The CoinPoker Free-to-Play Platform, accessible at www.coinpoker.netand through its connected mobile application (collectively, the “Platform”), is operated by Vantix Tech Limited (“CoinPoker”, “we”, “us” or “our”). CoinPoker is committed to protecting your privacy and handling your personal data responsibly and transparently.
This Privacy Policy (“Policy”) explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have in relation to it. Please read it carefully before registering on or using the Services.
This Policy forms part of the Platform Policies alongside the Terms and Conditions and the Privacy Notice and Consent Form. Capitalised terms used but not defined in this Policy have the meaning given to them in the Terms and Conditions.
We reserve the right to update this Policy at any time. We will notify you of material changes, and your continued use of the Services after such notice constitutes acceptance of the updated Policy. Where any change materially affects the processing of your personal data on a basis that requires your consent, we will seek fresh consent separately — continued use of the Services alone will not be treated as such consent.
1. Data Controller
Vantix Tech Limited, a company incorporated under the laws of Malta with its registered office at 2nd Floor Tower Business Centre Office Number 207, Triq IT-Torri, Swatar Msida, BKR 4013, Malta, is the data controller responsible for the personal data collected and processed through the Platform.
You may contact us on data protection matters at [email protected].
2. Data Protection Officer
Our Data Protection Officer (“DPO”) can be contacted — Anthony Debono at [email protected]. Where a DPO is not mandatorily required, the above is our designated contact point for all data protection queries and the exercise of your rights.
3. Information We Collect
When you register and use the Platform, we may collect the following categories of personal data:
- Account data: your email address and password (stored in hashed form), collected at registration.
- Gameplay data: hand histories, chip balances, Reward Point balances, leaderboard rankings, ring-game participation records, and freeroll tournament results generated through your use of the Services.
- Engagement and behavioural data: in-app events, session data, and feature usage signals, collected through our analytics and engagement tools.
- Device and attribution data: device identifiers, operating system, campaign source, and install data collected through our attribution and analytics tools.
- Communications data: support tickets submitted to [email protected] and related correspondence.
- Cookie and tracking data: information collected through cookies and similar technologies as described in Clause 4.
We do not collect GPS or real-time location data. We do not use social login. Registration is by email and password. We do not knowingly collect any special categories of personal data unless separately and explicitly consented to or otherwise required or permitted under Applicable Laws.
You have the option not to provide certain information beyond what is strictly necessary to create and operate your Account. However, withholding information that is necessary to deliver the Services may mean we are unable to provide some or all of the Services to you. This does not affect any right you have to object to or withdraw from non-essential processing, as described in Clause 10.
4. Cookies and Tracking Technologies
When you visit the Platform, cookies and similar tracking technologies may be placed on your device. A cookie is a small text file that helps us recognise your browser and personalise your experience.
- Strictly necessary cookies: required for the Platform to function. These cannot be switched off.
- Analytics and performance cookies: used to understand how Users interact with the Platform. These help us improve the Services.
- Attribution cookies: used to measure campaign effectiveness and track installs. These run on legitimate interests at launch.
You can manage or disable non-essential cookies through your browser or device settings. Disabling certain cookies may affect Platform functionality. Third-party advertisers, where applicable, may place their own cookies — those are governed by the third party’s own privacy policy and are not controlled by CoinPoker.
5. How We Collect Your Information
We collect your personal data:
- directly from you when you register, use the Services, or contact our support team;
- automatically through your use of the Platform, including gameplay activity, session data, and device information;
- through third-party analytics and attribution tools that track in-app events and campaign data; and
- through support correspondence submitted to [email protected].
6. Purposes of Processing and Legal Bases
We process your personal data only for specific and limited purposes. Each purpose rests on a lawful basis under the General Data Protection Regulation (“GDPR”) and applicable national data protection law:
- Performance of a contract – to create and operate your Account, provide the Services, administer Membership subscriptions, and handle customer support. Processing under this basis is necessary to perform our agreement with you.
- Compliance with a legal obligation – to meet our legal, regulatory, and law-enforcement obligations across applicable jurisdictions, including identity verification, record-keeping, and responding to lawful authority requests.
- Our legitimate interests – to secure the Platform and prevent fraud, cheating, collusion, and multi-accounting; to carry out analytics, attribution measurement, and service improvement; and to detect unauthorised use of third-party programs or bots. We have carried out a balancing assessment for each legitimate-interest purpose to ensure our interests are not overridden by your interests, rights, and freedoms. You may request details of any such assessment using the contact information in Clause 2.
- Your consent – for marketing and promotional communications about the CoinPoker F2P Platform by email, and any other optional processing identified in the Privacy Notice and Consent Form. Consent is sought separately, is freely given and specific, and may be withdrawn at any time without affecting the lawfulness of processing already carried out or your continued use of Services that do not depend on that consent.
Your personal data will not be used for any purpose other than those stated above without a further lawful basis or fresh consent.
