Privacy Policy

This Privacy Policy is effective January 25, 2024

GGPoker is committed to protecting the privacy of any Personal Data you provide to us ("Personal Data"). GGPoker ensures that the Processing of your Personal Data complies with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). GGPoker issues this policy to inform you of our use of your Personal Data.  

This policy applies to the Company and its directly or indirectly controlled wholly-owned subsidiaries doing business within the European Union (EU) European Economic Area (EEA) or processing the Personal Data of data subjects within the EU/EEA.

     1. Introduction

1.1 This Privacy Policy describes the manner in which GGPoker ("we" or "us"), a company operated by NSUS Malta Ltd, a company headquartered in Malta at Level3 (SUITE NO:2386), Tower Business Centre, Tower Street, Swatar, Birkirkara, BKR4013, Malta which in turn is part of NSUS Group.

1.2 GGPoker collects, processes and stores personal data and ensures that the steps below are taken by us to protect such personal data.

1.3 By using our Services, you acknowledge that you have read and agree to the terms of this Privacy Policy and consent to GGPoker's use of your Personal Data for the purposes set forth in Section 3 of this Privacy Policy. If you do not wish to provide your Personal Data on the basis set forth in this Privacy Policy, you may not enter the relevant information on the Website or otherwise provide your Personal Data to us. However, if you do not provide your Personal Data, you may not be able to use all of the Services.

1.4 Capitalized terms not defined in this Privacy Policy are as defined in the Terms and Conditions.

This Privacy Policy is incorporated into and forms part of the Terms and Conditions.

1.5 Definitions:

The following terms "Anonymization", "Controller", "Processor", "Data Subject", "Data Portability" "Personal Data", "Processed/Processing", "Pseudonymization", "Cross-border Processing of Personal Data", "Supervisory Authority" used in this document have the same meaning as in the AVG:

"You" means the player, the "Data Subject" who uses GGPoker's services.

"Visitor" means a person other than a user, who uses the public area, but does not have access to certain parts of the Site or Service.

     2. The information we collect:

2.1 As part of providing the Services, we collect your Personal Data when you register an account. "Personal Data" means any information from which you can be personally identified or identifiable, including but not limited to your:

  • Name,
  • Surname
  • Email address
  • Home address
  • Phone number
  • Birthplace
  • Nationality
  • Mobile number
  • Date of birth
  • Government ID Information
  • Electronic location information and electronic device information - this includes passport/license, MAC address and IP address
  • Income & occupation
  • Income information to meet responsible gambling and anti-money laundering obligations
  • Information to ensure that the payment methods used to deposit and/or withdraw are owned by yourself


2.2 As part of providing the Services, we also collect information about the transactions you undertake, including details of payment cards used, details of the games you have played and underlying game transactions.

 2.3 We also collect, use and share aggregated data, such as statistical data, for any purpose. Aggregated data may be derived from your personal data, but is not considered personal data under the law because it does not directly or indirectly reveal your identity. For example, we may collect data related to the use of the Services by you and other customers. However, if we combine or link aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data that will be used in accordance with this Privacy Statement.

2.4 We do not collect special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political views, trade union membership, and genetic and biometric data), except for information you may provide about your health - gambling addictions.


     3. How we will use your personal information

3.1 In providing our Services, we will ensure that we collect, store and process your Personal Data in accordance with the AVG. We will process your Personal Data to enable us to:

3.1.1 Setting up, managing and administering your Account and records (including processing deposits and withdrawals);



Legal base

To set up, administer and manage your account and records (including processing deposits and withdrawals)

Execution of a contract with you.

To provide the Services (including allowing you to enter and play our games)

Execution of a contract with you.

To personalize the Services

Necessary for our legitimate interest to increase player engagement.

To receive and respond to your communications and requests

Performance of a contract with you, if the communication relates to the use of our services.

Necessary for our legitimate interest (managing our relationship with you and keeping our records up-to-date).

To fulfill our legal obligations with respect to your account, including by verifying the accuracy of all information you provide to us

Legal requirement.

To comply with our obligations under applicable law and to regulators in jurisdictions where we are licensed

Legal requirement.

To identify, investigate and assist in the investigation of suspected illegal, fraudulent or other improper activity in connection with the Services (including, where applicable, handling requests from authorized entities/authorities for information sharing)

Legal obligation/legitimate interests to ensure a safe gaming environment.

