Privacy and Management of Personal Data

This document describes the procedure of collection and processing of users’ data through the Website, hereinafter referred to as the “Website”. The terms “we”, “us”, and “our” refer to Bugago B.V, a legal entity registered under the laws of Curacao.


The information below will help the user better understand:

  • What personal information we collect;
  • Why we collect it and how we use it;
  • How this information is shared;
  • The rights of the user to their personal data;
  • Other privacy and security information.

Controller details:
Name: Bugago B.V.
Registration number: 144825
Registered address: Schout Bij Nacht, Doormanweg 40, Curacao, PO Box 4745

1. Information we collect

1.1. Account and profile set up

While registering an account, we collect personal data that are processed by us in respect to you:

  • Name
  • Surname
  • Address of residence
  • Valid email address and phone number
  • Relevant payment information
  • Your account login details, such as username and password
  • Geolocation

The company reserves the right to request a scanned copy of your passport, financial details, proof of address, and other documents that may be required for KYC or Due Diligence purposes. All data provided by you must be correct and valid. You are solely responsible for the accuracy, completeness, and correctness of the data you provide.

We use the account information of users to:

1.1.1. create and maintain the user’s account. The contract performance (Terms and conditions) between the user and us (see GDPR Art. 6.1.b) is the applied legal basis;

1.1.2. provide the user with online gambling services (hereinafter referred to as “Services”) on the Website (see GDPR Art. 6.1.b);

1.1.3. ensure customer support for the Service provision (see GDPR Art. 6.1.b);

1.1.4. notify of new updates regarding the software implemented or general updates regarding the Website functionality (see GDPR Art. 6.1.b), and analyse the efficiency of the Website in our legitimate interests (see GDPR Art. 6.1.f);

1.1.5. send users other relevant aspects of the Services and the Website upon their consent, e.g. personal marketing or promotional materials such as newsletters etc. (see GDPR Art. 6.1.a).

1.1.6. comply with applicable laws.

We store users’ account data as long as they have the account. If the users become inactive, we delete or anonymize their information within 5 years after their last session, unless this information is further required for the Anti-Money Laundering Compliance.

1.2. Website functionality

We store and process the following categories of information while the user is using the Website:

1.2.1. internal communications held via the Website;

1.2.2. derived information created while using the Website (user logs, support requests, using stats, comments, etc.).

The user acknowledges and agrees that the Company may seek to publish the amounts they have won together with their usernames and profile pictures on the Website, including, without limitation, for promotional purposes. For proper operation, certain games may also require the display of username, profile picture and the amounts won or points scored (for example, in-game leaderboards). The user agrees that we may use their username, profile picture and the amounts won as part of such in-game functionality without the user’s consent.

The contract performance (Terms and conditions) between the user and us (see GDPR Art. 6.1.b) is the applied legal basis. We store the above users’ data as long as they have the account. If users become inactive, we delete or anonymize their information within 24 months after their last session.

1.3. Payments

We do not collect the financial data of users. To order the Services, the user will be automatically redirected to duly authorized financial contractors. They will collect and store the financial data of users directly and under their respective policies.

To comply with applicable accounting and financial laws (see GDPR Art. 6.1.c and in our legitimate interests to comply with foreign laws as per Art. 6.1.f), we retain only payment confirmation provided by the relevant payment service provider and transaction logs. We store the above users’ data as long as they have an account. If users become inactive, we delete or anonymize their information within 5 years after their last session.

1.4. Communications

A user may leave an inquiry, including a request for support: (1) via phone call; (2) in our live chat; (3) or by email. The information provided is used to assist the users with their requests, fix or improve the Website, and analyze our efficiency, including creating statistics of inquiries related to support issues.

The contract performance (Terms and conditions) between us and the user (GDPR Art. 6.1.b) and our legitimate interest in improving the Website (GDPR Art. 6.1.f) is the applied legal basis. We store the above users’ data as long as they have an account. If users become inactive, we delete or anonymize their information within 24 months after their last session. We reserve the right to retain such information for a longer period if so required by AML&CFT laws.

1.5. Website and marketing activities

The following data collection activities are performed on the Website:

1.5.1. collection of log files (IP address, device ID, etc.) to ensure correct Website functionality and manage users’ sessions, stored for a maximum of 24 months from their last visit. Our legitimate interests (see GDPR Art. 6.1.f) are the applied legal basis;

1.5.2. cookies – for more information please visit our Cookie Notice;

1.5.3. web analytics (webpages interactions, source used by the user to access the Website, other users’ actions). Such activity, depending on the method used, is performed based either upon the user’s consent (cookie tracking) or our legitimate interests (see GDPR Art. 6.1.f).

We store marketing data for 24 months of the last communication with the user, the marketing information will be deleted or anonymized thereafter. For the activities requiring the user’s consent, the latter may withdraw their consent at any time by contacting us directly. Such actions will not affect the lawfulness of processing based on the previously given consent. The user can opt out of the email subscription by clicking the appropriate button in our email newsletter.

