PRIVACY POLICY

INTRODUCTION

This Privacy Policy (“Policy”) explains how SIKS LLC (“SIKS”, “we”, “us”, or “our”) collects, uses, processes, stores, and protects personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”) and other applicable data protection laws.

SIKS is a business-to-business (B2B) marketing, coordination, and consulting company operating within the online gaming and gambling industry. SIKS does not act as a gambling operator, does not provide games of chance, does not interact with players, and does not process player or end- user data related to gambling activities.

DATA CONTROLLER

For the purposes of the General Data Protection Regulation (GDPR), SIKS LLC acts as the data controller in respect of personal data processed in the course of its own business operations, including data relating to its clients, business partners, suppliers, and website visitors, where SIKS determines the purposes and means of such processing.

Where SIKS processes personal data on behalf of a client, SIKS shall act solely as a data processor, strictly in accordance with the documented instructions of the relevant client, who shall be deemed the data controller for such processing. In such cases, the scope, nature, and purpose of the processing, as well as the rights and obligations of the parties, shall be governed by the applicable contractual arrangements, including any data processing agreement or equivalent provisions agreed between the parties.

SIKS shall not be responsible for the lawfulness of the personal data provided by the client, nor for the client’s compliance with applicable data protection laws in its capacity as data controller. The client remains solely responsible for ensuring that personal data is collected, disclosed, and processed lawfully, and that all required legal bases, notices, and consents have been obtained.

SCOPE OF THIS POLICY

This Privacy Policy applies to the processing of personal data carried out by SIKS LLC in the context of its legitimate business activities and services. In particular, this Policy governs the processing of personal data relating to business clients and their authorized representatives, business partners, suppliers, service providers, website visitors, and other professional contacts, including prospective clients, with whom SIKS engages in a commercial or professional capacity.

The scope of this Policy is strictly limited to personal data processed by SIKS in its capacity as a business-to-business (B2B) service provider and does not extend to personal data processed in connection with gambling or gaming operations conducted by third parties.

For the avoidance of doubt, this Policy does not apply to personal data of players, users, or end customers of online gambling or gaming platforms, including personal data processed in connection with player registration, account management, gameplay, betting activity, payment processing, responsible gambling measures, or any similar player-facing activities. SIKS does not collect, access, store, control, or otherwise process such data and shall not be considered a data controller or data processor in respect thereof.

Any processing of player or end-user personal data remains solely and exclusively the responsibility of the relevant licensed gambling operator, platform provider, or other third party acting as data controller. SIKS expressly disclaims any responsibility or liability for the lawfulness of such processing, the implementation of appropriate technical and organizational measures, or for any personal data breach, unauthorized access, misuse, or regulatory non-compliance arising from or related to such processing.

Where SIKS processes personal data strictly on behalf of a client and in accordance with the client’s documented instructions, the client remains fully responsible for determining the purposes and legal bases of such processing and for compliance with all applicable data protection obligations, including transparency, data subject rights, and security requirements.

CATEGORIES OF PERSONAL DATA WE COLLECT

Depending on the nature of our relationship and the services provided, SIKS LLC may collect and process the following categories of personal data:

• Identification and contact details, such as name, job title, company name, business email address, and telephone number;
• Professional and business-related information;
• Communication data, including emails, correspondence, and meeting notes;
• Contractual, invoicing, and billing-related information;
• Technical data related to website use, such as IP address, browser type, device information, and cookies.

In the context of certain marketing, campaign coordination, or performance-related services, SIKS may, where expressly instructed by the Client, be granted limited access to datasets derived from the Client’s player or user databases. In such cases, such data shall be accessed and processed solely on behalf of and under the instructions of the Client, who remains the data controller for such personal data.

Any such access shall be strictly limited to what is necessary for the performance of the agreed services, shall be conducted in accordance with applicable data protection laws, and shall follow the principles of data minimization, purpose limitation, confidentiality, and security. Where possible, such data shall be aggregated, anonymized, or pseudonymized, and SIKS shall not use such data for any independent or unrelated purpose.

SIKS does not intentionally collect or process special categories of personal data within the meaning of Article 9 GDPR.

