1. General provisions

1.1 This notice explains the processing of customers’ personal data on the website and the rights in relation to the processing of personal data.

1.2 The data controller is OB Holding 1 OÜ (hereinafter OLYBET), registry code 14975047, address Pronksi 19, Tallinn 10124, Estonia, +3726671250,

1.3 The contact details of the Data Protection Officer of OLYBET are the following:, +372 667 1250, Pronksi 19, Tallinn 10124.

1.4 OLYBET implements appropriate technical and organisational measures to protect personal data from unauthorised access, unlawful disclosure, accidental loss, alteration, destruction or other unlawful processing. We also require our cooperation partners, to whom we transfer personal data in accordance with this Privacy Notice, to implement the necessary organisational, physical and IT security measures. However, please note that even by using all technical and organisational measures to protect personal data, some risks, such as cyber-attack, loss of electricity, software error or malicious actions of an individual, still remain. Upon discovering such breach, we shall take all reasonable steps to mitigate and minimise the risk to our customers.

1.5 Provisions on the processing of personal data may also be included in contracts between the customer and OLYBET. In such a case, in the event of a conflict of provisions, the provisions agreed upon in the contract shall apply.

1.6 If OLYBET amends the notice on the processing of personal data, it will publish the updated version on its website

2. Customer rights in relation to the processing of their personal data

2.1 The customer has the right to be informed on whether OLYBET processes their personal data and, if so, to receive a copy of the aforementioned data.

2.2 The customer has the right to request the rectification of inaccurate personal data concerning them.

2.3 The customer has the right to withdraw their consent to the processing of personal data at any time (e.g. direct marketing consent), if the processing is based on consent. Withdrawal of consent does not affect the lawfulness of the processing which took place prior to the withdrawal.

2.4 The customer has the right to demand the erasure of their personal data. OLYBET may delete data processed on the basis of consent or legitimate interest, if OLYBET’s interests do not outweigh the interests of the customer. The right to erasure does not apply to data that is processed for the fulfilment of legal or contractual obligations, as long as the legal or contractual obligation is valid.

2.5 The customer has the right to object to the processing of their personal data (especially based on legitimate interest) and to restrict the processing of their personal data where justified.

2.6 The customer has the right to receive their personal data, which they have submitted on the basis of consent or to perform a contract, in a structured and machine-readable format (if technically feasible) for transmission to other companies.

2.7 The customer has the right to lodge a complaint about the processing of personal data with the Estonian Data Protection Inspectorate of by e-mail to or in person at Tatari 39, Tallinn.

3. Processed personal data and their sources

3.1 OLYBET processes the following customer personal data.

    3.1.1 Marketing data: e-mail and/or mobile phone number, language of communication, product/service preference, consent to direct marketing, message content, date and time of message.

    3.1.2 Website visit data: IP address (including location based on IP address), Internet service provider, referrer URL, date, time, access token, session key, web browser type and version, operating system, amount and status of data transmitted, MAC address;

    3.1.3 Cookie data: OLYBET uses cookies on its websites to optimise the websites and their functions. Cookies may collect personal data. For more information, please consult OLYBET’s Cookie Policy.

3.2 OLYBET does not process special categories of personal data related to the customer (data concerning racial or ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data).

3.3 Depending on the purpose and nature of the processing, OLYBET collects personal data related to the customer from the customer, customer’s browser by cookies, the customer’s Internet service provider.

4. Legal basis and purposes of the processing of personal data

4.1 The legal bases for the processing of the customer’s personal data are: performance of contractual obligations, the data subject’s consent and OLYBET’s legitimate interest. The following is a list of processing activities and their legal basis:

    4.1.1 For performance of contract we process: website visit data, cookie data, marketing data;

    4.1.2 Based on consent, we process marketing data, cookie data;

    4.1.3 Based of legitimate interests, we process: website visit data, cookie data.

4.2 The purposes of processing the customer’s personal data are: sending customers newsletters, marketing OLYBET services/products, handling customer feedback, expanding the customer base, building customer loyalty and providing added value, managing OLYBET resources, improving the website.

4.3 In the case of data processing for the performance of legal or contractual obligations, the customer is obliged to provide such personal data. Failure to provide such data will prevent OLYBET from fulfilling its contractual or legal obligations and will limit the customer’s ability to use the services offered.

4.4 Where OLYBET processes personal data on the basis of legitimate interest, OLYBET has assessed that its legitimate interest in processing personal data for certain purposes outweighs the interests and rights of the customer.

5. Profiling and automated decision-making

5.1 Profiling is used in the following processes and is based on the following logic.

    5.1.1 Marketing the services/products offered by OlyBet Events based on analysis of website traffic and determining website usage.

5.2 Automatic decision making is not used on this website.

6. Transmission of personal data

6.1 In order to provide services and/or to fulfil its legal obligations, OLYBET uses partners as personal data processors, who process data based on and to the extent of the instructions given by OLYBET.

6.2 When processing personal data, OLYBET will transfer your personal data to the following recipients, which may be either data controllers or processors: its own group companies, public authorities, courts, banks, auditors and legal advisors, insurance companies, analytics service providers, fraud detection and prevention service providers, customer authentication service providers, survey service providers, archiving service providers, information transmission and communication service providers, streaming service intermediaries, whistleblowing platform operators.

6.3 If the OLYBET partner processing the data is located outside the European Union, the safeguards to be used for the transmission of personal data are: an adequate level of data protection in the recipient country in accordance with the European Commission’s decision, or the use of standard contractual clauses for data protection developed by the European Commission in the cooperation agreement (click on the relevant link for more information).

6.4 The joint controller of customer data is the Olympic Casino operator Olympic Entertainment Group AS (address Pronksi 19, Tallinn 10124, Estonia, +3726671250,, which is part of the same group as OLYBET, with whom OLYBET processes customer data for the purposes of marketing services/products, determining the customer’s risk profile and managing OLYBET’s resources. The parties have entered into an agreement to this effect, which allows the parties to share the personal data to achieve the purposes contained in this Privacy Notice.

7. Time limits for the retention of personal data

7.1 The personal data of a customer is retained until the purposes of the processing have been fulfilled or until the obligations arising from the legislation have been fulfilled.

7.2 Website visit data is retained in accordance with the retention times stated in the Cookie Policy. This depends on different types of cookies  that are used.

7.3 Personal data collected based on customer’s consent, such as Marketing Data is retained until the customer withdraws said consent.

7.4 Personal data collected based on legitimate interests is retained as long as necessary for the purposes they were collected.