Privacy Policy 

 

N-Zone SA owns and operates the website challengo.game and the Challengo application. 

N-Zone SA is a company under Belgian law with its registered office at 28 square de la paix d’Angleur, 4031 Liège, Belgique, registered under number BE 0547 921 920 and referred to hereafter as “the Operator”. 

The Operator has also appointed a data protection officer within the meaning of Article 37 of Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data. The latter is responsible for monitoring and ensuring compliance with the Operator’s processing of Users’ personal data. 

The Operator is committed to protecting personal data. This is why we make every effort to protect the privacy of all users (hereafter the “Users”) of our online gaming site (hereafter the “Site”). 

Users will find below all the provisions relating to the processing of personal data applicable to all uses of the Site by Users (hereafter the “Privacy Policy”). 

If you have any questions, please contact the Operator at the following e-mail address: [email protected] 

 

1.General 

The Operator processes personal data of Users of the Site, for the purposes of and within the limits of the Privacy Policy, during any use thereof. 

The Operator shall ensure that, when processing such personal data, it complies with the laws and regulations in force and, in particular, with the Privacy Act of July 30, 2018 and Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data (hereafter “the Rules”). 

In this respect, and in accordance with the said Rules, the Operator: 

  • is legally bound to process Users’ personal data. This processing is described in article 2.1 of the Privacy Policy; 
  • further processes personal data for the purposes of enabling Users to use the Site and, in addition, for the necessary and legitimate purposes described in article 2.2 of the Privacy Policy; 
  • processes, with the prior, free and express consent of Users, the personal data described in − and according to the purposes set out in − article 3. 

By accessing the Site, Users are deemed to have read and accepted the Privacy Policy. They also guarantee that all data and information communicated to the Operator is accurate. 

  1. Processing of personal data that does not require Users’ consent

2.1. The Operator’s legal obligations and the processing required for use of the Site 

The Operator is required, by virtue of the legal and regulatory obligations to which all operators are subject, on the one hand, and for the purposes of authenticating and enabling Users to use the Site, on the other, to process the following personal data for the purposes described below. This processing of personal data by the Operator does not require the consent of Users pursuant to article 6.1.b) and c) of the Rules. 

The personal data communicated by the User is recorded in a register, as described in article 7.1, which is controlled and remains under the responsibility of the Operator at all times. 

Within the limits defined by the Rules, the User also benefits from (certain) rights defined in article 4, which may be exercised in accordance with the procedures defined in article 4.7. 

 a. What data is processed? 

The following personal data is processed: 

  • surname, first name(s), date of birth, language, gender, home/postal address, National Register (or ID card or passport) number, e-mail address, landline or mobile telephone number; 
  • biometric data; 
  • bank details used for Site deposits and winnings withdrawals; 
  • copies of personal documents enabling the User’s authentication, such as a photo of the User’s identity card, bank card, bank statement, proof of deposits or any other document proving the User’s domicile and/or residence; 
  • history of use, browsing and connection to the Site (including browser data, IP address), in particular by means of cookies; 
  • any other personal data that may be exchanged between the Operator and the User, in particular by e-mail or live chat, as part of the User’s registration or use of the online games offered on the Site. 
  1. How does the Operator process data?

Data processing by the Operator consists of the collection, recording, storage, consultation, organisation, use, reconciliation or any other operation made necessary or useful by virtue of the legal and regulatory provisions described in article 2.1.c). Processing may also involve the transfer of personal data: 

  • to judicial and administrative authorities, such as the Financial Intelligence Processing Unit (CTIF – CFI); 
  • to the Operator’s suppliers whose services are inseparable from use of the Site and a list of which is available on request from the Contact referred to in article 7.5. 
  1. What is the purpose of this data processing?

1) The Operator is required to process the personal data described in article 2.1.a) and b) in order to comply with the legal and regulatory obligations to which it is bound by virtue, in particular, of the following legal provisions: 

  • the Law of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash; 

2) The Operator also processes the personal data referred to in article 2.1.a) for the purposes of authenticating Users and enabling them to access and use the Site; this processing is thus carried out in order to ensure: 

  • User registration and account management; 
  • management of User deposits and winnings and, more generally, the online gaming offering; 
  • the User is informed about the services offered by the Operator; 
  • customer service management, including support and risk and fraud. 

2.2. Other processing operations not requiring Users’ consent 

The Operator also processes the following personal data for the legitimate purposes described below. This processing of personal data by the Operator does not require the consent of Users pursuant to article 6.1.f) and of the Rules. 

