1. Scope

1.1 This Privacy Notice (“Notice”) aims to give you information on how us.moonspin.com, referred to in this document as ‘we’, ‘us’, or ‘our’, collect and process your personal data through or in conjunction with your use of this website and our Services.

1.2 This Privacy Notice stipulates details and conditions of collecting and processing your Personal Details and provides you with information in accordance with the transparency principle and requirements under the applicable data protection laws.

1.3 This website is not intended for children and we do not knowingly collect data relating to children (below 18 years of age).

1.4 This Notice describes how we collect and process your personal information through the Moonspin websites and applications that reference this Privacy Notice. Moonspin refers to an ecosystem comprising of Moonspin.com (the “Site”), mobile applications, clients, applets, and other applications that are developed to offer Moonspin Services, and include independently operated platforms, websites, and clients within the ecosystem.

1.5 By using Moonspin, you consent to the data practices described in this Notice and all extensions and addendums to this Notice.

2. Controller / Processor

2.1 Darius Cubed Technology Limited is a company incorporated under the laws of Cyprus, with the register number HE406365 and address at Genevis, 2, Geneva Court, Flat/Office 301, 3116, Limassol, Cyprus. Darius Cubed Technology Limited is the controller of the data collected from you using the website us.moonspin.com.

2.2 Should your personal data be shared with third parties who are Our data processors in the sense of the GDPR, such sharing is solely carried out for the specific purposes and in accordance with Our instructions as Data Controller and on Our behalf, and such third parties may only use your personal data to the extent to which We ourselves are entitled. Furthermore, in all cases, We strive to ensure that We do not share more data than is necessary for the service providers to carry out the processing activities in accordance with Our instructions.

3. The Data We Collect about You

3.1 In accordance with the information we gather pertaining to our users:

i. Personal data – means any information that identifies You as an individual or that relates to an identifiable individual. Whenever it is not possible or feasible for Us to make use of anonymous and/or anonymized data (in a manner that does not identify any Users of the Site or customers of Our services), We are nevertheless committed to protecting Your privacy and the security of Your Personal Data at all times.

ii. Data obtained from You – We collect from You, through interaction with You or through Your interaction with Us or our Services different kinds of personal data about you which we have grouped together as follows:

a) Registration Data provided by you when you register and/or open Your Member Account including first name, last name, username or similar identifier, date of birth, territory applicable social security or similar identification number where permitted or required by law, gender, country.

b) Contact Data includes permanent address, email address and telephone numbers.

c) Identification and Verification Data (Anti-Money Laundering/Due Diligence/KYC data) that include your name, surname, permanent address and proof, age, nationality, family members, degrees and qualifications, schools/universities attended, employment history and information, media involvement, financial status information, masked credit card details, proof of e-wallet ownership such as PayPal, PaySafe, etc. territory applicable personal identification where required or permitted by law, KYC documentation (e.g. ID card, Power of attorney).

d) Responsible Gambling Data including name, surname, Zip Code, email, phone number, country, date of birth, territory applicable social security or similar identification number where permitted or required by law, approved transactions (purchases and redeems), denied transactions (purchases and redeems), Identification and Verification Data, Self-exclusion Data.

e) Self-exclusion Data include data pertaining to you and your self-exclusion such as your Registration and Contact Data and your self-exclusion information such as reason, start and date, utilization of self- exclusion tools such as exclusions, session limit, loss limit, wager limit, purchase limit, reality check.

f) Payments Data includes bank/payment account details, as well as information pertaining to a transaction such as currency, location, amount/value, client IP, user ID, token.

g) Transaction and Usage Data generated through your use of our Services (e.g. playing Games) and include payments to and from you (purchases, redeems, failed purchases and reversed redeems) and other details of Services you have purchased from Us (such as bets, wagers (real and bonus), wins), date and time of the transactions, account balances (bonus and real), bonuses used (conversion and forfeiture), bonuses turnover, bonuses balance, channels used, transaction games played, language, country, account balances.

h) Log in Data includes internet protocol (IP) address, your logins (first log in last login, last failed login), duration of logins, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Services.

i) Profile Data includes internal notes to your account, interests, preferences, feedback, information about events which you have attended; Your preferences as to whether you wish to attend any events, and what type of events you prefer; Any bonus/cash back deals, or bonus preference you have been offered or benefitted from; Whether you have received any giveaways or, and your preferences regarding what type of gifts you would like to receive; Your preferences as to contact channels; information regarding your hobbies and interests;

j) Marketing Communications Data includes your preferences in receiving marketing from us (opt in/opt out), as well as your Contact and Registration Data.

