In accordance with the definition established in Law 1581 of 2012, personal data is any information related to or that may be associated with one or several identified or identifiable individuals, such as the name, age, gender, marital status, address, amongst others.
Your personal information and purposes
The data provided by the user in the registration forms shall be stored on yajuego’s databases under a security protocol, for solely commercial, promotional and statistical purposes, in order to comply with the regulations on games of chance, and additionally to fulfil the legal obligations derived from the activity.
“Personal Information” is information you provide to yajuego to register an online gaming account on the Site (the “Account”) and/or to operate the Account, to use the products and services and as may be requested by us. Such information identifies you as an individual, and will consist of, but is not limited to:
- Postal or residential address
- Telephone number (including home and mobile phone numbers)
- Citizen’s ID Card. The Colombian government issued a national ID
- Email address
- Personal picture in ID or any other document.
The personal information you provide to us through the site may be combined with any other information you may provide to us that does not constitute personal information (via online or offline means).
We ask that you do not send us, and do not disclose, any sensitive Personal Information (for example, information related to racial or ethnic origin, political opinions, religion or other beliefs, health or medical condition) on or through the Site.
yajuego might obtain information about you from other sources such as through third party providers to protect against fraud and/or to comply with the applicable laws. We retain the right to access all available resources from time to time to obtain information about you and to permit you to use our products and services to the extent required or permitted by the Colombian legislation.
We will collect, store and process your Personal Information to conduct the services on the Site that you chose to use, to facilitate the registration of your Account, to process your transactions, to respond to your requests and to communicate with you. We will use your email address to communicate with you and to send you notices, information about changes to our services and to provide you notifications and disclosures required by law. By registering an Account, you agree to receive such communication electronically. We may also send you promotional messages about the new products or services, offers or opportunities that may interest you. If you do not wish to receive marketing emails or other emails from us, please send us an email at email@example.com to unsubscribe. However, even if you unsubscribe but retain your Account with yajuego, we reserve the right to send you notices for customer services reasons, including communication about your Account or transactions related to your use of the yajuego products or services.
We may also receive and store certain types of automatic information whenever you interact with us, such as “cookies” or information your internet browser may send to us. This may include an IP address, login cookies, browser type and version, operating system, transaction history cookies, flash cookies or similar data on some parts of the site which may be used to optimise your experience when using the site for fraud prevention and other purposes. You can obtain more information how to manage cookies (or how to disable them altogether) from the help menu of your browser. Please note that disabling the cookies might prevent you from using some of the features the site offers.
We maintain physical, electronic and procedural safeguards in connection with the collection, storage and processing of your Personal Information. It is important for you to take steps to protect against unauthorised access to your Account and your password. You should keep all account-related information confidential. Never share your password. Please refer to our password setting guidelines for more information on how to create and change your password.
Data transfers and data transmissions
Below we present you the duties of the data controllers, rights of the subjects, and the duties of the processors.
DUTIES OF THE CONTROLLER. The Controller has been defined by Law 1581 of 2012 as a public or private individual or legal entity who through themselves or in association with others decides on the database and/or data processing. Duties of the Controllers are those set forth in Article 17 of Law 1581 of 2012: a) Ensuring the Subject, at all times, the full and effective exercise of the habeas data right. b) Requesting and keeping, in the conditions provided for in the aforementioned law, a copy of the respective authorisation granted by the Subject. c) Duly informing the Subject about the purpose of the gathering and the rights that they have by virtue of the granted authorisation. d) Keeping the information under the security conditions necessary for preventing its unauthorised or fraudulent adulteration, loss, consultation, use or access. e) Ensuring that the information that is provided to the Processor is truthful, complete, accurate, up-to-date, verifiable and comprehensible. f) Updating the information, whilst timely informing the Processor of all the developments with regard to the data that they have previously provided them and adopting the other necessary measures for the information provided to them to be kept up-to-date. g) Correcting the information when it is incorrect and relevantly informing the Processor. h) Providing the Processor, when appropriate, solely data whose Processing is previously authorised in accordance with that provided for in the aforementioned law. i) Demanding respect from the Processor of the conditions of security and privacy of the Subject’s information at all times. j) Processing the consultations and claims formulated on the terms indicated in the aforementioned law. k) Adopting an internal policies’ and procedures’ manual for ensuring the adequate compliance with the aforementioned law and especially for the attending to of consultations and claims. l) Informing the Processor when certain information is being discussed by the Subject, once the claim has been presented and the respective procedure has not been finalised. m) Informing, at the request of the Subject, about the use given to their data. n) Informing the data protection authority when violations of the security codes occur and there are risks in the administration of the Subjects’ information. o) Complying with the instructions and requests that the Superintendency of Industry and Commerce imparts”.
RIGHTS OF THE SUBJECTS. Law 1581 of 2012 establishes that the Subjects of the personal data shall have the following rights: a) To know, update and correct their personal data before the Controllers or Processors. This right may be exercised, amongst others, with partial, inaccurate, incomplete, fragmented data, data that leads to error, or data whose Processing is expressly prohibited or has not been authorised. b) To request proof of the authorisation granted to the Controller, except when it is expressly exempted as a requirement for the Processing, in accordance with that provided for in Article 10 of the aforementioned law. c) To be informed by the Controller or Processor, following a request, about the use that they have given to their personal data. d) To present, before the Superintendency of Industry and Commerce, complaints of infringements of that provided for in the aforementioned law and the other standards that amend, add to or complement it. e) To revoke the authorisation and/or request the removal of the data when in the Processing the constitutional and legal principles, rights and guarantees are not respected. The revoking and/or removal shall take place when the Superintendency of Industry and Commerce has determined that in the Processing the Controller or Processor have incurred in conducts contrary to the law and the Constitution. f) To access, free of charge, their personal data that has been subject to Processing. Additionally, Regulatory decree 1377 of 2013 defines that the Controllers must keep proof of the authorisation granted by the Subjects of personal data for its Processing.
DUTIES OF THE PROCESSORS. Article 18 of Law 1581 of 2012 establishes the following: The Processors must fulfil the following duties, notwithstanding the other provisions stipulated in this law and in others that govern their activity: a) Ensuring the Subject, at all times, the full and effective exercise of the habeas data right; b) Keeping the information under the security conditions necessary for preventing its unauthorised or fraudulent adulteration, loss, consultation, use or access; c) Timely carrying out the updating, correction or removal of the data on the terms of this law; d) Updating the information reported by the Controllers within the five (5) working days from its receipt; e) Processing the consultations and claims formulated by the Subjects on the terms indicated in this law; f) Adopting an internal policies’ and procedures’ manual for ensuring the adequate compliance with this law and especially for the attending to of consultations and claims by the Subjects; g) Recording the “claim pending” caption on the database in the manner which is regulated in this law; h) Inserting the “information under legal discussion” caption onto the database once notified by the competent authority about legal proceedings related to the quality of the personal data; i) Abstaining from circulating information that is being disputed by the Subject and whose blocking has been ordered by the Superintendency of Industry and Commerce; j) Allowing access to the information solely to the persons that may have access to it; k) Informing the Superintendency of Industry and Commerce when violations of the security codes occur and there are risks in the administration of the Subjects’ information; l) Complying with the instructions and requests that the Superintendency of Industry and Commerce imparts. Paragraph. In the event that a same person shares the capacities of Controller and Processor, the fulfilment of the duties stipulated for each shall be required from them.