Privacy Policy for Gem Trio

We understand that as an online gambling operator, we hold a significant responsibility to our users. Our services fall under the "Your Money or Your Life" (YMYL) category, specifically impacting your financial security. For this reason, transparency, robust data protection practices, and a clear commitment to responsible gambling are at the core of our operations and this policy.

This document is designed not only to comply with stringent legal and regulatory requirements but also to build and maintain your trust. We aim to make it clear, accessible, and reassuring, demonstrating our dedication to your privacy and safety.

1. Who We Are

Gem Trio Digital Ltd. is licensed and regulated by the UK Gambling Commission (UKGC) under account number 123456 (Example). Our operations strictly adhere to the UK Gambling Act 2005 and its subsequent amendments, as well as all relevant data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Our Commitment to Your Privacy and Trust

Your trust is paramount. We recognise the unique vulnerabilities associated with online gambling and are committed to addressing your specific concerns through:

• Transparency: Clearly explaining what data we collect, why, and how it's used.
• Security: Implementing industry-leading measures to protect your data from breaches and unauthorised access.
• Fairness: Ensuring all data processing is lawful, fair, and conducted with integrity.
• User Control: Providing you with mechanisms to understand and exercise your data protection rights.
• Responsible Gambling: Using data to identify and support vulnerable individuals, promoting a safe gaming environment.
• Regulatory Compliance: Upholding the highest standards set by the UKGC, the Information Commissioner's Office (ICO), and other relevant bodies.

3. The Information We Collect About You

We collect various types of information to provide our services, ensure regulatory compliance, and enhance your gaming experience.

3.1 Information You Provide Directly to Us

This includes data you submit when you:

• Register an Account: Name, date of birth, gender, residential address, email address, phone number, username, password.
• Verify Your Identity (KYC/AML): Copies of identification documents (e.g., passport, driving licence), proof of address (e.g., utility bill), source of funds/wealth information.
• Make Deposits or Withdrawals: Payment method details (e.g., bank account number, card details – though these are processed by PCI DSS compliant payment providers and not stored directly by us), transaction history.
• Contact Customer Support: Content of your communications (emails, chat logs, call recordings), feedback, and dispute resolution details.
• Participate in Promotions or Surveys: Your responses and preferences.
• Set Responsible Gambling Limits: Self-exclusion periods, deposit limits, reality check settings.

3.2 Information We Collect Automatically

As you interact with our website and the "Gem Trio" game, we automatically collect certain data:

• Gameplay and Betting Data:
  • Your bets, wins, losses, stakes, and game outcomes.
  • Specific feature usage, such as interactions with the "Buy Free Spins" options (e.g., for 1, 2, or 3 modifiers in Gem Trio).
  • Engagement with game elements like the '777', 'BAR', and 'WILD' symbols, or the 'emerald', 'diamond', and 'ruby' gem symbols that trigger free spins.
  • Game session duration, time of play, and game progress.
  • Your interaction with prize tiers like 'GRAND', 'MAJOR', 'MINOR', and 'MINI'.
  • RTP (Return to Player) and volatility information related to your gameplay.
• Technical and Device Data: Your IP address, device type, operating system, browser type and version, language settings, unique device identifiers, and referring website addresses.
• Website Usage Data: Pages you visit, links you click, time spent on pages, search queries, and general navigation patterns. We use analytics tools, including Yandex.Metrica, for this purpose.
• Location Data: Derived from your IP address, to ensure compliance with geographic restrictions.
• Cookies and Tracking Technologies: Information collected through cookies and similar technologies (see Section 11).

3.3 Information from Third Parties

We may receive information about you from:

• Identity and Verification Service Providers: To fulfil our Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations.
• Payment Service Providers: Confirmation of transactions, fraud prevention information.
• Credit Reference Agencies: For financial checks, where permitted by law and necessary for responsible gambling assessments.
• Affiliate Marketing Partners: Information about the source of your referral to our site, for commission tracking.
• Publicly Available Sources: To verify information you provide.

4. How We Use Your Information (Purposes and Legal Bases)

We process your personal data for specific purposes, relying on various legal bases under the UK GDPR:

5. Responsible Gambling and Data Protection

We are legally and ethically committed to responsible gambling. Your data plays a crucial role in enabling us to protect you:

• Behavioural Monitoring: We analyse gameplay patterns, deposit/withdrawal activity, and time spent on the site to identify potential indicators of problematic gambling behaviour. This helps us intervene early and offer support.
• Self-Exclusion and Limits: Data related to your self-exclusion periods, deposit limits, and reality checks is securely stored and strictly enforced to prevent you from accessing our services or exceeding your set limits.
• Intervention: If we identify potential risks, we may use your contact details to reach out and offer support or direct you to problem gambling organisations.
• Regulatory Reporting: We are obliged to report certain data to the UK Gambling Commission related to responsible gambling initiatives.