k) Other Communication Data generated as part of communications with Us (via recorded calls, chats, emails, or SMS) which may include various data such as network communication data, content of the communication including your intentions, interests, complaints, preferences, as well as internal communication and notes.

l) Analytics data include various data generated with respect to your use of our Website and Services such as your player ID, language, location, browser data, campaigns utilized, channels used, device, payment provider, Transaction and Usage data and in case of online acquisition analytics also pages visited, postcards clicked, scroll depth. Certain information is collected using cookies and/or similar tracking technology.

iii. Data obtained from different sources:

a) For the purpose of Anti-Money Laundering (AML) and Countering Financing of Terrorism (CFT), we gather information about the player’s background from public sources where such information is available and permitted by the law. Additionally, we may obtain information from third-party providers, who are mostly private companies that work with public sources. This information includes whether the player is a politically exposed person, if any international or financial sanctions have been imposed, and any details regarding corporate or property ownership, court judgements, insolvency, and taxation that are legally required or allowed in your region. We use a process called Open-Source Intelligence (OSINT) analysis, which involves collecting publicly available information from sources like Google, social media platforms such as Facebook, Twitter, Pinterest, Instagram, LinkedIn, and other sources. This is done to establish the source of funds and wealth during the AML risk monitoring and due diligence process.

b) To comply with our legal obligations stemming from applicable laws and license conditions.

c) If a player is registered with a National Self-Exclusion Register. This information is received once you log-in. Registration with such a register means that you cannot register with Moonspin and you will not be able to log on to your Member Account. You will also not be sent any commercial messages directed to you personally.

d) Profile data (hobbies, interests) are also gathered by search of publicly available sources such as Facebook, LinkedIn, Twitter and Instagram, Google search.

e) To simplify the sign-up procedure a separate process, such as (i) Bank ID or similar, (ii) Facebook connect, (iii) Google sign-In, (iv) Apple Pay (v) a similar Pay n Play option, may be used as a source for identification and verification. If such a process is used, once the authorization of access and the necessary information is provided by You upon sign up, personal data (Registration and Contact Data) will be automatically fed to the players profile from the third-party source to facilitate your registration.

iv. Special categories of Personal Data – We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). However, from our experience, we may not exclude that You, at your own discretion, send us such data in communication with Us.

v. If You fail to provide data – Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with Our Services).

vi. Username – Please make sure that your username does not contain any personally identifiable information, as the username is shared with certain partners and in the course of the sharing of the username, this is not, separately, considered personal data.

4. Why and how We use Personal Data

4.1 We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

a) To allow You to participate in Games and to provide ancillary services to You;

b) To allow You access and use of the Website;

c) For legal and regulatory reasons, to comply with our legal obligations and license conditions such as Anti-money laundering and responsible gaming;

d) For identification and verification proposes;

e) To prevent and detect illegal or fraudulent behavior;

f) for purposes that constitute a legitimate interest of Moonspin regarding direct marketing of its own similar goods and services via electronic mail; and

g) for purposes that constitute a legitimate interest of Moonspin regarding direct marketing via live telephone calls or postal mail;

h) for analytics purposes.

4.2 We have set out below, in a table format, a description of the possible ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.¹

Purpose Data Category Legal Basis
To register You as a new player; to identify You and verify You when You access your account to allow You to participate in Games • Registration Data• Contact Data• Log-in Data • Performance of the contract
To allow your participation in the Games • Transaction and usage Data • Performance of the contract
To process and manage payment transactions • Payment Data• Transaction and Usage Data • Performance of the contract• Compliance with legal obligations
To manage our relationship with You, to provide you with access to Games and any ancillary services • Registration Data• Contact Data• Profile Data• Other Communication Data• Transaction and Usage Data• Self-exclusion Data • Performance of the contract• Compliance with legal obligations
For AML/CFT and due diligence purposes • Registration Data• Contact Data• Identification and Verification Data• Transaction and Usage Data • Compliance with legal obligations
To establish and investigate any suspicious behaviour in order to protect our business from any risk and fraud • Registration Data• Contact Data• Identification and Verification Data• Log in Data• Payments Data• Other Communication Data • Legitimate interest (detection and prevention of fraud)
Identification and investigation of gaming activity for responsible gaming purposes • Responsible Gaming Data• Self-exclusion Data• Other Communication Data • Compliance with legal obligations
Direct Marketing of our own goods and services (Games) – including bonuses and offers • Marketing Communication Data • Legitimate interest (to promote our own Service, to develop our business and enhance relationship with)• Consent
Social Media Marketing • Contact Data • Legitimate interest (to promote our own Service, to develop our business and enhance relationship with)• Consent
Commercial business analyses for the creation of standards, periodical as well as ad hoc reports • Transaction and Usage Data• Analytics Data • Legitimate interest (to develop our products/services and grow our business)
Web Analytics • Transaction and Usage Data• Analytics Data • Legitimate interest (to develop our products/services and grow our business)