To conduct market research campaigns

Justified interest (to optimize the growth of our business reach and marketing efforts).

To provide you with information about and support for the Services, including changes to the Services, technical updates and changes to the Terms and Conditions (including this Privacy Policy)

Performance of a contract with your legitimate interest in managing our business.

To share your information with our professional advisors, such as attorneys and consultants, and partners for online/live events

Legitimate interests to obtain professional advice for legal and business needs, to facilitate your participation in our partners' events, and to prevent fraud and deception

To share your information with other members of the Group to get help in providing the services

Justified interests to enable us to provide services

To meet any limits, such as limits on deposits, bets/spend/losses/logins that you have set up

Justified interest/legal obligation 

To keep you informed of offers and promotions related to our products and services

Consent/justified interest to facilitate engagement of inactive players (with last activity in last 3 years)

To ensure that we can meet our legal obligations for identity verification, payment verification, fraud prevention, anti-money laundering and tracking.

Legal obligation

To record phone calls to and from and live chats with our customer service for security and regulatory purposes

Legal obligation/justified interest to improve our customer support and capture customer requests or concerns

To determine sources of funds and wealth and whether you can afford the amount you spend

Legal obligation.

To monitor gambling patterns and identify potential concerns about responsible gambling, take appropriate intervention measures and communicate with CRUKS.

Legal obligation.


3.2 If at any time you wish us to stop processing your personal data for the above purposes, you must contact us and we will take the necessary steps to stop doing so. Please note that this may involve closing your account. You can contact us at [email protected].

3.3 To ensure quality service, we may monitor any communication you have with us, whether written, electronic mail or telephone calls ("recordings"). All recordings remain the property of GGPoker and will only be used for the purposes stated above.

3.4 We may use your data for marketing and engagement purposes. With your consent, we may contact you by email or text message with offers and promotions. You can withdraw your consent or object to the processing at any time. In addition, we may use your phone number to contact you to offer our service updates. However, we will not call you if you have not been in contact with us for more than 3 years, and you may object to our legitimate interest in calling you at any time, including during the call.

3.5We will only use your Personal Data for the purposes for which we collected it, unless we reasonably believe that we need to use it for another reason and that reason is compatible with the original purpose. If you would like an explanation of how processing for new purposes is compatible with the original purpose, please contact us.

     4. Disclosure of your Personal Data.

4.1 Except as stated in this Policy, we will not intentionally disclose Personal Data we collect and/or retain on the Service to third parties without your prior express consent. We may disclose Personal Data to third parties in the following circumstances:

  • Any company within our Group (including its employees and subcontractors) that assists us in providing the Services or otherwise has a need for such information;
  • Any third party that assists us in providing the Services, including (but not limited to) payment processors and marketing service providers;
  • Any third party that may assist us in verifying the accuracy of the Personal Information you provide. Third parties include financial institutions and credit reference agencies and entities that provide identity verification services (a record of the search may be kept by such third party)


  • Any third party that assists us in providing the Services, including (but not limited to) payment processors and marketing service providers;  
  • Other online gambling sites, banks, credit card companies and authorized authorities, where it is determined that you have cheated or attempted to defraud us or another user based on our legitimate interest and other operators of online/live events or legal obligation to prevent fraud and/or cheating;
  • Any third party that helps us monitor the use of the Services, including detecting and preventing fraud and collusion;
  • Any contractors or other consultants who control any of our business processes or who are instructed to access such information for the purpose of advising us;
  • Any regulatory body, including the Gaming Authority or any other appropriate administrative, law enforcement, regulatory or judicial body that may make reasonable demands for access to your Personal Data; and
  • Other online gaming sites, banks, credit card companies and appropriate agencies, where you have defrauded or attempted to defraud us or another user of our services;
  • Any regulatory agency or authorized entity that may have a reasonable obligation to access your Personal Data; and
  • Any potential buyer of GGPoker or investors therein or in any company within our Group (including in case of insolvency).


4.2 We will keep Data Subjects informed and ensure that these trusted partners and/or third parties comply with mandatory data protection measures. During this data transfer, we will take all appropriate organizational, technical and legal protection measures. All transfers of Personal Data outside the EU/EEA will follow the procedure described in Section 12.

