Prestige Spin Casino UK Privacy Policy – Your Data Protection & Security

Prestige Spin acts as the data controller for user information in the United Kingdom.

Types of personal data collected

• Identity and age verification data: name, date of birth, nationality, identity document details, self-exclusion status.
• Contact details: email address, phone number, residential address.
• Account and usage data: username, hashed credentials, settings, interaction logs, gameplay and bet history, responsible gambling limits.
• Financial and transaction data: payment method identifiers, tokens from card or e-wallet providers, deposit and withdrawal records (no storage of full card numbers), IBAN where relevant.
• Compliance information: proof of address, source-of-funds and affordability information, due diligence outcomes, fraud and AML risk assessments.
• Technical data: IP address, device and browser type, operating system, app identifiers, cookies and similar technologies, approximate location for licensing compliance.
• Communications and preferences: support tickets, call recordings where permitted, marketing preferences.

Why this data is collected

• To create and manage accounts, provide online services, process transactions, and support users.
• To meet legal and regulatory duties (UK Gambling Commission rules, AML and counter-terrorist financing checks, affordability and safer gambling obligations).
• To prevent fraud, ensure security, and maintain platform integrity.
• To improve websites and apps through analytics and service optimisation.
• To send service messages and, where consent is given, marketing communications.

How information is protected

• TLS encryption in transit and strong encryption at rest for sensitive records.
• Strict access controls, role-based permissions, and multi-factor authentication for administrative consoles.
• Data minimisation, pseudonymisation where appropriate, and network segregation.
• Continuous monitoring, vulnerability management, and independent security assessments.
• Incident response and breach notification procedures.
• Payment processing through PCI DSS-certified providers.

User rights

Users have the right to access their data, request correction of inaccuracies, and request deletion where applicable. Additional rights include restriction of processing, portability, objection to processing (including profiling for direct marketing), and withdrawal of consent at any time when consent is the lawful basis. Users may lodge a complaint with the Information Commissioner’s Office.

Legal compliance

Processing complies with UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations, the Gambling Act 2005, the UK Gambling Commission Licence Conditions and Codes of Practice, and the Money Laundering Regulations 2017.

Processing is lawful, fair, and transparent, and limited to the purposes set out below.

• Account provision and customer service (contract): registering users, verifying identity, operating accounts, responding to enquiries.
• Payments and withdrawals (contract and legal obligation): processing deposits, payouts, chargebacks, and preventing payment misuse.
• Regulatory compliance (legal obligation and public interest): age checks, AML and counter-terrorist financing controls, affordability and safer gambling monitoring, record-keeping for audits.
• Security and fraud prevention (legitimate interests and legal obligation): device fingerprinting, risk scoring, access controls, incident management.
• Service improvement and analytics (legitimate interests): measuring performance, fixing issues, enhancing user experience on websites and apps.
• Personalisation (legitimate interests or consent): tailoring content and settings to user preferences.
• Marketing communications (consent or legitimate interests as permitted): sending offers or updates, subject to user choices and opt-outs.

Automated decision-making may be used for security, AML, and safer gambling interventions. Human review is available where required by law.

Users can access a copy of their personal data, request corrections, or ask for deletion where no legal ground requires retention. Requests may be submitted through Account Settings or by contacting the Data Protection Officer at [email protected].

• Verification: identity evidence may be required to safeguard accounts and information.
• Timeframes: responses are provided within one month, extendable by up to two further months for complex requests.
• Limits: some information must be retained for statutory periods (for example, AML and gambling regulation record-keeping) or to establish or defend legal claims.

By using the service, the user consents to security checks and the processing of payment information by authorised providers for transactions and fraud prevention, subject to applicable law.

The platform is intended for persons aged 18 or over. Age cannot be confirmed without suitable documents and checks. Any account found to belong to a minor will be closed and personal data deleted, subject to necessary retention for legal or regulatory purposes. Parents or guardians may contact [email protected] to request removal of information relating to a minor.

Personal information may be processed in other countries where service partners operate. Safeguards are used for international transfers, including adequacy regulations, the UK International Data Transfer Agreement, or the UK Addendum to EU Standard Contractual Clauses, together with transfer risk assessments. Partners are required to keep information confidential and secure. Use of the site constitutes consent to such transfers where consent is the appropriate lawful basis.

This policy forms part of the terms governing use of the services and may affect how rules apply in practice. Acceptance occurs when the user signs up, clicks to accept, or continues to use the services. Where this policy conflicts with mandatory law or regulatory conditions, those requirements take precedence. Nothing in this policy limits statutory consumer rights or obligations under gambling regulation.

Cookies are small text files stored on devices by websites to remember settings and measure usage. They are used for statistics, behaviour analysis, personalisation, security, and to improve the service. Essential cookies are required for the site to function. Analytics and advertising cookies operate only where permitted by law and user choices. Cookie retention is up to 1 year. Preferences can be managed via the cookie banner or browser settings in line with the Privacy and Electronic Communications Regulations.

Use of the services signifies full acceptance of this Privacy Policy. The latest published version applies to all processing. Continued use after changes indicates agreement to the updated terms, subject to users’ rights under data protection law.

Personal data may be shared where necessary with:

• Regulators, law enforcement, and dispute resolution bodies.
• Payment processors, banks, e-wallets, and open banking providers.
• Identity verification, fraud prevention, and AML screening services (including credit reference and sanctions screening agencies).
• Platform vendors, customer support tools, analytics, and cloud hosting providers under contract.
• Professional advisers and insurers.

A current list of key categories and purposes is made available on the site. If additional parties are engaged, users will be informed of the purpose and scope where required. Providing information constitutes consent for sharing where consent is the lawful basis; other sharing may occur on legal or contractual grounds.

The service may include links to other websites that have their own privacy policies. Prestige Spin is not responsible for how external sites collect or use information. Users should review the privacy notices of those sites and exercise caution when providing personal details.