This policy defines the procedure for collecting, processing, storing and protecting personal data of buddybet1.com platform users. The document has been developed in accordance with international legislation requirements in the field of personal information protection.
1. Basic Concepts
Personal data — any information relating to an identified or identifiable natural person. Personal data processing — any action with personal data, including collection, recording, systematization, storage, clarification, use, transfer and destruction.
Personal data operator — the company managing the platform and determining the purposes and means of information processing. Personal data subject — the user whose data is being processed.
2. Categories of Collected Data
The operator collects the following categories of information:
Identification data provided by the user:
- Full name
- Date and place of birth
- Citizenship
- Registration and actual residence address
- Contact phone number
- Email address
- Identity document details
Financial information:
- Payment card details
- Electronic wallet identifiers
- Cryptocurrency account addresses
- Transaction history
Technical data collected automatically:
- IP address and geolocation data
- Browser type and version
- Device operating system
- Session time and duration
- Platform actions and gaming activity history
3. Data Processing Purposes
Personal data is processed to achieve the following purposes:
- User identification and compliance with regulatory requirements
- Provision of services in accordance with the user agreement
- Financial transaction processing
- Account security and fraud prevention
- Compliance with anti-money laundering legislation requirements
- Service quality improvement and user experience personalization
- Sending service notifications and marketing messages with consent
- Dispute resolution and claims review
4. Legal Grounds for Processing
Personal data processing is carried out on the following legal grounds:
- Performance of a contract between the operator and user
- Compliance with legal requirements mandatory for the operator
- Legitimate interests of the operator while maintaining balance with data subject rights
- Explicit consent of the data subject for certain types of processing
5. Data Transfer to Third Parties
The operator may transfer personal data to the following categories of recipients:
- Payment providers — for financial transaction processing
- Verification services — for identity confirmation
- Gaming content providers — to ensure game functionality
- Infrastructure providers — for data storage and processing
- Government authorities — upon official requests in accordance with legislation
All contractors receiving access to personal data are bound by confidentiality agreements and process information exclusively within the operator's instructions.
6. Cross-Border Transfer
When transferring personal data to countries that do not provide an adequate level of protection, the operator applies additional safeguards: standard contractual clauses, binding corporate rules or other mechanisms recognized by supervisory authorities.
7. Cookies
The platform uses cookies to ensure service functionality. The following categories are applied:
- Strictly necessary — provide basic functions including authorization and security
- Functional — save user settings and preferences
- Analytical — collect aggregated platform usage statistics
- Marketing — used to display relevant advertising
Cookie management is performed through the consent interface on the first site visit, as well as through user browser settings.
8. Security Measures
The operator implements a set of organizational and technical personal data protection measures:
- Data encryption during transmission using TLS protocol
- Data encryption during storage
- Access control based on the principle of business necessity
- Regular security system audits
- Penetration testing
- Staff training on information security requirements
9. Retention Periods
Personal data is stored for the period necessary to achieve processing purposes. After account closure, data is retained in accordance with legal requirements:
- Identification documents — at least five years
- Financial transaction history — at least five years
- Support service correspondence — three years after the last inquiry
Upon expiration of established periods, data is subject to irreversible destruction.
10. Data Subject Rights
Users have the following rights regarding their personal data:
- Right of access — obtaining information about processed data and copies of such data
- Right to rectification — requesting correction of inaccurate or incomplete information
- Right to erasure — requesting data destruction when legal grounds exist
- Right to restriction of processing — suspension of data operations
- Right to data portability — obtaining data in a structured machine-readable format
- Right to object — refusal of processing for marketing purposes
To exercise rights, a request must be sent to the support service. The review period for inquiries is up to thirty days.
11. Processing of Minors' Data
The platform is not intended for use by persons who have not reached the age of majority. The operator does not knowingly collect personal data of minors. Upon detection of such data, it is subject to immediate deletion.
12. Policy Changes
The operator reserves the right to make changes to this policy. Notification of significant changes is published on the website and sent to users by email no less than fourteen days before coming into effect.
13. Contact Information
For questions related to personal data processing, users may contact the support service through available communication channels. Complaints about violations of data subject rights may also be directed to the authorized personal data protection supervisory authority.