Last updated on 16/04/2023 (We retain the right to change our Privacy Policy at any time in case update is needed. Any new change shall apply from the date we publish them. Any further updates will be listed on this web page, so please check back periodically).

Welcome to https://thundermonkey.io/ (the “Website”)

Who We Are

The Data Controller of Your Personal Data is Thunder Moneky Ltd, an Isle of Man Company with registration number 018830V, having its registered address at 49 Victoria Street, Douglas, Isle of Man, IM1 2LD (the “Company” “We” “Us” “Our”)]. The purpose of this Privacy Notice is to inform You of how the Company collects, processes, uses, stores and protects Your Personal Data as well as the rights You have with respect to the processing of Your Personal Data.

By visiting Our Website and using Our Services, You acknowledge reading and fully considering this Privacy Notice.

The Company acknowledges that in collecting Your Personal Data We are bound by the laws of Isle Of Man and will process Your Personal Data in accordance with GDPR. For any further requests or queries about how We use Your Personal Data, You may address Us/Our Data Protection Officer through the following email address: dpo@thundermonkey.io

Definitions

Capitalised terms in this Notice shall have the meaning assigned to them under GDPR, and shall be construed accordingly. Furthermore, the following definitions shall apply:

  • Contact Form – an online form which You fill in with Your contact details in order to get in touch with Us.
  • GDPR – the General Data Protection Regulation (EU) 2016/679, of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC, as amended, replaced or superseded and in force from time to time.
  • Services – the Services provided by the Company through the Website.
  • User – any person who fills in the Contact Form (“You”, “Your”).
  • DPO – Data Protection Officer

Subject Matter

This Privacy Notice sets out the terms and conditions which the Company follows in order to protect the privacy of Our Users. It describes the conditions under which We make any collection and processing of Your Personal Data and ensure their security and confidentiality.

The Company reserves the right to amend and update this Privacy Notice, whenever it deems appropriate, and any changes thereof shall come in force and effect from the instance they appear online on the Website. Any substantial modifications to this Privacy Notice will communicated to You.

Principles of Data Processing

We fully respect Your fundamental rights and consider protection of Your Personal Data to be a priority. Accordingly, when processing Your Personal Data, We follow the following basic principles:

  • We submit Your Personal Data only to lawful and fair processing, and We maintain full transparency vis-à-vis the way We handle Your Personal Data.
  • We collect and process Your Personal Data only for specified, explicit, and legitimate purposes as outlined in this Privacy Notice, and We do not process it further in any manner incompatible with these purposes.
  • We process Your Personal Data only to the extent that it is necessary and appropriate to purposes for which it is collected.
  • We make reasonable efforts to ensure that Your Personal Data is accurate and, where necessary, updated with regard to the purposes of the processing, taking all reasonable steps to immediately delete or correct it in case of inaccuracy.
  • We process Your Personal Data in a manner that guarantees its security by using appropriate technical and organizational measures.

In general, We comply with all applicable laws statutory obligations, as Data Controller of Your Personal Data.

Types of Personal Data Collected

We will collect and process the following information/documentation about you:

Information You Give Us

KYC Data

  • Copy of Passport or Identity Card of customer’s directors. Where this does not include residential address, we will also ask for the residential addresses.
  • Copy of Passport or Identity Card of customers’ ultimate beneficial owners. Where this does not include residential address, we will also ask for the residential addresses.
  • Full name and signature of the customer’s authorised signatory/ies.
  • Political Status of ultimate beneficial owners

Information Collected from Third Parties or Publicly Available Sources

We may receive personal data about you from public sources as set out below (“Public Sources Data”):

  • Google searches;
  • Commercial Register websites;
  • Company databases;
  • Customer due diligence and sanctions portals/databases.

If we start to collect any other data that is not in line with the above, this Privacy Policy shall be updated.

If you provide us with any additional data which is special category data, because for example it relates to your health, we will provide you with a separate Privacy Policy in relation to such data.Furthermore, the Company processes any other Personal Data directly provided by You during Your interaction with Us.

Purposes and Legal Basis for Data Processing

We will only use your personal data when lawful to do so. Generally, this would be in the following circumstances:

●       When we need to in order to be able to provide you with our services in line with the contract we have with you or are about to enter into with you

●       Where it is necessary for our legitimate interests and your interests do not override those interests;

●       Where we need to comply with an obligation under law including Anti-Money Laundering and Funding of Terrorism Laws, sanctions laws and gaming laws.

Purposes of Collecting and Processing the Information:

We collect, store and use your information to provide you with a safe, smooth, efficient, and customized experience. We use the information collected from you for the following purposes:

Type of data Lawful basis for processing Purpose for which the data will be processed
KYC DataPublic Sources Data   Performance of a contract with you     Complying with our legal obligations   Legitimate interests This information is necessary in order to conclude and make binding the contract to be entered into between us and to be able to provide you with our services in line with the contract and performing our obligations arising from it. Complying with our legal obligations under Anti-Money Laundering, gaming and sanctions laws. Our legitimate interest to protect our brand against reputational and integrity risks.

