1. Background
This is the Privacy Notice of Reelfun Gaming Limited (the “Company”). The Company is duly registered under the laws of Cyprus, bearing company registration number HE 483421 and having its registered office address at Arch, Makarious III, 1-7, Mitsi Building no 3, Floor 3, Apartment/office 310, 1065 Nicosia Cyprus, and is in possession of a B2C remote gaming licence (licence number: 0000132) issued by the Tobique Gaming Commission, under the Tobique Gaming Act, 2023.
The Company is the data controller for the use of the player’s (“your” or “you”) personal data. This Privacy Notice sets out how the Company manages your personal data in the course of the provision of its iGaming services (the “Services”) to you. The Company collects and processes personal data necessary to provide the Services through its website and/or mobile application, where available. In using the Services, you understand that your personal data will be processed in accordance with this Privacy Notice, and are hereby accepting and consenting to the practices set out in this Privacy Notice. This Privacy Notice does not apply to any websites over which the Company has no control.
The Company’s Services are not intended for minors and the Company does not knowingly collect personal data relating to minors. In the event that it becomes aware that a minor has provided the Company with any information, it may discard such information unless it is required to comply with any legal or statutory obligation binding upon it. If You have reason to believe that a minor has provided the Company with personal data, please contact us at the details set out in paragraph 1.11 below.
This Privacy Notice together with the General Terms and Conditions available on the Website set out the basis on which any personal data may be collected by the Company from you, or that you provide to the Company, will be processed by us. Please read the following carefully to understand the Company’s views and practices regarding your personal data and how the Company will treat it. By visiting and opening an account on our Website, you are accepting and consenting to the practices described in this Privacy Notice.
2. Personal Data and Collection of Information
Personal data means any information that can directly or indirectly identify an individual, including any information that constitutes personal data within the meaning of applicable privacy laws.
The Company processes personal data of visitors to its website, users of its mobile applications, and participants in its Services. The Company also processes personal data of individuals who contact the Company, follow it on social media, request it to be kept informed about the Services, or with whom the Company otherwise has a relationship.
The Company receives the personal data either when you register, when you provide data, or any other time you communicate with the Company, whether by phone, e-mail or otherwise. The Company also collects and analyses data regarding your gaming behaviour in order to ensure compliance with the terms and conditions, monitor the integrity of wagering activity, and to meet the Company’s responsible gaming, AML/CFT, and other legal obligations. The Company also receives data from third parties, such as providers of Know-Your-Customer services, that help it to comply with its legal obligations.
The Company also collects certain information about its customers and visitors to its website using cookies and other tracking technologies. For further information about cookies, which cookies are used by the Company, why it uses cookies, and how you can control which cookies are used, please refer to the Website Cookie Policy set out in Section 2 of this policy document.
Kindly refer to Annex ‘A’ attached to this policy document, which provides an overview of the information that the Company’s collects, together with the categories of personal data the Company processes.
3. What information does the Company collect and how does it use it?
Kindly refer to Annex ‘B’ of this policy document, which provides an overview of the purpose for processing the relevant personal data, including, inter alia, for the purposes of fulfilling our agreement with you for the provision of the Services, risk assessment, compliance with AML/CFT obligations, sanctions checking, fraud prevention, payment collection and statistical analysis.
The Company and its appointed third-party service providers use your personal data, such as your name, home address, email address, telephone number, and other relevant information for promotional purposes concerning the Services which the Company believes may interest you. You must opt-in to receive direct marketing of bonus promotions and other inducements to use the Services. You may opt-out from receiving marketing from the Company at any time, and free of charge, by following the instructions provided on the relevant marketing communications. We will comply with your request as soon as it can be processed.
Please note that even if you opt-out of the Company’s marketing mailing list, you will continue to receive service-related updates as per the Company’s legal obligations and/or its agreement with you. Also, all changes to email preferences may take up to forty-eight (48) hours to take effect. You may control your exposure to the Company’s advertising on social media through the settings offered on the respective third-party platforms.
4. Who will the Company share your information with?
For the purposes described in this Privacy Notice, including business and operational purposes and well as for fulfilling the Company’s legal obligations (such as AML/CFT and responsible gambling), the Company may share your personal data with other group entities to enable cross-network exclusions and similar measures, where applicable, on the basis of intra-group data processing agreements in place.
