This Privacy Policy is effective as of 26 Jan 2026. We may update this Policy from time to time, and any changes will be published on this page together with the date on which they take effect.
At Delasport Limited (“Delasport”, “we”, “us”), we take privacy and data protection seriously. Safeguarding the personal data of individuals who interact with our website, communicate with us, or use our services is an essential part of how we operate. This Privacy Policy explains how we collect, use, and share personal data in connection with our business activities.
The sections below provide a detailed explanation of our data processing practices, and we encourage you to read this Policy in full. We also recognise that people have limited time, so we have structured the information clearly to help you quickly understand how and why we process personal data.
We process personal data in accordance with the applicable Data Protection Legislation, as below:
• the Gibraltar General Data Protection Regulation (“Gibraltar GDPR”),
• the Data Protection Act 2004 (as amended), and
• the GDPR (Regulation (EU) 2016/679)
1. WHO WE ARE
• Delasport Limited
• Registered Address: Finsbury House, 32 Line Wall Road, Gibraltar, GX11 1A
• Email:
[email protected]We are responsible for determining how and why personal data is processed in connection with our website, business communications, and B2B services, in accordance with the applicable laws listed above.
2. DEFINITIONS
For the purposes of this Policy:
• “Website”
The website located at https://www.delasport.com/ operated by Delasport Limited.
• “Personal Data”
Any information relating to an identified or identifiable natural person (“data subject”). An identifiable individual is one who can be identified, directly or indirectly, particularly through identifiers such as a name, ID number, location data, online identifier, or characteristics specific to their identity.
• “Processing”
Any operation performed on Personal Data, whether by automated or non-automated means. This includes collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure, alignment, combination, restriction, erasure, destruction, and any similar activity defined under applicable Data Protection Legislation.
• “Controller” and “Processor”
As defined under applicable Data Protection Legislation. A Controller determines the purposes and means of processing, while a Processor processes data on behalf of a Controller.
• “Data Protection Legislation”
Refers collectively to the Gibraltar GDPR, the Data Protection Act 2004, and, where applicable, the EU GDPR.
• “Cookie”
A small text file placed on your device when visiting our Website or using specific features of our services. Cookies enable functionality, security, analytics, and user preference storage.
3. CATEGORIES OF DATA SUBJECTS AND PERSONAL DATA WE PROCESS
Delasport processes Personal Data only to the extent necessary for the lawful and normal conduct of our business activities, including contractual relations, service delivery, compliance with legal obligations, communication, recruitment, and the fulfilment of regulatory requirements.
Below are the categories of data subjects and the types of Personal Data we process for each group.
3.1 Representatives of Clients, Suppliers, and Business Partners (“Contractors”)
When you represent a company that works with us or engages with us as a potential partner, we may process personal data such as:
• Identification and business details (e.g., name, role, company affiliation);
• Professional contact information (e.g., business email, business phone number, company address);
• Information required for due diligence or regulatory purposes (e.g., documentation demonstrating corporate structure, ownership, or licensing status, where relevant);
• Information provided during onboarding and commercial engagement, including forms, questionnaires, and application materials;
• Contractual and communication-related information, including correspondence, agreements, meeting notes, and records related to negotiations or cooperation.
3.2 Website Visitors
When you visit our website, certain information is collected automatically and stored in log files in accordance with our Data Retention and Deletion Policy. This may include:
• Technical and device information such as IP address, device identifiers, browser type, operating system, and time zone settings;
• Usage and interaction data including pages viewed, navigation paths, session duration, and general website activity;
• Cookie and tracking data, including identifiers used for essential website functionality, analytics, or marketing purposes (where applicable);
• Contact details, if you choose to provide them through our contact forms or communication channels (such as your name, email address, phone number, and the content of your enquiry).
3.3 Individuals Contacting Us (Enquiries & Requests)
When you contact us directly, we may process:
• Basic identity and contact information (e.g., name, email address, telephone number);
• The content of your enquiry, including any information you choose to share in your message or attachments;
• Correspondence records, including our communication history and notes related to the handling of your request.
3.4 Job Applicants
If you apply for a role at Delasport, we may process:
• Identification and contact details provided during your application;
• Professional, educational, and background information contained in your CV, cover letter, or supporting documents;
• Recruitment-related data, such as interview notes, assessment results, and communication records;
• Verification information, such as references or certifications, where relevant to the role;
• Additional documentation requested as part of the recruitment or pre-employment process.
Information collected at the initial application stage may be supplemented with additional data during later stages of the recruitment process.
