Privacy Policy

Regulatory Framework and Scope

NTEC Limited (“Company”, “we”, “our”, or “us”) is committed to full compliance with applicable data protection legislation and regulatory requirements, including:

  • The General Data Protection Regulation (EU) (“GDPR”)
  • The Malta Data Protection Act (Chapter 586 of the Laws of Malta)
  • Malta Gaming Authority (MGA) directives related to player protection, anti-money laundering (AML), responsible gaming, and reporting obligations

This Policy governs the collection, processing, storage, and disclosure of Personal Data for all users accessing our website, gaming platforms, mobile applications, and related services (collectively, the “Services”). All users are deemed to acknowledge and accept the terms of this Policy when using the Services.

Data Controller and Governance

The Company is the Data Controller responsible for Personal Data processing.

  • Registered Office: Level G, Office 1/0460, Quantum House, 75, Abate Rigord Street, TA’Xbiex, XBX 1120, Malta
  • Company Registration Number: C 53761
  • Data Protection Officer (DPO): dpo@top88.la

The Company maintains internal oversight to ensure compliance with GDPR, MGA directives, and other applicable regulations. Staff handling Personal Data are trained in regulatory requirements, security controls, and data governance procedures.

Principles of Personal Data Processing

All Personal Data is processed according to the principles set out in GDPR and MGA guidance:

  • Lawfulness, Fairness, and Transparency: Data is processed for legitimate purposes with transparency to the user.
  • Purpose Limitation: Data is collected strictly for defined regulatory, operational, and contractual purposes.
  • Data Minimization: Only data necessary for compliance and service provision is collected.
  • Accuracy: Personal Data is kept accurate, complete, and up to date.
  • Storage Limitation: Data is retained only for the duration necessary to comply with regulatory or contractual obligations.
  • Integrity and Confidentiality: Appropriate technical and organisational security measures are applied to protect Personal Data.
  • Accountability: The Company maintains records and can demonstrate compliance with GDPR and MGA directives.

Personal Data Collected Categories

The Company may process the following categories of Personal Data:

  • Identity and Verification Data: Name, date of birth, government-issued ID, proof of address, source of funds
  • Contact Data: Email, phone number, postal address
  • Account and Gaming Data: Account credentials, gaming history, deposits, withdrawals, limits
  • Financial Data: Payment method details, transaction history
  • Technical Data: IP address, device information, geolocation, usage logs
  • Communication Data: Customer support interactions, responsible gaming notifications

Certain categories of data are considered sensitive or high-risk and are subject to enhanced security controls and regulatory oversight.

Data Processing Lawful Basis

Personal Data is processed on one or more lawful bases under GDPR:

  • Contractual necessity: To register, manage accounts, and deliver gaming services.
  • Legal obligation: To comply with AML/KYC, responsible gaming, and MGA reporting obligations.
  • Legitimate interests: For fraud prevention, platform security, service monitoring, and improvement.
  • Consent: For marketing communications or where explicitly required by law.

Purpose of Processing

Personal Data is collected and processed to:

  • Verify player identity, age, and eligibility
  • Facilitate deposits, withdrawals, and account management
  • Comply with AML, KYC, and MGA reporting obligations
  • Monitor and prevent fraudulent or suspicious activity
  • Provide responsible gaming safeguards
  • Deliver regulatory communications and updates
  • Maintain operational integrity, security, and platform performance

Data Sharing and Disclosure

Personal Data may be shared with:

  • Payment processors and financial institutions
  • Identity verification and AML service providers
  • IT infrastructure, hosting, and security service providers
  • Professional advisers (legal, audit, compliance)
  • Competent authorities, including the MGA and the Financial Intelligence Analysis Unit (FIAU), as required by law

The Company does not sell or commercially exploit Personal Data.

International Data Transfers

Transfers of Personal Data outside the European Economic Area (EEA) are permitted only under appropriate safeguards, such as:

  • Transfers to jurisdictions with EU adequacy decisions
  • Standard Contractual Clauses (SCCs) or equivalent legal mechanisms approved under GDPR

Data Retention

Personal Data is retained only as long as required to fulfil the purposes outlined above or as mandated by law and regulatory obligations.

  • General Personal Data retention is periodically reviewed to ensure compliance and relevance.
  • Exception: Records of Personal Data breaches, KYC/AML verification, and regulatory reporting are retained for at least five (5) years in accordance with MGA and AML/CTF requirements.

Once no longer required, Personal Data is securely deleted or anonymised.

Data Security Measures

The Company implements technical and organisational controls to protect Personal Data, including:

  • Encryption and secure storage of sensitive information
  • Access control and authentication mechanisms
  • Monitoring of systems and networks
  • Staff training and internal policies to mitigate risks

Data Subject Rights

Users are entitled to exercise the following rights under GDPR:

  • Access and receive a copy of their Personal Data
  • Rectification of inaccurate or incomplete data
  • Erasure of data where permitted by law
  • Restriction or objection to processing
  • Data portability
  • Withdraw consent for marketing communications

Requests can be submitted to the DPO. Users may also lodge complaints with the Office of the Information and Data Protection Commissioner, Malta.

Personal Data Breaches

In the event of a Personal Data breach, the Company will:

  • Initiate containment and remediation measures immediately
  • Notify the supervisory authority within 72 hours where required
  • Notify affected data subjects if the breach presents a high risk to their rights and freedoms
  • Maintain breach records for audit and regulatory purposes

Children and Minors

The Services are intended for users aged 18 and above. The Company does not knowingly collect Personal Data from minors. Any identified data of minors will be deleted and the associated accounts closed.

Cookies and Tracking Technologies

The platform uses cookies and similar tracking technologies to:

  • Enable core website and platform functionality
  • Analyse usage patterns and platform performance
  • Improve user experience

Where required, consent is obtained and recorded via a cookie management tool.

Policy Review and Updates

This Policy is reviewed periodically to ensure compliance with regulatory changes, industry standards, and operational requirements. The latest version will be published on the website and made available to users.

Governing Law

This Privacy and Data Protection Policy is governed by the laws of Malta and interpreted in accordance with GDPR and applicable Maltese legislation.

Đang tải game