Your information may also be used for legal and regulatory compliance purposes, including as necessary: to respond to governmental or regulatory entities requests; to comply with our legal obligations under current Anti-Money Laundering laws and Regulations and any applicable current local and international laws including gaming laws; to identify misuse of our systems and any fraud or other illegal or unlawful activity or any other activity which is or may be contrary to our legal and regulatory compliance obligations.

Your personal data will be processed automatically with the aim of evaluating certain personal aspects (profiling). We use profiling for the purposes of risk mitigation and to comply with our obligations under gaming laws. As a rule, we do not make decisions based solely on automated processing as defined in Article 22 of the GDPR to establish and implement the business relationship, as there is always an element of human involvement in such decisions. If we use these procedures in individual cases, we will inform you of this separately, provided this is allowed by law.

Data Recipients

Your personal data will be disclosed to the third parties set out below for the purposes listed in the table above.

We shall only disclose your personal data to third parties where lawful to do so including where we:

●       Need to in order to provide you with the service;

●       Need to in order to obtain services from third parties in order to provide you with the service;

●       Have a legal duty to do so e.g. assisting with detecting and preventing fraud and crime or regulatory reporting or in relation to problem gaming;

●       Have a legitimate interest for the purposes of litigation or asserting and defending our legal rights and interests;

●       Have a legitimate business interest to do so for managing risk;

●       Have been instructed by you to do so;

●       Are required to disclose the information in response to legal process (for example, a court order, search warrant or subpoena);

●       Have a reasonable and good faith belief that there is an emergency that poses a threat to the health, life and/or safety of you, another person or the public generally; and

●       In order to protect the rights or property of Thunder Monkey Ltd, including to enforce our contract.

We will disclose your personal data to third parties which include:

●       Regulators and other authorities as may be required by law or by courts of law;

●       Law enforcement, government, courts, dispute resolution bodies, regulators and any party appointed or requested by regulators to carry out investigations or audits of our activities;

We will disclose your personal data to external service providers and third-party vendors. We shall only disclose the personal data which is necessary for such third parties to deliver the required service. These include:

●       Professional advisors including lawyers, compliance officers of game providers if required, auditors and insurers;

These third parties act as data processors on behalf of the company. We shall obtain guarantees from such third parties to ensure that they process your data in line with the GDPR, to keep your information secure and not to use it for their own purposes.

Employees of the company shall also have access to your personal data for the purpose of executing their duties and providing you with assistance and the service.

.

The processing of Your Personal Data by Our Data Processors is done under a contract compelling Data Processors to the same level of data protection provided under this Privacy Notice.

We will not disclose Your Personal Data with any third parties outside of the Isle of Man and European Union. However, in the event that such a data transfer occurs, We will take all reasonable steps possible to ensure that Your data is treated as securely as it is within the European Union and in accordance with this Privacy Notice and applicable legislation. Additionally, we will update this Privacy Notice to reflect the cross-border data transfer and the relevant safeguards for Your privacy.

A transfer, or set of transfers, may be made outside of the Isle of Man and European Union where the transfer is:

·       Made with the individual’s informed consent;

·       Necessary for the performance of a contract between the individual and the organisation or for pre-contractual steps taken at the individual’s request;

·       Necessary for the performance of a contract made in the interests of the individual between the Data Controller and another person;

·       Necessary for important reasons of public interest;

·       Necessary for the establishment, exercise or defence of legal claims;

·       Necessary to protect the vital interests of the Data Subject or other persons, where the Data Subject is physically or legally incapable of giving consent; or

Made from a register which under UK or EU law is intended to provide information to the public (and which is open to consultation by either the public in general or those able to show a legitimate interest in inspecting the register)

Data Security and Confidentiality

In order to ensure the proper use and integrity of Your Personal Data and to prevent unauthorised or accidental access, processing, deletion, alteration or other use, the Company applies appropriate internal policies and takes all appropriate organizational, technical and procedural security measures, as well as technical standards, in accordance with applicable laws and regulations.

The processing of Your Personal Data by the Company is conducted in a manner that ensures confidentiality and security, taking into account the latest developments, implementation costs and the nature, scope, context and purposes of the processing, as well as the risks for Your rights and freedoms, which are applicable in each circumstance.

Your Personal Data is processed solely by authorised personnel of the Company, bound by strict obligations of confidentiality.

Retention of Personal Data

We will only retain your personal data for as long as necessary to fulfil the purposes for which they were collected.