4.3 Direct Marketing – In compliance with relevant laws and regulations, both locally and nationally, and through a legitimate interest or with your consent, Moonspin may periodically notify You about similar products or services. This includes, but is not limited to, new services and promotions, bonuses and offers. This notification may be conveyed through (i) electronic email (or SMS), or (ii) social media, or (iii) live phone calls, or (iv) postal mail, or (v) push notification (desktop and/or app).

4.4 When relying on legitimate interest, Moonspin will give you the opportunity to oppose such direct marketing when registering on Our site.

4.5 When relying on consent, the consent may be granted by You when registering on Our site.²

5. Retention

5.1 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

5.2 The criteria We use to determine what is ‘necessary’ depends on the nature of the particular personal data in question. Our normal practice is to determine whether there is/are any law(s) (for example license requirement, tax or corporate laws) permitting or even obliging Us to keep certain personal data for a period of time (in which case We will keep the personal data for the maximum period indicated by any such law) and if not, whether there are any laws and/or contractual provisions that may be invoked against Us by You and/or third parties and if so, what the prescriptive periods for such actions are. In the latter case, We will keep any relevant personal data that We may need to defend Ourselves against any claim(s), challenge(s) or other such action(s) by You and/or third parties.

5.3 Where Your personal data is no longer required by Us, We will either securely delete or anonymize the personal data in question.

6. Recipients of Your Personal Data

6.1 As Moonspin’s business partners, suppliers or service providers are responsible for certain parts of the overall functioning or operation of the Website, Games and other services, Personal data are processed also by them for the above-mentioned purposes on behalf of Moonspin.

6.2 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes unless this is permitted or required by law, and only allow them to process your personal data for specified purposes and in accordance with our instructions, after thorough vetting of these partners and on the basis of strict data processing agreements as may be necessary.

6.3 Details on the categories of recipients of the personal data:

i. game providers for the purpose of provision of games;

ii. sportsbook provider for the purpose of provision of sportsbook service and risk management purposes;

iii. payment service providers to perform payment transactions (purchases and redeems);

iv. marketing suppliers to perform certain marketing activities on behalf of Moonspin;

v. marketing partners to perform certain marketing activities on behalf of Moonspin;

vi. marketing consultants to provide marketing advice to Moonspin;

vii. service providers that technically enable communication with You (via email, chat, SMS, phone);

viii. Technical suppliers to support functioning of the Website and Our technical systems (both front and back end);

ix. Technical administrators of the database to maintain the functioning of the database;

x. AML providers providing and/or processing certain data for the purposes of compliance with our AML obligations;

xi. Cloud services providers for provision of cloud-based services such as storage or hosting certain software;

xii. Service providers for the purpose of data analytics and/or business intelligence;

xiii. Credit rating agencies, fraud detection agencies, anti-money laundering agencies for fraud detection and control purposes, in the processing of Your Member Account and associated transactions;

xiv. Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

6.4 If You are suspected to have breached our Terms and Conditions or any applicable laws (for example when we suspect that a crime may have been committed), or for the purpose of preventing, detecting or suppressing fraud or other criminal activity, Moonspin has a right to: (a) forward your personal data to the government authorities; (b) share any of Your Personal Data to the relevant gambling regulator(s); (c) share Your Personal Data with relevant law enforcement and/or crime investigation bodies; (d) respond to any Court subpoena or order or similar official request for personal data.

7. Data Security

7.1 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In order to comply with the applicable law, various technical controls ensure data and information are always encrypted during transit and at rest using industry standard encryption techniques across the board. This ensures confidentiality and integrity at all times.

7.2 In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a need to know business requirement. They will only process your personal data on our instructions or subject to a lawful ground, as well as their duty of confidentiality.

