PRIVACY POLICY

POLICY OVERVIEW APPLICABLE IN NIGERIA

This Website is operated by Carletta N.V., registered under company number 142346 with its office located at Dr. Henri Fergusonweg 1, Curaçao. The company is authorized by the Curaçao Gaming Control Board, holding license number OGL/2024/580/0570, issued on June 24, 2025, permitting the provision of online sports betting services in compliance with the National Ordinance on Games of Chance (LOK).

This Privacy Policy governs how we collect, use, and manage your Personal Data when you interact with us through:

our official Website;
communications sent to our email: [email protected];
phone calls or live chat sessions with our support team.

We serve as the data controller for your Personal Data. The main goal of this Policy is to clarify how your information is gathered, processed, stored, shared, and safeguarded whenever you use our sports betting services via the Website. It also outlines the categories of data we handle, the legal grounds and purposes for processing, your rights regarding your information, and the ways you can exercise those rights.

TERMINOLOGY AND INTERPRETATION

Terms with an initial capital letter carry the meanings assigned to them in this Policy. The definitions provided apply equally, whether used in singular or plural form.

For the purposes of this Policy:

Account — A personal profile created to access our Services or specific features, subject to identity verification and compliance with regulatory obligations.
Company (hereinafter referred to as “we,” “our,” or “us”) — Means Carletta N.V., incorporated under the laws of Curaçao, registration number 142346, with its official address at Dr. Henri Fergusonweg 1, Curaçao.
Service — Refers to the Website, its tools, and related online solutions offered by the Company, including the sports betting platform.
Website — Covers the main site along with any subdomains, connected applications, or platforms managed by the Company.
Personal Data — Information that identifies or can reasonably be used to identify an individual, as outlined in the GDPR and Curaçao’s Data Protection rules.
Processing of Personal Data — Any action carried out on Personal Data, manually or through automation, such as collecting, organizing, storing, modifying, retrieving, sharing, restricting, deleting, or destroying.
Regulatory Compliance — The Company’s duty to process Personal Data in accordance with relevant laws, including the National Ordinance on Games of Chance (LOK) and Anti-Money Laundering (AML) requirements. This processing is legally mandated and not based on user consent.

DATA WE PROCESS IN NIGERIA: PURPOSES AND LEGAL BASES

To maintain clarity, the following table outlines the purposes for which we handle your Personal Data, the legal grounds for processing, the types of data involved, and how long each type is retained, specifically for sports betting services.

Purpose	Legal Basis	Personal Data Collected
Account Creation & Access to Sports Betting Services	Performance of a contract or pre-contractual actions (GDPR Art. 6(1)(b))	Contact info (email/phone); hashed password; selected currency; account identifiers; basic device/access logs for account activation and security
Identity Verification (KYC), Age & AML/LOK Compliance	Compliance with legal obligations, including AML/CFT and LOK, NORUT (GDPR Art. 6(1)(c)); legitimate interests in platform security (Art. 6(1)(f))	Government-issued ID (passport, ID card, driver’s license); proof of address; date of birth/age verification; selfies or liveness checks
Payment Handling (Deposits, Withdrawals, Refunds)	Contract fulfillment (Art. 6(1)(b)); financial/legal obligations (Art. 6(1)(c)); fraud prevention (Art. 6(1)(f))	Payment method details; transaction history; currency info; payout confirmations
Fraud Prevention, Security & Platform Misuse	Legitimate interest in user and service protection (Art. 6(1)(f)); AML/CTF obligations (Art. 6(1)(c))	Device identifiers (IP, device type, browser); technical usage data
Responsible Betting, Player Safety & Self-Exclusion Management	LOK/Responsible Gaming compliance (Art. 6(1)(c)); legitimate interest in user welfare and regulatory compliance (Art. 6(1)(f))	Self-exclusion periods; cooling-off settings; play limits; betting frequency/spend metrics; communications about responsible betting
Customer Support & Service Communication	Contract performance (handling service requests) (Art. 6(1)(b)); service quality and dispute resolution (Art. 6(1)(f))	Support tickets, chat/email transcripts, call notes; account identifiers; transaction references
Marketing Communications (If Consented)	Consent for electronic marketing (Art. 6(1)(a)); legitimate interest for related products (Art. 6(1)(f)), with opt-out & responsible gaming rules	Contact info (email/phone/push); marketing preferences; engagement stats; bonus eligibility info
Website Performance, Analytics & Cookies	Legitimate interest for site improvement (Art. 6(1)(f)); consent for non-essential cookies (Art. 6(1)(a))	Usage logs; cookie IDs; browser/version; traffic & interaction metrics
Regulatory Reporting, Audits & Legal Compliance	Legal obligation to cooperate with CGA, FIU, tax and other authorities (Art. 6(1)(c)); legitimate interest for legal claims (Art. 6(1)(f))	Records required for regulatory reporting, audits, or legal proceedings per applicable law

