game organiser – according to the definitions used in the Gambling Act and the Money Laundering Act – of the Casino (https://vegas.hu/; hereinafter: online casino website) (Gambling Act Section 29/L; Money Laundering Act Section 3 item 45 point b)); as well as the
“Organiser” according to the terms used in the End-User Licence Agreement (EULA).
processing of personal data in the European Union, which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
processing of personal data in the European Union, which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
the controller or processor is established on the territory of the Member State of that supervisory authority;
data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or
a complaint has been lodged with that supervisory authority.
who is considered a player according to the definition used in the Gambling Act (Gambling Act Section 37 item 6); or
whose customer due diligence or customer identification process pursuant to the Money Laundering Act has begun; or
whose registration pursuant to section 3 item 45 point b) of the Money Laundering Act has begun; or
regarding whom the business relationship pursuant to the Money Laundering Act and/or this Information document exists; or
regarding whom the player identification or personal identification process pursuant to the Game Organisation Decree has begun; or
who is in a client relationship with the Controller, pursuant to the definition of the Freedom of Information Act; or
regarding whom the registration process pursuant to this Information document or the EULA has begun (i.e. including preliminary registration as well); or
who is considered “Client”, “Player”, “real cash Player”, “identified Player” or “banned” player pursuant to the EULA; or
who uses the services of the Online Casino (the online casino website) in accordance with the EULA, as well as the applicable legislation.
Simultaneously, the finalised registration of the Player also constitutes establishing business relationship between the Controller - as the organiser of the Casino (LVC Diamond Kft.) - and the Player (Money Laundering Act Section 3 item 45 point b); Section 6 (1) point a)).
Registration is completed after finalising the high-level client due diligence procedure and the registration of records pursuant to the provisions of the EULA.
compulsory legislation requirement (including especially provisions of the Gambling Act and the Money Laundering Act), or
considering the type of business relationship, legislative provisions enabling optional data controlling (including especially Section 13/A (1)-(2) of the E-Commerce Act), as well as
(regarding data controlled in a non-compulsory manner, without applicable legislative requirements) the preliminary, voluntary consent of the Player, provided with knowledge of the EULA and this Information document, expressed through commencing registration and the use of the specific Service (including especially the registration obligation based on voluntary consent and obligatory for the Controller, stipulated in the SZTFH Decree and the Game Organisation Decree); the performance of the contract between the Parties with accepting the EULA and using the Service, as well as the steps requested by the Player, required for concluding this contract;
legitimate interest of the Controller (GDPR Article 6 (1) point f)).
The purpose of data processing on behalf of the Online Casino shall - from time to time - be the continuous provision of compliance with regulations, as well as the satisfactory compliance with the requests of the relevant authorities based on their authority set forth in law.
The purpose of data processing in other cases shall be ensuring the use of the Service, improving user experience, providing contractual service and the payment of prizes.
In order to ensure the transparency of the specific purposes of data processing, the Controller herein provides information regarding the purposes, duration and legal basis for processing different personal data. These requirements shall be applied by the Controller as binding.
