Privacy & Policy

Onmidev Ltd.

Last Updated: December 8, 2025

1. Introduction and Overview

1.1 Purpose

This Privacy Policy ("Policy") explains how Onmidev Ltd. (hereinafter, "Company", "we", "our", or "us") collects, uses, processes, stores, shares, and protects your personal data when you access, browse, or use our online gaming service and website (the "Service").

1.2 Company Information

Onmidev Ltd. is an International Business Company incorporated under the laws of Belize with the following details:

• Company Registration Number: 000042652

• Registered Office: Sea Urchin Street, San Pedro, Ambergris Caye, Belize

• Principal Business Activity: Online gaming services

• Regulatory Authority: Anjouan Gaming Board (State of Anjouan, Union of Comoros)

• Gaming License: Computer Gaming Licensing Act 007 of 2005

1.3 Applicable Legal Framework

This Privacy Policy is formulated in accordance with:

• 1.

  Belize Data Protection Act, 2021 (Act No. 45 of 2021) – governing the collection, processing, and protection of personal data for entities registered in Belize;

• 2.

  Computer Gaming Licensing Act 007 of 2005 (State of Anjouan) – governing data handling requirements for gaming operators licensed in Anjouan;

• 3.

  Money Laundering (Prevention) Act 008 of 2005 (State of Anjouan) – requiring Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures;

• 4.

  International standards for data protection and privacy.

1.4 Scope

This Policy applies to all personal data collected from users of the Service, regardless of the method of collection (direct provision, automatic collection, third-party sources, or regulatory channels). It does not apply to:

• Non-personal, anonymized, or aggregated data that cannot identify you;

• Data collected and processed by third parties outside our control (although we require third parties to comply with equivalent standards);

• Data collected for purposes outside the scope of the Service.

2. Data Subject Rights and Transparency

2.1 Your Rights Under Belize Data Protection Act 2021

Under the Belize Data Protection Act, 2021, you have the following rights regarding your personal data:

2.1.1 Right to Access Your Data

• You have the right to request and obtain, at no charge, a copy of all personal data we hold about you.

• You may request this information in a structured, commonly used format.

• Your request will be processed within 30 days of receipt, extendable to 60 days for complex requests.

2.1.2 Right to Rectification (Correction)

• If the personal data we hold is inaccurate, incomplete, or outdated, you have the right to request that we correct or update it without undue delay.

• We will process correction requests within 14 days.

• Corrected data will be communicated to any third parties to whom we have disclosed your data, upon your request.

2.1.3 Right to Erasure ("Right to be Forgotten")

• You may request the deletion of your personal data where:

  • The data is no longer necessary for the purposes for which it was collected;

  • You have withdrawn your consent and no other lawful basis exists;

  • You object to the processing and we have no overriding legitimate interest;

  • The data has been unlawfully processed;

  • Deletion is required to comply with legal obligations.

Limitations: We may retain data for legitimate legal, regulatory, or contractual obligations, including anti-money laundering and gaming regulatory requirements. Gaming transaction records must be retained for a minimum of 5 years per Anjouan regulations.

2.1.4 Right to Restrict Processing

• You may request that we limit the processing of your personal data under certain circumstances, such as:

  • Where you contest the accuracy of the data (processing restricted until accuracy is confirmed);

  • Where processing is unlawful but you request restriction instead of erasure;

  • Where we no longer need the data but you require it for legal claims.

While processing is restricted, the data will be stored but not actively used except with your consent or for legal/regulatory compliance.

2.1.5 Right to Data Portability

• You have the right to receive your personal data in a structured, commonly used, machine-readable format (such as CSV).

• You may request that we transmit this data directly to another data controller where technically feasible.

• This right applies to data you have provided or that has been generated through your use of the Service.

• Requests will be processed within 30 days.

2.1.6 Right to Object to Processing

• You may object to the processing of your personal data where:

  • Processing is based on our legitimate interests (we will then cease processing unless we have a compelling reason);

  • Processing is for direct marketing purposes (we will cease immediately).

• Objection requests will be processed within 14 days.

2.1.7 Right to Withdraw Consent

• Where we rely on your consent to process your personal data, you may withdraw such consent at any time by notifying us in writing.

• Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.

• Processing may continue where there is an alternative lawful basis (e.g., legal obligation, contract performance).