STORAGE AND RETENTION OF DATA

We keep your Personal Data only for as long as needed to achieve the purposes for which it was collected, or as required by law and regulatory obligations. The retention period for each type of data depends on:

The reason for processing, such as providing sports betting services, fulfilling contractual commitments, or safeguarding our legitimate interests.
Legal requirements, including but not limited to Anti-Money Laundering (AML), sports betting regulations, and tax laws.
The necessity to establish, enforce, or defend legal claims, or to comply with audits and regulatory checks.

After the applicable retention period ends, your Personal Data is securely erased, anonymized, or stored in a manner that prevents it from being linked back to you, unless the law mandates extended retention.

SOURCES OF YOUR PERSONAL DATA

We gather your Personal Data mainly from your interactions with our sports betting services, including account setup, identity checks, deposits and withdrawals, and general use of our Website. Additionally, we may collect Personal Data from the following sources:

Directly from You: Details you provide when registering an account, completing verification, making deposits or withdrawals, or contacting customer support.
Through Your Activity on Our Platform: Information generated by your betting activity, transactions, device details, access logs, and cookie data (as outlined in our Cookie Policy).
Third-Party Verification and Compliance Providers: Trusted partners may assist with compliance, security, or payment-related processes.
Public and Legitimate Sources: We may supplement the data you provide with information from publicly available and lawful sources for verification, compliance, or risk management purposes.
Regulatory and Law Enforcement Agencies: Occasionally, we may receive data from relevant authorities to fulfill legal and regulatory obligations.

DATA HOSTING AND CROSS-BORDER TRANSFERS

We keep your Personal Data on secure servers managed by us and our trusted partners. These servers may be located both within the European Economic Area (EEA) and in other regions, including Curaçao, depending on operational and regulatory needs.

When transferring Personal Data outside the EEA, we take steps to ensure compliance with applicable data protection laws, including the use of safeguards such as:

Adequacy Decisions: Sending data to countries recognized by the European Commission as providing an appropriate level of protection.
Standard Contractual Clauses (SCCs): Using European Commission-approved clauses when no adequacy decision exists to maintain the security and protection of your data.

PARTIES WITH WHOM WE MAY DISCLOSE YOUR PERSONAL DATA

We only share your Personal Data when it is necessary and in line with the purposes described in this Privacy Policy, always following applicable data protection laws, contractual requirements, and security standards.

Your data may be disclosed to:

Regulatory and Supervisory Authorities: Such as the Curaçao Gaming Authority (CGA), Financial Intelligence Unit (FIU), tax offices, and other governmental or law enforcement bodies, to comply with legal obligations including AML and responsible betting regulations.
Identity Verification and Compliance Providers: Companies that assist with verifying user identity and meeting KYC and AML requirements.
Payment Processors and Financial Institutions: For deposits, withdrawals, and other payment services, sharing necessary data such as transaction details, payment methods, and account identifiers.
Customer Support and Communication Services: External providers supporting email, live chat, or other communication tools may process your contact information and messages to assist with support.
Fraud Prevention and Security Partners: Trusted providers that help secure the platform, detect fraudulent activity, and protect user accounts.
Analytics and Optimization Services: Third-party tools that analyze platform usage, perform A/B testing, and improve user experience; data is anonymized where possible.
Sports Content and Betting Providers: Licensed providers enabling specific platform features, with access limited to essential data such as player identifiers and session details.
Internal IT and Hosting Providers: Secure infrastructure and productivity services that manage and store data necessary for platform operations.

