Version 2.0
General
The EU General Data Protection Regulation (GDPR), which came into force on 25 May, 2018, provides new rights to individuals and requires organisations to provide information about their processing in a clear and transparent way. We have published this Privacy Policy to take into account new requirements and to explain how Run It Once Ltd. (“the Company”, “we” or “us”) collects, stores and uses personal data.
Any personal data provided by you (“the user”) voluntarily through our website runitonce.eu will be processed in accordance with the Data Protection Act (Chapter 586 of the Laws of Malta), the GDPR and any other relevant data protection legislation, as may be amended from time to time.
Data Controller
For the purposes of the GDPR, the Company is the Data Controller.
If you have any questions about how we process your personal data, please email our Data Protection Officer at [email protected]. Our postal address is:
33, Vivendo House, Floor 3
Triq Agius de Soldanis
Birkirkara
BKR 4850
Malta
Your Agreement to the Privacy Policy
By using the Service, you agree to the terms of this Privacy Policy as may be amended from time to time, save for those instances where we will ask you separately whether you consent to submitting your information or receiving promotional communications from us.
Information We Collect
The data that we may collect about you usually includes, but is not limited to:
- Your name and surname;
- Your address;
- Date of birth;
- Contact number and email address;
- Game client tech data and web analytics (including geolocation data);
- Game and transaction history;
- Customer service emails;
- Player account notes;
- Copies of official and valid proof of identity and residence;
- Payment data;
- AML/Fraud investigative information; and
- Any other personal data that you may provide to us.
The provision of the above information is necessary in order to complete your registration and allow us to provide our service to you. If you do not provide us with the information we request from you, we may be unable to process your registration or provide you with all our services (including the ability to play games on the game client).
Basis of Processing
We will process personal data on the basis of:
- Our legal obligations (for example, to comply with fraud and money laundering regulations);
- Necessity for the performance of a contract which you have asked us to enter into, or in order to take steps at the request of prospective players prior to entering into a contract (for example, to process your information prior to completing registration);
- Our legitimate interests (for example, to ensure we are providing you with the best possible customer service, to manage our database efficiently and to improve and ensure the security of our systems).
Sharing your Information
We have an obligation at law to forward information to the relevant authorities which deal with fraudulent behaviour e.g. possible criminal transaction and/or activities. If we have the slightest suspicion of transactions and/or activities being criminal, we shall report this information to the relevant authorities such as the police or other companies specialised on the investigation of fraudulent transactions and/or behaviour. We may not be permitted to inform you that we have done so. By accepting the Company’s Privacy Policy, players give the permission to have their data and other transaction information verified by using third party databases.
We will not share any of your personal data with third parties without your permission, except where this is strictly required for us to provide you with a service you have engaged us to provide or where we are obliged to do so in terms of our legal or regulatory obligations. The Company may send data to its employees, associate/s, agent/s, sub-contractors, product provider/s or investment institution/s, (all of which shall be made subject to confidentiality and data protection obligations as shall be considered necessary by the company, in keeping with its obligations in fulfilment of the Terms and Conditions) for the purpose of providing the said services and/or to any regulatory or public authorities to comply with its regulatory or other obligations in terms of the law.
We may share your personal data with the following categories of entities as necessary:
- Web analytics service providers (such as Google Marketing Platform and Kissmetrics);
- Payment service providers (including Astropay Ltd., Credorax Bank Ltd., PSI Ltd., Paysafe Financial Services Ltd., Skrill Ltd. and Trustly Group AB); and
- Customer contact service tool providers (such as Focalscope Ltd.).
Third Country Transfers
When sharing your personal data with an entity outside the EU, we do so in accordance with the requirements of the GDPR and any other applicable law.
As outlined above, we may share your data with PSI Ltd. (publicly trading as “EcoPayz”) which is a payment service provider located in the Isle of Man, outside the European Union. Although located outside of the EU, the Isle of Man is deemed by the European Commission to be a country which offers an adequate level of data protection. This means that this transfer of data may occur without any further safeguard being necessary and is equal to an intra-EU transfer of data.
