Data Processing Agreement (Sports Betting and iGaming Partners)

This Data Processing Agreement ("DPA") defines the terms for processing personal data collected using the Social Platform, designed for engagement and interactions on platforms in which it is integrated.

Introduction and Scope

The controller of the personal data of the users of the Social Platform Software is the Company (the "Controller", "We"). This DPA applies to all users of the Social Platform and outlines how we collect, use, and protect personal data.

Contact Information

Requests related to the processing of end users’ personal data in connection with the use of the Social Platform can be sent to the address of the Controller: 4 Hill Street, London W1J 5NE United Kingdom, including to the data protection officer by email: [email protected].

Definitions

The following definitions are used in this Policy:

• Personal data is any information relating to an identified or identifiable natural person (‘data subject’).
• Controller - the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processing of personal data means any operation or a set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Social Platform Software - a webpage on the Internet and/or a mobile application owned by the Controller that allows end users to chat about broadcasts or audiovisual works in real time.

Legal Basis for Processing

We process personal data based on the following legal grounds:

• Consent
• Performance of a contract
• Compliance with a legal obligation
• Protection of vital interests
• Public interest
• Legitimate interests

What Data Do We Process?

1. Personal Data which is not Biometric or Special:

• Chat name (pseudonym) –provided by Users or Client for authorization purposes of the Social Platform Software;
• UserID provided by Client and used for the purpose of authorization on the Social Platform Software;
• Data about user’s device (IP address and port number) - Controller has the capability through the administrative panel to enable the automatic collection of IP addresses associated with text messages sent by users.

1. User Engagement and Interaction Data:

• User Access: Detailed logs of user sign-ins and activities, including timestamps.
• Messaging: Records of sent and received messages with text or images, including metadata such as timestamps and delivery status.
• Room Interaction: Data on user entry, exit, and activities within chat rooms.
• Poll Engagement: Records of user participation in polls, including options chosen.
• Offer Engagement: Data on marketing offers and user interactions.
• Stream feedback: User feedback with ratings, issues reported, and associated comments.
• Ranking: User ranking details, including positions on leaderboards and badges earned.
• Reactions: Usage data on reactions and emotions associated with messages.
• Gamification: Information on sticker usage and details of bets placed, including those shared through the copy-betting widget.
• Chatbot Interaction: Usage frequency and token consumption by the chatbot.

1. Moderation and Compliance Data:

• Reports: Details of user reports including reasons, timestamps, and resolution status.
• Bans: Ban records with target user information, duration, and reasons.
• Content Flags: Log of flagged messages, reasons, and actions taken.

1. Copy-Betting Widget Data:

• Widget Interaction: Data on user interactions with the copy-betting widget.
• Bet Sharing: Details of bets shared, including types, outcomes, and related events.
• Bet Copying: Data on the bets copied by users, including the number of times a bet was copied.
• Bet Records: Data on the last placed bets by users, including outcomes and amounts won.

1. Performance Data:

• Connection Statistics: Real-time metrics on socket connections and durations.
• Service Settings: Usage data for service settings, including modifications made.
• Service Statistics: Overall usage statistics such as user counts and message volume.

Purpose of Data Collection

The above information is collected by us for the purposes of:

• Authorizing a user on the Social Platform and providing them with access to its functionality
• Personalizing the user experience
• Maintaining statistics and improving the functionality of the Social Platform
• Compliance with applicable laws

Means of Processing Personal Data

• The processing of personal data is automated and may include various operations such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure, or destruction.
• We use personal data to fully provide Social Platform services and to analyze, provide, and improve the operation of the Social Platform.
• We can only transfer personal data to third countries if it complies with applicable law.

Data Retention

We store user’s personal data for as long as necessary to provide them with the services of the Social Platform. We will stop processing user’s personal data after the date of termination of the contract with the user. In the absence of legal prohibitions, we may store some parts of user’s personal data even after the user has stopped using the Social Platform. At the end of the processing period, Watchers will delete user’s personal data.

Personal Data Protection

We take the necessary organizational and technical measures to protect the confidentiality of user’s personal data and prevent unauthorized access. The measures are established in accordance with applicable law to ensure a level of security that meets the risks of processing user’s personal data.

User’s Rights in Relation to Data Processing

The user has the right to:

• Request access to and rectification or erasure of their personal data
• Restriction of processing
• Object to the processing of their data
• Ask us to pass data that they provided to us to another organization (data portability)
• Lodge a complaint with a supervisory authority

Data Breach Notification

In the event of a data breach, we will notify affected individuals and relevant authorities within 72 hours, as required by applicable law.

Data Protection Impact Assessments (DPIA)

We will conduct DPIAs when processing activities are likely to result in a high risk to the rights and freedoms of individuals.

Sub-processors

We may engage third-party service providers (sub-processors) to process personal data on our behalf. We will ensure that such sub-processors comply with the same data protection obligations as set out in this DPA.

International Data Transfers

We will ensure that any transfer of personal data to third countries complies with applicable law, using mechanisms such as Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or adequacy decisions.

Amendments to the DPA

We reserve the right to amend this DPA at any time. The Client should be notified about such amendments in advance, to be able to notify Users of any changes through appropriate means, such as email or notifications.

Governing Law and Jurisdiction

This DPA is governed by and construed in accordance with the laws of the United Kingdom. Any disputes arising out of or in connection with this DPA shall be subject to the exclusive jurisdiction of the courts of the United Kingdom.

COMPANY                                                       CLIENT

****_****.                                    ****__****.

Authorized Signature                                   Authorized Signature

Yana Bardintseva, Director                         XXXXXXXXXX