Privacy Notice

Version: 2.0
Last modified: May 10, 2024

Introduction

We respect your privacy and are committed to protecting your personal data when you use our website (https://gr8.tech/) including any mobile or a device-specific version of the website, and our official representations on social media (together the “Website”). Personal data refers to any information from which an individual can be identified.

This Privacy Notice does not cover our data practices related to our processing of your personal data as:

  • A candidate whose personal data is used during the recruitment process;
  • An employee or contractor of GR8 Tech.

These processing activities are governed by other privacy notices, which will be provided to you in a timely manner.

Table of contents:

  1. Who we are
  2. Our data protection officer
  3. How is your personal data processed?
  4. What personal data we process
  5. How we use your personal data
  6. How we share your personal data
  7. International data transfers
  8. Data security
  9. Data retention
  10. Your data protection rights
  11. Automated decision-making
  12. Changes to this Privacy Notice
  13. Contacting us

Who we are

There are a number of companies within GR8 Tech group, including parent and ultimate holding companies, affiliates, subsidiaries, and business units (“we”, “us”, “our”). Any of these companies within GR8 Tech group may access your personal data.

The data controller, responsible for determining how your personal data is processed, is Ater-Tech Limited (reg. no. ΗΕ 445116).

You can contact us:

  • By mail to: Iakovou Tompazi 1, office 101, Limassol, 3107, Cyprus;
  • By email to: [email protected].

Our data protection officer

If you have any questions about this Privacy Notice or want to know more about how we handle your personal data, please contact our data protection officer (DPO):

  • By mail to: Iakovou Tompazi 1, office 101, Limassol, 3107, Cyprus;
  • By email to: [email protected].

How is your personal data collected?

In most cases, we collect personal data directly from you. For example, when you fill out forms or communicate with us via mail, phone, email, chat, or other channels. This includes the personal data you provide when you subscribe to our newsletter or inquire about our solutions and services, or during attendance at offline events.

When you interact with our Website, we may collect information from your device, including details about the device’s hardware and software, usage of the Website, traffic data, IP address, etc.

In certain cases, we may collect information about you from third parties or publicly available sources such as analytics providers, public media, social media platforms, advertising service providers, providers of data feeds, etc.

You are not legally required to provide us with your personal data. However, if you do not provide certain information when requested, we may be unable to proceed with your inquiry (for example, we may not be able to enter into a contract with you if you do not provide us with the company name). Providing us with complete and accurate information is crucial.

What personal data we process

We may process the following categories of personal data about you.

Categories of personal dataTypes of data
Identity and Contact DataName, position, contact details such as your phone number, email address, messenger, etc.
Communication DataCommunications via our Website, including our chat, email, phone,  messengers, and our official representations on social media platforms.
Business DataCompany name, business industry, solutions and services you are interested in, records of registration, legal status, and any regulatory references.
Device DataWhen you access our Website, we collect information from your device, which includes details about the device's hardware and software, how you use the Website, traffic data, IP address, etc.
Usage DataThis information may pertain to you, your preferences, or your device, and is collected during your interactions with our website. While it typically does not directly identify you, it can improve and personalize your browsing experience. Details about the use of cookies and other tracking technologies are provided in the cookie notice on our Website.

How we use your personal data

We will use your personal data for the following purposes and related lawful bases:

Purpose of processingCategories of personal dataLawful basis
To provide you with the information, solutions and services that you request from usIdentity and Contact Data

Communication Data

Business Data

Legitimate interests (e.g., to respond to your inquiries)

Contract

To manage our relationships with you and carry out our obligations arising from any contracts we enter into with youIdentity and Contact Data

Communication Data

Business Data

Contract

Legitimate interests (e.g., to provide customer support)

To make suggestions and recommendations about solutions or services that may be of interest to youIdentity and Contact Data

Communication Data

Business Data

Usage Data

Legitimate interests (e.g., to run our business more effectively)
To detect and prevent fraud and other illegal activities, including undertaking necessary security checks.Identity and Contact Data

Business Data

Legal obligations

Legitimate interests (e.g., to protect our business and manage risks)

To administer and protect our business and the WebsiteIdentity and Contact Data

Business Data

Device Data

Legitimate interests (e.g., for provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring)
To develop and improve our Website, solutions and services, to enhance marketing, customer relationships and experiencesCommunication Data

Device Data

Usage Data

Legitimate interests (e.g., to define types of partners and clients for our solutions and services, to keep our Website updated and relevant)
For intra group data sharing such as sharing personal data with other entities within GR8 Tech groupIdentity and Contact Data

Communication Data

Business Data

Device Data

Usage Data

Legitimate interest (e.g. for business operations purposes)
To contact you and provide you with direct marketing communications. We will only do this in line with your preferences and you can opt-out of receiving such communications at any time.Identity and Contact Data

Communication Data

Legitimate interests (e.g., to notify you of solutions or services that are similar to those which were the subject of a previous sale or negotiations of a sale with you)

How we share your personal data

6.1. Sharing your personal data within GR8 Tech group

Your personal data will be shared with companies within the GR8 Tech group, in compliance with applicable data protection laws and the provisions of this Privacy Notice, for the following purposes:

  • Ensuring uninterrupted business processes;
  • Effectively managing human resources;
  • Obtaining legal, compliance, or financial assistance;
  • Fulfilling our regulatory obligations;
  • Conducting reporting and overseeing group activities;
  • System maintenance support and hosting of data;
  • For the continuity of business in the event of a merger or takeover.

Entities within the GR8 Tech group are required to implement appropriate technical and organizational measures, including security measures, to safeguard your personal data.

