Version 1 – 01/12/2021
Pas.Co BV, owner of 36Win.be, acquired licence B+21540 by the Belgian Gaming Commission and is therefore an official Belgian website for online casino games. The Belgian regulations, including those regarding privacy, are respected. Pas.Co BV is committed to a responsible policy with respect for the individual.
All data that allows to identify a user are considered personal data. These include first and last name, date and place of birth, profession, address, email address, location of the user, IP address, copy of ID, bank details, etc.
Pas.Co BV ensures that the applicable laws and regulations are complied with when processing personal data and, in particular, European Regulation (EU) 261/679 of 27 April 2016 on the protection of natural persons with regard to processing of personal data. Data is processed in accordance with the provisions of the General Data Protection Regulation (GDPR), and with the provisions of the federal and Flemish regulations on the protection of natural persons when processing personal data.
Pas.Co BV collects and stores the data of its players for various purposes. Personal data must be processed to enable the user to use the website, on the other hand there are legitimate purposes that must be respected.
1. How is personal data collected?
Personal data is entered directly by the user. On the basis of a copy of an identity document, it is checked whether all data has been entered correctly.
Browsing and activity history are also considered personal data, this data is created automatically when using the services offered by Pas.Co BV.
2. When is personal data collected?
Certain personal data is collected by Pas.Co BV (1) when this is necessary to be able to provide its services to the user via its website, (2) to comply with its legal obligations, such as under the gambling legislation and the Anti-Money Laundering Act., (3) when the user has consented to this or (4) in the case of a legitimate interest of Pas.Co BV to do so without this affecting the user's right to privacy, such as collecting product feedback, to ensure the security and stability of the services and IT systems. The user does not have to give his permission for this.
Below is shown when and which personal data is collected. Certain personal data must be provided when creating an account, other personal data only arise when using the services of Pas.co BV. The bank account number belongs to a third category.
2.1. Personal data necessary for creating a player account.
- Name: the full name, being first name and surname, spelled correctly, as on the identity document.
- Birthdate and place.
- National register number or passport number.
- E-mail address.
- Phone number.
- Copy of the front- and backside of the identity card.
In the first place, a user must be identified in accordance with Belgian regulations. The user must be at least 21 years old.
Name and national register number or passport number are important to determine whether the user is entitled to play online casino games. There are various reasons for which a person can be refused access to an online casino website, as a result of the legally required Epis check with the Gaming Commission. Personal data is checked by the Gaming Commission immediately after creating an account and with each new login of the user on the website. After screening by the Gaming Commission, the green light may or may not be given to activate the account or grant access to the website. This with the aim of protecting the end consumer, being the player.
The data is primarily requested to identify the user. The identity must be confirmed by checking the above data. This is only possible on the basis of a copy of the proof of identity. A copy of the proof of identity is requested to check whether the above information has been entered correctly.
2.2. Additional personal data that is created
- User's browsing and activity history on the website, including game history, transactions (wins and losses, deposits and withdrawals), connections (browser data, IP addresses).
- E-mail traffic between the user and the 36Win customer service.
This information can be consulted internally to check account details, pay-outs, etc.
All communications are viewed in-house only for the sole purpose of protecting the player and processing pay-outs and complaints.
2.3. Personal data necessary for the execution of pay-outs.
Bank account number.
The bank account number (IBAN) is required for the payment of the winnings obtained and pay-out of the funds to the user. If the bank account number is changed, proof will be requested so that it can be verified that the bank account is actually in the name of the user.
Copy of bank account statements or photo of a bank card can be requested at any time to verify that the specified bank account actually belongs to the player.
3. In which cases is personal data shared?
3.1. Public Disclosure of Personal Data:
Big wins might be posted online and can be used through various channels for the purpose of publicizing the 36Win brand. Only the nickname, the amount won and the game played will be mentioned.
The user's surname and first name (or other personal information) will never be disclosed. The user should take into account that the nickname may be published.
If a user prefers to remain anonymous, it is important to choose a nickname that is not identical to or even contains elements of their name or cannot reveal their identity in any way.
Other personal data will not be publicly displayed.
3.2. Disclosure of personal data to public authorities
Personal data will be shared if Pas.Co BV is legally obliged to do so, for example at the request of the Gaming Commission.