COOKIE USAGE AND MANAGEMENT

Our sports betting platform may utilize cookies and related technologies to improve user experience, support key site functions, and monitor performance. These small text files are saved on your device when you visit the site, helping the platform remember your preferences and previous interactions.

Types of Cookies and Their Purposes

On our sports betting platform, we use different types of cookies, each serving specific purposes:

Essential Cookies: These are critical for the platform to function properly and cannot be disabled. They support key features such as navigating pages, accessing secure areas, and user authentication.
Functional Cookies: These enhance user experience by remembering preferences like language or account settings. They can be set by us or by third-party services we use.
Analytics Cookies: These collect anonymized, aggregated data about how users interact with the platform (e.g., page views, clicks, traffic sources) to monitor and improve performance.
Advertising Cookies: Set by us or our advertising partners, these cookies help deliver personalized ads, track ad frequency, and measure campaign effectiveness both on our platform and elsewhere.
Session vs. Persistent Cookies: Session cookies expire when you close your browser, while persistent cookies remain on your device for a set period or until you delete them.
First-Party vs. Third-Party Cookies: Some cookies are set directly by our platform (first-party), while others are set by external providers (third-party) such as analytics, support, or ad services.

You can manage cookies through your browser settings, including refusing or deleting them. Keep in mind that limiting certain cookies may affect some features or the overall functionality of the platform.

HOW WE SAFEGUARD UNDERAGE PLAYERS

Following the Curaçao Gaming Authority’s (CGA) Responsible Gaming guidelines from February 2025, we have established strict procedures to block minors from using our sports betting services.

Age Limits and Verification

Our sports betting services are exclusively available to individuals who are 18 years or older, or who have reached the legal gambling age in their jurisdiction, whichever is higher. By using or signing up for our services, you confirm that you satisfy this age requirement.

Thorough Age Verification Procedures

To ensure compliance with age limits, we use strong age verification measures, including ID Verification. Bettors must submit valid government-issued identification during account registration.

Preventive Actions and Safety Checks

Beyond age verification, we implement additional safeguards to uphold our age policies:

Automated Oversight: Ongoing monitoring of betting activity to identify irregularities or potential underage access.
Security Audits: Performing detailed checks when underage activity is suspected, including review of registration details and payment records.
Data Removal: Prompt deletion of Personal Data from accounts confirmed to belong to minors.

Parental Guidance and Safeguards

We urge parents and guardians to make use of parental control tools and to teach minors about safe and responsible online behavior to prevent unauthorized access to our sports betting services.

Commitment to Responsible Sports Betting

We are fully committed to promoting responsible sports betting in line with the CGA’s standards for player protection and age verification. Our policies are regularly reviewed and updated to ensure full compliance with regulatory requirements. By accessing or using our sports betting services, you confirm that you meet the legal age requirements and accept our dedication to responsible betting practices.

ESSENTIAL DETAILS ABOUT YOUR RIGHTS

Your rights

In line with the General Data Protection Regulation (GDPR), you are entitled to the following rights regarding the Personal Data you provide while using our sports betting services:

Access to Your Data (Article 15 GDPR): You can request confirmation of whether we process your Personal Data and obtain a copy of the information along with details on how it is used.
Correction of Data (Article 16 GDPR): You have the right to ask for any inaccurate or incomplete Personal Data to be corrected promptly.
Deletion of Data (Right to be Forgotten) (Article 17 GDPR): You can request that your Personal Data be erased when it is no longer necessary for the purposes it was collected, or where you withdraw consent, among other legal grounds.
Restriction of Processing (Article 18 GDPR): You may request that we limit the use of your Personal Data in specific circumstances, such as when the accuracy is disputed or processing is unlawful.
Data Portability (Article 20 GDPR): You can request your Personal Data in a structured, commonly used, and machine-readable format and, where technically possible, transfer it to another provider.
Right to Object (Article 21 GDPR): You may object at any time to the processing of your Personal Data for reasons related to your individual situation, especially when processing is based on our legitimate interests or for direct marketing purposes.

