Customer Privacy Notice
- Who are we?
- The information we collect about you
- What We Use your Personal Data for?
- Who we share your data with?
- Safer Gambling
- How long we retain your personal data?
- Location that we may transfer your personal data to
- Security
- Cookies
- Marketing Communications and your choices
- Your rights
- How to contact us
- Changes to this Policy
1. Who we are?
ElectraWorks (Ceuta) SA (formerly named ElectraWorks (Malta) Plc) is a member of the Entain Group of companies and this Notice explains what your personal data will be used for.
Territory |
Name of the controller |
Details |
Spain |
ElectraWorks (Ceuta) SA (formerly named ElectraWorks (Malta) Plc) |
Calle Real 74, Entreplanta, Ceuta, 51001 |
Where we use the term “Entain” “we” “ours” or “us”, this includes the entity, Brands (https://entaingroup.com/about/business-overview/our-brands/) and other companies within the Entain Group.
We are committed to protecting your personal data when you use our services through our website and mobile application and take the security of your information very seriously. We have strict security measures in place to protect your personal data which includes robust security procedures which are regularly tested and reviewed. If you have any concerns about the way in which we process or protect your personal data or would like to contact us about any aspect of this policy, please get in touch through the contact details at the bottom of this statement.
This privacy policy should be read in conjunction with our cookies policy, any notices or terms available in our site and our terms and conditions.
2. The information we collect about you
We will collect personal data about you from the following sources:
- When you register for an account with us
- When you visit our website, App or our social media sites
- Through surveys you complete
- When you communicate with us (by email, mail, phone or through chat or social media)
- When we undertake analysis of your interaction with us
- From our other group companies for internal reasons, primarily for business and operational purposes
- From public sources of information such as public records or social media postings
- From cookies and tracking devices on your devices where you have permitted their use.
- From third parties' databases to comply with our legal and regulatory obligations;
- From online vendors and service providers such as financial and from customer lists lawfully acquired from third-party vendors.
3. What we use your personal data for?
What we use your Personal Data for |
Typical Personal Data |
Further information |
Legal basis |
Provision of products or services |
|
To meet our obligations arising from any agreements entered into between you and us and provide you with the information, products and services that you request from us, including information about changes to our website, services or our terms, conditions and policies. |
|
Customer Service matters |
|
To provide you with customer services, answer your questions or address your complaints or concerns. |
|
Meeting our legal and regulatory obligations |
|
To discharge our legal and regulatory obligations and duties which include (but are not limited to) Law 13/2011, of 27 May, on the regulation of gambling and Safer Gambling obligations (Royal decree 176/2023, of 14 March, to develop safer game environments), Anti-money Laundering, Anti-fraud & Anti-terrorism laws. This may include electronic methods of identifying you, such as through the use of cookies and images on online play. |
|
Identity Checks, Age Verification and Safer Gambling |
|
To meet our Safer Gambling obligations (such as recording self-excluders and where we believe a customer has a gambling problem). |
|
Undertake Surveys competitions and promotions |
|
To invite you to take part in competitions, to provide us with feedback on your experiences, take up promotions or to keep you informed about products of services which may be of interest to you. Some of these interactions may be online or through social media. |
|
Lifestyle and demographic Insight and Profiling |
|
To build a profile of you, your preferences and your habits to better understand your interests and how you play. We may use these profiles to contact you through social media to promote our business. To help us to comply with our obligations with respect to Safe Gambling and AML obligations. |
|
Improve our services and ensure our systems are secure and up to date |
|
To ensure that content from the site is presented in the most effective manner for you and for your computer, maintain and improve our products and services, optimise business processes, ensure the integrity of our systems and manage our Information Technology estate, undertake quality assurance, support efficient management of our staff, analyse performance of webpages or promotions and provide content that is relevant to you. |
Legitimate interests to ensure that our interaction with customers is appropriate, working and efficient. |
Prevention and Detection of Crime, |
|
List of active software applications and active processes while using our website, including access to files and site-related program folders to prevent or detect crime, fraud, theft or loss to our business and our customers and prevent the use of unfair practices in our websites or potential breach of our General Terms and Conditions and of applicable law. In certain circumstances, such as high depositing players and/ or Politically Exposed Persons (PEPs), we will carry out enhanced due diligence focused on affordability, source of funds and background checks. These due diligences could include additional documentation provided by players, based on a case-by-case basis, or information available in the public domain. |
