Privacy Policy

This Privacy Policy governs the collection, processing, and protection of personal data by our online casino platform operating within the United Kingdom. We are committed to maintaining the highest standards of data protection in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and relevant gambling legislation. This policy outlines how we handle your personal information when you access our gaming services, create an account, or engage with our platform in any capacity.

1. Data Controller Information and Legal Basis

As the data controller, we process your personal information under several legal bases as defined by UK GDPR. Our primary legal basis for processing is contractual necessity, enabling us to provide gaming services, manage your account, and fulfill our obligations to you as a player. We also process data based on legitimate interests, including fraud prevention, security monitoring, and improving our services.

Regulatory compliance forms another crucial legal basis, particularly given our obligations under the Gambling Act 2005 and UK Gambling Commission regulations. We must verify player identity, prevent underage gambling, monitor for problem gambling behaviors, and maintain comprehensive records for regulatory reporting. In certain circumstances, we may seek your explicit consent for specific data processing activities, such as marketing communications or participation in promotional campaigns.

Our commitment to responsible gambling requires us to process personal data to identify potential gambling-related harm and implement appropriate player protection measures. This processing is essential for fulfilling our duty of care and maintaining our gambling license within the UK jurisdiction.

2. Types of Personal Data We Collect

We collect various categories of personal data necessary for operating our online casino services safely and legally. The following table outlines the primary types of information we gather:

Data Category	Information Types	Collection Method
Identity Information	Full name, date of birth, nationality, gender	Account registration, verification documents
Contact Details	Email address, postal address, phone number	Registration form, account updates
Financial Data	Payment methods, transaction history, betting patterns	Deposits, withdrawals, gaming activity
Technical Information	IP address, device information, browser type, session data	Automatic collection during site usage
Gaming Data	Game preferences, betting history, session duration	Platform interaction, game participation
Verification Documents	Passport, driving license, utility bills, bank statements	Know Your Customer (KYC) procedures

Additionally, we may collect sensitive personal data when required for regulatory compliance, including information about gambling-related harm indicators or self-exclusion requests. This data receives enhanced protection under our security protocols and is processed only when legally justified and necessary for player protection.

3. Purposes and Legal Grounds for Data Processing

We process your personal data for multiple legitimate purposes essential to our casino operations and regulatory compliance. Account management represents our primary processing purpose, encompassing registration, authentication, and ongoing account maintenance. This processing enables us to provide secure access to our gaming platform and maintain accurate player records.

Regulatory compliance requires extensive data processing to meet UK Gambling Commission requirements. We must verify player identities, prevent money laundering, detect fraud, and monitor for signs of problem gambling. These activities are legally mandated and form the foundation of our responsible gambling framework.

Financial transaction processing and payment verification
Game result calculation and prize distribution
Customer support and dispute resolution
Marketing communications and promotional offers
Platform security and fraud prevention
Responsible gambling monitoring and intervention
Statistical analysis and service improvement

Our legitimate interests include maintaining platform security, preventing fraudulent activity, and improving user experience through data analysis. We regularly assess these interests against your fundamental rights and freedoms to ensure appropriate balance and protection.

4. Data Sharing and Third-Party Disclosures

We share personal data with carefully selected third parties only when necessary for service provision, regulatory compliance, or legal obligations. Our primary data sharing occurs with payment processors who handle financial transactions securely and in compliance with Payment Card Industry Data Security Standards (PCI DSS).

Regulatory authorities, including the UK Gambling Commission, HM Revenue and Customs, and the Financial Conduct Authority, may receive personal data when required by law or regulation. We cooperate fully with legitimate regulatory requests and maintain detailed records of all disclosures made to official bodies.

Technology service providers supporting our platform infrastructure receive limited personal data necessary for their specific functions. These providers operate under strict contractual obligations ensuring data protection standards equivalent to our own policies. We conduct regular assessments of third-party processors to maintain compliance and security standards.

In cases involving suspected criminal activity, fraud, or threats to public safety, we may disclose personal data to law enforcement agencies. Such disclosures occur only when legally required or when we have reasonable grounds to believe disclosure is necessary to prevent harm or illegal activity.

5. International Data Transfers and Safeguards

While we primarily process data within the United Kingdom, certain service providers may be located in other jurisdictions. All international data transfers comply with UK GDPR requirements and include appropriate safeguards to protect your personal information during cross-border processing.

For transfers to countries without adequacy decisions, we implement Standard Contractual Clauses approved by UK authorities or rely on other appropriate transfer mechanisms. We conduct thorough due diligence on international processors, evaluating their data protection capabilities and local legal frameworks.

Our cloud infrastructure providers operate under comprehensive data processing agreements that specify data location, security measures, and access controls. We maintain visibility into data processing locations and can provide information about specific transfers upon request.

Emergency data transfers may occur for technical support or security incident response purposes. Such transfers are limited to the minimum data necessary and are governed by strict access controls and time limitations to ensure ongoing protection of your personal information.

6. Data Security Measures and Retention

We implement comprehensive technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. Our security framework includes multiple layers of protection designed to safeguard sensitive information throughout its lifecycle.

Advanced encryption protocols for data transmission and storage
Multi-factor authentication for administrative access
Regular security audits and penetration testing
Employee training programs on data protection principles
Incident response procedures for security breaches
Regular backup systems with secure off-site storage
Access controls limiting data exposure to authorized personnel

Our data retention periods align with regulatory requirements and business needs while minimizing unnecessary data storage. Account information and transaction records are retained for seven years after account closure to comply with gambling regulations and financial reporting requirements. Gaming session data and technical logs are typically retained for shorter periods unless required for ongoing investigations or regulatory matters.

We regularly review retained data to ensure continued relevance and legal justification for processing. Automated deletion processes remove expired data according to predetermined schedules, while manual reviews address complex retention scenarios requiring individual assessment.

7. Individual Rights and Contact Information

Under UK GDPR, you possess several fundamental rights regarding your personal data processing. These rights enable you to maintain control over your information and ensure transparent, fair processing by our organization.

You have the right to access your personal data and receive information about our processing activities. This includes obtaining copies of data we hold about you and understanding how we use this information for various purposes. We provide access through secure account portals and respond to formal data subject access requests within required timeframes.

Rectification rights allow you to correct inaccurate or incomplete personal data, ensuring our records remain current and accurate. You can update most information through your account settings or by contacting our customer support team for assistance with more complex corrections.

Right to erasure (right to be forgotten) in specific circumstances
Right to restrict processing when accuracy or legality is contested
Right to data portability for certain types of personal information
Right to object to processing based on legitimate interests
Right to withdraw consent for consent-based processing
Right to lodge complaints with the Information Commissioner's Office

To exercise your rights or raise privacy-related concerns, contact our Data Protection Officer through our dedicated privacy contact channels. We respond to all legitimate requests promptly and provide clear information about any limitations that may apply due to regulatory requirements or legitimate business interests. Our commitment to data protection extends beyond legal compliance to encompass best practices that respect your privacy and maintain trust in our gaming services.