7. How We Use Your Information
Specifically, the information we collect is used for the following purposes:
- creating, verifying, and managing your Account;
- providing, operating, and personalising the Services;
- administering Membership subscriptions;
- sending transactional and service communications, including account-security notifications, verification emails, and service updates;
- sending marketing and promotional communications about the Platform, solely where you have given separate opt-in consent for that channel;
- conducting analytics, engagement measurement, and service improvement;
- tracking campaign attribution and install data;
- enforcing fair play through anti-cheat, anti-collusion, and multi-accounting detection, including analysis of device identifiers and IP addresses;
- conducting customer verification at any stage as required under Applicable Laws or as CoinPoker deems necessary;
- handling disputes, enforcing the Platform Policies, and protecting our legal rights;
- complying with legal and regulatory obligations, responding to court orders, and cooperating with law-enforcement authorities; and
- carrying out market research and periodic analysis of Platform traffic to improve the quality and performance of the Services.
8. Disclosure of Your Information
We may disclose your personal data, on an appropriate lawful basis and subject to appropriate safeguards, to the following categories of recipients:
- CoinPoker group entities and their authorised personnel;
- third-party service providers acting as our processors, subject to appropriate contractual data-protection commitments, for purposes including analytics and event tracking, CRM and push notifications, transactional and marketing email delivery, email validation and deliverability, mobile attribution and install tracking, and customer support;
- professional advisers, auditors, and consultants;
- competent regulatory authorities, law-enforcement agencies, and courts in applicable jurisdictions, where required to comply with a lawful request;
- potential or actual purchasers, investors, or successors in the context of a merger, acquisition, or asset transfer, subject to equivalent data-protection obligations; and
- all calls and written communications with CoinPoker personnel may be recorded for compliance purposes where required by Applicable Laws.
CoinPoker may also disclose personal data where necessary to comply with legal process or governmental requests, to enforce the Platform Policies, to prevent fraud, or to protect the rights of CoinPoker, its Users, or the public.
9. Consent and Marketing Communications
We process your personal data on the lawful bases set out in Clause 6. Where we rely on consent, it is sought separately through the Privacy Notice and Consent Form. Creating an Account or using the Services does not, by itself, constitute consent to any processing that requires your separate consent.
Marketing and promotional communications about the Platform will only be sent by email where you have given separate, specific, and freely given opt-in consent. You may withdraw marketing consent at any time without affecting your continued use of the Services, by adjusting your in-app settings or writing to us at [email protected].
10. Security
CoinPoker implements appropriate technical and organisational measures to protect the personal data we hold against unauthorised access, misuse, disclosure, alteration, or destruction. All employees and third-party processors with access to personal data are contractually required to maintain its confidentiality.
While we implement industry-standard safeguards, no internet transmission or electronic storage is completely secure. We cannot guarantee absolute security against unauthorised access or data breaches arising from circumstances beyond our reasonable control.
In the event of a personal data breach, we will take immediate steps to assess and mitigate the risk. We will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, where required by Applicable Laws. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay by email, in-app notification, or Platform alert, or as otherwise required by law.
By using the Services, you acknowledge that data transmission over the internet inherently involves certain risks, and that CoinPoker’s liability for breaches arising from circumstances beyond its reasonable control is limited to the extent permitted under Applicable Laws.
11. Third-Party Links and Services
The Platform may contain links to third-party websites or services. Those third-party websites are governed by their own privacy policies and CoinPoker exercises no control over them. It is your responsibility to read and understand the privacy policy of any third-party website you visit via a link from the Platform. CoinPoker is not responsible for the handling of your personal data by such third parties.
12. Mergers, Acquisitions, and Asset Transfers
If CoinPoker is acquired by or merges with a third party, becomes insolvent, or transfers all or part of its assets, your personal data may be transferred to the relevant successor, purchaser, or investor, provided that such recipient is bound to protect your personal data under terms at least as protective as this Policy and in accordance with Applicable Laws.
13. Protection of Children
The Services are not intended for or directed at persons below the age of 18 or such higher minimum age as applies in a User’s jurisdiction. All Users are required to confirm they meet the minimum age requirement at registration. CoinPoker reserves the right to verify any information submitted in connection with age compliance.
If we discover that a person below the applicable minimum age has registered, we will deactivate the Account immediately and delete all associated personal data in accordance with this Policy.
14. Rewards and Confidentiality
The distribution of Rewards as defined in the Terms and Conditions is kept strictly confidential. All relevant information is stored in a secure operating environment. The only circumstances in which this confidentiality may be overridden are where disclosure is required by law, regulation, governmental order, or a competent regulatory authority.
