Data Protection & Privacy

Information Collection

The following categories of personal data are subject to collection and processing by MethSpin Entertainment N.V. in the course of operating the platform accessible at methspin.us.com:

• Identification Data: Full legal name, date of birth, nationality, and government-issued identification document details are collected for the purposes of identity verification and regulatory compliance.
• Contact Information: Electronic mail addresses, telephone numbers, and residential addresses are recorded to facilitate account administration and correspondence.
• Financial Data: Payment instrument details, transaction histories, deposit and withdrawal records, and associated banking information are processed in connection with the provision of financial services on the platform.
• Technical Data: Internet Protocol addresses, browser type and version, operating system identifiers, device fingerprints, session cookies, and access timestamps are automatically recorded upon interaction with the platform.
• Behavioral Data: Gaming activity records, wagering patterns, session durations, and platform navigation data are compiled for the purposes of service optimization and responsible gaming monitoring.
• Verification Data: Documentation submitted in connection with Know Your Customer procedures, source of funds declarations, and enhanced due diligence requirements is retained in accordance with applicable regulatory obligations.

Personal data is collected directly from the data subject at the time of account registration, through ongoing platform interaction, and via automated technical means. Data may additionally be obtained from third-party identity verification providers and payment processing institutions where such collection is necessitated by legal or regulatory requirements.

The collection of personal data is conducted in accordance with the licensing conditions imposed by the Curaçao eGaming Authority under license number 8048/JAZ2020-013, and in conformity with applicable data protection legislation.

How We Use Data

Personal data collected by MethSpin Entertainment N.V. is processed exclusively for the following specified, explicit, and legitimate purposes:

• Account Administration: Personal data is utilized to establish, maintain, and administer user accounts on the platform. This includes authentication of user credentials, management of account settings, and enforcement of platform terms and conditions.
• Regulatory Compliance: Data processing is carried out to fulfil obligations arising under anti-money laundering legislation, counter-terrorism financing requirements, and the conditions of the operating license issued by the Curaçao eGaming Authority. Identity verification and transaction monitoring are conducted on this basis.
• Service Provision: Data relating to gaming activity, financial transactions, and user preferences is processed to deliver the services offered on the platform, process deposits and withdrawals, and maintain accurate account balances.
• Fraud Prevention and Security: Technical and behavioral data is analyzed for the purpose of detecting, investigating, and preventing fraudulent activity, unauthorized account access, and other conduct prejudicial to the integrity of the platform.
• Responsible Gaming: Behavioral and activity data is processed to support responsible gaming initiatives, including the identification of potentially problematic usage patterns, enforcement of self-exclusion arrangements, and compliance with responsible gaming regulatory requirements.
• Legal Proceedings: Personal data may be processed where necessary for the establishment, exercise, or defense of legal claims, or where disclosure is required by competent judicial or regulatory authorities.
• Communications: Contact information is utilized to transmit transactional notifications, account-related communications, and mandatory disclosures required by the applicable regulatory framework.
• Service Improvement: Aggregated and anonymized data derived from user interaction is processed for internal analytical purposes directed at improving platform functionality and user experience.

No personal data shall be processed for purposes incompatible with those enumerated above. Where processing is proposed for a new purpose, the data subject shall be notified in advance and, where required by applicable law, explicit consent shall be obtained prior to such processing.

Data Protection

MethSpin Entertainment N.V. has implemented a comprehensive framework of technical and organizational measures designed to ensure an appropriate level of security with respect to the personal data processed on the platform. These measures are calibrated to account for the nature, scope, context, and purposes of processing, as well as the risks of varying likelihood and severity which may arise from unauthorized access, accidental loss, destruction, or alteration of personal data.

The following technical safeguards are maintained:

• Encryption: Personal data transmitted between the data subject's device and the platform's servers is protected by Transport Layer Security protocols. Sensitive data stored within the platform's systems is subject to encryption at rest utilizing industry-standard cryptographic algorithms.
• Access Controls: Access to personal data held within internal systems is restricted to personnel for whom such access is strictly necessary for the performance of their designated functions. Role-based access control mechanisms are employed to enforce the principle of least privilege.
• Network Security: The platform's technical infrastructure is protected by firewalls, intrusion detection systems, and continuous network monitoring to identify and respond to potential security incidents.
• Authentication Measures: Multi-factor authentication requirements are applied to administrative access to systems containing personal data.
• Penetration Testing: Regular security assessments and vulnerability testing are conducted by qualified technical personnel to identify and remediate potential weaknesses in the platform's security posture.

The following organizational measures are maintained:

• Personnel Training: All personnel engaged in the processing of personal data are required to complete mandatory data protection training and are bound by confidentiality obligations as a condition of their engagement.
• Data Minimization: The collection and retention of personal data is limited to that which is strictly necessary for the purposes for which it is processed.
• Retention Policies: Personal data is retained only for such period as is required by applicable legal and regulatory obligations or as is necessary for the purposes for which the data was collected. Upon expiry of the applicable retention period, data is securely deleted or anonymized in accordance with established internal procedures.
• Third-Party Management: Where personal data is disclosed to third-party service providers acting as data processors, contractual arrangements are established to ensure that such parties implement equivalent standards of data protection.
• Incident Response: Documented procedures are maintained for the identification, assessment, and management of personal data breaches, including notification to competent supervisory authorities and affected data subjects where required by applicable law.

User Rights

Data subjects whose personal data is processed by MethSpin Entertainment N.V. are vested with the following rights in respect of their personal data, which may be exercised subject to the conditions and limitations prescribed by applicable data protection legislation:

• Right of Access: The data subject is entitled to request confirmation as to whether personal data concerning them is being processed, and, where such processing is confirmed, to obtain a copy of the personal data undergoing processing together with supplementary information regarding the purposes of processing, the categories of data concerned, and the recipients to whom the data has been or will be disclosed.
• Right to Rectification: The data subject is entitled to require the rectification of inaccurate personal data concerning them without undue delay. Having regard to the purposes of processing, the data subject is additionally entitled to require the completion of incomplete personal data.
• Right to Erasure: The data subject is entitled to request the deletion of personal data concerning them where such data is no longer necessary in relation to the purposes for which it was collected, where the data subject withdraws consent upon which processing was based and no other legal ground for processing exists, or where the personal data has been unlawfully processed. This right is subject to override where retention is required by applicable legal or regulatory obligations.
• Right to Restriction of Processing: The data subject is entitled to require the restriction of processing of personal data concerning them in specified circumstances, including where the accuracy of the data is contested or where an objection to processing has been lodged pending verification of the legitimate grounds of the controller.
• Right to Data Portability: Where processing is based upon the data subject's consent or the performance of a contract, and where processing is carried out by automated means, the data subject is entitled to receive personal data concerning them in a structured, commonly used, and machine-readable format, and to transmit such data to another controller without hindrance.
• Right to Object: The data subject is entitled to object, on grounds relating to their particular situation, to the processing of personal data concerning them where such processing is carried out on the basis of the legitimate interests of the controller. Upon receipt of such an objection, the processing of the relevant personal data shall be discontinued unless compelling legitimate grounds for the processing are demonstrated which override the interests, rights, and freedoms of the data subject.