2.1.8 Right to Lodge a Complaint

• If you believe we have violated your data protection rights or handled your personal data in breach of applicable law, you have the right to lodge a complaint with:

  • Belize Data Protection Authority (if your complaint relates to Belize Data Protection Act 2021 compliance);

  • Anjouan Gaming Board (if your complaint relates to gaming operations or AML/CTF compliance);

  • Your local data protection authority if you reside in another jurisdiction.

2.2 Transparency and Communication

• We provide this Privacy Policy in clear, plain language.

• All information about data processing is provided transparently and proactively.

• If you request any information about your data or your rights, we will provide a clear, accurate response within the statutory timeframes.

• All communications regarding your data will be sent to your Registered Email Address on file in your account.

3. What Personal Data We Collect

3.1 Data Collection Methods

We collect personal data through the following channels:

3.1.1 Direct Collection from You

• Information you voluntarily provide during registration, account verification, deposits, withdrawals, or support interactions.

• Information submitted in response to verification requests or regulatory inquiries.

• Information provided through customer support communications.

3.1.2 Automatic Collection

• Data collected automatically through your use of the Service, including:

  • IP address, device identifiers, browser type and version;

  • Access times, pages viewed, links clicked;

  • Interaction data and usage patterns;

  • Geolocation data (where applicable);

  • Cookies, web storage objects, and similar tracking technologies.

3.1.3 Third-Party Sources

• Identity verification providers and KYC compliance platforms;

• Payment processors and financial institutions;

• Anti-fraud and sanctions screening services;

• Credit reference agencies or background check providers.

3.2 Specific Categories of Personal Data

3.2.1 Identity and Contact Information

• Full legal name

• Date of birth

• Nationality and citizenship status

• Address (residential and mailing)

• Email address

• Telephone number(s)

• Government-issued identification (passport, national ID, driver's license)

• Proof of residence documentation

3.2.2 Financial and Payment Data

• Bank account details

• Credit/debit card information (processed by PCI-compliant third parties; we do not store card numbers)

• Payment method details

• Transaction history and bet records

• Deposit and withdrawal history

• Currency and account balance information

• Tax identification number or national insurance number

• Bank reference information

3.2.3 Gaming and Behavioral Data

• User account username and password (encrypted)

• Login history and session data

• Wagers placed, amounts, odds, and outcomes

• Game preferences and playing patterns

• Account settings and configurations

• Self-exclusion and responsible gaming preferences

3.2.4 Compliance and Risk Data

• KYC/AML/CTF verification status and documents

• Beneficial ownership information

• Source of funds documentation

• Employment and business information (for high-value accounts)

• Background check results (name and convictions information only)

• Sanctions and politically exposed person (PEP) screening results

• AML risk assessments

3.2.5 Technical and Device Data

• IP address and geolocation

• Device identifiers and hardware information

• Browser type, version, and settings

• Operating system information

• Cookies and web storage identifiers

• ISP information

• VPN or proxy detection signals

3.2.6 Communication Data

• Email communications with Customer Support

• Chat logs and support interactions

• Complaint records and dispute history

• Feedback and survey responses

• Marketing communication preferences

3.3 Sensitive Personal Data

We process certain categories of "sensitive personal data" as defined by Belize law and Anjouan regulations. Sensitive data includes:

• Identification documents (biometric data from passports/ID cards)

• Financial account information

• Information revealing political opinions, religious beliefs, or ethnic origin (collected incidentally only where relevant to beneficial ownership or sanctions compliance)

Legal Basis: Processing of sensitive data is conducted only where:

• You have given explicit, informed consent;

• Processing is necessary for compliance with legal/regulatory obligations (KYC/AML/CTF);

• Processing is necessary for establishment, exercise, or defense of legal claims;

• Processing is necessary to protect your vital interests or those of another person;

• Data relates to activities you have made manifestly public.

4. Purposes of Data Collection and Processing

4.1 Service Provision and Contract Performance

We process your personal data to:

• Establish and maintain your account;

• Verify your identity, age, and legal capacity;

• Process deposits and withdrawals;

• Facilitate gaming transactions and settle bets;

• Provide customer support and technical assistance;

• Maintain transaction records and account history;

• Enable communication regarding your account and service updates.

