Privacy Policy

Effective date: April 2, 2026

1. Introduction and Scope

This Privacy Policy explains how UNIVERSE FORCE GROUP DOO BEOGRAD, operating the Universe Force Gaming brand, collects, uses, stores, discloses, and otherwise processes personal data in connection with the Universe Force Gaming website, related landing pages, booking pages, contact forms, communications, and associated business-development activities (collectively, the “Website”).

This policy applies to personal data relating to Website visitors, prospective clients, operators, suppliers, partners, job applicants, investors, advisers, and other business contacts who interact with us through the Website or in direct connection with it. It does not govern player-facing data processed by third-party operators that may use technology built, integrated, or supported by UFG, unless UFG is expressly identified as the controller in a separate notice or agreement.

Universe Force Gaming is a B2B technology brand. The Website is not directed to players as an operator platform and is not intended to create a direct gambling-services relationship with end users.

2. Controller Details

The controller for personal data processed under this policy is:

UNIVERSE FORCE GROUP DOO BEOGRAD
Registered office: Bistrička 39, 11000 Belgrade, Republic of Serbia
General contact: office@universeforcegroup.com
Finance contact: finance@universeforcegroup.com
Director / legal representative: Ilija Bogunović
Registration details: PIB 114858316; Matični broj 22080768

For privacy requests, please contact office@universeforcegroup.com and mark the subject line “Privacy Request”. If you are acting through an authorised representative, we may request evidence of your authority and sufficient information to verify identity before acting on your request.

3. Personal Data We Collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

A. Identification and contact data

  • name, job title, employer, business email address, telephone number, country, company name, and professional profile details;

B. Inquiry, meeting, and relationship data

  • details you submit through contact forms, booking tools, emails, chat, RFPs, proposal requests, questionnaires, calendars, and other communications;
  • notes of calls, meetings, demos, discovery sessions, or commercial follow-ups;
  • your stated interests in casino, sportsbook, AI/data, payments, licensing support, integrations, compliance, or other offerings;

C. Technical and usage data

  • IP address, approximate geolocation derived from IP, browser type, operating system, device information, pages viewed, referring URLs, timestamps, clickstream events, cookie identifiers, session data, and similar usage metadata;

D. Compliance and diligence data

  • information reasonably necessary to assess legal, sanctions, integrity, AML, fraud, security, or counterparty risk before progressing a business relationship;

E. Marketing preference data

  • subscription status, consent preferences, cookie choices, communication preferences, and records of opt-out or objection requests;

F. Recruitment and business contact data

  • professional history, CV or résumé details, portfolio materials, and related correspondence where you apply or are considered for a role through the Website or a Website-linked workflow.

We do not intentionally request special categories of personal data through the Website. Please do not send health data, biometric data, information about criminal convictions, or other highly sensitive information unless we expressly ask for it and have identified a lawful basis for processing it.

4. Sources of Personal Data

We collect personal data:

  • directly from you when you browse the Website, complete a form, book a meeting, email us, apply for a role, or otherwise contact us;
  • automatically through cookies, logs, analytics, and similar technologies when you use the Website;
  • from publicly available professional sources such as company websites, LinkedIn, or corporate registries where relevant to a genuine B2B inquiry or due-diligence review;
  • from service providers that support our Website, communications, calendaring, CRM, analytics, cloud infrastructure, security, and business operations; and
  • from colleagues or counterparties within your organisation where they involve you in a business inquiry or relationship with us.

5. Purposes of Processing and Legal Bases

We process personal data for the following purposes and, where applicable, on the following legal bases:

A. To operate the Website and ensure security

We process technical and usage data to run the Website, maintain availability, detect abuse, troubleshoot issues, prevent fraud, preserve logs, and secure our systems. Legal basis: legitimate interests and, where strictly necessary, performance of requested Website functionality.

B. To respond to inquiries and manage pre-contractual steps

We process contact details, inquiry content, meeting data, and related correspondence to answer questions, assess your needs, schedule meetings, prepare proposals, and take steps at your request prior to entering into a contract. Legal basis: legitimate interests and, where applicable, taking steps at the request of the data subject prior to entering into a contract.

C. To manage client, partner, supplier, investor, and recruitment relationships

We process relevant business-contact, diligence, and communications data to evaluate and manage commercial and organisational relationships. Legal basis: legitimate interests, contract performance, or pre-contractual necessity, depending on context.

D. To send business communications and marketing

We may use professional contact details to send business updates, event invitations, insights, and marketing communications where permitted by applicable law. Legal basis: consent where required, or legitimate interests in B2B direct marketing where permitted. You may opt out at any time.

E. To comply with legal, regulatory, and risk-management obligations

We may process personal data to comply with applicable law, lawful requests, sanctions screening, anti-fraud measures, recordkeeping duties, and the protection of legal rights. Legal basis: legal obligation and legitimate interests.

F. To improve the Website and user experience

We use analytics and feedback to understand Website performance, refine content, improve conversions, and optimise user journeys. Legal basis: legitimate interests and, for non-essential analytics technologies where required, consent.

G. To establish, exercise, or defend legal claims

We may process relevant personal data where necessary for dispute resolution, legal proceedings, or the protection of UFG’s rights, property, people, and systems. Legal basis: legitimate interests and legal obligation where applicable.

6. Cookies and Similar Technologies

The Website may use cookies, pixels, SDKs, scripts, local storage, and similar technologies. Some are strictly necessary for Website functionality, security, load balancing, form integrity, consent management, or fraud prevention. Others may be used for analytics, performance measurement, user-preference storage, or marketing.

Where required by applicable law, non-essential cookies and similar technologies are used only on the basis of your consent. You may manage cookie preferences through our cookie banner or your browser settings. Disabling certain technologies may affect Website functionality.

