Privacy Policy of FanTeam.com (v.1.2)
Effective date: August 11, 2025
FanTeam (“Website” or “Service”) is operated by two companies that act as data controllers depending on your place of residence:
Scout LTD – controller for users in the United Kingdom; licensed and regulated by the UK Gambling Commission.
- Registered Office: 64, Excalibur, B. Bontadini Street, Birkirkara BKR 1737, Malta
- Registration & License: Company No.: C 64899; UKGC Account No.: 39669
- Public Contact: support@fanteam.com
Scout & Co. LTD – controller for users outside the UK; licensed and regulated by the Malta Gaming Authority (MGA).
- Registered Office: 64, Excalibur, B. Bontadini Street, Birkirkara BKR 1737, Malta
- Registration & License: Company No.: C 81596; MGA License No.: MGA/B2C/368/2017
- Public Contact: support@fanteam.com
1. What Personal Data We Process
We collect the following categories of personal data to provide and secure our Service.
Account Identifiers
- Examples: First/last name, date of birth, gender, postal address, nationality, email, phone number, User ID.
- Source: User-supplied
KYC / AML Artefacts
- Examples: Scans of government-issued ID, proof-of-address documents, proofs of ownership of payment methods, screening results, and risk-scores.
- Source: User & verified providers
Device & Usage Data
- Examples: IP address, device type, browser/OS information, cookie IDs, login history, and records of interaction with the Service.
- Source: Automated
Sportsbook Feed
- Examples: For Sportsbook wagers handled by data-processor Altenar: bet-slip selections, stakes, odds, potential winnings, and outcome.
- Source: Generated during play
Payment Data
- Examples: Deposit/withdrawal metadata, payment service provider (PSP) tokens, IBANs, and transaction history.
- Source: PSPs & User-supplied
Marketing Preferences
- Examples: Your opt-in/opt-out status for marketing communications, preferred channels, and interaction metrics.
- Source: User-supplied
Minors: This Website is intended for individuals aged 18 years and over. We perform age-verification checks, and any account found to be used by a minor will be closed. Associated personal data will be erased once all statutory retention duties have lapsed.
2. Why We Process Your Data — Our Legal Bases
We only process your personal data when we have a valid legal basis to do so under data protection law.
Account Set-up & Contract Performance
- Key Activities: Registration, identity verification, enabling gameplay, processing payments, customer support.
- Lawful Basis: Contract
Regulatory Compliance
- Key Activities: KYC/AML checks, age verification, tax and audit logging, mandatory reporting to authorities.
- Lawful Basis: Legal Obligation
Responsible Gambling & Crime Prevention
- Key Activities: Automated risk-scoring, crime record detection, geolocation blocking, managing self-exclusions.
- Lawful Basis: Legitimate Interest
Service Improvement & Security
- Key Activities: Performance analytics, service optimisation, system logging, and incident response.
- Lawful Basis: Legitimate Interest
Marketing & Personalisation
- Key Activities: Newsletters, promotional offers, personalised recommendations.
- Lawful Basis: Consent; you may withdraw at any time.
3. Automated Processing & Profiling
To protect our users and comply with our legal obligations, we use automated systems for certain functions, such as risk scoring, applying responsible gambling limits, and tailoring bonuses.
Your Right to Human Review: You have the right to request human review of any automated process that results in a decision producing a legal or similarly significant effect on you. You may express your viewpoint and contest the decision by following the contact process in Section 7. We will respond within one month.
4. Who Receives Your Data (Recipients)
We do not sell your personal data. We share it only with trusted third-party partners (data processors) who are contractually bound to protect it, or where legally required.
Third-Party Service Providers (Data Processors)
Gaming Platform & Infrastructure
- Altenar Software Limited, Amazon Web Services EMEA SARL, BMIT Technologies p.l.c., CLOUDFLARE LIMITED, Hetzner Online GmbH
Payments & Identity Verification
- EPG SUPPORT ESPAÑA SL, Finductive Ltd, GB Group Plc, Klarna Bank AB, Paynt UAB, PayPal UK Ltd, Paysafe Payment Solutions Limited, Skrill Limited, Trustly Group AB, XACE Limited
Customer Support & Communications
- Bird.com Inc., Habla Incorporated, Optimove UK Limited, Twilio Inc., Zendesk, Inc.
