V4.0 from 22.03.2021
Pari-Tech (CY) Limited (hereinafter referred to as “we”, “our”, “us” or the “Company”) is a Cyprus company, with registration number HE 321276, and registered address at 22 Larnakos, 4th Floor, Office 401A, Aglantzia, 2101 Nicosia, operating from the website www.parimatch.com.cy (hereinafter referred to as the “Website”). The Company is committed in providing online betting services, and all the activities are licensed and regulated by the National Betting Authority of Cyprus (NBA) under Class B bookmaker’s licence No. B0013 issued on October 5, 2017.
This Policy provides an overview on how our Company protects the personal data and privacy of individuals who visit our Website (hereinafter referred to as “Website Visitors”), who register to use our products and services (available at www.parimatch.com.cy (hereinafter referred to as the “Services”).
The Company is committed to protecting your privacy and handling your data in an open and transparent manner and in accordance with the European Regulation 2016/679 and the relevant data protection legislation which is applicable in the Republic of Cyprus. The personal data that we collect and process depends on the product or service requested and agreed in each case.
Controller – ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Processor – “means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”;
Personal data – “means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”;
Data Protection Officer (DPO) – “a person appointed by the Company that takes formal responsibility for data protection compliance within an organisation”;
Data Protection Authority – “means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws”.
3. What we need
Our Personal Data Protection Policy governs the use and storage of your data. You can see our Personal Data Protection Policy at https://parimatch.com.cy/faq/privacypolicy .
Pari-Tech (CY) Limited is a Controller of the personal data you provide to us. We only collect basic personal data about you.
Subscriber’s personal data (meaning any information about You from which You can be personally identified, such as Your name, address, telephone number or email address, and which is referred to in this Privacy Notice as "Your Information"), will be processed by Pari-Tech (CY) Limited (which include its agents and employees), and (where appropriate) our partners and subcontractors in order to be able to provide the full range of the Services to the Subscriber. The Subscriber’s information is collected when the Subscriber registers to open an account with Pari-Tech (CY) Limited; or when the Subscriber submits a written query to Pari-Tech (CY) Limited, but also during the Subscriber's account verification process and during his betting activity.
4. Whether you have an obligation to provide us with your personal data
In order that we may be in a position to proceed with a business relationship with you, you must provide your personal data to us which are necessary for the required commencement and execution of a business relationship. We are furthermore obligated to collect such personal data given the provisions of the money laundering law which require that we verify your identity before we enter into a business relationship with you or the legal entity for which you are the authorized representative / agent or beneficial owner. You must, therefore, provide us at least with your identity card/passport, your full name, place of birth (city and country), and your residential address so that we may comply with our statutory obligations as mentioned above.
Kindly note that if you do not provide us with the required data, then we will not be allowed to commence or continue our business relationship either to you as an individual or as the authorized representative/agent or beneficial owner of a legal entity.
5. Why we need it
We need your personal data in order to provide you with the following services:
Provide Customer Service - collection of Authentication data: client's account number/ email/ phone/ password/ address/ Betting history/ data for the purposes of verifying the source of wealth to validate the customer’s transaction details. Account financial history, Payment details for the purpose of usage of all of the features of the Services, provision of the following activities on website and mobile applications: Bet placement, playing games, viewing Bet history, Financial account history (account replenishments and withdrawals), Ordering account replenishments and withdrawals, Account settings, Account security settings.
Provide Customer Support service - collection of client’s Personal data (documents, name, birth data, telephone, email address, country, IP addresses, any other data for the purposes of verifying the source of wealth to validate the customer’s transactions, saved phone calls and text live chats) for the purpose of providing Customer support services, Financial Accounting, Email database, Phone database, Customer satisfaction reporting to track and improve customer representative performance.
Advertising or promotion - collection of e-mail address, phone number, photos, videos and the Client’s name for advertising and sending future events, offers and promotions from Pari-Tech (CY) Limited.
Provide compliance with relevant legislation and regulations - collection of client’s Personal data (IP addresses, sport and any other data for purposes of verifying the source of wealth to verify customer transactions) for the purpose of live monitoring of anti-fraud activities.
Provide security monitoring for possible antifraud and illegal activities - collection of client’s Personal data (IP addresses, sport transactions, Browser identification) for the purpose of monitoring of Players’ activities.
AML and KYC – collection of payment details, identification documents like photo IDs, bank accounts, credit card information, residential address, utility bills, and any other data for the purposes of verifying the source of wealth to validate the customer’s transactions etc. for the purpose of prevention fraud, suspicious, unlawful transactions.
We do not use automated decision-making policies, including profiling.
6. Who receives your personal data for processing?
6.1 Data Processors list
Your personal data is processed in:
Pari-Tech (CY) Limited, located in Cyprus, 22 Larnakos, 4th Floor, Office 401A, Aglantzia, 2101 Nicosia. DPO contacts: [email protected] Storage of Personal Data.
NetShop Internet Services Ltd, located in Cyprus, 2A, Marathonos, 7060 Livadhia, DPO contacts: [email protected] Storage of Personal Data (Hosting provider).
Cloudflare Inc., located in US, 101 Townsend St., San Francisco, CA 94107. DPO contacts: [email protected] DDoS protection service provider.
Zendesk, located in US, 1019 Market St., San Francisco, CA 94103. DPO contacts: [email protected] Storage of Personal Data (Customer Support portal).
