WICKED GAMES WEBSITE
PRIVACY POLICY
This website’s privacy policy explains how and why Wicked Games collect, store, use and share your personal information, outlines your rights concerning your personal data, and provides contact details for any concerns or complaints (hereinafter referred to as the “Privacy Policy”). The Privacy Policy is intended to be read in conjunction with the Cookies Policy, detailing how cookies and similar technologies are used.
1. General information
This website is operated by WICKED TECH MALTA LTD, company no. C 78799, with registered address at Sigma Group, Triq L–Imhallef Paolo Debono, Msida MSD 2032, Malta, (hereinafter referred to as the “Controller” or “Company” or “We” or “Us”).
We collect and process certain personal information about the users, in compliance with the General Data Protection Regulation 2016/679 (hereinafter referred to as the “GDPR”), which applies throughout the European Union, and the national law on the protection of personal data (hereinafter referred to as the “Privacy Law”). For the purposes of the GDPR, the Company is the Controller of that information processed via this website.
2. Our Website
This Privacy Policy relates solely to Wicked Games website, hosted at https://www.wickedgames.com (hereinafter referred to as the “Website”). There are no other affiliated websites covered by this Privacy Policy.
3. Type of information we collect:
Below is a list of personal information (hereinafter referred to as the “Personal Information” or “ Personal Data” or “Data”), collected by the Controller through different channels in the Website, such as:
(a) name, work email, and phone number via Contact Forms & B2B enquiries;
(b) technical and analytics data, e.g. IP address, device/ browser information, page views, session recordings and heatmaps through Google Analytics, Google Search Console, Hotjar and Smartlook; and
(c) visitor identifiers and chat transcripts through Intercom widget/ Live-chat data.
4. Purpose of the collection
The collection of Cookies
- enables the seamless function of the Website in general and maintains your continuous and uninterrupted access to the Website; and
- assesses the effectiveness and popularity of the Website, identifies areas for improvement, and tailors the content and experience to better match our visitors’ interests and needs.
Specific purposes
(a) We collect your Personal Information via our ‘contact enquiries’ or via our ‘live chat’ to revert and respond to your B2B service request/inquiry.
(b) We use analytics and performance to monitor, secure and improve the Website’s functionality and user experience.
(c) We record interactions through live chat for quality and training objectives.
For collection or use of any Personal Information for reasons other than those specifically mentioned above, your explicit consent (hereinafter referred to as “Consent”) is required.
5. Our legal basis for processing your personal information
Processing your Personal Information should be authorized and legally justified.
Some of the legal bases are the following:
- Consent: where you have given Consent to process your Personal Information for a specific purpose, through a request/inquiry submission via our ‘contact us form’, or via our ‘online chat’.
- Performance of Contract: where it is necessary to fulfil your requests for our B2B services.
- Legitimate interests: where the use of your Personal Information is essential for our proper or a third party’s legitimate interests (unless a substantial reason to preserve your privacy overrides our legitimate interests), such as ensuring Website’s and user’s security, improving user’s experience, user interface design and overall performance of the Website, i.e. strictly necessary cookies and/or where needed, to establishment, exercise or defense legal claims, disputes and judicial investigations.
- Legal obligations: where it is required to comply with the regulatory requirements and laws.
6. Cookies and other tracking technologies
We use cookies on the Website. Cookies are defined as small text files placed on your device (e.g. computer, smartphone or another electronic device) when you visit the Website (hereinafter referred to as the “Cookies”). By recognizing your devices, Cookies help to understand user behavior, remember your preferences or past actions, and personalize your experience.
For further information on Cookies, how the Controller uses those and/or similar technologies, please see our Cookie Policy [add Cookies Policy Hyperlink].
7. How we keep your data
We process your Personal Information at our offices, where the information is safely kept and stored.
For the storage and security of your Data, the Controller takes all the necessary technical and organizational measures to ensure that the processing is carried out in accordance with the applicable local laws and the GDPR (access control, firewalls, antivirus, cryptography, etc.).
8. Data Recipients
Within the Company, your Data is only accessible by the strictly required personnel and only for the purposes mentioned above. Outside the Company, your Data may be shared with trusted service providers (e.g. email platforms, hosting providers) under binding confidentiality agreements.
Generally, third parties who may be recipients of your Personal Information are:
- Google Ireland Ltd (Analytics & Tag Manager)
- Hotjar Ltd
- Smartlook s.r.o.
