This website is not intended for children and we do not knowingly collect data relating to children.
The entity responsible for this website for the purposes of data protection law is Rabbit Entertainment Ltd, with company registration number C-66436, having its registered address at Level 3, 14 East Business Tower, Triq Tas-Sliema, Gzira, GZR 1544, Malta (the “Controller”).
We refer to you, the visitor and/or the user of our services, as “you” and derivatives of the word “you”.
Rabbit Entertainment Limited is concerned with protecting the privacy of any personal data we hold. We are committed to comply with the European General Data Protection Regulation 2016/679 (the "GDPR").
Email address: [email protected]
Postal address: Level 3, 14 East Business Tower, Triq Tas-Sliema, Gzira, GZR 1544, Malta
C. Third-Party links and Third-Party Cookies
This is inclusive of event of the games on our website being provided via the game provider websites and therefore not within our framework of privacy regulations. The third party games offered on our website are provided by:
Big Time Gaming
E. What personal data will be processed?
Processing of personal data means any operation or set of operations which is/are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Personal data is any information that identifies you as an individual.
The following is the categories we give to the sets of data that we process during the customer relationship:
- Player Account Data: including first name, last name, username or similar identifier, date of birth, gender, country;
- Contact Data: including email address, postal address, telephone numbers;
- Financial Data: including payment method and payment details (such as bank transfer, credit card or another acceptable means of payment);
- Identification and Verification Data: including proof of address, age, nationality, qualifications, schools/universities attended, employment history and information;
- Transactional data: transaction history (e.g. logins, gaming frequency, deposits, winnings, bonuses and games played, promotions and services you have taken part in);
- Profile Data: including interests, preferences, feedback, information about events which you have attended, what type of events you prefer, information about how you use our website, products and services;
- Marketing and Communications Data: including your preferences in receiving marketing from us and our third parties and your communication preferences; and
- Correspondence Data: we store data obtained through communication with you (via recorded calls, chats, email, or SMS) which may include data pertaining to your complaints, as well as internal communication and notes.
- Aggregated Data: we also collect, use and share Aggregated Data such as statistical or demographic. While Aggregated Data is derived from your personal data this data will not directly or indirectly reveal your identity. For example, we may aggregate your Profile Data to calculate the percentage of users accessing a specific website feature.
We also collect information from third parties such as our partners, service providers and publicly available online searches, to comply with our legal and regulatory obligations, and provide and enhance the services.
F. What are the purposes of Processing?
The processing delivered on purposes which relate to your access to the services and our legal obligations are mandatory. You will always be informed about the purposes and which of the information we request or processing is mandatory and what information and processing is optional. Should you fail or decide not to provide us with pieces of information, or let us perform processing that is mandatory, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we will not be in the position to offer any service to you.
Specifically, this includes but is not limited to the following purposes we have envisaged in order to make use of your personal data:
- Help you create, operate and manage your player account, allowing you to access our games and services; generally, administrating, communicating, and managing our relationship with you;
- enable you to partake in a prize draw, competition or complete a survey;
- deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you;
- monitor the gaming activity for responsible gaming purposes;
- oversee and investigate any suspicious behaviour in order to safeguard our activities from any risk and fraud;
- monitor and investigate transactions and game play in order to prevent and detect fraud, money laundering;
- manage registration of duplicate accounts and individuals from jurisdictions where gambling is prohibited;
- statistical analysis and research;
- marketing, market research, customer surveys and customer profiling data analysis;
- comply with licensing and regulatory requirements;
- research and development.
We will only use your personal data for the purposes for which they were obtained, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
For your protection, for our legitimate interest to protect against fraud and addiction as well as to satisfy our remote gambling and AML legal obligations we make use of automated systems to assist us in monitoring and reviewing our players. Nonetheless, rest assured that all final decisions taken on any actions are done so through human intervention and human decision-making process.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
G. What are the Legal Grounds underpinning such Processing?
Processing of your personal data will be mainly carried out based on the below-listed legal grounds. We may use more than one of the blow four legal grounds and this depends on the what is the most appropriate considering the specific purpose in question and for which we are processing your data and the kind of relationship we have with you.
- Contract: The processing is necessary for a contract entered into with you or to take steps at your request before entering into such a contract (i.e. when opening a registered player account).
- Legal Obligation: The processing is necessary for us to comply with legal and regulatory obligations (especially those related to Anti Money Laundering regulations and the relevant online gambling and betting laws and regulations)
- Consent: You have given clear consent for us to process the personal data for a specific purpose provided that and you will be able to withdraw your consent at any time. (By way of example, your consent will be needed in order to send you marketing and promotional communications. You will receive marketing communications from us if you have subscribed to the service and have not opted out of receiving that marketing. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes. Should you no longer wish to receive these promotional communications, newsletters and marketing offers, you may opt-out of receiving them either when you register with us initially, or subsequently by the 'opt-out' option included in each communication therein. You are also, in addition, entitled at any time to notify us that you do not wish to receive any promotional communications from us and you may do this by emailing our customer support team by dropping us an email to the following address: [email protected])
- Legitimate Interest: The processing is necessary for the legitimate interest of our business or the legitimate interests of a third party in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We protect your personal data against activities where our interests are overridden by the impact on you unless we have your consent or are otherwise required or permitted to by law. (By way of example we process your personal data as part of our business critical anti-fraud measures, for network security, to manage disputes with players, to direct players to responsible gaming support staff, and to improve the players’ experience.)
