CasinoWays Privacy Policy

Three categories of information are collected. The first is account information, which covers the data you provide at registration: full name, date of birth, email address, country of residence and a chosen password. The second is verification information, which covers the documents you upload during identity verification: a photo of a passport, driving licence or national ID, plus a recent utility bill or bank statement for proof of address. The third is activity information, which covers what happens on the account: deposits, withdrawals, wagers, game sessions, login times, device type and IP address.

Verification documents are stored separately from account data and are protected by additional access controls. Activity information is logged for fraud prevention, dispute resolution, regulatory reporting and to make the site work properly. We do not collect special category data as defined by UK GDPR, such as health data, political views or religious beliefs, because there is no need for it in a casino context.

Account and verification data are processed under the contract you enter into when you accept the terms and conditions at registration. The processing is necessary to provide the service. Activity data is processed under a mix of legal bases: contract for the parts that make the site work, legal obligation for anti money laundering record keeping and legitimate interest for fraud prevention and platform security. Marketing communications are sent only on the basis of consent, which you give when you opt in at registration and which you can withdraw at any time from inside the account area.

We do not use personal data to make automated decisions with legal effects. We do not profile players for advertising purposes outside the site. Internal analytics use aggregated data to understand how the lobby is used, which informs product improvements, and these analytics never identify individual players in a meaningful way.

Personal data is shared only with parties that need it to deliver the service or to meet a legal obligation. Payment processors receive the minimum data required to settle deposits and withdrawals. Identity verification providers receive document images for the verification check and return a yes or no result. Game studios receive a non identifying session ID so the game state can be tracked, but they do not receive your name or contact details. Cloud hosting providers process data on our behalf under data processing agreements that meet UK GDPR requirements.

Where required by law, we will share data with regulators, tax authorities and law enforcement. The licensing authority that supervises CasinoWays has a right of access to operator records and we cooperate with its requests. We never sell personal data to marketing companies or advertising networks, and we do not share data with third parties for their own marketing purposes.

Under UK GDPR you have the right to ask what personal data we hold about you, to receive a copy of it, to have inaccurate data corrected, to have your data erased where there is no overriding legal reason to keep it, to restrict the processing of your data in certain circumstances, to receive your data in a portable format and to object to processing based on legitimate interest. You also have the right to withdraw consent for marketing at any time without affecting the lawfulness of past processing.

Requests can be sent to privacy@casinoways.online from the email address registered to the account. We respond within thirty days and the response is free unless the request is manifestly excessive. Where data must be retained for legal reasons, such as anti money laundering records that must be kept for five years after account closure, we will explain which retention rule applies and when erasure will be possible.