- Intercom Inc.
We do not transfer Personal Information outside the EEA.
9. Retention Period
- For contact enquiries, the Data retention period is up to seven (7) years to meet commercial and tax obligations.
- The Data retained from analytics and session recordings are retained for up to one (1) year before anonymization or deletion.
- The Live chat transcripts are retained for six (6) months.
After the above-mentioned periods, your Data is irreversibly deleted or anonymised. In case that we retain any Data for marketing and information purposes, you are entitled to oppose to, by informing the Controller that you no longer wish to receive such information.
Please address any inquiries about ongoing data processing or requests for Data deletion please send an email to dpo@sigma.world, or write to us at 146, WIED HAL BALZAN, BALZAN, BZN 1402, Malta
10. Transfers of data outside the EU / EEA
We declare the Controller does not transfer Personal Information outside the European Economic Area.
11. Security
We have implemented appropriate security measures such as encrypted transmission (TLS), data-at-rest encryption, role-based access controls, anti-malware and intrusion detection—to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.
These measures include, but are not limited to, access control, internal audit etc. Where it is required by the Law, the Controller shall notify you and any relevant regulator for any suspected Data security breach.
12. Your Rights
As a Data subject, you are entitled to contact the Controller anytime, and exercise your rights, by requesting:
(a) information about the Data processing and a copy of the processed Data;
(b) the rectification of inaccurate Data or the completion of incomplete Data;
(c) the erasure of Personal Information;
(d) the restriction of the Data processing;
(e) the Personal Information concerning the Data subject in a structured, commonly used and machine-readable format and to request the transmittance of these Data to another controller in certain situations;
or/and by
(f) objecting to the Data processing;
(g) withdrawing a Consent at any time to stop Data processing that is based on your Consent;
(h) complaining to a competent supervisory authority.
In response to such requests, the Controller reserves the right to require this individual to provide specific information to verify their identity and confirm that they are the rightful owner of the Data in question. The deadline for responding to this request is thirty (30) days and the Controller will make every effort to comply with it. The Controller reserves the right to charge a reasonable fee to cover any expenses that may arise from the request.
In case a Data subject chooses not to provide any Personal Information, or exercises any of the above rights that limit Data processing, we may be unable to deliver certain services, or the scope of services may be restricted.
In certain circumstances, your right of access may be lifted either fully or partially in accordance with the provisions of the Privacy Law:
(a) for purposes of proper fulfilment of our or the supervisory authorities’ duties, as these derive from the AML Law;
or
(b) to avoid obstruction of official or legal inquiries, analyses, investigations or procedures for the purposes of the AML Law;
and
c. to ensure that prevention, investigation and detection of money laundering and terrorist financing is not threatened.
Further, as per the GDPR, your right to erasure can also be lifted to the extent that processing is necessary:
(a) to exercise the right of freedom of expression and information.
(b) for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject;
(c) for reasons of public interest in the public health sector in accordance with points (h) and (i) of Article 9(2) of the GDPR as well as Article 9(3) of the GDPR;
(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in paragraph 1 of Article 89 is likely to render impossible or seriously impair the achievement of the objectives of that processing;
or
(e) for the establishment, exercise or defense of legal claims.
For further information on each of those rights, including the circumstances under which they are applicable, please contact the Controller (see ‘How to contact us’ below).
For any complaints relevant to the processing of your Data, you may contact the Controller (see ‘How to contact us’ below). We will then investigate your complaint and collaborate with you to resolve the matter.
If you have any concerns that your Personal Information has not been handled appropriately according to the law, you can submit your complaint with the Office of the Information and Data Protection Commissioner of Malta or https://idpc.org.mt/.
13. How to contact us
You can contact the Controller by post or email if you have any queries regarding this Privacy Policy or your Personal Information maintained, wish to exercise any right under data protection legislation or need to lodge a complaint.
Contact details:
Marianna Tavella
Chief Legal Officer
WICKED TECH MALTA LTD
Sigma Group, Triq L–Imhallef Paolo Debono, Msida MSD 2032, Malta
Email: legal@wickedgames.com
14. Changes to this Privacy Policy
This Privacy Policy was last updated on 15th of May 2025.
We may update it from time to time to comply with the new regulatory requirements and laws;
You will be notified of any updates via a banner on our Website or other means where appropriate.