PURPOSES OF PROCESSING AND LEGAL BASES

SIKS LLC processes personal data lawfully, fairly, and transparently, and solely for specific, explicit, and legitimate purposes, in strict accordance with the principles set out in Article 5 of the GDPR. Personal data is processed only where a valid legal basis under Article 6 GDPR exists and only to the extent necessary for the relevant purpose.

Contractual and Pre-Contractual Processing

SIKS processes personal data where such processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract. This includes, without limitation, activities related to negotiating, concluding, managing, and performing service agreements, coordinating services, maintaining operational communication, and fulfilling contractual obligations toward clients, partners, and service providers.

Legitimate Business Interests

SIKS may process personal data where such processing is necessary for the purposes of its legitimate business interests, provided that such interests are not overridden by the fundamental rights and freedoms of the data subjects. Legitimate interests pursued by SIKS include, inter alia, business development, relationship management, professional communication, internal administration, service improvement, risk management, fraud prevention, and the protection of its legal and commercial interests.

In all such cases, SIKS carefully assesses the necessity and proportionality of the processing and ensures that appropriate safeguards are in place to protect the interests and rights of data subjects.

Legal and Regulatory Obligations

SIKS processes personal data where such processing is necessary for compliance with legal obligations to which it is subject, including obligations arising under corporate, tax, accounting, commercial, or regulatory laws, as well as obligations to respond to lawful requests from competent public authorities.

Website Operation, Security, and IT Integrity

Personal data may be processed in connection with the operation, administration, and security of SIKS’s website, IT systems, and digital infrastructure, including for the purposes of ensuring network and information security, preventing unauthorized access or misuse, detecting technical issues, and maintaining service integrity. Such processing is carried out on the basis of legitimate interests or, where required by applicable law, on the basis of consent.

Consent-Based Processing

Where personal data is processed on the basis of the data subject’s consent, such consent shall be obtained in a clear and lawful manner and may be withdrawn at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal.

Purpose Limitation

SIKS does not process personal data for purposes that are incompatible with those described above. Any further processing shall be subject to appropriate legal assessment and safeguards, in accordance with the GDPR. Personal data is processed in line with the principles of data minimization, storage limitation, and integrity and confidentiality.

DATA SHARING AND RECIPIENTS

SIKS LLC does not sell, rent, or otherwise disclose personal data to third parties for their own independent commercial purposes.

Personal data processed by SIKS may be disclosed or made available only where necessary and on a strictly need-to-know basis, and solely for the purposes described in this Privacy Policy. Such disclosure may occur only to the following categories of recipients:

Personal data may be shared with trusted third-party service providers acting as data processors on behalf of SIKS, such as providers of IT services, hosting and cloud infrastructure, accounting, payment processing, customer relationship management (CRM) systems, and other administrative or technical support services. Such service providers process personal data solely in accordance with SIKS’s documented instructions and are subject to contractual obligations requiring confidentiality, data protection, and appropriate security measures, in compliance with Article 28 GDPR.

Personal data may also be disclosed to professional advisers, including legal counsel, tax advisers, auditors, and consultants, where such disclosure is necessary for the provision of professional services and where such advisers are subject to statutory or contractual confidentiality obligations.

In addition, personal data may be disclosed to public authorities, courts, regulatory bodies, or law enforcement agencies where SIKS is required to do so by applicable law, regulation, court order, or other legally binding request, or where such disclosure is necessary to establish, exercise, or defend legal claims.

In all cases, SIKS ensures that any recipient of personal data is subject to appropriate contractual, confidentiality, and data protection obligations, and that personal data is disclosed only to the extent strictly necessary for the relevant purpose.

INTERNATIONAL DATA TRANSFERS

Where personal data is transferred, accessed, or otherwise processed outside the country in which it was originally collected, including transfers outside the European Economic Area (EEA), SIKS LLC ensures that such transfers are carried out in full compliance with applicable data protection laws, including the GDPR.

SIKS implements appropriate safeguards to protect personal data in connection with international transfers, which may include, as applicable, adequacy decisions issued by the European Commission, Standard Contractual Clauses (SCCs), or other lawful transfer mechanisms recognized under Chapter V of the GDPR. Personal data shall not be transferred internationally unless such safeguards are in place and the level of protection required by applicable law is ensured.