1.6. Social media features

Our Website may use social media features (“SMF”). SMF can allow the user to post information about their activities on the Website to third-parties platforms and social networks. SMF may also allow the user to like or highlight information we have posted on our Website. SMF are either hosted by each respective platform or directly on our Website. To the extent, the SMF is hosted by the platforms themselves, and the users click through from our Website, the platform may receive information showing that the user has visited our Website. If the user is logged in to their social media account, the respective social media network is likely to link the user’s visit to our Website with their social media profile.

We also allow the user to log in to certain Website pages using sign-in services. These services authenticate the user and offer an option to share certain personal data from the services, such as full name, user’s ID, and network used for authorization. Users’ information exchanged with SMF is covered by the privacy policies of the companies providing them.

2. Third-party access to information

2.1. Third-party software/service providers:

2.1.1. providing software development services;

2.1.2. cloud server computing services;

2.1.3. customer due diligence, know your customer, verification along with accompanying services;

2.1.4. communication, e-mail server, and client relationship management services, where the exchange of messages and emails may include personal data;

2.1.5. helping to monitor the behavior of the Website visitors or provide advertising or marketing services;

2.1.6. providing financial services, processing accounting documents and the personal data contained therein;

2.1.7. helping with work management for further personal data processing;

2.1.8. helping with account registration or authorization for further personal data processing;

The above providers may collect and store user’s data directly and following their policies to which the user is redirected when using a particular piece of software. The indicated processing is based on our instructions only unless otherwise has been established in writing by the parties.

We apply relevant safeguards required by the GDPR such as Standard Contractual Clauses (SCC) if transferring users’ personal data outside EEA.

2.2. Analytics

When using the analytics services, we collect details of Website use, including, but not limited to, traffic and location data.

Non-personally identifiable information is collected and processed by Google Analytics in an anonymised and aggregated way to improve our Website usability and for marketing purposes. Google Analytics is a web analytics service that tracks and reports user traffic on the Website. Google Analytics uses the data collected to track and monitor Website use. This data may also be shared with other Google services. For more information on the privacy practices of Google, please check its Policies at

We store this type of information as long as it is relevant to our analysis and research or as long as the user’s account is active, whichever comes faster. We delete analytics data within 12 months of the user’s last Website visit.

2.3. Other disclosures

In addition to the disclosures for the above purposes, we may disclose information about the user:

2.3.1. in order to support responsible gambling;

2.3.2. if we are required to do so by law, in connection with any legal proceedings, or to establish, exercise or defend our legal rights; and

2.3.3. in case we sell, license or otherwise assign our company, corporate rights, the Website, or its separate parts or features to third parties.

Except as provided in this privacy notice, we do not sell, share or rent user information to third parties.

3. User’s rights

3.1. The user may exercise GDPR rights regarding their personal data. In particular, the user has the right to:

3.1.1. object against information processing;

3.1.2. if we process users’ information for our legitimate interests (e.g., for direct marketing emails or marketing research purposes), the user may object. The user may inform the Company of their objections, and the Company shall consider such request. If there are no compelling interests for the Company to refuse to satisfy the user’s request, the Company will stop processing. If the Company believes that its compelling interests outweigh the user’s right to privacy, the Company should clarify this to the user. The user can unsubscribe from all Company emails.

3.1.3. Access user’s information;

3.1.4. know what personal data the Company processes. The user may obtain the disclosure of the data involved in the processing and a copy of the information undergoing processing.

3.1.5. Verify their information and seek its rectification. If the user believes that the Company processes inaccurate or out-of-date information, the user can verify the accuracy of their information and/or ask for it to be updated or corrected.

3.1.6. Restrict information processing. If the user contests the accuracy of the information, claims that information has been processed unlawfully or would like to object to processing, the user has the right to suspend information processing to verify its consistency. In this case, data processing is suspended (other than storing) until the Company provides the user with evidence of its lawfulness.

3.1.7. Have its personal data deleted. If the Company is not obliged to keep the data for legal compliance and the user’s data is not required in the scope of an active contract or claim, the Company removes such user’s information upon request.

3.1.8. Have its personal data transferred to another organisation. If the Company processes user’s personal data under user’s consent or for the contract performance purposes, the Company can make, upon user’s request, such data available to the user or an organisation at their choice.

The user may file such requests or further inquiries on data protection by contacting the Company at

If the user believes that the use of their personal information by the Company violates their rights, or if the user is dissatisfied with a response received, the user can file a complaint with the competent data protection authority of their choice.

4. Security of your data

The Company takes all necessary measures to protect users’ information from unauthorized or accidental access, destruction, modification, blocking, copying, and distribution, as well as from other illegal actions of third parties. The Company uses third-party software provider services from non-EU states and may transfer the collected data to such states for further processing. In such a case, the Company makes sure that relevant safeguards are applied. More information on international safeguards may be provided upon request.

Immediate access to the data is only allowed to the authorised employees of the Company involved in maintaining the Website and services. Such employees keep strict confidentiality as per their contractual obligations and prevent unauthorized third-party access to personal information.

5. Changes to this notice

The Company reserves the right to update this privacy notice from time to time by posting a new version on the Website. The user is advised to check this page occasionally to review the amendments. However, the Company endeavors to announce any significant changes to the privacy notice.

Last update: