1. Scope

This Permission Marketing Privacy Policy has been created to prove our firm commitment to your privacy and the protection of your personal information. The purpose of this policy is to make it clear to you how we collect your information, for which purpose and how we use it. If after reading this policy you have question in relation to the processing of your personal data, please do not hesitate to contact our data protection team.

  1. Overview of Data Processing Activities

From time to time, you may participate in certain offers, promotions or fill in some forms or surveys on third party websites, social media pages or applications (“Collection Points”). At times, your participation is in exchange for an opportunity to win a gift or something similar. We collaborate with those companies that organize/manage those Collection Points and, always with your permission (which we obtain from you directly) in one of the Collection Points, we receive a copy of your personal data and contact details (“Information”).

We will use that Information for the purposes of delivering to you, generally through electronic communications (e-mail or any other instant messaging service or SMS) content that may interest you. Always remember that when you no longer want to hear from us you can unsubscribe and when you no longer want us to hold your data you may ask us to delete all information we hold about you.

The information, offers, promotions that you receive from us may be about the products or services or several of our clients, but we do not share your data with them. We run their advertising and your personal data remains safe in our care.

  1. Details of the Data Controller

Gaming Innovation Group plc., of @GIG Beach, Triq Id-Dragunara, St. Julians Malta is a data controller for the Information that we obtain on you through this website.

  1. Why did you receive an electronic communication from us?

Your Contact Details (as defined below) have been shared with us by our partners through a Collection Point only after you have specifically been informed and accepted.

  1. Where we collect your Information from

We may receive Information about you from our partners that run and manage the Collection points. We receive Information that you may enter in a form made available by them.

  1. How your Privacy is protected

We use the latest 128-bit Secure Socket Layer (SSL) encryption technology to ensure that your Information is transferred securely over the Internet to our secure server which is protected by the latest firewall. Your Information is kept confidential and secure and is not shared with other organizations for commercial purposes, other than those listed in this Policy for the stated purpose.

  1. Categories of data held about you

The Information collected and processed about you can be grouped into the following categories:

Gaming Innovation Group is not collecting any data considered as sensitive data.

Sensitive data is defined as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and the processing of genetic data, biometric data for uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

  1. Lawful basis for processing personal data

We have set out below, in a table format, a description of all the ways we plan to use your Information and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.


Category of data

Lawful basis for processing including basis of legitimate interest

To keep an updated database

(a) Identity

(b) Contact

(c) Technical

(d) Transactional

(e) Usage

(f) Marketing and Communications Data

(a) Necessary for our legitimate interests (to keep our records updated)

To manage our relationship with you which will include:

(a) Notifying you about changes to our Privacy Policy

(b) Ensure that we have correct and updated details about you.

(a) Identity

(b) Contact

(c) Marketing and Communications

(a) Performance of a contact with you

(c) Necessary for our legitimate interests (to keep our records updated)

To send you promotional information.

(a) Identity

(b) Contact

(c) Usage

(d) Marketing and Communications

(a) Consent (if we contact you by means of direct marketing).

To administer and protect our business and the Site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

(a) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, and in the context of a business reorganization or group restructuring exercise)

To understand and measure the effectiveness of the advertising we serve to you.

(a) Identity

(b) Contact

(c) Usage

(d) Marketing and Communications

(e) Technical

Necessary for our legitimate interests (to deliver relevant interests to you through the Site based on your past activity)

To use data analytics to improve our Services.

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of users, to keep our Site updated and relevant and to develop our business)

To make suggestions and recommendations to you about products that may be of interest to you

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Marketing and Communications Data

(a) Necessary for our legitimate interests (to grow our business) if suggestions are delivered via the Site or our email address

(b) Consent (if we contact you by means of direct marketing).

Share the Information with our clients or third-party suppression database providers for the purposes of ensuring that you are not on any register or list which prohibits us from contacting you.

(a) Identity

(b) Contact

Necessary for compliance with legal obligations.

Share Information with third parties that process data on our behalf, such as our suppliers, and communication providers.

Necessary for our legitimate interests for us to be able to provide a service as efficiently as possible and using the best available resources and technology.

  1. Usage and Sharing

We use the Information we have received about you in order to send you information, offers and promotions of businesses that appoint us to share their products, services and offers to our network.

We do not share the Information with our clients and for the purposes of clarity, we are sending you the communications ourselves even though the communication is branded for each client. In the event that you follow any link contained within the communication (or anywhere on our site) to the third party’s website, you will be subject to the Privacy Policy of our client directly and we do not receive any further Information about you from them, except that we are informed whether you have made a purchase or not (which is required for our legitimate interests).

