Privacy Policy

This Privacy Policy (“Policy”) sets out how we collect, process and store any information that You provide us when using the website booming-games.com (“Website”), including any subpages.

Any reference in this Policy to “Booming Games” or “Company” or “We” means Booming Games (Malta) Limited with registration number C84350 with registered office at Central Business District, Q3, Level 5, Unit 2 Quad Central, Birkirkara CBD 1020, Malta. Any reference to “You” or ‘Your’ shall mean the individual accessing the Website.

We respect your privacy and we are committed to protecting your personal data. This commitment exists throughout the lifecycle of the personal data which you provide to us, from the design of any service which uses personal data to the deletion of that data. We process your personal data in compliance with the EU General Data Protection Legislation (the “GDPR”), (Regulation 2016/679) and the Maltese Data Protection Act (Chapter 586 of the Laws of Malta) as well as the various subsidiary legislation issued under the same – the ‘DPA’.

This Privacy Policy will inform you as to how we use and look after your personal data. This Policy covers, among other topics:

• Information about who we are and how to contact us;
• Transparency about how we collect and use your personal data, including when and how it is shared and the categories of recipients;
• Information on how we protect your personal data;
• Information about your rights, the choices available to you, and how we will facilitate your rights and respond to your questions.

1- Purpose of this Privacy Policy

Please read this Privacy Policy carefully and ensure that you understand it. This Privacy Policy is intended to give you a better understanding of the personal data we collect, the reason why we collect such data, the manner in which we process this data, the entities with whom we share the said personal data, your rights in relation to the collection, processing and sharing of such data and any other pertinent matter relating to privacy and security of your personal data.
Please read this Privacy Policy carefully and ensure that you understand it. This Privacy Policy is intended to give you a better understanding of the personal data we collect, the reason why we collect such data, the manner in which we process this data, the entities with whom we share the said personal data, your rights in relation to the collection, processing and sharing of such data and any other pertinent matter relating to privacy and security of your personal data.
Under the applicable laws, we are required to comply with personal data protection and processing procedures to ensure that your data is at all times stored and processed securely and that your rights as a data subject are observed and protected. We take these obligations very seriously and have implemented adequate technical and organizational measures to ensure protection of your privacy.

2- Scope

This Policy applies to all users of the Website and when Booming Games is acting as a Data Controller with respect to the information pertaining to the Website’s users. It applies to the processing of your personal data by us, primarily in connection to your use of this Website. Our Website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before any data is provided. This Policy also applies to our processing of your personal data in connection to our communication with you, our processing of your queries and/or job applications, your use of our products and/or services, and any other relationship with you that is not covered by a separate privacy policy. By using the Website You agree with the use of Your information and Personal Data in the manner set out in this Policy. This Website and our Services are not designed or directed to persons under the age of 18 with respect to the use of the Services (“Legally of Age”). If you are not Legally of Age, you should not use the Services nor provide any personal information to us.
It is important that you read this Privacy Policy together with any other privacy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them. This Website and our Services are not designed or directed to persons under the age of 18 with respect to the use of the Services (“Legally of Age”). If you are not Legally of Age, you should not use the Services nor provide any personal information to us.

3- Definitions

Data Controller means the person or organisation responsible for determining the purposes and means of the Processing of Personal Data. Booming Games is the Data Controller in respect of all personal information that is provided by You on the Website.
Data Subject means the identified or identifiable person to whom the Personal Data relates which for the purpose of this Policy shall be You, the Website’s users.
Personal Data means any information that relates to an identified or identifiable living individual. This includes where living individuals can be directly or indirectly identified using information such as a name as well as other identifiers such as unique personal identifiers, location data or other online identifiers, as well as physical, physiological, general, metal, economic, cultural or social identity.
Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Processor means the person or organisation (a third party) who processes Personal Data on behalf of the Data Controller.

4- How is your personal data collected?

