Updated on 03/2021
We may periodically make changes to this policy and will notify you of these changes by posting the modified terms on our Website. We recommend that you revisit this policy regularly.
• comply with both the law and good practice;
• respect individuals’ rights;
• be open and honest with individuals whose data is held; and
• provide training and support for staff who handle Personal Information, so that they can act confidently and consistently.
1. Data controller
For the purpose of the General Data Protection Regulation (the “GDPR”), which applies on May 25, 2018, and other data protection laws applicable, the data controller is Giantaffiliates.com (owned and operated by Neezy Technologies Limited, with Company Registration HE351229), having its registered address at 7th Floor, 2-4 Capital Centre, Cyprus.
2. Information we may collect about you
Data regarding you is collected, retained and processed subject to and in accordance with the requirements of the GDPR. We may collect personal data, that includes: name, date of birth, contact information including email address and mailing address, telephone number, demographic information such as postcode, preferences and interests, pay data/information, IP address, feedback regarding the Affiliate Program, other information relevant to the Affiliate Program.
We may collect and process the following data about you: Information you provide when you interact with the Affiliate Program, our servers keep an activity log unique to you that collects certain administrative and traffic information including: source IP address, time of access, date of access, log-in and log-out times, web page(s) visited, language use, software crash reports and type of browser used. This information is essential for the provision and quality of the Affiliate Program.
We reserve the right to conduct a security review at any time to validate your identity, age, the registration data provided by you and to verify your use of the Affiliate Program and your financial transactions for potential breach of our Affiliate Agreement and of applicable law. Accordingly, we shall be able to use your Personal Information and disclose your Personal Information to third parties for the purposes of validating the information you provide to us in the course of using the Affiliate Program, including, where necessary, the transfer of information outside of your country. Security reviews may include but are not limited to ordering a credit report and/or otherwise verifying the information you provide against third-party databases.
We may also ask you for information if you report a problem with our website.
If you contact us by email, via chat, by telephone or in writing, we may keep a copy of that correspondence or communication. This may include details of any transactions you carry out with us through the website or by any other means, and details of your visits to the website and the resources that you access. If you have provided us with the personal data of another person, you confirm that s/he consents to the processing of his/her personal data and that you have informed him/her of our identity as a data controller and provided him/her with a copy of our Terms and Conditions and this policy.
We also monitor visitors to and content on our message board and blog sites to meet our obligations to ensure that rules as to content are being followed. We will review and, if appropriate, edit content on these sites.
3. IP addresses and cookies
We may collect information about your mobile phone, computer or other device from which you access the website. Such information may include your domain name and IP address, details of your computer operating system and browser, the website you visited prior to visiting our website and unique number identifiers that are automatically generated by our systems when you visit our website. This will include details of the choices you make on our website indicating whether you wish to receive information on other products and services.
4. Legal basis for data processing and your consent to use of your data
If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as for example when processing operations necessary to provide our service, the processing is based on Article 6(1)(b) of the GDPR. The same applies to such processing operations which are necessary for carrying out pre contractual measures, for example in the case of inquiries concerning our products or services. If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, our processing is based on Article 6(1)(c) of the GDPR.
Finally, we can base our processing operations on Article 6(1)(f) of the GDPR: this legal basis is used for processing operations which are not covered by the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
5. Retention of your information
We take appropriate measures to ensure that any information collected from you is kept only for so long as is necessary for the purpose for which such information is used. For the avoidance of doubt, we will normally keep your data for a period no longer than five (5) years, unless required to hold your data for a longer period for regulatory purposes.
We normally update your personal data within seven (7) working days of any new or updated personal data being provided to us, to ensure that the personal data we hold about you is as accurate as possible.
We protect your data by:
Offering you a secure transmission method to send us personal or company information.
Implementing security policies and technical measures to protect data from:
• unauthorised access;
• improper use or disclosure;
• unauthorised modification; and
• unlawful destruction or accidental loss.
