Who We Are
Stakesoft Software Limited ("StakeSoft", "we", "us", "our") is a company incorporated and registered in the Republic of Cyprus with registration number ΗΕ 482721, whose registered office is at Grigori Afxentiou Leoforos 8, Elpa Court, Floor 2, Office 202, 6023, Larnaca, Cyprus. We operate a B2B gaming infrastructure platform ("the Platform") that enables licensed gaming operators to run real-time, full-stack online gaming operations.
For the purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR"), Stakesoft Software Limited is the Data Controller in respect of personal data collected through this website (www.stakesoft.com) and in connection with our B2B commercial activities.
In respect of personal data relating to End Users of our Operator partners, StakeSoft acts as a Data Processor on behalf of those Operators (who act as Data Controllers). This Policy does not govern our processing of End User data — that is addressed in the Data Processing Agreements (DPAs) we enter into with Operator partners.
Scope of This Policy
This Privacy Policy applies to:
- Visitors to the StakeSoft website at www.stakesoft.com;
- Individuals who submit enquiries via our contact forms or by email;
- Representatives, employees, and contacts of existing and prospective B2B Operator partners; and
- Any other individuals whose personal data we collect in the course of our B2B business activities.
This Policy does not apply to the personal data of End Users (i.e. players on an Operator's gaming platform). Processing of End User data is governed by the relevant Operator's own privacy policy and the DPA in place between StakeSoft and that Operator.
Data We Collect
3.1 Information You Provide
We may collect personal data that you voluntarily provide to us, including when you:
- Complete the contact form on our website (name, business email, company, role, message);
- Correspond with us by email, phone, or messaging platforms;
- Attend industry events, conferences, or webinars where we are present;
- Enter into a commercial agreement with us (business contact details, identification documents for KYB purposes); or
- Subscribe to our communications.
3.2 Information Collected Automatically
When you visit our website, we may automatically collect:
| Data Type | Description | Purpose |
|---|---|---|
| IP Address | Your device's internet protocol address | Security, fraud prevention, analytics |
| Browser & Device | Browser type, OS, device type, screen resolution | Technical compatibility, UX optimisation |
| Pages Visited | URLs accessed, time on page, referrer URL | Website analytics, content improvement |
| Session Data | Session duration, click paths, scroll depth | UX research, performance monitoring |
| Cookie Data | Cookie identifiers and preferences | See Section 6 — Cookies |
| Theme Preference | Light/dark mode preference (localStorage) | User interface personalisation |
3.3 Information from Third Parties
We may receive information about you from third-party sources such as LinkedIn, public company registries, industry databases, or referral partners, where you have made that information publicly available or where we have a legitimate business interest in obtaining it for B2B purposes.
How We Use Your Data
We use the personal data we collect for the following purposes:
- Responding to enquiries: Processing contact form submissions and follow-up communications;
- Entering into and managing contracts: Conducting KYB due diligence, negotiating and executing commercial agreements, providing platform access and support;
- Platform delivery: Providing, maintaining, and improving the StakeSoft Platform and related services;
- Communications: Sending service updates, security notices, product announcements, and (where consented) marketing communications;
- Analytics: Understanding how our website is used to improve content, user experience, and marketing effectiveness;
- Legal and compliance: Complying with applicable laws, regulations, court orders, and regulatory requests; conducting AML/CFT screening;
- Security: Detecting and preventing fraud, unauthorised access, and other security incidents; and
- Legitimate interests: Developing and growing our B2B business, maintaining records of B2B relationships, and protecting our rights and interests.