4. How are personal data processed and used?
The main reason for archiving personal data is the identification of the account holder in order to be able to provide services via the website.
4.2. Use of personal data necessary for secure payment transactions:
Personal data such as name, e-mail address, bank card number and IP address and copies of bank statements and/or bank card are used for identification by payment platforms such as HiPay and Ingenico. The data is only used for identification and may not be shared with third parties.
4.3. Use of personal data for communication purposes:
The e-mail address can be used for direct communication, which requires the consent of the user. When creating the account, the user can choose whether or not he is willing to receive emails from 36Win.
Afterwards, the user can still choose to have his email address removed from the mailing list(s) so that the account holder does not receive unwanted emails.
5. Internal procedures regarding personal data.
Personal information is protected by various security techniques and procedures against unauthorized access, destruction, loss, alteration, use or disclosure. For example, passwords cannot even be viewed by our employees, a password can therefore never be requested, the password must be reset by the user in case it has been forgotten. When important data such as the bank account number or email address are changed, identity confirmation will always be requested in the form of a copy of the user's proof of identity.
All Pas.Co BV employees are aware of the importance of carefully handling all personal data. Vigilance is increased thanks to regular awareness raising and training of the staff, which in turn reduces the chance of human errors.
6. User rights.
The user has various rights based on the GDPR. The user can exercise these rights by sending an email to the data protection officer (DPO) at firstname.lastname@example.org Attn DPO P. COPPENOLLE, clearly stating which rights the user wishes to exercise and clear identification of the user (identification data).
6.1. Access to service data
The user can view certain data directly on his account. A more detailed overview of the personal data that are processed or more information about the processing activities can be requested from the customer service of Pas.Co BV.
6.2. Improving data
It is possible that the personal data is not (any longer) correct. The user can request that his data be corrected or supplemented via the customer service of Pas.Co BV.
6.3. Data erasure request
A user can request to delete the personal data that has been collected and maintained. However, the request can only be granted within the limits provided by the GDPR. Certain data must be kept in order to comply with the legal obligations resting on Pas.Co BV.
Deleting personal data may result in the user no longer having access to his account or the website.
6.4. Objection to the use of data for certain purposes
If a user does not agree with how Pas.Co BV invokes its legitimate interest to process certain personal data of a user, the user can object to that processing. Objections will be respected unless there are compelling reasons not to do so (e.g., where personal data needs to be processed to combat fraud or money laundering).
In addition, a user can always withdraw his consent to the processing of personal data for certain purposes.
6.5. Request for restriction of processing
In certain circumstances, a user may request that the processing of its personal data is restricted. In this case, the personal data will only be stored and not processed, unless with the consent of the user or if they are necessary for the establishment, exercise or defence of legal claims or to protect the rights of third parties or for reasons of public interest.
6.6. Transfer of data to another party
A user can request that personal data he has provided to Pas.Co BV be is transferred back or transferred to a third party in a structured, common and machine-readable form.
7. Storage of personal data
In principle, the personal data is only kept for as long as necessary for the intended purpose of the data collection or as long as required by law.
If there is no legal obligation to retain personal data, the personal data will be deleted as soon as the purpose for which the personal data was collected has been achieved.
Pas.Co BV must respect (legal) retention periods, as a result of which it is obliged to continue to store personal data, even after the purpose of the data collection has been achieved.
In accordance with legal retention obligations, most personal data must be kept for 10 years after the customer relationship with the user has ended.
Personal data is also stored if the user has given permission for this or if such storage is necessary for the establishment, exercise or defence of legal claims. In the latter case, personal data may be used for evidence purposes.
8. General provisions regarding personal data.
Personal information may be disclosed as part of a business transaction, such as a merger or sale of assets.
This privacy statement can be amended so that it complies with applicable legislation at all times.
It is desirable to regularly check the privacy statement so that the latest version is known.
If you have any questions about the way in which your personal data are processed by Pas.Co BV, you can contact the Data Protection Officer (DPO) by emailing email@example.com Attn. DPO. P. COPPENOLLE.
You can also contact the DPO with comments and suggestions or in order to exercise your rights.
Registered office of Pas.Co BV: Boelare 61, 9900 Eeklo.