8. Your Rights under the Data Protection Laws

8.1 You have the right to request confirmation from Us regarding the processing of your personal data and We will provide you with access to the following information with reasonable intervals:

• What personal data we have about You;

• The reasons why we are processing your data;

• The recipients to whom your data may have been disclosed;

• The duration for which we intend to keep your data (if possible);

• Whether we transfer your data and the safeguards we have in place to protect your data;

• Your rights with respect to your personal data;

• The process for making a complaint;

• The source of your personal data;

• Whether we have used any automated decision-making or profiling, and any related information.

8.2 Right to Rectification – Although all reasonable efforts will be made to keep Your Personal Data updated, you are kindly requested to inform Us promptly of any changes. With respect to your residential address and phone number, you can notify us of the change by amending Your profile of any changes to Your Personal Data. If the change pertains to data that cannot be amended by changing your profile, please contact us. To this end You have the right to ask Us to rectify inaccurate personal data and to complete incomplete personal data concerning You. We may seek to verify the accuracy of the data before rectifying it.

8.3 Right to Erasure – You have the right to ask Us to delete Your personal data and We shall comply without undue delay but only where:

• The personal data are no longer necessary for the purposes for which they were collected; or

• You have withdrawn Your consent (in those instances where We process on the basis of consent) and We have no other legal ground to process Your personal data; or

• You have successfully exercised Your right to object (as explained below); or

• Your personal data has been processed unlawfully; or

• There exists a legal obligation to erase the data to which We are subject; or

• Special circumstances exist in connection with certain children’s rights.

8.4 Right to Data Restriction – You have the right to ask Us to restrict (that is, store but not further process) Your personal data but only where:

• The accuracy of Your personal data is contested (see the right to data rectification above), for a period enabling Us to verify the accuracy of the personal data; or

• The processing is unlawful and You oppose the erasure of Your personal data; or

• We no longer need the personal data for the purposes for which they were collected but You need the personal data for the establishment, exercise or defense of legal claims; or

• You exercised Your right to object and verification of Our legitimate grounds to override Your objection is pending.

8.5 Following our request for restriction, except for storing Your personal data, We may only process Your personal data:

• Where We have Your consent; or

• For the establishment, exercise or defense of legal claims; or

• For the protection of the rights of another natural or legal person; or

• For reasons of important public interest.

8.6 Right to Data Portability – You have the right to ask Us to provide Your personal data (that You shall have provided to us) to You in a structured, commonly used, machine-readable format, or (where technically feasible) to have it ‘ported’ directly to another data controller, provided this does not adversely affect the rights and freedoms of others. This right shall only apply where:

a) The processing is based on Your consent or on the performance of a contract with You; and

b) The processing is carried out by automated means.

8.7 Right to Object to Certain Processing – In those cases where We process Your personal data for the performance of a task carried out in the public interest or when processing is necessary for the purposes of the legitimate interests pursued by Us or by a third party (as indicated in the Table in the clause 4.2 above), You shall have the right to object to processing of Your personal data by Us.

8.8 When Your data is processed for direct marketing purposes, You have the right to object at any time to the processing of Your personal data, which includes profiling to the extent that it is related to such direct marketing.

8.9 Right to Withdraw Consent – In situations where we handle your personal data based on your consent, We will never assume your consent but rather obtain it from You in a clear and explicit way. You have the right to withdraw your consent at any time and the process of doing so should be the same as providing it. If You decide to withdraw your consent, We will check if We have an alternative legal basis for processing your personal data, such as a legal obligation. If We do, We may still process your data without your consent and will inform You accordingly.³

8.10 Right to lodge a Complaint – You are entitled to file complaints with the relevant Data Protection Supervisory Authority. If you reside in an EU member state, you can file a complaint with the Data Protection Authority of that particular state. However, We request that You first attempt to resolve any issues with Us before contacting the competent authority, even though you have the right to do so at any time, as mentioned above.

9. Cookies

9.1 Moonspin site uses cookies, for further information on what cookies are, which cookies We use, how and why we use cookies and how you can control which cookies are dropped, please read our Cookies Notice.

10. Contact Details

• General email address: info@moonspin.com

• Legal Representative/DPO email address: legal@moonspin.com

¹ Please note that the table sets out the general information about the Personal Data We process. Certain data categories and/or purposes may differ in different jurisdictions and/or brands under which Moonspin provides its services.

² Note that even if You object to receiving direct marketing materials, from time to time, We may still need to send You certain important communications from which You cannot opt-out.

³ Note that while You can decline to provide Us with your personal data, we may not be able to provide you with the services you requested if we need that information, especially if consent is the only legal ground we have available to us.