Personal data does not include data where the identity has been removed (anonymous data).
We may collect personal data from you because of a legal reason or because you have consented us to do so for a specific purpose. We may collect, use, store and transfer different categories of personal data about you. Some examples of such data are listed below:
• Registration Data: includes first and last name, username or similar identifier, date of birth, territory applicable social security number where permitted or required by law, gender, country.
• Contact Data: includes postal address, email address and telephone number(s).
• Identification and Verification Data (Anti-Money Laundering/Due Diligence/KYC data): includes first and last name, permanent address and proof of address, date of birth, nationality, employment history and information, adverse media report, financial status and information (e.g. bank statement, source of income and source of wealth, tax information), Politically Exposed Person check, Sanction check screening, masked credit card details, KYC documentation (e.g. ID card, passport, utility bill, any other document as may be specified in sectoral implementing procedures issued by the relevant regulator authorities).
• Transaction and Usage Data includes details generated through your use of our services.
• Log in Data includes internet protocol (IP) address, your logins (first log in last login, last failed login), duration of log ins, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Services.
• Profile Data includes internal notes to your account, interests and preferences.
• Marketing Communications Data includes your preferences in receiving marketing from us (opt in/opt out).
• Other Communication Data provided by you in communication with us (via recorded calls, chats, emails, or SMS) which may include various data such as your intentions, interests, complaints, preferences, as well as internal communication and notes.
• Analytics Data include various data provided by your observed with respect to your use of our Website and services such as your language, location, browser data, campaigns utilised, channels used, device, and in case of online acquisition analytics also pages visited, postcards clicked, scroll depth. Certain information is collected using cookies and/or similar tracking technology.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life or sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). However, there may be times when you may voluntarily choose to disclose information like this to us, such as when you are speaking with our customer care, and these chats and emails are assigned to your account with us.

5- How is your information collected?

We collect your personal data through different methods, including:
• The information You provide us with when filling the contact form on our Website : this includes Your personal details such as: Your name, email address, and any other Personal Data You would insert in the ‘ message’ section of the contact form. This information is obtained through Your voluntary submission and, upon obtaining Your consent, and may be processed for the lawful purposes of answering Your queries, maintaining back-ups of our databases and communicating with You.
• The information we obtain from Your use of our Website (Website browsing) : This includes which content You view, Your dynamic IP address, browser type and version, operating system, referral source, length of visit, page views and website navigation paths as well as information about the timing, frequency and pattern of Your use of the Website. This usage data may be processed for the purposes of analysing the use of the Website. The legal basis for this Processing is monitoring and improving our Website (legitimate interests).
• Cookies: These are small files with a number of characters sent to Your device when You access the Website. Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and allows us to improve our website and services. Please refer to Cookies Policy for detailed information on the cookies we use and how to opt-out from them.
• Records: we may keep correspondence from You to us for records-keeping purposes and/or process Your personal information in order to satisfy our legal obligation or where we have a legitimate reason for doing so.
• Information sent to [email protected] : When You apply for a role by sending Your CV, cover letter or any other personal information to [email protected], we collect Your Personal Data for the legitimate purpose of answering to Your job application.
• Third parties and publicly available sources - We may combine the information we collect from you with information that we receive about you from other sources, such as public databases, providers of demographic information and other third parties. Due to regulatory requirements we collect know your customer (KYC) information from specialised third parties. Such information is collected only when it is reasonably necessary for the organisation’s activities.

IF YOU FAIL TO PROVIDE PERSONAL DATA

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with information related to your query).

6- How do we use your personal data?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
• To process your registration, set up and look after your account (including checks made to age verify you and to guard against fraud);
• To provide and operate the services;
• To communicate with you and to keep you informed of our latest updates to our services and special offers;
• For legal and regulatory reasons, to comply with our legal obligations and license conditions such as anti-money laundering and responsible gaming; including for the purpose of ascertaining your source of funds or income, or as required by other governmental authorities, or to comply with a subpoena or similar legal process or respond to a government request;
• Providing, maintaining, enhancing and personalizing the services and analysing how customers use the Services and the Website;
• To know your preferences and to try to ensure that the content on our Website is presented in the most effective manner for you and your computer or mobile device;
• To market our services as well as to serve you advertisements, including behavioral advertising;
• To communicate with your and to process any of your requests to exercise your legal rights;
• To identify and authenticate your access to certain features of the services;
• To detect and prevent fraudulent and illegal activity or any other type of activity that may jeopardize or negatively affect the integrity of the Services, including by identifying risks associated with your activity on our services;
• To investigate violations of our policies and Terms and Condition as well as enforce our policies and the Terms and Conditions; and
• To investigate and resolve disputes in connection with your use of the services.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email, text message or by post. You have the right to withdraw consent to marketing at any time by either unsubscribing from our mailing list or by contacting us on [email protected]

7- Who do We Share Your Personal Data with?