3.5 Authorised Users of Our B2B Platform Services
When individuals access our platforms or tools on behalf of a client or partner, we may process personal data such as account details (including usernames, roles, access levels, and business contact information), system and activity logs (such as login events, administrative actions, and audit trails), security and operational information (including indicators of unusual activity and data required for security monitoring or incident handling), and technical metadata (such as IP addresses, device information, and system-generated event data). This information is processed to administer user access, maintain the security and integrity of our platforms, and support the effective operation of our services.
3.6 End-Users of Our B2B Clients (Players)
We do not determine the purposes or means of processing player data. Any player-related personal data processed through our platform is handled solely on behalf of our B2B clients. In this context, Delasport acts as a Data Processor, while the relevant operator acts as the Data Controller, in accordance with applicable Data Processing Agreements.
4. Purposes for Which We Process Personal Data
Delasport processes Personal Data only for specific and legitimate purposes connected to operating our business, delivering our services, maintaining our platforms, communicating with stakeholders, and complying with applicable laws.
4.1 Contractual and Pre-Contractual Purposes
We process Personal Data to establish and manage business relationships, prepare and perform contracts, verify authorized representatives, exchange commercial documentation, and provide service-related communications.
4.2 Service Delivery and Platform Operation
We process Personal Data to provide access to our platforms, operate and support our technology solutions, monitor activity for operational and security purposes, ensure system integrity and performance, and prevent or investigate misuse or unauthorized access.
4.3 Communication and Enquiry Management
We use Personal Data to respond to enquiries, manage correspondence, and maintain ongoing communication with clients, suppliers, and partners.
4.4 Marketing and Client Relations (Where Permitted)
Where allowed, we process Personal Data to send updates or promotional information, share invitations or announcements, and conduct satisfaction or service-quality surveys in line with preferences.
4.5 Recruitment and Talent Acquisition
We process Personal Data to assess candidates, conduct interviews and evaluations, verify qualifications where relevant, manage the selection process, and take steps prior to concluding an employment agreement.
4.6 Legal and Regulatory Compliance
Processing may be required to comply with obligations under relevant tax, accounting, AML, gaming, corporate, or regulatory frameworks, to respond to lawful requests from authorities, and to maintain necessary business records.
4.7 Protection of Rights and Interests
We process Personal Data to verify partner compliance, prevent fraud, safeguard our systems and operations, manage internal governance requirements, and establish, exercise, or defend legal claims.
5. Legal Bases for Processing Personal Data
Delasport relies on the following legal bases, depending on the context and relationship with the individual.
5.1 Contractual Necessity
Processing is necessary to enter into or perform a contract, fulfil contractual obligations, or take steps at the request of an individual before entering into a contract. This applies primarily to representatives of clients, suppliers, and partners.
5.2 Legal Obligation
Processing is required to comply with obligations under applicable tax, accounting, corporate, AML, or regulatory laws, or to respond to lawful requests from supervisory authorities or courts.
5.3 Legitimate Interests
We process Personal Data where necessary for our legitimate business activities, including ensuring platform security, preventing fraud, verifying partner compliance, maintaining business relationships, managing communications, keeping records, supporting operational continuity, and handling or defending legal claims. We balance these interests against the rights and freedoms of individuals.
5.4 Consent
Where required, we rely on consent, for example for direct marketing (where applicable), non-essential analytics technologies, or keeping candidate information for future opportunities. Consent can be withdrawn at any time.
5.5 Processor Role
For player-related data processed on behalf of our B2B operator clients, Delasport acts solely as a Data Processor. The operator is the Data Controller, and processing is performed only on the basis of documented instructions and governed by a Data Processing Agreement.
6. Cookies & Tracking Technologies
We use cookies and similar technologies to operate our Website, enhance functionality, understand how visitors use our pages, and support certain analytics and marketing activities. Cookies are small text files stored on your device that allow the Website to recognise your browser and remember certain information.
6.1 Types of Cookies We Use
We have classified cookies into the following categories:
• Necessary Cookies
Essential for the operation and security of the Website. These enable core features such as page navigation, session handling, and access to secure areas. You cannot disable these cookies through the cookie banner, although you may block them at browser level (which may affect functionality).
• Preferences Cookies
Allow the Website to remember your choices and settings (e.g., language, region, interface preferences), providing a more personalized browsing experience.
• Statistics Cookies
Help us understand how visitors interact with the Website by collecting aggregated and anonymized usage data. These cookies support performance improvements and are activated only with your consent.
• Marketing Cookies
Used to track visitors across websites for advertising and measurement purposes. They allow us—and selected third parties—to deliver more relevant content and analyse campaign effectiveness.
• Unclassified Cookies
These are cookies that have not yet been assigned to a specific category. They are reviewed regularly and categorized once their purpose and function are identified.
