Privacy Policy

Information Gathering

This Privacy Policy governs the collection, processing, and storage of personal data by Invicta Networks N.V., a company incorporated under the laws of Curaçao, operating the website ggbet.ie under gaming license Antillephone 8048/JAZ2012-009. The processing of personal data is conducted in strict accordance with applicable data protection legislation and internationally recognized principles of data governance.

The following categories of personal data are subject to collection and processing by Invicta Networks N.V.:

• Identification Data: Full legal name, date of birth, nationality, and government-issued identification document details, including passport numbers and national identity card information, as required for identity verification and regulatory compliance purposes.
• Contact Information: Electronic mail address, postal address, telephone number, and any other communication details provided voluntarily by the data subject during the registration process or subsequent account management activities.
• Financial Data: Payment instrument details, transaction histories, banking information, and records of deposits and withdrawals conducted through the platform, as necessary for the execution of financial transactions and compliance with anti-money laundering obligations.
• Technical Data: Internet Protocol (IP) addresses, browser type and version, operating system specifications, device identifiers, cookie data, session information, and access timestamps, which are automatically collected upon interaction with the website.
• Behavioral Data: Wagering history, gaming activity records, session duration, navigation patterns, and preference data derived from the data subject's interaction with platform features and services.
• Verification Data: Documentation submitted for the purposes of Know Your Customer (KYC) compliance, source of funds verification, and responsible gambling assessments, including copies of identification documents and supporting financial records.
• Communication Data: Records of correspondence exchanged between the data subject and customer support personnel, including electronic mail communications, live chat transcripts, and any documentation submitted in connection with queries or complaints.

Personal data is collected through direct submission by the data subject at the point of account registration, through automated technical means during platform use, and, where applicable, through third-party verification service providers engaged for compliance purposes. The provision of certain categories of personal data constitutes a contractual requirement, without which the delivery of platform services cannot be facilitated.

How We Use Data

Personal data collected by Invicta Networks N.V. is processed exclusively for specified, explicit, and legitimate purposes. Processing activities are carried out on the basis of one or more lawful grounds, including contractual necessity, compliance with legal obligations, legitimate interests pursued by the data controller, and, where applicable, the explicit consent of the data subject.

The primary purposes for which personal data is processed are enumerated as follows:

• Account Administration and Service Delivery: The creation, maintenance, and administration of user accounts is carried out on the basis of contractual necessity. Personal data is processed to facilitate access to platform services, manage account settings, process transactions, and ensure the continuity of service provision in accordance with the terms and conditions accepted by the data subject.
• Identity Verification and KYC Compliance: Personal and documentary data is processed to fulfill obligations arising under applicable anti-money laundering legislation, counter-terrorism financing regulations, and licensing requirements imposed by the Antillephone gaming authority. Such processing is mandatory and constitutes a legal obligation incumbent upon the data controller.
• Financial Transaction Processing: Financial data is processed for the purpose of executing deposits, withdrawals, and related monetary transactions. Such processing is required for the performance of contractual obligations and is subject to applicable financial services regulations.
• Fraud Prevention and Security: Technical and behavioral data is processed for the detection, investigation, and prevention of fraudulent activity, unauthorized access, and other security threats. Such processing is conducted on the basis of legitimate interests and legal compliance obligations.
• Responsible Gambling: Behavioral and account data is processed to monitor gaming activity, identify indicators of problematic gambling behavior, administer self-exclusion arrangements, and fulfill duties of care imposed under applicable licensing conditions and responsible gambling frameworks.
• Legal and Regulatory Compliance: Personal data is processed to the extent necessary to comply with legal obligations, respond to lawful requests from competent regulatory authorities, fulfill reporting requirements, and maintain records as mandated by applicable law.
• Customer Support: Communication data is processed to address inquiries, resolve disputes, administer complaints, and provide technical assistance to data subjects in connection with their use of platform services.
• Direct Marketing Communications: Where explicit consent has been obtained, contact information may be processed for the purpose of transmitting promotional communications regarding platform services, offers, and updates. Data subjects retain the right to withdraw consent for marketing communications at any time without prejudice to the lawfulness of processing carried out prior to such withdrawal.
• Platform Improvement and Analytics: Aggregated and anonymized technical and behavioral data may be processed for the purpose of analyzing platform performance, identifying technical issues, and improving the functionality and user experience of the website.

Personal data shall not be processed for purposes incompatible with those specified at the time of collection, nor shall it be transferred to third parties for their own independent marketing purposes without the explicit consent of the data subject. Where data is shared with third-party processors, such sharing is governed by data processing agreements ensuring equivalent standards of data protection.

Security Measures

Invicta Networks N.V. is committed to ensuring that appropriate technical and organizational measures are implemented and maintained to protect personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure. Security measures are reviewed and updated on a periodic basis to reflect evolving technological standards and identified risks.

The technical and organizational security measures currently implemented include, but are not limited to, the following:

• Encryption Technologies: Personal data transmitted between the data subject's device and platform servers is protected through the application of Transport Layer Security (TLS) encryption protocols. Sensitive data stored within platform systems is subject to encryption at rest using industry-standard cryptographic methods.
• Access Control Mechanisms: Access to personal data is restricted on a need-to-know basis. Role-based access control systems are employed to ensure that only authorized personnel with legitimate operational requirements are permitted access to specific categories of personal data. Authentication mechanisms, including multi-factor authentication where applicable, are enforced for system access.
• Network Security Infrastructure: Firewalls, intrusion detection systems, and network monitoring tools are deployed to identify and mitigate unauthorized access attempts and security anomalies. Regular vulnerability assessments and penetration testing are conducted to identify and remediate security weaknesses.
• Data Minimization and Pseudonymization: Personal data is collected and retained only to the extent strictly necessary for the purposes described herein. Where technically feasible, pseudonymization techniques are applied to reduce risks associated with data processing activities.
• Organizational Policies and Procedures: Internal data protection policies, staff training programs, and confidentiality obligations are maintained to ensure that personnel engaged in the processing of personal data are aware of their responsibilities and act in accordance with applicable data protection principles.
• Incident Response Procedures: Documented procedures are maintained for the identification, assessment, containment, and notification of personal data breaches. In the event of a breach likely to result in risk to the rights and freedoms of data subjects, notifications shall be issued to relevant supervisory authorities and, where required, to affected data subjects within applicable statutory timeframes.
• Third-Party Due Diligence: Third-party service providers engaged in the processing of personal data on behalf of Invicta Networks N.V. are subject to due diligence assessments and are required to demonstrate compliance with data protection standards equivalent to those maintained by the data controller. Data processing agreements are executed with all third-party processors in accordance with applicable regulatory requirements.
• Data Retention and Disposal: Personal data is retained only for the period necessary to fulfill the purposes for which it was collected, subject to longer retention periods required by applicable legal or regulatory obligations. Upon expiry of the applicable retention period, personal data is securely deleted or anonymized in accordance with established data disposal procedures.

User Rights

Data subjects whose personal data is processed by Invicta Networks N.V. are entitled to exercise a range of rights in respect of such processing. These rights are recognized under applicable data protection legislation and may be exercised subject to any limitations or exemptions provided by law. Requests to exercise data subject rights shall be addressed to the contact details specified in the final section of this policy.

The following rights are available to data subjects:

• Right of Access: Data subjects are entitled to obtain confirmation as to whether personal data concerning them