Legal Basis for Processing
Under the GDPR, we rely on the following legal bases for processing personal data:
| Processing Activity | Legal Basis (GDPR Art. 6) |
|---|---|
| Responding to enquiries and pre-contractual communications | Art. 6(1)(b) – Necessary for performance of a contract / pre-contractual steps |
| Executing and managing commercial agreements | Art. 6(1)(b) – Necessary for performance of a contract |
| KYB and AML/CFT compliance screening | Art. 6(1)(c) – Compliance with a legal obligation |
| Regulatory reporting and record-keeping | Art. 6(1)(c) – Compliance with a legal obligation |
| Website analytics and security | Art. 6(1)(f) – Legitimate interests (understanding web traffic, preventing fraud) |
| B2B relationship management and outreach | Art. 6(1)(f) – Legitimate interests (developing B2B relationships) |
| Marketing communications (where not covered by contract) | Art. 6(1)(a) – Consent (where required) |
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms as a data subject. You may object to processing based on legitimate interests at any time (see Section 10).
Cookies & Tracking Technologies
6.1 What We Use
Our website uses the following types of cookies and local storage technologies:
- Strictly Necessary:
ss-theme— a localStorage key that stores your light/dark theme preference. This is essential for the website to function correctly and does not track you. - Analytics Cookies: Where analytics tools are deployed, we may use cookies to collect aggregated, anonymised information about how visitors use our website. This helps us understand and improve our content.
- Functional Cookies: Cookies that remember your preferences to enhance your experience on the website.
6.2 Managing Cookies
You can control and/or delete cookies at any time through your browser settings. Most browsers allow you to block, delete, or manage cookies. Please note that disabling certain cookies may affect the functionality of the website. For guidance on managing cookies, visit www.aboutcookies.org.
6.3 Do Not Track
We respect Do Not Track ("DNT") browser signals. Where DNT is enabled and we are able to detect it, we will not place any non-essential cookies without your consent.
Sharing Your Personal Data
We do not sell your personal data. We may share personal data with the following categories of recipients, where necessary and in compliance with applicable law:
- Service Providers: Third-party vendors who assist us in operating our business (e.g., cloud infrastructure providers, CRM platforms, email delivery services, accounting software). These providers act as Data Processors and are bound by appropriate contractual data protection obligations;
- Professional Advisors: Lawyers, accountants, auditors, and other professional advisors who are bound by professional confidentiality obligations;
- Regulatory and Law Enforcement Authorities: Where required by applicable law, court order, or regulatory request (including Cyprus gaming regulators, the Cyprus Commissioner for Personal Data Protection, or other competent authorities);
- Business Transfers: In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred to the relevant third party, subject to appropriate confidentiality obligations; and
- CompetitionLabs: Our integrated gamification engine provider, to the extent necessary for the delivery of gamification services, under a Data Processing Agreement.
We will always ensure that any sharing of personal data is subject to appropriate safeguards and is limited to what is strictly necessary.
International Data Transfers
StakeSoft is based in Cyprus, which is a member state of the European Union. The EU GDPR applies directly to our processing activities.
Where we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Transfers to countries that have received an adequacy decision from the European Commission; or
- Other appropriate transfer mechanisms as permitted under GDPR Chapter V.
Where our cloud infrastructure providers or service providers operate servers outside the EEA, we contractually require them to comply with GDPR-equivalent data protection standards and to implement appropriate safeguards for personal data.
You may request details of the safeguards we have in place for international transfers by contacting us at privacy@stakesoft.com.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our general retention periods are:
| Data Category | Retention Period |
|---|---|
| Website enquiry / contact form data | 3 years from last contact, or until request for erasure |
| B2B contract and commercial records | 7 years from end of contract (Cyprus Companies Law requirement) |
| KYB / AML due diligence records | 5 years from end of business relationship (AML Directive requirement) |
| Financial and invoicing records | 7 years (Cyprus tax and accounting requirements) |
| Website analytics data | 26 months from collection (aggregated/anonymised) |
| Marketing consent records | Until withdrawal of consent + 3 years for record-keeping |
| Security logs | 12 months from creation |
Upon expiry of the relevant retention period, personal data will be securely deleted or anonymised. Where legal proceedings are ongoing or anticipated, we may retain relevant data for longer.
Your Data Protection Rights
Under the GDPR and applicable Cyprus data protection law, you have the following rights in relation to your personal data:
Right of Access
Request a copy of the personal data we hold about you (Art. 15 GDPR).