DATA RETENTION

SIKS retains personal data only for as long as is necessary to fulfill the purposes for which such data was collected and processed, including the performance of contractual obligations, compliance with legal, regulatory, accounting, and tax requirements, and the establishment, exercise, or defense of legal claims.

Retention periods are determined based on the nature of the personal data, the purposes of processing, and applicable legal obligations. Once personal data is no longer required for the relevant purposes, it shall be securely deleted, anonymized, or otherwise rendered inaccessible, in accordance with applicable data protection and information security standards.

DATA SECURITY

SIKS implements and maintains appropriate technical and organizational measures designed to ensure a level of security appropriate to the nature, scope, context, and purposes of the processing, as well as to the risks posed to the rights and freedoms of individuals. Such measures are intended to protect personal data against unauthorized or unlawful access, accidental or unlawful loss, destruction, alteration, or disclosure.

These measures may include, as appropriate, restricted access controls, encryption or pseudonymization, confidentiality and access obligations for personnel, secure IT systems and infrastructure, regular system monitoring, and internal policies and procedures governing data handling, information security, and incident management. SIKS periodically reviews and, where necessary, updates such measures in order to maintain an appropriate level of data protection.

While SIKS takes reasonable and proportionate steps to safeguard personal data in accordance with applicable data protection laws and industry standards, the Client acknowledges that no system of transmission or storage can be guaranteed to be completely secure. Accordingly, SIKS does not warrant or guarantee absolute security of personal data and shall not be held liable for security incidents that occur despite the implementation of appropriate safeguards.

DATA SUBJECT RIGHTS

Subject to applicable data protection laws, individuals whose personal data is processed by SIKS may be entitled to exercise certain rights, including the right to:

• obtain confirmation as to whether personal data relating to them is being processed and to access such data;
• request rectification of inaccurate or incomplete personal data;
• request erasure of personal data, where applicable;
• request restriction of processing or object to processing, in accordance with the GDPR;
• request data portability, where the legal conditions are met;
• withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing prior to withdrawal.

Requests to exercise data subject rights may be submitted using the contact details provided below. SIKS will respond to such requests within the time limits prescribed by applicable law and may request additional information to verify the identity of the requesting individual, where permitted.

THIRD-PARTY WEBSITES

The SIKS website may contain links to third-party websites or services that are not operated or controlled by SIKS. SIKS is not responsible for the privacy practices, content, or security of such third-party websites, and this Privacy Policy does not apply to any processing of personal data carried out by third parties.

Users are encouraged to review the privacy policies of any third-party websites they visit.

COOKIES

SIKS may use cookies and similar tracking technologies on its website in order to ensure the proper functioning and security of the website, to enhance user experience, to analyze website traffic and usage patterns, and to improve the quality and performance of its services.

Cookies may include strictly necessary cookies, which are required for the operation of the website, as well as functional, analytical, or performance cookies, depending on applicable legal requirements and user preferences. SIKS does not use cookies to track users for unrelated purposes or to collect personal data beyond what is necessary for the intended purposes.

Where required by applicable law, cookies and similar technologies that are not strictly necessary shall be used only with the user’s prior consent, obtained through an appropriate cookie consent mechanism. Users may manage or withdraw their cookie preferences at any time through the available settings.

Further detailed information regarding the types of cookies used, their specific purposes, retention periods, and available choices may be provided in a separate Cookie Policy or through the cookie consent banner displayed on the website.

CHANGES TO THIS POLICY

SIKS reserves the right to update, amend, or modify this Privacy Policy from time to time, in whole or in part, to reflect changes in legal or regulatory requirements, business practices, services, or for other legitimate purposes.

Any changes shall become effective as of the date specified by SIKS or, if no date is specified, upon publication on the SIKS website or other appropriate notification. Continued use of the website or services after the effective date of such changes shall constitute acceptance of the updated Privacy Policy.

CONTACT INFORMATION

For any questions, requests, or concerns regarding this Privacy Policy or the processing of personal data by SIKS, please contact: