At Betathlon Ltd, we care about the privacy and security of your personal information and we take measures to ensure that your personal information is properly handled while in our possession and in the possession of others to whom we may disclose it.
This Policy explains when and why we collect personal information about visitors to our website and about natural persons in general, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
Name: Dr. Christiana Markou
Address: 2, Amfipoleos street, Marcou Tower Office 201, 2025 Strovolos Nicosia.
BΕΤATHLON LTD (HE 310010) is a Cypriot company that was founded in 2012 and is licensed with Class A license by the National Betting Authority of Cyprus. The company offers odds for betting on various sports in stores located all over the Republic of Cyprus. Betathlon Ltd has a wide range of Pre-game and Live bets on most popular sports such as football, basketball, volleyball, tennis, cricket, rugby, formula 1, as well as special bets on events such as the World Cup, European Football Championship, Eurovision Song Contest.
Block B , Offices 101 – 103, 28th October 1, Egkomi 2414, Nicosia Cyprus
We obtain information about you when you use our website, for example, when you contact us with a request, query or complaint, or if you register to receive information from us.
We also collect information about you offline, specifically, when you take part in a competition, when you lose your coupon or when you bet or win an amount that exceeds 2000 Euros. We also collect information about you when you contact us submitting requests, queries or complaints to us in person or through any means of distant communication.
We also collect visual material through cameras, operating at the entry and exit points of our offices as well as over the cash registry of our own betting shops.
The personal information we collect may include your name, date of birth, passport or identity card number, telephone number, address, email address, IP address, a utility bill, copies of passport or identity card, as well as the amount you won in case you lose your coupon.
We also collect any other information you provide by filling in and submitting web forms on our website or Facebook Page such as a query, rating, comment, request or complaint. If you have liked our Facebook Page, we collect your Facebook name as well as any likes, views or comments you make on posts on our Facebook Page as well as anonymized statistics regarding how users engage with it as provided by Facebook. In a similar manner, we collect your Instagram, Twitter or LinkedIn Name, as well as any likes, retweets, views or comments you make on our publications on those profiles.
We have reviewed all our forms to ensure that we only collect and process information that is strictly necessary for the intended purpose specified or being apparent to you or is required by law, thereby avoiding excessive or unnecessary processing.
Finally, we collect visual material through a camera that operates at the entry and exit points of our offices, as well as over the cash registry of our own betting shops. You can find out when and why we collect this information, how we use it, the terms in which we may disclose it to third parties, and how we keep it secure, by clicking here.
We use your information lawfully in accordance with Article 6(a), i.e., for purposes you have consented to, Article 6(b), i.e., as necessary to conclude or perform a contract with you, Article 6(c), i.e., to comply with obligations imposed by law (such as tax legislation, the payment of tax and Levy to the National Betting Authority, the Betting Law of 2019 (L. 37(I)/2019) and the Prevention and Suppression of Money Laundering Activities Law (L. 188(I)/2007)) and Article 6(f), i.e., as necessary for legitimate interests we pursue as a business.
We provide more details immediately below to help you understand how exactly we use your information:
We use your information in order to:
- respond to betting placing, proposals, requests or queries submitted by yourself or communicate with you as explained in more detail immediately below.
- process or examine betting placements submitted by you;
- pay any winning coupons when you bet or win a coupon that has won over 2,000 Euros, regardless of whether the transaction is performed by a single transaction or by multiple transactions between which there appears to be some connection.
- carry out our obligations arising from any contracts entered into by you and us or take steps to enter into such contract;
- confirm your identity, age and address;
- comply with or responding to demands by the National Betting Authority and generally meet obligations derived from tax law, betting law and the prevention and suppression of money laundering law;
Article 6 (f)
- monitor transactions for the purposes of preventing fraud or money laundering and spot irregular betting behavior;
- carry out customer research, surveys and statistics having previously anonymized relevant data;
Article 6 (a)
- provide you with information about promotional offers and our products and services, where you have consented to such communications; and
- send you communications which you have requested such as a reply to a query;
Your information is mainly stored in computer servers situated in our premises in Cyprus. In some particular cases, such as when a problem arises that needs solving, the information is stored in physical files kept at our premises in Nicosia, Cyprus. In case you contact us via email, the personal information contained in the corporate email is stored on the Godaddy servers in London.