In some cases, the Company is required by law to share your personal data with government entities, law enforcement, regulators, and sports governing bodies (where there are reasonable grounds to suspect that you may be involved in a breach of sport integrity rules or the law, have knowledge of a breach of such rules or the law or otherwise pose a threat to the integrity of the relevant sport or game) for the purpose of combating gambling addiction, enforcing sport integrity, and preventing or investigating potential criminal activity. The Company may also be required to share your personal data in response to any court subpoena, order or similar official request. In certain cases, relevant laws may oblige the Company to disclose your personal data to financial institutions such as banks and insolvency services. These bodies may use your personal data to investigate and act on any such breaches in accordance with their procedures.
The Company may engage third parties (data recipients) to process your data in accordance with this Privacy Notice to provide you with the Services. These parties usually act as processors for the Company. In some cases, these parties act as joint or independent controllers. This is, for example, the case for payment service providers and social media platforms. In such cases, the privacy statement of the third party in question will apply. The Company shall only share your data with these providers subject to appropriate agreements. Categories of recipients with whom the Company shares personal information are:
- Gaming and software providers;
- Risk management providers;
- Third-party vendors that provide technical support and help the Company to maintain your account;
- Analytics and search engine providers that help the Company improve and optimise its website;
- Suppliers for communication purposes, such as the Company’s marketing platforms and providers of mobile communication services for telephony and SMS;
- Partners who carry out surveys and market research on the Company’s behalf;
- Interactive media platforms (such as social media platforms);
- Organisations that enable the Company to provide relevant advertisements on third party websites and platforms that you visit;
- Payment service providers and payment facilitators;
- Cloud service providers;
- Anti-fraud, risk and compliance service providers (such as Know-Your-Customer (KYC) providers, credit reference agencies);
- Providers of information verification services to validate the information you provide to the Company;
- Providers offering professional support for at risk users;
- Professional advisers such as lawyers, accountants, consultants and insurers, who provide the Company with legal, advisory and insurance services; and
- Other partners who help the Company create.
While using the Services, you may find links to third-party websites/applications (for example social media platforms). Please note that this Privacy Notice does not apply to such third-party websites/applications. In order to find out more about processing of your personal data by these third-party websites/applications, the Company hereby instructs you to carefully read their privacy statements and the terms of use before using their services.
5. International Transfer of Personal Data
Where the Company has service providers or partners located outside the European Union (EU) / European Economic Area (EEA), in a third country, territory or sector that has not been found to provide for an adequate level of data protection by the European Commission (see the list of third countries offering an adequate level of data protection as per the European Commission), the Company has ensured that the data transfers are subject to appropriate safeguards, such as the Standard Contractual Clauses. Transfers from Canada are subject to PIPEDA rules and must ensure comparable protection for personal information.
Please be aware that the list of data recipients may differ depending on the brand and country where you make use of the Services. Hence, on your request, the Company can provide you with the categories of data recipients whom we share your personal data with, and also specific information about data transfers to third countries, if applicable.
6. How long does the Company keep your Personal Data for?
The Company will not retain your personal data longer than necessary for the purposes for which it is collected or processed, unless longer retention is required by law. If your personal data is no longer necessary for the Company, it will securely delete the relevant personal information or anonymise it.
The necessary retention period is determined by various criteria including the nature of the data, purpose of the processing, the legal basis, whether there are any applicable legal obligations or industry codes of conduct, and other factors.
The Company will keep your personal information for as long as your account is active to be able to offer you the Services. If your account is closed (by yourself or by the Company), it will retain all your personal data to the extent necessary to comply with its legal obligations such as applicable tax/revenue laws, AML/CFT, gaming laws and other applicable regulatory requirements as well as to resolve any potential legal disputes as per the Company’s data retention policies.
For further information about the data retention terms relevant to your jurisdiction, please contact our data privacy team at dp@reelfungamingltd.com.
7. Automated Individual Decision-Making
In the cases described below, the Company uses fully or partially automated decision-making to take any necessary decisions / actions in accordance with applicable law:
- The Company makes use of automated tools to check against sanction/adverse media lists and any centralized self-exclusion schemes (where available), in accordance with the Company’s legal obligations under relevant legislation to take necessary AML/CFT and responsible gambling measures;
- The Company analyses your transactions and gaming behaviour in order to establish a risk profile in accordance with its legal obligations and licensing requirements to take measures to identify and investigate suspected illegal or fraudulent activities in connection with the Services, including money laundering, terrorist financing and fraud;
- In accordance with the Company’s licensing obligations, it is required to monitor users who are experiencing or at risk of developing an addiction. Therefore, the Company conducts player risk assessments by analysing behaviour, transactions, usage patterns and other data such as communications. Furthermore, the Company’s tools assess whether any limits set by players have been reached;
- The Company analyses your playing patterns and activities to investigate and identify possible issues related to integrity, malpractice, and other serious inappropriate behaviour in sport, such as match-fixing;
- The Company processes data about your activities and play behaviour in order to monitor compliance with its Terms and Conditions and internal policy documents;
- The Company will assess your eligibility for VIP status by analysing your transaction and game history; and
- Based on information on your use of the Services, including your game history, the Company will provide you with tailored recommendations / promotions unless you object to such processing by indicating your preferences in your account or by contacting the Company.
