Sekretess- och cookiepolicy

We only process a user’s personal data in compliance with the relevant and pertinent data protection regulations. This means that a user’s data shall only be processed if the user has given his or her legal permission for us to do so. In particular, we process:

- when data processing is required in order for us to be able to provide our contractual and online services (Article 6 para. 1 lit. b GDPR)

- when required by law (Article 6 para. 1 lit. c GDPR)

- when we are in possession of the consent of the user, and when it is collected for the sake of our legally legitimate interests (i.e. interest in the analysis, optimization, and economic operation and safety of our online product as per Article 6 para. 1 lit. f GDPR)

- with regard to range measurement, the creation of profiles for advertising and marketing purposes, as well as the collection of access data and the use of the services of third-party providers

- when we use personal data to send newsletters relating to the gaming platform and conduct promotional communication for Italiaonline services, if the user has given us his/her consent (Article 6 para. 1 lit. a GDPR).

Enabling gameplay (contractual fulfillment; Article 6 para. 1 lit. b GDPR)

Our game platform cannot function without certain data. In order for you to have any meaningful progress in your gameplay, we need to be able to reliably differentiate you from other users of our website, which is why we ask you to register an account. When you log in, we compare your login credentials against those we have on file and maintain your customization data and game progress. Your display name, avatar, and certain elements of your progress are made public within our game platform (e.g. for in-game leaderboards, or to broadcast certain wins). You can change your display name and avatar at any time. Additionally, your country and language are used to provide you with a localization of our website - we will try to serve you content in your language and our in-game shop in your local currency.

Payments and invoices

If you wish to buy in-game currency in our in-game shop, your transaction will usually be with third-party payment processors. In any case, once a payment is successful, we get this information in the form of a digital invoice, which we store to fulfil legal requirements (Article 6 para. 1 lit. c GDPR), to retain them in the case of legal dispute (legitimate interest, Article 6 para. 1 lit. f GDPR), and to optimize our web presence for you (legitimate interest, Article 6 para. 1 lit. f GDPR).

These invoices contain the following data: the product/service you purchased, how much you paid for the item and the payment method you used. We do not store any type of information that can be used to make a payment unless you yourself have activated the QuickPay service (contractual fulfillment; Article 6 para. 1 lit. b GDPR).

We do not have access to credit card numbers or card verification codes (CVC). As such, it is not possible for us to process such information or pass it along to a third party. At our website, we use the services of the it-security-provider Risk.Ident GmbH. Every form of communication between us and Risk.Ident only takes place for the sake of preventing cases of fraud whilst using our website.

Data storage

Risk.Ident collects and processes specific data from our users, via cookies and tracking technology, about the features of the device used by the customer (“device related data”), raw data out of the TCP/IP connection and data about the usage of our website. Thereby Risk.Ident also collects and processes the user's IP address. However, this is encrypted within a few seconds at Risk.Ident. The information will be saved in a database by Risk.Ident for risk prevention purposes.

Data retrieval

Once a user has signed a contract that entails risk-related terms at one of our websites e.g. by creating a user account for the purchase of certain items, we retrieve a risk score from the Risk.Ident database. The risk score has been deposited there for the device used by the customer. The risk score is inter alia based on information about

a) whether the user’s device has communicated or communicated, current or past, via a proxy connection.

b) whether the device recently has dialed in via various internet service providers.

c) whether the device has shown or showed a frequently changing geo reference.

d) how many internet transactions have been executed via the device in the recent past (we cannot detect which kind of transaction it was).

e) how probable it is that the device, deposited in the Risk.Ident database, actually belongs to the respective user.

The outcome of this risk score supports us in preventing fraud attempts.

Data transmission

In addition, we transmit data to Risk.Ident to the extent of our knowledge that a user may have committed or attempted to commit fraud. Risk.Ident is provided with information about such an attempt as well as the specific device-related data of the user. As part of our fraud protection measures (also known as anti-fraud measures), all person-related master data, communication information, contractual master data, customer histories, contract billing data, and payment information are provided to the Risk.Ident GmbH for processing.