Right to Rectification
Request correction of inaccurate or incomplete data (Art. 16 GDPR).
Right to Erasure
Request deletion of your data in certain circumstances ("right to be forgotten") (Art. 17 GDPR).
Right to Restriction
Request that we restrict processing of your data in certain circumstances (Art. 18 GDPR).
Right to Portability
Receive your data in a structured, machine-readable format (Art. 20 GDPR).
Right to Object
Object to processing based on legitimate interests or for direct marketing (Art. 21 GDPR).
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent (Art. 7(3) GDPR).
Right to Lodge a Complaint
Lodge a complaint with the Cyprus Commissioner for Personal Data Protection.
To exercise any of your rights, please contact us at privacy@stakesoft.com. We will respond within one month of receiving your request. We may need to verify your identity before processing your request. There is no charge for exercising your rights, except in cases of manifestly unfounded or excessive requests.
You also have the right to lodge a complaint with the Cyprus Commissioner for Personal Data Protection:
Cyprus Commissioner for Personal Data Protection
Address: 1 Iasonos Street, 1082 Nicosia, Cyprus
Postal: P.O. Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22 818 456
Email: commissioner@dataprotection.gov.cy
Website: www.dataprotection.gov.cy
Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, disclosure, alteration, or destruction. These measures include:
- Encryption of data in transit (TLS 1.2+) and at rest;
- Role-based access controls limiting data access to authorised personnel only;
- Regular security assessments, penetration testing, and vulnerability scanning;
- ISO 27001-aligned information security management practices;
- DDoS protection and CDN security through Cloudflare;
- Multi-factor authentication for administrative access;
- Security incident response procedures aligned with GDPR Article 33/34 breach notification requirements; and
- Regular staff training on data protection and information security.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Cyprus Commissioner for Personal Data Protection within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay where required by the GDPR.
Children's Privacy
The StakeSoft website and Platform are directed exclusively at B2B operators and business professionals. We do not knowingly collect or process personal data from individuals under the age of 18.
If you believe we have inadvertently collected personal data from a minor, please contact us immediately at privacy@stakesoft.com and we will take prompt steps to delete such information.
Our Operator partners are required, as part of their regulatory obligations and contractual commitments with StakeSoft, to implement robust age verification procedures to prevent minors from accessing gambling services.
B2B Operator Data & Data Processing
Where StakeSoft processes personal data of End Users on behalf of Operator partners, StakeSoft acts as a Data Processor under the GDPR. In this capacity:
- We process End User data only on the documented instructions of the Operator (Data Controller);
- We ensure that all staff with access to End User data are subject to appropriate confidentiality obligations;
- We implement appropriate technical and organisational security measures;
- We assist Operators in meeting their obligations to respond to data subject rights requests;
- We notify the relevant Operator promptly of any personal data breach affecting End User data;
- We delete or return End User data to the Operator upon termination of the agreement; and
- We make available all information necessary to demonstrate compliance with GDPR Article 28.
All such processing is governed by a separate Data Processing Agreement (DPA) between StakeSoft and the relevant Operator, in accordance with GDPR Article 28.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make changes, we will:
- Update the "Last Updated" date at the top of this page;
- Post the revised Policy on our website; and
- Where changes are material, notify affected individuals by email or through a prominent notice on our website.
We encourage you to review this Policy periodically. Your continued use of our website or services after any changes take effect constitutes acceptance of the revised Policy.
Contact Us & Data Protection Officer
If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us:
Stakesoft Software Limited — Privacy & Data Protection
Registered Company Name: Stakesoft Software Limited
Registration Number: ΗΕ 482721
Registered Address: Grigori Afxentiou Leoforos 8, Elpa Court, Floor 2, Office 202, 6023, Larnaca, Cyprus
Privacy Email: privacy@stakesoft.com
Legal Email: legal@stakesoft.com
Website: www.stakesoft.com
General Enquiries: Contact Form
We aim to acknowledge all privacy requests within 72 hours and provide a full response within 30 days in accordance with GDPR requirements.