The personal data communicated by the User is recorded in a register, as described in article 7.1, which is controlled by and remains under the responsibility of the Operator at all times. 

 a. What data is processed? 

The following personal data is processed : 

  • surname, first name(s), date of birth, language, gender, home/postal address, language, e-mail address, telephone or mobile number; 
  • history of use, browsing and connection to the Site (including browser data, IP address), in particular by means of cookies; 
  • any other personal data that may be exchanged between the Operator and the User, in particular by e-mail or live chat, as part of the User’s registration or use of the online games and sporting wagers offered on the Site. 
  1. How does the Operator process data?

Data processing consists of the collection, recording, storage, consultation, organisation, use, reconciliation of data of a personal nature as described in article 2.2.a). It also involves the transfer of personal data to third parties, a list of which is available on request from the Contact referred to in article 7.5. 

  1. What are the legitimate purposes of this data processing?

The Operator processes the personal data referred to in article 2.2.a) for the following legitimate purposes: 

  • promotion, advertising and marketing, in particular by sending SMS messages, telephone calls, paper or electronic newsletters; 
  • satisfaction surveys, statistical studies, trend analyses and market research. 
  1. Processing of personal data that does not require Users’ consent

By using the Operator’s Site for any purpose whatsoever, the User expresses his/her free, specific, informed and unequivocal intention to expressly authorise the Operator to process personal data in accordance with the Rules, within the limits and for the purposes defined below and without prejudice to the processing referred to in Article 2. 

The personal data communicated by the User is recorded in a register, as described in article 7.1, which is controlled by and remains under the responsibility of the Operator at all times. 

The User also benefits from rights, including the right to withdraw consent at any time, in accordance with the terms and conditions set out in article 4.7. 

3.1. Nature of personal data processed 

The data processed by the Operator is as follows: 

  • surname, first name(s), date of birth, language, gender, home/postal address, National Register (or ID card or passport) number, e-mail address, landline or mobile telephone number; biometric data is processed with consent for legal purposes, as specified above (art. 2). 
  • bank details used for Site deposits and winnings withdrawals; 
  • copies of personal documents enabling the User’s authentication, such as a photo of the User’s identity card, bank card, bank statement, proof of deposits or any other document proving the User’s domicile and/or residence; 
  • history of use, browsing and connection to the Site (including browser data, IP address), in particular by means of cookies; 
  • any other personal data that may be exchanged between the Operator and the User, in particular by e-mail or live chat, as part of the User’s registration or use of the online games offered on the Site. 

The personal data communicated by the User is recorded in a register, as described in article 7.1, which is controlled by and remains under the responsibility of the Operator at all times. 

3.2. Data Processing 

Data processing consists of the collection, recording, storage, consultation, organisation, use and reconciliation of data of a personal nature as described in article 3.1. It also involves the transfer of personal data to entities in the Operator group. 

3.3. Purposes of processing personal data 

Personal data is collected and processed by the Operator for the following purposes: 

  • promotion, advertising and marketing, including affiliation and the management of loyalty programmes, including the sending of SMS, telephone calls, paper or electronic newsletters; 
  • participation in competitions and promotional offers, including communication relating to winners; 
  • expanding the range of games on offer; 
  • carrying out satisfaction surveys, statistical studies, trend analyses and market research, for management, marketing and reporting purposes, including profiling, not falling within the scope of the purpose described in article 2.2.c). 
  1. User rights

Without prejudice to articles 2 and 5, Users are entitled to exercise a right to rectification, a right to object and a right to restriction of processing, on the following terms and within the following limits. 

4.1. Right of access 

  1. The Operator provides Users with all the following information :
  • the identity and contact details of the Data Controller; 
  • the contact details of the Data Protection Officer; 
  • personal data processed; 
  • the purposes for which personal data is processed and the legal basis of processing; 
  • the recipients or categories of recipients of personal data, where applicable; 

And, where applicable, the fact that the Data Controller intends to transfer personal data to a country outside the European Union and: either the existence (or absence) of an adequacy decision issued by the European Commission, or, in the absence of such a decision, the guarantees offered by the third country and the means used to obtain a copy of the personal data. 

  • the possibility of objecting to automated processing of their data, such as profiling, unless there are valid grounds for the Operator to make such processing necessary, as well as the possibility of objecting to any processing of their personal data for direct marketing purposes. 
  1. Users have the right to request, at any time, access to all the information set out in this article and in article 3.1, by contacting the Contact referred to in article 7.5. The Operator will respond to these requests for information within one month.

