Privacy Policy

Bwin Latam S.A.S.

I. INTRODUCTION

BWIN LATAM S.A.S. (hereinafter, “BWIN”), in order to strictly comply with the current regulations for the protection of Personal Data, in accordance with the provisions of Law 1581 of 2012, Decree 1074 of 2015, Title V of the Sole Circular of the SIC and other provisions that may amend, add or supplement them, presents the following PRIVACY POLICY (hereinafter, “Privacy Policy”) as Controller of the Personal Data and information provided by the Data Subjects who have a relationship with BWIN, as users, from which relationship BWIN obtains, collects, processes or treats Personal Data, whether such processing is performed by BWIN or by third parties who do so on behalf of it.

The main objective of this Privacy Policy is to protect the right of Habeas Data, and by virtue of the fulfillment of such right, the purposes, measures and procedures of BWIN’s Databases are established, as well as the mechanisms that the Data Subjects have available to know, update, rectify, or delete the data provided, or revoke the authorization granted with the acceptance of this Privacy Policy. It also details the general corporate guidelines that are taken into account in order to protect the Personal Data of Data Subjects, the area responsible for addressing their complaints and claims, and the procedures that must be followed by the Data Subjects to know, update, rectify and delete the information, as well as the respective channels to carry out the above.

II. DEFINITIONS

For the purposes of this Privacy Policy, the following terms are understood as follows:

Data Subject: Natural person whose data is the object of processing.

Personal Data: Any information linked or that can be associated to one or several determined or determinable natural persons.

Data Controller: It is the natural or legal person of public or private nature, who, acting by itself or with others, decides on the Database and/or the processing of data. For the purposes of this Privacy Policy, BWIN is understood as the Data Controller.

SIC: Means the Superintendence of Industry and Commerce, the national authority f or the protection of Personal Data.

Processing: Any operation or set of operations related to Personal Data, such as collection, storage, use, circulation or deletion.

Data Processor: Natural or legal person, public or private, who by itself or in association with others, performs the Processing of Personal Data on behalf of the Data Controller (BWIN).

Transmission: Processing of Personal Data that involves providing such data to a third party, within or outside the territory of the Republic of Colombia, when such provision is intended to be carried out by the Data Processor on behalf of and for the account of the Data Controller, in order to fulfill the purposes of the latter.

Transfer: The Transfer of Personal Data takes place when the Data Controller and/or the Data Processor send the information or Personal Data to a recipient, which in turn is Data Controller and is located within or outside the Colombian territory.

Applicable Law: Means the current regulations for the protection of Personal Data in Colombia, mainly Law 1581 of 2012, Decree 1074 of 2015, Title V of the Sole Circular of the SIC and other provisions that modify, add or complement them and the Guide for the Implementation of the Accountability Principle of the SIC.

III. DATA CONTROLLER

The Controller of Personal Data of the Data Subjects is BWIN LATAM S.A.S., NIT 901.369.205-6, address Cr 15 # 106 32 Of P H 3 and telephone 3584216.

IV. GUIDING PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

In accordance with the provisions of the applicable Law, the protection of Personal Data shall be governed by the harmonic and comprehensive application of the following principles:

Principle of legality in the Processing of Personal Data: The Processing of Personal Data referred to in the Statutory Law 1581 of 2012 is a regulated activity that must abide by the provisions set forth therein and in the other provisions that develop it.

Principle of Purpose: The Processing of Personal Data must pursue a legitimate purpose in accordance with the Constitution and the law, which must be informed to the Data Subject.

Principle of Freedom: The Processing of Personal Data may only be carried out with the prior, express and informed consent of the Data Subject. Personal Data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that relieves the consent.

Principle of Truthfulness or Quality: The information subject to processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.

Principle of Transparency: In the Processing of Personal Data, the right of the Data Subject to obtain from the Data Controller or Data Processor, at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed.

Security Principle: The information subject to Processing by the Data Controller or Data Processor referred to in the applicable Law, shall be handled with the technical, human and administrative measures that are necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.

Principle of Confidentiality: All persons involved in the Processing of Personal Data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in Data Processing and may only provide or communicate Personal Data when this corresponds to the development of the activities authorized in the applicable Law.

