Dino Tech

1. Privacy Policy

At Dinotech Ltd, we prioritize the protection of personal information and are dedicated to ensuring that it is handled lawfully, transparently, and responsibly. As a software provider in the iGaming industry, we handle information responsibly and in line with the General Data Protection Regulation (GDPR) and Maltese data protection laws.

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data, whether you ‘re a website visitor, platform user, client contact, business partner or job applicant. Taking the experience and struggles faced in the past we have developed a platform which is in line with todays expectation off I-Gaming providing our customers the right tools and a scalable solution to operate their business using a more lean and efficient approach while having the ability to have a competitive edge in todays market.

2. About Us

Dinotech Ltd is a private limited company incorporated in Malta, with its registered office at:

The Bastions Office No.2
Emvin Cremonas Street
FRN 1281 Floriana
Malta

For the purpose of applicable data protection laws, we act as a Data Controller when we decide how and why your personal data is processed.

If you have any questions, please contact our Data Protection Officer:

Email: dpo@dinotech.com

3. What Data We Collect

The types of personal data we collect depend on how you engage with us. We do not collect any personal information through our website, and we do not use cookies or tracking technologies on our website.

However, we may collect personal data in the following circumstances:

  1. Clients and Business Contracts
    • Full name and professional title
    • Business contact details (e.g. email, phone number)
    • Correspondence, meeting notes, and contractual interactions

    Note: General company information (e.g. company name, registration number, VAT number) is not considered personal data and does not fall within the scope of this Privacy Policy unless it is linked to an individual (e.g. a sole trader’s personal contact information).

  2. Users of Our Software Platforms

    If you use our systems as part of a client or operator account, we may collect:

    • User ID and activity logs
    • Technical data related to your device (e.g. IP address, browser type)
    • Support communication (e.g. chat history, emails, tickets)
  3. Job Applicants

    When you apply for a position with us, we may process:

    • You name, contact information, and CV
    • Details of your qualifications, employment history, and references
    • Any other information voluntarily provided during recruitment
    • Sensitive data, only where necessary and legally permitted (e.g. health-related accommodations)

    We do not collect more information than necessary and take steps to ensure it is kept accurate and up to date.

4. Legal Grounds for Processing

Our processing of personal data is based on various lawful justifications, including:

  • Legal Obligations: We may be required by law or regulatory requirements to collect or share personal data (e.g. for tax reporting, anti-money laundering laws)
  • Contractual Necessity: we need to process your information to perform our contract with you or take steps entering one (e.g. to provide service you’ve requested)
  • Consent: in some cases, we will ask for your permission to use your data, and you may withdraw this consent at any time
  • Legitimate Interests: we may process your data when it benefits our business or our clients
  • Public Interest: for matters requiring data use in the public interest, such as detecting fraud or criminal activities in collaboration with authorities

5. How We Use Your Information

We use personal data for the following purposes:

  • Delivering and supporting our software solutions
  • Managing client relationships and contracts
  • Sending service-related communications and updates
  • Performing analytics and improving system performance
  • Providing technical support and resolving issues
  • Carrying out recruitment and HR processes
  • Complying with legal, tax, and regulatory obligations
  • Sending relevant marketing communications (with your consent)

6. Sharing Your Data

We only share personal data when necessary and under strict conditions:

  • Group companies or affiliates (if applicable)
  • Cloud and IT service providers, such as hosting or analytics platforms
  • Professional advisors like lawyers, auditors or accountants
  • Gaming regulators and financial authorities, as required by law
  • Recruitment partners or background screening services (for job applicants)

All third parties are contractually bound to handle data securely and in accordance with GDPR.

7. International Transfers of Personal Data

As part of our operations, we may need to transfer personal data to parties located outside the European Economic Area (EEA). This typically occurs in the following situations:

  • When we use cloud-based or third-party service providers (e.g. hosting, data storage, communication platforms, or CRM systems) that may process data from servers or teams located outside the EEA.
  • When we collaborate with clients, partners, or service providers who operate internationally and require access to certain data for contractual or technical support purposes.
  • When our internal teams or affiliated companies (if applicable) operate in jurisdictions outside the EEA.

How we protect your data during transfers

We understand that not all countries offer the same level of data protection as those within the EEA.

When we transfer personal data outside the EEA, we ensure that it remains protected by implementing one or more of the following safeguards, as required by the GDPR:

  1. Adequacy decisions

    We may transfer personal data to countries that the European Commission has deemed to provide an “adequate” level of data protection. This means personal data is treated with equivalent standards of privacy and security.

  2. Standard Contractual Clauses (SCCs)

    For transfers to countries without an adequacy decision, we rely on the European Commission’s Standard Contractual Clauses (SCCs) – pre-approved legal agreements that ensure the data recipient outside the EEA commits to protecting your personal data to EU standards.

  3. Additional Safeguards

    Where necessary, we implement further protective measures such as:

    • Encryption of data during transit
    • Role-based access control and restricted data access
    • Data minimisation (only transferring the minimum necessary data)
    • Ongoing risk assessments of vendors and transfer mechanisms
  4. Explicit Consent

    In some cases, if none of the above safeguards are available and the transfer is not necessary for a contractor or legal obligation, we may request your explicit consent before transferring your data internationally.

