.1
How can you object to personal data processing?
In practice, most of the time, objections to processing arise if for some reason you disagree with the way we process your personal data after studying our Privacy Policy or exercising your right of access to personal data. In any case, you are welcome to inform us about your objections.
What should the objection contain?
Your objection should include at least the following:
7. Rights related to automated decision-making including profiling
Automated individual decision-making means making a decision solely by automated means without any human involvement using only technological means. Profiling is understood as an analysis of your personal data in order to anticipate your later behaviour.
There are situations where, as a person whose personal data is being processed, you have the right to request us to exclude you from such automated decision-making provided it has legal effects on you or affects you in a similarly significant way.
An example of an automated individual decision-making without human intervention:
7.1
Is the right to object to automated decision-making, including profiling, absolute?
No. As is the case of your other rights under GDPR, the legislation lists situations where automated decision-making, including profiling, is allowed:
How can you request that you not be subject to automated individual decision-making, including profiling?
You can exercise this right though a simple request. In any case, if you have any doubts, do not hesitate to ask us first. We are always happy to provide you with information on why you are subject to automated individual decision-making, as well as on what legal effects it may have on you.
8. Right to lodge a complaint
If you have any questions or concerns regarding the processing of your personal data, please do not hesitate to contact us at any time. Our company will try to resolve any issues you might have to your satisfaction. However, if you are not satisfied with our practice, you have the right to lodge a complaint with the supervisory body.
8.1
The supervisory authority to which you can address your complaint is:
Úrad na ochranu osobných údajov Slovenskej republiky
Building Park Onehttps://dataprotection.gov.sk/uoou/
9. Final provisions
This information comes into force and effect on 31.02.2025. The operator reserves the right to change these principles in the event of a change in the processing of personal data in the company and in the event of a legislative change.
We process your personal information so you are able to carry out sports betting, betting, virtual games betting or use other services or products we offer (hereinafter referred to as “Services” or “Products” using our website www.doxxbet.com (including our mobile apps on iOS and Android), and in some cases using the Sportbox betting terminal. The following sections detail the individual personal data processing operations that take place.
1. Account registration
In accordance with the Game Plan, any player wishing to play (use our Products) through our website or mobile application must undergo a registration process at the end of which an account is created. Upon registration, we collect the following data:
In this case, processing of your data is essential in order to provide you with our Services and Products. To this end, we verify your age, your identity, and whether you are kept in the register of natural persons excluded from gambling.
The legal basis for processing of your personal data is compliance with our contractual obligations under the Game Plan, as well as compliance with our legal obligations as the controller under GDPR.
1.1
In accordance with Art. 6, par.1, letter (b) of GDPR we may process your personal data for the performance of a contract to which you are party. Therefore, we need these data to fulfil our contractual obligations in accordance with the Game Plan, which is an official document - the basic rules for a player placing online bets or betting via DOXXbet Sportbox.
Furthermore, under Art. 6, par. 1, letter (c) of GDPR we may process your personal data to fulfil our legal obligations. In this case we act in compliance with (but not only) two laws, namely the Gambling Act and the AML.
Gambling is prohibited for persons under 18 years of age. For this reason, we must always verify your age. For online betting, the Gambling Act also requires us to verify your identity, and thus we need a proof of identity as well as another official document proving your identity. These obligations are set out in Art. 35, par. 6 of the Gambling Act. Under Art. 35, par. 7 of the Gambling Act, we are obliged to ascertain whether you have been entered into the register of natural persons excluded from gambling. For these purposes, we are obliged to request from you an identity card as well as other documents within the meaning of the Art. 12, par. 2, letter (a), subpar. 1 of AML.
In accordance with the Game Plan, we also have to process personal information regarding the source of funds present on your account. We need these data to fulfil our contractual obligations, pay you your winnings, as well as to meet the requirements of AML regarding money laundering and terrorist financing prevention.
2. Using our website / mobile application
After registering and logging into your account, we process personal data and information you have provided us to provide you with our Services and Products. When using your account through our website or mobile application, we process the following personal data:
In this case, the processing of your data is essential in order to provide you with our Services and Products. As stated in the section on personal data processing for the purpose of account registration, we process your personal data to fulfil our contractual and legal obligations. We process your personal data for the following purposes:
2.1
Pursuant to Art. 3, par. 6 of the Gambling Act, we are required to guarantee all players the same conditions, including the same chance of winning. For this reason, we must ensure the protection of your funds, the funds of other players and our systems to prevent circumvention of the rules set out in the Game Plan and/ or abuse of our Services and Products.
Pursuant to Art. 14, par. 1 of AML, as a liable entity, we are obliged to determine whether or not unusual business operations take place when we provide our Services and Products. Therefore, in connection with your activity, we are obliged to monitor, for example, unusual operations involving your account, whether you perform operations without obvious economic purpose (i.e. loss), low-value operations in excessively high volumes, etc. If we suspect that your account is being misused, we may restrict your access to our Services and Products.