|
Business sale, acquisition and rights |
|
To exercise or defend legal claims or acquiring or selling a business. |
Legitimate interests to protect and defend our business. |
4. Who we share your data with?
We may need to share personal information with other organisations to ensure that we meet our legal obligations or where we need support in meeting your needs or our contractual obligations. We may also share information with other organisations where we consider it to be in the public interest or in the legitimate interest of ourselves or these other parties. These other parties are typically:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- Our affiliates and selected third parties, where you have expressly opted-out of receiving marketing from us / third parties, have been barred or self-excluded, in which case we may share suppression lists with our affiliates and selected third parties, to ensure you do not receive unsolicited marketing;
- Members of the Entain Group and third party suppliers and service providers for any of the purposes identified in the table above; third party suppliers and service providers to the extent they assist the Entain Group with its legal / regulatory obligations e.g. providers of services in respect of anti-money laundering, fraud, verification etc.;
- Selected third parties so that they can contact you with details of the services that they provide, where you have expressly opted-in/consented to the disclosure of your personal data for these purposes;
- Social Media platforms, where for example you chose to log onto your gaming account with us through your Social Media identity. Or when we communicate with you via your Social media account;
- Analytics and search engine providers that assist us in the improvement and optimization of our site and other selected third parties;
- Other 3rd party organisations who ask, encourage or collate feedback and any online views of your experiences with us to help us improve and optimize our services.
- Dirección General de Ordenación del Juego (DGOJ) to comply with our reporting obligations, for account verification, Safer Gambling controls and complaint management purposes.
- Banks, credit card companies, Sports Governing Bodies and relevant agencies who may share with third parties for the purpose of investigating and safeguarding against underage, fraudulent, criminal or suspicious activity or safer gambling (or other activities we are bound by law, regulation or guidance to investigate and safeguard against).
- When we check your identity when you register with us, we share information with Jumio. Jumio will assist with the capture, verification, and extraction of details from National Identity Documents. Further information about how Jumio holds and use your information can be found on its websites.
- Our regulators, law enforcement or fraud prevention agencies, as well as our legal advisers, courts, applicable independent adjudication services, Sports Governing.
- Bodies and any other authorised bodies, including poker organisations for the purposes of investigating any actual or suspected criminal activity, maintaining standards of behaviour in sports, poker, gaming or other regulatory or legal matters.
We may share your personal information with other members of the Entain Group for marketing purposes. We will not share it with other 3rd party organisations however unless you have expressly opted-in/consented to the disclosure of your personal data for these purposes.
We may also disclose your personal information to third parties in the following circumstances:
- in the event that we consider selling or buying any business or assets, in which case we will disclose your personal data to any prospective sellers or buyers of such business or assets;
- in the event of any insolvency situation (e.g. the administration or liquidation) of Entain Group plc, or a data controller or any of its group entities;
- if we, or substantially all of our assets, are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
- in order to enforce or apply our website terms of use;
- to protect the rights, property, or safety of us, our staff, our customers, or others. This includes exchanging information with other companies and organisations (including without limitation, other gambling operators and the local police or other local law enforcement agencies) for the purposes of staff and customer safety, crime prevention, fraud protection and credit risk reduction;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime; and
- Where you have self-excluded yourself from gambling, we may share this information with our regulators or other companies in our field where we believe it is important to support your exclusion.
5. Safer Gambling
- At Entain, we are committed to promoting Safer Gambling. We may share your information across our brands in the Entain Group, and where required with other organisations to meet our responsible gambling commitments.
- We have an obligation to identify those at harm from gambling as early as we can and help them stop gambling by placing certain limits on accounts; this could include deposit limits, product limits, limiting the ability of an account to gamble certain products / times / periods. In order to meet these obligations, we analyse customer’s transactions and evaluate behaviour or financial status across our products and brands, which may lead us to make decisions on your account(s). Please see Safer Gambling section on our website for more information.
- We are also constantly looking at innovative ways to help spot players who may be on a path to difficulties and identify them digitally. This means that we may use systems that identify customers (such as cookies on player’s devices or images sent by you) and internally we have developed systems to understand your play to better communicate any risks concerning your activity. We may also share or receive player data with other organisations who help evaluate risks by looking at how you may interact with other gambling operators or help individuals directly.
In all these cases, please be assured that we take our obligations very seriously, promoting Safer Gambling and in protecting your personal information. We will always ensure that we take the most appropriate measures and controls to protect your data.
6. How long we retain your personal data
Data Type |
Territory |
Retention time |
Information |
Customer call recordings |
Spain |
3 years |
An extended hold may be applied depending on the cases. |
Customer data |
Spain |
10 years (This period will begin upon closure of your account) * |
We will only continue to retain personal data relating to your account as permitted by data protection legislation, i.e. (i) where we are under a legal requirement under Law 10/2010, of 28 April, on the Prevention of Banking and Funding of Terrorism or Law 13/2011, of May 27, on the Regulation of Gambling and its applicable regulations; and/or (ii) to exercise or defend our legal rights. If Self-Exclusion or Self-Ban periods are triggered in accordance with our Safer Gambling scheme, while the periods themselves may be shorter in duration, we will retain the information to support safe gambling. |
*Regarding inactive and dormant accounts, please note that accounts are only suspended after two years of inactivity and are completely closed after another 4 years of inactivity. You can contact Us and request the closure of your account at any time.
