PLAY

Privacy Policy

1. Introduction

Novoloto OÜ (hereafter “the Company”) routinely gathers, stores, and manages personal information to facilitate its digital and physical operations. If you would like to know more About us, our organization is deeply committed to upholding the highest standards of data security and privacy compliance. This document serves as an overarching guide detailing how we handle client data, the specific privileges granted to data subjects, and the proper channels for communication. Our ultimate goal is to act as a transparent, reliable partner that fiercely protects your digital footprint.

1.1 Applicability Scope

These guidelines strictly govern the processing of personal information belonging to registered individuals (Clients) on the fenixbet platform. This framework applies to both automated digital processing and physical filing systems. Furthermore, we mandate strict adherence to both the General Data Protection Regulation (GDPR) and local Estonian data protection legislation.

2. General Legal Framework

2.1. The Company operates as the legal entity Novoloto OÜ (Registration Code: 10159983), headquartered at J. Vilmsi 59, 10115 Tallinn, and functions under the Novomatic AG corporate umbrella.

2.2. Depending on the specific business operation, the Company may act as:

  • A data controller defining the trajectory and methods of data usage;

  • A data processor acting under established instructions;

  • A legal recipient of authorized data disclosures.

2.3. This Privacy Policy binds all internal staff and external corporate partners, ensuring a unified standard of confidentiality across all operations.

2.4. We reserve the right to amend these guidelines. Clients will be prompted to accept major revisions; declining these updates will result in a termination of platform access.

3. Core Principles of Data Handling

3.1. The fundamental freedoms, rights, and best interests of the data subject dictate all our processing decisions.

3.2. We employ responsible, trackable practices, maintaining constant readiness to prove our regulatory compliance.

3.3. Every data-related activity relies on the following pillars:

  • Lawfulness: We process information strictly upon explicit consent, contractual necessity, vital interest protection, legal obligation, or overriding legitimate corporate interest.

  • Fairness & Transparency: We utilize a plain-language processing register so users fully comprehend how their metrics are utilized.

  • Purpose Limitation: Information is curated solely for explicitly stated, legitimate operations.

  • Data Minimization: We extract only the precise details necessary to fulfill the immediate operational requirement.

  • Accuracy: We actively correct and update flawed records.

  • Storage Limitation: Identifiable metrics are securely destroyed or anonymized once their initial purpose expires.

  • Integrity and Confidentiality: Advanced technical countermeasures are deployed to prevent unauthorized access or accidental data destruction.

  • Privacy by Design: Whether you are browsing our main website or using a mobile App, strict data safeguards are natively embedded into the software architecture from day one.

3.4. For deeper insights into our compliance architecture, clients may directly contact our Data Protection Officer.

3.5. Data is strictly sequestered for business-critical processes defined by law and is never repurposed without authorization.

4. Scope and Composition of Collected Data

4.1. An exhaustive map of all collected parameters is documented within our central processing register.

4.2. We aggregate client profiles using multiple streams:

  • Information actively submitted by the user;

  • Organic data generated through standard corporate interactions;

  • Digital footprints left while navigating fenix-bet.org;

  • Information legally sourced from third-party networks;

  • Synthesized internal records.

5. Data Categories, Processing Grounds, and Purposes

5.1. For granular specifics regarding our data operations, please consult our official processing register.

5.2. We never process data without a firm legal foundation—primarily relying on active consent, contractual obligations, or established legitimate interests.

5.3. When processing relies on consent, we guarantee the request is unambiguous, easily accessible, and voluntarily provided via clear affirmative action.

5.4. Contractual processing covers pre-contractual negotiations, identity validation, active service delivery, and the enforcement of our standard Terms and Conditions.

5.5. Categorized Data Profiles & Origins:

  • Registration Data: Names, birth dates, personal ID codes, and contact coordinates.

  • Verification Data: Passport/ID scans, issue dates, residential proofs, and cross-references against national self-exclusion or global sanction lists.

  • AML (Anti-Money Laundering) Data: Wealth origins, employment status, background check results, and asset declarations.

  • Gameplay Metrics: Bet histories, active restrictions, account balances, and timestamped Login session records.

  • Financial Details: Truncated card numbers, IBANs, and precise transaction geolocation data.

  • Marketing Data: Language preferences, direct marketing opt-ins, and engagement metrics.

  • Tech & Visit Data: Device IP addresses, MAC addresses, browser environments, and ISP details.

  • Note: We categorically abstain from tracking sensitive demographic categories. Data is sourced directly from users, state databases, payment gateways, and PEP screening intermediaries.

5.6. Operational Objectives: We leverage this data to manage client accounts, process wagers, resolve technical complaints, execute market analytics, ensure legal compliance, provide support, and notify you when a new Bonus becomes available.

5.7. Mapping Legal Bases:

  • Legal Obligation: Registration, Identity, AML, and specific gaming logs.

  • Contractual Necessity: Financial transfers, communication records, and core website data.

  • Consent: Marketing materials and analytical cookies.

  • Legitimate Interest: Anti-fraud monitoring, website optimization, and resource management.

