Last updated: February 22, 2026
1. Introduction
This Privacy Policy explains how Aron and Sharon, trading as Online Casino Script (“Company,” “we,” “us,” or “our”), collects, uses, stores, and protects personal data when you visit our website at onlinecasinoscript.com, purchase our Software, or otherwise interact with us.
We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Dutch GDPR Implementation Act (Uitvoeringswet AVG, “UAVG”).
Aron and Sharon is the data controller for the personal data described in this Policy.
Registered address:
het Achterveld 31
4003VG Tiel
The Netherlands
KVK: 62745115
2. What Personal Data We Collect
We collect the following categories of personal data:
2.1 Data You Provide Directly
- Account and purchase data: Name, email address, company name, billing address, phone number, and payment information when you make a purchase or create an account.
- Onboarding data: Company registration details, gambling license information, UBO (Ultimate Beneficial Owner) information, and related documentation as part of our client due diligence process.
- Communication data: Any information you provide when you contact us via email, contact forms, or other communication channels, including the content of your messages.
- Support data: Information provided when requesting technical support, including server details, error logs, and configuration data.
2.2 Data Collected Automatically
- Website usage data: IP address, browser type and version, operating system, referring URLs, pages visited, time spent on pages, and click patterns.
- Device data: Device type, screen resolution, language preferences, and time zone.
- Cookie data: Information collected through cookies and similar tracking technologies (see our Cookies Policy for details).
2.3 Data From Third Parties
- Payment processors: Transaction confirmation data from our payment processors.
- Public registers: Information obtained from public business registers and gambling license registers as part of our due diligence obligations.
- Sanctions screening: Results from sanctions list screening of UBOs (EU Consolidated Sanctions List, OFAC SDN list).
3. Why We Process Your Data (Legal Bases)
We process your personal data for the following purposes and on the following legal bases under Article 6 GDPR:
| Purpose | Legal Basis | Details |
|---|---|---|
| Processing purchases and delivering Software | Performance of a contract (Art. 6(1)(b)) | Necessary to fulfill your order |
| Client due diligence and license verification | Legitimate interest (Art. 6(1)(f)) | Our legitimate interest in complying with Dutch gambling law and avoiding criminal liability under Article 1(1)(b) Wet op de kansspelen |
| Sanctions screening of UBOs | Legal obligation (Art. 6(1)(c)) and legitimate interest (Art. 6(1)(f)) | Compliance with EU sanctions regulations and our interest in avoiding facilitating illegal activity |
| Providing technical support | Performance of a contract (Art. 6(1)(b)) | Necessary to provide purchased support services |
| Sending essential service communications | Performance of a contract (Art. 6(1)(b)) | Order confirmations, license updates, security notices |
| Sending marketing communications | Consent (Art. 6(1)(a)) | Only with your explicit opt-in consent |
| Website analytics and improvement | Legitimate interest (Art. 6(1)(f)) | Our interest in improving our website and services |
| Fraud prevention and security | Legitimate interest (Art. 6(1)(f)) | Our interest in preventing unauthorized access and fraud |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) | Tax, accounting, and regulatory obligations |
| Establishing, exercising, or defending legal claims | Legitimate interest (Art. 6(1)(f)) | Our interest in protecting our legal rights |
4. Data We Do NOT Process
We are a B2B software provider. We do not:
- Operate gambling platforms or accept bets;
- Process End User (player) personal data on behalf of our Clients;
- Have access to player databases, gambling accounts, or transaction records of our Clients’ End Users;
- Act as a data processor for our Clients unless a separate Data Processing Agreement is in place.
Our Clients are solely responsible for the personal data of their End Users and must implement their own GDPR-compliant privacy practices.
5. How Long We Retain Your Data
| Data Category | Retention Period | Reason |
|---|---|---|
| Purchase and account data | 7 years after last transaction | Dutch tax and accounting obligations (Algemene wet inzake rijksbelastingen) |
| Due diligence and license verification records | 7 years after end of client relationship | Legal protection and compliance documentation |
| Sanctions screening results | 7 years after end of client relationship | Legal protection |
| Communication and support data | 3 years after last contact | Service quality and dispute resolution |
| Website analytics data | 26 months | Analytics purposes |
| Cookie data | See Cookies Policy | Varies by cookie type |
| Marketing consent records | Until consent withdrawn + 3 years | Proof of consent |
After the retention period expires, data is securely deleted or anonymized.
6. Who We Share Your Data With
We may share your personal data with:
- Payment processors: To process your payments (e.g., Stripe, PayPal, or cryptocurrency payment providers). These processors act as independent data controllers.
- Hosting providers: Our website and email hosting providers who process data on our behalf under Data Processing Agreements.
- Professional advisors: Our legal, accounting, and tax advisors, under professional confidentiality obligations.
- Regulatory authorities: Where required by law, such as in response to a valid legal request from the Kansspelautoriteit, tax authorities, or law enforcement.
- Sanctions screening services: For the purpose of screening UBOs against sanctions lists.
We do not sell your personal data to third parties. We do not share your data for advertising purposes.
7. International Data Transfers
Your data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA (for example, to payment processors or hosting providers), we ensure appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs);
- Adequacy decisions by the European Commission;
- Other appropriate safeguards as required under Chapter V of the GDPR.
You may request a copy of the relevant safeguards by contacting us.
8. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): You may request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): You may request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): You may request deletion of your data, subject to our legal retention obligations.
- Right to restriction (Art. 18): You may request that we restrict processing in certain circumstances.
- Right to data portability (Art. 20): You may request your data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): You may object to processing based on legitimate interest, including direct marketing.
- Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at [insert email address]. We will respond within 30 days. We may request identity verification before processing your request.
If you believe we have violated your data protection rights, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encrypted connections (TLS/SSL) for all data in transit;
- Secure storage with access controls;
- Regular security assessments;
- Limited access on a need-to-know basis;
- Secure deletion procedures for expired data.
While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
10. Children
Our website and Software are intended exclusively for businesses and individuals over the age of 18. We do not knowingly collect personal data from persons under 18. If we become aware that we have collected data from a minor, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. For material changes, we will notify active Clients via email where possible.
12. Contact
For any privacy-related questions or to exercise your rights, contact:
Aron and Sharon
Trading as Online Casino Script
het Achterveld 31
4003VG Tiel
The Netherlands
KVK: 62745115
Email: support@aronandsharon.com
Website: onlinecasinoscript.com