About this privacy notice

Spin My Win Casino collects and processes personal data only where it is necessary, proportionate, and relevant to deliver online services.

What is collected:

• Personal and contact details: name, date of birth, home address, email, telephone number.
• Account and verification records: username, identity and age checks, copies of ID documents, affordability or source‑of‑funds information required by law.
• Transaction and payment information: deposits, withdrawals, payment method identifiers, partial card details processed by approved payment providers.
• Device and technical data: IP address, device identifiers, browser type, app version, cookies and similar technologies.
• Usage information: logins, session activity, bets and gameplay, responsible gambling interactions, communications with support.
• Marketing preferences and consent records.
• Location signals (approximate) for licensing and fraud prevention.

Why it is collected:

• To create and manage accounts, provide services, and support users.
• To verify age and identity, meet anti‑money laundering obligations, and prevent fraud.
• To process payments securely and maintain accurate records.
• To improve websites and apps, personalise content, and monitor performance.

Protection measures:

• Encryption in transit and at rest, strict access controls, role‑based permissions, and multi‑factor authentication for authorised staff.
• Segregated environments, network security, logging and monitoring, regular vulnerability management and independent testing.
• Due diligence and contractual safeguards for suppliers, including PCI DSS for payment processing.

Legal compliance:

• Processing is carried out in accordance with UK GDPR, the Data Protection Act 2018, PECR, and applicable UK Gambling Commission requirements.

User rights:

• Access: request a copy of personal data.
• Correction: ask to rectify inaccurate information.
• Deletion: request erasure where no longer required or where consent is withdrawn and no other lawful basis applies.
• Restriction and objection: limit or object to certain processing, including direct marketing.
• Portability: receive certain data in a structured, commonly used format.
• Withdraw consent: effective for future processing where consent is the basis.
• Complaint: lodge a complaint with the Information Commissioner’s Office (ICO).

To exercise rights, users may use account settings or contact the Data Protection Officer using the contact details provided on the website. Identity verification may be required. A response will be provided within one month, subject to lawful extensions.

Personal data is used only for specified, explicit purposes and processed lawfully and transparently:

• Account setup and servicing: create accounts, authenticate users, provide online services (contract necessity).
• Payments: process deposits and withdrawals, detect and resolve payment issues (contract necessity; legal obligation).
• Verification: age, identity, sanctions, anti‑money laundering checks, affordability where required (legal obligation).
• Responsible gambling: interactions, limits, time‑outs, and monitoring to support safer play (legal obligation; legitimate interests).
• Security and fraud prevention: protect accounts, investigate misuse, maintain platform integrity (legitimate interests; legal obligation).
• Personalisation and improvement: tailor content, optimise features, fix issues, and enhance websites and apps (legitimate interests; consent where required).
• Analytics and reporting: measure performance, compile statistics using aggregated or de‑identified information (legitimate interests).
• Marketing: send communications based on consent or soft opt‑in; users can opt out at any time (consent/legitimate interests, in line with PECR).
• Compliance and disputes: meet regulatory reporting, audits, chargebacks, and legal claims (legal obligation; legitimate interests).

Processing is minimised and linked to a clear purpose. Retention is limited to what is necessary for those purposes and statutory timeframes.

Users can request access to personal information, seek correction of inaccurate details, or request deletion where appropriate. Requests can be made through account tools or by contacting the privacy team; identification may be requested to protect the account. Responses will be provided within one month wherever possible.

• Update: amend contact details and preferences in the account profile or by contacting support.
• Delete: request account closure and erasure. Certain records must be retained to meet legal duties (for example anti‑money laundering and gambling regulations) for defined periods.
• Restrict/object: limit processing or object to uses such as direct marketing.
• Portability: request eligible data in a portable format.

By using Spin My Win Casino, users consent to security checks and the processing of payment information by selected payment service providers to enable transactions and prevent fraud.

Access to the services is restricted to individuals aged 18 and over. The operator cannot confirm age without appropriate documents and may request verification before permitting deposits or gameplay.

If it is learned that a user is a minor, the account will be closed and personal data will be deleted where permitted by law. A parent or legal guardian may contact the operator to request deletion of a minor’s information and to assist with any related queries.

Personal data may be processed outside the United Kingdom in locations where trusted partners, processors, or group entities operate. Appropriate safeguards are applied, including UK adequacy regulations, the UK International Data Transfer Agreement or Addendum to Standard Contractual Clauses, and technical and organisational measures.

Using the site signifies consent to such transfers for the purposes described in this document. All partners handling personal information are required to maintain confidentiality and process data only on documented instructions and for legitimate purposes.

This notice may include disclaimers that qualify the scope or effect of certain rules where required by law, regulator guidance, or operational necessity. The disclaimer applies when the user accepts the privacy terms by signature (where applicable), by acceptance during registration, or by accession through continued use of the services.

If any term conflicts with applicable law or regulator requirements, those legal requirements prevail. Nothing in this notice limits statutory rights under data protection law.

Cookies are small files placed on a device by websites to store and retrieve information. Similar technologies (such as SDKs and pixels) may also be used. These tools help to:

• Compile statistics and measure performance.
• Analyse behaviour to improve user experience and services.
• Personalise content and remember preferences.
• Enhance security and keep users signed in.

Non‑essential cookies are retained for up to 1 year. Consent for non‑essential cookies is obtained via the cookie banner and settings, and can be withdrawn at any time. Essential cookies are required for the site to function; browser settings can manage cookies, but some features may not work without them.

Use of the site or services constitutes full acceptance of this privacy policy. The current version published on the website prevails over any previous versions. Material updates will be posted, and continued use after an update indicates acceptance of the revised document.

Personal data may be shared where necessary to provide services, comply with law, resolve disputes, or enforce agreements. Typical recipients include payment processors and banks, identity and age verification providers, fraud prevention agencies, analytics and cloud hosting providers, customer support platforms, marketing service providers, auditors, regulators (including the UK Gambling Commission), law enforcement, and dispute resolution bodies.

If specific partners are not listed on the website, users will be informed of the purpose and scope at or before sharing where lawful and feasible. Providing data constitutes consent to processing by those providers for the stated purposes and in line with their privacy practices. All recipients are bound by contracts and confidentiality obligations.

The site may include links to third‑party websites or applications that have their own privacy policies. Spin My Win Casino is not responsible for how those sites collect, use, or disclose personal information. Users should review the relevant privacy notices and exercise caution when leaving this site.