GDPR Compliance
Learn about your data protection rights under the General Data Protection Regulation (GDPR). Understand how we process your personal data and how you can exercise your privacy rights.
Table of Contents
1. GDPR Overview
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It gives individuals in the European Union (EU) enhanced rights and protections regarding their personal data.
At Bankrolls, we are committed to protecting your privacy and ensuring compliance with GDPR requirements. This page explains your rights under GDPR and how we handle your personal data in our casino affiliate management platform.
Who Does GDPR Apply To?
GDPR applies to all individuals in the EU, regardless of their nationality. If you're located in the EU when using our services, these rights apply to you.
2. Your Data Protection Rights
Under GDPR, you have the following rights regarding your personal data:
Right of Access
You have the right to obtain confirmation that we process your personal data and, if so, to access that data along with specific information about the processing.
What you can request
- β’ Copy of your personal data
- β’ Processing purposes and legal basis
- β’ Data retention periods
- β’ Third-party recipients
Right to Rectification
You have the right to request correction of inaccurate personal data and to have incomplete personal data completed.
When you can use this right
- β’ Personal details are incorrect
- β’ Account information is outdated
- β’ Profile data is incomplete
- β’ Contact information has changed
Right to Erasure
Also known as the 'right to be forgotten,' you can request deletion of your personal data under certain circumstances.
When erasure applies
- β’ Data no longer necessary for original purpose
- β’ You withdraw consent
- β’ Data processed unlawfully
- β’ Legal obligation requires deletion
Right to Restrict Processing
You can request that we limit the processing of your personal data under specific circumstances.
When restriction applies
- β’ You contest the accuracy of data
- β’ Processing is unlawful
- β’ We no longer need the data
- β’ You've objected to processing
Right to Data Portability
You can request to receive your personal data in a structured, commonly used, and machine-readable format.
Includes data
- β’ Account and profile information
- β’ Transaction history
- β’ Communication records
- β’ Preference settings
Right to Object
You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.
Objection grounds
- β’ Direct marketing communications
- β’ Profiling for marketing
- β’ Legitimate interest processing
- β’ Research and statistics
Free of Charge
Exercising your GDPR rights is free of charge. We may only charge a reasonable fee for manifestly unfounded or excessive requests, particularly repetitive ones.
3. Legal Basis for Data Processing
Under GDPR, we must have a lawful basis to process your personal data. We rely on the following legal bases:
Contract Performance
Processing necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
Examples
- β’ Account creation and management
- β’ Affiliate program administration
- β’ Commission calculations and payments
- β’ Customer support services
Legal Obligation
Processing necessary for compliance with a legal obligation to which we are subject.
Examples
- β’ Know Your Customer (KYC) verification
- β’ Anti-money laundering (AML) compliance
- β’ Tax reporting and record keeping
- β’ Regulatory reporting requirements
Legitimate Interests
Processing necessary for the purposes of legitimate interests pursued by us, except where overridden by your interests or rights.
Examples
- β’ Fraud prevention and security
- β’ Platform improvement and analytics
- β’ Business development and marketing
- β’ Network and information security
Consent
Processing based on your freely given, specific, informed, and unambiguous consent.
Examples
- β’ Marketing communications and newsletters
- β’ Non-essential cookies and tracking
- β’ Optional features and services
- β’ Research and survey participation
4. Categories of Personal Data
We process the following categories of personal data:
| Data Category | Types of Data | Purpose | Legal Basis |
|---|---|---|---|
| Identity Data |
| Account creation, identity verification, and compliance | Contract, Legal Obligation |
| Financial Data |
| Payment processing, commission calculations, and tax reporting | Contract, Legal Obligation |
| Technical Data |
| Platform security, user experience, and analytics | Legitimate Interests, Consent |
| Usage Data |
| Service improvement, analytics, and performance tracking | Legitimate Interests |
| Marketing Data |
| Marketing communications and promotional activities | Consent |
5. Data Sources and Recipients
Sources of Personal Data
We collect personal data from the following sources:
Directly from You
Registration forms, account updates, support requests, surveys
Automatically Collected
Website usage, cookies, device information, platform interactions
Third Parties
Casino partners, payment processors, verification services, analytics providers
Recipients of Personal Data
We may share your data with the following categories of recipients:
Service Providers
Cloud hosting, payment processing, analytics, customer support
Casino Partners
Affiliate performance data, conversion tracking, commission calculations
Legal Authorities
Regulatory bodies, law enforcement, tax authorities (when required by law)
6. Data Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law:
Account Data
Transaction Data
Usage & Analytics
Communications
Important Note
These retention periods may be extended if required by law or if data is needed to establish, exercise, or defend legal claims. We will review and delete data when it's no longer needed for the original purpose.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:
Additional Safeguards
We conduct Transfer Impact Assessments (TIAs) and implement additional technical and organizational measures where necessary to ensure adequate protection.
8. How to Exercise Your Rights
You can exercise your GDPR rights through the following methods:
Contact Methods
Data Request Form
Use our secure online form to submit any GDPR request
β’ Secure submission
β’ Tracked request
β’ Automated confirmation
Email Our DPO
Contact our Data Protection Officer directly
β’ Email: dpo@bankrolls.com
β’ Direct communication
β’ Personal assistance
Phone Support
Call our privacy helpline for assistance
β’ Phone: +1 (555) 123-4567
β’ Business hours support
β’ Immediate assistance
Request Process
Submit Request
Contact us using any of the methods above
Identity Verification
We verify your identity to protect your privacy
Request Processing
We process your request within 30 days
Response Delivery
We provide our response via your preferred method
Response Timeline
We will respond to your GDPR request within 30 days of receipt. For complex requests, this may be extended to 90 days with advance notification.
9. Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our data protection compliance and serve as your point of contact for privacy matters.
Contact Information
Data Protection Officer
Bankrolls Inc.
123 Main Street, Suite 100
San Francisco, CA 94105
United States
DPO Responsibilities
- Monitor GDPR compliance
- Conduct privacy impact assessments
- Serve as contact point for supervisory authorities
- Provide data protection advice and training
- Handle data subject requests and complaints
11. Submit a Data Request
Use the form below to exercise your GDPR rights. We will verify your identity and respond to your request within the required timeframe.
Privacy Notice
Your request data will be processed solely for the purpose of verifying your identity and responding to your GDPR request. Verification documents will be deleted after processing.