Similarly, if we suspect that operations performed through your account give grounds for suspicion of a criminal activity, we may also process your personal data for the purpose of reporting this crime to law enforcement authorities. In such cases, the legal basis for the personal data processing is, for example, Art. 234 of the Criminal Code.
In relation to the above-mentioned processing of your personal data, we also rely on a legitimate interest on our part in accordance with Art. 6, par. 1, letter (f) of GDPR - the protection of our legitimate interests, systems and the integrity of our Products and Services.
3. Deposits and withdrawals of funds
In order to make full use of your account as well as to place bets, you are required to put a sufficient amount of funds in your account using a payment source led in your name. Similarly, in the case of withdrawal, payments are made only to a bank account in your name. For these reasons, your personal data is also processed when making deposits and withdrawals:
In particular, personal data processing is necessary for us to allow you to bet online and pay you your winnings. As stated in the section on processing personal data for the purpose of account registration, we process your personal information in order to fulfil our contractual and legal obligations.
3.1
The legal basis for personal data processing regarding deposits and withdrawals of funds is to be found in Art. 6 of the Game Plan. In the case of operations with a value higher than EUR 2,000 we are in accordance with Art. 10, par. 2, letter (e) of AML obliged to verify your identity again. Due to the fact that deposits and withdrawals are related to the use of our website / mobile application, the processing operations listed in the section on the use of the website / mobile application apply accordingly to processing of your personal data.
4. Betforum
When using your account, you can post comments, tickets and comment on other players' posts and tickets via the discussion forum Betforum. In order to allow you to do all of the above, we are obliged to process the following data:
Personal data related to your active use of Betforum are processed exclusively on the basis of your consent. This consent can be revoked at any time.
5. Loyalty program DOXXbet Club
In accordance with the General Terms and Conditions of the DOXXbet Club, you automatically become a member of the DOXXbet Club upon account registration. One of the features of the DOXXbet Club is an account where the points earned for betting are recorded. Points can then be exchanged at DOXXshop for free bets and products available. In order to allow you to do all of the above, we are obliged to process the following data:
In this case, personal data are processed on the basis of legal requirements (our legitimate interests) and contractual requirements under the General Terms and Conditions of DOXXbet Club.
5.1
In accordance with Art. 6, par. 1, letter (b) of GDPR, we may process your personal data in order to carry out a contract to which you are party. Therefore, we need these data to fulfil our contractual obligations in accordance with the General Terms and Conditions of DOXXbet Club.
In accordance with Art. 6, par. 1, letter (f) of GDPR, we may process your personal data for the purposes of the legitimate interests of the controller, except where your interests or fundamental rights and freedoms prevail over those legitimate interests.
Our legitimate interest in this case is to motivate you by providing you with bonuses and rewards for using your account. With regards to the above, our company has performed a balancing test to which, however, you are free to raise any objections.
6. Competitions
When using your account, you may be given the opportunity to participate in the competition. If you join the competition, we will process the following personal data:
Processing of personal data is necessary for letting you participate in the competition as well as for the subsequent evaluation of the competition. Therefore, we need this information to fulfil our contractual obligations in accordance with the General Terms and Conditions of DOXXbet Club.
6.1
In accordance with Art. 6, par. 1, letter (b) of GDPR, we may process your personal data in order to carry out a contract to which you are party. Therefore, we need these data to fulfil our contractual obligations in accordance with the General Terms and Conditions of DOXXbet Club.
In accordance with Art. 6, par. 1, letter (f) of GDPR, we may process your personal data for the purposes of the legitimate interests of the controller, except where your interests or fundamental rights and freedoms prevail over those legitimate interests.
Our legitimate interest in this case is to motivate you by providing you with bonuses and rewards for using your account. With regards to the above, our company has performed a balancing test to which, however, you are free to raise any objections.
7. Customer support
In connection with the provision of our services, we also provide customer support service. This service aims at resolving any issues that may arise in connection with the use of our Services and Products. The customer support is carried out via e-mail, telephone or Live Chat. In order to provide you with customer support services, we process the following data:
We process personal data to fulfil our contractual obligations and meet our legitimate interest – provision of high-quality services and products.
7.1
In accordance with Art. 6, par. 1, letter (b) of GDPR, we may process your personal data in order to carry out a contract to which you are party. Therefore, we need these data to fulfil our contractual obligations in accordance with the General Terms and Conditions of DOXXbet Club.
In accordance with Art. 6, par. 1, letter (f) of GDPR, we may process your personal data for the purposes of the legitimate interests of the controller, except where your interests or fundamental rights and freedoms prevail over those legitimate interests.