Principle of Restricted Access and Circulation: The Processing is subject to the limits derived from the nature of the Personal Data and from the provisions of the applicable Law. In this sense, the Processing may only be carried out by persons authorized by the Data Subject and/or by the persons provided for in the aforementioned law.

Principle of Accountability: When collecting and performing the Processing of Personal Data, BWIN will implement appropriate and effective measures to comply with the obligations established by the applicable Law.

V. RIGHTS OF THE DATA SUBJECTS

In compliance with the fundamental guarantees enshrined in the Constitution and the Personal Rights, Data Subjects may exercise the following rights free of charge and without limitation:

Right of access to your personal information subject to Processing.

Right to update the Personal Data subject to Processing.

Right to rectification of Personal Data subject to Processing.

Right to request the deletion of Personal Data when the Processing does not respect the constitutional and legal principles, rights and guarantees.

Right to request proof of the authorization granted for the Processing.

Right to revoke consent for the Processing of Personal Data.

Right to file complaints and claims before the Company for violations of the provisions of the applicable law.

Right to be informed by the Data Controller and/or Data Processor of the use and treatment that will be given to the Personal Data, as well as of the modifications and updates of the protection policies, security measures and purposes.

VI. COLLECTION OF PERSONAL DATA

The collection of Personal Data from potential users and active users/customers of BWIN, will be carried out in the following ways:

By storing the data of users accessing the BWIN platform through the use of cookies. By accepting BWIN’s cookie notice. Some of the data that can be stored are URLs, browser used, IP address, Clicks, Hyperlinks, Query, among others.

Through the exchange of e-mails.

Through access to the company’s Web pages.

Through the access to our web portal, creating the user and password. Through phone calls, chats, e-mails or other forms of communication. Through events held by BWIN.

Through the transmission or transfer by Strategic Allies, in which case, BWIN will make sure to obtain the necessary consents and/or execute the required agreements in accordance with the applicable regulations.

VII. PURPOSES OF THE PROCESSING OF PERSONAL DATA

The Personal Data collected by BWIN, are included in a database to which BWIN authorized personnel have access in the exercise of their functions. In no case the processing of information for purposes other than those described herein is authorized and said purposes should be notified to the Data Subject directly at the time of collection at the latest.

