The following Privacy Policy describes the way in which Sesame Online Ltd. handles the information and data you provide within the contractual relationship with Sesame Online Ltd.
Sesame Online Ltd is a company, operating as a gambling provider, incorporated in the Republic of Bulgaria in 2019, under UIC 205723651; with an address of incorporation at 29 Slavyanska Street, level 2, Sofia, Bulgaria.
Sesame Online Ltd is licensed by NRA under license numbers № 000030-677/01.03.2021 and № 000030-678/01.03.2021.
We provide access to casino games, live casino games, sports betting, and virtual sports betting, using highly-secured encryption of information and protection of all bets.
Any kind of commercial or third-party betting is disallowed on www.sesame.bg – you can bet solely on and for your own personal purposes.
As a company, operating the Website www.sesame.bg, Sesame Online Ltd. works round the clock to increase our customers' trust in the Data Protection field. We work constantly on informing the customers regarding their security and the measures taken.
Sesame Online Ltd. takes data protection very seriously and aspires to adhere to all GDPR requirements, Regulation 2016/679, and all its other applicable provisions and legislation.
We shall process and protect all personal data related to you, as stipulated in this Privacy Policy.
By accepting this Privacy Policy, you agree that you understand and accept the use of your personal information as stipulated in this Privacy Policy. If you do not agree with the terms of our Privacy Policy, please do not use the website or otherwise provide us with your Personal Data.
Who are we?
In the present Privacy Policy mentioning “Sesame Online”, “we”, “our” or “us”, relates to Sesame Online Ltd. - a company incorporated in the Republic of Bulgaria (UIC 205723651), registered at office address 29 Slavyanska Street, level 2, Sofia. We control the ways your Personal Data is collected and used, acting as a data controller for the purposes of the General Data Protection Regulation 2016/679 as well as its local legislative equivalent.
Contact us
If you have any concerns or would like more details about how we collect, handle and process your Personal Data, you can contact us at privacy@sesame.bg or at 29 Slavyanska, level 2, Sofia.
Data Protection Officer: Polina Berg, email address: privacy@sesame.bg
Personal Data Protection
Your Personal Data is not only protected by the dedication and high standards of Sesame Online - it’s also protected by law. The law states that we can only collect, handle and process your Personal Data if we have legal grounds to do so. Those include but are not limited to:
- Fulfill any contract we have with you (in your capacity of a registered User, using our products and services through our Website);
- We have a legal obligation;
- When you have given your consent to the collection, handling, and processing;
- When it is in our legitimate interest;
- When it is of public interest;
- When it is of your vital interest.
What is a Legitimate Interest?
In some cases, determined by law, we can process your Personal Data when we have a legitimate interest(s) to do so. Legitimate interest is applied when we have a commercial or business reason to process your Personal Data. During processing, your Personal Data remains protected and we must not process it in a way that would be unfair to you or your interests.
If the reason for processing your Personal Data is a legitimate interest, we will inform you what our legitimate interests are and provide you with the opportunity to raise any questions or objections you might have via various communication channels or by other means.
For how long do we store your Personal Data?
We store your data for the minimum period required to comply with the purposes set out by the current Privacy Policy, unless we are obligated by law and have the right to store it for a longer period.
If you have consented with receiving information about products and services (including such by other companies and organizations), which we believe you are interested in, we will process your contact details until you decide to withdraw your consent (by changing the communication channel options from the Profile section of your account). Additionally, in any email you receive from us, there will be an easy way to opt-out of receiving this information.
According to the local legislation, regulating gambling, we are obligated to apply the following storage periods:
- All data is stored in its original format for a period of 10 years on the local Control server of Sesame Online in the manner created;
- 5 years after the barring of statute for repaying public debts related to registration and identification data of players who have bets or withdrawals;
- No less than 12 months after the collection and processing of data, related to geographical IP location, date, time, and duration of a game session of the person registered as a player in a game on the Operator’s Website.
- 2 years after the date when the customer has contacted us via phone and provided the data.