4.3 The Company allows its customers to use "chat rooms" where players can communicate with each other. While we will ensure that players follow the terms set forth in the "chat room policy," we are not responsible for any data breaches that may result from the use of our rooms. Therefore, you accept responsibility and under no circumstances can we be held responsible for any damages that might result from a data breach.

4.4 If at any time you wish us to stop processing your Personal Data for the above purposes, you must contact us and we will take the appropriate steps to stop it. Please note that this may involve closing your account. You can contact us at [email protected]

    5. Rights of data subjects

5.1 Companies within our Group and some of our external third parties are located outside the EU/EEA, so their processing of your Personal Data will involve a transfer of data outside the EU/EEA.

5.2 Whenever we transfer your personal data outside the EU/EEA, we ensure that it is afforded a similar level of protection by ensuring that at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries believed to provide an adequate level of protection for personal data; or
  • We use model contractual clauses that offer personal data the same protection as in the EU.


5.3 In accordance with Art. 45 of the AVG, we provide your personal data to our intercompany recipients, other third parties and suppliers in the following countries:

  • Canada, based on the European Commission's adequacy decision of December 20, 2001;
  • South Korea, based on the European Commission's adequacy decision of Dec. 17, 2021;
  • United Kingdom, based on the European Commission's adequacy decision of June 28, 2021;
  • Switzerland, based on the European Commission's adequacy decision of July 26, 2000.


Mandated by Article 46 (2) of the AVG, we may provide your personal data to our trustworthy identity verification and mailing system services and partners for the prevention of fraud/deception in the following countries based on standard contractual clauses:

  1. Philippines;
  2. The United States of America.


    6. Contacting us

6.1 We respect your privacy rights and provide you with reasonable access to the Personal Data you may have provided through your use of the Services. Under certain circumstances, you have rights under data protection laws with respect to your Personal Data.

Your most important rights under the AVG are:

  1. The right to access your Personal Data (commonly known as a "data subject access request"). This allows you to receive a copy of the Personal Data we hold about you and verify that we are processing it lawfully.
  2. The right to have the Personal Data we hold about you rectified. This allows you to have any incomplete or inaccurate information we hold about you corrected, although we may need to verify the accuracy of any new information you provide to us.
  3. the right to erasure of your Personal Data. You may request that we delete Personal Data about you without undue delay, and we are required to delete such data without undue delay if there are no legitimate reasons for us to retain it, including our obligation to maintain files.
  4. The right to restrict the processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following scenarios:
    • If you want us to determine the accuracy of the data;
    • When our use of the data is illegal, but you do not want us to delete it;
    • Where you need us to keep the data even if we no longer need it because you need it to establish, exercise or defend legal claims;
    • you have objected to our use of your data, but we need to verify that we have overriding legitimate reasons for using it.
  5. the right to object to the processing of your Personal Data when we rely on a legitimate interest (or that of a third party) and there is something about your particular situation that makes you want to object to processing on this ground because you believe it affects your fundamental rights and freedoms. You also have the right to object when we process your Personal Data for direct marketing purposes. In some cases, we can demonstrate that we have compelling legitimate reasons to process your information that outweigh your rights and freedoms;
  6. The right to data portability of your personal data to you or to a third party. We will provide you, or a third party you choose, with your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information for which you have initially given us permission to use it or where we have used the information to perform a contract with you.


6.2 If at any time you believe that we have not adhered to this Privacy Policy, please contact us at [email protected] and we will attempt to promptly determine and remedy the problem.We will retain your information for as long as your account is active, to the extent necessary to provide you with services, or to comply with our legal obligations, resolve disputes and enforce our agreements as described in Section 11.

6.3 You may also update, correct or delete your account information and preferences at any time by going to the Account Settings page on the "My Account" tab in the Cashier. Please note that although any changes you make will be reflected in active user databases immediately or within a reasonable period of time, we may retain any information you provide for backup, archiving, fraud and abuse prevention, analysis, compliance with legal obligations, or where we otherwise reasonably believe we have a legitimate reason to do so. Where appropriate and possible, we will apply Anonymization or Pseudonymization to Personal Data to reduce risks to Data Subjects.