We only keep information for as long as it is necessary for us to service you as a client and effect any payments and as required to comply with legal or regulatory obligations to which we are subject, more specifically, those arising from betting, tax and anti-money laundering legislation, to be able to defend or institute any legal actions against or in the name of our company. Personal data are retained for a period of at least five (5) years from the date of the last transaction and may not be destroyed unless the period of five (5) years has elapsed and the prior approval of the National Betting Authority is acquired (Article 57). Generally, for the above purposes, we retain your information as long as we maintain a contractual relationship with you and for up to eight (8) years after the termination of this relationship.
In case, we have obtained your consent to collecting or using information for a particular purpose, such as marketing or commercial communications, we retain that information unless and until you decide to withdraw your consent or you object to its processing.
We retain information we collect about you in your capacity as a mere visitor to our website for one year. Six months is the retention period applying to information we have collected as a result of yourself addressing a query or a comment to us through email or otherwise, when we have never had a contract with you.
As for the optical material recorded by the cameras as explained above, they are maintained for a period commensurate with the hard disk space and the movement observed in the space, which can range from 2 weeks to 4 months after recording.
In case of a maximum retention period specified by the Data Protection Commissioner applying to the domain of our services, we will immediately adhere to any such specified maximum retention period.
After the lapse of the aforementioned periods of retention, we remove it from our systems by deleting it or we fully anonymize it so that you can no longer be identified from it. In this latter case, we do not delete all of the information, but only those pieces of information such as your name, address, email address, that reveal that the said information belongs to you.
We will never sell or rent your information to third parties and we will not share it with third parties for marketing purposes.
We may pass your information to third party service providers. Such third parties may be technical service providers providing us with the software systems (or their maintenance) necessary to contact administrative tasks inherent in the provision of our services to you or in the conducting of our business or messengers and/or delivery companies we use to deliver correspondence. We only disclose to them the personal information that is absolutely necessary to deliver the service or perform the said task and when required by the Regulation, we have a contract in place that requires them to keep your information secure and in accordance with the principles and rules of the General Data Protection Regulation and not to use it for their own direct marketing purposes or for any purposes other than to provide the service or complete the task as explained above.
All of the above apply for our Twitter, Instagram and LinkedIn Profiles. You can view their privacy policies here: https://twitter.com/en/privacy, https://help.instagram.com/402411646841720, https://www.linkedin.com/legal/privacy-policy
We may also pass your information to our lawyers and accountants/auditors to the extent necessary to defend or institute legal claims and to comply with legal obligations with regards to financial accounts and tax reasons respectively.
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganization in which case we will take measures to ensure that all data protection principles and related rights as derived by the General Data Protection Regulation are fully complied with, prior, during and after the relevant transfer.
Finally, we may disclose your information to public and/or regulatory authorities (MOKAS, FIFA, National Betting Authority, Police), if disclosure is required by law or an order issued by a court of law or as part of compliance with our licensing conditions imposed by betting law and/or the National Betting Authority.
Other than the above, the recipients of personal data will be the authorized members of our staff which are contractually bound by confidentiality and security obligations and have been informed and trained to handle your personal data in accordance with the rules and principles of the General Data Protection Regulation.
You may at any time send us any of the following requests and we will meet them the earliest possible and in any case, within a month from the date of receipt of your request and inform you about the action we have taken. If your request is for any reason complex to examine or meet, we will ask you for an extension before the aforementioned one-month period expire.
If we have legitimate reasons to refuse to satisfy your request, we will inform you accordingly and in this case, you have the right to submit a relevant complaint to the Cyprus data protection authority, namely, the Data Protection Commissioner, http://www.dataprotection.gov.cy/ if you believe that our decision is unjustified.
These are the requests you can submit to us:
A request that we permanently delete all or some of your information from our records (right to be forgotten or to erasure), for example when we no longer have reasons to retain it.
A request for you to access your information that we keep in our records (right of access)
A request that we provide you with a copy of your information that exists in our records, in digital or hard copy form. If you require more than one copy, we may charge you a maximum of EUR10,00 as administrative costs. (right to a copy)
A request that we update or correct your information that we keep in our records (right to rectification), for example, in case it is outdated or contains errors or inaccuracies.
A request that we provide you with information of yours we keep in our records in a structured, commonly used and machine-readable format or forward it in such form to another provider of your choice, if such forwarding or transfer is technically possible (right to portability). Please note that this right applies only in relation to data that you yourself has provided to us with and which we process by electronic means.
