Terms Of Use

Customer Register

Regarding Internet Games


Paf keeps a customer register in compliance with the provisions in the Finnish Personal Data Act (1999/523, §§ 10 & 32). The objectives of this Act are to safeguard the personal integrity as well as to promote the development of and compliance with good information processing practice.

Storage of gaming customer data is carried out in compliance with the provisions in the Personal Data Act and Act on preventing and investigating money laundering and terrorism 18.7.2008/503.

Ålands Penningautomatförening reserves the right to use subcontractors for the administration and/or processing of customer data.

Register controller

Authorised register controller: Paf, ("Operator" / "Register Controller")
PB 241
Åland, Finland
Tel. +358 20 7910 600

Purpose of the customer register

The Operator offers gaming activities to the public via the Internet. All gaming activities require that the player has registered as a gaming customer of the Operator. Gaming operations include among other things transfers of monetary funds between the gaming customer’s, external transaction providers’ and the Operator’s bank accounts as well as administration of customer data that necessitates a customer register. Customer information is used to manage, analyze and develop customer relationships and to develop products and services, which includes profiling customer gaming behavior.

Customer data is also used internally for statistic calculations, marketing and market research.

Customer data is also used for preventing and clearing misuse and problem situations as well as for the purpose of the Operator fulfilling its obligations towards its customers and towards the authorities according to law, statute, or ruling by authority.

Registered data subjects

The Operator collects data on persons who have registered as gaming customers with the Operator.

Data stored in the register

Information recorded on registered gaming customers includes the following data;

  • first name and surname
  • address
  • identity number/date of birth
  • language
  • e-mail address
  • telephone number
  • bank and bank account number
  • copies of passport or other identification documents
  • IP address

The operator stores addition data arising from the customer relationship, such as customer feedback, playing patterns and other data arising from the customer's use of the gaming service in order to serve the gaming client in the best way, to develop products and services as well as maintain a safe and secure gaming service.

Collecting data

The Operator’s customer register only stores data that has been submitted by gaming customers upon registration or later as well as data stored when the customer uses the Gaming Service, is in contact with customer services, or otherwise when in contact with the Operator.

Data can also be retrieved and/or updated through third parties, such as the Population Register.

Right of access

Gaming customer shall, in accordance with the §§ 26- 28 in the Finnish Personal Data Act, have the right of access to the data on him/her. A request to this effect shall be made to the Register Controller in writing and the request shall be personally signed. Sufficient search criteria for the data shall be included in the request.


Gaming customers can themselves correct their basic data via the Gaming Service. Other data is corrected by contacting the Register Controller.

Right to prohibit processing

Gaming customer shall, in accordance with § 30 in the Finnish Personal Data Act, have the right to prohibit the Operator from processing personal data for purposes of direct advertising, distance selling, market research or opinion polls. The prohibition shall be made to the Register Controller in writing.

Use of data

Unless otherwise agreed in the General Terms and Conditions for the Gaming Service, the Operator’s customer register is solely meant for internal use and no data will be handed over to a third party. The confidentiality may only be broken when required by law or statute, or by ruling of authority.

Customer information data are not transferred to countries outside the European Union or the European Economic Area if the countries in question do not guarantee sufficient protection as stipulated in article 25 of the EU Data Protection Directive 95/46EG. Companies signed up to EU standard contractual clauses are considered to provide a sufficient level of data protection.

Duration of the data storage

Information is stored in accordance with the provisions in Finnish law.

Data security

The data in customer register is protected against any unauthorised access, such as theft, destruction, manipulation, disclosure and transfer by technical and organisational measures. These technical and organisational measures include, among other things, major potential restraints on persons authorised to keep the register, technical hindrances to accessibility (passwords etc), limitation of measures of authorised persons to carry out amendments, and of alarm system reporting on unauthorised access.

Principles for data security

The customer register is secured according to the latest firewall and protection techniques.