Direct marketing, newsletter, newsletter tracking

We offer our players the ability to optionally subscribe to newsletters offered by WHOW. When you sign up for our newsletter, we use the required email address to send you our email newsletter in accordance with your given consent. We send newsletters in regular intervals to distribute news, offers, and events regarding ”misterjackpot“ and new slot games as well as features. If you have registered for the newsletter, WHOW collects, processes, and uses the data provided by you in order to send the newsletter. The technical implementation of the dispatch of the newsletter is carried out by WHOW.

When you register for an electronic newsletter and other electronic communications, we process the following data:

(1) Your profile name

(2) Your e-mail address

(3) Information on whether you have consented or objected to receiving such forms of communication, including the date and time.

Registration for the email newsletter takes place via a double-opt-in procedure set up by the system. This means that after entering your data, you will receive an email with a confirmation link. This confirmation email serves to authorize the receipt of the newsletter by the owner of the specified email address. The respective email address will only be included in the distribution list after confirmation.

As part of the evaluation of the success of our newsletter, on the legal basis of legitimate interest – Article 6 para. 1 lit. f GDPR – we make use of a tracking system from the provider Braze, Inc, 265 W. 37th Street, Suite 1212, New York, NY 10018, USA (hereinafter "Braze"). Braze places a "pixel" in the respective newsletter for the collection of the necessary data. With the help of the Braze pixel, the following data regarding the newsletter as well as our push messages is evaluated:
- The status of the receipt of the email or push message
- Evaluation of the clicking success for the links in the newsletter. Such evaluations are then made available to WHOW by Braze.

This information can be used by WHOW - if you so choose - to send targeted push notifications messages and newsletters about our website services or specific events.

Braze uses a pseudonymized User ID (ID) for this purpose, which enables an analysis of the user behavior of our newsletter or our push notifications by them. At no time will the information collected by Braze be merged with your data. For more information on Braze and on data processing by Braze, please visit Braze's website at https://www.braze.com/ and Braze's privacy policy at https://www.braze.com/privacy/

The legal basis for the processing of the data transmitted in the course of consenting to receive the newsletter, as well as for the temporary anonymization and storage of the anonymized data for the evaluation of success, is based on your given consent Article 6 para. 1 lit. a GDPR. We also have a legitimate interest in direct advertising and evaluating the success of your response to the contents of the newsletter in order to successfully assert ourselves in the market.

The processing of personal data by us as well as our tracking service provider Braze serves us solely with respect to processing and sending a newsletter as well as to evaluating the success of a respective newsletter. Anonymized statistics about your use of and reaction to our newsletter help us to better align our offers with the interests of our subscribers. This is also the necessary legitimate interest in processing the data.

Your data is stored on WHOW servers , which are located in the European Union (Frankfurt a.M., Germany). WHOW uses this information to send and evaluate the newsletter usage as well as for its own service optimization. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which they were collected. For personal data, this is the case should consent for processing be revoked.

You have the option to revoke your consent to the processing of personal data for the receipt of the newsletter at any time. Unsubscribing is possible at any time. It can be done by email (mrjackpot@whow.net), right in the account settings, or via a designated link for unsubscribing in the newsletter.

Furthermore, with your consent, some personal data referring to you (first and last name, email address, and telephone number) may also be used by our partner Italiaonline for marketing purposes (e.g. sending advertising material and proposing offers and promotions) or for market research (e.g. statistical analysis and customer satisfaction). The consent you give for these purposes is free and optional, so the possibility of registering for the online game service will not be affected in any way.

You can easily unsubscribe at any time, either through the unsubscribe link in the emails from Italiaonline or by making a request to Italiaonline, through the channels indicated in the remainder of this data privacy. For emails generated by WHOW, you can change your email preferences in your account or by making a request to WHOW through the channels indicated in the remainder of this data privacy.

Unsubscribing from the newsletter also results in the removal of your email address from the list of recipients for promotional communications that Italiaonline makes use of. In the same manner, a request for cancellation sent to Italiaonline will lead to you being unsubscribed from the newsletter sent by WHOW.