A request that we stop doing anything with your information without however deleting it from our records (right to restriction of processing)
Please note that before acting upon any of your above requests, we may require you to prove your identity, if we are in doubt about your true or correct identity. If we cannot identify you, i.e., we do not hold personal data belonging to the person you are saying you are, we will inform you accordingly and we will not act upon your request.
When you give us personal information, we take organizational and technical measures to ensure to keep it secure and protected against unauthorized disclosure, alteration, accidental loss or other violation. We list herein below some of the technical and organization measures we apply:
- We take reasonable endeavors to avoid a situation whereby files or documents containing personal data are allowed on open view without reason. All such documents/files are securely kept in locked file cabinets to which access is limited to authorized personnel of our company.
- We apply a strict permission policy according to which our personnel have access only to such parts of our software or systems as strictly necessary to perform their work tasks and duties. We have specified all relevant roles and permissions in a written security policy and we follow procedures through which access is interrupted or blocked should the need arises, such as when a personnel member leaves our company.
- We apply a process of automatically recording actions on servers and network equipment, and daily monitoring of the actions performed on the data processing system. Further, maintenance is carried out weekly, during which data protection is ensured through supervision during interventions by third parties.
- We follow an effective procedure of data destruction ensuring that all documents no longer necessary are effectively destroyed, specifically through a shredder machine.
- We do not engage into an excessive or unnecessary use of the function of email copying (cc).
- Our personnel save all documents and work directly on our servers, thereby ensuring that no personal data remains on the disks of our computers and each employee only has access to the relevant with its duties part of the server.
- All hard copy files are kept in a locked cabinet placed in the office of the department handling them. Older files are stored in boxes in a locked warehouse.
- Most fax numbers are stored on the fax machine and, accordingly, most of the email addresses we use are saved to our mailing list and appear automatically after typing their first letters, which helps avoiding typing errors.
- Access to all computer terminals is protected by a strong-security password known only by the member of our personnel to whom a given working station is assigned. An automated locking system is applied to all computer terminals.
- Access to all software of our company and to email and data storage services used by our company is password-protected. All passwords are kept securely and are updated periodically.
- We do not store documents containing personal data in cloud data storage applications.
- We apply effective anti-virus and firewall software and we engage in systematic updates of the said security software.
- We obtain back-up copies of all of the data we store and process daily and we store the said copies in a secure environment at a location different from where the primary data exists and only the IT officer has access to it, it is locked and monitored by a closed circuit monitoring system. We also back up our data processing software daily, in accordance to the provider’s instructions.
- Backups are obtained before each upgrade of our software.
- The support service of our data processing software is offered on site under supervision or remotely through a secure VPN.
- We have a fire protection system in operation on our premises aiming at protecting the physical files with personal data we maintain.
- Access to the Internet through our computers has been limited so that the possibility of access to unsecure or illegal websites presenting a risk to the security of our systems is reduced.
- Access to our data processing software is not possible remotely, except by specific members of the management of the company who login by submitting their credentials through secure VPN with systematically updated passwords that only our IT Manager knows.
- Activity on our data processing software is restricted so that only the IT officer can edit or delete data.
- Remote access to corporate email through personal devices of our personnel is possible but we are notified every time a new device has gained access to email so that we can readily verify that it belongs to authorized personnel. In the event that a personal device is lost or stolen, we have taken measures enabling us to remotely disable or prevent access to corporate email from the said device or delete all content, in the event it appears that contrary to our policy, the personal device has been used to store personal data of our customers.
- The servers supporting our systems and databases are not used as working stations and are situated in server rooms to which access is restricted.
- When you use the form on our websites to submit personal data to us, your information is encrypted and protected through the use of RSA algorithm and key length 256 bit. This means that what you send and receive from the website is encrypted, which makes it difficult for anyone else to see, read or take possession of this data. You know that your information is encrypted, when you see a lock icon appearing on the address bar of your web browser before the URL of the web page you are on.
- We have trained our personnel with regards to how they should handle personal data in accordance with the requirements of the General Data Protection Regulation and we have signed contracts with the parties who process data together with us or on our behalf which oblige the said parties to keep your data private and secure and process it in accordance with the requirements of the General Data Protection Regulation.
We do not transfer your information outside the European Union. If we ever have to transfer your personal information to a country that is not a Member State of the EU, we will make sure that your personal information will be given analogous and/or appropriate respect and protection, specifically by signing with parties based outside the EU, data sharing or a ‘controller-to-processor’ agreements that meet the requirements of the Regulation, particularly Article 46, if the country is one about which there is no EU Commission Decision of Sufficiency as per Article 45 of the Regulation.