Name of personal data |
Legal basis for data processing:compliance with legal obligation[GDPR Article 6 (1) point c)] |
|
|---|---|---|
1. |
surname and forename |
Money Laundering Act Section 7 (2) point aa);Gambling Act Section 29/H (1) point a) |
2. |
birth surname and forename |
Money Laundering Act Section 7 (3) point ab);Gambling Act Section 29/H (1) point a) |
3. |
place and date of birth |
Money Laundering Act Section 7 (2) point ad); Section 17 (1); Gambling Act Section 29/H (1) point e) |
4. |
mother’s name |
Money Laundering Act Section 7 (2) point ae); Section 17 (1); Gambling Act Section 29/H (1) point a) |
5. |
address (or place of abode, if the address is not in Hungary) |
Money Laundering Act Section 7 (2) point af); Gambling Act Section 29/H (1) point b) |
6. |
nationality |
Money Laundering Act Section 7 (2) point ac); Gambling Act Section 29/H (1) point c) |
7. |
type and number of the personal identification document |
Money Laundering Act Section 7 (2) point ag); Gambling Act Section 29/H (1) point d) |
8. |
photo of the Player in case of data query from a public register |
Money Laundering Act Section 7 (1) |
9. |
in case of Hungarian nationals:personal identification document + official certificate of the permanent address, only the side without personal identification (address card) (the latter only if the home address is located in Hungary).driver’s licence card + address card (the latter only if the home address is located in Hungary) orpassport + official certificate of the permanent address, only the side without personal identification (address card) (the latter only if the home address is located in Hungary);for Hungarian nationals providing a foreign address, we request a document certifying the foreign address to be uploaded as well. |
Money Laundering Act Section 7 (3) point aa) |
10. |
in case of foreign nationals:official certificate of having a home address in Hungary (only the side without personal identification if an address card is presented), if the home address is located in Hungary |
Money Laundering Act Section 7 (3) point ab); Gambling Act Section 29/H (1) point b) |
11. |
in case of foreign nationals:passport or personal identification document, provided that it embodies an authorisation to reside in Hungary, document evidencing the right of residence or a valid residence permit |
Money Laundering Act Section 7 (3) point ab) |
12. |
copy of the document including the data specified in Section 7 (2)-(3) of the Money Laundering Act and the document specified in Section 7 (4) of the Money Laundering Act |
Money Laundering Act 17. § |
13. |
digital copy of the personal identification document |
Money Laundering Act Section 7 (8) and (8a) |
14. |
expiry of the personal identification document |
Money Laundering Act Section 7 (5) |
15. |
in case of business relationship, the type, subject and duration of the agreement (EULA) |
Money Laundering Act Section 10 (1) point a) |
16. |
The Player must provide a written statement to the Controller regarding whether pursuant to the laws of his country of residence he qualifies as a politically exposed person, close relative of a politically exposed person or a close associate of a politically exposed person. If the Player qualifies as a politically exposed person, his statement shall include the specification of which point in Section 4 (2)-(4) of the Money Laundering Act applies to him. |
Money Laundering Act Section 9/A (1) |
17. |
If the Player qualifies as a politically exposed person, close relative of a politically exposed person or a close associate of a politically exposed person, his statement must include the information on the source of funds and the source of assets. |
Money Laundering Act Section 9/A (2) |
18. |
Risk level classification of the Player (low, average, high) |
Money Laundering Act Section 6/A and 10 (1) point b) |
19. |
e-mail address |
SZTFH Decree Section 19 point a) |
20. |
username (unique) |
SZTFH Decree Section 19 point b) |
21. |
existence and period of self-exclusion |
SZTFH Decree Section 19 point c) |
22. |
subject and duration of the self-restriction measure |
SZTFH Decree Section 19 point d) |
23. |
password related to the username (can be modified) |
SZTFH Decree Section 20 (2) |
24. |
IP address of the Player’s computer |
Gambling Act Section 29/M |
25. |
data relevant to the time, duration and location of using the Service |
E-Commerce Act Section 13/A (2) |
Name of personal data |
Legal basis for data processing:compliance with legal obligation[GDPR Article 6 (1) point c)] |
|
|---|---|---|
1. |
address, surname and given name, birth name, mother’s name, place and date of birth |
E-Commerce Act Section 13/A (1)-(2) |
2. |
player account and the entire data traffic thereof |
Gambling Act Section 29/H (5), SZTFH Decree Section 24 |
3. |
circumstances of performance (place, time, method) |
Money Laundering Act Section 10 (1) point c) |
4. |
information on the purpose and planned type of business relationship |
Money Laundering Act Section 10 (1) point d) |
retention period of data processed under the Money Laundering Act is 8 years from the termination of the business relationship,
retention period of data generated in relation to gambling organisation, under the Gambling Act or the SZTFH Decree is 6 years from generation of the data,
The following data are processed by the Controller for 8 years following the termination of business relationship: e-mail address, username, password, player account and data traffic, data relevant to the time, duration and location of using the service, IP address, existence and period of self-exclusion, subject and duration of the self-restriction measure.