Legal Basis: Contractual necessity (Article 6(1)(b), Belize Data Protection Act 2021)

4.2 Regulatory and Compliance Obligations

We are legally required to process personal data for:

• Know Your Customer (KYC) Verification – To establish customer identity, beneficial ownership, and proof of residence in accordance with Anjouan Computer Gaming Licensing Act 007/2005 and Money Laundering (Prevention) Act 008/2005;

• Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) – To detect, prevent, and report suspicious financial activities;

• Sanctions Screening – To verify that you are not subject to international sanctions or on FATF blacklists;

• Anti-Fraud Prevention – To detect and prevent fraudulent accounts, duplicate registrations, and dishonest gaming conduct;

• Regulatory Reporting – To provide reports to Anjouan Gaming Board, Belize Revenue Authority, and other regulatory authorities as required;

• Record Retention – To maintain transaction and account records per regulatory mandates;

• Responsible Gaming Compliance – To implement age verification, underage gambling prevention, and problem gambling safeguards.

Legal Basis: Legal obligation and legitimate interest (Articles 6(1)(c) and 6(1)(f), Belize Data Protection Act 2021; Anjouan Computer Gaming Licensing Act 007/2005)

4.3 Legitimate Business Interests

We process data to:

• Maintain the security and integrity of the Service and prevent fraud;

• Detect and prevent account abuse, collusion, and market manipulation;

• Monitor account patterns to identify suspicious behavior;

• Improve the Service, website functionality, and user experience;

• Conduct statistical analysis and research on gaming trends;

• Enforce these Terms of Service and other agreements;

• Pursue legal claims and defend against legal liability.

Legal Basis: Legitimate interest (Article 6(1)(f), Belize Data Protection Act 2021)

4.4 Marketing and Communications

We process data to:

• Send promotional offers and bonus notifications (with your consent);

• Provide service updates and security alerts;

• Conduct customer satisfaction surveys;

• Develop our service offerings and improve marketing effectiveness.

Legal Basis: Consent (where required); Legitimate interest (service improvements)

Your Control: You may opt out of promotional communications at any time via your account settings or by contacting Customer Support, but you cannot opt out of critical account, security, or regulatory communications.

4.5 Child Safety and Vulnerable Person Protection

We process data to:

• Verify age and prevent access by minors;

• Identify and protect vulnerable or problem gambling users;

• Implement self-exclusion and responsible gaming safeguards;

• Monitor accounts for signs of money laundering or underage gaming.

Legal Basis: Legal obligation and vital interest protection (Articles 6(1)(c) and 6(1)(d), Belize Data Protection Act 2021)

5. Data Categories and Retention Periods

5.1 Retention Periods by Data Category

Data Category	Retention Period	Justification
Account Registration Data	Duration of account + 3 years after closure	Regulatory compliance, dispute resolution, fraud prevention
Identity & KYC Documentation	5 years after account closure	Anjouan Gaming Act 007/2005; AML/CTF obligations
Financial & Transaction Records	5 years after account closure	Regulatory audits; Belize Data Protection Act 2021; AML requirements
Gaming Records & Bets	5 years after account closure	Gaming regulation compliance; Dispute resolution; Regulatory reporting
Payment Information	Duration of payment relationship + 1 year	Fraud prevention; Chargeback defense; Payment processor requirements
Verification & Sanctions Data	3 years after verification completion	Ongoing compliance monitoring; Re-screening requirements
Communications & Support Records	2 years after last interaction	Dispute resolution; Complaint investigation; Service improvement
Marketing & Preference Data	Until consent withdrawn or account closure	Consent-based processing; Preference management
Technical & Device Data	90 days (automatic deletion)	Service security; Fraud detection; Cookie expiration
IP Logs & Access Logs	30 days	Server performance; Security incident investigation

5.2 Data Minimization

We only collect and retain personal data that is:

• Adequate – Sufficient for the intended purpose;

• Relevant – Connected to the purpose;

• Necessary – No excess data collected;

• Limited – Retained only as long as needed.

6. Data Sharing and Disclosure

6.1 Third Parties to Whom We Share Data

We disclose personal data to the following categories of recipients:

6.1.1 Service Providers and Processors

• Payment Processors – To process deposits, withdrawals, and financial transactions;

• KYC/AML/CTF Service Providers – Identity verification platforms, sanctions screening databases;

• IT and Infrastructure Providers – Cloud hosting, cybersecurity services, data backup;

• Fraud and Risk Management Providers – Anti-fraud detection, account monitoring systems;

• Customer Support Platforms – Ticketing systems, communication tools;

• Analytics and Reporting Tools – Website analytics, player behavior analysis (anonymized where possible).