  • Note: Refusing to supply legally or contractually mandated data will result in a restriction of services.

5.8. Automated Decision-Making & Profiling:

  • We utilize automated algorithms to tailor marketing content and calculate financial risk profiles.

  • Our systems instantly approve or reject account creation based on automated age and restriction checks. They also autonomously verify payment matching to combat fraud.

  • To uphold fairness and enforce Responsible Gaming limits, automated bots continuously scan for prohibited betting scripts or syndicate IP usage. If flagged, accounts are automatically restricted.

  • Clients targeted by automated fraud or compliance restrictions retain the right to demand human intervention and formally appeal the decision.

  • Legitimate Interest Scope: We carefully balance our corporate interests against your privacy rights using standard three-step legal tests.

5.9. Statutory processing directly fulfills national mandates, including tax reporting and anti-money laundering protocols.

5.10. Should we need to repurpose your data for a new objective, we meticulously evaluate the contextual link, potential consequences, and required encryption safeguards before proceeding.

6. Third-Party Disclosures and International Transfers

6.1. We strategically share selected data with external partners to facilitate smooth platform operations.

6.2. Authorized recipients include Novomatic group entities, marketing affiliates, survey agencies, debt collectors, payment gateways, and IT providers.

  • Mandatory Disclosures: We are legally obligated to release information to law enforcement, tax administrators, the Financial Intelligence Unit, and courts during official proceedings.

  • Verification Partners: We utilize Veriff OÜ (Reg: 12932944, Niine 11, Tallinn) for biometric identity and document authentication, alongside PEP/sanctions background checks.

6.3. We strictly prohibit data transfers outside the European Union unless the destination country guarantees adequate legal protection, explicit user consent is secured, or standard corporate binding rules are firmly in place.

7. Security Protocols and Information Safeguards

7.1. We destroy outdated information precisely according to the schedules listed in our processing register.

7.2. Comprehensive organizational and technical frameworks are deployed to isolate and protect your data. Detailed security briefings are available via our Data Protection Officer.

7.3. In the unlikely event of a data breach, we will instantly deploy mitigation tactics, register the incident, and notify both the Data Protection Inspectorate and the affected users.

7.4. All communications between your hardware and our infrastructure are shielded by an advanced SSL protocol. Furthermore, our overarching platform architecture is certified under the rigorous ISO/IEC 27001:2022 information security standard.

8. Protection of Minors

8.1. Our platform and associated digital services are strictly prohibited for underage users.

8.2. We absolutely do not harvest or process data from individuals under 18 years of age.

8.3. If we discover that minor data has breached our systems, we will execute immediate deletion protocols.

9. Comprehensive Rights of the Data Subject

9.1. Consent Rights: You maintain absolute authority to revoke your processing consent at any time through our contact channels.

9.2. Statutory Data Privileges:

  • Right to Information/Access: You may demand a transparent overview and a physical/digital copy of your active data footprint.

  • Right to Rectification: You can compel us to correct erroneous or outdated records.

  • Right to Erasure: You can invoke the “right to be forgotten” for data processed purely on consent.

  • Right to Restriction: You may freeze our processing activities during legal disputes or accuracy checks.

  • Right to Data Portability: You can request your files in a clean, machine-readable format for transfer to a competitor.

  • Right against Automated Profiling: You can object to decisions made entirely by algorithms without human oversight.

  • Right to Oversight & Compensation: You can request a regulatory review of our practices and sue for damages caused by unlawful processing.

10. Rights Execution and Dispute Resolution

10.1. To exercise your rights, submit a formal inquiry to our Data Protection Officer.

10.2. If you suspect a privacy violation, you may escalate your complaint to the Estonian Data Protection Inspectorate (AKI) or the judicial system.

  • We pledge to address all standard requests within 30 days (extendable by 60 days for highly complex inquiries).

  • To prevent identity spoofing, all formal requests must be accompanied by a certified digital signature or an in-person physical ID verification at our headquarters.

  • The AKI can be reached via their official portal: https://www.aki.ee/meist/kontaktid/kontaktid.

11. Internal Governance and Documentation

11.1. Our privacy architecture relies on two foundational documents:

  • A master processing register detailing every operational purpose, base, and category.

  • A strict internal rulebook dictating the technical cryptography and organizational safeguards our staff must deploy daily.

12. Official Contact Information

12.1. For all privacy-related inquiries, data subjects are encouraged to communicate directly with our Data Protection Officer via email: compliance@fenix-bet.org.

13. Strict Data Retention Schedules

13.1. Your data is harbored only until its primary processing objective is achieved or its statutory expiration date is reached.

13.2. Due to strict Anti-Money Laundering (AML) and gambling legislation, we are legally compelled to retain core client data for 5 years following your final platform visit. Financial transaction logs and accounting records must be securely archived for 7 years post-financial year. Once these deadlines pass, files are permanently purged.

14. Final Legal Provisions

14.1. The Company unilaterally reserves the right to modernize and amend this policy. Clients will be proactively notified of any substantial shifts via email broadcasts or direct website notifications.