Please bear in mind that we do not have the right to erase the data prior to the end of the above-mentioned periods, even if we have received such a request from you. Otherwise, we will be in violation of the law.
Types of Personal Data we collect, handle, and process
Personal data provided during registration on the Website
In order to play and bet in real-time through the Website www.sesame.bg first you have to register in our database and to provide the following Personal Data:
- First and Last Name
- Date of Birth
- Personal Identification Number (PIN) / Personal Identification number of a Foreigner (PFN)
- Nationality
- Registered address
- Confirmation that you are of legal age (18 years old or above)
- Username
- IP address
- Phone number
We inform you that in regard to your registration on the Website www.sesame.bg and according to the Bulgarian Gambling Act and its adjoining legislations, the company is obligated to perform identity checks of gambling players, and for this purpose we use different means, which are considered necessary and allowed by law, to confirm your identity.
If you only visit our Website, without logging into your user account, the Personal Data we collect is: address of the page redirecting you to our Website, IP address, sub-pages of our Website viewed, and time spent on each one. We use this information for strategic purposes only and in order to improve the functionality of the Website without collecting additional data to confirm your identity. Detailed Personal Data is collected only when you register and access your account – according to the current Privacy Policy and the legislation requirements of the Bulgarian Gambling Act.
Personal Data when playing on www.sesame.bg
When you play and bet in real-time on the site www.sesame.bg through your account, we are obligated by the Bulgarian Gambling Act to process the following Personal Data:
- Username/PIN used while playing;
- IP address and cookies data – to determine the geographical location of your device and whether you have only one account with us as required by our Terms and Conditions. More information on cookies you can find here;
- Activity data while logged into your account – such as the start and end point of your session; total amount wagered, the total amount of accumulated winnings during the session; the total amount of deposits or withdrawals; date, time, and duration of the game session;
- General information about your user profile – information and account balance; deactivated accounts and reason for the deactivation; games played or game status, bets, winnings;
- Also is accordance with the law, we are obligated at any time to provide you with account information regarding: account balance; betting history (placed bets, winnings payouts); deposits, withdrawals, and linked transactions; at least the last 10 IP addresses used to log into the Central Computer System within a period of no less than 60 days. This information is available in the “History” section of your account.
Personal Data when operating with your account
Whenever you would like to deposit/withdraw funds to/from your account using a credit card, you have to provide the following information:
- First and Last Name of the cardholder (as printed on your card)
- Card number
- Expiry date
- CVV code
Whenever you would like to withdraw your funds via bank transfer you have to provide the following information which is the minimum required for the transfer processing:
- First and Last Name of the bank account holder
- Bank Name
- IBAN
- SWIFT/BIC code
- Amount
Before authorizing your first withdrawal, regardless of the preferred payment method, you will be asked to provide copies of an official identification document with a photo (passport or ID), uploaded to our Website or sent via email.
Regarding Personal Data collected, handled, and processed by the different online payment providers, please refer to the respective providers. We do not require them to collect and process an additional set of Personal Data for Company purposes.
Personal Data processed for Anti-Money Laundering and Counter-Terrorism Financing purposes
Regarding our obligations for Prevention of Money Laundering and Terrorism Financing the company will process customer identification data and its actual owner, gathering information and assessing the purpose and nature of the business relationship, in order to confirm the source of wealth under the circumstances and in the cases required by law and stipulated in Chapter two of the Anti-Money Laundering and Counter-Terrorism Financing Acts, respectively. The data collected, handled and processed during the above-outlined Enhanced Due Diligence process includes but is not limited to:
- Names
- Place and Date of Birth
- Official personal identification number or any other unique element verifying the identity, included in an official identification document, valid and containing a photo of the holder
- Any citizenship that the customer has
- Country of permanent residence and address (P.O. BOX number is not sufficient)
- Politically exposed person (PEP) status
- Copy of an Identification document
- Any companies` capital controlling rights as the main shareholder
- Source of Wealth
In an occurrence of a legal obligation, this data can be provided to the relevant authorities for the Prevention of Money Laundering and Terrorism Financing.
