This Privacy Policy (hereinafter referred to as the “Policy”) sets out the rules for the

collection, use, storage and protection of personal data of users of the iZi.Play

mobile application (hereinafter referred to as the “Application”) and forms an integral

part of the Terms of Service (the “Terms”).

By using the Application, the User confirms that they have read and understood this

Policy and agree to the processing of their personal data as described herein. If the

User does not agree with the terms of this Policy, they must stop using the

Application and remove it from their device.

The terms “Company”, “User”, “Application”, “Gaming Location”, “Account”,

“Balance”, “Support Service”, “Application Content” and other capitalised terms used

in this Policy shall have the meanings assigned to them in the Terms, unless

expressly stated otherwise herein.

1. Data Controller and Scope of the Policy

1.1. For the purposes of this Policy, the Company acts as the data controller. The

Company owns and operates the Application and determines the purposes and

means of processing Users’ personal data.

1.2. This Policy applies to all personal data processed by the Company in connection

with:

● the use of the Application by Users;

● the registration and use of a User Account;

● communications between the User and the Support Service;

● the use of functionality related to topping up the Balance, booking services at

Gaming Locations, and other features available within the Application.

1.3. This Policy applies regardless of the User’s country of residence or location.

Personal data is processed in accordance with applicable data protection laws in the

relevant jurisdictions.

2. Legal grounds for processing personal data

2.1. The Company processes Users’ personal data on the following legal grounds

(depending on the specific situation and the applicable data protection laws):

● performance of the Terms between the User and the Company, including

ensuring the operation of the Application and its functionality;

● compliance with legal obligations to which the Company is subject;

● legitimate interests of the Company, such as ensuring the security and proper

functioning of the Application, preventing fraud and misuse, and protecting the

rights and lawful interests of the Company, other Users and Gaming

Locations;

● the User’s consent to the processing of personal data — in cases where such

consent is required by law or by the nature of the personal data being

processed.

2.2. In jurisdictions where it is permitted or required by law, the User has the right to

withdraw their consent to the processing of personal data. The procedure for

exercising this right is described in Section 10 of this Policy.

3. Categories of personal data processed

3.1. Depending on the User’s actions and the functionality of the Application being

used, the Company may process the following categories of personal data:

3.1.1. Account data

● the mobile phone number used for registration and authentication;

● the User’s name or nickname (if provided);

● the User’s date of birth and/or age — in cases where such information is

required by the functionality of the Application or by applicable law;

● any other information voluntarily provided by the User within their Account,

when contacting the Support Service, or in the course of using the

Application.

3.1.2.Application usage and device data

● information about the User’s device (such as device type, operating system,

application version, language settings);

● IP address and general information about the region/country of connection (to

the extent necessary for the proper functioning of the Application and

compliance with legal requirements);

● technical data relating to the interaction with the Application (such as login

time, features used, error logs, etc.);

● technical identifiers of devices and/or Application installations (for example,

mobile device identifiers or advertising identifiers), used for analytics,

diagnostics and ensuring the security of the Application.

3.1.3. Payment and Balance data

● information about the fact of payment, the amount, currency and status of the

transaction;

● a transaction or operation identifier;

● information relating to the topping-up and spending of the Balance within a

particular Gaming Location.

Bank card details and other sensitive payment credentials are processed and stored

by payment service providers. The Company receives only a limited set of

information from the payment provider (for example, a payment token, masked card

number and transaction status), sufficient for processing payments and accounting

for transactions within the Application.

3.1.4. Communication data with the Support Service

● User requests submitted through the Application, the website or other official

communication channels of the Company;

● any additional information voluntarily provided by the User for the purpose of

handling such requests (for example, screenshots, problem descriptions,

Gaming Location details, etc.).

3.1.5. Data collected through cookies and similar technologies

● information about the User’s actions within the Application and/or related

web-interfaces;

● technical and statistical data regarding the use of services, including

aggregated and anonymised data.

3.2. The Company does not collect or process special categories of personal data

(such as information about race or ethnic origin, political opinions, religious beliefs,

health, sexual life, etc.), nor biometric data, unless such processing is expressly

brought to the User’s attention and is required by law.

