Privacy and Data Protection Policy
1. Introduction
Ventures Lab Malta Limited (the "Company", "we", "our", or "us") is committed to protecting the privacy of individuals who use our gaming platforms and ensuring that Personal Data is processed responsibly, securely, and in accordance with applicable legal and regulatory obligations.
This Privacy Policy explains how the Company collects, uses, stores, shares, and protects Personal Data when customers access our websites, mobile applications, or any other gaming services operated by the Company (collectively, the "Services").
The Policy forms part of the Company's corporate governance and compliance framework and applies to every individual whose Personal Data is processed in connection with our Services.
2. Applicable Legal Framework
The Company processes Personal Data in accordance with applicable European Union and Maltese legislation, including:
- Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR);
- the Malta Data Protection Act (Chapter 586 of the Laws of Malta);
- regulatory obligations imposed by the Malta Gaming Authority ("MGA"), including those relating to player protection, responsible gaming, anti-money laundering, and regulatory reporting; and
- any other legislation governing the lawful processing of Personal Data.
3. Data Controller
For the purposes of applicable data protection legislation, Ventures Lab Malta Limited acts as the Data Controller.
Registered Office
Quad Central, Q3, Level 1, Office 5
Triq l-Esportaturi
Birkirkara, Malta
Company Registration Number: C 89206
Data Protection Officer (DPO)
Email: dpo@go88.news
The Company has established internal governance procedures to oversee compliance with data protection obligations. The Data Protection Officer provides guidance on privacy matters, oversees compliance monitoring, supports internal training, and serves as the primary contact for data protection enquiries.
4. Data Protection Principles
The Company processes Personal Data in accordance with the following principles:
- processing is carried out lawfully, fairly, and transparently;
- Personal Data is collected only for specified and legitimate purposes;
- only information necessary for those purposes is collected;
- reasonable steps are taken to ensure information remains accurate and current;
- Personal Data is retained only for as long as required;
- appropriate technical and organisational safeguards protect Personal Data against loss, misuse, unauthorised access, or disclosure; and
- the Company maintains appropriate records demonstrating compliance with applicable data protection legislation.
5. Information We Collect
Depending on the nature of the Services provided, the Company may collect and process the following categories of information:
Personal Identification Information
- full name;
- date of birth;
- nationality;
- gender.
Identity Verification Information
- government-issued identity documents;
- proof of residential address;
- documentation relating to source of funds or source of wealth where required.
Contact Information
- residential address;
- email address;
- telephone number.
Customer Account Information
- account credentials;
- gaming activity;
- betting history;
- account balances;
- player limits and preferences.
Financial Information
- payment methods;
- deposit and withdrawal history;
- transaction records.
Technical Information
- IP addresses;
- browser information;
- device identifiers;
- operating system details;
- location data where permitted;
- website usage logs.
Customer Communications
- customer support correspondence;
- responsible gaming interactions;
- complaint records;
- communications relating to regulatory obligations.
Where special categories of Personal Data are processed, appropriate safeguards are applied in accordance with applicable legislation.
6. Why We Process Personal Data
Personal Data is processed for a variety of operational, contractual, and regulatory purposes, including:
- establishing and administering customer accounts;
- verifying customer identity and legal age;
- processing deposits, withdrawals, and payment transactions;
- complying with anti-money laundering and customer due diligence obligations;
- detecting, preventing, and investigating fraud or other unlawful activity;
- monitoring gaming activity for responsible gaming purposes;
- communicating service-related information and regulatory notices;
- improving the functionality, security, and performance of our Services; and
- complying with legal obligations imposed by competent authorities.
7. Legal Grounds for Processing
The Company processes Personal Data only where an appropriate legal basis exists under the GDPR.
Depending on the circumstances, processing may be necessary:
- to perform a contract with the customer;
- to comply with legal or regulatory obligations;
- for the Company's legitimate business interests, provided those interests do not override the individual's rights and freedoms; or
- on the basis of the customer's consent, where consent is required by law.
Where consent forms the legal basis for processing, it may be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.