  • Collect Personal Data and incorporate and store it in our database.
  • Use the data provided in communication campaigns, disclosure and promotion or offer of products, marketing campaigns, activities and/or services developed as part of internal strategies of the company.
  • Retain company historical records and maintain contact with data subjects.
  • Study and analyze the information provided for the follow-up and improvement of products, service and customer support.
  • Deliver the information collected to third parties with whom the company contracts the storage and management of Personal Data for the purpose set forth in this policy, under the security and confidentiality standards to which BWIN is obliged according to the contents of the relevant laws.
  • Communicate and allow access to the Personal Data provided to third-party providers of general support services of BWIN, including companies of the BWIN group of companies or third-party providers.
  • For purposes mandated by law, in response to government or law enforcement requests during an
  • Collect, hold, manage and use information to perform control and prevention of fraud, control and prevention of money laundering and financing of terrorism, including but not limited to the consultation in restrictive lists, and all the necessary information required for SIPLAFT.
  • Conclusion, execution and management of business proposals and contracts for the provided services.
  • Sending communications through any channel including, but not limited to, social networks, text messages, push notices, email, phone, etc., related to BWIN’s corporate purpose such as marketing activities and/or any request made by the data subject to BWIN, among others.
  • Creation and administration of the user’s account.
  • To provide the maintenance, development and/or control of the commercial relationship between the user and BWIN.
  • Perform processes within the company, for operational development and/or systems administration
  • To provide the company’s services and follow-up according to the particular needs of the user, in order to provide the appropriate services and products to meet their specific needs.
  • To carry out market strategies by studying user behavior in relation to the offers and thus improve their content, personalizing presentation and service provision.
  • Development of commercial prospecting and market segmentation.
  • Conduct satisfaction surveys and offer or recognition of benefits of our loyalty program and after-sales service, to qualify the service and attention through the channels provided for this purpose.
  • Carry out the necessary activities to manage the requests, complaints and claims of the company’s users or third parties; and direct them to the areas responsible for issuing the corresponding responses.
  • Submit reports to the inspection, surveillance and control authorities, and process the requirements made by administrative or judicial entities.
  • Accounting, economic, fiscal and administrative management of users/customers.
  • To execute activities of user service, information security, payments, data analysis, marketing, advertising and promotions associated with the corporate purpose; all in accordance with the provisions of Colombian regulations.
  • Forward information to Data Processors to facilitate and improve the quality of BWIN’s service.
  • Request collection authorization from the entities defined and authorized to do so.
  • Conduct security reviews at any time to validate identity, age, user-provided registration information and to verify use of our services and financial transactions for possible non-compliance with our Terms and Conditions and applicable law. Security reviews may include, for example, ordering a credit report or otherwise verifying the information you provided against third party’s database.
  • Process any of your online transactions and payments (including disclosing your personal information to a third party payment processor, ESP and other financial institutions when necessary).
  • Publish game activity on the wall (newsfeed) and share content from other players, with the aim of earning loyalty points, points or rewards (the publication of game activity can be controlled from the privacy settings).
  • We use personal information to customize our website and services according to your preferences.
  • We monitor user accounts to prevent the use of unfair practices on our website.
  • We use personal information in order to generate a demographic profile, likely behaviors and preferences. This is used to shape the decisions we make regarding the services, content and promotions we We also report the different contribution to our business performance from different user profiles. We create profiles through automatic or manual processes, including third parties.
  • We have an obligation to identify those who are at risk from gambling as soon as we can, and to help our users to gamble safely and responsibly by utilizing mechanisms to assist players. These measures could include; deposit limitations, product limits, limiting the ability of an account to gamble. To meet these obligations, we analyze customer transactions and evaluate behavior or financial status across all of our products and brands, which may lead us to make decisions about your account(s). See our Responsible Gaming page on our website for more information.
  • Report material changes to our BWIN Policies and Terms and Conditions.
  • Respond to requests, queries, claims and/or complaints made by the Data Subjects through any of the channels enabled by BWIN for such purpose.
  • Any other purpose resulting from the relationship between the Data Subject and BWIN; or in accordance with the authorization given by the Data Subject.

VIII. DISCLOSURE OF YOUR PERSONAL INFORMATION

BWIN may disclose information to third parties, including:

  • Other companies in the corporate group for internal operational reasons and in line with this Policy.
  • Third-party providers of our services, whose processing they will perform on our behalf for the purposes stated above. Such third parties include providers of website hosting, maintenance, call center operation, identity verification, information verification services, marketing, data analysis, research and surveys, third-party electronic payment processors or financial institutions and other organizations that provide technical support, process your online transactions and maintain your account.
  • To our subsidiaries in the Entain Group and, where necessary, with other organizations to fulfil our Responsible Gaming responsabilities.
  • Competent public authorities to comply with any legal obligation or in those cases in which we consider that it is our duty to comply with an obligation;
  • Third parties, in order to enforce our terms of use and other agreements; or to protect the rights, property or safety of BWIN, third parties or the public interest.
  • Banks, credit card companies and relevant agencies, where it is understood that fraud has occurred or is being attempted against BWIN or any other user of our services, which may include, but is not limited to, game manipulation, payment fraud or conducting a prohibited transaction (including money laundering); and
  • Third parties, in the event of sale, purchase of assets, merger, bankruptcy or reorganization

IX. DATA SUBJECT CONSENT

The prior consent of the Data Subject is a constitutional and legal requirement to be complied with by the Data Controllers. The consent must meet the following assumptions:

Prior: The authorization must be given by the Data Subject prior to any type of Personal Data Processing.

Express: The authorization must be given in an unequivocal, clear and specific manner.

Informed: The Data Subject must clearly understand the purpose for which his or her Personal Data will be processed and the purposes that may derive from the Processing thereof.

All users, when entering the BWIN Platform, must register and authorize the processing of Personal Data in order to use the services offered. Therefore, in each of the systems there is a box that says “Privacy Policy” which must be read and accepted in order to continue with the use of BWIN services.

