ONCE POKER
ONCE POKER Privacy Notice
Overview
Introduction
This Privacy Notice outlines how ONCE POKER processes your personal data in connection with our applications and services for ONCE POKER live events. We encourage you to review this notice regularly, as it may be updated. We will notify you of any material changes to ensure you stay informed.
Who is the Controller?
ONCE Gaming Limited ("ONCE Gaming," "we," "us," or "our") is the controller of your personal data for ONCE POKER events. Our events and tournaments are hosted in collaboration with third-party venues, which may act as independent controllers and request personal information to fulfill their legal obligations.
Data Protection Officer
We have appointed a Data Protection Officer (DPO), contactable at dataprotection@oncepoker.com. To exercise your data protection rights, please first contact our Customer Service team at support@oncepoker.com, as detailed in the 'Your Rights' section below.
What is the "Group"?
The "Group" refers to ONCE Gaming Limited and its subsidiaries, joint venture partners, and related companies worldwide, including any future affiliates.
How We Collect Your Personal Data
To participate in our services, you must create an ONCE POKER Account, which requires providing personal data such as your name, age, address, email, date of birth, and country. Certain services may also necessitate additional information, such as bank card details. We collect data through surveys conducted by us or our partners, your interactions with our websites, mobile apps, and services, and any communications you send us. Additionally, we may obtain data from third-party providers, such as credit reference or fraud prevention agencies. We also use cookies and similar technologies to collect information like IP addresses and online activity, as described in the 'Cookies' section below.
How We Use Your Personal Data
We process your personal data only when we have a lawful basis, including: (1) to perform our contract with you, (2) to comply with legal or regulatory obligations, (3) with your consent, or (4) for our legitimate interests, provided these do not override your rights. Generally, we do not process special categories of data (e.g., health, ethnicity, religion) or criminal data, except in limited cases where additional lawful bases apply, such as substantial public interest for preventing unlawful acts or fraud.
We use your personal data for various purposes. To register and administer your ONCE POKER Account, whether online or in-person at events, we process identification and verification data as necessary for our contract with you. We also use contact details, web/app activity, device and internet identifiers, financial and payment data, location data, and photographs to enable your participation in our events and provide our services, based on contractual necessity. When you communicate with us, we process contact details and messages either to fulfill our contract (for service-related inquiries) or for our legitimate interests in responding to you. We send notifications about updates to our websites, apps, or events using contact details and device identifiers, as required by our contract. To meet regulatory obligations, we verify your identity, age, and information accuracy, which may involve sharing identification, financial, exclusion, or location data with third parties like credit reference agencies. We also process such data to comply with gambling laws, licensing requirements, and to detect or disclose suspected unlawful or fraudulent activity, sometimes justified by substantial public interest to prevent fraud or money laundering. Additionally, we use financial, exclusion, location, and web/app activity data to identify breaches of our terms and prevent fraud in our services or tournaments, based on contractual or regulatory needs. We may send surveys to understand our products and services better, processing contact and web/app activity data for our legitimate interests, while survey responses require your consent. Internal reports and business modeling to improve events rely on contact and web/app data for legitimate interests. Customer service calls or chats may be recorded, processing contact and audio data to enhance service quality. With your consent, we may send promotional offers based on location and web/app activity or use your name, image, or location in publicity. We share data with Group members for service provision, responsible gambling measures, game integrity, and regulatory compliance, relying on legitimate interests or legal obligations. Data may also be shared with professional advisors for advice, third parties for identity verification or fraud detection, law enforcement for crime prevention, gambling regulators for investigations, or for prize payment processing, based on contractual, regulatory, or public interest grounds. Cookies are used to operate our websites and apps (legitimate interests) and to analyze usage or tailor content (with consent).
We may process data for other compatible purposes and will update this notice accordingly. The lawful basis may change, for example, after account closure, we may continue processing data to meet legal requirements.
Intra-Group Sharing
We may share your personal data within the Group to apply responsible gambling measures (e.g., self-exclusion), manage accounts, verify customers, ensure data accuracy, detect fraud or criminal activity, identify terms breaches, send consented cross-brand marketing, or analyze and improve our business. These actions are based on legal/regulatory obligations, legitimate interests, or your consent. Additional sharing may occur for compatible purposes or legal requirements, and we will update this notice to reflect such changes.
Disclosing Your Personal Data
We share data with processors under contracts ensuring security. We may disclose data when required by law or regulation (e.g., to authorities), to defend legal proceedings, or during business negotiations like mergers.
Transferring Your Personal Data Outside the EEA
Your data is stored in Ireland. Group members or third parties outside the EU may access it. We implement Standard Contractual Clauses (SCCs) in data-sharing agreements to ensure adequate protection.
Security
We use technical and organizational measures to secure your data and prevent theft, loss, or unauthorized access. However, absolute security cannot be guaranteed, and we are not liable for breaches unless caused by our negligence. You must keep your Login Credentials confidential and take steps to protect them.
Marketing
With your consent, we may send marketing about our or Group services. You can opt out during registration, via instructions in communications, or by emailing support@oncepoker.com. Unsubscribing may take up to five working days.
Social Media Marketing
We may use your data for personalized ads on social media platforms. You can adjust settings on those platforms or contact us to opt out.
Cookies
Cookies are text files stored on your device to improve website/app functionality. Session cookies support your current visit, while persistent cookies enable repeat visits. They enhance navigation, store preferences, and support targeted ads. Learn more about disabling cookies at www.allaboutcookies.org.
Retention of Your Personal Data
We retain data for two years from account closure or dormancy, except for self-exclusion data (retained indefinitely), data related to fraud or investigations (retained longer), or data for legal disputes (retained for the dispute duration plus six years).
Updating Your Personal Data
Update your data via your ONCE POKER Account or contact support@oncepoker.com. You must notify us of changes, and we are not liable for harm due to your failure to do so.
Your Rights
You have rights to: access your data (confirm processing and details), rectify inaccurate or incomplete data, request erasure in certain cases (e.g., unlawful processing), receive or transfer data processed by consent or contract, object to processing for marketing or legitimate interests, request restricted processing in specific cases, and avoid decisions based solely on automated processing with significant effects. Contact support@oncepoker.com to exercise these rights. We may require proof of identity and aim to respond within one month, though complex requests may take longer. Rights are not absolute, and we may refuse or partially comply with requests. Repeated or unreasonable requests may not be answered.
Supervisory Authorities
Please contact us first with concerns, but you may also reach your national data protection authority.
Contact Us
For questions or to exercise your rights, contact support@oncepoker.com or our DPO at dataprotection@oncepoker.com.