Security and fraud prevention (legitimate interest; Article 6 para. 1 lit. f GDPR)

To help secure our website and to prevent fraud, we store data such as your IP address and certain device information when you access our website and interact with it.

Your device data and IP address information is stored and logged to allow fraud and data security forensic investigation. Your IP address information is also processed automatically by our network devices - this infrastructure is needed to serve our website, but also to deny access to IP addresses known to be in use by malicious actors.

Due to the nature of this interest, we cannot offer you a means to opt-out of this processing, as this would undermine its purpose (and in some cases, an opt-out is technically impossible - e.g. we cannot exempt your IP address from processing by our network devices).

If you object to this processing, we ask that you please do not use our website.

Optimization of website and campaigns (legitimate interest; Article 6 para. 1 lit. f GDPR)

To optimize our marketing campaigns and our website, we track information about your behavior and preferences. This data is pseudonymized and stored separately from your account data. While they are stored on an individual basis, this data is only available to the employees that must work with this data, and they are reported on only in aggregate.

Over the course of campaign optimization, we share some of this data with third-party trackers by embedding a tracking pixel on our website.

Please refer to the section “Web Analytics” for further information about these trackers and how you can opt out of them.

Data needed to fulfill our contractual obligations and the associated services

Data you explicitly make available, namely data for access management, personally identifiable data (where applicable), data about your preferences (opt-in/opt-out).

Data you supply by browsing our website, namely network data, data about your game progress.

Data that we are legally required to store

Data you supply by making a purchase, namely data about individual payments in our games.

Data required for security

Data you supply by browsing our website: device data, network data. Without this personal data, we cannot provide you with our services.

Automated decisions

We do not use your personal data for any automated individual decision-making that would have legal or otherwise similarly significant effects on you.

Any effects of automated decisions based on your personal data are confined to our game platform. For example, we may use your purchase information (frequency and amount) to give you automated, and customized discounts in-game.

Your personal data within WHOW

Your personal data is only processed for the sake of pursuing our legitimate interests or in fulfilling our contractual and legal obligations.

Your personal data outside of WHOW

We and Italiaonline share your data only where it is legally permissible to do so, when it's required to fulfil contracts you may have with us (Article 6 para. 1 lit. b GDPR) or on basis of legitimate interest (Article 6 para. 1 lit. f GDPR). We share your personal data only if you have given us permission to do so, in aggregate or anonymized form (preventing the data from being linked to other data you may have supplied elsewhere), or with providers that are contractually obliged to treat your data with care.

We exchange data with providers in the following categories:

Hosting and content distribution providers

These typically have no direct access to our systems but provide network infrastructure that will necessarily process your IP address to deliver our assets.

Payment providers

When you make a payment through a payment provider, we will get invoice information from these providers. Any payment details needed to actually make a payment on your behalf is handled only by the payment providers, not by us.

Debt collection

When you revoke a payment you’ve already made, we may share the information available to us with debt collectors, so that they can get in touch with you on our behalf.

Email marketing service providers

We and Italiaonline share your email address, display name, and localization information, and whether or not you are currently subscribed to our newsletter with our email marketing service providers, so that they can send you relevant emails. For further information please also refer to above section ”Direct marketing, Newsletter, Newsletter Tracking“.

Single sign-on providers

These are only relevant if you explicitly choose single-sign on options, in which case our interaction with them enables you to sign into our game platform. Should you change your mind about using these, the providers usually offer a way to decouple your single-sign on account from our website (revoking our access to your metadata). For more information, please refer to the providers' documentation.

Business intelligence

We use providers to help us sift through our own tracking data.

Game developers

These create and maintain our (casino) games for us. As these applications are typically standalone and can simply be embedded in our website "plug-and-play" style, we share only very little information about you with these providers - your IP address, device information, display name, and the amount of in-game currency you own.

Crash reporting

Our mobile games platform embed crash reporting functionality. The crash reports contain only anonymous information. Nonetheless, you can opt out of this in the settings of the application.