6. Data Security – Protecting Your Information

We employ robust technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption: All data transmitted between your device and our servers, including payment information, is encrypted using industry-standard SSL/TLS protocols. Sensitive data at rest is also encrypted.
• Access Controls: Strict access controls are in place, limiting access to your personal data only to authorised personnel who require it for their duties.
• Network Security: Firewalls, intrusion detection systems, and regular vulnerability scanning protect our network infrastructure.
• Regular Audits: We conduct regular security audits and penetration testing to identify and address potential weaknesses.
• Employee Training: Our staff receive ongoing training on data protection best practices and security awareness.
• PCI DSS Compliance: For all payment processing, we adhere to the Payment Card Industry Data Security Standard (PCI DSS) to ensure your financial details are handled with the highest level of security. We do not store your full payment card details on our servers.
• Incident Response: We have a comprehensive data breach response plan to effectively manage and mitigate the impact of any security incidents.

7. Sharing Your Information

We may share your personal data with the following categories of recipients, always ensuring appropriate safeguards are in place:

• Service Providers: Third-party companies that perform services on our behalf, such as payment processors, identity verification services, cloud hosting providers, IT support, fraud prevention agencies, and customer support platforms. These providers are contractually bound to protect your data and only use it for the purposes we specify.
• Regulatory Bodies and Law Enforcement: We are legally obliged to share information with the UK Gambling Commission, the Information Commissioner's Office (ICO), financial intelligence units, law enforcement agencies, and other government bodies when required by law or to investigate potential illegal activities.
• Affiliate Partners: If you arrived at our site via an affiliate link, we may share anonymised or pseudonymised data (e.g., a unique ID, successful registration confirmation) with our affiliate partners to track commissions. We do not share your sensitive personal data with them. This is done in compliance with ASA (Advertising Standards Authority) and FTC (Federal Trade Commission) transparency requirements for advertising.
• Game Providers: Limited gameplay data (e.g., game ID, bet amount, outcome) may be shared with game providers like Pragmatic Play to ensure game integrity, functionality, and dispute resolution.
• Group Companies: If Gem Trio Digital Ltd. is part of a larger corporate group, your data may be shared within that group for operational efficiency and compliance, under strict data sharing agreements.
• Professional Advisors: Lawyers, auditors, and other professional advisors who require access to information to provide their services.
• Potential Acquirers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will ensure appropriate confidentiality and security measures are in place.

8. International Data Transfers (Including Yandex.Metrica)

Your personal data may be transferred to, and stored at, a destination outside the UK or European Economic Area (EEA) by our service providers. This includes situations where we use Yandex.Metrica for web analytics.

To safeguard your data when using Yandex.Metrica:

• Anonymisation: We configure Yandex.Metrica to anonymise your IP address and other identifiers wherever possible before processing.
• Aggregated Data: The data transferred is primarily aggregated and statistical, focusing on overall website usage patterns rather than individual user identification.
• Contractual Safeguards: We strive to implement appropriate contractual safeguards, such as Standard Contractual Clauses (SCCs) where feasible, although their enforceability in non-adequate jurisdictions can be complex.
• Transparency & Consent: By using our site, you acknowledge and, where necessary, consent to the potential transfer of your (anonymised or pseudonymised) usage data to Russia for analytics purposes, understanding the risks involved.

We only transfer data to non-adequate countries when necessary for the purposes outlined in this policy and always ensure that appropriate safeguards are in place or that a specific derogation applies, as required by UK GDPR.

9. Your Data Protection Rights

Under the UK GDPR, you have the following rights regarding your personal data:

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your user experience, analyse site usage, and support our marketing efforts.

• What are Cookies? Cookies are small text files placed on your device by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
• Types of Cookies We Use:
  • Strictly Necessary Cookies: Essential for the website to function (e.g., remembering your login, managing your session, security features). These cannot be switched off.
  • Performance/Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously (e.g., Yandex.Metrica). This includes data about which pages are most popular, how much time is spent on the site, and if users encounter error messages.
  • Functionality Cookies: Allow the website to remember choices you make (such as your username, language, or region) and provide enhanced, more personal features.
  • Marketing/Targeting Cookies: Used to deliver more relevant advertisements to you and track the effectiveness of our advertising campaigns. This may involve sharing data with third-party advertisers.
• Your Cookie Choices: You can manage your cookie preferences through our cookie consent tool, which appears upon your first visit. Most web browsers also allow you to control cookies through their settings. Please note that disabling certain cookies may affect the functionality and experience of our website.

11. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements.

Key retention periods are:

• Account Data: Held for the duration your account is active and for a further period (typically 5 years) after account closure, to comply with AML, responsible gambling, fraud prevention, and UKGC regulatory obligations.
• Transaction Data: Financial transaction records are typically held for 5-7 years, as required by financial regulations and tax laws.
• Responsible Gambling Data: Information related to self-exclusion and limits may be held indefinitely to ensure continued protection of vulnerable individuals.
• Customer Support Communications: Records of your interactions with customer support are generally kept for up to 5 years to manage potential disputes and improve service.
• Analytics Data: Anonymised or aggregated usage data may be retained for longer periods for statistical analysis.

Once the retention period expires, your personal data will be securely deleted or anonymised.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory landscape. We will notify you of any significant changes by posting the updated policy on our website with a new "Effective Date." We encourage you to review this policy periodically. Your continued use of our services after any changes signifies your acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy, our data practices, or if you wish to exercise any of your data protection rights, please contact our Data Protection Officer:

Complaints

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

14. Problem Gambling Support Organisations (UK)

We are committed to promoting responsible gambling. If you or someone you know is struggling with gambling, please reach out to the following independent organisations for confidential support: