Regarding Internet Games
Paf keeps a customer register in compliance with the provisions in the Finnish Personal Data Act (1999/523, §§ 10 & 32). The objectives of this Act are to safeguard the personal integrity as well as to promote the development of and compliance with good information processing practice.
Storage of gaming customer data is carried out in compliance with the provisions in the Personal Data Act and Act on preventing and investigating money laundering and terrorism 18.7.2008/503.
Ålands Penningautomatförening reserves the right to use subcontractors for the administration and/or processing of customer data.
Authorised register controller: Paf, ("Operator" / "Register Controller")
Tel. +358 20 7910 600
Purpose of the customer register
The Operator offers gaming activities to the public via the Internet. All gaming activities presume that the player is a registered gaming customer of the Operator. Gaming operations include among other things transfers of monetary funds between the gaming customer’s, external transaction providers’ and the Operator’s bank accounts as well as administration of customer data that necessitates the customer register.
Customer data is also used internally by the Operator for statistic calculations, marketing and market research.
Customer data is also used for preventing and clearing misuse and problem situations as well as for the purpose of the Operator fulfilling its obligations towards its customers and towards the authorities according to law, statute, or ruling by authority.
Registered data subjects
The Operator collects data on persons who have registered as gaming customers with the Operator.
Data stored in the register
Information recorded on registered gaming customers includes the following data;
- first name and surname
- identity number/date of birth
- e-mail address
- telephone number
- bank and bank account number
The Operator’s customer register only stores data that has been submitted by gaming customers upon registration or later as well as data stored when the customer uses the Gaming Service, is in contact with customer services, or otherwise when in contact with the Operator.
Data can also be retrieved and/or updated through third parties, such as the Population Register.
Right of access
Gaming customer shall, in accordance with the §§ 26- 28 in the Finnish Personal Data Act, have the right of access to the data on him/her. A request to this effect shall be made to the Register Controller in writing and the request shall be personally signed. Sufficient search criteria for the data shall be included in the request.
Gaming customers can themselves correct their basic data via the Gaming Service. Other data is corrected by contacting the Register Controller.
Right to prohibit processing
Gaming customer shall, in accordance with § 30 in the Finnish Personal Data Act, have the right to prohibit the Operator from processing personal data for purposes of direct advertising, distance selling, market research or opinion polls. The prohibition shall be made to the Register Controller in writing.
Use of data
Unless otherwise agreed in the General Terms and Conditions for the Gaming Service, the Operator’s customer register is solely meant for internal use and no data will be handed over to a third party. The confidentiality may only be broken when required by law or statute, or by ruling of authority.
Customer information data are not transferred to countries outside the European Union or the European Economic Area if the countries in question do not guarantee sufficient protection as stipulated in article 25 of the EU Data Protection Directive 95/46EG. Companies signed up to Safe Harbour principles or EU standard contractual clauses are considered to provide a sufficient level of data protection.
Duration of the data storage
Information is stored in accordance with the provisions in Finnish law.
The data in customer register is protected against any unauthorised access, such as theft, destruction, manipulation, disclosure and transfer by technical and organisational measures. These technical and organisational measures include, among other things, major potential restraints on persons authorised to keep the register, technical hindrances to accessibility (passwords etc), limitation of measures of authorised persons to carry out amendments, and of alarm system reporting on unauthorised access.
Principles for data security
The customer register is secured according to the latest firewall and protection techniques.