Privacy Policy for Business Partners

PRIVACY POLICY FOR BUSINESS PARTNERS

This Privacy Policy describes how edict eGaming GmbH (“Edict Germany”) and Edict Malta Limited (“Edict Malta”) (hereinafter together referred to as “Edict Group”) processes the personal data of its business partners in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz/BDSG) and the Maltese Data Protection Act (Chapter 586 of the laws of Malta).

  1. Name and Contact Details of the Controller

edict eGaming GmbH
Schillerstraße 44, 22767 Hamburg, Germany
Email: info@edict.de
as the Controller, represented by: Dominic-Daniel Liénard

Edict Malta Limited
No. 2, Geraldu Farrugia Street, Zebbug, ZBG 4351, Malta
Email: office@edict.com.mt
as the Controller, represented by: Dominic-Daniel Liénard, Nikita Cuschieri, Daniel Kniveton

  1. Name and Contact Details of the Data Protection Officer
    You can contact the controller’s Data Protection Officer at

edict eGaming GmbH
Attn. Wolf Dittmayer
Schillerstraße 44, 22767 Hamburg, Germany
Email: datenschutzbeauftragter@gauselmann.de or datenschutz@edict.de

or

Edict Malta Limited
Attn: Jonathan Dalli
No. 2, Geraldu Farrugia Street, Zebbug, ZBG 4351, Malta
Email: dpo@edict.com.mt

  1. Purposes and Legal Bases of Processing
    Edict Group collects and processes personal data of its business partners (including suppliers, service providers, customers, and their representatives, directors, beneficial owners, key officials and employees) for the following purposes:
  • initiation, execution and management of the contractual relationship with Edict Group business partners
  • ensuring compliance with contractual obligations
  • ensuring compliance with legal obligations (such as accounting obligations or record-keeping obligations)
  • carrying out due diligence checks in accordance with applicable laws and regulatory requirements, including anti-money laundering (AML) and counter-terrorist financing (CTF) requirements
  • contacting a business partner’s employee/contact via telephone, email, or postal mail
  • accounting, payment processing, and financial administration

The legal basis for data processing is Art. 6(1)(b), Art. 6(1)(c) and Art. 6(1)(f) of the GDPR. Our legitimate interest lies in managing the business relationship, preventing fraud and ensuring efficient operations.

  1. Automated Decision-Making
    Edict Group does not use automated decision-making or profiling within the meaning of Art. 22 GDPR in the context of business partner relationships.
  1. Categories of Personal Data
  • General personal data (name, surname, title, job title)
  • Contact details (address, telephone number, email address)
  • Payment and bank details
  • Private personal data required under AML and due diligence regulations (date of birth, nationality, residential address, copies of identification documents and beneficial ownership information)
  1. Recipients of Personal Data
    Edict Group shares the personal data with the following recipients:
  • Edict Group uses processors to process personal data for the aforementioned purposes, who process the personal data on Edict Group’s behalf. Edict Group always retains control over the respective personal data and remains responsible for the data processing.
  • Edict Group transmit personal data in individual cases to courts, law enforcement authorities, regulatory and supervisory authorities, tax consultants and lawyers, insofar as this is legally permissible or required.
  1. Transfer to Third Countries
    Data transfers to countries outside the EU/EEA will only occur if necessary for contractual performance. Such transfers will only take place, if an adequate level of data protection has been confirmed for that third country by the European Commission, if an adequate level of data protection has been agreed with the data recipient (e.g., by means of EU Standard Contractual Clauses) or if you have given your consent.
  1. Retention Period
    The personal data will only be retained for as long as necessary for fulfilling the purposes outlined above, including for the purposes of satisfying any legal, accounting, or reporting requirements.
  1. Data Subject Rights
    Provided the respective requirements are fulfilled, Edict Group business partners have the following rights:
  • Right of access to personal data stored by us (Art. 15 GDPR)
  • Right to rectification of inaccurate personal data or right to have incomplete personal data completed (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

If a data subject has given Edict Group consent to process its personal data, the data subject has the right to withdraw its consent at any time. Withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of consent until such time as consent is withdrawn.

Dated: 11 September 2025