24 NCAC 06A .0704 Terms and Conditions and Privacy Policies for Wagering Accounts
(a) All terms and conditions and privacy policies for Wagering Accounts shall be readily accessible to the Player before and after registration and noticed when materially updated beyond grammatical or other minor changes.
(b) All terms and conditions for Wagering Accounts shall address aspects of the Operator, including, but not limited to:
(1) a statement that only Individuals located in the authorized geographic boundaries within the State of North Carolina may place Wagers;
(2) a statement that Ineligible Persons are prohibited from Wagering;
(3) advice to the Player to keep their authentication credentials, including password and username, secure;
(4) all processes for dealing with lost authentication credentials, forced password changes, password strength and other related items as required by the Commission;
(5) full explanation of rules applicable to dormant Wagering Accounts, including the conditions under which an Account is declared dormant and what actions will be undertaken on the Account once this declaration is made;
(6) actions that will be taken on the Player's pending Wagers placed prior to an exclusion or suspension, including the return of Wagers, or settling Wagers, as appropriate;
(7) information about timeframes and limits regarding deposits to or withdrawals from Wagering Accounts, including a clear and concise explanation of fees, if applicable;
(8) statements indicating that the Operator has the right to:
(A) refuse to establish a Wagering Account for what it considers good and sufficient reason;
(B) refuse deposits to or withdrawals from Wagering Accounts for what it considers good and sufficient reason; and
(C) unless there is a pending investigation or Player dispute, suspend or close a Wagering Account at any time pursuant to the terms and conditions between the Operator and the Player; and
(9) statements indicating that the Players are prohibited from:
(A) transferring or selling an Account or Account balance;
(B) using a virtual private network or other technology that may obscure or falsify their physical location;
(C) allowing an unauthorized Person to access or use their Account; and
(D) collusion, cheating, or other unlawful activity.
(c) All privacy policies for Wagering Accounts shall address aspects of the Personal Information protection, including, but not limited to:
(1) the Personal Information required to be collected;
(2) the purpose and legal basis for Personal Information collection and of every processing activity for which consent is being sought;
(3) the period in which the Personal Information is stored, or, if no period can be possibly set, the criteria used to set this;
(4) the conditions under which Personal Information may be disclosed and the categories of third-party entities with whom the Operator shares such data; however, upon written request of the Director or a Registered Player, the Operator shall identify the names of the third-party entities with whom the Operator shares Personal Information;
(5) an affirmation that measures are in place to prevent the unauthorized or unnecessary disclosure of the Personal Information;
(6) the identity and contact details on the Operator who is seeking the consent;
(7) a statement that the Operator will not discriminate against an Individual because the Individual does not consent to the sale of their data;
(8) instructions providing the Player with information about how to opt out of Operator's data collection activities, subject to any exception as required by applicable law or regulation;
(9) a statement that the Operator will honor the individual's request for the Operator to delete or cease use of the Personal Information and other data collected concerning that individual and direct its agents and affiliates to do the same; the Operator may deny an Individual's request to delete or cease use of the Personal Information if maintaining the Personal Information is necessary to:
(A) perform any obligations under these Rules or the General Statutes;
(B) complete the transaction for which the Personal Information was collected, provide a good or service requested by the Individual, or reasonably anticipated within the context of a business's ongoing business relationship with the Individual, or otherwise perform a contract between the business and the Individual;
(C) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
(D) debug to identify and repair errors that impair existing intended functionality;
(E) to enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer's relationship with the business; or
(F) comply with any other legal obligation;
(10) contact information for the Operator's privacy office or officer, or a point of contact at the Operator for privacy-related questions; and
(11) other privacy requirements specified by the Commission.
History Note: Authority G.S. 18C-114(a)(14);
Previously adopted as Rule 1G-004;
Eff. January 8, 2024;
Readopted Eff. March 27, 2024.