Data Processing Agreements: All service providers are contractually bound to:

• Process data only as instructed by Company;

• Implement appropriate security measures;

• Comply with data protection laws;

• Not disclose data to unauthorized third parties;

• Assist with your data subject rights requests.

6.1.2 Regulatory and Law Enforcement Authorities

We may disclose personal data to:

• Anjouan Gaming Board – For licensing compliance, audits, and regulatory reporting;

• Belize Revenue Authority – For tax and financial reporting obligations;

• Financial Intelligence Units (FIUs) – For suspicious activity reports (SARs) and AML/CTF compliance;

• Law Enforcement Agencies – In response to court orders, legal process, or investigations of suspected criminal activity;

• International Sanctions Bodies – For verification against FATF blacklists, EU sanctions, UN sanctions;

• Financial Institutions – To anti-fraud and sanctions databases;

• Data Protection Authorities – Where required by law or in response to complaints.

Legal Basis: Legal obligation; Public task; Legitimate interest in law enforcement cooperation

6.1.3 Business Transactions

• In the event of merger, acquisition, asset sale, bankruptcy, or reorganization, your data may be transferred to the acquiring entity. We will notify you of any such change.

6.1.4 Beneficial Owners and Company Officers

• Beneficial ownership and compliance data may be shared with company officers, directors, or shareholders who require it for governance or compliance purposes, subject to confidentiality obligations.

6.2 International Data Transfers

6.2.1 Transfer Mechanisms

Personal data may be transferred to, stored in, or processed by recipients in jurisdictions outside Belize and Anjouan, including:

• European Union, United States, Canada, and other jurisdictions where our service providers operate.

Adequacy Assessment: We only transfer data to jurisdictions with:

• Adequate legal protections equivalent to Belize Data Protection Act 2021;

• Appropriate safeguards such as standard contractual clauses or binding corporate rules;

• Regulatory recognition or adequacy determinations.

6.2.2 Your Consent for International Transfers

By registering and using the Service, you explicitly consent to the transfer of your personal data to countries outside Belize and Anjouan. If you do not consent to international transfers, you should not use the Service.

6.2.3 Data Transfer Safeguards

• Standard Contractual Clauses (SCCs) – Incorporated into agreements with international service providers;

• Encryption – Data encrypted in transit and at rest;

• Access Restrictions – Only authorized personnel in recipient jurisdictions may access your data;

• Supplementary Measures – Additional safeguards to ensure adequate protection;

• Sub-processor Management – Documented and monitored.

7. Data Security and Protection Measures

7.1 Security Framework

We implement comprehensive technical, administrative, and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, loss, or destruction:

7.1.1 Encryption

• In Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL protocols (minimum 256-bit encryption);

• At Rest: Sensitive personal data (identification documents, financial information, verification records) is encrypted using AES-256 encryption;

• Payment Data: Credit card information is processed by PCI-DSS compliant third-party payment processors; we do not store card numbers.

7.1.2 Access Controls

• Principle of Least Privilege: Employees and contractors are granted access to personal data only as necessary for their role;

• Role-Based Access: Different permission levels for support staff, compliance officers, administrators, and data processors;

• Authentication: Multi-factor authentication (MFA) for employee access to data systems;

• Audit Logging: All data access is logged and monitored for unauthorized access attempts;

• Confidentiality Agreements: All personnel with data access are bound by strict confidentiality obligations.

7.1.3 Network and Infrastructure Security

• Firewalls: Advanced firewall protection against unauthorized network access;

• Intrusion Detection/Prevention: Real-time monitoring for suspicious activities and attacks;

• Secure Servers: Hosted on enterprise-grade, physically secured data centers with 24/7 monitoring;

• Network Segmentation: Sensitive data isolated on separate, protected networks;

• Regular Penetration Testing: Third-party security audits and penetration tests to identify vulnerabilities.

7.1.4 Application Security

• Code Review: Security code review and static application security testing (SAST);

• Dependency Management: Regular updates and vulnerability scanning of software libraries;

• Web Application Firewall (WAF): Protection against common web attacks (SQL injection, XSS, CSRF);

• API Security: Secure API design, rate limiting, and authentication protocols.

