What we collect
If a customer visit one of our websites the system automatically collects information which is generated by the browser of the visitor of our website and stores them in logfiles on a temporary basis including but not limited to:
• the IP address of the requesting computer
• the date and the time
• the operating system
• the browser used by the customer.
The logfiles may contain IP addresses which allow identification of a customer.
Such collection is necessary for the performance of the services provided and for the purpose of our legitimate interests in order to enable the use of the site by the visitor, to optimize the website and in order to identify dysfunctions and abuse of GLB services.
During the registration process GLB collects customer’ personal data including but not limited to:
• first name and last name
• complete address
• date of birth
• a valid email address
• username and password
• personal security question and answer
Customers will be requested - at any given time and in line with applicable laws and regulations, particularly the current regulations to prevent money laundering and the financing of terrorism - to submit further documents to verify their identity and to enable security identity checks, such as a copy of a valid ID issued by the competent authority, e.g. passport, personal identity card, driver's license, a utility bill (e.g. for gas, electricity or a lease contract).
After the registration, customers may change their personal data at any time (with the exception of the surname, first name, date of birth, country, and user name and nickname). Every customer has to update his personal data without delay once information provided to GLB are no longer correct or are incomplete.
The collection of such data is required for us to provide our services to the customer. The verification of the customers’ age and identity is necessary for complying with legal obligations.
If a customer deposit funds into his personal GLB account by card, the processing of particularly the following additional personal data is required:
• first name and last name of cardholder
• name of credit card company
• credit card number
• expiry date of credit card, CVC code and password
If a customer wants to transfer winnings into his bank account, particularly the following personal data has to be collected:
• name and surname of account holder
• name of bank
• SWIFT code
GLB processes information that is collected by cookies, logfiles, clear gifs, and/or by third parties' support in order to create customer profiles. A profile contains information on individual customer including preferences concerning the activities of the customer. This information is related to the customer’s personal and identifiable data and used to provide and improve our services to the benefit of the customer. Profiles are also used to design each customer's experience on our websites individually and to provide specific marketing information.
GLB uses logfiles. These include IP addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp and the number of clicks to analyze trends for administration of the site, to track customers' movements on the site, and to gather usable information. IP addresses are related to the provision of web-based services with personally identifiable information. The collection of such data is required for us to provide our services to the customer. GLB stores communication with customers including requests for information or customer support. This applies to communication via email, the website or other means of communication. These records are used for training and security purposes.
1. a) Transaction data storage policy: In addition to complying with all record retention provisions under Applicable Law, and subject to the requirements of the PCI Standards, GLB GmbH shall retain legible copies of Data for a minimum period of eighteen (18) months from the date of each transaction.
1. b) Such data may be transmitted to payment providers. The collection of this data is necessary for performing payment services. In accordance with the recommendations of Payment Card Industry Security Standards Council, customer card details are protected using Transport Layer encryption - TLS 1.2 and application layer with algorithm AES and key length 256 bit.
2) Payment card data policy: GLB GmbH shall not store player card details and are fully compliant with the rules set out by the PCI.
How it is stored
Personal data is kept by GLB as long as a customer is using GLB’s services. Whenever a customer deactivates his account, the personal data saved in the system will remain stored for the minimum length of time required to comply with the applicable legal obligations. Specifically, personal data relevant to gambling activity of customers, will be stored for ten (10) years from the initiating time of placing bet, while personal data relevant to identification of customers, will be stored for five (5) years from the end of our customer relationship. Personal Data may also be stored longer if it cannot be deleted for technical and/or legal reasons. All data will be processed in an automated manner. GLB takes all adequate technical and organizational measures to protect customer' data from access by unauthorized persons and to prevent accidental or unlawful processing, disclosure, destruction, loss, alteration or damage. In particular payment information will always be encrypted when data is being processed. Whereas sensitive information is protected online by SSL encryption, GLB makes any reasonable effort to ensure the protection of customers' data. Only authorized employees of GLB, or employees of third parties contractually bound to compliance with the principles of data protection, have access to customers’ information. GLB monitors the trustworthiness and reliability of all its employees. At regular intervals, all employees are given training on the applicable security and data protection standards. All relevant servers are located in a secure environment. In addition, all customer data is protected from unauthorized access by firewall and intrusion prevention systems.
Internet based transfers
Disclosure of Information
GLB treats customer’s personal data strictly confidential.
Disclosure of customers personal data may happen to third parties only:
• if the customer has given consent with such disclosure
• the disclosure is necessary for compliance with legal obligations to which GLB is subject, for example in response to requests from the government or law enforcement agencies conducting an investigation or in case of investigation and / or reporting fraud, terrorism, counterfeiting, security breaches or criminal activities in accordance with applicable law.
• when the disclosure is necessary for the purposes of the legitimate interests pursued by GLB or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the customer.
GLB only transfers data to states outside of the EU/EEA provided the recipient guaranties a standard of data protection comparable to European standards (e.g. by agreeing to approved contractual clauses, intragroup agreements or other measures designed to ensure that the recipients of personal data protect them). On a case-by-case basis, GLB makes use of trusted third parties to process customers’ personal data including but not limited to payment services, information technology, customer support, sales, marketing. Pursuant to applicable data protection regulations including the General Data Protection Regulation these third parties are contractually obliged to treat customers' data securely and confidentially. Their use of the said data is restricted to the extent required to fulfil the respective task. In order to complete customers' identity verification, to carry out security checks, to assess customers’ compliance with our Terms and Conditions and legal obligations including the prevention of money laundering, the financing of terrorism and the protection of minors, customer data may be matched against third party databases. Upon any indication of transactions and/or activities that may raise suspicions of criminal activities, GLB will report to the relevant parties in charge. GLB commitment to the protection of personal data notwithstanding, the company reserves the right to publish gaming data (e.g. achieved results), the customer's first name, the initial of the surname as well as the customer's country of residence on our websites as long as the customer remains, directly and indirectly, unidentifiable.
The sharing of customer’ data also is necessary to protect customers and ourselves from crime and to comply with legal obligations.
Merchant will not sell, purchase, provide, exchange or in any other manner disclose Account or Transaction data, or personal information of or about a Cardholder to anyone, except, it’s Acquirer, Visa/Mastercard Corporations or in response to valid government demands.
Access to information
The customer has the right to:
• request access to personal data
• request correction of personal data
• withdraw the consent to the processing of data (e.g. for marketing activities)
• request delete of personal data
• receive data in a structured, commonly used and machine-readable format (data portability)
• request the restriction of processing personal data
• to object to the processing of personal data.
Some of the above mentioned rights may only apply under certain circumstances as set forth in data protection legislation including the General Data Protection Regulation.
We reserve the right to reject requests that are unreasonably repetitive, require disproportionate technical efforts or have disproportionate technical consequences, jeopardize the privacy of others or are impossible to implement.
Changes to the Privacy Statement
Last update: December 18th, 2018.