Personal Data processed with an analytical, statistical, advertisement, requests, or complaint purposes
When you contact us via any of the communication channels offered – phone, online chat, email – we will process the data that you decide to share relating to the specific case that you contact us about. In the event that you share sensitive data, for example, such related to your personal health, we will process this data solely for the purpose of providing the requested service and responding to specific needs, complaints, or request that you might have referred to us.
We process your Personal Data like betting history, preferred games that we organize, etc. for analytical, statistical, improvement of our services, testing and customer satisfaction purposes.
We process the Personal Data of registered users relating to their gaming activities in order to be able to offer bonuses for similar games and products.
In certain cases, we might send you details for future events; news about our products; links to offers, and other marketing-related messages; about our services. If you do not wish to receive such messages, you can unsubscribe by following the instructions sent within those.
You could choose whether to provide your Personal Data to third parties for the purposes of direct marketing. If you have agreed to, we will send you interesting information about products and games offered by our subsidiaries.
Please note that if you prefer not to provide us with your Personal Data it might limit our ability to fulfill our legal obligations, contracts, and ability to provide you with services related to maintaining your account with us. Respectively, if you do not provide your Personal Data, we might be unable to provide you with our services.
Phone calls
Incoming and outgoing phone calls both are recorded for training and security purposes. Any data part of or related to the resolution of any queries arising from the service you receive from us is recorded as well.
Automated data processing
While providing services on our Website, we do not use mechanisms or algorithms for automated processing of your Personal Data or decision-making without human intervention, as defined in article 22 of Regulation 2016/679.
There are only two exceptions to this rule:
1) Automated processing is performed when crediting certain bonuses, as the data processing is done by rules and odds, approved by the NRA. The named rules can be found in the Help section of the Website. In this sense, we perform automated processing to fulfill our obligation to provide you with services and bonuses according to our mandatory rules.
2) Automated processing is performed as a part of Know Your Customer (KYC) verification procedure. The logic that we use during the verification is a comparison between the registered Personal Data (names, date of birth, address if available) and Personal Data covered on an identification document – passport, ID card, or Permanent Residence Permit. Each User has to verify their identity prior to the first withdrawal request from their Sesame Online account. Providing the above-mentioned copy of identification and/or address verification documents (bank statement or utility bill), the necessary data is checked and the User is informed about the result in real-time – successful or unsuccessful verification. The stipulated positive outcomes for the personal data processing subject, consequential to the successful completion of the verification, are higher limits and faster payments from your account. In the event of an unsuccessful verification, the User will receive additional instructions on how the same can be completed.
Personal Data Disclosure: Recipient categories
We provide some parts of the above-mentioned data to the government authorities for fulfilling legal obligations (such as the NRA), as well as to our trusted partners (as long as this is necessary for the services we use, for example: technical support of our Website, managing our Customer Support Service Center and communication channels, such as our online chat platform, etc.), whose adherence to the highest data security and privacy standards is assured on our end. Namely, we are in contractual relationships with those companies, guaranteeing the provided Personal Data is processed exclusively and as strictly necessary for the provision of their services to us.
Other third parties that receive your Personal Data are legal entities, providing the following non-cash payment services:
- EasyPay
- Epay.bg
- Skrill
- Phyre
- ICard
- Bank Wire transfer
To get acquainted with their Personal Data protection rules and privacy policies, please visit their respective websites.
Please note that disclosing the data to our partners is necessary in order for us to be able to provide you with the best possible service.
Also, for reasons of public interest or by the power of law, we disclose certain information to other government authorities/bodies, courts, and prosecution bodies if that is required by law from the government or other regulatory authorities/bodies.
Data Transfer outside the EEA
We will only transfer your Personal Data outside of the EEA where:
- You have given your explicit consent; or
- It is necessary for us to set up or fulfill a contract signed with us; or
- To comply with a legal obligation.
