1. General Provisions
1.1. This Privacy Policy (hereinafter referred to as the Policy) describes how Carletta Ltd, the operator of the Pin Up platform (hereinafter referred to as “We,” “Our,” or “Operator”), collects, uses, stores, and protects the personal data of users (hereinafter referred to as “You,” or “User”).
1.2. The policy is developed in accordance with data protection principles, including the General Data Protection Regulation (GDPR), Curacao eGaming licensing requirements and international information security standards.
1.3. By using the Pin Up platform, you confirm that you have read this Policy and agree to the terms of processing your personal data.
1.4. If you do not agree with the terms of this Policy, please do not use our services.
2. What data do we collect?
2.1. Data provided by you voluntarily:
— Registration information: first name, last name, date of birth, email address, telephone number, country of residence.
— Payment details: information about bank cards, e-wallets, and crypto wallets (please note: full card details are not stored on our servers; processing is carried out through secure payment gateways).
— Verification documents: scanned copies of your passport, ID card, proof of address (utility bill), selfie with the document.
— Communication data: content of support service requests, conversation recordings (in the case of telephone calls with a warning).
2.2. Data collected automatically:
— Technical information: IP address, browser type, operating system, device language, session time.
— Activity data: betting history, gaming preferences, bonus usage, account login logs.
— Cookies and similar technologies: For information on how to use this website, please see Section 9.
2.3. Data from third-party sources:
— Information from payment providers to confirm transactions.
— Data from identity verification partners (KYC providers).
— Information from open registries to verify compliance with sanctions lists.
3. Purposes of personal data processing
We process your data only for legitimate and specific purposes:
3.1. User identification and verification:
— Confirmation of age (18+) and identity.
— Preventing the creation of multiple accounts.
— Compliance with licensee requirements and anti-money laundering (AML) legislation.
3.2. Ensuring the operation of the service:
— Account registration and management.
— Processing deposits and withdrawals.
— Providing access to games and bonuses.
— Technical support and dispute resolution.
3.3 Security and Fraud Prevention:
— Detection of suspicious activity and abnormal betting patterns.
— Protection from unauthorized access to your account.
— Investigation of violations of platform rules.
3.4. Communication with the user:
— Sending notifications about transaction status, bonuses, and changes in terms.
— Responses to support requests.
— Information about promotions (only with your consent).
3.5. Analytics and service improvement:
— Analysis of user behavior for interface optimization.
— Testing new features and games.
— Generation of anonymized statistics for reporting.
3.6. Fulfilment of legal obligations:
— Providing data to the regulator upon official request.
— Storing records in accordance with license requirements.
4. Legal basis for data processing
4.1. Processing is carried out on the following grounds:
— Performance of the contract: processing is necessary to provide you with access to the services in accordance with the User Agreement.
— Legitimate interest: ensuring platform security, preventing fraud, improving service quality.
— User consent: to send marketing materials, use optional cookies.
— Legal obligation: compliance with the requirements of the licensing authority, tax and financial legislation.
4.2. You may revoke your consent to the processing of data for marketing purposes at any time through your account settings or by contacting support. This will not affect the lawfulness of any processing carried out prior to your revocation.
5. Transfer of data to third parties
5.1 We do not sell or transfer your personal information to third parties for commercial purposes.
5.2. Data may be transferred to the following categories of recipients:
— Payment providers: for processing transactions (only necessary data, in encrypted form).
— Verification providers (KYC/AML): to confirm identity and check for compliance with sanctions lists.
— Software providers: Game providers receive information about bets and results to ensure the fairness of the gaming process.
— Hosting providers and technical partners: to ensure the platform's functionality (subject to confidentiality agreements).
— Regulatory authorities: upon official reasoned request within the framework of licensing requirements.
— Legal consultants: in case of litigation or protection of the Operator’s legal interests.
5.3 All third parties who access your data are required to comply with privacy and security standards equivalent to these.
6. International data transfer
6.1. Due to the Operator's international activities, your data may be transferred to and processed in jurisdictions outside your country of residence, including countries whose level of data protection may differ from your legislation.
6.2. In such cases, We take additional protective measures:
— Conclusion of standard contractual clauses (SCC) approved by international bodies.
— Requiring partners to comply with principles of adequate data protection.
— Data encryption during transmission and storage.
6.3. By submitting your data, you agree to its international processing for the purposes specified in this Policy.
7. Data storage periods
7.1. We store your personal data only for as long as necessary to achieve the purposes of processing:
— Account data: for the duration of the account activity plus 5 years after the last login (license requirement for audit).
— Payment details: up to 7 years in accordance with financial legislation.
— Verification data: 5 years after account closure.
— Activity logs: 2 years for security and analysis purposes.
