Privacy Policy

Last Updated: February 18, 2025

This Privacy Policy ("Policy") describes how the entity operating the SlotEquip platform ("SlotEquip," "Operator," "Company," "We," "Us," or "Our") collects, uses, stores, shares, and protects personal data in connection with the SlotEquip platform ("Platform"). This Policy is permanently and irrevocably attached to and governs the Platform regardless of the legal entity that owns or operates it at any given time. This Policy is issued in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable data protection legislation.

1. Data Controller

The data controller for the purposes of this Policy is the entity that operates the SlotEquip Platform at the time of data processing. Contact details:

SlotEquip
Email: [email protected]
Website: www.slotequip.com

2. Data Protection Officer

2.1. SlotEquip has designated a Data Protection Officer (DPO) who oversees all matters related to data protection and privacy compliance. The DPO ensures that all personal data processing activities comply with applicable data protection legislation, including the GDPR.

2.2. You may contact our Data Protection Officer at:

Data Protection Officer — SlotEquip
Email: [email protected]

2.3. The DPO is responsible for monitoring compliance, advising on data protection impact assessments (DPIAs), cooperating with the supervisory authority, and acting as the primary point of contact for data subjects exercising their rights.

3. Categories of Personal Data Collected

We collect and process the following categories of personal data:

3.1. Account Registration Data

• Full name and job title of authorized representative
• Business email address
• Company name, registration number, and VAT identification number
• Business address and country of incorporation
• Phone number
• Account credentials (passwords stored in encrypted/hashed form only)

3.2. Verification Data

• Business license and regulatory permit copies
• Beneficial ownership documentation
• Financial standing indicators
• Anti-money laundering (AML) screening results

3.3. Usage and Technical Data

• IP address, browser type, operating system, and device identifiers
• Pages visited, click patterns, session duration, and navigation paths
• Search queries and filtering preferences
• Product views, comparisons, and inquiry history
• Cookies and similar tracking technologies (see Section 9)

3.4. Transactional Data

• Purchase and inquiry history
• Request for quotation (RFQ) details
• Payment and billing information (processed via third-party payment processors)
• Communication records between Users

4. Legal Basis for Processing

We process personal data on the following legal bases under Article 6 GDPR:

• Contractual Necessity (Art. 6(1)(b)): Processing necessary for the performance of the Terms of Service and provision of Platform services.
• Legitimate Interest (Art. 6(1)(f)): Processing necessary for fraud prevention, security, Platform improvement, analytics, and direct marketing to existing Users.
• Legal Obligation (Art. 6(1)(c)): Processing required to comply with applicable laws, including AML regulations, tax obligations, and regulatory requirements.
• Consent (Art. 6(1)(a)): Where specifically required, such as for non-essential cookies and marketing communications to non-Users.

5. Purpose of Data Processing

We process personal data for the following purposes:

• Account creation, management, and verification
• Provision, maintenance, and improvement of Platform services
• User authentication and access control
• Facilitation of Transactions between Vendors and Casino Operators
• Fraud detection, prevention, and investigation
• Compliance with legal and regulatory obligations
• Analytics, reporting, and business intelligence
• Communication regarding Platform updates, security notices, and support
• Enforcement of our Terms of Service
• Protection of our legal rights, property, and safety

6. Data Sharing and Disclosure

6.1. We do not sell personal data to third parties.

6.2. We may share personal data with:

• Verified Platform Users: Limited business profile information is shared with verified counterparties to facilitate Transactions. Vendor product data is accessible only to verified Casino Operators.
• Service Providers: Third-party providers performing services on our behalf (hosting, payment processing, analytics, email delivery), bound by data processing agreements compliant with Article 28 GDPR.
• Legal and Regulatory Authorities: When required by law, regulation, legal process, or governmental request.
• Business Transfers: In connection with any merger, acquisition, reorganization, or sale of assets, personal data may be transferred as a business asset, subject to the acquirer agreeing to be bound by this Policy.
• Professional Advisors: Lawyers, auditors, and consultants engaged for legitimate business purposes, bound by confidentiality obligations.

7. International Data Transfers

7.1. Personal data may be transferred to and processed in countries outside the European Economic Area (EEA). In such cases, we ensure adequate safeguards are in place, including:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules where applicable

7.2. By using the Platform, you acknowledge that your data may be processed in jurisdictions with different data protection standards than your country of residence.