If we transfer your Personal Data outside of the EEA within our corporate group or business partners, we will ensure the same protection standards as within the EEA by relying on the following:
- The country receiving your Personal Data is recognized by the European Commission as having the same level of protection as within the EEA. You can find more information on the European Commission website.
- We are signing only contracts that require the recipient to adhere to the same protection standards of your Personal Data as those within the EEA.
In some instances, we may be compelled by law to disclose your Personal Data to a third party where we have limited control over how your data is protected by the named party.
Cookies
To find out more about the use of cookies, please check our Cookies Policy.
Your rights over your Personal Data
We will assist you, if you choose to exercise any of your rights over your Personal Data, including:
- Withdrawing your granted consent in a situation where we have requested it, without such a withdrawal to invalidate previously consented processing; you can manage the communication channels we can contact you at from your Profile;
- Filing a complaint with any relevant Data Protection Authority;
- Accessing your registered or processed Personal Data (within our systems);
- Correcting of any Personal Data that is incorrect or out of date;
- Erasing Personal Data;
- Restricting the processing of your Personal Data under certain circumstances and conditions;
- Requesting from us to provide you, or another company nominated by you, with certain aspects of your Personal Data, often referred to as “right to data portability”;
- The ability to object to any processing of data where we have legitimate interests.
- The ability to contest a decision made entirely by automated processes, to express your point of view, and to request a human to review the decision.
For more information on your rights, contact us at privacy@sesame.bg.
Amendments to our Privacy Policy
Occasionally we may update the current Privacy Policy, so please review it frequently.
If any significant changes to this Privacy Policy are made, we will take the necessary actions to inform you in a timely manner via email, message on the Website, or other approved communication channel. We will inform you in advance, giving you an ample amount of time to review and understand the changes before they come into effect.
We will not enforce any significant changes to the Privacy Policy without your explicit consent. If you oppose the changes to the Privacy Policy or otherwise do not accept the changes within the agreed and communicated period, we may not be able to continue providing some or all of our products and services.
How do we protect your Privacy and Personal Data?
We process your Personal Data only according to the above-mentioned purposes, grounds, and timeframes. We provide access to your data only to a limited number of individuals, who are trained and instructed on how to handle it before being able to access it.
We provide access to sports betting through a network with high level of security, achieved through information encryption, and betting protection.
Our servers are situated within the territory of the European Union entirely, in a data center, certified to the highest information security standards.
We use the best up-to-date encryption methods for usernames and passwords, as well as any other confidential information, sent from and to the customers or our servers, thereby ensuring the protection of our customers and our company from third-party access. The customers must not breach or evade the established rules regarding the security or attempt to gain unauthorized software access as this will lead to immediate access termination to the sports betting, casino games, or poker games, blocking the account and reporting to the relevant authorities on our end.
We strongly suggest that you keep your username, identification, and password secured and do not disclose them to third parties. The Users must not use third-party usernames, identification, and passwords to log into the Website. Failure to comply with this rule poses serious threats of unauthorized access to your account, leading to unauthorized transactions and bets as well as other adverse effects.
If you suspect unauthorized access or misuse of your account, please make sure to change your password or contact us via the contact details listed below for further assistance.
We adhere to the following principles when collecting, handling and processing your Personal Data:
- Legality, integrity, and transparency;
- Limiting the processing purposes;
- Correlation between the purposes for processing and minimum data being collected;
- Data accuracy and relevance;
- Limiting the periods of keeping personal data exclusively to the needed for fulfilling its collection purposes;
- Integrity and privacy of the processing and ensuring the appropriate level of Personal Data security.
Information related to the relevant Personal Data Protection Authority
Name: Personal Data Protection Commission
Headquarters: 2 Professor Tsvetan Lazarov boulevard, Sofia 1592
Mailing Address: 2 Professor Tsvetan Lazarov boulevard, Sofia 1592
Phone: 02 915 3 518
Website: www.cpdp.bg