GDPR Compliance

Your data protection rights under EU law

General Data Protection Regulation (GDPR)

Nordicjoyhub is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This page provides specific information about your rights under the GDPR and how we fulfill our obligations as a data controller.

Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights regarding your personal data:

1. Right to Access (Article 15)

You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data. We will provide information about:

  • The purposes of processing
  • The categories of personal data concerned
  • The recipients or categories of recipients
  • The retention period
  • Your other GDPR rights
  • The source of the data (if not collected directly from you)

2. Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data and to complete incomplete personal data. We will make corrections within one month of your request and notify relevant third parties if applicable.

3. Right to Erasure / "Right to be Forgotten" (Article 17)

You may request deletion of your personal data when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (where processing was based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Erasure is required to comply with a legal obligation

Note that this right is not absolute and may be limited by legal retention requirements (e.g., financial records, fraud prevention).

4. Right to Restriction of Processing (Article 18)

You can request restriction of processing when:

  • You contest the accuracy of the data (during verification)
  • Processing is unlawful but you prefer restriction over erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing (pending verification of legitimate grounds)

5. Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller when:

  • Processing is based on consent or contract
  • Processing is carried out by automated means

6. Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

7. Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects. If we use automated decision-making, we will inform you and provide an opportunity to contest the decision.

8. Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

Lawful Bases for Processing

We process your personal data under the following lawful bases:

  • Contract (Article 6(1)(b)): Processing necessary to provide our services and fulfill our contractual obligations
  • Legal Obligation (Article 6(1)(c)): Processing required to comply with legal and regulatory requirements (e.g., identity verification, anti-money laundering, tax obligations)
  • Legitimate Interests (Article 6(1)(f)): Processing necessary for legitimate business purposes such as fraud prevention, security, business analytics, and service improvement
  • Consent (Article 6(1)(a)): Processing based on your explicit consent for specific purposes such as marketing communications

Data Subject Access Request (DSAR) Procedure

To exercise any of your GDPR rights, please submit a request using one of the following methods:

  • Email: support@nordicjoyhub.vip with "GDPR Request" in the subject line
  • Through your account settings (for certain requests)

What to Include in Your Request:

  • Your full name and email address associated with your account
  • Clear description of your request and the rights you wish to exercise
  • Proof of identity (to protect against fraudulent requests)
  • Any specific information relevant to your request

Our Response Timeline:

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months, in which case we will inform you of the extension and the reasons for delay.

Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations:

  • Account Data: Retained while your account is active plus 7 years after closure for regulatory compliance
  • Transaction Records: 7 years from date of transaction (regulatory requirement)
  • Identity Verification Documents: 7 years after account closure
  • Marketing Consent: Until withdrawn, plus reasonable period for processing withdrawal
  • Customer Service Communications: 3 years from last interaction
  • Analytics and Usage Data: Typically 2 years or anonymized for longer-term analysis

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfers to countries with adequacy decisions from the European Commission
  • Other legally approved transfer mechanisms

You may request information about specific safeguards in place for your data transfers.

Data Protection Officer

For questions specifically related to data protection and GDPR compliance, you may contact our Data Protection Officer:

Email: support@nordicjoyhub.vip

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with the GDPR, you have the right to lodge a complaint with a supervisory authority. In the UK, the relevant authority is:

Information Commissioner's Office (ICO)
Website: www.ico.org.uk

If you are located in the EU, you may contact your local data protection authority. A list of EU data protection authorities is available at edpb.europa.eu.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Pseudonymization and encryption of personal data
  • Measures to ensure ongoing confidentiality, integrity, availability, and resilience of systems
  • Regular testing, assessment, and evaluation of security effectiveness
  • Processes for regularly restoring availability and access to data in case of incidents
  • Staff training on data protection principles and practices

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

Children's Data

Our services are not directed at children under 18, and we do not knowingly collect or process personal data of minors. If we become aware that we have collected data from a child, we will delete it immediately and notify the relevant supervisory authority if required.

Updates to GDPR Information

We may update this GDPR information page to reflect changes in our practices or legal requirements. We encourage you to review this page periodically. For comprehensive information about our data practices, please also refer to our Privacy Policy.

Contact Us

For any questions about GDPR or to exercise your rights, please contact us:

Nordicjoyhub
Email: support@nordicjoyhub.vip

Safe Play — Trusted Partners

GamCare BeGambleAware Gordon Moody 18+