Rights of stakeholders and partners

1) Introduction: who are the "stakeholders"

In the contour of iGaming/fintech platforms, they usually distinguish:

Users/clients,
Employees/contractors,
Suppliers/providers (game studios, PSP/acquiring bank, KYC providers, hosting, anti-fraud),
Affiliates/agency networks and marketing partners,
Investors/shareholders,
Regulators and Ombudsmen/ADRs,
Local communities and NGOs.
The purpose of this policy is to clearly record their rights, expectations and protection mechanisms, embedding them in contracts, processes and metrics.

2) Principles of interaction (basis for all groups)

1. Transparency and awareness (understandable conditions, changelogs).
2. Integrity and non-discrimination (equal terms and access).
3. Data and privacy protection (minimization, security, legality).
4. Safety and quality (SLA/SLO, monitoring, post-mortems).
5. Accountability (complaint channels, independent review, right to appeal).
6. Right to audit and audit within reasonable limits.
7. Responsible AI and marketing (explainability of decisions, prohibition of manipulations).
8. Zero tolerance for corruption, conflicts of interest and repression.

3) Matrix of rights and protection mechanisms

Party	Key rights	Mechanisms
Users	Information (ToS, CCM/payments, RTP), data protection, fair offers, appeal decisions, refund/compensation	Public Policies, Status Page, Responsible Gaming, DSR Procedures, ADR/Ombudsman, SLA Responses
Employees/Contractors	Equal opportunity and safe environment, protection from repression, privacy, understandable grades/career	Code of Ethics, Antiharassment, Whistleblower Channels, DEI Metrics, RACI, Transparent Gradings
Suppliers/Providers	Clear scope, fair payment and timing, predictable integration, IP protection	MSA/SOW with SLA/OLA, right to audit (reciprocal), API versioning plan, IP clauses
Affiliates/Agents	Transparent reporting and attribution, timely payments, non-discriminatory rules	Affiliate policy, anti-fraud regulations, conversion dashboard, payment terms, ADR
Investors	Timely and truthful reporting, corporate governance compliance, risk management	Board Reports, ESG/Compliance Review, Internal Audit, Insider Policy
Regulators/Ombudsmen	Trustworthy reporting, access to investigative materials, compliance with notification deadlines	Regulatory forms, 72h-playbook incidents, contact points
Communities/NGOs	Fair advertising, protecting vulnerable groups, minimizing negative impact	ESG policies, Responsible Marketing, stakeholder consultation

4) Binding contractual clauses (fragments)

Anti-corruption and conflicts of interest

"The Parties confirm compliance with applicable anti-corruption laws; the breach is material and shall result in immediate termination"

Data protection and privacy

"Each party acts as a controller/processor within its roles, provides a legitimate basis for the processing, minimization, security and fulfillment of the requests of the entities within the established time frame."

Right to audit

"Upon reasonable notice and working hours, a party may conduct a documentary verification of compliance with the contract, including sub-contractors in the service area, subject to confidentiality."

SLAs and penalties for unavailability

"Service availability - 99.9% per quarter; for violation - service loans/fines. For payments - TtW not more than X hours at the median; violation - commission compensation"

Change Transparency

"Changes affecting rights and financial terms are published with a changelog and grace period of at least N days."

ADR/Arbitration

"Disputes are referred to an independent ADR/arbitration after the claim procedure; place and right - as per annex"

5) Complaint and dispute resolution channels (general procedure)

Reception and registration: application ID, confirmation ≤ 7 days.
Initial analysis: qualification, collection of facts ≤ 30 days.
Decision/interim response: ≤ 90 days, possibility of appeal.
Escalation: internal compliance/board → ombudsman/ADR → arbitration/court.
Prohibition of reprisals against the applicant; protection of whistleblowers.

6) SLA/operating standards (benchmarks)

Process	SLA
Support response to user	≤ 24 hours, P0 - immediately
Payouts (Time-to-Wallet)	median ≤ X h; P95 ≤ Y h
Return on erroneous transaction	start of investigation ≤ 24 hours, resolution ≤ 7 days
DSR Response (Access/Delete)	start ≤ 7 days, run ≤ 30 days
Incident-Communication Outward	initial report ≤ 24 h, detail ≤ 72 h
Affiliate Traffic Verification	Reporting D + 1, Dispute Resolution ≤ 14 days
Vendor: Uptime API	≥ 99.9 %/quarter, planned windows - in advance

7) Specificity by group

7. 1 Users

Rights: honest advertising, transparent bonuses/vager, clear KYC levels and reasons for refusals, appeal restrictions, data protection, available Responsible Gaming channels.
Mechanisms: FAQ with examples of commission calculations, status page, self-exclusion/limits, ADR channel.

7. 2 Suppliers/Providers

Rights: clear scope, API release and decrement calendar, timely payment, return of defects according to the agreed process.
Mechanisms: MSA/SOW, OLA between tech teams, CAB procedures, UAT environment, incident statuses.