Data Security
We take the security of your personal data very seriously and have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, so as to safeguard its integrity and confidentiality.
We will use all reasonable means to protect the player data stored on our servers. The security measures we have implemented to ensure safe transmission and storage of personal data include:
- Use of secure servers;
- Use of firewalls;
- Use of encryption systems;
- Physical access controls at ISO/IEC 27001-certified data centres;
- Information access controls (your information is accessed solely on a ‘need-to-know’ basis);
- Use of back-up systems
We also regularly review and, where practicable, improve upon these security measures.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. While we do our utmost to safeguard your personal data, no data transmission over the internet can be totally secure and therefore we cannot guarantee or warrant that no unauthorised access will occur.
Cookies
As is common practice with almost all professional websites, this site uses ‘cookies’, which are simple text files that are downloaded and stored on your computer or mobile (or other) device. Only the website’s server will be able to retrieve or read the contents of those cookies, in order to improve your user experience either for the duration of your visit (using a ‘session cookie’ or for repeat visits (using a ‘persistent cookie’).
This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or ‘break’ certain elements of the sites functionality.
The information gathered through cookies may include:
Information | Purpose |
Location Information | Rank countries and regions in terms of visits, activity etc to determine regional marketing priorities |
Device Information | Determine the most popular devices used to help shape device specific decisions |
Browser Information | Determine the most popular browsers and versions used to help shape browser specific decisions |
Operating System Information | Determine the most popular operating systems and versions used to help shape operating system specific decisions |
Customer ID | Track unique visits |
Source | Determine where traffic is coming to the website from |
Returning (Yes/No) | Differentiate returning visitors from new visitors |
URL | Determine which pages are visited the most often |
Language | Determine the most popular languages to help shape language specific decisions |
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies.
This site uses the Google Marketing Platform which is one of the most widespread and trusted analytics solutions on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Marketing Platform cookies, see the official Google Marketing Platform page.
Your Rights
Right of Access
You have the right to access all your personal data held and processed by the Company. To exercise this right, you can contact us at the email or postal address at the top of this page.
In order to process this request, we will require proof of your identity. We will do our best to process the request as soon as possible, and in any event no longer than thirty days from hearing from you.
Right to Rectification
You have the right to request rectification of any inaccurate or incomplete personal data held and processed by the Company. If you think we may hold details about you that are inaccurate or out of date, please contact us at the email or postal address at the top of this page.
Right to Erasure (‘right to be forgotten’)
You have the right to request that we delete the personal data held and processed by the Company by contacting us at the email or postal address at the top of this page.
This right is not absolute, and we may be justified in keeping certain personal data, for instance when we are legally obliged to do so or if such data may be necessary for us to defend a legal claim.
Right to Object
You have the right to object to the processing of your personal data, including where such processing takes place for the Company’s legitimate interests, and you may request to withdraw from all future activities and the removal of all personal data held and processed by us by contacting us at the email or postal address at the top of this page.
This right is not absolute, and we may be justified in keeping certain personal data, for instance when we are legally obliged to do so or if such data may be necessary for us to defend a legal claim.
Right to Data Portability
You have the right to move, copy or transfer your personal data from one organisation to another, and you have the right to request from us a copy of your personal data in a structured, commonly used and machine-readable format, which we may provide to you or another organisation at your request, where it is technically feasible to do so. If you would like us to assist you with this, please contact us at the email or postal address at the top of this page.
Right to Lodge a Complaint
All Data Protection enquiries/complaints should be sent to our Data Protection Officer at [email protected].
You also have the right to lodge a complaint with the Information and Data Protection Commissioner in Malta as the data protection supervisory authority:
Information and Data Protection Commissioner
Level 2, Airways House
High Street
Sliema SLM 1549
Malta
Tel: (+356) 2328 7100
Email: [email protected]
UK Individuals: Right to lodge a complaint with the UK Supervisory Authority
If you reside in the UK and wish to lodge a complaint with the Supervisory Authority then you may do so by contacting the Information Commissioner’s Office (ICO).
