Yolo Group – next-level innovation to the worlds of gaming, fintech & blockchain serving millions of users worldwide, the Yolo Group is committed to putting the customer at the centre of the universe via a wide range of fun, fast and fair products and services.

All main decisions regarding privacy, personal data protection and other procedures for safe processing of data on a corporate level are taken by senior management and aligned with the Data Protection Officer (DPO) and other appropriate personnel.

The data controller you see below, who collects the personal data and determines the purpose and means of the processing.

Yolo Group

Suur-Patarei 13,

10415

Tallinn

Estonia

This privacy notice describes the data processing activities carried out by Yolo Group in cases where Yolo Group acts as a data controller, collecting the personal data of customers, suppliers or employees and deciding the purpose and means for the processing. This privacy notice also provides information on how Yolo Group acts as data processor, meaning how Yolo Group engages on processing data on behalf of our corporate customers or partners based on the instructions they provide.

This privacy notice applies to all processes in Yolo Group, including websites, applications (otherwise known as apps), and other products or domains within Yolo Group branded services or products. If a different privacy statement to this one is displayed on a Yolo Group website, application or other product, then that specific privacy statement shall apply.

If you disagree with the actions described in this privacy statement hereinafter, unfortunately, Yolo Group will not be able to provide you with various services.

Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to identification of a particular person, also constitutes personal data. Yolo Group acts as the data controller when Yolo Group determines the purposes for which and the manner in which personal data is processed.

Processing personal data is necessary for Yolo Group to prepare for or fulfill contracts we have entered into and to provide services.

If you are an employee we shall process your personal data to fulfill the contract with you and to comply with statutory regulations, such as labor laws, tax laws, and other regulations. We shall do so on basis of contract and legal obligation and ensure appropriate retention periods for processing such data.

If you are looking for job opportunities within Yolo Group, we will process your personal data in order to evaluate your skill relevance for the position you apply. We shall do so on basis of your consent and will ensure appropriate retention periods for processing such data.

You can get more information about retention periods for different categories of data from our People team.

Specific privacy statements regarding personal data are listed under Privacy Policy of our products websites.

In order to comply with HSE (health, safety, environment) standards, and pursue our legitimate interests, protect our business secrets, employees, customers and others, we may process your personal data by deploying CCTV surveillance within our office headquarters and other company premises. Individuals shall be informed via CCTV notice when such action is taking place. CCTV surveillance videos shall be stored for the retention period applicable in each respective business unit.

As an addition to that, to protect our premises and to comply with Estonian Gambling Act and other legal requirements, CCTV surveillance is being used and monitored in rooms with gambling activities.

Any personal data processing is not allowed without appropriate legal ground as per General Data Protection Regulation (GDPR) article 6. Therefore, we at Yolo Group apply one of the following legal grounds as defined in GDPR to any processing of your personal data

• Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
• Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
• Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
• Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

In general, Yolo Group collects your personal data directly from you, meaning you have freely provided this data to us to receive certain products or services or to enter into contract with us. Sometimes we might collect information on you from persons directly linked to you – for example, your manager provided your work contact information to us as a point of contact. We may have your images recorded on our CCTV camera systems.

We may also use cookies and other tracking technologies in Yolo Group’s branded websites to provide generic online services. We may collect information that the user actively sends to us via our websites, apps and services, such as e-mail or other data provided by the user.

Yolo Group may process the following personal data on you:

• General information and contact details like name, surname, telephone number, e-mail and address.
• Demographic data such as date of birth or gender.
• Information given to us on contractual basis (for employees).
• Photos or videos of you recorded within our office headquarter.
• Content you upload to our websites, apps and social network pages, such as photos or videos.
• Tracking information actively sent to us via our websites, apps and generic online services. This includes information such as IP address, internet browser you use or language settings.
• Previous employment and education information, such as title, position, responsibilities, background, interests in professional context.
• Information you have made public and have freely given away on third party social networks.

As a controller, Yolo Group does not process sensitive personal data, however in some cases processing such data is a requirement for us to comply with legal as well as ethical obligations set forth to us. Sensitive personal data mainly may be collected in following cases:

• If you are an employee who is on sick-leave, we might process some sensitive personal information regarding your health life as is dictated by labor law and we shall do so within the legal framework of each respective country where the subsidiary employing individual is located.
• If you are an individual who have had an incident within our premises, we might be obliged to process data on your health life to comply with HSE standards, as well as to record such incident to avoid it in future.
• In you are an employee, who is in direct contact with gambling activity, other sensitive information may be processed and stored.

Personal data within Yolo Group is processed within safe and secure manner. At Yolo Group we do our best to make sure any IT systems that are built, integrated, purchased or in general – used in Yolo Group – abides by the privacy by design principle to maximize safe and secure processing of personal data. We use encryption and pseudonymization where appropriate. We limit access to personal data to those persons who have need for it. We have guidelines, policies and trainings available for employees processing personal data in Yolo Group.

When we need to use processor for processing personal data we very closely evaluate the business partners we share your personal data with to make sure they comply with applicable data protection legislations. Further on, to impose the data processing standards, Yolo Group requests our business partners – who act as processors, whereas Yolo Group acts as a controller – to sign personal data processing agreement with Yolo Group. Through that, processor enters a binding agreement and promises to ensure safe and secure information practices.

Personal data is not processed longer than necessary. Yolo Group’s standard retention policy is 6 months, however the retention period may vary based on agreements, legitimate interests of Yolo Group, or statutory requirements regulating otherwise (for example, gambling laws, archiving laws, anti-money laundering laws, and other).

Yolo Group abides by the data minimization principle, and makes sure that when providing you with products and services, only the minimum amount of personal data is collected which is needed for the execution of service or delivery of product.

Yolo Group may use third party service providers as processors for personal data for following purposes: data storage; providing CCTV solution; employee data management and similar. List of personal data processors can be requested from Yolo Group.

You have the right to request access to the personal information we hold about you. We do however need to be sure who you are before we release any such information. You have the right to object to personal data processing, withdraw consent, request erasure or rectification of your personal data or object to personal data processing and rights to data portability.

If you want to request access to your data, erase or rectify the data, or object to personal data processing, or exercise your rights of data portability, please contact us.

Finally, you also have a right to file a complaint with the data protection authorities with regards to our processing of your personal data.

You may contact our data protection officer by sending e-mail to [email protected] or via post to:

Yolo Group

Suur-Patarei 13,

10415 Tallinn

Estonia

We may periodically update this statement. For visitors to our websites, an updated policy will always be available on the website. For app users, an updated policy will always be available via respective app store.

This privacy statement is effective as of May, 6th 2024.