The Company’s systems are tested on a regular basis to ensure fair, effective, and unbiased operation. We cannot disclose detailed information about the Company’s detection systems, in particular the logic behind them, as this would harm their operation by allowing users to circumvent these mechanisms, which are aimed at protecting users, the Company and at ensuring compliance with its legal obligations.
8. What are your legal rights?
Under PIPEDA, individuals have the right to know why an organisation collects, uses or discloses their information and can access that information upon request.
You have a number of rights with regards to the processing of your personal data, including:
- Right to obtain confirmation that the Company is processing your data and have access to or obtain a copy of the same
- Information which is likely to prejudice either an internal ongoing investigation (for example in relation to fraudulent behaviour, bonus abuse etc.) or one conducted by the relevant authorities in relation to other offences;
- The Company’s AML/CFT and Responsible Gambling risk assessments and monitoring information pursuant to applicable laws, since such disclosure is likely to prejudice the operation of the business by enabling customers to bypass mechanisms specifically set for the prevention and detection of such activities;
- Information relating to ongoing negotiations with customers if such disclosure is likely to prejudice any negotiations to settle disputes/issues;
- Information relating to the Company’s internal processes including customer and risk management procedures which are strictly confidential, and disclosure would disrupt internal business operations;
- Information including third party personal data since such disclosure may adversely affect the rights and freedoms of the third parties in question; and
- Information subject to Legal Professional Privilege (LPP).
- Right to rectification/ correction of your personal data
The Company takes all reasonable measures to ensure your personal data is accurate, complete and up-to-date. If you believe that the personal data that the Company holds about you is inaccurate, incomplete or not current, you must either update the information from the “My Account” section on your profile or contact the Company immediately and the information will be corrected if the Company is satisfied that a correction is required.
- Right to erasure of your personal data
Kindly note that right to erasure is not absolute and may be limited, for example, due to the Company’s legal obligations, or for the establishment, exercise or defence of legal claims. This means that the Company will not be able to exercise erasure in relation to personal data that the Company needs to keep as per its data retention policies.
- Right to restrict processing of your personal data
Kindly observe that your data will be stored for the time of restriction and shall be processed only if you gave your consent or in order to establish, exercise or defend legal claims, protect the rights of another natural or legal person and for the reasons of important public interest.
- Right to data portability/ transfer your personal data
- Right to object to the processing of your personal data
Whilst the latter is an absolute right, the first will require a balance assessment of your interests, rights and freedoms against the Company’s legitimate interests.
The right to obtain human intervention, express your point of view and contest the decision where it is based on solely automated decision making, including profiling, which produces legal effects concerning you or similar significant effects.
Please note that the Company will respond to any of your requests about your rights without undue delay and in any case within thirty (30) days from date of receipt of your request (this period may be further extended in line with applicable law).
9. What measures does the Company adopt to protect your Personal Data?
We take appropriate measures to prevent abuse, loss, unauthorised access, unwanted disclosure, and unauthorised modification of personal information. For example, the Company makes use of secure network connections, firewalls, encryption, and anonymises data where possible. However, you acknowledge that no method of transmission over the Internet, nor any method of electronic storage, is fully secure. The Company does its best to protect your personal data, but it cannot guarantee its absolute security. The Company’s employees, agents, and contractors have restricted access to personal information to a need-to-know basis subject to confidentiality agreements.
In order to protect your account, you are ultimately responsible for maintaining your username and password confidential and secure. The Company will never ask you for your password except when you log into its website and enter your password at which time it is encrypted. If you become aware of any unauthorized access to or use of your account, you are required to notify the Company immediately. Where the Company’s mobile application(s) requires biometric authentication, your credentials will be securely encrypted by and stored on your device. They will not be stored in the Company’s mobile application(s) nor held or accessed by it in any way. The Company will only know whether you have been successfully identified or not. Please note that if you store fingerprints of other persons on your device, those persons will also be able to access the Company’s mobile application(s) via fingerprint when fingerprint is enabled.
