As it understands the importance of protecting personal data, the company Gst Gaming SRL (“GST”), in its role as the Data Controller, hereby informs users of the website www.gstgaming.online (“Users” or “Data Subjects”) that their personal data acquired while browsing the website (“Data”) shall be processed in accordance with personal data protection legislation. When using the services offered by the website, users shall receive specific information on any additional personal data processing performed by GST. Pursuant to Article 13 of Regulation (EU) No. 2016/679 (“Regulation”) and with reference to how Users’ personal data is handled and processed, GST hereby provides the following information.

1 Types of data collected, purposes and legal grounds for the processing

• Browsing data

During their ordinary course of operation, the IT systems and software procedures required to run the website www.gstgaming.online shall acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This category of data includes the computer IP addresses or domain names of users who visit the website, MAC (Media Access Control) addresses, URI addresses (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in reply, the numerical code indicating the status of the reply from the server (successful, error, etc) and other parameters relating to the user’s operating system and computer. This data is only used to extract anonymous statistical information on how the website is used and to ensure that it is running properly. It is deleted immediately after processing. Data may be used to establish liability in the event of any potential computer crimes against the website. The legal grounds for this processing can be found under Article 6, par. 1, lett. b) of the Regulation, as it allows Users to use the requested service. This Data may also be used to fulfil legal obligations or to meet requests from the Legal Authorities. The legal grounds for this processing can be found under Article 6, par. 1, lett. c) of the Regulation, as the processing is required to fulfil a legal obligation of the data controller.

• Data provided voluntarily by the User

After voluntarily sending e-mails to the addresses on the website or using the chat functions on the website, GST may process the sender’s e-mail address and any additional personal data contained in these messages to meet the User’s requests or to allow the requested service to be used. In any case, specific privacy policies shall be made available when particular tools provided by the website are used. The legal grounds for this processing can be found under the case provided by Article 6, par. 1, lett. b) of the Regulation, as it is required to provide the User with the requested service. This Data may also be used to fulfil legal obligations or to meet requests from the Legal Authorities. The legal grounds for this processing can be found under Article 6, par. 1, lett. c) of the Regulation, as the processing is required to fulfil a legal obligation of the data controller. GST invites Users not to send data, in particular, on their health, religious beliefs and political opinions (or any other type of “special” data) through the tools provided by the website. This data shall be deleted immediately if it is not provided with a written declaration of consent to be processed by GST.

• Cookies

The website uses technical cookies (session and browsing cookies) to allow normal browsing and use of the website (for example, allowing authentication to access members’ areas). The website also uses third party profiling cookies and third party analytics cookies (with reduced identification potential) to monitor use of the website by users to optimize the web platform and statistics (analytics). For all the information on the processing of personal data performed through cookies, please see the extended cookie policy, which can be found on every portal page through the link in the footer.

2 Data storage period

The Data collected and processed after browsing the website www.gstgaming.online shall be stored for the entire period the service is provided and, in any case, deleted or anonymized after 7 days. Data sent independently by Users through the tools on the website shall be deleted after the requested service has been provided or after they have received a reply and, in any case, within a maximum of 6 months after this activity has finished, except for any data required to comply with tax, accounting and administrative regulations or to fulfil any other legal obligations and to document the activities carried out.

3 Processing methods

The Data collected shall be stored and processed electronically and shall be saved in either computer or paper format, organized into databases, and on any other suitable type of media. Special security measures are followed to prevent the loss of data, unlawful or improper use and unauthorized access. The processing of personal data carried out by GST does not involve automated decision-making processes.

4 Disclosure of Data

Browsing data needs to be disclosed to provide the requested service (browsing the website) and is compulsory for this purpose; if it is not, GST might not be able to allow users to browse the website www.gstgaming.online

5 Individuals to whom personal data may be disclosed

Data may be disclosed to: (i) individuals permitted by law or secondary and/or EU legislation under legitimate interests to access Data Subjects’ personal data; (ii) the Data Controller’s internal staff; (iii) companies, associations or professional firms that provide services and work on behalf of the Data Controller as Data Processors to fulfil legal obligations, as well as for any organizational and administrative requirements to provide the requested services. The names of the Data Processors can be found on an updated list available from the Company (which can be requested under the details indicated under point 9). Data shall not be circulated.

6 Transfer of Data to countries outside the EU or to international organizations

For the Data processing described in this policy, GST shall not transfer Data to any countries outside the EU or to international organizations.

7 Links to third party websites or services

This policy only applies to Data processing carried out through this website or the tools that it provides, and is not valid for other websites which Users may visit through links, whose managers operate as independent data controllers. Users should therefore carefully read their privacy policies before accessing any third party services.

8 Data subject rights

In relation to the aforementioned Data processing, Data Subjects have the right to exercise their rights laid down by the Regulation at any time, including, for example, the right to (a) access, update, amend or supplement their data; (b) delete, anonymize or block any of their data being processed illegally; (c) restrict the processing of their data; (d) obtain a copy of their data in a standard format. In particular, Data Subjects have the right to obtain information on: (i) the source of their personal data; (ii) the purposes and methods of the processing; (iii) how the processing is done if electronic tools are used; (iv) the identity of the Data Controller, the processors and the appointed representative. Data Subjects also have the right to object, wholly or in part, to any processing carried out:

• for scientific, historical or statistical research, even if it is relevant to the purpose for which the data was collected, when this objection is based on reasons connected to their particular situation;
• pursuant to Article 6, paragraph 1, Regulation (EU) No. 2016/679, letter e. (“the processing is necessary to perform a task carried out in the public interest or in the exercise of official authority vested in the data controller”) or f. (“the processing is necessary to satisfy a legitimate interest of the controller or of third parties”), including profiling based on these provisions.
• to send advertising or direct sales material or to carry out market research or commercial communications.

Data Subjects have the right to withdraw their consent to processing, when it is based on the case provided by Article 6, paragraph 1, letter a. (when “data subjects have expressed their consent to the processing of their personal data for one or more specific purposes”), or by Article 9, paragraph 2, letter a. (data subjects have granted their explicit consent to the processing of this personal data for one or more specific purposes) of Regulation (EU) No. 2016/679, at any time, without prejudice to the lawfulness of processing based on consent granted before the withdrawal. If they believe that the processing of their data breaks applicable law, Data Subjects have the right to file a complaint with a supervisory authority, namely in the Member State where they usually reside, work or in the place where this alleged breach occurred. The Italian Data Protection Authority can be contacted at the details found on its website (www.garanteprivacy.it).

9 Data controller – Contact details

The Data Controller is GST Gaming S.r.l., Via Cilea, 5 - Alessandria, VAT No. 02492770066, in the person of its legal representative. GST can also be contacted at the certified e-mail address gstgaming@goldpec.it. To exercise the aforementioned rights, data subjects may send a request to the e-mail address info-online@gstgaming.it.

GST reserves the right to update this Data processing policy.