Exercising your rights

If you wish to exercise any of your data protection rights, you can contact us at:

our email: [email protected];
our postal address: Dr. Henri Fergusonweg 1, Curaçao.

REMOVE CONSENT

If we handle your Personal Data based on your consent, you are entitled to revoke that consent at any moment. Revoking consent does not impact the legality of processing carried out before the withdrawal.

To revoke your consent, contact us through the methods outlined in this Privacy Policy. Once we receive your request, we will cease processing your Personal Data unless retention is necessary to meet legal or regulatory requirements.

Be aware that withdrawing consent may affect our ability to deliver certain sports betting services, and we will notify you of any consequences before completing the revocation.

FILING A COMPLAINT

In line with Article 77 GDPR, if you believe your Personal Data is being handled improperly or your privacy rights are infringed, you have the right to file a complaint with:

The relevant supervisory authority in the EU country where you live, work, or where the potential violation occurred.
The Curaçao Gaming Authority (CGA) or any other applicable data protection authority in Curaçao.

For any concerns or unresolved questions about how your Personal Data is processed, we recommend contacting us first. We will take all reasonable steps to resolve your issues promptly and in accordance with the law.

SUPPLYING PERSONAL DATA AND IMPACT OF NON-PROVISION

Submitting your Personal Data may be:

A legal obligation: Certain information must be provided to meet regulatory requirements, such as anti-money laundering (AML) rules and responsible betting obligations.
A contractual necessity: Some details are required to establish and execute a contract with you, including granting access to our sports betting services and handling transactions.
Essential for accessing our services: If the required Personal Data is not provided, we may be unable to deliver specific services or comply with legal and contractual duties.

Obligation to Provide Data

You are required to submit Personal Data when mandated by law or needed to fulfill a contract. Not providing this information may lead to:

Inability to register or access a sports betting account;
Limited or restricted use of our sports betting services;
Termination of the agreement between you and the service;
Non-compliance with regulatory requirements, which could prevent us from offering sports betting services.

LEGAL NOTICE

Our sports betting services are provided on an “AS-IS” and “AS-AVAILABLE” basis, without any assurances of continuous or flawless operation. Although we implement reasonable measures to safeguard your Personal Data, we cannot promise complete security given the inherent risks of technology and the constantly changing landscape of cyber threats.

Liability Restrictions

To the fullest extent allowed by law, we disclaim liability for:

Circumstances outside our control, including system outages, cyber incidents, or unauthorized access.
Indirect, incidental, consequential, or punitive damages resulting from data breaches, improper disclosure, or misuse of Personal Data.
Mistakes, inaccuracies, or security issues on third-party websites connected to our platform.

By accessing and using our sports betting services, you agree that we are not responsible for third-party websites or services, even if they are linked through our platform.

AGREEMENT TO PRIVACY POLICY

By continuing to use our sports betting services, you expressly agree to this Privacy Policy. This document represents our complete and sole Privacy Policy, superseding any prior versions.

This Privacy Policy should be read alongside our Terms and Conditions and any other relevant notices displayed on our platform.
We may update or amend this Privacy Policy at any time. All changes will be published on our platform, and your continued use of our services after such updates will signify your acceptance of the revised Policy.
We encourage you to review this Policy periodically to remain informed about any updates.

ADDITIONAL TERMS

All translations of this Policy, aside from the English version, are offered solely for reference. In the event of any inconsistencies or conflicts between versions, the English version will take precedence.