Privacy Policy and Personal Data Processing

To provide our online services and ensure the proper functioning of the offered features, the platform collects and processes various types of information, which may be provided directly by the user or automatically detected during browsing sessions.

Identifying and contact data

This category includes essential personal information voluntarily provided by the user during registration or interaction with our systems, such as name, surname, date of birth (necessary to verify reaching the age of majority), residential or domicile address, tax code, email address, and phone number. The collection of these elements is strictly linked to the creation and management of the user profile.

Browsing data and device data

The computer systems and software procedures used for the operation of this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category includes IP addresses, the type of browser used, operating system parameters, request times, the unique identifier of the mobile device, data relating to traffic flows, and pages visited within the portal. Such data are processed for diagnostic and security purposes.

Data related to financial transactions

Where the user carries out financial operations within the platform (such as deposits, withdrawals, or recharges related to the use of available services), information relating to the chosen payment methods, partial details of credit or debit cards, bank account details, transaction amounts, and execution dates of individual operations are processed. Complete payment method data is managed via encrypted security protocols by our authorized financial partners.

Communications with customer support service

Every time the user interacts with our technical support center or sends written requests through official channels, the content of the messages, the emails sent, the details of the support ticket, and the responses provided by internal staff are recorded and stored to evaluate service quality and to efficiently resolve any disputes or operational issues.

The processing of personal data is carried out exclusively in the presence of one or more legitimacy conditions provided for by the current legal system in Italy:

Execution of a contract: processing is necessary to fulfill obligations arising from the Terms and Conditions accepted by the user, in order to guarantee access to services and account management.

Compliance with legal obligations: information must be processed to meet strict regulatory requirements, including anti-money laundering laws, prevention of tax fraud, and regulations on consumer protection and participant age verification.

Legitimate interest: processing is aimed at improving the security of IT systems, optimizing the technical performance of the platform, and protecting the infrastructure from attacks or unauthorized access.

Consent of the data subject: for specific purposes, such as sending promotional communications or activating profiling cookies, the explicit and revocable consent of the user is requested.

The information collected by Winamax is used for well-defined and limited purposes, aimed at ensuring an efficient, secure, and compliant user experience with current regulations. The main activities include the creation and maintenance of the user profile, secure processing of payment transactions, prevention and detection of fraudulent conduct or unauthorized access, provision of timely and effective customer support, and sending service updates or contractual changes. If the user has given specific consent, the data may also be used to send personalized informational material and newsletters, with the option to revoke this choice at any time.

Personal data are kept for the time strictly necessary to achieve the purposes for which they were collected, or in accordance with the limitation periods provided for by current civil, fiscal, and criminal laws in Italy. At the end of the established retention period (for example, after the definitive closure of the account or the expiry of the financial record retention periods), sensitive and identifying data are securely deleted or transformed into a completely anonymous form that does not allow, even indirectly, the identification of the data subjects.

To ensure the operational effectiveness of its services, the platform may communicate user data to third-party companies acting as data processors or external business partners. These entities include banking institutions and payment service providers, companies specializing in IT system maintenance and server hosting, legal and tax consultants, and technical support agencies. All external suppliers are bound by strict contractual obligations that impose an absolute prohibition on using the data for purposes other than those agreed upon and the adoption of rigorous protection measures.

Furthermore, personal data may be communicated to judicial authorities or law enforcement agencies whenever there is a formal obligation or a legitimate request based on legal provisions or judicial orders.

Users' personal data are primarily processed within the European Economic Area (EEA). Should it become necessary for technical or operational reasons to transfer certain information to countries outside the European Union, Winamax undertakes to adopt adequate legal safeguards, such as standard contractual clauses approved by the European Commission or equivalent bilateral agreements, in order to ensure that the level of personal data protection remains intact and aligned with European standards.

Our platform implements a series of technical, physical, and organizational security measures designed to protect personal data from accidental or unlawful destruction, loss, alteration, disclosure, or unauthorized access. We use data encryption technologies (such as SSL/TLS protocols) during the transmission of sensitive information and apply strict access controls to internal personnel authorized to process data. However, despite adopting high protection standards, it is important to remember that no digital transmission or storage system on the Internet can be guaranteed to be 100% secure.

In accordance with data protection regulations, each user residing or operating in Italian territory enjoys specific rights aimed at protecting their personal information. These rights include:

Right of access: the ability to obtain confirmation as to whether or not personal data are being processed and to receive a readable copy thereof.

Right to rectification: the possibility to request the correction of inaccurate information or the integration of incomplete data.

Right to erasure (right to be forgotten): the request for removal of personal data if they are no longer necessary for the original purposes or in the absence of legal grounds for retention.

Right to restriction of processing: the ability to request the temporary blocking of processing in the event of disputes regarding the accuracy of the data or the lawfulness of the processing.

Right to object: the possibility to object to processing for reasons related to one's particular situation or for direct marketing purposes.

Right to data portability: the right to receive the information provided in a structured, commonly used, and machine-readable format, to transfer it to another operator.

To submit inquiries regarding privacy management, clarifications on processing methods, or to officially exercise one of the rights listed above, users can send a formal written request to the dedicated email address: [email protected].

For security reasons and to prevent fraudulent disclosure of information to unauthorized parties, the platform reserves the right to verify the identity of the requester by requesting confirmation of registration data or the presentation of a valid identity document before proceeding with the processing of the privacy request.

This Privacy Policy is constantly monitored and updated to faithfully reflect the evolution of our internal practices or any changes introduced by legislative authorities. The date of the last revision will always be verifiable on the portal, and any new provision will take effect immediately upon its online publication. We recommend that users regularly check this section to maintain a clear understanding of our confidentiality policies.