7. 3 Affiliates/Agents

Rights: transparent attribution, access to raw metrics/postback calendar, timely payments and understandable reasons for deductions.
Mechanisms: anti-fraud rules, register of sources, revisions of creatives, limitation of geo and age segments.

7. 4 Employees/Contractors

Rights: security, equal opportunities, understandable grades and promotional criteria, protection against harassment and repression, data privacy.
Mechanisms: Code, Equal Opportunity Policy, Whistleblower Policy, DEI-board, fair investigation procedures.

7. 5 Investors

Rights: regular and reliable reporting, information about risks/compliance/ESG, access to board materials according to the regulations.
Mechanisms: reporting calendar, KPI summaries (uptime, TtW, compliance), audit, insider policy.

7. 6 Regulators/Ombudsmen

Rights: Timely notifications, full facts, access to investigative artifacts.
Mechanisms: regulatory contacts 24/7, 72h-runbook, incident log and CAPA.

7. 7 Communities/NGOs

Rights: honest communication, protection of vulnerable groups, dialogue with significant changes.
Mechanisms: responsible marketing policy, consulting, public ESG reports.

8) Responsible AI and algorithmic transparency

Stakeholder rights: to know about the use of AI, to receive explanations of significant decisions (limits, KYC escalation), to have an appeal channel, protection against discrimination and manipulation.
Mechanisms: Model Cards, DPIA/AI risk assessments, fairness tests, human-in-the-loop, red teaming, decision and appeal journal.

9) Right to audit and compliance certificates

Mutual audit within reasonable limits (ISO 27001/27701, SOC 2, PCI DSS, GLI/eCOGRA laboratories - if relevant).
Clarify: N days notice, sample size, confidentiality, prohibition of copying sources/secrets.
For affiliates/marketing - audit of traffic sources and compliance with advertising ethics.

10) Changes to Terms and Conditions and Notices

Chenglog with the date, "what/why has changed," the time of entry, a link to the archive of versions.
Grace period for critical changes (tariffs, limits, marketing rules).
Multi-channel communication: e-mail, banner in the office, partner portal.

11) RACI (who is responsible for what)

Block	R (performs)	A (approves)	C (consulting)	I (informed)
Stakeholder rights policy	Compliance/GRC	CEO/Board	Legal, Security, Product	All
Treaties and reservations	Legal	COO	Compliance, Finance	Partners
Complaints/ADRs	Support/Investigations	GC	Compliance, Product	Applicant
Transparency of conditions/changelog	Product/Comms	CPTO/CMO	Legal, Support	Users/Partners
Audits and certification	GRC/Internal Audit	CEO	Security, IT, Vendors	Regulators/Customers
ESG/Communities	ESG Lead	CEO	Comms, Legal	Society

12) Implementation checklist (60-90 days)

1. Stakeholder map and register of their rights/expectations.
2. Update MSA/SOW/Affiliate-T & C: anti-corruption, data, SLA, ADR, audit, changelog.
3. Launch public pages: CUS/payments/commissions, Responsible Gaming, status page.
4. Set up a single complaint showcase (ID, statuses, SLA) and ADR route.
5. Approve AI/algorithmic transparency: Model Cards, appeals, fairness monitoring.
6. Introduce quarterly reports to the board: uptime, TtW, compliance incidents, complaints and CAPAs.
7. Sign supplier code and audit procedures; Create a revision calendar.
8. Conduct trainings for teams: contractual obligations, incident comas, anti-fraud affiliates.

13) Typical risks and mitigation

Risk	Symptom	Mitigating measures
Opaque conditions	Complaints, churn	Chenglog, FAQ with examples, grace periods
Affiliation attribution disputes	Reporting discrepancies	Raw logs, postbacks, independent audit
Prolonged TtW	Negative, claims	Payment SLOs, channel prioritization, compensation
Leaks/Incidents	Reputational damage	72h-runbook, status page, post-mortems
Algorithmic bias	Complaints of injustice	Fairness tests, HITL, appeals
Corrupt practices	Opaque intermediaries	ISO 37001-contours, cache/gift prohibition, register of contacts with regulators

14) Related Documents

Transparency of corporate processes

Code of Ethics and Conduct

Whistleblower policy and personnel protection

Anti-Corruption Standards and ISO 37001

Compliance and audit certificates

Privacy and data processing policy

Ethics of artificial intelligence

Responsible Marketing & Affiliate Policy

Output

Stakeholder rights are implemented through clear contracts, transparent rules, measurable SLAs, independent complaint channels, and the right to audit. By anchoring these elements in processes and communications (including AI transparency), the platform reduces legal and reputational risks, builds trust and builds sustainable partnerships for years.

Rights of stakeholders and partners

Data protection and privacy

Right to audit

SLAs and penalties for unavailability

Change Transparency

ADR/Arbitration

Output

Get in Touch

Quick Contact

The video will be updated soon

We are currently very busy with projects