All data will be maintained for the duration of your relationship with us. Following termination of the relationship, the following data will be retained in the following manner:

Data Type Retention Period Retention Basis
KYC Data (including services agreements with authorised signatory details), Public Sources Data. Five years Legitimate interest of protection, defending, establishment or exercise of legal claims, disputes, and/or investigations.Personal data may be held longer where required for an investigation, claim, dispute or litigation or where there is a reasonable suspicion that the customer has been involved in criminal activities.

Your Rights

You have the right:

·       To Transparent Information – you have the right to be informed in a clear manner on any personal data pertaining to you that may be processed by us. Such information is being provided to you in this Privacy Policy. 

·       of Access to Information – you have the right to request confirmation from us whether personal data relating to you is being processed and if so to access such personal data.

·       To lodge a request, contact our DPO on the details above. If you would only like to receive information on a specific category of data, please indicate such category e.g. ‘Identity Data’ or ‘Contact Data’.

·       to Rectification – you have the right to request from us the rectification, without delay, of any inaccurate personal data pertaining to you. You may change your data by emailing dpo@thundermonkey.io

·       to Be Forgotten – you have the right to request from us the erasure of all personal data pertaining to you without delay, where the data has been processed with your consent as the basis for processing and/or where the processing is no longer lawful.

·       to Restrict Processing – you have the right to request from us the restriction of processing if: processing is unlawful; you are contesting the accuracy of data; the data is no longer required by the controller but you require us to keep it in order to establish, exercise, or defend a legal claim; or if you have previously objected to the processing. Once data is restricted, we cannot process it in any way other than to store it unless: we have your consent; or if it is required for the establishment, exercise, or defence of legal claims; or if it is for the protection of the rights of other persons; or if it is for reasons of important public interest.

·       Please note that this does not extend to personal data which is inferred or derived by us.

·       to Data Portability – you have the right to receive from us personal data which you have provided to us and to transmit that data to another controller without hindrance from us. This right applies where the data is being processed with your consent, or for the performance of a contract, and when processing is carried out by automated means.

·       to Object – you have the right to object at any time to the processing of personal data pertaining to you where the processing is based: on our legitimate interest; or the performance of a task in the public interest/exercise of official authority; or on direct marketing (including profiling); or on processing for purposes of scientific/historical research and statistics.

·       You also have the right to object to profiling based on our legitimate interests or on the performance of a task in the public interest/exercise of official authority.

·       You also have the right to object to automated decision making, including profiling, and therefore to not be subject to a decision which is based solely on automated processing, including profiling, which produces legal effects or significantly affects you.

If You feel that Your rights are infringed, You have the right to file a complaint with the Office of the Information and Data Protection Commissioner at the following website https://inforights.im/complaint-handling/how-to-make-a-complaint-to-the-information-commissioner/.

Your Obligations

By using Our Website and by providing Your Personal Data, You acknowledge that You are required to provide Your actual, accurate and complete data as requested by the Company. Furthermore, You must inform Us of any changes to Your information so as to ensure it is kept up-to-date and accurate.

Since we require your data for the purposes of accepting and carrying out a relationship with you and fulfilling our contractual and legal obligations, should you choose not to provide us with such data, iIf You are found to be in breach of Your obligations or if We have reasonable suspicion that the information You provide is false or in any way contrary to applicable law or this Privacy Notice, We retain the right to reject entering into a business relationship with you and fulfil the agreement that you are entering into with us and our obligations thereunder.. In this case, You will have no right to any compensation.

Anti-money laundering obligations and gaming laws require us to ask for personal data at certain intervals. In order for us to be able to comply with these statutory obligations, we will ask you to provide us with the necessary information and documents and notify us without undue delay of any changes that may arise during the course of the business relationship. Should you choose not to provide us with such data, we might not be in a position to enter into or continue our business relationship and fulfil the applicable agreement between us and our obligations thereunder, as we would be in breach of our obligations.

We will also require information at certain intervals from you which we will need in order to protect our brand against reputational and integrity risk in line with our legitimate interests. Where you do not provide us with such information we are free to choose not to enter into or continue our business relationship with you.

Reference is made to the agreement that you are entering into with us, whereby you have undertaken to provide us with certain personal data, including documentation, and to inform us of any changes to such data. In these circumstances, the provision of personal data is a contractual requirement.

You are never obliged to provide us with any data which we request on the basis of your consent.

Processing Data Through Consent

The processing of data highlighted above does not require your consent as it relies on another legal basis.

We may however also request to process additional personal data on the basis of your consent. You are not obliged to give us your consent. Once you have granted us consent to the processing of personal data for an identified specific purpose, the processing becomes lawful on the basis of such consent. You can withdraw your consent at any time. Withdrawal of consent does not affect the legality of data processed prior to withdrawal.

You can withdraw your consent at any time by contacting in writing our DPO at: dpo@thundermonkey.io

At the time of withdrawal of consent, we may determine that there is another legal ground allowing us to process your data and we shall inform you accordingly.