Privacy Policy

Current version: November 27, 2025

AllwinUA Casino guarantees compliance with the highest standards of customer personal information protection. This document outlines the principles of collection, processing, storage and use of personal data in accordance with applicable legislation. Use of the platform means unconditional acceptance of these terms.

1. General Provisions of Data Processing

The operator undertakes to ensure confidentiality and security of user personal data. Information processing is carried out exclusively for service provision, payment security and regulatory compliance. Personal data is not transferred to third parties without legal grounds.

Basic processing principles:

Legitimacy — collection and processing carried out on legal grounds
Transparency — users informed about data use purpose
Adequacy — minimum necessary information volume collected
Accuracy — data maintained in accurate state
Limited retention period — information stored for established period
Security — protection from unauthorized access ensured

2. Categories of Data Collected

For platform operation and legislative requirements compliance, the following data categories are collected:

Identification Information

Full name
Date of birth
Gender
Passport data or other document
Identification code

Contact Information

Email
Mobile phone
Residential address
Registration address

Technical Information

IP address
Browser type and OS
Geographic location
Device characteristics
Session time and duration

Financial Data

Transaction history (deposits and withdrawals)
Betting and gaming activity history
Account balance
Partial payment card number

3. Legal Basis for Information Processing

Personal data processing is carried out on the following legal grounds:

Customer Consent

Account registration means providing consent for data processing according to this Policy. User can withdraw consent through support service.

Contract Performance

Processing is necessary for service provision, including game access, bet processing, financial transactions and account support.

Legal Requirements Compliance

Operator is obliged to process data for regulatory compliance, including identification procedures (KYC), anti-money laundering (AML) and counter-terrorism financing (CFT).

Legitimate Interests

Processing may be carried out for operator’s legitimate interests: fraud prevention, suspicious transaction detection, service quality improvement, customer behavior analysis.

4. Purpose of Personal Data Processing

Collected data is used for the following purposes:

Account creation and maintenance
Customer identity and age identification
Financial transaction processing
Gaming services operation
Illegal activities detection and prevention
Regulatory requirements compliance
Technical support provision
Information about promotions and new features
Service quality improvement
Dispute resolution

5. Payment Information Protection

AllwinUA Casino does not store full bank card numbers. Payment data is processed by certified systems complying with PCI DSS standard.

Payment protection measures:

SSL/TLS encryption for data transmission
Payment information tokenization
3D Secure protocol for additional verification
Transaction monitoring
PCI DSS Level 1 standard compliance

Only the first six and last four digits of card number are stored for payment method identification.

6. Identification Procedures

According to licensing requirements, the operator conducts customer identity verification. KYC procedure includes confirmation of:

Personal Data

Ukrainian citizen passport or ID card
International passport
Photo with document

Address Data

Utility bills (not older than 3 months)
Bank statements
Official government agency documents

Payment Methods

Banking app screenshot
Bank card photo
Transaction statement

During verification, temporary withdrawal restriction is possible. Document review period — up to 72 hours. Providing false data may result in account blocking.

7. Information Transfer to Third Parties

Personal data is not disclosed without legal grounds. Exceptions:

Payment Systems

Minimum financial information is transferred for transaction processing. Partners comply with PCI DSS standards.

Game Providers

Gaming content suppliers receive access to technical betting data. Personal information is not transferred.

Regulatory Bodies

Upon official request, operator provides information according to legislation.

Verification Services

Specialized services are used to verify document authenticity. All partners sign confidentiality agreements.

Analytics Systems

Anonymized technical data is transferred to analytics platforms for site improvement.

8. International Data Transfer

Due to global activities, data may be transferred and stored on servers outside Ukraine and EU. Operator ensures data protection through:

Standard contractual clauses
Selection of jurisdictions with adequate protection
Application of technical security measures
Periodic partner audits

Account registration means consent to international data transfer.

9. User Rights Regarding Personal Data

Users have the following rights:

Right to Access

Obtaining data processing confirmation and copy. Request processing period — 30 days.