8. Data Retention

8.1. We retain personal data for as long as necessary to fulfill the purposes outlined in this Policy, comply with legal obligations, resolve disputes, and enforce agreements.

8.2. Account data is retained for the duration of the account relationship and for a period of five (5) years following account closure, unless a longer retention period is required by law.

8.3. Transactional records are retained for a minimum of ten (10) years in compliance with applicable commercial and tax legislation.

8.4. Usage data and analytics are retained in anonymized or aggregated form indefinitely for Platform improvement purposes.

8.5. Verification documents (business licenses, ownership records) are retained for the duration of the account relationship plus seven (7) years, in compliance with anti-money laundering regulations.

9. Cookies and Tracking Technologies

9.1. We use cookies and similar technologies to enhance functionality, analyze usage, and personalize your experience. Categories include:

• Strictly Necessary Cookies: Essential for Platform operation and cannot be disabled.
• Functional Cookies: Remember your preferences and settings.
• Analytics Cookies: Collect aggregated usage statistics to improve the Platform.
• Marketing Cookies: Used to deliver targeted advertising (deployed only with explicit consent).

9.2. You can manage cookie preferences through your browser settings or through our cookie consent management tool. Disabling certain cookies may affect Platform functionality.

9.3. We maintain a record of all cookie consent decisions and provide the ability to modify preferences at any time through the Platform settings.

10. Your Rights Under GDPR

Subject to applicable law, you have the following rights:

• Right of Access (Art. 15): Obtain confirmation of whether your data is being processed and access to such data.
• Right to Rectification (Art. 16): Request correction of inaccurate personal data.
• Right to Erasure (Art. 17): Request deletion of personal data, subject to legal retention requirements.
• Right to Restriction (Art. 18): Request restriction of processing in certain circumstances.
• Right to Data Portability (Art. 20): Receive your personal data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interest or for direct marketing.
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing prior to withdrawal.
• Right Not to Be Subject to Automated Decision-Making (Art. 22): Not be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects.
• Right to Lodge a Complaint: File a complaint with the Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec).

To exercise your rights, contact our Data Protection Officer at: [email protected]. We will respond within thirty (30) days of receipt. In complex cases, this period may be extended by an additional sixty (60) days, with prior notification.

11. Data Security

11.1. We implement industry-standard technical and organizational security measures, including encryption in transit (TLS/SSL), encryption at rest, access controls, regular security audits, penetration testing, and intrusion detection systems.

11.2. Access to personal data is restricted to authorized personnel on a need-to-know basis. All personnel with access to personal data are bound by confidentiality obligations.

11.3. While we strive to protect personal data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security and shall not be liable for any unauthorized access resulting from sophisticated cyberattacks or circumstances beyond our reasonable control.

11.4. In the event of a personal data breach likely to result in a risk to the rights and freedoms of natural persons, we will notify the supervisory authority within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR. If the breach is likely to result in a high risk, affected data subjects will be notified without undue delay in accordance with Article 34 GDPR.

12. Data Protection Impact Assessments

12.1. SlotEquip conducts Data Protection Impact Assessments (DPIAs) in accordance with Article 35 GDPR for processing activities that are likely to result in a high risk to the rights and freedoms of natural persons.

12.2. DPIAs are performed before implementing new processing activities, deploying new technologies, or making significant changes to existing processing operations that may affect the privacy of data subjects.

12.3. Where a DPIA indicates that processing would result in a high risk in the absence of measures taken to mitigate the risk, SlotEquip will consult with the supervisory authority prior to processing, in accordance with Article 36 GDPR.

13. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that personal data from a minor has been collected, we will take steps to delete such data promptly.

14. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of such third parties. We encourage you to review the privacy policies of any third-party sites you visit.

15. Changes to This Policy

We reserve the right to modify this Policy at any time. Material changes will be communicated via the Platform or to your registered email address at least thirty (30) days prior to taking effect. Your continued use of the Platform following notification constitutes acceptance of the revised Policy. Previous versions of this Policy will be archived and made available upon request.

16. Contact Information

For any questions or concerns regarding this Privacy Policy or our data processing practices, please contact:

SlotEquip — Data Protection
Email: [email protected]
Data Protection Officer: [email protected]
Website: www.slotequip.com

17. Supervisory Authority

You have the right to lodge a complaint with the national supervisory authority:

Informacijski pooblaščenec Republike Slovenije
Dunajska cesta 22, 1000 Ljubljana, Slovenia
Website: www.ip-rs.si
Email: [email protected]