Privacy Policy – Total Casino UK

Data We Collect

When you register and use the Site, we may collect the following categories of personal data:

• Identity data – full name, date of birth, nationality
• Contact data – email address, phone number, residential address
• Financial data – payment method details, transaction history
• Technical data – IP address, browser type, device identifiers
• Usage data – pages visited, games played, session duration
• Verification data – copies of identity documents submitted for KYC/AML purposes

Legal Basis for Processing

We only process your personal data where we have a lawful basis to do so under UK GDPR Article 6. The bases we rely on are:

• Contract performance – to create and manage your account and process transactions
• Legal obligation – to conduct AML checks, age verification, and regulatory reporting to the UKGC
• Legitimate interests – to detect fraud, improve services, and ensure platform security
• Consent – for direct marketing communications, which you may withdraw at any time

Cookies & Tracking

We use cookies and similar technologies to operate the Site, remember your preferences, and analyse traffic. Strictly necessary cookies are always active; all other cookie categories (analytics, marketing) require your explicit consent, which you can manage via our cookie consent banner or account settings. You may withdraw consent at any time without affecting the lawfulness of prior processing.

How We Use Your Data

Your personal data is used to provide and improve our services, comply with regulatory requirements, detect and prevent fraud, and (where you have opted in) send you relevant marketing. We do not sell your personal data to third parties. From May 2025, all marketing communications require explicit, product-specific opt-in consent in line with updated UKGC marketing rules.

Data Sharing & Third Parties

We may share your data with selected third parties only where necessary:

• Payment processors – to handle deposits and withdrawals securely
• KYC/AML providers – for identity verification and fraud prevention
• UKGC and other regulatory authorities – as required by law
• IT infrastructure and security providers – operating under strict data processing agreements

All third-party processors are contractually bound to handle your data in accordance with UK GDPR.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Account data is retained for a minimum of five years after account closure to meet AML and regulatory obligations. Where retention is no longer justified, data is securely deleted or anonymised.

Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

• Right of access – request a copy of the data we hold about you
• Right to rectification – ask us to correct inaccurate data
• Right to erasure – request deletion of your data (subject to legal obligations)
• Right to restrict processing – limit how we use your data
• Right to data portability – receive your data in a structured, machine-readable format
• Right to object – object to processing based on legitimate interests or for direct marketing

Security

We implement industry-standard technical and organisational security measures to protect your data from unauthorised access, loss, or disclosure. These include SSL/TLS encryption for all data in transit, secure servers, access controls, and regular security audits. In the event of a data breach that poses a risk to your rights, we will notify you and the ICO within 72 hours as required by UK GDPR.

Contact & Complaints

To exercise any of your rights or for data protection enquiries, contact our Data Protection Officer at: [email protected]. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.