Range of processed personal data: name, birth name, nationality, number of the personal identification document, issue date, place and expiry, date and place of birth, photo of the identity document, mother’s name, home address, Player’s photo image and sex.
Legal basis for data processing:
For processing required to carry out simplified client due diligence:
Explicit consent of the data subject for the Player’s photo image and sex, pursuant to GDPR Article 6 (1) point a) and Article 9 (1) point a).
For storing data provided during simplified client due diligence:
Compliance with the legal obligation pursuant to Article 6 (1) point c) of the GDPR with regard to name, birth name, nationality, number of the personal identification document, issue date, place and expiry, date and place of birth, mother’s name, home address. The legal obligation is set out in Section 7 (1) and (7) of the Money Laundering Act and Section 29/H (2) of the Gambling Act.
amount of payment withdrawal initiated by the Player,
bank account provided by the Player,
fact, date and time of initiating the payment.
Recording of the fact, details and date of crediting the winnings;
Player's current balance at a specific time;
Data included in the Player’s payout request;
In case of the suspension of the player account: the fact, time, reason of suspension; the fact, time of revoking suspension (SZTFH Decree Section 26 (3));
Tax identifier number for prizes from foreign jackpot systems (Gambling Act Section 29/Q).
digital copy of the personal identification document (Money Laundering Act Section 7 (8))
expiry of the document certifying personal identity (Money Laundering Act Section 7 (5))
Baseline settings (disclosed personal data) and changes applied to the use of the Service;
all the essential information related to the games played by the Player, including deposits, bet and prize data, bonus games, the winning combination, prize payment, financial transactions ;
data necessary for the unique identification of the Player, including IP address, MAC address, port number;
the Player's logins and logouts to and from the Online Casino and all successful and unsuccessful connection attempts and events;
The log shall include the name of the events, the date and time (with precision down to the second) and all other information clearly identifying the event.
Purpose of processing |
Legal basis for data processing |
Processed personal data |
Duration of data processing |
Customer service administration, collection of information and problem-solving using chat service (including objections to changes of the EULA). |
performance of contract(GDPR Article 6 (1) item b)). |
i. Name;ii. Username;iii. IP address;iv. E-mail
address; |
5 years following recording the personal data |
Gathering of information using chatbot service |
Legitimate interest of the Controller(GDPR Article 6 (1) point f)). |
i. Name;ii. Username;iii. IP address;iv. E-mail
address; |
5 years following recording the personal data |
Enforcing ban from the chat service, as set out in the EULA. |
Legitimate interest of the Controller(GDPR Article 6 (1) point f)). |
i. Name;
|
5 years following recording the personal data |
Provision of chat communication during live games broadcast from the online studio. |
performance of contract(GDPR Article 6 (1) item b)). |
i. Name;ii. Username;iii. IP
address; |
5 years following recording the personal data |
Enforcing ban from chat communication service in live games broadcast from the online studio. |
Legitimate interest of the Controller(GDPR Article 6 (1) point f)). |
i. Name;ii. Username;iii.
