EnglishEN
EUR

Privacy Policy

PRIVACY POLICY

In this privacy policy we, GAMIVO.COM LIMITED, registered under number C 90983, with our registered office 99, Dingli Street, Sliema, Malta (“GAMIVO.COM”), wish to explain how we handle personal data of our Users when they visit our website and use our services.

All the terms used in GAMIVO.COM Terms & Conditions have the same meaning as in this Privacy Policy. When you first visit GAMIVO.COM site, you will be asked to consent to our use of cookies in accordance with these terms.

We incorporate such privacy controls, that will provide you with controls on deciding how we will process your personal data. Use privacy controls, with which you can specify whether you would like to receive direct marketing communications from GAMIVO.COM.

Please let us know if the personal information that we hold about you needs to be corrected or updated.

If you wish to exercise any of your rights provided in this Privacy Policy or contact us regarding all privacy-related issues, you may submit or request by email: support@gamivo.com.

 

I. Legal Basis for Processing

We process your personal data only when we have a valid legal basis under the General Data Protection Regulation (GDPR). The specific legal basis for each processing purpose is indicated in the relevant sections of this Privacy Policy. In general, your personal data may be processed based on the following legal grounds:

  1. Consent (Article 6(1)(a) GDPR) – where you have freely given your informed, specific and unambiguous permission, e.g. for receiving marketing communications or subscribing to our newsletter.
  2. Performance of a contract (Article 6(1)(b) GDPR) – where processing is necessary to fulfil our contractual obligations towards you, e.g. providing services via our platform, managing your account or processing transactions.
  3. Compliance with a legal obligation (Article 6(1)(c) GDPR) – where we are required to process certain personal data by law, e.g. anti-money laundering regulations, accounting, tax obligations, or responding to lawful requests from public authorities.
  4. Legitimate interests (Article 6(1)(f) GDPR) – where processing is necessary for the purposes of our legitimate interests or those of a third party, provided such interests are not overridden by your fundamental rights and freedoms. These interests include, for example:
    • improving the functionality and security of our website,
    • preventing fraud and abuse of our services,
    • maintaining business continuity and customer service quality,
    • analyzing usage to enhance user experience.

We have carried out balancing tests (legitimate interest assessments) for all data processing activities based on legitimate interest, and we ensure that your rights and interests are duly considered. You have the right to object to any processing based on our legitimate interests at any time, on grounds relating to your particular situation.

 

II. How is our site using your data?

  1. We process data about your use of our website and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. We obtain such data through the use of cookies and similar technologies.
  2. We process usage data to have a better understanding of how you use our website and services. The legal basis for this processing is our legitimate interest, namely monitoring and improving our website and services and accommodating the services for individual interests of every User.
  3. We process your account data (“account data”). The account data may include your name and email address, phone number and other data that you provide while registering as well as your purchase history. We obtain such data directly from you.
  4. We process account data for the purposes of operating our website, providing our services, ensuring the security of our website and services and communicating with you as our User. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract as well as our legitimate interest, namely monitoring and improving our website and services.
  5. We process information relating to provision of services by us to you in our website (“transaction data”). The transaction data may include your contact details, bank account details and the transaction details. The transaction data is processed to supply purchases goods and provide services and keep proper records of those transactions. The legal basis for this processing is the performance of a contract between you, other Users and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely the proper administration of our website and business.
  6. We process information related to anti-money laundering prevention measures (“AML data”). AML data may additionally include address or residence, ID documentation, including your photo, documents regarding your source of wealth, utility bill and others. We are required by the law to request such information to carry out “know your client” obligations.
  7. We may process information that you provide to us for the purpose of subscribing to our email messages and newsletters (“messaging data”). The messaging data is processed to send you relevant messages and newsletters. The legal basis for this processing is your consent. Also, if you are a User and you do not object, we may also process messaging data on the basis of our legitimate interest, namely seeking to maintain and improve customer relations.
  8. We may process information relating to any communication that you send to us (“correspondence data”). The correspondence data may include the communication content and metadata associated with the communication. In case of communication through our website, the website will generate the metadata associated with communications made using the website contact forms. The correspondence data is processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business, ensuring uniform and high-quality consultation practice and investigating disputes between you and our employees.
  9. We may process any of your personal data identified in this notice where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
  10. We may process any of your personal data identified in this notice where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
  11. We may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
  12. In most cases, providing personal data is voluntary. However, some data are necessary for us to enter into or perform a contract with you (e.g., account registration, purchase transactions). Where personal data is required by law (e.g., for anti-money laundering verification), failure to provide it may result in us being unable to offer our services.
  13. In some cases, we may obtain your data indirectly, such as from other users involved in a transaction with you.
  14. Our services are not intended for use by individuals under the age of 16. We do not knowingly collect personal data from minors.

