Interslot Interactive
Legal

Privacy policy

This privacy policy explains how 5 Reels GmbH ("we", "us") processes personal data when you visit www.interslotinteractive.com ("the site"). The site is a B2B showcase platform for the slot portfolio of Interslot Games. It is not aimed at consumers, does not offer real-money play, and is restricted to visitors aged 18 and older.

1. Controller

5 Reels GmbH
1190 Vienna, Austria
Email: sales@interslotinteractive.com

2. What we process and why

Age confirmation (age gate)

On your first visit the site asks you to confirm that you are 18 or older. Your confirmation is stored locally in your browser as the cookie ig_age_ok for one year and is never transmitted to our servers. Legal basis: Art. 6 (1) (c) GDPR — compliance with a legal obligation regarding the protection of minors.

Contact form

If you submit our contact form, we process the data you provide (name, work email, company, market/region, message) in order to respond to your enquiry and, where applicable, take pre-contractual steps. The submission is sent directly to our own server hosted with All-Inkl in Germany and delivered to our inbox by email (via the same SMTP infrastructure used for the rest of the site). No third party receives or stores the message. Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures) and Art. 6 (1) (f) GDPR (our legitimate interest in responding to business enquiries). We retain enquiry data only for as long as needed to handle the matter — typically up to 12 months after our last contact with you, unless statutory retention obligations (e.g. Austrian commercial or tax law) require a longer period.

Partner Hub

The Partner Hub at /server/hub/ is accessible by invitation only. If you receive an invitation, we process the email address provided to us by your organisation, the password you set (stored only as a bcrypt hash — never in plain text), your session token while you are logged in, and a record of failed login attempts (IP address, timestamp) for a short rolling window to protect the Hub against brute-force attacks. Legal basis: Art. 6 (1) (b) GDPR (contractual relationship with our partners) and Art. 6 (1) (f) GDPR (legitimate interest in the security of our systems). Hub accounts are deleted on request or when the partner relationship ends.

Server logs

Our hosting provider records standard web-server access logs (IP address, requested URL, timestamp, user agent, referrer) for the purposes of operating, securing and troubleshooting the site. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in IT security and reliable operation). Logs are retained by the hosting provider for a short period and then deleted or anonymised.

3. Cookies

We use only strictly necessary cookies. We do not set analytics, advertising, profiling or social-media cookies, and we do not embed third-party trackers.

  • ig_age_ok — stores your age-gate confirmation locally for one year. Never sent to our servers.
  • PHP session cookie (only inside /server/hub/ after you log in) — keeps you signed in for the duration of your Hub session. Marked HttpOnly; Secure; SameSite=Strict and expires when you log out or close the browser.

4. Third-party processors

  • All-Inkl.com (Neue Medien Münnich, Germany) — hosting provider for the website, the database and our outbound email. A data processing agreement under Art. 28 GDPR is in place. Hosting takes place on servers located in Germany.
  • Cloudflare, Inc. (USA) — provides the Turnstile anti-bot widget shown on the contact form. Cloudflare receives technical signals (IP address, user agent, basic browser characteristics) needed to distinguish humans from bots; this happens on the /contact page when the widget loads. Turnstile is designed to be privacy-preserving and does not set tracking cookies. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in protecting our infrastructure from automated abuse). See cloudflare.com/privacypolicy.

5. Disclosures and international transfers

We do not sell personal data. We only share data with the processors listed above, who act on our instructions. The only international transfer is to Cloudflare in the USA when you load the contact page (so the Turnstile widget can verify you are not a bot); this transfer takes place on the basis of the Standard Contractual Clauses adopted by the European Commission. The actual contact-form message stays on our German hosting infrastructure.

6. Your rights

Under the GDPR you have the right to request access to your personal data (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and to object to processing based on legitimate interests (Art. 21). To exercise any of these rights, write to sales@interslotinteractive.com.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for us is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), www.dsb.gv.at.

7. Security

Traffic to the site is encrypted via TLS (HTTPS). Partner Hub passwords are stored only as bcrypt hashes. Administrative and API endpoints are protected by HMAC-signed requests, session authentication with CSRF protection, and rate limiting.

8. Changes to this policy

We may update this policy to reflect changes to our processing activities or applicable law. The current version is always available at this URL.