Data Protection

25/05/2018

 

OPAP is committed to protecting your privacy avoiding improper use of your personal data

 

Who we are

OPAP is the leading gaming company in Greece and one of the most renowned in its industry worldwide. The company, founded in 1958 as the country's national lottery and listed in the Athens Exchange in 2001, is the exclusive licensed operator of all numerical lotteries (7 games), sports betting (4 games) and horse racing. More info can be found here.

You can address all questions or requests relating to the protection of your personal data held by OPAP, to our Data Protection Officer at 112, Athinon Avenue, P.O. Box 104 42, Athens, Greece, email: dpo@opap.gr

 

Processing of your Personal Data

We collect and process different types of personal data which we receive from you, in the context of our business relationship. We may also collect and process personal data which we lawfully obtain not only from you but also from other OPAP Group companies.

The legal basis for processing your data can be one of the following:

  • Performance of a contract
  • Compliance with a legal obligation
  • Safeguarding company’s or other third parties legitimate interests
  • Based on your consent. Consent for processing data of children below 16 years (e.g. in the context of CSR activities) should be granted by the holder of parental responsibility.

Specific details on the processing of players data can be found at OPAP Play Privacy Notice, Online PameStoixima Privacy Notice.

 

Personal data of players on other games, such as other games offered in OPAP Stores is only processed in case of high winnings paid via financial institutions. In such cases we only process data in order to perform our obligation to pay high winnings, issue winning certificates when requested, comply with our legal obligations (such as those related to the legal and regulatory framework on taxation and games of chance), and to pursue our legitimate interests such as protection from fraud.

 

With whom we share your personal data

Personal data shall only be disclosed to third parties if necessary. Personal data shall be anonymized, if appropriate. To assign the processing of personal data on behalf of us to a third party e.g. a contractor or service provider, he shall contractually agree to process personal data in accordance with our guidance.

Third parties acting as personal data processors are bounded by Data Processing Agreements imposing relevant obligations. The ability of third parties to comply with obligations imposed and to implement appropriate technical and Organizational measures is reviewed before engaging such third parties and periodically.

 

Transfer of your personal data to a third country or to an international Organization

Personal data may only be disclosed in countries outside the European Economic Area if the foreign law provides for an adequate level of data protection. In case the foreign law does not provide this adequate level of data protection, such data may be transmitted to the country only if the transmission is subject to appropriate safeguards or the conditions set out in the national and European legal framework are met in order to ensure the level of protection of your personal data.

 

How long we keep your personal data

Your personal data is retained in accordance with the provisions of applicable law for the period required to fulfill the purpose of the processing and if the legal basis for their processing is still valid.

 

Your data protection rights

You have the following rights regarding your personal data we hold about you:

  • Right to be informed. You have the right to be informed about the collection and use of your personal data.
  • Right of Access. You have the right to request confirmation as to whether or not your personal data is being processed, and, if so, the right to access your personal data in a concise, transparent, comprehensible and easily accessible form.
  • Right to Rectification. You have the right to request the correction of any inaccurate personal data, including through a supplementary statement.
  • Right to Erasure. You have the right to request the erasure of your personal data, without undue delay and under certain conditions.
  • Right to Restriction. You have the right to request a restriction on the processing of your personal data under certain conditions.
  • Right to Object. You have the right to object, at any time and for reasons related to your particular situation, to the processing of your personal data. In this case, we will no longer process your personal data unless there are compelling and legitimate reasons for processing, overriding your interests, rights and freedoms or for the establishment, exercise or support of legal claims.
  • Right to Portability. You have the right to receive your personal data you have provided us in a structured, commonly used and machine readable format, as well as the right to request that such data be passed on to another controller.
  • Right to Obtain Human Intervention. You have the right not to be subject to a decision taken solely on the basis of automated processing, which produces legal effects against you or significantly affects you accordingly.

You can exercise any of the abovementioned rights by submitting a request using the form.

 

Right to lodge a complaint

In any case, if you feel that the protection of your personal data is violated in any way whatsoever, you have the right to lodge a complaint with the Hellenic Data Protection Authority, using the following contact details: Website: www.dpa.gr, Postal Address: 1-3 Kifissias Ave., 115 23 Athens, Greece, Call Center: +30 210 6475600, Fax: +30 210 6475628, E-mail: contact@dpa.gr