Privacy Policy
Categories of personal data subject to processing
To allow correct and secure access to the services offered by the platform, it is necessary to collect and subsequently process different types of personal data, which are grouped into the following main categories:
Identification and contact data
This category includes all personal information voluntarily provided by the user during registration or when updating their profile. This includes, for example, name, surname, date of birth, gender, tax code, place of residence or domicile, phone number, and email address. The accuracy of such data is essential to verify the user's identity and ensure the legitimacy of access to the services.
Usage and navigation data
During normal navigation within the platform, computer systems automatically acquire certain data whose transmission is implicit in the use of Internet communication protocols. This category includes the IP addresses of the devices used, connection times, pages viewed within the site, time spent on each section, navigation flows, and clicked links, as well as other aggregated statistics related to interaction with the interface.
Device data
We collect specific information related to the hardware and software used to access the platform. This data includes the type of device (computer, smartphone, tablet), the installed operating system and its version, the type of browser, language settings, unique device identification codes, and information about the mobile network used. These parameters are essential to ensure the correct technical formatting of content and to detect potential system anomalies.
Transaction data
Should the user perform financial operations or use paid services within the platform, details concerning these transactions are collected and stored. This includes the history of deposits, withdrawals, transaction volumes, dates and times of execution, payment methods used (excluding direct storage of sensitive security credentials or complete access codes, protected by appropriate industry encryption standards), and any other related accounting information.
Communications with the support service
Whenever the user interacts with our customer support service via email, contact forms, or other integrated messaging systems, we collect the content of the correspondence, the clarification requests sent, technical reports, and any other information voluntarily transmitted to resolve a problem or receive dedicated assistance.
Legal bases for data processing
The processing of users' personal data is carried out exclusively in the presence of at least one of the legality conditions provided for by the current legal system. Specifically, the legal bases applied include:
The execution of a contract to which the user is a party or the execution of pre-contractual measures taken at their request.
The legitimate interest of the data controller, aimed at ensuring the security of the platform, preventing fraudulent activities, and continuously improving the quality of the services offered.
The explicit and informed consent expressed by the user for specific purposes, such as receiving personalized marketing communications.
Compliance with legal and regulatory obligations to which the data controller is subject based on national or supranational provisions.
Purposes of data processing
The personal data collected are used for specific purposes, strictly related to the provision of services and the optimization of the user experience. The main purposes include:
The creation, operational management, and secure maintenance of the user account.
The provision of requested services and the accurate processing of related financial transactions.
The monitoring and prevention of illicit uses, cyber fraud attempts, or unauthorized access.
Statistical analysis aimed at the continuous improvement of the user interface, server stability, and offered services.
The efficient management of support requests submitted to customer service.
The sending of technical communications, security alerts, or regulatory updates related to the platform.
Upon free and optional consent, the sending of promotional material or informative newsletters.
Data retention period
Users' personal data are retained only for the time strictly necessary to achieve the purposes for which they were originally collected, or to comply with specific legal obligations regarding accounting, tax, and administrative matters.
At the end of the established retention period, or when no legitimate legal basis for processing no longer exists, the data will be permanently and securely deleted from our IT archives or transformed into a completely anonymous form, preventing the identification, even indirectly, of the data subjects.
Data sharing with third parties
Users' personal data are not sold, transferred, or disseminated for commercial purposes to unauthorized external parties. Information sharing may only occur with selected categories of recipients who collaborate in the provision of the platform's services, such as:
Technology service providers, hosting providers, and IT infrastructure maintenance companies.
Companies responsible for payment processing and partner financial institutions.
Legal, corporate, and administrative consultants, solely for the protection of contractual and legal rights.
Judicial authorities or supervisory bodies, if a binding regulatory obligation or a formal request in accordance with the law exists.
All third parties accessing the data act as external data processors, bound by strict contractual agreements that require absolute confidentiality and the adoption of adequate data protection measures.
International data transfers
Personal data collected is processed mainly within the European Economic Area (EEA). Should it become necessary, for technical or operational reasons related to the location of service providers, to transfer some information to countries outside the EEA, all necessary legal protections and safeguards will be adopted. These measures include verifying the existence of adequacy decisions issued by competent authorities or the signing of standard contractual clauses aimed at ensuring that the level of personal data protection remains equivalent to that guaranteed within the European Union.
Technical and organizational security measures
Technical, physical, and organizational security measures are implemented on the platform to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. Technologies employed include data flow encryption systems, advanced firewalls, secure authentication protocols, and access control systems for company personnel based on the principle of least privilege.
However, it should be noted that no data transmission or electronic storage system via the internet can be guaranteed to be one hundred percent secure. Although LeoVegas makes every reasonable commercial effort to apply best practices for information protection, absolute guarantees against all potential vulnerabilities or unpredictable cyber attacks cannot be provided.
User rights and how to exercise them
In accordance with current data protection regulations, users have a series of fundamental rights that they can exercise at any time towards the data controller. These rights include:
The right of access, to obtain confirmation of whether or not personal data concerning them are being processed and to receive a copy.
The right to rectification, to request the update or correction of inaccurate, incomplete, or outdated data.
The right to erasure (right to be forgotten), to request the deletion of their personal data if they are no longer necessary for the original purposes or if consent is withdrawn.
The right to restriction of processing, to request that data be marked and not further processed under certain conditions.
The right to data portability, to receive their personal information in a structured, commonly used, and machine-readable format.
The right to object, to object at any time, for reasons related to their particular situation, to the processing of data based on legitimate interest.
To exercise any of the rights listed above or to request specific clarification regarding the management of your privacy, you can send a formal request to the dedicated email address: leovegas_support@gmail.com. Each request will be processed within the timeframe required by law, after verifying the identity of the requester to prevent unauthorized access to third-party data.
Updates to the Privacy Policy
This Privacy Policy may be updated periodically to reflect changes in operational practices, technological modifications, or new legislative provisions. Any changes will take effect from the publication date indicated in the document. Users are advised to regularly check this section to view any modifications and stay constantly updated on the protection mechanisms applied.