The above retention times may be extended for example where it is needed to meet a specific regulatory obligation, investigate a crime, handle a claim or resolve a complaint.
7. Data Transfers
From time to time, service providers, members of the Entain Group and organisations with whom we work with, may be located outside Spain or European Economic Area in countries that do not have the same standards of protection for personal data as the UK or EEA Countries. We will, however, always use every reasonable effort to ensure sufficient protections are in place to safeguard your personal data. We will also ensure that our service providers enter into compliant processing agreements with us to ensure that your personal data is processed in accordance with applicable data protection legislation. Further information about the mechanisms we will apply can be found here but please contact us if you have any specific questions regarding international transfers.
8. Security
We take compliance with security regulations, standards, guidelines and privacy laws very seriously and promote security measures that will maintain the confidentiality, integrity and availability of personal data. We use reasonable organisational, technical and administrative measures to protect customer personal data from unauthorised access, alteration, disclosure or destruction of personal data that we hold.
As a business, we have secure firewalled datacentres, certified encrypted webpages and we are ISO27001:2013 certified. We also take steps to ensure our subsidiaries, agents, affiliates and suppliers employ adequate levels of security across the business.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access attempts.
9. Cookies
We use cookies for various purposes including making your experience of our website better. For more information on our use of cookies, please see our Cookies Policy.
10. Marketing Communications and your choices
We use various forms of communication to interact with you, such as email, text or online.
When we first collect your personal data, we’ll ask you to tell us how you would like to hear from us in future about our other products and services. It will normally be via a tick box on forms or web page and you can opt-out at any time.
What is 'Opting Out'?
The term opt-out refers to several methods by which individuals can avoid receiving unsolicited product or service information. This ability is usually associated with direct marketing campaigns such as telemarketing, e-mail marketing, or direct mail.
You may also hear from us online, by accepting marketing cookies or through your social media provider if you have agreed to accept marketing messages from them. You should check your Social Media providers own Privacy Policy in this regard.
*Please consider that 'opting out' will not prevent any essential customer correspondence e.g. bet or account correspondence.
How can I opt out of marketing correspondence?
If you do not wish to receive any offers, promotions, information on events and tailored communications based on your account activity, you can request to be made un-contactable by:
- Using the “unsubscribe” option provided in any marketing communication you receive
- changing your preferences on your account settings
- contacting our Customer Support department.
11. Your rights
The right to be Informed |
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. |
The right of access |
A right to access personal data held by us about you. This right is not an absolute right and must not be interpreted in isolation of the other provisions of the GDPR. There are lawful limitations to this right that it may apply, for instance, where other rights such as; confidentiality, the rights of others or legal privilege. |
The right to rectification |
A right to require us to rectify any inaccurate personal data held by us about you. |
The right to erasure |
The right to request the deletion of personal data. This right will only apply when (for example): we no longer need to use the personal data for the purposes for which they were collected; or when you object to the way we process your data (in accordance with the Right to object). This right is not absolute and will not apply where legitimate reasons apply, or we are subject to longer retention periods mentioned in section 6 of this Policy. |
The right to data portability |
In certain circumstances, a right to receive personal data, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to require us to transfer this personal data to another organisation, at your request. |
The right to object processing |
A right to object to our processing of personal data held by us about you where the processing of such data is necessary for the purposes of our legitimate interests, unless we are able to demonstrate, on balance, legitimate grounds for continuing to process personal data which override your rights, or which are for the establishment, exercise or defence of legal claims. |
The right not to be subject to automated decisions including profiling |
A right for you not to be subject to a decision based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affect you. |
The right to withdraw consent |
A right to withdraw your consent, where we are relying on it to use your personal data (for example, to provide you with marketing information about our services or products). |
The right to lodge a complaint |
You have the right to complain to the Spanish Data Protection Agency (Agencia Española de Protección de Datos | AEPD). |
12. Contact Us
If you would like to exercise any of your data protection rights, such as the right of access to your information or data deletion, directly by yourself or by a third party on your behalf, please contact privacy@bwin.es.
If you have any questions about this Policy or would like further information about your rights, our Data Protection Officer can be contacted by emailing: dataprotection@entaingroup.com.
*Please note that these channels are not monitored for any customer service-related queries.
13. Changes to this Privacy Policy
We make changes and updates to this Policy frequently. If we believe the changes are substantial, we will let you know by posting the changes through our services or by sending you a message about the changes. We encourage you to regularly review this Policy for updates.
This policy was last reviewed and updated: 14 September 2023