Booming Games may need to share Your Personal Data with third party providers for legitimate purposes as follows:
• We may disclose Your Personal Data to any member of Booming Games’ group of companies which shall include subsidiaries, sister companies and mother company and its subsidiaries) insofar as reasonably necessary for the purposes set out in this Policy.
• We may disclose Your Personal Data to our professional advisers for as long as it is reasonably necessary for the purposes of managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims.
• We may disclose Your Personal Data where such disclosure is necessary for compliance with a legal or regulatory obligation to which Booming Games is subject.
• We may disclose Your Personal Data with third party providers for the purpose of Processing and storing Your Personal Data as set out in the Policy.

THIRD PARTY TRACKING TECHNOLOGIES

When you visit or access our services (for example when you visit our Website), we use (and authorise third parties to use) cookies, pixels other technologies ("Tracking Technologies").
The Tracking Technologies allow us to automatically collect information about you and your online behaviour, as well as your device (for example your computer or mobile device), for different purposes, such as in order to enhance your navigation on our Services, improve our Services’ performance and customize your experience on our Services. We also use this information to collect statistics about the usage of our Services, perform analytics, deliver content which is tailored to your interests and administer services to our users and players.
For further information on what Tracking Technologies/cookies are, which cookies we use, how and why we use cookies, and how you can control which cookies are dropped, please read our Cookies Policy.

8- How long do We store Your data for?

We ensure that any of Your Personal Data we process shall not be kept for longer than it is necessary. Booming Games may retain Your Personal Data where such retention is necessary to comply with a legal or regulatory obligation to which We are subject, or for the protection of legitimate interests. The information You provide us when you apply for a role such as CVs are kept for a certain period of time in order to assess whether other positions that might arise can suit Your profile.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our Data Retention Policy which you can request from us by contacting our DPO.
Where your personal data is no longer required by us, we will either securely delete or anonymise the personal data in question.

9- Rights of Data Subjects

9.1 Generalities
The GDPR sets out the rights applicable to Data Subjects. Each Data Subject providing his/her Personal Data to the Company has the following rights subject to the applicable Maltese Law :
(i) the right to be informed;
(ii) the right of access;
(iii) the right to rectification;
(iv) the right to erasure (also known as the right to be forgotten);
(v) the right to restrict Processing;
(vi) the right to data portability;
(vii) the right to object to Processing
(viii) the right to object to marketing; and
(ix) the right to complain to the Malta Information and Data Protection Commissioner “IDPC”.

9.2 Data Subject Access

Data Subjects may make subject access requests (“SAR”) at any time to find out more about the Personal Data the Company holds about them, how they are processed and for which purpose.

Data Subjects that would like to make a SAR should contact the legal department of the Company at [email protected]

9.3 Rectification of Personal Data
Data Subjects have the right to require the Company to rectify any of their Personal Data that is inaccurate or incomplete within one month which shall be extended to two months in the case of complex requests, subject to applicable Maltese Laws.

In the event that such Personal Data have been disclosed to third parties, these third parties shall be informed by the Data Controller of the rectification that must be made.

9.4 Deletion of Personal Data
Subject to applicable Maltese Laws Data Subjects have the right to request that the Company erases the Personal Data it holds about them when:
• It is no longer necessary for the Company to hold that Personal Data with respect to the purpose for which it was originally collected or processed;
• The Data Subject wishes to withdraw their consent to the Company holding and Processing their Personal Data;
• The Data Subject objects to the Company holding and Processing their Personal Data and the Company has no legitimate interest to do so;
• The Personal Data has been processed unlawfully;
• The Personal Data needs to be erased to comply with a legal obligation.
All requests for deletion shall be complied with unless the Company has reasonable grounds to refuse such deletion or in accordance with applicable Maltese Laws. Such deletion shall be done within one month from the request and two months in case of complex requests. In the event the Personal Data to be erased has already been shared with a third party, the Company shall liaise with such third party and request for the deletion.

