SpinBoss Casino – Privacy Policy
SpinBoss Ltd is the data controller for personal information you provide. This policy explains what we collect, why and your rights under UK GDPR.
Return to SpinBoss to explore our full range of games, promotions and tools.
Information We Collect
Identity and contact data, financial and transaction data, technical data (IP address, device, browser), usage data and marketing preferences.
How We Use It
- To operate your account and process deposits and withdrawals.
- To verify your identity in line with our AML policy.
- To provide support, fraud prevention and responsible gaming.
- To send marketing communications where you have consented.
Lawful Basis
Performance of contract, legal obligation, legitimate interest and consent (for marketing).
Data Sharing
We share data with payment providers, KYC verification partners, game suppliers and regulators when required by law. We never sell your data.
Security
All traffic is encrypted with 256-bit SSL. Sensitive data is encrypted at rest and access is restricted on a need-to-know basis.
Your Rights
Access, rectification, erasure, restriction, portability, objection and withdrawal of consent. Contact us at dpo@spinbosscasino.org.uk.
Cookies
We use essential and analytics cookies. You can manage preferences in your browser settings.
Cookie Categories in Detail
| Category | Purpose | Lifetime | Consent |
|---|---|---|---|
| Strictly necessary | Login session, security, fraud prevention. | Session – 30 days | Always on |
| Functional | Language, currency, recently played games. | 90 days | Opt-in |
| Analytics | Page views, performance, A/B testing. | 12 months | Opt-in |
| Marketing | Personalised promotions, attribution. | 12 months | Opt-in |
Data Retention Schedule
| Data | Retention | Reason |
|---|---|---|
| KYC documents | 5 years post-relationship | Money Laundering Regulations 2017 |
| Transaction records | 7 years | UK tax law & LCCP |
| Marketing preferences | Until withdrawn | PECR consent |
| Self-exclusion records | 6 years post-exclusion | UK regulatory best practice |
| Customer support tickets | 2 years | Service quality & dispute resolution |
International Data Transfers
Personal data is processed in the UK and the European Economic Area. Where we use service providers based outside these regions (for example, customer-support tooling hosted in the US), transfers are protected by the UK International Data Transfer Agreement and the EU Standard Contractual Clauses, supplemented by transfer impact assessments where required.
Marketing Communications
We will only send marketing emails or SMS where you have given explicit, opt-in consent at registration or in your account settings. You can withdraw consent at any time using the unsubscribe link in any message or by adjusting your preferences. Withdrawal does not affect transactional emails (for example, withdrawal confirmations) which we are required to send.
Children's Privacy
SpinBoss services are strictly for adults aged 18+. We do not knowingly collect personal data from anyone under 18. If we discover we have inadvertently done so, we will delete it immediately and refund any deposits made.
Automated Decision Making
We use automated systems for fraud detection, transaction monitoring, and responsible-gambling risk scoring. These systems support human decision making but never replace it for outcomes that significantly affect you (for example, account closure or withdrawal blocking). You have the right to request human review of any automated decision.
Exercising Your Rights
You can submit any data-rights request — access, rectification, erasure, restriction, portability, objection — by emailing dpo@spinbosscasino.org.uk. We aim to respond within 30 days. If you are not satisfied with our handling of your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
Changes to This Policy
We will notify you of material changes to this policy by email at least 30 days in advance. The current version date is published at the top of this page.
Frequently Asked Questions
Do you sell my data?
No. SpinBoss does not sell, rent, or lease personal data to third parties.
How do I download my data?
Submit a Data Subject Access Request to dpo@spinbosscasino.org.uk. We will provide a machine-readable export within 30 days.
How is my password stored?
Passwords are stored as salted bcrypt hashes and are never visible to staff.
See also our terms and conditions, AML policy, responsible gaming page, the bonus terms, and our contact details.
See also our terms and conditions and contact details.