X. AREA IN CHARGE OF DEALING WITH REQUESTS, QUERIES AND CLAIMS OF

DATA SUBJECTS

The area in charge of dealing with requests, queries and claims from Data Subjects to exercise their rights to know, update, rectify and delete their data and revoke their authorization is BWIN’s Data Protection Department, which can be contacted through the following e-mail: privacy@bwin.co.

If you have any questions about this policy or would like more information about your rights, you may contact our Data Protection Officer by sending an email to: dataprotectionofficer@entaingroup.com .

*Please note that these channels are not monitored for any customer service related inquiries.

XI. PROCEDURE FOR DATA SUBJECTS TO EXERCISE THEIR RIGHTS

In the event that Data Subjects wish to exercise their rights, they should contact BWIN's area in charge and send an email to the contact address set out in this Privacy Policy. The procedure to be followed for such communications will be as indicated below:

  1. Procedure to answer queries about Personal Data. When Data Subjects or their assignees wish to consult the information contained in the Databases, BWIN will respond to the request within a maximum period of ten (10) business days.
  2. Procedure to address claims regarding Personal Data. When Data Subjects consider that the information contained in the database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the applicable law, they may file a complaint with BWIN, which will be processed under the following rules:
    • The claim will be submitted by means of a request addressed to BWIN, with the identification of the Data Subjects, the description of the facts that give rise to the claim, the address; the documents that are intended to be asserted should be attached. If the claim is incomplete, BWIN may require the interested party to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been abandoned. In the event that BWIN is not competent to resolve the claim, it will forward it to the appropriate person and inform the Data Subject of the situation, which will relieve BWIN of any claim or liability for the use, rectification or deletion of the
    • The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within such term, the interested party will be informed of the reasons for the delay and the date on which the claim will be
    • The withdrawal or deletion is not absolute, it will not proceed when there is a contractual or legal duty to remain in BWIN’s

XII. NATIONAL OR INTERNATIONAL TRANSMISSION AND/OR TRANSFER

BWIN may share the information in the Personal Data with those third parties that are necessary for the development of its activities and corporate purpose, always protecting the rights and information of the Data Subject. The Transmission or Transfer of Personal Data shall observe the rules provided for that purpose by the applicable law and the supervisory authority, especially the following:

  • In the case of domestic transmissions or transfers of Personal Data, BWIN shall ensure compliance with the requirements of applicable law, including obtaining the prior consent of the Data Subjects, the execution of agreements required by applicable law and the protection measures to be implemented by the Processor or new Controller, in accordance with each situation.
  • In the case of an international transfer, it must be ensured that the country receiving the Personal Data provides adequate levels of protection, in accordance with the list of countries established by the SIC. When the receiving country does not comply with the adequate standards of data protection, the transmission or transfer will be prohibited unless one of the following legal exceptions exists:
    • That the Data Subject has given express and unequivocal authorization for the transfer or transmission of their personal data.
    • Exchange of medical data when so required by the Data Controller’s processing f or reasons of public health and hygiene.
    • Bank or stock exchange transfers, in accordance with the applicable legislation.
    • Transfers agreed within the framework of international treaties to which Colombia is a party, based on the principle of reciprocity.
    • Transfers necessary for the execution of an agreement between the Data Subject and the Data Controller, or the execution of pre-contractual measures as long as the Data Subject’s authorization is obtained.

In accordance with the information provided, and section “disclosure of your personal information”, by subscribing to this Policy, the Data Subjects consent to the Transmission and/or Transfer of their Personal Data.

XIII. CHANGES IN PROCESSING POLICY

Any change or substantial modification of this Privacy Policy shall be notified in a timely manner to the Data Subjects by means of a notice on the Website or by e-mail. Please check this page periodically to see if there are any updates or changes to this Privacy Policy.

XIV. PERIOD OF VALIDITY OF THE DATABASE

The Personal Data to be processed shall remain in BWIN’s databases for as long as it is necessary to fulfill the purposes set forth herein. Once the Processing purposes are fulfilled, the Personal Data will be deleted, unless any legal or contractual duty remains for BWIN.

The information will be reviewed every year to verify the truthfulness of the data and the purpose of continuing with its treatment.

XV. EFFECTIVE DATE OF THE PRIVACY POLICY

This Policy is effective as of January, 2024.