9.5 Restriction of Personal Data Processing

Data Subjects may request that the Company ceases to process their Personal Data and following such request, Booming Games shall retain only the amount of Personal Data necessary for legitimate purposes, unless other exceptions apply under applicable Maltese laws.
If such Personal Data has been disclosed to a third party, this third party shall be informed of the restriction requested by the Data Subject, to the extent permissible at law.

9.6 Objection to Personal Data Processing

Subject to applicable Maltese Laws, Data Subjects have the right to object to the Processing of their Personal Data in the following cases :
• The Processing of Your Personal Data is for the purposes of direct marketing;
• The Processing of Your Personal Data is for a task carried out in the public interest;
• The Processing of Your Personal Data is for the exercise of official authority vested in You; or
• The Processing of Your Personal Data is for Your legitimate interests

In the cases enumerated above, the Company will cease such Processing immediately unless the Company demonstrates compelling legitimate grounds for the Processing which overrides the interests, rights and freedoms of the Data Subject or where the Processing is required for the establishment, exercise or defence of legal claims or where the applicable Maltese Laws provide exceptions.
If such objection is about the Processing of Personal Data for scientific and/or historical research and statistics purposes, the Data Subject must demonstrate grounds relating to his or her particular situation and the Company shall not be required to comply if such research is necessary for the performance of a task carried out for reasons of public interest or pursuing legitimate interests or any other reasons as provided by Maltese Laws.

9.8 Right to complain

Data Subjects have the right to file a complaint to a data protection supervisory authority which for the purpose of this Privacy Policy shall be the Information and Data Protection Commissioner Office (IDPC). We would, however, appreciate the chance to deal with your concerns before you approach the IDPC so please contact us in the first instance. The IDPC’s contact details are as follows,

Address: Level 2, Airways House, High Street, Sliema
Email: [email protected]
Website: https://idpc.org.mt/en/Pages/contact/complaints.aspx
Landline: 2328 7100

10- Data Security

Booming Games employs security measures to protect Your Personal Data from access by unauthorised persons and to prevent unlawful Processing, accidental loss, destruction or damage. We uphold state of the art security measures in order to protect your personal data from unauthorized access, unlawful disclosure, destruction or modification, accidental loss, and other misuse. The security mechanism we use are technical, physical and administrative, such as encryption, firewalls, information access controls.
Despite our reasonable efforts to safeguard personal data, please note there is always a risk that a third party may unlawfully access our systems or otherwise access personal data. We do not accept liability for protecting personal data disclosed through your internet connection. We will notify you and any applicable regulator of a breach where we are legally required to do so.
Since the internet is not a completely secure environment we cannot guarantee the security of any information disclosed through Your internet connection.

11. Transfer of Personal Data outside the EU

It may be necessary for the provision of services and to the extent required for the specific purpose, as stipulated in this Privacy Policy to transfer your personal information to countries outside the EEA. The data protection and other laws of these countries may not be as comprehensive as those in the EEA.
Where your personal data is transferred outside the EEA, we use best efforts to ensure that your personal information is protected through contractual means (such as by using the standard contractual clauses (“SCCs”) approved by the European Commission for data transfer) or other means (such as ensuring that the European Commission decisions determined that such jurisdictions offer adequate level of protection).

12. Changes to the Privacy Policy and Your duty to inform us of change

We may update this Privacy Policy at any time by publishing updated version. When We make changes to this Privacy Policy, We will amend the last updated date at the top of this page. The new modified or amended Privacy Policy will apply from that revision date. Therefore, we encourage You to review this Privacy Policy periodically to stay informed about how We are protecting Your information.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

13. Further Contact

You can contact us if you have questions, comments and concerns about this Privacy Policy, or the way in which we handle your personal data. Do not hesitate to reach out to us should you wish to execute your rights as described above. Please contact us by e-mail at [email protected]

Version: 1.1

Last updated: 15 Apil 2024