 

III. How long are we storing your data?

  1. We store your personal data only for as long as necessary to fulfil the purposes for which the data was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Retention periods may vary depending on the nature of the data and the applicable legal obligations.
  2. Usage data – retained for up to 24 months after collection, unless a shorter period is sufficient for analytical purposes. Data may be aggregated and anonymized for statistical analysis beyond that period.
  3. Account data – retained for no longer than 5 years from your last activity on the account or until your request for erasure, unless a longer period is required to defend against legal claims..
  4. Transaction data – retained for 10 years after the end of the service provision, in accordance with legal obligations under tax and accounting regulations.
  5. AML data – retained for 5 years following the termination of the business relationship or from the date of the last transaction, as required by applicable anti-money laundering laws and regulations.
  6. Messaging data – retained for as long as your account remains active or until you withdraw your consent. After withdrawal of consent, such data is deleted without undue delay, unless further storage is required by law.
  7. Correspondence data – retained for no longer than 6 months following the conclusion of the relevant communication or resolution of your inquiry, unless the content is required for legal or dispute resolution purposes.
  8. Notwithstanding the specific periods above, we may retain certain personal data for a longer duration where such retention is necessary:
    • to comply with a legal obligation (e.g., under tax, consumer protection, or AML laws);
    • to establish, exercise, or defend legal claims;
    • to protect your or another person’s vital interests.
  9. We regularly review personal data held in our systems to ensure it is not retained longer than necessary. When data is no longer needed, it is securely deleted or anonymized.

 

IV. Who do we share your data with?

We only share your personal data when necessary and in accordance with applicable data protection laws. The categories of recipients include:

  1. Other Users – Your personal data may be disclosed to other users (e.g., sellers) from whom you purchase products on our platform, only to the extent necessary to fulfil the transaction, issue invoices, or resolve order-related disputes.
  2. Group companies – Your data may be shared with entities within the GAMIVO group for internal administrative purposes, IT hosting, support, and maintenance.
  3. Professional service providers – Including legal advisors, accountants, auditors, and insurers, but only where necessary for legal compliance, defending legal claims, or managing risks.
  4. Payment service providers – We may share relevant transaction data with trusted payment processors to enable payment processing, handle refunds, and prevent fraudulent transactions.
  5. Anti-fraud and compliance service providers – For verification, AML compliance, and fraud prevention measures, including third-party identity verification tools.
  6. IT and infrastructure providers – Including hosting services, email delivery systems, and cloud storage providers. We ensure all providers are contractually bound to implement adequate technical and organizational measures for data protection.
  7. Public authorities – If legally required, we may disclose your personal data to law enforcement or regulatory authorities, courts, or government agencies.

Persons, indicated in this Section may be established outside the Republic of Malta, European Union and European Economic Area. In case we will transfer your personal data to such persons, we will take all the necessary and in the legal acts indicated measures to ensure that your privacy will remain properly secured, including where appropriate, signing standard contractual clauses for transfer of data. In such cases, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions for the respective countries.

 

V. What is our marketing policy?

  1. In case your consent, we will be allowed to send you marketing messages via email and/or leave a notification in an Account to inform you on what we are up to.
  2. Also, if we already have provided services to you and you do not object we will inform you about our other products that might interest you including other information related to such.
  3. You may opt-out of receiving marketing messages at any time, by:
    • choosing the relevant link in any of our marketing messages;
    • ontacting us via email support@gamivo.com,
  4. Please be informed that as our business activities consist of a network of closely related services, it may take a few days until all the systems are updated, thus you may continue to receive marketing messages while we are still processing your request.
  5. The opt-out of the marketing messages will not stop you from receiving messages directly related to the provision of services set in the Terms & Conditions.

