Privacy & Cookie Policy

At Black-Jack.com (“Black-Jack.com“, “we”, “us”), we process personal data about our customers and visitors (“you”) on our website. We make efforts to handle your personal data with care, keep it secure and comply with data protection laws.

Controller: Black-Jack.com
Privacy contact: [email protected]
Audience: This website and our communications are intended for individuals aged 18+. Please gamble responsibly.
Effective date: October 15, 2018
Last updated: October 1, 2025

Black-Jack.com is engaged in performance marketing and lead generation online, with headquarters in Bulgaria and subsidiaries in a number of other countries.

HOW THIS POLICY WORKS

The purpose of this Policy is to explain when, why and how we process information which may relate to you (“personal data”). It also provides important information on your statutory rights. This Policy is not intended to override the terms of any contract you have with us, nor rights you might have under data protection laws.

Contents

Who is responsible for looking after your personal data?
What personal data do we process?
What do we use your personal data for and when do we process your personal data?
Who do we share your personal data with?
International Transfers
Direct Marketing
How long do we keep your personal data?
What are your rights?
Cookie Policy – Appendix A
Additional details

1. WHO IS RESPONSIBLE FOR LOOKING AFTER YOUR PERSONAL DATA?

Black-Jack.com is principally responsible for looking after your personal data (your Data Controller). Data Controller means the company that determines the means and purposes of processing personal data.

You should be aware that although we are principally responsible for looking after your personal data, information may be held in databases which can be accessed by other companies. When accessing your personal data, all companies will comply with the standards set out in this Policy.

Black-Jack.com is a group of companies with subsidiaries in several countries.

Clarification: We may engage third parties as data processors who process personal data on our instructions under written contracts that require appropriate security and confidentiality. We do not permit processors to use your personal data for their own purposes.

2. WHAT PERSONAL DATA DO WE PROCESS?

We may process the following personal data about you:

Name
Date of birth
Email address
Password
IP address
Location data
Website usage
Gender
Age
Occupation
Personal preferences and opinions

Additionally:

Data you provide: newsletter topic and frequency preferences, communication choices, and messages you send us.
Data collected automatically: device information (browser, OS), cookie identifiers, referral URLs, engagement metrics, and consent status (including double opt-in timestamps).
Data from third parties: analytics and attribution partners, and affiliate networks where permitted by law and contract.
Children: We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided data, please contact [email protected] to request deletion.

3. WHAT DO WE USE YOUR PERSONAL DATA FOR AND WHEN DO WE PROCESS YOUR PERSONAL DATA?

Black-Jack.com will collect information directly from you when you use our services or visit our websites.

We use your personal data to:

send out promotional emails relating to products and services. See also Section 6 below on Direct marketing.
analyze information in our systems and databases to improve the way we run our business and websites according to user preferences, to provide a better service and user experience.
improve and target advertisements that you receive from us.
register you for a chat forum or community, if we make available, in which you can provide comments.
meet or exercise any of our legal obligations or rights.

We will only process your personal data for the purposes set out in this Section 3 and where we are satisfied that:

you have provided your consent to us using the data in that way, or
our use of your personal data is necessary to support ‘legitimate interests’ that we have as a business (for example to improve our products or to carry out analytics across our datasets), in a way that is proportionate and respects your privacy.

Double opt-in: If you subscribe to our newsletter, we will send a confirmation email. Only after you click the confirmation link will you receive marketing emails. We retain proof-of-consent logs (e.g., timestamps, IP, user agent) for compliance.

Profiling for marketing: We may segment communications by your declared interests, geography, engagement history, and preferred frequency, and may apply frequency capping. You can object to profiling for direct marketing at any time (see Section 8).

Lawful bases (summary):

Website operation, security, fraud prevention: legitimate interests and/or legal obligation
Consent management and double opt-in logs: legal obligation/legitimate interests
Marketing emails/newsletters: consent where required; otherwise legitimate interests with opt-out
Personalization/profiling for marketing: legitimate interests; consent where local law requires
Analytics/A-B testing (non-essential cookies): consent (see Cookie Policy below)
Legal and compliance: legal obligation

4. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

4. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

We work with many third parties, to help manage our business and delivery services. These third parties may from time to time need to have access to your personal data:

Our analytics service providers (such as Google, yandex.Metrica, Hotjar and VWO), who process personal data for their own purposes as Data Controllers. Please refer to our Cookie Policy in the Appendix below in order to identify how you may prevent access to your personal data by analytics providers.
Service providers or data processors that handle your personal data on our instructions, for example cloud services.
We use an email and marketing automation platform (e.g., Customer.io) to send double opt-in confirmations and newsletters and to manage suppression lists, acting as our processor.
Our subsidiaries in the Black-Jack.com group (if any), located inside or outside the EU/EEA. Transfers of personal data will be subject to freespins.net data transfer agreements.
If we are under a duty to disclose to comply with a legal obligation or protect our interests or security.
In the event we sell, buy or re-organise any business or assets, or if our assets are acquired by a third party, including prospective sellers or buyers.