6. Uses made of your information and your consent to process the data
We use the information collected about you for the following purposes:
• To ensure the products and services you have chosen are delivered to you in the most effective way, and to assist with the performance of our internal contract, accounting and administrative functions.
• To carry out our obligations arising from any contracts entered into between you and us.
• To report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
• To assist us in developing new and improved products as indicated by user practice and preferences, based on our analysis of patterns of site usage.
• To provide you with details of changes to our products or of other product offerings which we believe may be of interest to you from Giantlottos.com (or other third-party providers). We will not share your data with third parties for marketing purposes unless we have procured your express consent to do so.
7. Profiling or other automated individual decision making
Automated individual decision making refers to a decision made solely on the basis of automated processing of your personal data, without human involvement. For instance, this means processing using an algorithm or a software code. Profiling is defined as automated processing of personal data to evaluate certain things about an individual: profiling can be part of an automated decision-making process.
We may conduct automated decision making or profiling to better understand your center of interests and preferences and adapt our communications to your profile. However, we want you to know that you have certain rights in respect of automated decision making and profiling, where that decision produces a legal effect on you. Please see below the section on “Your rights under the GDPR” for more information about your rights.
8. Disclosure of your information
We may disclose your personal information where applicable to any member of our group, which means and includes our subsidiaries and our ultimate holding company and its subsidiaries.
We may disclose your personal information to third parties in the following circumstances:
(a) In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
(b) If we or substantially all of our assets are acquired by a third party, in which case personal data held about our customers will be one of the transferred assets
(c) If we are under a duty to disclose or share your personal data to comply with any legal obligation.
(d) To enforce or apply our Terms and Conditions and other agreements.
(e) If it is required to do so to deliver our services. We sometimes outsource certain functions of our business to service providers: some of these service providers may use cloud-based systems: in that case, your personal data would be hosted on their servers, but under our direction and control.
(f) To protect the rights, property or safety of Giantlottos.com, our customers or others.
(g) Where we have received your permission for us to do so.
(h) Any company within the Giantlottos group (including to its employees and sub-contractors) which assists us in providing the services or which otherwise has a need to know such information;
(i) Any third party which assists us in providing the services, including (but not limited to) payment processors, providers of marketing services.
(j) Any third party which can assist us in verifying the accuracy of your Personal Information, including financial institutions and credit reference agencies (a record of the search may be retained by such third party), identity verification entities.
(k) Any third party which assists us in monitoring use of the services, including the detection and prevention of fraud and collusion in order to comply with any applicable law, regulation, legal process or government request;
(l) Any contractors or other advisers auditing any of our business processes or who have the need to access such information for the purpose of advising us;
(m) Any law enforcement body which may have any reasonable requirement to access your Personal Information;
(n) Any regulatory body or authorised entity which may have any reasonable requirement to access your Personal Information; and
(o) Any potential purchaser of Giantlottos.com or any investors in it or in any company within our group (including in the event of insolvency).
If at any time you wish us to stop processing your Personal Information for the above purposes, then you must contact us and we will take the appropriate steps to stop doing so. Please note that this may mean that your Affiliate Account will be closed. You may contact us by sending an email to [email protected]
9. Transfers outside the European Economic Area (EEA)
We will only transfer your personal data to countries which are considered as providing an adequate level of legal protection or where alternative arrangements are in place to protect your rights.
We may transfer your personal data outside the EEA in the unlikely event that we receive a legal request from a foreign law enforcement body. All requests for information we receive from these bodies will be carefully checked before personal data is transferred.
We may use remote website server hosts to provide and maintain some aspects of our service and website, which may be based outside the EEA (in “the cloud”). Your personal data may also be processed by staff operating outside the EEA or one of our service providers located in a country outside of the EEA.
Transfers to service providers outside of the EEA will be protected by contractual commitments and, where appropriate, further assurances, such as certification schemes (including the EU-US Privacy Shield for the protection of personal data transferred from the EU to the US and accessed in the US where we believe it is appropriate to do so from time to time).