— Marketing preferences: until consent is revoked or 3 years from the last interaction.
7.2. Upon expiration of the terms, the data is anonymized or securely deleted.
7.3. You may request early deletion of your data, except in cases where retention is required by law (e.g. to investigate fraud or comply with a regulator's request).
8. Your rights regarding personal data
Subject to applicable law, you have the following rights:
8.1 Right of access: request a copy of your personal data that we process.
8.2. Right to rectification: request correction of inaccurate or incomplete data.
8.3. Right to erasure (“right to be forgotten”): request that data be erased if it is no longer needed for the stated purposes or if you withdraw consent.
8.4. Right to restriction of processing: request that processing be suspended in disputed situations (e.g. when the accuracy of the data is contested).
8.5. Right to data portability: to receive your data in a structured, machine-readable format for transmission to another controller.
8.6 Right to object: object to data processing on the basis of legitimate interest or for direct marketing.
8.7. Right to withdraw consent: withdraw consent to processing at any time where it is the basis.
8.8 Right to lodge a complaint: contact the data protection supervisory authority in your jurisdiction.
To exercise your rights, please send a request to [email protected] with the subject "Data Protection Request." We will respond within 30 days. For your security, we may request additional identification.
9. Cookies and Tracking Technologies
9.1 What are cookies:
Cookies are small text files that are stored on your device when you visit a website. They allow us to recognize you, remember your settings, and analyze your use of the service.
9.2. Types of technologies used:
— Necessary cookies: provide basic functionality (account login, security, settings). Disabling them will make the service unavailable.
— Functional cookies: remember your preferences (language, currency, region).
— Analytical cookies: collect anonymized data on traffic and behavior to improve the website (Google Analytics, Yandex.Metrica).
— Marketing cookies: used to personalize advertising and measure campaign effectiveness.
9.3. Managing Settings:
You can manage the use of cookies through:
— Browser settings (section "Privacy" or "Security").
— Cookie consent banner on your first visit to the site.
— Account settings in the "Privacy" section.
Please note: disabling analytics and marketing cookies will not affect the functionality of the platform, but may limit the personalization of content.
9.4 Other technologies:
We may also use local storage, pixel tags, and device fingerprinting for security and analytics purposes. These technologies do not collect personal data without your consent.
10. Data protection measures
10.1 We use technical and organizational measures to protect your data from unauthorized access, modification, disclosure, or destruction:
— Encryption: Data transmission is carried out using the TLS 1.3 protocol; sensitive data is encrypted at rest.
— Access control: only authorized employees who have completed training and signed a confidentiality agreement have access to personal data.
— Monitoring and logging: all actions with personal data are recorded for subsequent audit.
— Regular testing: pentests and security audits conducted by third-party experts.
— Backup: data is regularly backed up on secure servers.
— Employee training: regular training on data protection and cybersecurity.
10.2. In the event of a data breach that may pose a risk to your rights and freedoms, we will notify you and the regulator within the timeframes established by applicable law.
11. Protection of minors
11.1. The Pin Up Services are intended solely for individuals over the age of 18 (or the legal age in your jurisdiction, if higher).
11.2. We do not knowingly collect data from minors. If an account belonging to a person under 18 is discovered, the account will be immediately blocked and the data deleted.
11.3. Parents and guardians are encouraged to use parental control software to restrict minors' access to gaming platforms.
11.4 If you believe that a minor has provided us with their data, please contact us immediately: [email protected].
12. Changes to the Privacy Policy
12.1. We may update this Policy in connection with changes in legislation, technology, or the Operator’s activities.
12.2. The current version of the Policy is always available via a link in the footer of the website, indicating the date of the last update.
12.3 If there are material changes that affect your rights, we will notify you:
— Via the email linked to the account.
— Via a pop-up notification when logging into the platform.
— Through the official communication channel (subject to consent).
12.4. Continued use of the service after the changes come into effect constitutes your agreement with the updated Policy.
13. Contact information
For questions regarding the processing of personal data and the exercise of your rights, please contact: Online chat: available on the official website and in the app
For official inquiries from regulators and legal entities:
Carletta Ltd
License: Curacao eGaming
Response time to request: up to 30 calendar days.
14. Final Provisions
14.1. This Policy is an integral part of the Pin Up User Agreement.
14.2 If any provision of the Policy is found invalid, this will not affect the validity of the remaining provisions.
14.3. This Policy is written in Russian. In the event of discrepancies in translations, the Russian version shall prevail.
14.4. Issues not regulated by the Policy shall be resolved in accordance with the legislation of the licensing jurisdiction and the terms of the User Agreement.
> Important: Responsible Gambling. Gambling can be addictive. 18+. Play responsibly. Set limits. Seek help at the first sign of loss of control: BeGambleAware.org | GamCare.org