The Company has adopted procedures to deal with any actual or suspected breach of security safeguards involving personal data. Unless otherwise prohibited by applicable law, the Company will promptly notify you in the event of a breach which could reasonably result in a real risk of significant harm to you. We will also report any such breach to the competent authorities as required by applicable laws and keep a record of any such breach to the extent required by applicable laws.
10. Changes to this Privacy Notice
The Company hereby reserves the right at its discretion to change or modify this Privacy Notice from time to time. To the extent that this Privacy Notice or sections thereof are subject to a material change, the Company shall inform you of such change through reasonable measures including email or notice on the website and require re-acceptance of the Privacy Notice. Otherwise, all other changes to this Privacy Notice are effective as of the stated “Last revised” date, and your continued use of the Services after the Last revised date will constitute acceptance of, and agreement to be bound by, those changes.
11. How can you complain?
You have a right to lodge a complaint to a supervisory authority in the Member State of your habitual residence, place of work or place of alleged infringement. Also, you can lodge a complaint with the Company’s lead supervisory authority in Cyprus, which is Commissioner for Personal Data Protection (Επίτροπος Δεδομένων Προσωπικού Χαρακτήρα). Under PIPEDA, individuals also have the right to file a complaint with the Office of the Privacy Commissioner of Canada.
12. Company Contact Information
For questions or comments regarding this Privacy Notice or the processing of your personal data by the Company, you may contact us via e-mail at dp@reelfungamingltd.com or by post, at ‘Arch. Makarious III, 1-7, Mitsi Building no 3, Floor 3, Apartment/office 310, 1065, Nicosia Cyprus.
13. Annex A
Categories of Personal Data Processed
| Categories of personal information | Examples |
| Identifying data and contact details |
|
| Account Details |
|
| Payment Details/ Financial Data |
|
| Information relating to playing behaviour and (placed) bets |
|
| Information the Company is required to collect by virtue of its obligations stemming from AML/CFT |
|
| Information the Company is required to collect by virtue of its duty of care/ responsible gaming obligations |
|
| Information relating to criminal offences |
|
| Information on your use of the Company’s website, applications and online user environment |
|
| Correspondence, call recordings and chat recordings |
|
| Direct marketing and communication data |
|
| Information obtained from third parties and public sources |
|
14. Annex ‘B’
Purpose and Authority for Processing Personal Data
| Purpose and Basis | Examples |
| Customer registration Legal Basis: Necessary for performance of the Company’s agreement with you |
|
| Verifying your identity and whether you are of age Legal Basis: To comply with a legal obligation imposed on the Company |
|
| Enabling participation in the Company’s Services Legal Basis: Necessary for performance of the Company’s agreement with you |
|
| To prevent and/or combat excessive participation and gambling addiction Legal Basis: To comply with legal obligations imposed on the Company |
|
| Fighting fraud and preventing AML/CFT Legal Basis: To comply with legal obligations imposed on the Company |
|
| Investigating and reporting suspicious (gambling) activities Legal Basis: To comply with legal obligations imposed on the Company |
|
| For the development and improvement of the Company’s business operations, products and services Legal Basis: Legitimate business interests |
|
| For communication, promotion and marketing purposes Legal Basis: Consent |
|
| To provide a personalized experience Legal Basis: Legitimate business interest |
|
| VIP Loyalty Programme Legal Basis: Necessary for the performance of the Company’s agreement with you |
|
| To ensure the security and stability of the Company’s services and IT systems Legal Basis: Legitimate business interest |
|
| Legal Protection Legal Basis: Legitimate business interest |
|
Version: 1
Last revised: 23.04.2026
- Background
- Personal Data and Collection of Information
- What information does the Company collect and how does it use it?
- Who will the Company share your information with?
- International Transfer of Personal Data
- How long does the Company keep your Personal Data for?
- Automated Individual Decision-Making
- What are your legal rights?
- What measures does the Company adopt to protect your Personal Data?
- Changes to this Privacy Notice
- How can you complain?
- Company Contact Information
- Annex A
- Annex ‘B’
SweetReels now available for Android
Experience the thrill of our iGaming website seamlessly on Android through our dedicated mobile app, delivering excitement wherever you go.
Responsible Gaming
SweetReels is operated by Reelfun Gaming Limited, a company duly registered under the laws of Cyprus, bearing company registration number HE 483421 and having its registered office address at Arch. Makarios III, 1-7, Mitsi Building no 3, Floor 3, Apartment/Office 310, 1065 Nicosia Cyprus, being in possession of a B2C remote gaming licence (licence number: 0000132) issued by the Tobique Gaming Commission, under the Tobique Gaming Act, 2023.