8. Disclosure of Personal Data
The Company may disclose Personal Data where necessary for legitimate business operations or to comply with legal obligations.
Recipients may include:
- licensed payment service providers;
- banking institutions;
- customer verification and AML service providers;
- cloud hosting and information technology providers;
- cybersecurity service providers;
- external legal advisers, auditors, and compliance consultants;
- the Malta Gaming Authority;
- the Financial Intelligence Analysis Unit (FIAU);
- other competent governmental or regulatory authorities where disclosure is legally required.
The Company does not sell, rent, or commercially trade Personal Data.
9. International Data Transfers
Where Personal Data is transferred outside the European Economic Area ("EEA"), the Company ensures that appropriate safeguards are implemented.
Such safeguards may include:
- transfers to countries recognised by the European Commission as providing an adequate level of protection;
- the use of Standard Contractual Clauses approved by the European Commission; or
- any other transfer mechanism recognised under applicable data protection legislation.
10. Retention of Personal Data
The Company retains Personal Data only for as long as necessary to fulfil the purposes for which it was collected and to comply with applicable legal or regulatory obligations.
In particular:
- AML, KYC, and regulatory records are generally retained for a minimum period of five (5) years following the end of the business relationship, or for such longer period as may be required by law;
- contractual and operational records are retained in accordance with applicable legal requirements; and
- information that is no longer required is securely deleted, anonymised, or otherwise disposed of using appropriate methods.
11. Security Measures
The Company maintains technical and organisational safeguards designed to protect Personal Data from accidental or unlawful destruction, alteration, unauthorised disclosure, or access.
These safeguards include:
- encryption technologies;
- logical access controls;
- authentication mechanisms;
- continuous system monitoring;
- vulnerability management procedures;
- employee confidentiality obligations; and
- regular information security training.
Security measures are reviewed periodically to address evolving operational and technological risks.
12. Your Privacy Rights
Subject to applicable law, individuals may exercise the following rights:
- request access to their Personal Data;
- request correction of inaccurate or incomplete information;
- request deletion of Personal Data where legally permissible;
- request restriction of processing;
- object to certain forms of processing;
- request data portability where applicable; and
- withdraw consent for direct marketing communications at any time.
Requests relating to these rights should be submitted to the Company's Data Protection Officer.
Individuals who believe their data protection rights have been infringed may also submit a complaint to the Office of the Information and Data Protection Commissioner (IDPC) in Malta.
13. Personal Data Breaches
The Company maintains documented procedures for responding to Personal Data breaches.
Where a security incident occurs, the Company will:
- investigate and contain the incident without undue delay;
- assess the potential impact on affected individuals;
- notify the competent supervisory authority within applicable statutory timeframes where required;
- notify affected individuals where the breach is likely to result in a high risk to their rights and freedoms; and
- maintain appropriate records of all reportable security incidents.
14. Protection of Minors
The Company's Services are intended exclusively for individuals who are at least eighteen (18) years of age or the minimum legal age required within the applicable jurisdiction.
The Company performs age verification as part of its customer onboarding procedures. Where it becomes aware that Personal Data relating to a minor has been collected, reasonable steps will be taken to close the account and securely remove the data where legally permissible.
15. Cookies and Similar Technologies
The Company uses cookies and comparable technologies to:
- operate and secure the Services;
- remember user preferences;
- analyse website performance and usage;
- support fraud prevention measures; and
- improve the overall customer experience.
Where required by applicable legislation, users will be provided with appropriate choices regarding non-essential cookies through the Company's cookie management tools.
16. Policy Review
This Privacy Policy forms part of the Company's overall compliance framework and is reviewed periodically to reflect changes in legislation, regulatory guidance, operational practices, and technological developments.
The most recent version of the Policy will be published on the Company's website and will replace any previous version from the date of publication.
17. Governing Law
This Policy shall be governed by and interpreted in accordance with the laws of Malta, including the General Data Protection Regulation (EU) 2016/679 and the Malta Data Protection Act, together with any applicable regulatory requirements issued by the Malta Gaming Authority or other competent supervisory authorities.