 

  1. Users are entitled to obtain a copy of the personal data being processed. The Operator reserves the right to demand payment of any costs incurred by this request; these fees will be calculated based on the administrative costs incurred by the application; they will not exceed 20 euros.

 

  1. Users are entitled to obtain such access or copy in a structured format, in such a way that personal data is provided in a format that complies with the technical standards in force at the time of the request for access; this format will make it machine-readable.

4.2. Right of access 

The Operator guarantees and obliges Users to update and rectify their personal data, should such data be erroneous or incomplete. 

This right of rectification may be exercised on request to the Contact referred to in article 7.5. 

4.3. Right to object 

The Operator authorises Users to object to the processing of some or all of their personal data on the following grounds : 

  • Their data is inaccurate; 
  • The processing is no longer necessary for the purposes for which the data was collected; 
  • The User withdraws his/her consent; 
  • The data has been processed unlawfully. 

The Operator also authorises Users to object: 

  • to automated processing of their data, such as profiling, unless there are good reasons why such processing by the Operator is necessary; 
  • any processing of their personal data for direct marketing purposes, including profiling, if linked to such direct marketing. 

This right to object may be exercised on request to the Contact referred to in article 7.5. 

4.4. Right to erasure (‘right to be forgotten’) 

The Operator further undertakes to comply with any request for erasure of personal data as soon as possible (right to be forgotten), when: 

  • the processing is no longer necessary for the purposes for which the data was collected; 
  • the User withdraws his/her consent; 
  • the data has been processed unlawfully or must be erased to comply with a legal obligation; 
  • the User objects to the automated processing of his/her data, such as profiling, and there are no valid reasons for the Operator to process his/her data; 
  • the User objects to the processing of his/her personal data for direct marketing purposes, including profiling, if related to such direct marketing. 

4.5. Right to restriction of processing 

Users also have the right to obtain from the Operator restrictions on the processing of their personal data when: 

  • the User considers his/her personal data to be inaccurate during the time period required by the Operator to check its accuracy; 
  • the processing is unlawful, but the User does not wish the data to be erased, but requires the processing to be restricted; 
  • the User objects to automated processing, including profiling, or to the processing of his/her personal data for direct marketing purposes and it is necessary to check the legitimacy of the reasons for which the Operator intends to maintain such processing; 
  • the Operator no longer requires the personal data processed, but the data subject wishes it to be retained for the establishment, exercise or defence of legal claims. 

This right to restriction of processing may be exercised on request to the Contact referred to in article 7.5. 

4.6. Transfer of data to a data controller 

Users are authorised to transfer the personal data processed by automated means referred to in article 2.2 and 3 by the Operator to another data controller without the Operator being able to prevent it. 

Insofar as such a transfer is technically possible, Users are authorised to request the Operator to have this transfer carried out directly by its own data controller. 

4.7. Terms 

The rights granted by the Operator to the User must be exercised in accordance with the procedures defined in article 7.5. 

4.8. Notification 

The Operator shall provide the User with notification of any deletion or rectification of data carried out in accordance with articles 4.2 and 4.4, unless such notification proves impossible or requires disproportionate effort. 

This notification will be sent by e-mail or post, based on the contact details provided by the User. 

  1. Location, storage and retention period of personal data

5.1. The Operator stores Users’ personal data in a form that enables it to be identified and supplied if required, using appropriate, secure methods. 

The data is stored and hosted in Belgium at Data Centers; the latter offer all requisite, appropriate safety guarantees pursuant to current technical standards. 

5.2. Users’ personal data is stored by the Operator for the purposes defined in articles 2 and 3. It is kept for a period of 10 years for all the purposes governed by article 2.1.c). The Operator therefore reserves the right to retain Users’ personal data for any purpose required by law. Users declare that they are thus informed and agree that the Operator may keep the User’s personal data referred to in article 2.1.a) for at least ten years from the date of the player’s last activity on the Site in order to comply with its legal obligations. 

Personal data will be kept for no longer than necessary to achieve the purpose of processing for all the purposes governed by article 2.2 and 3. The data will then be deleted from the Operator’s files at the User’s request, as submitted to the Contact referred to in article 7.5. 

5.3. Users’ personal data may be transferred to service providers located outside the European Economic Area for which: 

  • the European Commission has issued an adequacy decision recognizing that these service providers offer an adequate level of protection for Data transferred to them by a European entity; 
  • the Operator has provided appropriate safeguards, in particular by using the standard contractual clauses drafted by the European Commission. 