We will never sell, share or rent individual Information which is not covered by the purpose of this Privacy Policy or without your advance written permission or unless ordered by a court of law.

Information submitted to us is available to employees managing this information for purposes of contacting you or sending you electronic communications.

We may also from time to time appoint various third-party suppliers to assist us in the delivery of communications to you. For example, we need to use an SMS or email service provider or similar providers who may deliver messages to you on our behalf. We will ensure that such third parties are under an adequate agreement with us which guarantees equivalent security and privacy measures to safeguard your data, also known as a Data Processing Agreement. These third-parties are obliged by contract with us not to use the data we provide to them for any purpose other than to send the message to you on our behalf. Once we cease to use their services, they are further bound by contract to delete all Information that we may have provided to them previously.

We also use third party cloud service providers that host servers within the EU/EEA for the purposes of hosting our databases. The Information collected is stored on these servers and we ensure that we use hosting partners that are reputable and offer the highest degree of security to your Information.

We may be required to disclose or share your Information in order to comply with any legal obligation or in order to enforce or apply our terms and conditions and other agreements; or to protect our rights, property, or safety. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction as well as co-operating with authorities that make requests for information to us.

Lastly, in the event that we agree to transfer our business, we will disclose your personal data to the prospective buyer or their lawyers, consultants, financial advisers and employees both during the due diligence process and also as part of the transfer of the business. This includes any transfer of data required under any agreement between us and the new owner of our business.

  1. Other sites

Even though we provide you with any adverts of third parties, we do not share your Information with third parties.

As soon as you are redirected to another site (“Third-Party Site”) by clicking on the link sent via our electronic communications of third party brands advertised, the Terms and Conditions, the Privacy Policies and data processing practices (which we have no control over) of the Third-Party Site shall apply.

This Privacy Policy shall no longer apply to you and to any activities you do on any such Third-Party Site.

  1. Cookies

You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

  1. Your Rights

In certain circumstances, you have specific rights under the data protection laws in relation to your Information.

Request access to your Information. You have the right to access Information held about you. Your Information may be requested by contacting us on We shall comply with any reasonable access request.

Request correction of your Information. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your Information. You have the right to ask us to delete any Information we hold about you. This enables you to ask us to delete or remove Information.

Object to processing of your Information. You also have the right to object where we are processing your Information on ground of legitimate interest. In some cases, we may demonstrate that we have compelling legitimate grounds to process your Information which override your rights and freedoms.

Request restriction of processing your Information. This enables you to ask us to suspend the processing of your Information in the following scenarios: (a) if you want us to establish the data’s accuracy; or (b) you have objected to our use of your Information, but we need to verify whether we have overriding legitimate grounds to use it; or (c) where you contest that our use of your Information is unlawful.

Right to unsubscribe from electronic communications. How can you stop receiving electronic communications from us. You have the right at any time to change your mind in relation to us being able to contact you with electronic communication. You can exercise your right to stop receiving electronic communications (opt-out) by following the unsubscribe guidelines at the end of every electronic communication sent to you. Please allow up to 48 hours for any changes you make to your marketing preferences to be fully processed. Please remember that even if you opt out of receiving electronic communications, we may still send you important details related to your Information in case of data breach or suspicion of data breach.

Right to withdraw consent. In cases where we rely on your consent for the processing of Information, you have a right to withdraw your consent at any time.

We will retain copies of any communications that you send to us (including copies of any emails) in order to maintain accurate records of the information that we have received from you.

You can also exercise your rights at any time by contacting us at All communications with us must be through the e-mail address that is associated with your account. We will verify your identity prior to responding to any request.

  1. Data Retention

We will only retain your Information for as long as necessary to fulfil the purposes we collected it for (e.g. such as providing you access to our Services), including for the purpose of satisfying any legal, accounting or reporting requirements. If you want to know how long we retain information collected via the use of cookies read our cookie policy. In some circumstances we may anonymize your Information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

  1. Contact Us

In case of any questions about our data processing activities, please contact our Data Protection Officer on the following address:

Postal address: Data Protection Officer c/o Legal Office, @GIG Beach, Triq id-Dragunara, St. Julians, STJ3148, Malta.

