Secure Transactions
1. TLS Protocol
The COMPANY recognizes the importance of the security of Personal Data and electronic transactions and has taken all necessary measures, using the most modern and advanced methods, to ensure the highest possible level of security. All information related to users’ personal data is treated as confidential. www.gameofmoney.gr (hereinafter theSite) uses the TLS protocol with 128 bit encryptionfor secure online commercial transactions. In this way all User personal information is encrypted, including the credit card number, name, and address so that it cannot be decrypted or altered during transmission over the Internet.
The TLS protocol Transport Sockets Layer is the successor to the widely used SSL and is now the global standard on the internet for ensuring proper encrypted communication between websites and network users, for the secure transfer of encrypted information between network users and web servers. An encrypted TLS SSL communication requires that all information transmitted between a User and a server is encrypted by the sending software and decrypted by the receiving software in cooperation with a globally accepted certificate authority, thus protecting personal information during transmission. In addition, all information transmitted through TLS SSL protocols is protected by a mechanism that automatically verifies whether the data has been altered during transmission.
All of the above is included in the information security process maintained by the COMPANY which is certified under PCI DSS, a standard intended for organizations that handle sensitive information such as credit card data or ID information.
According to this standard, for which the COMPANY must be certified annually, all sensitive information must be handled with transaction security as the primary concern both in processes and in information systems. More specifically, the process generally requires the following:
2. User Identification
The information used to identify the User consists of two elements: the Login Code Username and the Personal Secret Security Password.Every time the User enters this information, access is granted to their personal account. This process is carried out securely due to the encryption of the data during transmission on the internet and the encryption of the data on the COMPANY’s servers. Under the same standards, the User may change the Personal Secret Security Password as often as desired. After entering the desired password, it is encoded and stored in the COMPANY’s systems for maximum security. For this reason, the only person who knows the User’s password is the User and the User alone is entirely responsible for maintaining its confidentiality from third parties.The COMPANY is not able to know the User’s secret password and can only reset it. In case of loss or leakage of this password, the User must immediately notify the COMPANY, otherwise the COMPANY is not responsible for the use of the secret password by an unauthorized person. The online store gameofmoney.gr of the COMPANY does not in any way disclose or publish Users’ personal data or information. Personal data is used solely for the proper execution of transactions. All information is encrypted and stored with complete security.
Personal Data Protection
When the User visits the Site or makes purchases, it is necessary to provide certain information name, profession, email address, home address, landline phone, mobile phone, etc. related to Personal Datawhich will be automatically processed and incorporated into automated files previously disclosed to the competent Authority and for which the COMPANY is the Data Controller according to Law 2472 1997The User guarantees and is responsible for the truth, accuracy, validity, authenticity, relevance, and appropriateness of the Personal Data disclosed to the COMPANY.
The COMPANY has implemented lawful protection measures in its facilities, systems, and files and guarantees the confidentiality of Personal Data. However, it may disclose Personal Data or any other information it holds or that is accessible through its systems to the competent Public Authorities if required by applicable law.
Additionally, the COMPANY reserves the right to inform its suppliers with sales statistics which will not in any case include personal information that could lead to the identification of individuals.
Purpose: The collection and automated processing of Personal Data is intended to document the contractual relationship with the COMPANY, to monitor, improve, and adapt to preferences and choices related to products and services, and to send administrative, technological, organizational, and or commercial information about the COMPANY’s products and services by electronic or traditional means.
User Consent: The User consents to and accepts the processing of their personal data for the needs of smooth and easy transactions between the parties and thus provides express consent for the collection and processing of Personal Data as described above. The COMPANY may also transfer Personal Data to companies or individual businesses located in Greece or in other EU countries for the purpose of providing any services related to the above purposes including direct marketing or advertising services. The User provides express consent for the transfer or disclosure of the data contained in the files to the recipients mentioned above. In all cases, the COMPANY guarantees the confidentiality and security of Personal Data during any transmission or transfer that may occur.
Right of access objection: At any time the User has the right to access the file, request correction, deletion, and raise objections regarding the processing of data concerning them. Additionally, the User’s consent may be revoked at any time.
Use of Personal Data for promotional actions: The COMPANY provides Users and buyers through the Site the option to choose to receive information about new products and other possible offers or payment arrangements through the sending of promotional or informational messages to their email or postal address or by telephone. The COMPANY will not misuse this service. Users are always offered the option to stop receiving promotional messages. Furthermore, the COMPANY may use the User’s browsing history on the Site for promotional actions on other websites outside the Company’s Site.
«Recognizing the importance of electronic payment security, EveryPay is a licensed Payment Institution by the Bank of Greece Decision No. 280 3 23 7 2018 GG B 3010 25 7 2018 and securely manages card payment transaction data in accordance with the regulatory framework of the card transaction security management standard. Everypay is certified according to PCI DSS security standards. All Everypay services are provided through secure connections with 256 bit SSL certificates. EveryPay also supports the use of the 3D Secure service, an additional security layer for VISA, MasterCard and American Express. The Payer must then enter the personal secret code to complete the transaction successfully.
“Recognizing the importance of electronic payment security, EveryPay is a licensed Payment Institution by the Bank of Greece (Decision No. 280/3 / 23-7-2018 GG B 3010 / 25-7-2018), and manages securely card payment transactions, in accordance with the regulatory framework of the card transaction security management standard. Everypay is certified in accordance with the PCI DSS compliance standards. All Everypay services are made through secure connections with 256bit SSL certificates. EveryPay also supports the ability to use the 3D Secure service, an additional security token for VISA, MasterCard & American Express. The Payer then has to enter his personal secret code to complete the transaction successfully”.
| Control Objectives | PCI DSS Standard Requirements |
| Secure Network | – Application of firewalls for the protection of user data – Configuration and use of rotating access codes |
| User Protection | – Protection of stored customer data – Encryption of transmission of sensitive data and transactions during communication through open public networks internet |
| Vulnerability Management Process | – Strict use and regular updating of antivirus systems on all vulnerable systems – Development and management of secure systems |
| Strong Access Control Measures | – Restriction of access to customer information only to authorized staff – Provision of specific rights and identifiers to authorized staff – Restriction of access to sensitive User billing data at a physical level |
| Regular Network Monitoring | – Monitoring and detection of all network level access – Regular security checks of processes and systems |
| Maintenance of a Data Security Policy | – Creation and maintenance of a unified data security policy covering both processes and systems |