go88.news Go88 – Official Online Platform | Operated by Green Stream Technology B.V.

Privacy Policy

1. Scope and Regulatory Framework

This Privacy and Data Protection Policy (“Policy”) sets out how Venture Lab Malta Limited (the “Company”, “we”, “our”, or “us”) processes Personal Data in accordance with applicable laws and regulatory requirements, including:

  • The General Data Protection Regulation (GDPR, EU 2016/679)
  • The Malta Data Protection Act (Chapter 586 of the Laws of Malta)
  • Malta Gaming Authority (MGA) regulatory obligations regarding player protection, anti-money laundering (AML), responsible gaming, and reporting

This Policy applies to all users of the Company’s online platforms, websites, mobile applications, and related services (the “Services”). Compliance with this Policy is mandatory and forms part of the Company’s regulatory governance framework.

2. Data Controller and Governance Oversight

The Company is the Data Controller responsible for the lawful processing of Personal Data.

Registered Office: Quad Central, Q3, Level 1, Office 5, Triq l-Esportaturi, Birkirkara, Birkirkara, Malta

Company Registration Number: C 89206

Data Protection Officer (DPO): dpo@go88.news

The Company maintains an internal governance framework to ensure regulatory compliance, data integrity, and security. The DPO oversees Personal Data processing, audits, and training of staff in line with GDPR and MGA requirements.

3. Principles of Processing

Personal Data is processed under the following principles:

  • Lawfulness, Fairness, and Transparency: All data processing is lawful, transparent, and justified.
  • Purpose Limitation: Data is collected solely for defined operational, legal, and regulatory purposes.
  • Data Minimization: Only data necessary for service provision and compliance is collected.
  • Accuracy: Personal Data is regularly reviewed and updated.
  • Storage Limitation: Data retention aligns with regulatory obligations and operational needs.
  • Integrity and Confidentiality: Security measures protect data from unauthorized access or alteration.
  • Accountability: The Company can demonstrate adherence to GDPR and MGA directives.

4. Categories of Personal Data Collected

The Company may collect and process the following categories of Personal Data:

  • Identity Data: Full name, date of birth, nationality, gender
  • Verification (KYC) Data: Government-issued ID, proof of address, source of funds documentation
  • Contact Data: Email, telephone, residential address
  • Account and Gaming Data: Account credentials, gaming and betting activity, account balances, and limits
  • Financial Data: Payment methods, transaction history
  • Technical Data: IP address, device identifiers, location, usage logs
  • Communication Data: Customer support interactions, responsible gaming communications

Sensitive data is subject to enhanced security measures and oversight.

5. Lawful Basis for Processing

Processing is based on one or more of the following lawful bases:

  • Contractual Necessity: To provide gaming services and manage accounts
  • Legal Obligation: Compliance with MGA, AML/KYC, and responsible gaming obligations
  • Legitimate Interests: Fraud detection, security monitoring, and operational improvement
  • Consent: Where explicitly required, such as for marketing communications

6. Purpose of Processing

Personal Data is collected and used for:

  • Verifying identity, age, and eligibility to participate in gaming activities
  • Facilitating deposits, withdrawals, and account management
  • Conducting AML/KYC and regulatory reporting to competent authorities
  • Detecting and preventing fraudulent or suspicious activity
  • Delivering responsible gaming tools and player protection measures
  • Communicating regulatory and operational updates
  • Maintaining operational and platform security

7. Data Sharing and Disclosure

Personal Data may be shared with:

  • Payment service providers and financial institutions
  • KYC/AML verification service providers
  • IT infrastructure, hosting, and security providers
  • Professional advisers including legal, audit, and compliance consultants
  • Competent authorities including the MGA and FIAU, when legally required

The Company does not sell Personal Data.

8. International Transfers

Transfers outside the European Economic Area (EEA) are permitted only when appropriate safeguards are in place:

  • Transfers to jurisdictions with EU adequacy decisions
  • Standard Contractual Clauses (SCCs) or equivalent regulatory safeguards

9. Retention of Personal Data

Personal Data is retained for no longer than necessary to meet operational and regulatory purposes:

  • KYC, AML, and regulatory reporting records are retained for a minimum of five (5) years as required by MGA directives.
  • Other data is retained only as long as required for service provision or legal compliance.
  • Data that is no longer required is securely deleted or anonymized.

10. Data Security and Oversight

The Company applies robust technical and organisational measures to secure Personal Data:

  • Encryption of sensitive information
  • Access controls with defined authorizations
  • Monitoring of IT systems and networks
  • Staff training and internal procedures to ensure compliance

11. Data Subject Rights

Users have the following rights under GDPR:

  • Access and obtain a copy of Personal Data
  • Rectify inaccuracies in Personal Data
  • Request erasure where legally permitted
  • Restrict or object to processing
  • Data portability
  • Withdraw consent for marketing communications

Requests should be submitted to the DPO. Users may also lodge complaints with the Office of the Information and Data Protection Commissioner, Malta.

12. Data Breach Management

In the event of a Personal Data breach:

  • Containment and remediation actions are immediately initiated
  • MGA and other supervisory authorities are notified within 72 hours, where required
  • Affected individuals are notified if there is a high risk to their rights or freedoms
  • Breach records are maintained for regulatory audit purposes

13. Minors and Age Verification

The Services are strictly for persons aged 18 or over. Accounts or data of minors are immediately deleted, and access is blocked.

14. Cookies and Tracking

Cookies and similar technologies are used to enable core functionality, analyze usage patterns, and enhance performance. Consent is obtained and recorded where required.

15. Policy Review, Governance and Governing Law

This Policy is reviewed periodically to ensure alignment with regulatory changes, MGA directives, and internal operational requirements. The latest version is published on the website.

This Policy is governed by the laws of Malta and interpreted in accordance with GDPR and Maltese data protection legislation.

Đang tải