Privacy Policy

Last updated: 22 October 2025

This Privacy Policy describes how the gaming website and apps (the “Platform”) collect and handle personal data. It follows EU GDPR and Dutch AVG/UAVG requirements with notes for gambling regulation (including Wwft and national self-exclusion rules). This page provides information, not legal advice.

You agree to this Policy by making an account, signing in, depositing, playing, contacting support, or using the Platform. If you have questions, use your account’s protected message center.

1) Who is responsible and what this covers

The “operator” of the Platform is the controller for personal data processed for account management, payments, risk checks, safer-play interventions, marketing (where applicable), and service improvement. Certain partners—such as game studios, payment providers, identity-verification partners, and analytics vendors—act as processors or independent controllers for parts of the processing described below. This Policy covers web, mobile web, and apps, and applies to registered users and visitors.

2) What data we collect

We collect only what is needed for the purposes described in Section 3. The categories include:

Information such as login credentials, language, preferences, permissions, mode of contact, and past complaints.

The following are aspects of the wallet and gameplay: balance, game titles, device currency, constraints, time-outs, wins, bonuses, cashback, limitations, and withdrawals.

Regarding payments, there are a few things to keep in mind: partial card/e-wallet IDs, the IBAN/tokenized method, method references, chargeback flags, and PSP risk signals.

Information technology: Internet Protocol (IP) address, device identifiers, operating system and browser versions, screen resolution, delay, crash and error logs, geolocation signals for compliance purposes, cookie IDs, referral data.

Indications of safer-play and AML include rapid redeposits, abrupt changes in stake, patterns of high-risk devices, and exclusion checks.

Marketing and analytics: attribution of campaigns, interactions between messages and banners, and settings for preference centers.

The outcomes of the review, as well as your messages and recordings (where permitted by local law), are backed up.

We do not intentionally collect special-category data (e.g., health, beliefs). If such data appears in free-text messages, we minimise and delete it where feasible.

3) Why we process data

Our GDPR legal basis is recognized. Contract necessity, legal requirement (Wwft and gambling regulation), justifiable interests (security, fraud prevention, service reliability), and consent (only for non-essential cookies and marketing) are the key ones.A compact map:

Purpose	Examples of processing	Legal basis
Account creation & access	age/identity checks, credentials, session security	Contract; Legal obligation (age)
Running games & wallet	show balance, settle rounds, pay winnings	Contract
Payments	accept deposits, process withdrawals, reverse/refund handling	Contract; Legal obligation (AML)
KYC/AML & safer play	identity/KYC, self-exclusion checks, affordability signals, risk scoring, record-keeping	Legal obligation (Wwft, gambling law); Legitimate interests (fraud/security)
Security & integrity	bot detection, abuse prevention, incident logs	Legitimate interests; Legal obligation (where applicable)
Analytics & product reliability	crash diagnostics, performance metrics	Legitimate interests
Marketing (optional)	email/push/on-site promos, segmentation within consent scope	Consent; Legitimate interests for service notifications
Compliance & disputes	audits, complaint handling, chargeback defence	Legal obligation; Legitimate interests
Cookies beyond strictly necessary	analytics/advertising cookies	Consent

4) Cookies and similar tech

Strictly necessary cookies keep you logged in, protect payments, and remember safety settings. These run without consent.
Functional/performance and analytics cookies help us fix crashes and improve speed.
Advertising cookies support measurement of opt-in campaigns.

You can manage non-essential cookies via the consent banner and your browser/device settings. Choices are remembered per browser and device; clearing cookies may reset preferences.

5) Safer-play, AML, and geolocation (Netherlands-specific notes)

Age & identity: We verify age before enabling real-money play or withdrawals.
Self-exclusion: Where a national register applies , we check it and must block access for the full exclusion period.
Duty of care: Behavioural signals may trigger tailored messages, temporary restrictions, time-outs, or self-exclusion guidance.
Wwft retention: KYC and transaction records are retained as required by law
Geolocation: We use network and device signals to determine if you are in a permitted location when law requires it; precise location is not retained longer than needed for compliance.

These measures are legal requirements or necessary to protect you and the integrity of the Platform.

6) Automated decisions and human review

A number of decisions are made automatically in order to safeguard players and ensure compliance with the law. These decisions include blocking players when a self-exclusion is active, rejecting KYC data that is manifestly incorrect, identifying high-risk payments, and enforcing session and time-out limits. Through the secure message center, you have the ability to submit a request for human review of a decision that will have substantial repercussions for you.