5. INTERNATIONAL TRANSFERS

International Transfers mean that personal data is transferred to a country outside the European Union.

As set out in Section 4 above, we may allow access to your personal data to third parties who may be located outside the European Union.

We may also disclose your personal data if we receive a legal or regulatory request from a foreign law enforcement body outside the European Union.

We will always take steps to ensure that any international transfer of information is managed to protect your rights and interests. Any requests for information that we receive from law enforcement or regulators will be carefully checked before personal data is disclosed.

You have the right to ask us for more information about the safeguards we have put in place as mentioned above. Contact us (see Section 8) if you wish further information.

Where we transfer personal data outside the EEA/UK, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and, where applicable, the UK IDTA/Addendum, along with technical and organizational measures and transfer risk assessments.

6. DIRECT MARKETING

We will use your personal data to send you direct marketing communications regarding products and services that we and our partners offer regarding for example online casino, sports betting and financial services. This may be in the form of email or targeted online advertisements.

In some cases our processing of your personal data for marketing purposes will be based on our legitimate interests (see Section 3 above). When required by law it will be based on your consent.

You always have a right to say no to further direct marketing, at any time. You can use the opt-out link that you find in all direct marketing communications, or by contacting us (see Section 8).

We take steps to limit direct marketing to a reasonable and proportionate level, and to send you communications that we believe may be of interest or relevance to you, based on the information we have about you.

Additional details:

Double opt-in: We require email confirmation before adding you to our marketing lists.
Unsubscribe center: You can unsubscribe from our email list at any time.
Suppression lists: If you unsubscribe, we keep your email on a suppression list to ensure we do not email you again. Re-submitting the same email will not bypass suppression.
US privacy (if applicable): Where required, we will provide a “Do Not Sell or Share My Personal Information” link and honor Global Privacy Control (GPC) signals for cross-context advertising opt-outs.

7. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will retain your personal data for as long as reasonably necessary for the purposes listed in Section 3 of this Policy.

In some circumstances we keep your personal data during a certain period to meet for example legal, tax or accounting requirements.

We maintain a data retention policy for personal data in our care. Where your personal data is no longer required we will ensure it is either securely deleted or made anonymous.

8. WHAT ARE YOUR RIGHTS?

You have a number of rights in relation to your personal data. More information about each of these rights can be found by referring to the table set out further below.

To exercise your rights you may contact us as by sending an email to [email protected] or in writing to Black-Jack.com at the address set out in Section 1 above.

Please note the following if you wish to exercise your rights:

Right:	What this means
Access:	You can ask us to: confirm whether we are processing your personal data; give you a copy of that data; provide you with other information about your personal data, for example what data we have, what we use it for, who we disclose it to, whether we transfer it outside the EU and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any Automated Decision Making or Profiling, to the extent that information has not already been provided to you in this Policy.
Rectification:	You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.
Erasure:	You can ask us to erase your personal data, but only where: it is no longer needed for the purposes for which it was collected; or you have withdrawn your consent (where processing was based on consent); or following a successful right to object (see ‘Objection’ below); or it has been processed unlawfully; or to comply with a legal obligation. We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary: for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims. there are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
Restriction:	You can ask us to restrict (i.e. keep but not use) your personal data, but only where: its accuracy is contested (see Rectification), to allow us to verify its accuracy; or the processing is unlawful, but you do not want it erased; or it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal data following a request for restriction, where: we have your consent; or to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
Portability:	You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but in each case only where: the processing is based on your consent or on the performance of a contract with you; and the processing is carried out by automated means.
Objection:	You can object to any processing of your personal data which has our ‘legitimate interests’ as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. We have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
International Transfers:	You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the European Economic Area. We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity.
Supervisory uthority:	You have a right to lodge a complaint with the responsible local supervisory authority about our processing of your personal data. We may request limited additional information to verify your identity when you make a rights request. EU/UK: You can contact the Bulgarian authority: Commission for Personal Data Protection (CPDP), 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria, www.cpdp.bg. US (if applicable): Depending on your state, you may have rights to know/access, correct, delete, and opt out of “sale” or “sharing” for cross-context advertising. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

9. COOKIE POLICY – APPENDIX A

WE USE COOKIES

To offer you a full range of functions when you visit our website, recognize your preferences, and make the use of our website more comfortable and convenient, we use “cookies.”

WHAT ARE COOKIES?

A cookie, pixel or similar technology is a small file or information saved on your computer or device when you visit the website. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.