NewRelic, located in US, 188 Spear St., Suite 1200, San Francisco, CA USA 94105. DPO contacts: [email protected]
DataDome, located in France, 55, rue la Boétie 75008 Paris, Phone: + 33 1 86 95 71 38. Bot detection provider.
Lumen Technologies, located in the US, 100 CenturyLink Drive Monroe, LA 71203. DPO contacts: [email protected] (IP transit services provider).
C.C.D. COGENT COMMUNICATIONS DEUTSCHLAND GMBH, located in Germany, ATRICOM BUILDING, Lyoner Strasse 15, 60528 Frankfurt/Main. DPO contacts: [email protected] Transfer of Personal Data(IP transit services provider).
GTT Communications, located in United States of America, DPO contact: GTT, 7900 Tysons One Place, Suite 1450, McLean, VA 22102. Transfer of Personal Data (IP transit services provider).
ΤruNarrative LLC., located in the UK, The Gridiron Building, 1 Pancras Square, London, NC1 4AG. DPO contacts: [email protected]
Google LLC., located in US, 1600 Amphitheatre Parkway, Mountain View, CA 94043.
Betconstruct LLC., located in Cyprus, Ag. Paraskevi 1, 2616 Kalo Chorio-Oreinis. DPO contacts: [email protected] Software development.
Salesforce Inc., located in 415 Mission St., 3rd Floor, San Francisco, CA 94105, USA. CRM System.
AWS Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA. Cloud Infrastructure Provider.
6.2. Data Disclosure to the National Betting Authority of Cyprus and Law Enforcement Bodies
The Company undertakes the responsibility to disclose all available Personal Data to the NBA Cyprus, the Police, to all the relevant Anti-Money Laundering Authorities (MOKAS(UCML), ΕUROPOL, ΙΝΤΕRPOL, FIU.NET), to relevant Sports Governing Bodies (e.g. FIFA, IOC, UEFA, CSO) and to any other law enforcement agencies in cases of investigation of money laundering, fraud and/or identifying match fixing. To assist such in such investigations, whenever they would be initiated, the Company will store the Personal Data, even if a player’s account was closed, for at least five (5) years from the date of the last transaction of the client. Even if after the lapse of five (5) years, these Data will not be deleted unless prior approval is obtained from the NBA Cyprus.
The Company will maintain the account of each registered player for a period of five (5) years from the date of the last transaction and will not destroy any of the account details unless the period of five (5) years shall expire and shall be subject to prior approval by the NBA.
We will never disclose or sell any personal information to any company outside of the list of Data Processors (6.1) above and except to help prevent fraud and/or unlawful usage, or if required to do so by law.
7. Transfer of your personal data to a third country or to an international organisation
Your personal data may be transferred to third countries [i.e. countries outside of the European Economic Area] using the two following tools:
1) Signed Standard Contractual Clauses for other third countries according to Article 46 Section 2 lits. c, d GDPR.
Processors in third countries are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46.
8. How long we keep your personal information for
All Personal Data will be kept in a format that allows to the Data Subjects to be identified for no longer than is necessary for the purposes for which the personal data are processed. Your personal data will be kept for a period of at least five (5) years from the date of your last transaction with the Company, and any of the account data may not be destroyed unless the period of five (5) years shall expire and shall be subject to prior approval by the NBA Cyprus.
Personal data may be stored for longer periods of time if personal data are processed solely for archiving purposes and for reasons of general interest, scientific or historical research or for statistical purposes or for the defence of any legal rights.
9. Your data protection rights
You have the following rights, in terms of your personal data we hold about you:
Receive access to your personal data. This enables you to e.g. receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to erase your personal data [known as the ‘right to be forgotten’] where there is no good reason for us continuing to process it.
Object to processing of your personal data, where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
Withdrawal of the consent that you gave us with regards to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.
In the event that you wish to complain about how we handled your personal data, please contact Pari-Tech (CY) Limited DPO by the following email address: [email protected] or by post to address: 22 Larnakos, 4th Floor, Office 401A, Aglantzia, 2101 Nicosia, Cyprus.
Valid Data Subjects Access Requests listed below will be responded up to 30 days:
Know whether a data controller holds any personal data about them.
Receive a description of the data held about them and, if permissible and practical, a copy of the data.
Be informed of the purpose(s) for which that data is being processed, and from where it was received.
Be informed whether the information is being disclosed to anyone apart from the original recipient of the data; and if so, the identity of those recipients.
Be informed of the data storage period.
If the data is being used to make automated decisions about the data subject, to be told what logic the system uses to make those decisions and to be able to request human intervention.
According to Article 12 (3) GDPR we will provide on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
If any of the Personal Data we hold is incorrect or incomplete, you can request on legitimate grounds to have the information corrected, restricted or removed by writing to the DPO at Pari-Tech (CY) Limited at the above address or through the Parimatch.com.cy account (where available).
To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact the DPO at Pari-Tech (CY) Limited at the above address and by completing the Data Subject Consent Withdrawal Form.
Right to lodge a complaint
If after complaining to the DPO you still feel that your Personal Data has not been handled appropriately, according to the law, you can lodge a complaint with the Cyprus Data Protection Authority regarding the Processing of your Personal Data by us or on our behalf:
Office of the Commissioner for Personal Data Protection
1 Iasonos str., 1082 Nicosia
P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456
Email: [email protected]
10. Changes to this privacy statement
We may modify or amend this privacy statement from time to time.
We will notify you appropriately when we make changes to this privacy statement and we will amend the revision date at the top of this page. We do however encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your personal information.