Who We AreFreeSpinsCasino.com, a product owned and operated by L&L Europe Limited (‘we’ or ‘us’ or ‘our’), gather and process your personal information as data controller in accordance with this privacy notice and in compliance with the relevant General Data Protection Regulation and ancillary laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
L&L Europe Limited’s registered office is at Northfields App 7, Vjal Indipendenza, Mosta, MST9026, Malta and we are a company registered under the laws of Malta having company registration number C53706. We have a designated Data Protection Officer, Mr Michiel Paetzel, who can be contacted at: firstname.lastname@example.org.
Information That We CollectL&L Europe Limited processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our services. We do not collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
The Personal Data That We Collect from You Includes:
• Date of birth;
• Home address;
• Email address;
• Telephone number;
• Passport number, national identification number and/or driving license;
• Bank account details (bank, accountnumber, IBAN);
• Pseudonymised (encrypted) debit/ credit card numbers;
• e-wallet account identifiers;
• Transaction and experience information. When you deposit or withdraw funds to or from your account, we collect information about the transaction as well as other information associated with the transaction such as amount transferred, funding instrument device information and geolocation information.
We Collect Information in the Below WaysOnline form upon registration – provided by yourself;
Banks or Payment Service Providers – through API integrations;
Pre-populated fields provided by our payment service providers;
Web server logs;
Information provided by our processors and their sub-processors, if any.
The Purposes and Reasons for Processing Your Personal Details Are:
• Provision of our gaming services: We collect your personal data which is necessary to provide the gaming services which include logging into our platform;
• Financial: To confirm financial transactions;
• To manage our business needs: We carry out analysis to improve our service and the relative performance and functionality;
• We will occasionally send you marketing information where we have assessed that it is beneficial to you as a customer and in our interests. Such information will be non-intrusive and is processed on the grounds of consent;
• Compliance: To analyse credit and fraud risk, comply with our obligations and to enforce the terms of our websites and services;
• Regulatory Obligations: We collect and store your personal data as part of our legal obligation for business accounting, responsible gambling (including whether to confirm if you are self-excluded from our services) and for Anti-Money Laundering purposes;
• Transfer of Information: We transfer personal data to our processors for identification, verification and/or transaction information, when required, in order to provide our services.
• Statistical Analysis and Research: We process data for statistical analysis and for purposes of research and development.
Categories of Recipients of Your Personal Information
• Hosting and security partners. Our hosting and security partners have the ability to make the origin of our incoming traffic visible.
• Screening services. In line with our regulatory obligations we request screening services to confirm the identity of our customers, either upon the opening of an account or at any other time during the lifetime of the account, and to ascertain, amongst others, if our customers are a PEP, sanctioned or are participating in a national self-exclusion scheme.
• Game providers. Our game providers require some personal information to provide you with the games and keep detailed records of all game transactions.
• Payment providers. In order to process incoming and outgoing payments we send personal information to our payment providers as required for their services.
• Marketing services. If you have given consent for marketing communication via each available channel, we send occasional promotional material or we engage processors to provide marketing services.
We will process your personal information for a variety of reasons, each of which is prescribed by relevant data protection laws.
ConsentOur processing of your personal information will primarily be necessary for us to provide you with our services. On occasion we may ask for your consent to process personal information in a distinct manner, in this instance your personal information will be processed in accordance with such consent and you will be able to withdraw this consent in writing at any time. By way of example, your consent will be needed in order to send you promotional and marketing communications.
Fulfilment of a Contract, Compliance with a Legal ObligationIt may also be necessary for us to process your personal information where it is necessary for the performance of a contract (such as the Terms and Conditions when you open an account with our casino) or in order for us to comply with our various legal and regulatory responsibilities, including, but not limited to, complying with gambling licence conditions and complying with any anti-money laundering legislation.