Business Analytics & Operations
- Asana, Inc., Atlassian Corporation, Duboce Labs, Inc., Grammarly, Inc., Holistics Software Pte.Ltd., OpenAI, L.L.C., Scaleo Solutions s.r.o., Slack Technologies, Inc.
Regulatory & Legal Disclosures
In addition to the processors above, we may be legally required to disclose your data to the following types of entities:
- Regulators & Dispute Bodies: Such as the UK Gambling Commission, Malta Gaming Authority, and approved Alternative Dispute Resolution (ADR) providers like the Independent Betting Adjudication Service Limited and Blexr Limited.
- National Self-Exclusion Schemes: Including The National Online Self Exclusion Scheme Limited (GAMSTOP) in the UK.
- Law Enforcement & Competent Authorities: Where required by a binding legal order (e.g., subpoena, court order, or anti-money laundering reporting obligations).
5. International Data Transfers
We primarily host and process data within the European Economic Area (EEA) and the UK. When we transfer personal data to a country that has not received an EU or UK adequacy decision, we ensure its protection by relying on one or more of the following legal safeguards:
- The EU Standard Contractual Clauses (SCCs), supplemented by the UK’s International Data Transfer Addendum.
- Robust technical measures, including at-rest and in-transit encryption, pseudonymisation, and strict access controls.
6. Data Retention
We retain your data only for as long as necessary. Our retention periods are determined by legal and operational requirements.
KYC, Transactional & Due Diligence Files
- Minimum Retention Period: 5 years after the business relationship ends.
- Principal Rationale / Basis: AML/CFT Regulations
Self-Exclusion Records
- Minimum Retention Period: 7 years after the exclusion period ends.
- Principal Rationale / Basis: To comply with safer gambling obligations and manage legal claims.
Security & System Logs
- Minimum Retention Period: Up to 2 years from date of creation.
- Principal Rationale / Basis: System security and integrity
Marketing Consent Records
- Minimum Retention Period: Up to 2 years after consent is withdrawn.
- Principal Rationale / Basis: To maintain suppression lists and demonstrate historic consent.
You may request the anonymisation of your closed account data once all statutory retention periods have expired.
7. Your Privacy Rights & How to Exercise Them
You have comprehensive rights over your personal data:
- Access your data.
- Rectify inaccurate information.
- Erase your data ("right to be forgotten"), subject to our legal holds.
- Restrict the processing of your data.
- Data Portability (receive your data in a machine-readable format).
- Object to processing based on our legitimate interests.
- Withdraw Consent for marketing at any time.
- Human Review of significant automated decisions.
Contacting Us
To exercise your rights, please follow this process. We will respond to all legitimate requests free of charge and within one month.
-
Step 1: Contact Customer Support (Recommended First Step) For the fastest response to any query, including privacy matters, please contact our support team first:
- Email: support@fanteam.com
- Post: Data Rights Team, Scout, 64, Excalibur, B. Bontadini Street, Birkirkara BKR 1737, Malta
-
Step 2: Escalate to the Data Protection Officer (DPO) If you are not satisfied with the resolution provided by our support team, you may contact our Data Protection Officer directly:
- DPO Email: wen@igagroup.com
Your Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection authority at any time, without prejudice to any other administrative or judicial remedy.
- UK: Information Commissioner’s Office – ico.org.uk – ☎ +44 303 123 1113
- Malta: Office of the Information & Data Protection Commissioner – idpc.org.mt – ☎ +356 2328 7100
8. Security Measures
We take the security of your data seriously and implement robust technical and organizational controls aligned with ISO 27001 standard, including:
- Multi-factor authentication for all administrative access.
- TLS 1.3 encryption for data in transit and strong encryption for data at rest.
- Network segregation and least-privilege access principles.
- Continuous vulnerability scanning and regular third-party penetration testing.
- Automated fraud monitoring and response systems.
9. Marketing Choices & Cookies
- You can opt-out of all non-essential marketing emails at any time via the "unsubscribe" link in messages, through your account settings, or by contacting support.
- For detailed information on our use of cookies and to manage your granular consent choices, please see our separate Cookie Policy.
10. Changes to This Policy
We may update this policy to reflect legal, technical, or business changes. We will notify you of significant changes on our Website and, where legally required, via email. The "Effective date" at the top of this policy indicates when it was last revised.
© 2025 Scout LTD / Scout & Co. LTD – All rights reserved.