7.1.5 Data Backup and Recovery

• Regular Backups: Daily automated backups of all critical data;

• Geographic Redundancy: Backups stored in geographically separate locations;

• Disaster Recovery Plan: Documented procedures for rapid recovery from data loss or system failure;

• Backup Integrity Testing: Regular testing to ensure backup restoration capability.

7.1.6 Employee and Contractor Security

• Background Checks: All employees and contractors with data access undergo background checks;

• Data Protection Training: Regular mandatory training on data protection, privacy, and security;

• Confidentiality Agreements: Binding contracts prohibiting unauthorized disclosure;

• Exit Procedures: Data access revoked immediately upon termination; return of confidential materials required.

7.1.7 Vendor and Third-Party Security

• Due Diligence: Security assessments of all third-party processors and vendors;

• Data Processing Agreements: Contractual obligations for data protection and security;

• Regular Audits: Ongoing monitoring of third-party security practices;

• Sub-processor Controls: Documented and approved list of sub-processors; right to audit and object.

7.2 Limitations and Security Risks

While we implement industry-leading security measures, no system is completely secure. Potential risks include:

• Sophisticated cyber attacks or zero-day exploits;

• Insider threats or human error;

• Third-party service provider breaches;

• Network infrastructure failures;

• Force majeure events.

Your Responsibility: You are responsible for:

• Maintaining the confidentiality of your password;

• Protecting your device from malware;

• Using secure, updated software;

• Not sharing account access with third parties;

• Immediately reporting suspected security breaches.

8. Data Breach Notification

8.1 Breach Definition

A personal data breach is any unauthorized or accidental access, disclosure, loss, alteration, or destruction of personal data, including:

• Unauthorized access by third parties;

• Ransomware or malware attacks;

• Accidental disclosure by employees;

• Loss of physical devices containing data;

• Compromise of encryption keys.

8.2 Breach Notification Obligations

8.2.1 Company Obligations

If a breach occurs that poses a risk to the rights and freedoms of affected individuals, Company will:

• Internal Investigation: Conduct immediate investigation to determine scope and impact;

• Authority Notification: Notify the Belize Data Protection Authority and Anjouan Gaming Board without undue delay, and no later than 72 hours unless the breach poses low risk;

• Individual Notification: Notify you without undue delay if the breach is likely to result in high risk to your rights (unless data was encrypted or anonymized);

• Notification Content: Include description of breach, likely consequences, measures taken/to be taken, contact information for our Data Protection Officer.

8.2.2 Information You Will Receive

In the event of a breach notification, you will be informed of:

• What data was breached;

• When the breach occurred;

• Likely consequences for you;

• Measures we have taken to contain and remediate the breach;

• Your rights regarding the breach;

• How to contact us for further information;

• Recommendations for protecting yourself (password change, credit monitoring, etc.).

8.3 Breach Response Procedures

Our incident response procedures include:

• 1.

  Detection & Confirmation – Verify breach and identify affected systems/data;

• 2.

  Containment – Isolate affected systems to prevent further unauthorized access;

• 3.

  Investigation – Determine scope, cause, duration, and affected individuals;

• 4.

  Documentation – Record details of breach for regulatory reporting;

• 5.

  Notification – Notify authorities (within 72 hours) and affected individuals (without undue delay);

• 6.

  Remediation – Implement technical fixes and strengthen security controls;

• 7.

  Communication – Provide regular updates to authorities and affected individuals;

• 8.

  Post-Incident Review – Conduct lessons-learned analysis and update security measures.

9. Cookies, Web Storage, and Tracking Technologies

9.1 Cookie Policy and Consent

We use cookies, web storage objects, and similar technologies to provide, maintain, and improve the Service. Your explicit consent is required for non-essential cookies.

9.1.1 Necessary Cookies (No Consent Required)

These cookies are essential for basic Service functionality and security:

• Session Management: Maintain your login session and authentication;

• Security: CSRF protection, fraud detection, suspicious activity monitoring;

• Preference Storage: Language, accessibility settings, UI preferences;

• Form Processing: Remember form entries to improve user experience;

• Analytics (Anonymized): Aggregate, non-personally identifiable usage patterns.