You have the right to ask for more information about the safeguards we have put in place as mentioned above.
10. Your rights under the GDPR
• Right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this policy.
• Right of access
The GDPR gives you the right to access information held about you. If you wish to exercise such right, please submit a request to us in writing at [email protected]
Any access request shall be subject to your providing acceptable proof of identification.
If we are processing your personal data, we will provide you with a copy of that personal data.
If you require additional copies, we may charge a reasonable administrative fee.
• Right of rectification
You are entitled to have your personal data rectified if it is inaccurate or incomplete. You should instruct us to correct or update any personal data we hold about you (for instance, if you change your address or your name).
You can instruct us to do this at any time by contacting us at [email protected]
• Right to erasure
This is also known as 'the right to be forgotten' and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
You have a right to have your personal data erased and to prevent processing in specific circumstances. If you wish to exercise such right, please submit a request to us in writing at [email protected] Please note that this may mean that your Affiliate Account will be closed.
• Right to restrict processing
In certain circumstances, you have the right to obtain from us restriction of processing (especially when the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data).
• Right to withdraw your consent or change your Affiliate Account information
In certain circumstances, we must have your consent before we contact you. You have the right to withdraw your consent to processing of your personal data at any time by contacting us at [email protected] Please note that if you do so, it does not mean that anything we have done with your Personal Information with your consent up to that point is unlawful, and withdrawal of consent may mean that your Affiliate Account will be closed.
You may update, correct, or delete your Affiliate Account information and preferences at any time by accessing your Affiliate Account settings page on our website. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
• Right to data portability
With effect from May 25, 2018, you have the right, in certain circumstances, to obtain personal data you have provided us with, in a structured, commonly used and machine-readable format, and to reuse it elsewhere or ask us to transfer this to a third party of your choice.
• Right to object to processing
You have the right to object to:
- Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling).
- Direct marketing (including profiling).
- Processing for purposes of scientific/historical research and statistics.
• Rights related to automated decision making and profiling
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, as long as the decision is not necessary for entering into, or the performance of, a contract between you and us; or is not based on your explicit consent.
• Right to lodge a complaint with a supervisory authority
You have a right to lodge a complaint with a supervisory authority, to enforce your rights, as specified above.
You can find details about how to do this on the website of the Cypriot Office of the Commissioner for Personal Data Protection, here. OpenDocument website of the Gibraltar Regulatory Authority, here. Or any other regulatory body responsible for data protection in the relevant jurisdictions.
11. Links to other websites
Our website offers links to many third party websites. We are not responsible for the accuracy or efficacy of the information or data policies or procedures of these third parties. If you access these sites using the links provided on our website, you should satisfy yourself as to the relevant data policies in effect on these sites.
12. Protection of Children
The Affiliate Program is not intended for or directed at persons under the age of eighteen (18). Any person who provides their information to us through any part of the Affiliate Program represents to us that they are eighteen (18) years of age or older. It is our policy to uncover attempts by minors to access our Affiliate Program which may involve us having to access and verify your Personal Information. If we become aware that a minor has attempted to or has submitted Personal Information via the online website, we will not accept this information and will take steps to remove such information from our records.
We may periodically make changes to this policy and will notify you of these changes by posting the modified terms on our Website. We recommend that you revisit this policy regularly.
14. Contacting us
If any of your personal data changes, or if you have any questions, comments or requests regarding the protection of your personal data or this policy, please contact us by email at [email protected] or in writing at the address set out on the Contact Us page of the website.
Giantaffiliates.com has appointed a Data Protection Officer (“DPO”) who is responsible for matters relating to privacy and data protection.
Our DPO can be reached by:-
sending an email to: [email protected] or
Data Protection Officer
7th Floor, 2-4 Capital Centre, Cyprus.
If you are not satisfied with our response or you believe our use of your information does not comply with data protection law, you can lodge a complaint to the relevant regulatory authority within your jurisdiction.