15. Legal Bases for Processing — Summary
The following table summarises the lawful basis for each category of processing:
| Lawful basis | Processing activities |
|---|---|
| Contract | Account creation and management; provision of the Services; gameplay; customer support; Membership administration. |
| Legal obligation | Identity verification; record-keeping; responding to lawful authority requests; anti-money-laundering compliance. |
| Legitimate interests | Analytics and service improvement; campaign attribution; security, anti-cheat, anti-collusion, and fraud prevention; detection of EPA programs and bots. |
| Consent | Email marketing communications; any other optional processing identified at the point of collection. |
16. Your Rights as a Data Subject
Subject to the conditions and exceptions under Applicable Laws, you have the following rights in relation to your personal data:
- Right to be informed – to know how your personal data is collected and processed, as set out in this Policy;
- Right of access – to obtain confirmation of and access to the personal data we hold about you;
- Right to rectification – to have inaccurate or incomplete personal data corrected;
- Right to erasure – to have your personal data deleted in certain circumstances;
- Right to restriction of processing – to restrict processing in certain circumstances;
- Right to data portability – to receive your personal data in a structured, commonly used, machine-readable format;
- Right to object – to object to processing based on our legitimate interests and, at any time, to processing for direct marketing purposes;
- Right to withdraw consent – to withdraw any consent at any time without affecting the lawfulness of processing carried out before withdrawal; and
- Rights regarding automated decision-making – not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects concerning you.
- Right to lodge a complaint – with the supervisory authority in your jurisdiction (see Clause 20).
To exercise any of these rights, please write to us at [email protected] or to our DPO, Anthony Debono, at [email protected]. We will respond within one (1) month of receipt of your request, extendable by two (2) further months for complex or numerous requests. An in-app account-deletion flow is available for self-service erasure requests.
17. Automated Decision-Making and Profiling
We use automated tools and profiling for anti-cheat, anti-collusion, multi-accounting detection, security monitoring, and fraud prevention.
In some cases, these tools may result in decisions taken without human involvement. For example, the automated restriction, suspension, or termination of an Account where our systems detect suspected cheating, collusion, use of prohibited third-party software, multi-accounting, or fraudulent activity. Where such a decision produces legal or similarly significant effects on you, you have the right to obtain human review of the decision, to express your point of view, and to contest the decision by writing to us at [email protected].
18. Data Retention
We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required or permitted under applicable data protection law. Processing your personal data is necessary for us to provide the Services under the GDPR; if you ask us to delete data that is necessary to provide the Services, we may no longer be able to serve you. Once the purpose for which data was collected has been fulfilled, it will be deleted. The applicable retention period depends on the category of data and the purpose of processing, including:
- account data: retained for the duration of your Account and for a reasonable period following closure to handle any post-closure queries or legal claims;
- gameplay and Reward Point data: retained during the operation of your Account and for a reasonable period thereafter, or longer where required for fair-play investigations or legal claims;
- analytics and attribution data: retained in accordance with the retention settings of our analytics and attribution providers;
- marketing consent records: retained for as long as your consent is active and for a reasonable period thereafter as proof of consent;
- support correspondence: retained for a reasonable period; and
- data required for the establishment, exercise, or defence of legal claims: until the expiry of the applicable limitation period.
Once no longer required, personal data will be securely deleted or irreversibly anonymised.
19. International Transfers of Personal Data
Where personal data is transferred outside your country of residence to our group entities or processors, we take steps to ensure that such transfers are carried out in accordance with applicable data protection law and that appropriate safeguards are applied.
You may request further information about the safeguards applicable to any specific transfer by writing to us at [email protected].
20. Supervisory Authority and Complaints
You have the right to lodge a complaint with the supervisory authority in your jurisdiction at any time:
- If you are located in the EEA: the supervisory authority in your EEA country of residence.
- If you are located in the UK: the Information Commissioner’s Office (ICO) at www.ico.org.uk.
- If you are located in another jurisdiction: the applicable local supervisory authority or consumer-protection body.
We would appreciate the opportunity to address any concerns directly before you approach a supervisory authority. Please contact us at [email protected] in the first instance.
21. Withdrawal of Consent
You may withdraw any consent given to us at any time by writing to [email protected] or by using your in-app settings. Withdrawing consent is as easy as giving it: because you grant consent by ticking a checkbox at registration, you may withdraw it by unchecking the same box in your account settings. All consent actions — granting, withdrawal, and any modification — are timestamped and recorded in an auditable log.
Upon receipt of a withdrawal request, we will acknowledge it within 5 Business Days and cease processing your personal data for the relevant consent-based purpose. The lawfulness of processing carried out before withdrawal is not affected. Personal data may be retained where required by Applicable Laws, for fraud prevention, dispute resolution, or the exercise or defence of legal claims. Once no longer required for such purposes, the data will be securely deleted or anonymised.
22. Contact Us
If you have any questions about this Policy or about how we handle your personal data, please contact us at:
Vantix Tech Limited
2nd Floor Tower Business Centre Office Number 207, Triq IT-Torri, Swatar Msida, BKR 4013, Malta
Email: [email protected]
DPO: Anthony Debono at [email protected]
This Privacy Policy forms part of the Platform Policies as defined in the Terms and Conditions.