Our legitimate interest in this case is to motivate you by providing you with bonuses and rewards for using your account. With regards to the above, our company has performed a balancing test to which, however, you are free to raise any objections.
8. Direct marketing
Your personal data are also processed for the purpose of informing you of news regarding our Services and Products as well as other related advertising notices based on your preferences. Such ads will be sent to you either via e-mail or text message to your phone number. In relation to direct marketing, the following data is processed:
Personal data processing in relation to direct marketing by e-mail is carried out in accordance with the Act on EC. Personal data processing in relation to direct marketing by text messages sent to your telephone number is carried out based on your consent. You may revoke this consent at any time.
8.1
Pursuant to Art. 62, par. 3 of the Act on EC, we may contact you for the purposes of direct marketing via e-mail, provided we have received your e-mail address in connection with the provision of our Services or Products. Of course, you can opt out of these e-mails easily and free of charge at any time. This option is provided to you at the end of each e-mail you receive from us.
9. Claims
When using our services, there may arise a situation you would like to complain about. In order for the complaint / claim to be handled properly, it is necessary to process some of your personal data, in particular the following:
Personal data processing for the purpose of handling claims is essential for meeting our legal obligations.
9.1
According to Art. 6, par. 1, letter (c) of GDPR, processing of personal data is possible if it is necessary for the fulfilment of legal obligation of the controller. Our legal duty in this case is, for example, to provide you with the opportunity to file a claim under Art. 3, par. 1 of the Consumer Protection Act.
DOXXbet is aware of the importance of protecting your personal information and therefore minimizes any sharing with other parties. Personal data processed in accordance with the provisions of the Privacy Policy may only be shared with those third parties that provide reasonable assurance that they will take appropriate technical and organizational measures to meet the requirements of GDPR and ensure the protection of your rights. With each such third party we conclude the brokerage agreement in accordance with Art. 28 of GDPR.
When processing your personal data, IT system administrators may access these data. The IT system administrators include the following companies:
In connection with making deposits and withdrawals from your account, we are required to provide some of your data and information to payment service providers and banks.
Your data may be accessed also by external auditors, tax advisors and legal service providers.
We may also share your personal information with the tax authorities or public authorities involved, as long as the law requires us to do so.
GDPR contains provisions to help protect data subjects' rights so that profiling or automatic individual decision-making (AIR) does not unduly interfere with your rights.
GDPR in Art. 4, par. 4 defines profiling as any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
In general, profiling can be understood as a series of statistical deductions designed to predict the behaviour of a person based on data from multiple sources in relation to characteristics of other, statistically related persons.
AIR is different from profiling, however, these concepts may overlap to some extent. The essence of AIR is the ability to make decisions solely on the basis of technical means without human intervention.
Our company performs profiling to the extent specified in the provisions of the Privacy Policy in line with AML's legal requirements when you use our website / mobile application. In particular, we monitor your gaming activities to protect ourselves against fraudulent activities in order to ensure the integrity and functionality of our services. Profiling also takes place when we process data for direct marketing purposes, for example, we track what kind of sport or competition you like to bet on and based on that we tailor special offers to your needs. You may object to the processing of personal data for direct marketing at any time. We are obliged to comply with your objection.
We also carry out AIR primarily to protect your account from being misused. For example, if you use certain payment method and the system records the use of a new, non-standard type of payment method, you may be denied withdrawal of funds and sent a notification. In both cases, we provide you with the possibility of human intervention.
Betting via DOXXbet Sportbox is anonymous. Your personal information is processed only if we need to verify your age in accordance with the Gambling Act or if you sign into your account using DOXXbet Sportbox. In this case, your personal data is processed to the same extent as if you were using our services through our website or mobile application.
In accordance with the obligations imposed on us by GDPR, we have taken appropriate technical and organizational measures to ensure the protection of your personal data. These measures are updated at regular intervals, taking into account technological developments as well as best practice in our business field, in particular measures to ensure the physical security, measures tackling responsibility and training of staff with access rights, regular data back-up, as well as measures regarding software or penetration testing.
To help you understand the personal data retention period, we have prepared an easy-to-navigate table.
Why we need your personal data | Personal data retention period |
Account registration | 5 years from closing an account, or longer upon FIU’s request |
Using the website / mobile app / Sportbox with a loyalty card | 5 years after making a bet |
Deposits and withdrawals (website / mobile app / Sportbox) | 5 years from a transaction, possibly longer upon FIU’s request |
Loyalty program | 5 years from closing an account |
Betfórum | 3 months from closing an account |
Main prize competition | 2 years after the end of a competition |
Customer support | 3 years from closing an account |
Sportbox (without registration) | the time necessary to verify age |
Marketing communication | 3 months from closing an account |
Claims | 3 years after handling a claim |
Our company does not transfer your personal data to third countries.