6.4 You do not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

6.5 We may need to ask you for specific information to help us confirm your identity and secure your rights to access your Personal Data (or to exercise your other rights). This is a security measure to ensure that Personal Data is not disclosed to individuals who have no right to receive it. We may also contact you to request more information regarding your request to expedite our response.

6.6 If we do not comply with the required data protection obligations, you have the right to file a complaint with the Information and Data Protection Commissioner's Office (IDPC).

     7. Contact us

7.1 If at any time you believe that we have not complied with this Privacy Policy, please contact us at [email protected] and we will attempt to determine and resolve the problem as quickly as possible.

  8. Cookies

8.1 You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or reject cookies, please note that some parts of this website may become inaccessible or may not function properly. For more information about the cookies we use, see

     9. Minors and child privacy

9.1 Protecting the privacy of minors is particularly important. Our Service is not directed at children under the age of 18 and we do not knowingly collect Personal Data from children under 18. If you are under 18, please do not use or access the Service at any time or in any way. If we learn that Personal Data has been collected on the Service from individuals under the age of 18, we will take the necessary steps to delete that information. If you are a parent or guardian and discover that your child under 18 has obtained an Account on the Service, you may notify us at [email protected] and request that we remove your child's Personal Information from our systems.

    Security 10.

10.1 We take appropriate security measures to protect your data from loss, misuse and unauthorized access, alteration, disclosure or destruction. GGPoker has taken steps to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services processing personal data, and will restore the availability of and access to information in a timely manner in the event of a physical or technical incident.

10.2 Your winnings and payouts are kept strictly confidential and information about winnings is stored in secure operating environments. We do not disclose information about winnings to third parties unless such information must be disclosed by law, regulation or similar governmental authority.

10.3 No method of transmission over the Internet or electronic storage method is 100% secure. We cannot guarantee or warrant the security of any information that you transmit to us or store on the Service, but we will ensure that adequate security mechanisms designed to protect Personal Data will be used to prevent Personal Data from being stolen, misused or abused, and to prevent personal data breaches. If you believe your Personal Data has been compromised, please contact us at [email protected].

10.4 While we may allow you to adjust your privacy settings to restrict access to certain Personal Information, please note that no security measure is perfect or impenetrable. In addition, we have no control over the actions of other users with whom you choose to share your information. We cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorized persons. We have taken the necessary steps to best protect your personal information during transmission by using HTTPS on our website and TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange) and AES_256_GCM (a strong cipher ).

    Data retention

11.1 Personal Data that we process for any purpose or purposes may not be retained for longer than necessary for that purpose or purposes, including to comply with legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe that there is a likelihood of litigation regarding our relationship with you.

11.2 To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes by other means and applicable legal, regulatory, tax, accounting or other requirements.

11.3. With respect to personal data relating to your financial transactions, we are required by applicable legislation to prevent money laundering and terrorist financing to retain your data for five years after the termination of the business relationship. This period may be extended to ten years if and when a competent public authority has required that the information be kept for investigative purposes during this extended period.

With regard to personal data kept for tax return purposes, such as player ID and transaction information, we will keep said data for ten years from the last transaction.

     12. Data protection officer/representative.

12.1 Our Data Protection Officer responsible for matters relating to privacy and data protection at GGPoker can be reached at: [email protected]

12.2 In accordance with applicable legal requirements regarding the protection of Personal Data, any request/request will be resolved without undue delay and at the latest within 30 days of receipt.

12.3 When we contact and make such requests, we will make reasonable efforts to confirm your identity and prevent unauthorized processing of Personal Data.

     13. Changes to this Privacy Policy.

13.1 As the Company evolves, it may be necessary to update this Notice Policy to keep pace with changes in the website, software, services, business and applicable laws. However, we will always be committed to respecting Data Subjects' privacy. We will ensure that we will notify Data Subjects by email of material changes under this Notice Policy (the most recent email provided by Data Subject) or post other revisions to this Notice Policy, along with their effective date, in an easily understandable manner. find section of the website.

     14. Validity

This document was updated on January 25, 2024 and is effective as of that date.

Contact person: Data Protection Officer

E-mail: [email protected]  

Business address: NSUS Malta Limited, Level 3 (SUITE NO:2386), Tower Business Centre, Tower Street, Swatar, Birkirkara, BKR4013, Malta