GDPR Compliance
onniwild is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and Finnish data protection laws.
Our Commitment to Data Protection
As a Finnish company providing services to residents of Finland and the European Union, onniwild fully complies with the General Data Protection Regulation (GDPR) and the Finnish Data Protection Act. We believe in transparency, fairness, and giving you control over your personal data.
Data Protection by Design
Privacy and data protection are built into our systems from the ground up, ensuring your data is protected by default.
Secure Data Processing
We implement appropriate technical and organizational measures to ensure the security of your personal data.
Transparent Practices
We provide clear information about what data we collect, why we collect it, and how we use it.
Legal Compliance
Full compliance with GDPR, Finnish Data Protection Act, and all applicable privacy regulations.
Data Processing Transparency
What Data We Collect
- Account Information: Name, email address, date of birth (for age verification)
- Gaming Data: Game preferences, progress, and activity within our social casino games
- Technical Data: Device information, IP address, browser type for service optimization
- Communication Data: Support tickets, feedback, and other communications
Legal Bases for Processing
- Contract Performance: Processing necessary to provide our social casino services
- Legitimate Interests: Service improvement, security, and fraud prevention
- Legal Obligation: Age verification and regulatory compliance
- Consent: Marketing communications and optional features (where applicable)
Data Sharing
- Service Providers: Trusted third parties who help us provide our services
- Legal Requirements: When required by Finnish or EU law
- Business Transfers: In case of merger, acquisition, or business transfer
- No Data Sales: We never sell your personal data to third parties
Data Retention
- Active Accounts: Data retained while account is active and for legitimate business purposes
- Closed Accounts: Most data deleted within 30 days of account closure
- Legal Requirements: Some data may be retained longer for legal compliance
- Anonymized Data: Anonymous analytics data may be retained indefinitely
Your Data Protection Rights
Under GDPR, you have several important rights regarding your personal data:
1. Right to Information
You have the right to know what personal data we collect, how we use it, and who we share it with. This information is provided in our Privacy Policy and this GDPR page.
2. Right of Access
You can request a copy of all personal data we hold about you. We will provide this information free of charge within one month of your request.
3. Right to Rectification
If your personal data is inaccurate or incomplete, you have the right to have it corrected. You can update most information directly in your account settings.
4. Right to Erasure ("Right to be Forgotten")
You can request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the original purpose.
5. Right to Restrict Processing
You can request that we limit how we process your personal data in certain situations, such as when you contest the accuracy of the data.
6. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
7. Right to Object
You can object to our processing of your personal data based on legitimate interests. You can also object to direct marketing at any time.
8. Rights Related to Automated Decision Making
You have the right not to be subject to automated decision-making, including profiling, that produces legal effects or similarly significantly affects you.
How to Exercise Your Rights
Contact Our Data Protection Officer
Send your request to our Data Protection Officer via email or phone. Include your full name, email address associated with your account, and specify which right you wish to exercise.
Identity Verification
To protect your privacy, we may need to verify your identity before processing your request. This helps ensure that personal data is not disclosed to unauthorized persons.
Request Processing
We will process your request within one month of receiving it. For complex requests, we may extend this period by up to two months and will inform you of any extension.
Response
We will provide you with information about the action taken on your request. If we cannot fulfill your request, we will explain why and inform you of your right to complain to a supervisory authority.
Data Protection Contact Information
Data Protection Officer
Email: dpo@onniwild.fi
Phone: +358 40 123 4567
Address:
onniwild Oy
Data Protection Officer
Kalevankatu 12
00100 Helsinki
Finland
Supervisory Authority
If you believe we have not adequately addressed your concerns, you can lodge a complaint with the Finnish Data Protection Ombudsman:
Office of the Data Protection Ombudsman
www.tietosuoja.fi
International Data Transfers
When we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:
Adequacy Decisions
Transfers to countries with an adequacy decision by the European Commission
Standard Contractual Clauses
Use of Standard Contractual Clauses approved by the European Commission
Binding Corporate Rules
Implementation of binding corporate rules where applicable
Certification Schemes
Reliance on approved certification mechanisms and codes of conduct
Updates to This Notice
We may update this GDPR compliance notice from time to time to reflect changes in our data processing practices or legal requirements. When we make significant changes, we will:
- Notify you via email if you have an account with us
- Post a notice on our website highlighting the changes
- Update the "Last Updated" date at the top of this page
- Provide a summary of key changes for your review
Last Updated: January 2025