H. What are your legal rights?
You have rights under data protection laws in relation to your personal data.
- Request access to your personal data - You may obtain a copy of the personal data held by us about you at any time via email to the company’s Data Protection Officer at [email protected].
- Request correction of your personal data - You may at any time request through Customer Support that we correct any of your Player Account Data and Contact Data.
- Request erasure of your personal data - You may at any time request that we erase data held about you by sending an email to the following email address: [email protected]. We shall ensure that such personal data is, upon request, deleted provided that it is not required for purposes outlined in the How long do we store your data? section. Should it be the case, you will be advised that with the deletion of such personal data, the quality of your user-experience on the website will be diminished.
- Right to restriction of processing - objection to processing and withdrawal of consent – You may at any time request to the customer support team that we restrict or cease to conduct certain data processes and we shall accede to that request, provided that there exists no legal obligation to process said data. Likewise, with respect to any data processes which are conducted by us on the basis of your consent, you may at any time withdraw said consent via the My Account section after logging in. Provided that the withdrawal of consent shall not affect the lawfulness of any data processing that would have taken place prior to said withdrawal.
- Request transfer of your personal data - You may request that certain categories of your data are transferred to third parties by us by sending the request to the Data Protection Officer.
- Right to lodge a complaint - You have the right to make a complaint at any time to a supervisory authority. The Information and Data Protection Commissioner (IDPC), in Malta is the Lead Supervisory Authority (www.idpc.org.mt).
Please note that there are exceptions the above mentioned rights. For instance, by way of example, request to be forgotten may not be fulfilled completely as we need to retain certain personal data, such as Transactional Data, due to retention periods set out in licence requirements and which we are subject to.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights); any query relating to data access or the exercise of any of your rights will be processed within thirty (30) days as of the submission of your request to us. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
I. How long do we store your data?
When your player account is closed, your personal data will remain stored for the minimum length of time required for us to comply with our legal obligations imposed us as a gaming operator by various legal instruments (such as applicable taxation laws, anti-money laundering regulation and gambling regulation and best practices) and our legitimate interests (for the purposes of resolving disputes). The applicable data retention periods depend on the category of personal data which is being stored, and the purposes for the processing. Personal data may also be stored for a longer term, in case a deletion is not possible for technical reasons.
By way of example and not limitation, as far as the below listed set of personal data is concerned:
- Name and Surname
- Date of Birth
- Residential Address
- Identity Reference Number
The above will be stored for a period of 5 years as of the date of termination of the gaming contract with you.
For other sets of personal data, longer retention periods may be foreseen; in fact, with respect to the following a retention period of 10 years applies as of the date of any relevant transactions performed to and from a particular player's account:
- Transactional Data
Notwithstanding the foregoing, for more specific information about retention terms and respective set of personal data, please contact our Data Protection Officer and we will provide the specific data retention terms relative to you.
Where your personal data is no longer required by us, we will either securely delete or anonymise the personal data in question.
J. Who do we share your personal data with?
Group Companies and Processors
Throughout the provision of our services to you, your personal data is transferred and/or disclosed with recipients, who are authorised to process your personal data for the above mentioned purposes on our behalf or who are authorised by the law.
Please find details of the categories of the recipients involved in the processing of personal data as follows:
- Game providers for the purpose of provision of games;
- Payment service providers to perform payment transactions;
- Marketing providers to perform certain marketing activities on our behalf and only with your consent;
- Regulatory bodies or Licensing bodies or supervisory authorities;
- IT/system support services;
- Third parties assisting in investigations (such as AML investigations) for the purpose of detecting and preventing fraud or other security or technical problems;
- Cloud services providers for provision of cloud-based services such as storage or hosting certain software;
- Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
- Service providers for the purpose of data analytics;
- Service providers enabling communication with you from a technical standpoint (e.g. via email, chat).
K. Will your personal data be transferred outside the EEA?
Should we transfer your personal data to any country outside the EEA (given that our suppliers might have their servers located outside of the EEA and/or have staff operating outside the EEA), such transfer will be protected and the appropriate safeguards will be ensured by applying the appropriate provisions in Chapter V of the GDPR and subject to the advice of the supervisory authority if we deem necessary in order to ensure that the level of protection of your personal data is not undermined.
L. Response to Personal Data Breaches Incidents
When we learn of a suspected or actual personal data breach, we shall perform an internal investigation and take appropriate remedial measures in a timely manner. Where there is any risk to the rights and freedoms of our visitors and/or users, we will notify the Lead Supervisory Authority and the data subjects where applicable, without undue delay and, when possible, within 72 hours from when it learns of such breach
M. Data Security
No method of transmission over the Internet, or method of electronic storage is 100% secure and we cannot ensure or warrant the security of the information you transmit to us or store on the server and that you are doing so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered and or destroyed by breach being physical, technical or organisational
All sensitive data which is transmitted between your computer and us is transferred securely via the internet, using strong encryption. We use secure and tested encryption technology bearing certificates provided by renowned certificate authorities.
In addition, all personal data will be protected from unauthorised or damage access by firewall and intrusion prevention systems.
Lastly, please note that whilst we do our part, you should also take your personal steps to safeguard the security of your data both physically and electronically by following common best practice procedures such as:
- Running Anti-Virus software and keeping it up to date;
- Applying operating systems, web browsers and other security updates;
- Ensuring your laptop or other device is not left unattended whilst logged into our website;
- Using strong passwords for all services/logins.
The version of this document is 1.2 and was updated on 27th July 2020.