6.2 Managing Your Cookie Preferences
When you first visit our Website, you will be presented with a Cookie consent banner, where you may accept, reject, or customize your cookie preferences.
You may change or withdraw your consent at any time by accessing the Cookie Settings panel displayed on our Website.
Most browsers also allow you to block or delete cookies manually. However, blocking certain cookies may impact the performance or functionality of the Website. See below:
• Google Chrome
• Microsoft Edge
• Microsoft Internet Explorer
• Mozilla Firefox
• Opera
For more information on the specific cookies used, their providers, and duration, please review the information available directly through Cookie Settings.
7. How We Share Personal Data
We may share personal data with trusted third parties where necessary for the operation of our business, for the performance of our contractual obligations, or to comply with legal requirements. Whenever we share personal data, we ensure that appropriate safeguards and contractual protections are in place.
We may share personal data with:
• Members of our group of companies
Whenever this is necessary for internal administration, service delivery, security, or support.
• Service providers and vendors
Who support our operations, including:
o IT and cloud hosting providers;
o CRM and communication platforms;
o Security and monitoring services;
o Professional advisors (legal, audit, consulting);
o Marketing and business development tools;
o Tools used for system maintenance, diagnostics, and technical support.
All service providers are contractually required to process personal data only in accordance with our instructions and to apply adequate security measures.
• Public authorities and regulators
Where required to do so under applicable law, including courts, law enforcement, regulatory bodies, tax authorities, or other governmental institutions.
• Business partners
Where necessary for account management, contractual performance, or technical integration between the parties.
• Corporate transactions
If we undergo a merger, acquisition, restructuring, or sale of assets, personal data may be shared with prospective or actual transaction partners, subject to confidentiality obligations.
We do not sell personal data.
8. INTERNATIONAL DATA TRANSFERS
As a Gibraltar-based organization with international operations, personal data may be transferred to countries outside Gibraltar or the European Economic Area, including to group companies in the EU and Ukraine and to certain external service providers.
Whenever personal data is transferred internationally, we ensure that it continues to receive a level of protection consistent with Gibraltar GDPR and, where applicable, the EU-GDPR requirements. This may include the use of:
• Standard Contractual Clauses (SCCs) issued by the European Commission
• Gibraltar-recognized transfer mechanisms
• Additional organizational and technical safeguards where required
These safeguards ensure that data transferred abroad remains adequately protected.
You may contact us for additional information about the safeguards applied to international transfers and the jurisdiction involved.
9. DATA RETENTION
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including:
• providing and supporting our services,
• managing our business and contractual relationships,
• complying with legal, regulatory, and accounting obligations,
• resolving disputes and enforcing agreements,
• ensuring the security and integrity of our systems.
Once personal data is no longer required for these purposes, it is securely deleted, anonymised, or archived in accordance with our internal policies and applicable legal requirements.
10. SECURITY MEASURES
Delasport employs a comprehensive set of technical and organisational safeguards designed to protect Personal Data against unauthorised access, alteration, disclosure, or loss. Our information-security practices are aligned with recognised industry standards and aim to preserve the confidentiality, integrity, and availability of the data we process.
To ensure a high level of protection, Delasport implements the following security measures:
• ISO 27001-aligned security governance to maintain a structured, risk-based information-security framework.
• Strong encryption technologies, including TLS 1.2+ for data in transit and AES-256 for data at rest, ensuring that Personal Data remains protected throughout its lifecycle.
• Strict access-control mechanisms based on role-based permissions, allowing only authorized personnel, agents, or service providers to access Personal Data for legitimate business or regulatory purposes.
• Mandatory employee training on data protection, privacy, and information-security practices, reinforcing responsible handling and continuous awareness across all levels of the organization.
• Layered technical safeguards, such as continuous network monitoring, intrusion-detection systems, vulnerability scanning, and penetration testing to proactively identify and mitigate potential security threats.
• Physical security controls, including secure facilities, controlled access to sensitive areas, and certified procedures for hardware disposal to prevent unauthorized physical access to systems and infrastructure.
• Third-party oversight, ensuring that all external vendors and service providers with access to Personal Data comply with equivalent security and confidentiality obligations, supported by appropriate contractual and technical safeguards.
• A documented Incident and Breach Response Procedure, outlining responsibilities, escalation paths, communication protocols, and required regulatory notifications. All security or privacy incidents are promptly logged, investigated, and subject to post-incident review to strengthen our security posture.
These combined measures ensure that Personal Data entrusted to Delasport is processed securely and in accordance with applicable privacy laws, regulatory requirements, and industry best practices.