Affiliates, cobrands and performance marketing

To allow brands, partners and campaigns to measure their own effectiveness, we embed various trackers on our website. For details, please refer to the „Web and App Analytics“ section of this privacy policy.

Geolocation

We receive data about the approximate geographical location of IP addresses from geolocation services. We do not share any information with these services, we are only consumers of this data.

Support ticket system, email contact, feedback

You can contact WHOW or Italiaonline by email. Contact, support, and feedback requests via the website are processed by WHOW. In this case, the transmitted personal data of the user will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

The processing of your personal data is voluntarily provided to WHOW or Italiaonline per email and solely serves to process the contact. This is also the required legitimate interest in processing the data. This data will be deleted immediately as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent per email , this is the case when the respective conversation with the user has come to an end. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

You have the option to revoke your consent and the processing of personal data at any time. If you contact WHOW and/or Italiaonline per email, you can object to the storage of your personal data at any time. In such a case, our conversation cannot be continued. The revocation can be made at any time via the contact details of the parties above. All personal data stored in the course of contacting us will, in this case, be deleted.

Please note that when communicating per email, data security on the Internet cannot be guaranteed on behalf of WHOW and Italiaonline. We strongly recommend sending confidential information via postal mail in order to prevent the loss of such confidential information.

The legal basis for the processing of data transmitted in the course of sending an email is Article 6 para. 1 lit. a and f GDPR. If the contact targets the conclusion of a contract, an additional legal basis for the processing is Article 6 para. 1 lit. b GDPR.

Video streaming

In some cases, we use video streaming services to show you advertisements. Your impression of these videos is recorded by these services.

The providers we use are either in the European Union, in a country formally deemed safe by the data privacy standards of the European Union, or contractually bound to treat your data with the utmost care. Whenever the process allows, we anonymize or pseudonymize your data.

Under no circumstances do we sell your data to third parties.

More specifically, you can request information about:

- the purposes of the processing

- the categories of personal data that is processed.

- the categories of recipients with whom we have shared the data.

- the intended duration of storage.

- your rights in regard to this data (correction, erasure, restriction, withdrawal of consent, and lodging a complaint with the supervisory authority).

- the source of the data in cases where we did not obtain it from your direct interactions with us.

- the existence of any automated decision-making based on this data, including profiling.

- your right to request meaningful information about the algorithms involved.

Lastly, you have the right to ask us to erase your personal data, if there are no legal reasons for us to retain it (such as freedom of expression, legal requirements, public interest or if required as evidence in legal disputes) and one of the following reasons applies:

- Your personal data is no longer necessary considering the purposes for which it was collected or processed.

- You wish to revoke your consent having served as the basis for the processing and there is no other basis justifying such processing.

- Your personal data has been the subject of unlawful processing.

- Your personal data should be erased pursuant to a legal requirement.

You can assert your right to limit the processing of your personal data when:

- you contest the accuracy of your personal data, during the time necessary to verify the accuracy of such data.

- the processing of your personal data is unlawful, but you oppose the erasure thereof and instead demand the limitation of processing.

- when we no longer need your personal data, but you still need such personal data for the establishment, exercise, or defense of legal claims.

Right of objection

Should you object to the use of this pseudonymized processing of your data, your opt-out options are:

For web and our online tracking of and to the endpoints we manage, please refer to the cookie preference settings in the following by clicking the “Cookies” button.

Your browser will need to accept cookies for the opt-out process to work.

Since you may also interact with other trackers used on other websites, opting out of the trackers on a single website will probably not lead to the desired result. To better enable you to effectively opt out of tracking services, this section contains an overview of all of the trackers we use and where you can opt out of them.

The opt-out options for many tracking services can also be found at http://youronlinechoices.eu, which provides a unified and central opportunity for you to opt out of various tracking services. This site can also help if you want to review your online choices for other providers that we do not make use of.

Unless otherwise noted (be it here or on our tracking partners opt-out pages), your browser will need to accept cookies for the opt-out process to work.