 

VI. What are your rights related to personal data? 

 Your principal rights under data protection law are as follows:

  1. The right to access data – You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information.
  2. The right to rectification – You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. Please note that you may exercise most of this right by logging into your account and updating the data yourself.
  3. The right to erasure of your personal data – This applies in certain circumstances, including when: (i) the personal data are no longer necessary for the purposes for which they were collected; (ii) you withdraw consent where no other legal basis exists; (iii) you object to processing and there are no overriding legitimate grounds; (iv) processing is for direct marketing purposes; or (v) the data have been unlawfully processed. Exemptions include cases where processing is necessary: (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation; or (iii) for the establishment, exercise or defense of legal claims.
  4. The right to restriction of processing – You may request us to restrict processing if: (i) you contest the accuracy of the data; (ii) processing is unlawful but you oppose erasure; (iii) we no longer need the data but you need it for legal claims; or (iv) you have objected to processing pending verification. In such cases, data will only be processed: (i) with your consent; (ii) for legal claims; (iii) to protect another person’s rights; or (iv) for important public interest.
  5. The right to object – You may object to processing based on legitimate interest or the performance of a task carried out in the public interest, on grounds relating to your particular situation.
  6. The right to object to direct marketing – You may object at any time to the processing of your data for direct marketing purposes, including profiling related to such marketing.
  7. The right to object to scientific/historical/statistical processing – You may object to such processing on grounds relating to your particular situation unless it is necessary for a task carried out in the public interest.
  8. The right to data portability – Where the legal basis for processing is consent or contract, you have the right to receive your personal data in a structured, commonly used and machine-readable format. This right is limited if it adversely affects the rights of others.
  9. The right to withdraw consent – Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
  10. The right to lodge a complaint with a supervisory authority – You may lodge a complaint with your local data protection authority or the Maltese Information and Data Protection Commissioner (IDPC): https://idpc.org.mt, email: idpc.info@idpc.org.mt

 

VII. Automatically Collected Data

When you access or use our website or services, we may automatically collect certain data about your device and interaction with our platform. This includes:

  1. Device and technical information, such as your IP address, browser type and version, operating system, device identifier, and language settings;
  2. Usage information, such as the date and time of access, pages viewed, time spent on pages, clickstream data, referring URLs, and other diagnostic data;
  3. Log files, which may contain information about system events (e.g., errors, crashes, login timestamps).

We collect this data automatically using cookies, tracking pixels, tags, browser fingerprinting, and similar technologies. This data helps us:

  1. ensure the security and proper functioning of our platform,
  2. analyze and improve the performance of our website,
  3. personalize your experience,
  4. detect and prevent fraud and abuse.

The legal basis for such processing is our legitimate interest (Article 6(1)(f) GDPR), namely the proper administration, security, and enhancement of our digital infrastructure. Where such data enables user identification or serves non-essential purposes (e.g. analytics or advertising), we will obtain your prior consent, in accordance with the ePrivacy Directive and GDPR.

You may manage your consent preferences via our Cookie Settings panel or your browser settings. For more information, please see our Cookies section.

 

VIII. Cookies

  1. Our website uses cookies and similar technologies (e.g., local storage, pixels) to ensure proper functioning, enhance performance, and personalize content.
  2. Cookies are small text files that are stored on your device when you visit our website. Some cookies are essential for the website to function, while others are used only with your prior consent.
  3. We use the following categories of cookies:
    • Strictly necessary cookies – Required for the website to function properly, ensure security, and enable core services (e.g., login, shopping cart functionality). These cookies do not require your consent.
    • Functional cookies – Enable website optimization, such as remembering your preferences or analyzing how the site is used. These cookies are used only if you consent.
    • Advertising and targeting cookies – Used to track browsing behavior across websites and display relevant advertisements. These are used only with your explicit consent.
  4. Upon your first visit to our website, we will present you with a cookie consent banner that allows you to:
    • Accept all cookies,
    • Customize your preferences by category,
    • Reject non-essential cookies.
  5. You can change or withdraw your consent at any time by accessing the Cookie Settings. If you choose to reject or disable certain types of cookies, some features of our website may not function properly. You can also manage cookies through your browser settings. Most browsers allow you to view, delete, or block cookies. Please refer to your browser’s help documentation for more information.