Privacy notice overview

The platform acts as data controller for personal data processed to provide the services. The following information may be collected to operate the account, comply with law, and manage risk:

• Identity and contact details: full name, date of birth, address, email, phone number.
• Verification and compliance data: identity documents, proof of address, age and identity check results, sanctions and PEP screening outcomes.
• Account and gaming information: username, responsible gambling settings, self-exclusion status, session information, bet and game history.
• Transactions and payments: deposit and withdrawal records, instrument type, masked card or account identifiers, chargeback records.
• Device and usage data: IP address, device identifiers, browser type, language, access times, log data, cookies.
• Communications and preferences: records of support interactions, marketing preferences, consent records.

Purposes for collection include service delivery, payments, customer support, verification, fraud prevention, responsible gambling measures, analytics, and regulatory compliance.

Technical and organisational measures are applied to protect personal data, including:

• Transport layer encryption (TLS) and encryption at rest where appropriate.
• Role-based access controls, multi-factor authentication for staff, and least-privilege access.
• Network segregation, firewalls, monitoring, and incident response procedures.
• Vendor due diligence, contractual safeguards, and regular training for personnel.
• Data minimisation, pseudonymisation where feasible, and audit logging.

Users have the following rights under UK GDPR and the Data Protection Act 2018:

• Access to personal data, and to request a copy.
• Rectification of inaccurate or incomplete data.
• Erasure of data, subject to legal retention requirements.
• Restriction or objection to certain processing.
• Data portability in a structured, commonly used format.
• Withdrawal of consent at any time for processing based on consent.
• The right to lodge a complaint with the Information Commissioner’s Office (ICO).

To exercise rights, submit a request through the account area or via the usual support channels. The operator will respond within one month, subject to identity verification.

Data is retained only as long as necessary for the purposes described. Where gambling, financial crime, and accounting rules apply, some records are kept for at least five years under UK law. The platform complies with UK GDPR, the Data Protection Act 2018, the Gambling Commission’s Licence Conditions and Codes of Practice, and applicable anti-money laundering regulations.

Processing is lawful, fair, and transparent. Main uses and legal bases include:

• Account setup and service delivery: creating and managing an account, enabling gameplay and bets, and providing customer support. Lawful basis: contract.
• Payments and withdrawals: processing transactions and handling billing queries. Lawful bases: contract and legal obligations.
• Verification and compliance: age and identity checks, sanctions screening, affordability and risk assessments, reporting to regulators. Lawful basis: legal obligations.
• Responsible gambling: monitoring activity to apply limits, time-outs, and self-exclusion tools. Lawful bases: legal obligations and public interest in safeguarding.
• Security and fraud prevention: monitoring, detecting, and investigating fraud or misuse. Lawful bases: legitimate interests and legal obligations.
• Analytics and service improvement: quality assurance, troubleshooting, and usability analysis using aggregated or pseudonymised data where possible. Lawful basis: legitimate interests.
• Marketing communications: sending updates by email, SMS, or in-product messages where consent is granted or where soft opt-in applies under PECR. Users may opt out at any time.
• Cookies and similar technologies: analytics, personalisation, and performance based on consent settings.

Personal information is not sold. Any optional processing based on consent can be withdrawn at any time without affecting services that rely on other lawful grounds.

Users can access or update most account information in the account settings. For other requests, a data subject request can be submitted through support. A response will be provided within one month, subject to identity verification.

• Correction: inaccurate or incomplete data will be updated.
• Deletion: data will be erased where there is no lawful need to retain it. Some records must be kept for legal, regulatory, or dispute purposes.
• Copies: a copy of personal data can be requested in a commonly used format.

By using Sweety Win Casino, the user consents to security checks, identity verification, and payment data processing by payment service providers and verification partners for the purposes described. The operator may request documents to confirm identity or source of funds where required by law.

The services are intended for adults aged 18 or over. The operator does not knowingly collect data from minors.

• Age verification is required for gambling services and may involve checks against third-party databases or review of documents.
• The operator cannot confirm age in all cases without documents provided by the user.
• If information is received that a minor has used the services, the account will be closed, the data will be deleted where lawful, and any parent or legal guardian may request deletion via support.

Personal data may be processed in other countries where service providers or group companies operate. By using the site, the user consents to these transfers for the purposes set out in this notice.

To protect information during international transfers, appropriate safeguards are used:

• UK adequacy regulations where recognised.
• The UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.
• Technical measures such as encryption and strict access controls.

All recipients are required to keep the data confidential and to process it only for the documented purposes.

This notice may include disclaimers that limit or clarify how rules apply. Such disclaimers form part of the agreement between the user and the operator.

The notice takes effect when the user accepts it by creating an account, ticking an acceptance box, continuing to use the services, or providing an electronic signature or similar accession. Where any term conflicts with mandatory law, the mandatory law prevails.

Cookies are small files saved on a device that help websites remember a user and understand how the site is used. The platform uses cookies and similar technologies for:

• Statistics and analytics to understand usage and improve performance.
• Behaviour analysis to prevent fraud and enhance user experience.
• Personalisation of settings and content.
• Site improvement and troubleshooting.

Non-essential cookies are retained for up to 1 year unless removed earlier. Users can manage consent through the cookie banner and browser settings. Blocking some cookies may affect site functionality. Third-party cookies set by trusted providers are governed by their own policies.

Use of the services constitutes full acceptance of this Privacy Policy. The version published on this page is the controlling document. Continued use after changes indicates acceptance of the updated version.

Personal data may be shared in limited cases:

• Service providers under contract, such as payment processors, identity verification vendors, fraud prevention partners, hosting providers, analytics services, and communications platforms.
• Public authorities, regulators, courts, and law enforcement where required by law or to defend legal claims.
• Dispute resolution bodies, auditors, and advisors.
• Corporate transactions such as merger, acquisition, or reorganisation, subject to confidentiality.

A list of key processors is available on the site or on request. If a new category of third party is engaged for a new purpose, the user will be informed of the purpose and scope in advance unless prohibited by law. Providing personal data to the operator constitutes consent to share it for the stated purposes, in addition to other lawful bases set out in this notice.

The site may contain links to external websites that are not controlled by the operator. Those websites have their own privacy policies and practices. The operator is not responsible for how external sites use or protect personal data. Users should review the privacy information provided on those sites and proceed with care.