Legal Basis: Necessary for contract performance and legitimate security interest

Duration: Session cookies (expire at browser close); Persistent cookies up to 12 months

9.1.2 Performance Cookies (Consent Required)

These cookies measure and analyze how you interact with the Service:

• Page View Tracking: Which pages you visit, how long you stay, exit pages;

• Feature Usage: Which features are most/least used;

• User Flow Analysis: How users navigate through the Service;

• Performance Metrics: Page load times, technical errors, responsiveness.

Purpose: Improve Service functionality, identify bottlenecks, optimize user experience

Legal Basis: Explicit consent (Article 7, Belize Data Protection Act 2021)

Third Parties: May involve analytics providers (e.g., Google Analytics) processing aggregate data

Duration: Up to 2 years

9.1.3 Functional Cookies (Consent Required)

These cookies enable enhanced features and personalization:

• Preferences: Save your preferences for faster access to customized content;

• History: Remember your previous interactions and settings;

• Personalization: Tailor content and user interface based on your behavior;

• Accessibility: Store accessibility preferences.

Legal Basis: Explicit consent

Duration: Up to 1 year or until deletion

9.1.4 Marketing Cookies (Consent Required)

These cookies deliver personalized advertising and track marketing effectiveness:

• Interest-Based Ads: Display advertisements relevant to your interests;

• Campaign Tracking: Track which marketing campaigns led to your account registration;

• Retargeting: Display ads on other websites based on your Service visits;

• Third-Party Data Sharing: Share non-personally identifiable data with trusted advertising partners;

• Social Media Integration: Enable sharing on social media platforms (with consent).

Legal Basis: Explicit consent

Third Parties: Advertising networks, social media platforms (subject to their privacy policies)

Duration: Up to 2 years

9.2 Cookie Management

9.2.1 Consent Mechanism

• Consent Banner: Presented upon first visit; allows acceptance or rejection of non-essential cookies;

• Granular Consent: You may accept/reject each cookie category independently;

• Withdrawal: You may withdraw consent at any time via browser settings or account preferences;

• Implied Consent: Continued use after consent notification indicates consent; explicit opt-in required for high-risk categories.

9.2.2 Browser Controls

You may manage cookies via your browser settings:

• Block All Cookies: Disable all cookies (note: may impair Service functionality);

• Allow Only Necessary: Accept only essential cookies;

• Selective Approval: Approve cookies from specific domains or categories;

• Clear Cookies: Delete stored cookies at any time via browser settings.

Browser Instructions:

• Chrome: Settings > Privacy > Cookies

• Firefox: Preferences > Privacy > Cookies

• Safari: Preferences > Privacy > Cookies

• Edge: Settings > Privacy > Cookies

Note: Disabling necessary cookies may prevent you from accessing the Service or using certain features.

9.3 Third-Party Cookies

The Service may contain links to or embed content from third-party sites (Google, Facebook, etc.). Third-party cookies are subject to third-party privacy policies:

• Third-Party Analytics: Google Analytics (google.com/privacy)

• Social Media: Facebook Pixel, Twitter Ads (facebook.com/privacy, twitter.com/privacy)

• Advertising Networks: Third-party ad servers (review their privacy policies)

• Embedded Content: Third-party widgets or content providers

We recommend reviewing third-party privacy policies before granting consent.

9.4 Local Storage and Similar Technologies

In addition to cookies, we may use:

• Local Storage / Web Storage: Stores data on your device (persistent across browser sessions);

• IndexedDB: Client-side database for storing larger amounts of data;

• Session Storage: Temporary storage during your current browser session;

• Cache Storage: Caches resources for offline functionality.

These technologies function similarly to cookies and are subject to the same consent requirements and management controls.

10. Children's Privacy and Underage Gaming Protection

10.1 Age Restrictions

The Service is intended for individuals 18 years of age or older (or the applicable legal age of majority in your jurisdiction, whichever is higher). We do not knowingly collect personal data from anyone under 18.

10.2 Age Verification

• Mandatory Registration: All users must provide date of birth during registration;

• Document Verification: Users must provide government-issued identification (passport, ID card, driver's license);

• Automated Checks: System flags accounts with dates of birth indicating users under 18;

• Ongoing Monitoring: Accounts suspected of being controlled by minors are subject to investigation.