  1. National Laws and Jurisdictions


Office of the Information and Data Protection Commissioner

Address: Second Floor, Airways House, High Street, Sliema SLM 1549

Phone: +356 2328 7100


GDPR direct link:


Address: Borgergade 28, 5
Phone: +45 33 1932 00
GDPR direct link:

United Kingdom

Information Commissioner’s Office  

Address: Water Lane, Wycliffe House, Wilmslow - Cheshire SK9 5AF

Phone: +44 1625 545 700


GDPR direct link:

The Netherlands

Autoriteit Persoonsgegevens

Address: Bezuidenhoutseweg 30, P.O. Box 93374, 2509 AJ Den Haag/The Hague

Phone: +31 70 888 8500

GDPR direct link:


Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit

Address: Husarenstraße 30, 53117 Bonn

Phone: +49 228 997799 0 or +49 228 81995 0


GDPR direct link:



Address: Drottninggatan 29, plan 5

Phone: +46 08-657 61 00


GDPR direct link:


Office of the Data Protection Ombudsman

Address: P.O. Box 800, FIN-00521 Helsinki

Phone: +358 29 56 66700


GDPR direct link:


Norway’s Personal Data Act

Address: Tollbugata 3, 0152 Oslo

Phone: +47 22 39 69 00




Personal Data Protection Act

Address: 10 Pasir Panjang Road, #03-01 Mapletree Business City Singapore 117438

Phone: +65 6377 3131


Any changes we make to our Privacy Policy in the future will be posted on this page which is found at this link


We at LeoVegas Gaming Limited, holder of company registration number C 59314, having its registered address at Level 7, The Plaza Business Centre, Bisazza Street, Sliema, SLM 1640, Malta, take your privacy very seriously. Please take the time to read through the below before consenting.

Gaming Innovation Group was engaged to perform services in relation to referring customers to LeoVegas as part of LeoVegas’ affiliation program. Gaming Innovation Group would like to keep in touch with you to send you relevant LeoVegas updates, including news, relevant promotions.

In order for Gaming Innovation Group to provide its services and to fulfill its obligations in accordance with the agreement, a direct marketing communication via email and SMS will be sent to You and Your Personal Data may be shared by Gaming Innovation Group with LeoVegas, subject to below conditions:

What Personal Data is processed?

Email, first name, surname, DOB, address, mobile phone number, IP, Gender, user-agent, OS, Provider, timestamp of opt-in, ref URL, ref timestamp

Why is your Personal Data processed?

Referring customers to LeoVegas as part of LeoVegas’ affiliation program via direct marketing (email and SMS)

Legal basis for processing?


Who is your data shared with?

LeoVegas Gaming Ltd

Will the Personal Data be transferred outside of the EU?


The period for which the Personal Data will be stored?

2 years

Who should you contact?

LeoVegas shall be your main contact point and shall respond to all Data Subjects’ requests without undue delay.

General email address:

DPO email address:

Postal address: LeoVegas, Level 7, The Plaza Business Centre, Bisazza Street, Sliema SLM 1640, Malta

What do Data Subjects have the right to request from LeoVegas?

You, as a ‘data subject’ as understood under applicable data protection laws, have a number of rights that are applicable under certain conditions and in certain circumstances, including Your:

Please note:

YOU HAVE THE RIGHT TO WITHDRAW YOUR CONSENT AT ANY TIME and this, in the same manner as You shall have provided it to Us.

Should You exercise Your right to withdraw Your consent at any time (by writing to Us at the physical or email address stated above or by activating unsubscribe link at the end of every message).

As a result we will cease to process your personal data for the purpose of direct marketing on the basis of the consent granted. This said, we will not delete all of your Personal Data as We have alternative legal basis exists for processing Your Personal Data as stipulated above.

Just to clarify, consent is not the only ground that permits Us to process Your Personal Data. In the last preceding section above We pointed out the various grounds that We rely on when processing Your Personal Data for specific purposes.

If we process Your personal data on the basis of such legal ground, GiG will maintain Your Personal Data for such purposes.

When should Data Subjects expect to receive a reply from LeoVegas?

LeoVegas shall reply and facilitate you in relation to your request within one month of receipt of the request, which period may be extended by two months where necessary, taking into account the complexity and number of the requests. We shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

GiG shall ensure to assist LeoVegas in all requests by providing all appropriate and necessary information in order to allow LeoVegas to reply to all requests thoroughly.

GiG shall ensure that this policy is made available to Data Subjects at the first communication when consent is obtained as per Article 14 of GDPR.

Where Can You Read The LeoVegas Full Privacy Policy?

This notice represents a condensed explanation of how we use your personal information regarding direct marketing to prospects. For more information on how LeoVegas process personal data of its customers, including more detail on your rights, we strongly recommend you read our user-friendly and layered LeoVegas Privacy Policy.