Marketing
If you are a customer, from time to time, we may wish to contact you about products and/or services which you have purchased or shown interest in. We may also contact you if you are not yet a customer, but you have given us your consent to send you marketing material to keep you up to date on our products and services.
You have the right to ask us to stop sending you marketing material at any time.
You can stop receiving marketing messages from us at any time through any of the following methods:
- By clicking on the ‘unsubscribe’ link in any email we send you
- By opting out of receiving marketing messages through the game client
- By contacting us at the postal or email addresses at the top of this page
This will not affect any processing that took place prior to the withdrawal of consent. Please note that, it may take a few days for all our systems to be updated, so you might get messages from us while we process your request.
Please also be aware that if you ask us to stop sending you marketing material, we will still continue to contact you in relation to the service we have been engaged by you to provide if this is necessary for us to provide the service.
You recognise that notwithstanding having opted out of receiving marketing messages from us as aforementioned, you may still see our advertisements or other forms of public communications through social media platforms and third-party websites. You need to consult the specific Privacy Policy and/or account preferences within these individual websites should you wish to stop seeing such communications or advertisements from us.
Retention
We will not store personal data for longer than is necessary keeping in mind the purpose/s (or compatible purposes) for which we first collected that data. We may also need to keep some of your personal data where we are obliged to do so in terms of legal or regulatory requirements, or in order to protect ourselves against legal claims, or to enforce our company terms and conditions.
As a general rule we will retain your personal data as long as your account is active, or until you ask us to stop communicating with you, unless we have a valid reason to keep the information for a longer time.
Type of Data | Retention Period |
Account registration data | 5 years after closing of account* |
Transaction information | 5 years after closing of account* |
Game history | 5 years after closing of account |
Web Analytics | 5 years after collection |
Customer correspondence | 5 years after closing of account |
Notes on player accounts | 5 years after closing of account* |
Technical information | 5 years after closing of account |
Contact details of newsletter subscribers | Until data subject unsubscribes |
*This retention period is in accordance with anti-money laundering regulations.
For more information about our retention policy, please contact us at the postal or email addresses at the top of this page.
Anonymisation
In some cases, when we no longer need your personal data, rather than deleting or destroying it we will anonymise it. This will render it unidentifiable and thus it will no longer be classified as personal data. We may do this for two reasons:
- Firstly, because your personal data may be stored along with personal data of other data subjects with a different retention period; and
- Secondly, because we may need to use the anonymised data for our business purposes such as research, data analysis, statistics, product development, improving our site and app, etc.
Links to Third-Party Websites
We may post links to other web sites which are operated by companies that are outside of our control, and your activities at those sites will be governed by the policies, practices and laws of those third-party operators. We encourage you to review the privacy practices of these third parties as we are not responsible for the privacy practices of those sites.
Changes to this Privacy Policy
We may update this Policy from time to time and we will replace this policy with an updated version. It is your responsibility to access the ‘Privacy Policy’ page frequently so that you will be aware of any changes that may be implemented by us from time to time. Nevertheless, substantive modifications to this Privacy Policy (e.g. a change to the identity of the controller or a change as to how data subjects can exercise their rights in relation to the processing) shall always be communicated the player.
UK Representative
Pursuant to Article 27 of the United Kingdom General Data Protection Regulation (‘UK GDPR’), Run It Once Ltd. has appointed Eta Delta Ltd as its representative in the UK. You can contact Eta Delta Ltd regarding matters pertaining to the UK GDPR by:
- Sending an email to [email protected]; or
- Writing to Run It Once UK Representative, Eta Delta Ltd, 30 Gordon Street, Glasgow, G1 3PU, United Kingdom.
Law and Jurisdiction
This Policy shall be governed by Maltese Law. Any dispute arising from, or related to, such Policy shall be subject to the exclusive jurisdiction of the Courts of Malta.