10.3 Underage Account Closure

If we discover that an account is held by someone under 18:

• Immediate Suspension: Account is suspended pending investigation;

• Investigation: We review betting history, deposits, and communications;

• Fund Treatment:

  • Winnings: Retained by Company;

  • Deposits (non-winning): Returned to original payment method or retained at our discretion;

  • Chargeback Risk: If applicable, user is liable for recovery costs.

• Data Processing: Continued processing of data for investigation and reporting to authorities;

• Authority Notification: Suspected underage gaming may be reported to Anjouan Gaming Board and law enforcement.

10.4 Parental and Guardian Responsibilities

Parents/guardians are responsible for:

• Monitoring their children's internet use;

• Preventing children from accessing gaming services;

• Providing age-appropriate computer security (parental controls, monitoring software);

• Teaching children about online safety.

11. Privacy Rights for Specific Jurisdictions

11.1 Belize Residents

Belize Data Protection Act 2021 Rights:

• Right to access your personal data

• Right to correct inaccurate data

• Right to erasure (with limitations for regulatory data)

• Right to restrict processing

• Right to data portability

• Right to object to processing

• Right to withdraw consent

• Right to lodge complaints with Belize Data Protection Authority

Complaint Process:

• Submit complaint to: [Belize Data Protection Authority contact information]

• Include: Your details, Company name, description of violation, supporting documents

11.2 Anjouan Residents

Computer Gaming Licensing Act 007/2005 Protections:

• Entitled to know how your gaming data is processed for AML/KYC purposes

• Entitled to know whether you are on fraud/restricted lists

• Entitled to object to specific processing for marketing (while maintaining KYC/AML processing)

• Entitled to lodge complaints with Anjouan Gaming Board regarding data handling

Complaint Process:

• Submit complaint to: Anjouan Gaming Board (contact details on www.anjouangaming.com)

• Include: Account details, nature of complaint, requested resolution

11.3 EU Residents

While our primary jurisdiction is Anjouan/Belize, EU residents enjoy certain GDPR-equivalent protections through our compliance with Belize Data Protection Act 2021:

• Enhanced data subject rights

• Right to lodge complaint with your national data protection authority

• Right to damages for GDPR violations (if applicable)

• Restrictions on automated decision-making

11.4 California Residents (CCPA)

If you reside in California, certain California Consumer Privacy Act rights may apply. Please contact us for CCPA-specific information.

12. Data Retention and Deletion

12.1 Retention Schedule

See Section 5.1 for specific retention periods by data category.

12.2 Deletion Process

12.2.1 Upon Account Closure

When you close your account:

• 1.

  Inactive Period: Account placed in inactive status for 30 days (allowing recovery);

• 2.

  Regulatory Data: Data required for legal/regulatory compliance retained per statute (minimum 5 years);

• 3.

  Gaming Records: All bet records, deposits, withdrawals retained per Anjouan regulations;

• 4.

  Optional Data: Marketing preferences, communication history, non-regulatory data deleted within 60 days;

• 5.

  Backup Retention: Data may remain in backup systems for up to 90 days (inaccessible for normal use).

12.2.2 User-Initiated Deletion Requests

You may request deletion of specific data categories:

• 1.

  Submit Request: Contact Customer Support with "Data Deletion Request" and specify data category;

• 2.

  Verification: We verify your identity and account ownership;

• 3.

  Assessment: We determine whether deletion is permitted under regulations;

• 4.

  Processing: If permitted, data is deleted within 30 days;

• 5.

  Confirmation: You receive confirmation of deletion or explanation if deletion cannot be granted.

12.3 Impossible or Prohibited Deletions

We cannot delete data that:

• Is required by Anjouan Computer Gaming Licensing Act 007/2005 (5-year retention);

• Is required by Money Laundering (Prevention) Act 008/2005 (5-year retention);

• Is required by Belize tax or regulatory law;

• Is necessary for ongoing dispute resolution or litigation;

• Is part of active investigation of fraud or crime;

• Relates to unresolved chargebacks or payment disputes.

In such cases, we will explain the legal basis preventing deletion.

13. Data Protection Officer and Contact Information

13.1 Data Protection Officer

Onmidev Ltd. designates a Data Protection Officer responsible for:

• Overseeing compliance with Belize Data Protection Act 2021 and Anjouan regulations;

• Responding to data subject rights requests;

• Managing data breach notifications;

• Coordinating with regulatory authorities;

• Investigating privacy complaints.