11. Data Subjects Rights
Under the Gibraltar GDPR, and where applicable the EU data protection legislation, you have several rights in relation to the Personal Data we process about you. We respect and uphold these rights, and you may exercise them at any time by contacting us using the details provided in this Policy.
Your rights include:
11.1 Right to be informed
You have the right to be informed about how we collect, use, store, and share your Personal Data. This Privacy Policy is designed to provide you with this information, but you may contact us at any time if you require further clarification.
11.2 Right of access
You have the right to request confirmation as to whether we process your Personal Data and, if so, to obtain a copy of that data along with supporting information about our processing activities.
11.3 Right to rectification
If any Personal Data we hold about you is incorrect, incomplete, or outdated, you have the right to request that it be corrected or updated without undue delay.
11.4 Right to erasure (“right to be forgotten”)
You may request that we delete the Personal Data we hold about you where there is no lawful reason for us to continue processing it. This right may apply, for example, when the data is no longer necessary for the purposes for which it was collected or where you have withdrawn your consent (where consent is the legal basis).
11.5 Right to restriction of processing
You have the right to request that we restrict the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or when you require the data to establish or defend legal claims.
11.6 Right to object
You may object to our processing of your Personal Data where the processing is based on our legitimate interests. We will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless the processing is necessary for legal claims.
11.7 Right to withdraw consent
Where we rely on your consent to process Personal Data, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent prior to its withdrawal.
11.8 Right to object to direct marketing
You may object at any time to the processing of your Personal Data for direct marketing purposes. If you object, we will cease processing your data for this purpose. You also have the right to object to profiling to the extent that it is related to direct marketing.
11.9 Right to data portability
In certain circumstances, you may request a copy of the Personal Data you have provided to us in a structured, commonly used, and machine-readable format. You may also request that we transmit this data directly to another controller where technically feasible. This right applies where processing is based on consent or contract and is carried out by automated means.
11.10 Rights related to automated decision-making and profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects for you. Delasport does not make such decisions using your Personal Data.
11.11 Right to lodge a complaint with a supervisory authority
If you believe that your rights have been violated or that your Personal Data has been processed unlawfully, you have the right to lodge a complaint with the relevant data protection supervisory authority. You may also contact us directly, and we will do our best to address your concerns.
Supervisory Authority (Gibraltar):
Gibraltar Regulatory Authority (GRA)
Website: https://www.gra.gi/data-protection
Email:
[email protected]To exercise any of these rights, contact:
[email protected]12. CHILDREN’S DATA
Our Website and services are not intended for individuals under the age of 18.
We do not knowingly collect or process Personal Data relating to children. If we become aware that Personal Data has been collected from a minor, we will take appropriate steps to delete such information.
13. AUTOMATED DECISION-MAKING & PROFILING
We do not use automated decision-making that produces legal or similarly significant effects on Website visitors, applicants, or business partners.
As part of our B2B platform and operational services, we may use automated tools for purposes such as:
• security monitoring and incident detection
• fraud and risk analysis
• system diagnostics, performance evaluation, and anomaly detection
These automated processes are used solely to ensure system integrity and service security, and they do not evaluate or profile individuals in a way that produces legal effects or significantly affects them.
14. Third-Party Links
Our Website may contain links to third-party websites, applications, or services that are not controlled or operated by Delasport. These external sites may have their own privacy policies, terms, and data processing practices. We are not responsible for the content, security, or privacy practices of such third parties, nor for how they collect, use, or handle your Personal Data.
We encourage you to carefully review the privacy policies of any third-party websites you visit. Delasport accepts no liability for any processing of Personal Data carried out by those third parties.
15. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect changes in our business operations, the services we provide, technological developments, or applicable legal or regulatory requirements. The “Last Updated” date at the top of the Policy indicates the most recent version. Any updates become effective once published on our Website, unless otherwise specified.
Where changes are material in nature—such as significant adjustments to how we collect or use Personal Data, changes to your rights, or modifications to our legal bases for processing—we will make reasonable efforts to notify you in advance. We may do so by email (where appropriate), through a notice on our Website, through our client communication channels, or by other agreed methods.
We encourage you to periodically review this Privacy Policy to ensure that you remain informed about how we process your Personal Data. Continued use of our Website or services after changes take effect will constitute acknowledgment of the updated Policy.
If a change requires your consent under applicable Data Protection Legislation, we will request such consent separately. Where consent is not provided, certain services or functionalities may not be available to you.
16. CONTACT US
You may exercise your privacy rights or raise any concerns regarding the processing of your Personal Data by contacting our designated Data Protection Officer (DPO) at
[email protected].