Right to Rectification

Correction of inaccurate or incomplete information. Part of data can be changed independently, others require support appeal.

Right to Erasure

Personal data deletion under certain conditions. Operator retains part of information according to law.

Right to Restriction of Processing

Temporary data processing restriction, for example, during information accuracy verification.

Right to Portability

Obtaining data in structured format for transfer to another operator.

Right to Object

Objection to data processing for direct marketing or on basis of operator’s legitimate interests.

Right to Withdraw Consent

Withdrawal of data processing consent. This does not affect lawfulness of previous processing.

Right to Complaint

Appeal to regulator or court in case of rights violation.

To exercise rights, contact support service: [email protected]

10. Data Retention Periods

Data is retained for necessary period:

Data Category	Retention Period
Identification data	5 years after account closure
Transaction history	7 years (AML/CFT requirements)
Betting history	5 years for dispute resolution
Verification documents	7 years after last verification
Technical logs	12 months for security analysis
Marketing data	Until consent withdrawal

After period expiration, data is deleted or anonymized. Anonymized data may be retained for statistics.

11. Security Measures

The following measures are applied to protect data:

Technical Measures

SSL/TLS encryption for data transmission
Database data encryption (AES-256)
Multi-level network protection
Regular software updates
Intrusion detection systems
Two-factor authentication
Backup
Security monitoring

Organizational Measures

Access control policy
Staff training
Confidentiality agreements
Incident response procedures
Security audit
Access logs
Physical server security

12. Marketing Communications

AllwinUA Casino adheres to responsible marketing. Mailings contain information about account, new features, promotions and bonuses.

Message Types

Transactional — transaction confirmations, account changes
Informational — terms updates, important announcements
Marketing — promotions, bonuses, new games (with consent)
Reminders — incomplete actions, account inactivity

Marketing mailing frequency — up to 3 emails per day. Mailing opt-out available through “Unsubscribe” link or support service.

Transactional and informational messages sent regardless of marketing settings.

13. Cookies and Tracking

Cookie Definition

Cookies are text files stored on user’s device. They ensure platform operation, improve experience and help analyze site.

Cookie Types

Type	Purpose	Period
Necessary	Basic functionality: login, protection, navigation	Session or up to 1 year
Functional	Settings: language, currency, interface	Up to 2 years
Analytics	Anonymized statistics for site improvement	Up to 2 years
Marketing	Behavior tracking for advertising	Up to 1 year

Third-Party Cookies

Platform uses third-party services:

Google Analytics — traffic analysis
Advertising networks — personalized advertising
Payment systems — transaction processing
Game providers — game functionality

These parties have own privacy policies.

Cookie Management

Users can manage cookies through browser settings. Blocking necessary cookies may limit site functionality.

14. Winnings Confidentiality

Information about winnings and financial transactions is confidential. Data is not disclosed, except in cases of:

Official regulator request
Law enforcement requirement
Transfer to payment provider
Public announcement with winner’s consent

Betting and transaction history is stored in secure environment. Staff has limited access to financial information.

15. Policy Changes

Operator may make changes to Policy. Users will receive notification 30 days before significant changes.

Last revision date is indicated at document beginning. Continued platform use means acceptance of updated Policy.

It is recommended to periodically review document to familiarize with current information.

16. Contacts

For data protection questions and rights exercise, contact:

Email: [email protected]
Online chat on platform (24/7)
Email subject: “Personal Data Protection”

Response to requests provided within 30 days. For complex requests, period may be extended.

Legal address: AllwinUA Gaming Limited, Suite 45, Portland House, Glacis Road, Gibraltar, GX11 1AA

License: № 2847/JAZ, issued by Curaçao Gaming Commission

Website is managed by AllwinUA Gaming Limited (trading as “AllwinUA Casino”), registered in Gibraltar (registration number 58492). AllwinUA Gaming Limited is licensed as online gambling operator in Curaçao under license number 2847/JAZ.