Personal data is thus transferred on one or other of these foundations. 

  1. Responsibility of the Operator − Subcontractor

6.1. The Operator undertakes to ensure that the processing of Users’ personal data is carried out in a manner that is lawful, fair and transparent to the User concerned. Any processing by the Operator must comply with the requirements of the law of July 30, 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, as well as with this Privacy Policy. 

The Operator will use all reasonable, appropriate methods to ensure the confidentiality, integrity and availability of the personal data it processes. 

Technical measures include the anonymisation and encryption of personal data, depending on the required purpose. 

Organisational measures include internal audits. 

Where necessary, the Operator, with the help of the Data Protection Officer, will carry out an impact analysis if processing is likely to be of high risk to Users. 

6.2. Users’ personal data is never sent to third parties other than the Operator’s suppliers and partners, except for the purposes described in articles 2.1, 2.2 and 3 and, consequently, if: 

  • the transfer is made compulsory by law, regulation or an order by an administrative or judicial authority; 
  • the transfer is necessary for online gaming and maintenance services; 
  • the User has consented to the transfer. 

A partner will not be considered as a subcontractor, unless it processes Users’ personal data on behalf of the Operator. The Operator declines all responsibility for the processing of the User’s personal data by a partner, which supplies its own services in its own name and on its own behalf, or if it proves that it is in no way responsible for the event that caused the damage. 

In the event that the Operator acts as a subcontractor of a Partner, it is agreed that the Operator will only be held liable for damage caused by the processing of personal data contrary to the Rules or this Privacy Policy if it has failed to comply with the obligations set out in the Rules, which are specifically incumbent on subcontractors or has acted outside of or contrary to the lawful instructions of the Partner. Similarly, the Operator may not be held liable if it proves that it is in no way responsible for the event that caused the damage, and ii) remains subject to the liability limitation clauses set out in article 11 of the Site’s conditions of use. 

6.3. The Operator shall ensure that, where processing is carried out by a subcontractor on behalf of the Operator, the subcontractor presents sufficient guarantees as to the implementation of appropriate technical and organisational measures and, more generally, compliance with the requirements of the Rules. In particular, it obliges the subcontractor to comply with the Rules and, consequently, to keep a register. 

6.4. The Operator undertakes that in the event of a security problem relating to the data processed and likely to affect its confidentiality, the Operator will notify the data protection authority referred to in article 7.4 of the incident as soon as possible. 

The Operator will also inform the Users concerned, insofar as the violation of personal data presents a high level of risk to the User’s rights and freedoms. This notification will be sent by e-mail or post to the contact details provided by the User. 

  1. Miscellaneous

7.1. Register of personal data 

As a personal data controller, the Operator keeps a register of all its processing activities. This contains all the information relating to the type of data processed, the persons concerned by the data processing, any recipients to whom the data may be communicated, the purposes for which the data is processed, the data retention period and a general description of the technical and organisational security measures in place. 

The personal data communicated by the User is recorded in a register, together with the processes and their purposes, which is controlled by and remains under the responsibility of the Operator at all times. In addition to the above-mentioned information, this register includes: 

  • a description of the purposes of the processing; 
  • a description of the categories of data subjects and the categories of personal data; 
  • the categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries or international organisations; 
  • deletion deadlines for different categories of data; 
  • a general description of the organisational and technical measures relating to data confidentiality and security. 

7.2. Completeness − Amendments to the Privacy Policy 

The Privacy Policy contains all the contractual provisions applicable to Users, without prejudice to the general provisions contained in the Site’s Terms of Use, of which it forms an integral part. The Site’s Terms of Use therefore remain applicable to all matters that do not concern the protection of personal data. 

The Operator also reserves the right to amend the Privacy Policy. All updates are binding on Users as soon as they are published on the Site. The Operator shall state the date of publication of the current Privacy Policy on the Site. 

7.3. Evidentiary value 

The User acknowledges that electronic documents exchanged and electronic data collected in connection with registration or use of the Site have the same evidentiary value as if such documents and data had been communicated or collected on paper. He/she therefore undertakes not to dispute their force or probative value by virtue of their being on an electronic medium. 

7.4. Data Protection Authority 

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the Law of 30 July 2018, the User is entitled to request further information or to lodge a complaint with the Data Protection Authority. The supervisory authority is the Data Protection Authority. Its contact details are: 

Address: Rue de la Presse, 35, 1000 Brussels 

Telephone: +32 (0)2 274 48 00 

E-mail: [email protected]