4. Purposes of processing personal data

4.1. The personal data of Users is processed by the Company for the following

purposes:

4.1.1. To register and maintain the User’s Account, as well as to provide

authentication and access to the functionality of the Application;

4.1.2. To ensure the operation of the Application and its functionality, including:

● providing information about Gaming Locations;

● managing the User’s Account and Balance;

● enabling Balance top-ups in certain Gaming Locations;

● booking Terminals and other services;

● applying promo codes and participation in loyalty programmes;

4.1.3. To process payments and settlements involving Gaming Locations and

payment service providers, to the extent necessary for the functioning of the

Application;

4.1.4. To communicate with the User in relation to the use of the Application,

including:

● responding to support requests submitted to the Support Service;

● sending notifications about changes to the functionality of the Application, the

Terms or this Policy;

● sending technical, service-related or other messages necessary for the use of

the Application;

4.1.5. To ensure the security of the Application, prevent fraud and other unlawful

activities, and to protect the legitimate rights and interests of the Company, other

Users and Gaming Locations;

4.1.6. To analyse and improve the performance of the Application, including:

● collecting and analysing usage statistics;

● identifying and resolving errors;

● improving stability and performance;

● developing new features and services;

4.1.7. To comply with applicable legal requirements, including responding to lawful

requests from public authorities and fulfilling the Company’s accounting, tax and

other statutory obligations.

4.2. If the Company intends to use personal data for purposes not specified in this

Policy, the User will be additionally informed of such processing. Where required by

applicable law, the Company will also obtain the User’s consent prior to commencing

such processing.

5. Disclosure of Personal Data to Third Parties

5.1. The Company may disclose a User’s personal data to third parties only where

such disclosure is necessary for the purposes of processing described in this Policy,

has a valid legal basis, and only to the extent required for such disclosure:

5.1.1. Gaming Locations.

Personal data may be disclosed to the relevant Gaming Location to the extent

necessary for:

● identifying the User;

● providing services to the User within the Gaming Location;

● accounting for and using the Balance linked to that Gaming Location.

In such cases, the Gaming Location acts as an independent data controller with

respect to the processing of the User’s personal data in the course of providing its

services, and may have its own privacy policy and terms of service.

The Gaming Location bears independent responsibility for the processing of the

User’s personal data in this context.

5.1.2. Payment service providers and financial institutions.

Personal data may be disclosed to payment service providers, banks and other

financial institutions for the purposes of:

● processing and confirming payments;

● complying with applicable financial monitoring and anti-fraud/anti-money

laundering regulations.

5.1.3. Technical and service providers.

The Company may engage third-party service providers to deliver services such as:

● data hosting and processing;

● analytics and service performance monitoring;

● technical support and communications.

Such providers process personal data solely on behalf of the Company, on the basis

of contractual arrangements, and are required to comply with applicable data

protection legislation and this Policy.

5.1.4.Public authorities and other parties.

Personal data may be disclosed where such disclosure is expressly required by law

or is reasonably necessary to protect the legitimate rights and interests of the

Company, Users or third parties (for example, in the course of handling claims or

disputes, or in response to lawful requests from competent authorities).

5.1.5. Company successors.

In the event of corporate restructuring, business transfer or assignment of the

Company’s rights and obligations to a third party, personal data may be transferred

to such successor, provided that the successor complies with this Policy and

applicable data protection legislation.

5.2. The Company does not sell Users’ personal data to third parties and does not

otherwise disclose such data except as expressly provided in this Policy or where

disclosure is required under applicable law.

6. Cross-Border Transfer of Personal Data

6.1. Due to the international nature of the Application, the processing of Users’

personal data may be carried out on servers and/or using services located outside

the country in which the User is physically located.

6.2. In such cases, the Company takes reasonable and appropriate measures to

ensure that an adequate level of protection of personal data is maintained in

accordance with applicable data protection laws, including, where required:

● the use of contractual safeguards (such as standard contractual clauses or

equivalent instruments);

● transferring data only to recipients that ensure an adequate level of protection

of personal data;

● compliance with any additional legal requirements applicable to cross-border

data transfers in the relevant jurisdiction.

6.3. Cross-border transfer of personal data is carried out only where there is a valid

legal basis for such transfer and only to the extent necessary to achieve the

purposes of processing described in this Policy.

7. Data Retention Periods

7.1. The Company stores Users’ personal data only for as long as is necessary to

achieve the purposes for which such data is processed, as described in this Policy

and/or the Terms, unless a longer retention period is required or permitted under

applicable law.

7.2. As a general rule, personal data is retained:

● for the entire period during which the User’s Account remains active and the

User continues to use the Application;

● for a reasonable period thereafter, for example, for the purposes of resolving

disputes, maintaining business and financial records, complying with legal

obligations and enforcing the Company’s rights.

7.3. Once the purposes of processing have been achieved, or upon expiry of the

legally required retention periods, the personal data shall be deleted or anonymised,

unless continued storage is mandatory under applicable law.

8. Security of Personal Data

8.1. The Company takes reasonable and appropriate organisational and technical

measures to protect Users’ personal data from:

● unauthorised or accidental access;

● destruction, alteration, blocking, copying or disclosure;

● as well as any other unlawful forms of processing.