Legitimate InterestsFinally, we may also process your personal information where we deem such processing to be in our (or a third party's) legitimate interests and provided always that such processing will not prejudice your interests, rights and freedoms. Examples of us processing in accordance with legitimate interests would include: (i) where we identify certain companies that can offer you additional benefits to our service or provide us with valuable information about your use of our service; (ii) identification and retention of information relating to those with responsible gambling issues (profiling); (iii) processing for the purposes of ensuring network and information security, including preventing unauthorised access to our electronic communications network; (iv) adhering to regulatory and statutory requirements; and (v) devising loyalty and promotional schemes for players.
Your RightsYou have the right to access any personal information that L&L Europe Limited processes about you and to request information about:
• What personal data we hold about you;
• The purposes of the processing;
• The categories of personal data concerned;
• The recipients to whom the personal data has/will be disclosed;
• How long we intend to store your personal data for;
• If we did not collect the data directly from you, information about the source;
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us; to exercise your data portability rights, and to be informed about any automated decision-making we shall use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
Safeguarding MeasuresL&L Europe Limited takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:
Industry standard firewall, valid SSL certificates, up-to-date TSL protocols, additional consent mechanisms for users, encrypted backups in a secure place, access rights limited to a need to know basis, confidentiality clauses in employee contracts, up-to-date virus and malware scanners, policies and procedures specifically for the protection of data, an appointed Data Protection Officer with all necessary support structures (such as the ability to obtain legal advice, resources, provision of training as required and correspondence with our supervisory authority (details found below)) as well as the performance of periodic GDPR compliance exercises by external and independent legal advisors.
Transfers Outside the EUL&L Europe Limited utilise some products or services (or parts of them) that are hosted/stored in non-EEA states, this means that we shall from time to time transfer personal information outside the European Economic Area in order to better perform our services. We will only transfer personal information to third countries whom the European Commission considers to offer adequate protection to personal data or where we obtain explicit consent from our Data Protection regulators.
Therefore, when you use our services, the personal information you submit may be stored on servers which are hosted in non-EEA countries (in the event that such third parties be used in the processing of your data). Where this is the case, we will take steps to ensure that those providers use the necessary level of protection for your information and abide by strict agreements and measures set out by us to protect your data and comply with the relevant data protection laws.
In line with Article 45 of the General Data Protection Regulation, the European Commission has recognized countries on whom the European Commission has taken an Adequacy Decision as providing adequate protection. In this respect, our USA processors are all deemed to be Privacy Shield certified and subject to binding agreements. Current information on which countries an adequacy decision by the European Commission has been taken can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en
Consequences of Not Providing Your DataYou are not obligated to provide your personal information to L&L Europe Limited, however, as this information is required for us to provide you with our services we will not be able to offer some/all our services without it and you will find your access to be severely limited.
How Long We Keep Your DataL&L Europe Limited only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. In particular, we are required under statutory law and applicable regulation to keep your personal data for a period of 5 years after the end of our business relationship, after which time it will be destroyed. Nonetheless, other shorter or longer period may apply, on the basis of documented policies and procedures drafted on the basis of legal and regulatory obligations and on the basis of retaining personal information strictly as long as is necessary.
Where you have consented to us using your details for direct marketing, we will keep the data ancillary to such marketing until you notify us otherwise and/or withdraw your consent. Kindly note that some data may need to be preserved in order to ensure that no marketing will be sent to such recipients.
MarketingOccasionally, L&L Europe Limited would like to contact you with regards to certain services or promotions that we provide. If you consent to us using your contact details for these purposes, you have the right to modify or withdraw your consent at any time by using the opt-out/unsubscribe options provided or by contacting L&L Europe Limited directly.
Lodging a ComplaintL&L Europe Limited only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with ourselves so that we will try to rectify any mishandling of your data or with the supervisory authority, should you require.
You may contact us as follows:
L&L Europe Limited
Attn: Data Protection Officer
Northfields App 7, Vjal Indipendenza, Mosta, MST9026, Malta
You may contact the supervisory authority as follows:
Office of the Information and Data Protection Commissioner
Level 2, Airways House, High Street, Sliema, SLM1549, Malta
T: +356 2328 7100