YOUR OPTIONS

By using our website, you agree to the use and storage of cookies on your computer or device.You can generally view our website without cookies, but certain parts of the website may not work properly or navigating be slower.If you do not wish cookies to be stored on your computer or device, you can deactivate the relevant option in the system settings of your browser. You can also delete stored cookies in the system settings of your browser at any time.More information on how to deactivate or delete cookies can be found here: https://www.aboutcookies.org/cookie-faq/. However, please keep in mind that if you do not accept any cookies this may restrict the functionality of our offerings.

Consent Management: We use a consent tool that lets you accept or reject non-essential cookies by category and change your choices at any time via the “Cookie settings” link in the footer. For non-essential cookies (e.g., analytics, A/B testing, advertising, push), we rely on your consent.

CATEGORIES OF COOKIES

We use cookies for different purposes and with different functions.

SOME COOKIES ARE:

necessary in technical terms (technical necessity)
stored and used for a certain time period (storage duration)
placed and stored by us or a third party (cookie provider).

TECHNICAL NECESSITY

COOKIES THAT ARE TECHNICALLY:

Necessary: We use certain cookies because they are strictly necessary in order for the website and its functions to work properly. These cookies are automatically placed on your computer or device when you access the website or a certain function, unless you have set your browser to reject cookies.
Not necessary: Cookies that are not strictly necessary are placed on your computer or device to improve convenience and performance of our website or save certain settings that you have made. We also use cookies that are not strictly necessary in technical terms to get information on the frequency of use of certain areas of our website, so that we can adapt to your needs and requirements on a more targeted basis.

STORAGE DURATION

Session cookies: Some cookies are only needed for the duration of your website session, so called “session cookies”. They will be erased or become invalid as soon as you leave our website or your current session expires. Session cookies are used, for example, to retain certain information during your session.

Permanent cookies: Some cookies are stored for a longer period. For example, it allows to recognize you when you access our website again at a later time and access saved settings. As a result, you can access web pages faster or with greater convenience, for example that you do not need to set certain options again, such as your chosen language. Permanent cookies are automatically deleted after a predefined period.

Flow cookies: These cookies are used for communication between our internal servers within our company group. They are placed on your computer or device when you start navigating the website and deleted after the end of your navigation on the website. Flow cookies are given a unique identification number but does not allow us to draw any conclusions regarding the actual customer or user.

COOKIE PROVIDERS

Provider cookies: These are cookies are placed by us or the operator of our website, who is commissioned by us.

Third-party cookies: “Third-party cookies” are stored and used by other organizations or websites, for example Web analytics tools. External providers may also use cookies to display advertising or to integrate content from social networks, such as social plugins. For further information on Web analytics tools and measurement of reach, please see below in this cookie policy.

USE OF COOKIES FOR WEB ANALYTICS AND REACH MEASUREMENT

We use Google Analytics, a Web analytics service of Google Inc. (“Google”). Google Analytics uses cookies to identify the frequency of use of certain areas of our website and to identify preferences. The information regarding your use of this website that is generated by the cookie (including your truncated IP address) is transferred to a Google server in the United States and stored there. Google will use this information to analyze your use of the website, compile reports on website activity for us, and perform further services associated with website use and Internet use. Google may also transmit this information to third parties where required by law or to the extent third parties process these data on behalf of Google.

You can deactivate Google Analytics & yandex.Metrica using a browser add-on if you do not wish the website analysis to take place. You can download the add-on here:

https://tools.google.com/dlpage/gaoptout?hl=
This add-on stores “opt-out” information on your device that serves to match up your deactivation of Google Analytics. Please note that this kind of “opt out” only leads to the deactivation of Google Analytics for the device and browser from which the “opt out” was activated. In addition, you may need to reactivate it if you delete cookies from your device.

Vendors and purposes (examples):

Name of cookie	Cookie provider	Purpose
Google Analytics	Google	Site usage analytics (pages viewed, time of visit, referral).
Facebook Pixel	Facebook/Meta	Advertising measurement and audiences (used only with marketing-cookie consent).
OneSignal	OneSignal	Web/app push notifications and device tokens (if push is enabled).
VWO	VWO	A/B testing and UX experiments (non-essential; requires consent).
Hotjar	Hotjar	UX analytics and feedback (non-essential; requires consent).
Google Marketing Platform / Google Ads	Google	Advertising measurement and reach (non-essential; requires consent).

Retention note: Analytics cookies are typically retained 14–26 months (depending on our settings). See vendor policies for details.

10. ADDITIONAL DETAILS

SECURITY

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit, access controls, least-privilege practices, vendor due diligence, and staff awareness. If we become aware of a data breach that affects your rights and freedoms, we will notify you and the relevant authorities where required.

CHANGES TO THIS POLICY

We may update this Policy from time to time. We will post the updated version here with a new Last updated date.

CONTACT US

Black-Jack.com • [email protected] • Bulgaria