8.2. Such measures may include, among others:

● restricting internal access to personal data within the Company;

● implementing information security tools and access control systems;

● using encryption and other data protection technologies where reasonable

and appropriate;

● regularly updating software and technical infrastructure;

● training Company personnel in the principles of secure personal data

handling.

8.3. Despite the measures taken, the Company draws the User’s attention to the fact

that no method of data transmission over the Internet or method of electronic storage

can be guaranteed to be completely secure. The User also agrees to take

reasonable steps to protect their device, login credentials and any information used

in connection with the Application.

9. Children and Age Restrictions

9.1. The Application is intended for use by individuals who have sufficient legal

capacity to enter into binding agreements under the applicable law, or who use the

Application with the consent and under the supervision of their legal representative.

These requirements are also reflected in the Terms of Service.

9.2. In jurisdictions where the processing of children’s personal data is restricted or

allowed only with the consent of a legal representative, the Company:

● does not intentionally collect personal data of children who have not reached

the age required by applicable law to provide valid consent to the processing

of personal data;

● may implement age-verification procedures and request confirmation of

consent from a legal representative where the use of the Application by

children is permitted only subject to such consent.

9.3. If the Company becomes aware that a child’s personal data has been provided

without the necessary consent of a legal representative (where such consent is

required by law), the Company will take reasonable steps to cease processing such

data and delete it to the extent practicable and permitted under applicable law.

10. User Rights Regarding Personal Data

10.1. Depending on the applicable data protection laws and the jurisdiction in which

the User is located, the User may have the following rights in relation to their

personal data:

● the right to receive information about whether the Company processes their

personal data;

● the right to access their personal data and obtain copies of such data;

● the right to rectify (correct, update or complete) inaccurate or incomplete

personal data;

● the right to request the deletion of personal data (in cases provided for by

applicable law);

● the right to request the restriction of processing of personal data (where such

right is provided under applicable law);

● the right to withdraw consent to the processing of personal data, where the

processing is based on the User’s consent;

● the right to object to the processing of personal data, where such processing

is carried out on the basis of the Company’s legitimate interests;

● as well as any other rights granted to the User under applicable data

protection legislation.

10.2. The User may exercise their rights:

● through the functionality of the Application (where such functionality is

available), or

● by submitting a request to the Support Service via the Application or through

any other official contact method specified by the Company.

10.3. When receiving a request from a User, the Company may request additional

information necessary to verify the User’s identity and prevent unauthorized access

to personal data.

10.4. The Company processes User requests within a reasonable timeframe

established by applicable law.

If the Company is unable to comply with a User’s request (for example, due to legal

restrictions or data retention obligations), the User will be informed of the reasons for

such refusal.

11. Cookies, Identifiers and Analytics

11.1. When using the Application and/or related web interfaces, cookies, SDKs,

device identifiers and other technical tools may be used in order to:

● ensure the proper functioning of the services;

● store the User’s settings and preferences;

● collect anonymised statistics on the use of the Application;

● improve the interface and functionality of the Application.

11.2. Depending on the settings of the User’s device or browser, the User may

restrict the use of cookies and identifiers. Such restrictions may affect the operation

of certain functions of the Application or related web interfaces.

11.3. When third-party analytics or technical support services are used (for example,

logging systems, statistical tools or crash-reporting services), data may be

transferred to such services in an anonymised or otherwise minimised form and only

on the basis of agreements with the relevant service providers.

12. Changes to this Policy

12.1. The Company may, from time to time, amend or supplement this Policy,

including in connection with:

● changes to the functionality of the Application;

● changes in applicable data protection or other legislation;

● the development of the Company’s internal processes and services.

12.2. The current version of this Policy is made available in the Application and/or on

the Company’s website. In the event of material changes, the Company may

additionally notify the User (for example, by means of a notification within the

Application).

12.3. Continued use of the Application after the updated version of the Policy comes

into effect shall constitute the User’s acceptance of such changes. If the User does

not agree with the updated Policy, they must stop using the Application and remove

it from their device.

13. Contact Information

13.1. If the User has any questions regarding this Policy, the processing of their

personal data, or the exercise of their rights, they may contact the Company’s

Support Service through the Application or by using any other official communication

channels indicated by the Company.

13.2. The Company may additionally provide a contact email address and/or postal

address for matters relating to the processing of personal data within the Application

and/or on its official website.

14. Contact Information and Personal Data Processing

14.1. The processing of Users’ personal data within the iZi.Play mobile application is

carried out by:

IZI Software L.L.C-FZ

Legal form: Limited Liability Company

Country of registration: United Arab Emirates

License: Business License No. 2313173.01

Formation number: 2313173

Registered address: Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba,

Dubai, United Arab Emirates

14.2. For matters related to the processing of personal data, the exercise of Users’

rights, as well as any other questions concerning privacy and data protection, Users

may contact the Company at the following email address:

hello@izi.is