8. Data Retention

We only retain personal data for as long as is necessary to fulfil the purposes for which it was collected, including:

  • Providing our services
  • Meeting contractual obligations
  • Complying with legal and regulatory requirements
  • Handling potential disputes, audits or investigations
  • Protecting our legitimate business interests

Once the retention period has expired or the purpose for collecting the data has been fulfilled, we either securely delete, anonymize, or archive the data, in accordance with our internal data retention policy.

How we Determine Retention Periods

Our data retention periods vary depending on the type of data and the context in which It was collected. The main factors we consider include:

  • The nature of our relationship with the data subject (e.g. client, user, applicant)
  • The purpose for which the data was collected and whether it is still necessary
  • The terms of applicable contracts
  • Any mandatory retention periods imposed by Maltese or EU law (e.g. tax laws, anti-money laundering regulations, gaming license obligations)
  • The statutory limitation periods for potential legal claims

Below are examples of typical retention periods by category:

  1. Client and User Data
    • Personal data of clients or platform users is generally retained up to 5 years from the end of the contractual relationship, in line with legal and regulatory requirements under Maltese commercial and financial law (e.g. Companies, Act, Income Tax Act, Anti-Money Laundering).
    • In some cases, data my kept longer if required by the Malta Gaming Authority (MGA) or financial regulations.
  2. Technical Logs and Usage Data
    • Server logs, activity records, and user audit trails are typically kept for 12 to 24 months, depending on system configuration and operational needs.
    • In certain cases, these logs may be retained longer if needed for security, fraud investigation, or system integrity.
  3. Recruitment Data
    • Job applicant data (CVs, application forms, interview notes) is retained for up to 6 months from the date of application.
    • If a candidate is hired, relevant data will be transferred to their employee record and retained in accordance with employment and HR-related policies.
  4. Marketing and Communication Preferences
    • Personal data used for marketing purposes until you withdraw your consent or object to receiving such communications.
    • Unsubscribed contacts are retained in a suppression list for a limited period to ensure compliance with your preferences.
  5. Legal Holds and Ongoing investigations

    The types of personal data we collect depend on how you engage with us. We do not collect any personal information through our website, and we do not use cookies or tracking technologies on our website.

9. Your Rights as a Data Subject

As an individual whose personal data we process, you are entitled to exercise a range of rights under the General Data Protection Regulation (GDPR).

We are committed to respecting your rights and ensuring that any requests are handled lawfully, fairly, and transparently. You can exercise these rights at any time, free of charge (unless the request is manifestly unfounded or excessive).

You have a right to:

  • Access – you can ask us for a copy of the personal data that we hold on you • Rectification – if you become aware of any errors or inaccuracies concerning your personal data, please let us know either by updating your details on the website or applications you are registered with or contacting us.
  • Withdraw consent – where we process personal data based on consent, you have the right to withdraw consent at any time. To stop receiving direct marketing emails from us, please click on the unsubscribe link in the relevant email.
  • Erasure/deletion – you can ask us to erase or delete your personal data when no longer need it for the purposes it was obtained
  • Data portability – you can ask for your personal data to be sent to you or to another organisation
  • Review automated decision making – if we make automated decisions about you, you can ask for those decisions to be reviewed
  • Restrict or object to our processing – you can ask to restrict or object to our processing of your personal data

To exercise any of the above rights, please contact our Data Protection Officer at dpo@dinotech.com.

Please include:

  • Your full name
  • Contact details
  • A clear description of your request

We may request proof of identity to verify your request.

We aim to respond to all legitimate requests within one month. If your request is complex or if multiple requests are made, we may take up to two additional months, but we will inform you of any delay.

10. Security Measures

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect in against unauthorised access, loss, misuse, alteration or disclosure.

These measures include, but are not limited to:

  • Access controls: only authorised personnel can access personal data, based on their roles and responsibilities
  • Encryption: we encrypt data during transmission and, where applicable, at rest to prevent unauthorised access
  • Secure development practices: our software is developed and maintained following secure coding standards, with regular vulnerability assessments
  • Network and system protection: firewalls, intrusion detection systems, and anti malware tools are used to safeguard our infrastructure
  • Employee training: staff receive regular training on data protection, confidentiality and cybersecurity awareness
  • Incident response procedures: we have established protocols in place to detect, respond to, and manage data security incidents promptly

Although no system can guarantee absolute security, we continuously review and improve our safeguards to ensure a high level of protection that meets industry and regulatory standards.

11. Changes to This Notice

We may update this Privacy Policy occasionally to reflect changes in law, technology, or our services. The most current version will always be available on our website, with the “Effective Date” at the top.

We recommend you review this notice periodically.

12. Contact Us

If you have any questions about this notice or how your personal data is handled, please contact:

Data Protection Officer
Dinotech Ltd
dpo@dinotech.com

LINKS

About UsThe ProductContactPrivacy Policy

CONTACT

mail

info@dinotech.com

phone

+356 21388176

office

The Bastions Office No. 2 Emvin Cremona Street FRN 1281 Floriana Malta

Dinotech.com is operated by Dinotech Limited a company incorporated in Malta, with registration number C 90053, having its registered address at The Bastions Office No.2, Emvin Cremona Street, Floriana, FRN1281, Malta and is licensed and regulated by the Malta Gaming Authority with license number MGA/B2B/909/2021 (Issued on the 7December 2023) to supply gaming services under a B2B Critical Gaming Supply Licence.
logo