Contact Information:

• Email: [email protected]

• Mailing Address: Onmidev Ltd., Compliance Department, Sea Urchin Street, San Pedro, Ambergris Caye, Belize

• Response Time: Data subject requests processed within 30 days (extendable to 60 days for complex requests)

13.2 Customer Support

For privacy-related inquiries, complaints, or data subject rights requests:

• Email: [email protected]

• Online Form: Customer Support portal on website

• Response Time: Initial response within 5 business days; resolution within 30 days

13.3 Regulatory Authority Contacts

For complaints regarding our compliance:

Anjouan Gaming Board

• Address: Anjouan, Union of Comoros

• Email: [[email protected]

• Website: www.anjouangaming.com

14. Policy Updates and Changes

14.1 Updates to This Policy

We may update this Privacy Policy at any time to reflect:

• Changes in applicable law or regulations;

• New data processing purposes or technologies;

• Changes in our organizational practices;

• Feedback from data subjects or regulators.

14.2 Notification of Changes

• Notification: Significant changes will be communicated via email to your Registered Email Address and posted on the website with a revised "Last Updated" date;

• Effective Date: Changes become effective immediately upon posting (or as specified in the notice);

• Continued Use: Your continued use of the Service after changes constitute acceptance of the updated policy;

• Opt-Out: If you do not accept changes, you may close your account.

14.3 Review Frequency

We review and update this Privacy Policy at least annually and whenever significant regulatory or operational changes occur.

15. Third-Party Links and External Services

The Service may contain links to third-party websites, applications, or services. We are not responsible for:

• The privacy practices of third parties

• Data collection by third-party sites

• Content or accuracy of third-party services

• Compliance of third parties with applicable law

Your Responsibility: Before providing personal data to third parties, review their privacy policies and terms of service. This Privacy Policy applies only to data collected by Onmidev Ltd.

16. Miscellaneous Provisions

16.1 Entire Agreement

This Privacy Policy, together with the Terms of Service and other referenced documents, constitutes the entire agreement regarding data privacy between you and Company.

16.2 Severability

If any provision of this Policy is found unenforceable, the remaining provisions shall continue in full force and effect.

16.3 Governing Law and Dispute Resolution

This Policy is governed by the laws of:

• 1.

  Belize (for entities incorporated in Belize and corporate structure);

• 2.

  Anjouan, Union of Comoros (for gaming operations and data protection as related to gaming regulation).

Disputes regarding this Policy shall be resolved through:

• 1.

  Good Faith Negotiation – Attempt resolution with Company within 30 days;

• 2.

  Regulatory Authority – File complaint with Belize Data Protection Authority or Anjouan Gaming Board;

• 3.

  Arbitration – If unresolved, binding arbitration per Terms of Service.

16.4 Acknowledgment

By registering for and using the Service, you acknowledge that:

• You have read and understood this Privacy Policy;

• You consent to the collection, processing, and use of your personal data as described herein;

• You understand your rights and responsibilities;

• You agree to be bound by this Privacy Policy.

17. Compliance Statement

17.1 Regulatory Compliance

Onmidev Ltd. operates in full compliance with:

• Belize Data Protection Act, 2021 (Act No. 45 of 2021)

• Computer Gaming Licensing Act 007 of 2005 (Anjouan)

• Money Laundering (Prevention) Act 008 of 2005 (Anjouan)

• International standards for data protection and privacy best practices

17.2 Regulatory Oversight

We are subject to oversight and inspection by:

• Belize Data Protection Authority – For Belize Data Protection Act 2021 compliance

• Anjouan Gaming Board – For gaming operations and gaming-specific data handling

• International Sanctions Bodies – For FATF, UN, and other sanctions compliance

18. Final Notice

Your privacy and data protection are fundamental rights. We are committed to handling your personal data lawfully, fairly, transparently, and securely in accordance with all applicable law.

If you have any questions regarding this Privacy Policy or our data handling practices, please contact:

Data Protection Officer
Email: [email protected]
Address: Onmidev Ltd., Sea Urchin Street, San Pedro, Ambergris Caye, Belize

Last Updated: December 8, 2025

Effective Date: December 8, 2025

© 2025 Onmidev Ltd. All rights reserved.