Privacy Policy

Data We Collect

This Privacy Policy governs the collection, processing, storage, and use of personal data obtained through the use of the website boomerangbet.ie, operated under the jurisdiction of Curacao. The processing of personal data is carried out in accordance with applicable data protection legislation and international standards concerning the protection of privacy of natural persons.

The following categories of personal data are subject to collection and processing in the course of providing services through the platform:

• Identification data: Full name, date of birth, nationality, and gender of the data subject, as required for the purposes of account registration and identity verification.
• Contact information: Electronic mail address, telephone number, and postal address, collected for the purposes of communication and service delivery.
• Financial data: Payment card details, bank account information, transaction history, and records of deposits and withdrawals, processed for the purposes of financial operations and anti-fraud measures.
• Verification documents: Copies of government-issued identity documents, proof of address, and source-of-funds documentation, collected in compliance with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulatory requirements.
• Technical data: Internet Protocol (IP) addresses, browser type and version, device identifiers, operating system information, and session logs, collected automatically upon access to the website.
• Behavioral data: Navigation patterns, game activity records, time and frequency of platform usage, and interaction data with platform features.
• Communication records: Records of correspondence initiated through customer support channels, including electronic messages, chat transcripts, and any information voluntarily provided by the data subject during such interactions.
• Geolocation data: Approximate geographical location derived from IP address or, where applicable, device-based location data, used for jurisdictional compliance purposes.

Personal data is collected directly from the data subject upon registration and through continued use of the platform, as well as indirectly through automated technical mechanisms integrated into the website infrastructure. The provision of certain categories of personal data is mandatory for the establishment and maintenance of an account and for compliance with applicable legal obligations. Failure to provide such data may result in the inability to access or utilize the services offered.

Use of Information

Personal data collected through the platform is processed exclusively for specified, explicit, and legitimate purposes. Processing activities are conducted on the basis of one or more lawful grounds, including the performance of a contract to which the data subject is a party, compliance with legal obligations to which the operator is subject, the legitimate interests of the operator, and, where applicable, the explicit consent of the data subject.

The purposes for which personal data is processed include the following:

• Account administration: The creation, maintenance, and management of user accounts, including the verification of identity and eligibility to use the services, are conducted on the basis of contractual necessity.
• Service provision: The facilitation of gaming activities, processing of financial transactions, management of bonuses and promotional offers, and delivery of customer support services are performed in the execution of the contractual relationship between the operator and the data subject.
• Regulatory compliance: The processing of personal data is carried out as required by applicable laws and regulations, including those pertaining to anti-money laundering, combating the financing of terrorism, responsible gambling, and licensing obligations under the jurisdiction of Curacao.
• Fraud prevention and security: Personal data is analyzed for the purposes of detecting, investigating, and preventing fraudulent activity, unauthorized access, and other unlawful conduct that may compromise the integrity of the platform or the interests of its users.
• Responsible gambling measures: Data relating to gaming behavior is processed to identify patterns indicative of problem gambling and to implement self-exclusion, deposit limits, and other responsible gambling tools in accordance with applicable standards.
• Communication: Personal data is used to deliver transactional communications, account notifications, security alerts, and responses to inquiries submitted by the data subject. Where consent has been obtained, data may also be used to transmit marketing communications.
• Platform improvement: Aggregated and anonymized data may be used for analytical purposes to evaluate platform performance, user experience, and the effectiveness of operational processes.
• Legal proceedings: Where necessary, personal data may be processed for the purposes of establishing, exercising, or defending legal claims.

Personal data shall not be processed for purposes incompatible with those for which it was originally collected, unless the data subject has provided explicit consent or such processing is required by law. Personal data shall not be sold, rented, or otherwise commercially transferred to third parties for their independent marketing purposes.

Personal data may be disclosed to third parties solely where such disclosure is necessary for the fulfilment of the purposes described herein, including licensed payment service providers, identity verification service providers, technology infrastructure partners, regulatory authorities, and law enforcement agencies where disclosure is required by applicable law or court order.

Data Protection

The operator has implemented a comprehensive framework of technical and organizational security measures designed to ensure an appropriate level of protection for personal data processed through the platform. Such measures are applied with due regard to the nature, scope, context, and purposes of processing, as well as the risks of varying likelihood and severity that may result from unauthorized or unlawful processing, accidental loss, destruction, or damage to personal data.

The technical security measures implemented include, but are not limited to, the following:

• Encryption: Personal data transmitted between the data subject's device and the platform's servers is protected through Secure Socket Layer (SSL) and Transport Layer Security (TLS) encryption protocols. Sensitive data stored within the operator's systems is subject to encryption at rest using industry-standard cryptographic methods.
• Access controls: Access to personal data is restricted to authorized personnel whose roles necessitate such access for legitimate operational purposes. Role-based access control mechanisms are maintained and reviewed on a regular basis.
• Authentication measures: Multi-factor authentication and secure password protocols are applied to administrative systems containing personal data to prevent unauthorized access.
• Intrusion detection: Automated monitoring systems are deployed to detect and respond to potential security incidents, unauthorized access attempts, and anomalous activity within the platform's infrastructure.
• Data minimization: Only such personal data as is necessary for the fulfilment of the specified processing purposes is collected and retained. Unnecessary data is not processed or is anonymized where practicable.
• Pseudonymization: Where appropriate, personal data is pseudonymized to reduce risks associated with unauthorized disclosure or misuse.

The organizational measures implemented include, but are not limited to, the following:

• Personnel training: Staff members with access to personal data receive regular training on data protection obligations, security protocols, and procedures for responding to data breaches.
• Confidentiality obligations: All personnel and third-party service providers with access to personal data are bound by contractual confidentiality obligations and are prohibited from processing such data beyond the scope of their authorized duties.
• Vendor management: Third-party data processors are subject to due diligence assessments and are required to implement equivalent security standards through binding contractual arrangements.
• Incident response: Documented procedures for the identification, assessment, containment, and notification of data security incidents are maintained and regularly reviewed.
• Retention and deletion policies: Personal data is retained only for such periods as are necessary for the purposes of processing or as required by applicable legal obligations. Upon expiry of the applicable retention period, personal data is securely deleted or anonymized.

Notwithstanding the measures described herein, no method of electronic transmission or storage can be guaranteed to be entirely secure. The operator endeavors to employ commercially reasonable means to protect personal data; however, absolute security cannot be warranted.

Privacy Rights

Data subjects whose personal data is processed by the operator are recognized as holders of specific rights in relation to such data. These rights may be exercised subject to applicable legal limitations and conditions, and requests submitted in the exercise of such rights shall be processed without undue delay and, in any event, within the time periods prescribed by applicable law.

The rights afforded to data subjects include the following:

• Right of access: The data subject is entitled to obtain confirmation as to whether personal data concerning them is being processed, and, where such processing is confirmed, to receive a copy of the personal data undergoing processing together with information regarding the purposes of processing, the categories of data concerned, the recipients or categories of recipients to whom data has been or will be disclosed, and the envisaged retention period.