For clarity, a browser- or device-level setting may not fully replace our consent tools where applicable. We recommend using both your browser controls and the Website’s cookie-management options.

7. Disclosure of Personal Data

We do not sell personal data. We do not disclose personal data to third parties for their own unrelated marketing purposes. We may disclose personal data only where reasonably necessary for the purposes described in this policy, including to:

  • hosting, cloud, CDN, IT, cybersecurity, backup, and infrastructure providers;
  • email, calendar, meeting-booking, communication, CRM, document-management, and productivity providers, including Microsoft 365 / Outlook / Bookings or similar tools where used;
  • analytics, consent-management, and Website support providers;
  • advisers such as lawyers, accountants, auditors, insurers, and corporate service providers under appropriate confidentiality obligations;
  • banks, payment service providers, fraud-monitoring providers, or verification partners where relevant to a genuine commercial engagement;
  • competent authorities, regulators, courts, law-enforcement bodies, supervisory authorities, or counterparties where required by law or necessary to protect rights, safety, or compliance;
  • prospective buyers, investors, lenders, merger counterparties, or reorganisation parties in connection with a proposed or actual corporate transaction, subject to appropriate safeguards.

Where a recipient acts as our processor, we require it to process data only on our instructions and to apply appropriate confidentiality and security measures.

8. International Transfers

Because we serve international business users and may use globally distributed service providers, personal data may be accessed from or transferred to countries outside Serbia and, where applicable, outside the EEA, UK, or Switzerland.

Where we transfer personal data subject to the GDPR or equivalent regimes to a country that is not recognised as providing an adequate level of protection, we will implement appropriate safeguards, which may include the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, contractual confidentiality and security commitments, or another lawful transfer mechanism available at the time of transfer.

9. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this policy, including to satisfy legal, regulatory, tax, accounting, security, and dispute-resolution requirements. Retention periods vary by data type and context, but generally:

  • inquiry and business-development records: for as long as needed to manage the inquiry and, afterwards, for a reasonable follow-up period unless a contract is entered into;
  • marketing suppression records: for as long as needed to honour opt-out preferences and demonstrate compliance;
  • analytics and cookie-consent records: for the period set by our tools, internal policy, or applicable law;
  • compliance and diligence records: for as long as required by law, risk management, or legitimate business need;
  • recruitment records: for the duration of the recruitment process and an additional retention period where lawful and appropriate.

When data is no longer required, we will delete, anonymise, aggregate, or securely archive it in accordance with our internal controls and legal obligations.

10. Data Security

We implement technical, organisational, and administrative measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access. Such measures may include access controls, role-based permissions, logging, encryption in transit where appropriate, secure configuration, vendor due diligence, and internal confidentiality controls.

No Website, network, storage environment, or transmission method is completely secure. You should use appropriate care when submitting information online and avoid sending highly sensitive information through open channels unless specifically requested and protected by agreed safeguards.

11. Your Rights

Depending on the applicable law and your jurisdiction, you may have the right to:

  • obtain confirmation as to whether we process your personal data;
  • access your personal data and receive a copy;
  • request correction of inaccurate or incomplete data;
  • request deletion of personal data in certain circumstances;
  • request restriction of processing in certain circumstances;
  • object to processing based on legitimate interests, including direct marketing;
  • withdraw consent at any time where processing is based on consent;
  • request portability of certain data where legally applicable; and
  • lodge a complaint with the competent supervisory authority.

These rights are not absolute and may be limited where an exemption or lawful ground applies. We may request information necessary to verify your identity before responding. We will respond within the time period required by applicable law.

12. Marketing Communications

Where permitted by law, we may contact you using business contact details in relation to our services, capabilities, market insights, events, or opportunities that may be relevant to your professional role. You can unsubscribe at any time by using the opt-out function in the message, by adjusting preferences where available, or by contacting us at office@universeforcegroup.com.

Even if you opt out of marketing, we may still send non-promotional communications where necessary for an existing relationship, a legal obligation, a transaction, a security issue, or a request you have made.

13. Minors and Age Restrictions

The Website is intended for professional and business audiences and is not directed to children. In light of the nature of the industry sectors referenced on the Website, you should not use the Website or submit personal data if you are under 18 years of age or under the age of legal majority in your jurisdiction, whichever is higher.

If you believe that a minor has provided personal data to us inappropriately, please contact us so that we can take appropriate steps.

14. Third-Party Websites and External Resources

The Website may contain links to third-party websites, scheduling pages, social media pages, partner resources, or other external services. This Privacy Policy does not apply to personal data processed by those third parties under their own policies. We encourage you to review the relevant privacy notices before providing data to them.

15. Complaints and Supervisory Authority

If you have concerns about how we process personal data, we encourage you to contact us first so that we can try to resolve the matter. You also have the right, where applicable, to lodge a complaint with the competent data-protection supervisory authority, including the Commissioner for Information of Public Importance and Personal Data Protection in the Republic of Serbia.

If the GDPR applies to the relevant processing, you may also have the right to contact a supervisory authority in the EU/EEA Member State of your habitual residence, place of work, or place of the alleged infringement, subject to applicable law.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, operational, or business changes. The revised version becomes effective when posted on the Website or otherwise communicated, unless a later date is stated. We encourage you to review this policy periodically.

17. Contact Us

For questions, requests, or complaints relating to this Privacy Policy or our personal-data practices, contact:

UNIVERSE FORCE GROUP DOO BEOGRAD
Bistrička 39, 11000 Belgrade, Republic of Serbia
Email: office@universeforcegroup.com

Please include enough information for us to understand your request and process it efficiently.

Ready to own your iGaming platform?