7) Who we share data with

We share personal data only with trusted recipients and only for the purposes in this Policy:

Payment service providers, banks, and payout partners.
KYC/AML partners for identity verification, sanctions/PEP screening, document checks, and affordability signals.
Game studios/platforms to run games and settle results
Analytics, anti-fraud, and security vendors to protect accounts and improve reliability.
Regulators or supervisory authorities where law requires reporting or audits.
Professional advisers for dispute handling and compliance.
Cloud/hosting providers that store or process data strictly under our instructions.

We do not sell player data to third parties for unrelated advertising.

8) International transfers

It is possible to protect data that is exported from the European Economic Area in a variety of different methods. Adequacy decisions, EU Standard Contractual Clauses, data minimization, stringent access limitations, and encryption both while the data is being sent and while it is not being sent are some of the measures that fall under this category. The message center is able to provide you with a summary of the protections that are applicable if you ask for it.

9) Your rights

Under GDPR/AVG, you can:

Access your data and obtain a copy.
Rectify inaccurate or incomplete data.
Erase data (right to be forgotten) where legal grounds apply.
Restrict processing in specific circumstances.
Object to processing based on legitimate interests and to direct marketing at any time.
Port data you provided in a structured, commonly used, machine-readable format.
Withdraw consent for non-essential cookies or marketing without affecting prior lawful processing.
Complain to your national data-protection authority; in the Netherlands this is the Autoriteit Persoonsgegevens.

We will respond within the statutory time limits. Certain rights are limited by gambling, AML, and security obligations (for example, we cannot erase records we must keep under Wwft).

10) How long we keep data (retention)

We keep data only as long as necessary for the purposes above or as required by law:

KYC/AML & payments (Wwft): typically 5 years after the end of the relationship or the date of the occasional transaction, whichever is later.
Transaction & tax records: 7–10 years where financial laws require.
Safer-play events (limits, time-outs, exclusions): for the protection period and a reasonable audit window thereafter.
Customer support threads & complaints: usually 2–5 years, depending on the subject matter.
Marketing consents and opt-outs: retained so we can honour your choices.
Cookies: per the expiry shown in the banner or your browser settings.

When retention ends, data is securely deleted or irreversibly anonymised.

11) Security

We use a lot of different security measures, such as encryption while data is being sent and stored, rigorous access rules, separating networks, restricting the rate of data transfer, finding unusual activity, and regular audits. We teach our employees about privacy and security, and we use least-privilege access

12) Children and vulnerable individuals

Real-money services require 18+. We verify your age before allowing cash features. We must terminate and erase data from under-18 accounts under law. Use built-in parental restrictions and hide your login details if you share devices with minors.

13) Marketing choices

You can receive marketing emails, push notifications, or on-site. Account settings allow you to change your preferences. You can opt out of direct marketing anytime. If you agree, we will stop marketing to you but may still send you policy changes, payment reminders, and security alerts.

14) Product analytics and personalisation

Analytics that incorporate data from multiple sources help us assess performance and solve issues. We can make material more personal by showcasing recent games you played, if you agree and it’s in your best interest. Turn off unnecessary analytics and advertising cookies under the consent banner. Cookies that measure essential security and dependability will remain.

15) Sources of data

Most of the information comes from you directly, such as when you sign up, do KYC, play games, make payments, or get help. We also get information from payment processors, identity verification services, game platforms, and public or private databases that are used to stop fraud, check for sanctions, and standardize addresses. When possible, we use internal activities (such session length and how often people redeposit) to figure out risk indicators.

16) Profiling for safety and compliance

“Profiling” is automated behavior analysis. We only use profiling to stop fraud, enforce self-exclusion, detect control loss, and meet AML obligations. Profiling can safeguard someone by requiring a time-out or extra inspections. If an important decision affects you, request an explanation and human review.

17) Changes to this Policy

If there is a change in the laws, rules, or features of the Platform, we may modify this Privacy Policy. There will be a notification sent to your account regarding significant updates.

18) How to exercise your rights or ask questions

You have the ability to raise questions, exercise your rights to privacy, or request a summary of the transfer protections whenever you use the secure message center that is included in your account. It is possible that, for reasons of security, we will require you to verify some facts before we take action on a request.