IP address |
5 years following recording the personal data |
Name, home address of the Player submitting the complaint;
Place, time, way of submitting the complaint;
Detailed description of the complaint, list of attached documents;
Unique ID of the complaint submitted by the Player;
the possibility of self-exclusion for the period determined by the Player;
defining the maximum daily, weekly, monthly loss;
setting a deposit limit for each occasion;
defining daily, weekly, monthly wagering limits;
setting allowed time spent in the game.
existence, subject of self-restriction measures;
number of self-exclusions;
duration of self-exclusion;
cancellation of self-exclusion measures (for each data type: E-Commerce Act Section 13/A (1)-(3); SZTFH Decree Section 19 point c); Game Organisation Decree Section 13 (2));
name;
username;
date of birth;
mother’s name;
address;
identification document number;
specific category of measure: maximised single or aggregated deposit payment, maximised loss, bets/total bets, maximised duration spent playing (SZTFH Decree Section 19 point d)).
Identification data of the Player;
Data included in the Player’s payout request;
Location and date of winning and receiving the prizes;
Amount of personal income tax deducted from the winnings.
The legal basis of processing is performing the legal obligation pursuant to Article 6 (1) point c) of the GDPR. The legal obligation is set out in Section 1 (8) of the Gambling Act.
Data of the Player pursuant to Section 29/H (1) of the Gambling Act: surname and given name, birth surname and given name, mother’s name; address, or in the lack thereof: place of abode; nationality; identification document type, number; place and date of birth;
In case of foreign national Players: place of abode in Hungary; nationality; type and number of the personal identification document; place and date of birth (Gambling Act Section 1 (5c));
Fact, reason of the ban, time of ordering the ban (Gambling Act Section 1 (5c));
Ad hoc nature of the ban, or the definite term of up to 5 years (Gambling Act Section 1 (5c)).
In order to ensure that the Player is notified about the ban:
E-mail address;
Fact and date/time of the ban;
scope and justification of the ban.
via e-mail sent to the ugyfelszolgalat@vegas.hu e-mail address;
via postal mail sent to the registered office of the Controller;
via the chat window accessible on www.vegas.hu.
via e-mail sent to the ugyfelszolgalat@vegas.hu e-mail address;
via postal mail sent to the registered office of the Controller;
via the chat window accessible on www.vegas.hu;
on the www.vegas.hu website, after logging in and updating the personal preferences.
In case of unsubscribing, requests are processed by the Controller in a couple of days following receipt, and action is taken to terminate sending marketing-purpose offers to the unsubscribing Player as soon as possible. The Player can unsubscribe with instant effect when changing the relevant personal preferences in the player profile.
via e-mail sent to the ugyfelszolgalat@vegas.hu e-mail address;
via postal mail sent to the registered office of the Controller;
via the chat window accessible on www.vegas.hu.
Android: Via Google Chrome
Greentube GmbH (Wiedener Hauptstrasse 94, 1050, Wien, Austria);
Play ’n Go Malta Ltd. (Vincenti Buildings, 28/19 (Suite 1026) Strait Street, Valletta VLT 1432, Malta);
HABANERO Systems Ltd. (Level 5 Quantum House, 75 Abate Rigord Street, Ta’Xbiex, XBX 1120, Malta);
Evolution Malta Limited (Level 1, Spinola Park, Mikiel Ang Borg Street, St Julians SPK 1000, Malta);
Amusnet Gaming Ltd. (EET) (Villa Ichang, Triq Mons. Alfredo Mifsud, Fl.1, Ta’Xbiex XBX 1063, Malta);
Edict Malta Limited (No.2, Geraldu Farrugia Street, Zebbug, ZBG, 4351, Malta);
Ezugi N.V. Van Engelenweg 23, Curacao, Netherlands- data centre located at: the branch sites of S.C. GTS Telecom, S.R.L., Bucharest, Romania;
N-Serve Ltd. (Triq it-Torri Wejter, Birkirkara, BKR 4730, Malta);
Arrise Solutions (Malta) Limited (Falcon House Block E, Main Street, Sliema SLM1455, Malta);
Sub Tech Ltd. (Suite 7, Valletta Buildings, South Street, Valletta, VLT 1103, Malta);
Yggdrasil Gaming Limited (Level 2, Tagliaferro Business Centre, High Street, c/w Gaiety Lane, Sliema SLM 1551, Malta)
Relax Gaming Ltd. (Block 6, Floor 4, Paceville Avenue Street, St Julian’s, STJ 3109, Malta)
ISB Ena Limited (27 Gregory Afxentiou Street, Lanarca, Cyprus)
Evoplay Development Ltd. (28 Oktovriou & Aimiliou Chourmouziou, Lophitis Business Centre I, 4th Floor, Flat/Office No. 403, 3035, Limassol, Cyprus)