6.2. Sharing your personal data with our service providers

We may share your personal data with our service providers. We enter into contracts with our service providers and ensure they take good care of your personal data. We engage service providers for the following services:

Categories of providersPurpose of sharing
IT and data storage servicesTo store data and documents and facilitate both internal and external communications
Marketing and sales services providersTo manage our partners and clients, communicate with you (for example, via chat), and send you marketing notifications and offers
Electronic signature servicesTo facilitate the electronic signing and sending of documents
Data analytics providersTo measure and understand our audience, tailor our marketing services, improve your website experience
Audit, legal, and compliance servicesTo obtain expert advice and services from consultants, lawyers, accountants, and other professional service providers

6.3. Sharing your personal data in other circumstances

We may share your personal data under the following circumstances:

  • When mandated by applicable law or regulation, such as disclosures to governmental, regulatory, or enforcement authorities;
  • To comply with a court order;
  • To protect ourselves and/or in connection with legal proceedings; and
  • During negotiations of a takeover, purchase, merger, or sale of assets, and in accordance with such transactions.

International data transfers

As a multinational business, we collaborate with service providers in various countries, including those outside the European Economic Area (EEA) and the United Kingdom (UK). To ensure an adequate level of data protection, we implement the following measures:

Transfer mechanismDescription
Adequacy decisionWe may transfer personal data to a third country that has received an official determination of “adequacy” from the relevant regulatory authorities. For more information about “adequacy decisions” for the EEA, click here. For more information about “adequacy regulations” for the UK, click here.
Appropriate safeguardsWe establish appropriate safeguards by using binding, standard data protection clauses adopted by the relevant regulatory authorities. These clauses are enforceable by data subjects within the United Kingdom and/or the European Economic Area. For more information about the Standard Contractual Clauses for the EEA and UK, click here. For more information about the international data transfer addendum and international data transfer agreement for the UK, click here.
DerogationsDepending on the circumstances, we may also collect and transfer personal data based on specific derogations, such as explicit consent from the data subject, the necessity of performance under a contract involving the data subject, important public interest reasons, or the establishment, exercise, or defense of legal claims.

If you want further information on the specific transfer mechanism used by us when transferring your personal data, please contact us at [email protected].

Data security

We implement appropriate security, technical, and organizational measures to protect your personal data against theft, loss, or unauthorized access. We limit access to your data on a genuine business need-to-know basis. If you suspect that your personal data has been compromised, please contact us immediately for investigation. We have established procedures to address potential data security breaches and will inform you and any relevant regulator of a suspected breach, as legally required.

Data retention

We do not retain your personal data longer than necessary. The duration for which we keep your personal data varies depending on many factors. To determine the appropriate retention period for personal data, we consider the volume, nature, and sensitivity of the personal data, the risk of harm from unauthorized use or disclosure, the processing purposes, and whether these purposes can be achieved by other means, along with legal requirements.

When determining the relevant retention periods for your personal data, we will take into account factors including:

  • Our contractual obligations and rights in relation to the information involved;
  • Legal obligations under applicable law;
  • Our legitimate interests (e.g., to protect our business against potential legal claims);
  • Guidelines issued by relevant data protection authorities.

For instance, the default data retention period for most processing activities is 3 years. If we enter into a contract with you, we may retain your information further for a period of time specifically required by applicable regulations or laws, such as retaining the information for tax and accounting record keeping obligations.

When we no longer need to keep your personal data, we delete or anonymise it in accordance with applicable security standards, so it can never be linked back to an individual. You can request information about the retention period applicable to you by contacting us at [email protected].

Your data protection rights

Under the applicable data protection laws, you have the following rights regarding your personal data:

Privacy rightDescription
Right to accessYou have the right to obtain confirmation that your personal data is processed and to obtain a copy of your personal data.
Right to rectificationYou have the right to ask us to rectify data you think is inaccurate. You also have the right to ask us to complete data you think is incomplete.
Right to erasureYou have the right to ask us to delete your personal data in certain circumstances.
Right to restriction of processingYou have the right to ask us to restrict the processing of your personal data in certain circumstances but we need to verify whether we have overriding legitimate grounds to use it.
Right to object to processingYou have the right to object to processing if we are able to process your data based on our legitimate interests. Please note that in some cases, we may demonstrate that we have legitimate grounds to process your data which override your rights and freedoms.
Right to data portabilityYou have the right to ask that we transfer the information you gave us from one organization to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
Right to withdraw consentWhen we rely on consent to process your personal data, you have the right to withdraw your consent at any time.
Right to complainYou can lodge a complaint about the way we process your personal data with the relevant data protection authority, particularly in the country where you habitually reside, work, or believe an infringement has occurred.

We ask that you contact us at [email protected] in the first instance to allow us the opportunity to address your concerns.

You are not required to pay any charge for exercising your data protection rights. We have one month to respond to you. Please contact us at [email protected] if you wish to exercise your data protection rights. We may need to request specific information from you to confirm your identity before complying with your request.

Automated decision-making

Automated decision-making takes place when an electronic system uses personal data to make a decision without human involvement. We do not use automated decision-making which produces legal effects concerning you or similarly significantly affects you.

Nevertheless, under the applicable data protection laws, you have the right to not be subject to a decision based solely on automated processing, without human involvement, that has a legal effect or significantly affects you. This right allows you to request the involvement of one of our employees or representatives in the decision-making process.

Changes to this Privacy Notice

We may, from time to time, change or update this Privacy Notice. All changes to this Privacy Notice will be published on this page. We recommend that you revisit and read this Privacy Notice regularly to ensure that you are up-to-date. In case of substantial changes to this Privacy Notice, we will take additional steps to ensure you are aware of them.

Contacting us

If you have any questions or comments about this Privacy Notice or want to know more about how we use your personal data, please contact our data protection officer (see section 2).

GR8 iGaming insights to your mail