Playson Limited (Valletta Buildings, Second Floor, Suite 7, South Street, Valetta, Malta);
EGT Digital Ltd. (Rich Hill Business Center, 6 Panorama Sofia St., Sofia Park, Sofia 1766, Bulgaria);
Thunderkick Malta Ltd. (The Bastions, Office no. 2, Emvin Cremona Street, Floriana FRN 1281, Malta);
Galois Srl (Via dei Prati Fiscal 199, 00141 Roma, Italy)
Ads Interactive FZCO (Building A2 Slicon Oasis DDP, Dubai UAE);
Adform A/S (Silkegade 3B, ST. & 1., 1113 Copenhagen, Denmark);
a Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, D2 Dublin Ireland).
source of processed personal data;
purpose and legal basis for data processing;
range of processed personal data;
in the case of transferring the personal data, the range of recipients of data transfer (including third-country recipients and international organisations);
duration of the retention of the processed personal data, criteria for specifying this time-period;
rights of the data subject under the Freedom of Information Act and the GDPR, and the means of enforcing such rights;
fact of applying automated decision-making and profiling (if applicable),
the circumstances of personal data breaches occurring in relation to the processing of the personal data of the data subject, the impacts thereof and the measures taken to handle such breaches,
right to submit complaints to the supervisory authority.
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
the data subject objects to processing, there are no overriding legitimate grounds for the processing, or the data subject objects to the processing on the basis of Article 21 (2) of the GDPR;
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in EU or Member State law;
the personal data have been collected in connection with the provision of information society services referred to in Article 8 (1) of the GDPR.
for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by EU or Member State law to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
for reasons of public interest in the area of public health;
for archiving or statistical purposes, as well as scientific or historical research purposes in so far as erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defence of legal claims.
the accuracy of the personal data is contested by the Player, for a period enabling the Controller to verify the accuracy of the personal data;
the processing is unlawful and the Player opposes the erasure of the personal data and requests the restriction of their use instead;
the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Player for the establishment, exercise or defence of legal claims;
the Player has objected to processing, pending the verification whether the legitimate grounds of the Controller override those of the Player.
caused to the Player, or a third party, and it shall pay damages (compensation);
resulting in the violation of personal rights of the Player, in which case the Player may seek restitution from the Controller.
ensures - by way of hardware and software tools - that unauthorised persons cannot access the equipment used for the processing data (hereinafter: processing system);
stores the electronic data in a closed, password-protected IT system;
ensures the appropriate security guarding of the buildings in which personal data are stored; separate measures are implemented for the storage of sensitive data (e.g. storage in locked cabinets);
prevents the unauthorised entry of personal data into the processing system, any opportunity for the unauthorised disclosure, change or deletion of the personal data stored therein, as well as the use of the processing systems by unauthorised persons, via communications equipment;
implements internal policies and instructions to ensure data confidentiality;
only transfers personal data with the appropriate legal basis;
only processes personal data for the necessary period;
ensures the restorability of the processing system in the case of failure, ensures the restorability of the data files and their protection against viruses;
prepares internal policies for preserving data security;
ensure the regular review and - if necessary - improvement of the level of IT compliance;
takes all reasonable measures to prevent personal data breaches.
via e-mail sent to the ugyfelszolgalat@vegas.hu e-mail address;
via postal mail sent to the registered office of the Controller;
via the chat window accessible on www.vegas.hu.
Effective from: 01/08/2025