Slots Shine Privacy Policy

Slots Shine processes personal data so that it can provide licensed gambling services, meet legal duties, and protect users and the platform.

Types of personal information collected

The operator may collect and process:

• Identification information: name, date of birth, gender, nationality, and similar details
• Contact information: residential address, email address, telephone number
• Account details: username, passwords, security questions, account preferences
• Verification data: copies of identity documents, proof of address, source of funds or source of wealth documents, and any information supplied for due diligence
• Financial and transaction data: payment card details (handled via payment providers), bank account information, deposits, withdrawals, betting and gaming history
• Technical and device data: IP address, browser type, operating system, device identifiers, access times, log files
• Usage data: pages visited, time spent on pages, interaction with games, bets placed, responsible gambling tools used
• Communication data: records of emails, chats, messages, and calls with customer support
• Compliance and risk data: results of sanctions and politically exposed person checks, fraud risk assessments, safer gambling assessments

The operator collects information directly from the user, through use of the website and mobile versions, and from third-party service providers such as identity verification and payment providers.

Purposes of collection and lawful bases

Personal data is collected and used for:

• Creating and managing user accounts
• Providing gambling services and processing transactions
• Carrying out age verification, identity checks, and affordability assessments
• Meeting legal and regulatory duties under United Kingdom gambling and anti-money laundering laws
• Detecting and preventing fraud, money laundering, terrorist financing, and other unlawful activity
• Supporting safer gambling and monitoring for signs of gambling-related harm
• Responding to queries, complaints, and disputes
• Improving online services, products, and user experience
• Producing aggregated statistics and analytics that do not identify individual users

Slots Shine relies on several lawful bases under UK GDPR, including:

• Performance of a contract, to operate the user account and provide requested services
• Compliance with legal obligations, including those set by the Gambling Commission and financial crime regulations
• Legitimate interests, such as network and information security, fraud prevention, and service improvement, balanced against user rights
• Consent, for example for certain categories of marketing communications and specific optional cookies

Technical and organisational security measures

The operator applies appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or loss, such as:

• Encryption of data in transit and, where appropriate, at rest
• Network security tools including firewalls and intrusion detection
• Role-based access controls and authentication procedures
• Secure configuration and patching of systems and servers
• Regular security monitoring, logging, and review
• Staff training on confidentiality and data protection duties
• Due diligence and contractual safeguards for suppliers who process information on behalf of the operator

No online service can guarantee absolute security, but proportionate measures are maintained and reviewed regularly in line with industry standards and legal requirements.

User data protection rights

Under UK GDPR and UK data protection law, users have a range of rights regarding their personal information, subject to certain limits and conditions:

• Right of access: to request a copy of personal data held and information about how it is processed
• Right to rectification: to ask that inaccurate or incomplete data is corrected
• Right to erasure: to request deletion of personal data in certain circumstances, for example where it is no longer needed for the purposes for which it was collected and no legal obligation requires its retention
• Right to restriction: to ask for processing to be limited while accuracy or legal basis is being reviewed
• Right to object: to object to processing based on legitimate interests and to direct marketing
• Right to data portability: to receive certain information in a structured, commonly used format and to request that it is transmitted to another controller, where technically feasible
• Right to withdraw consent: where processing is based on consent, users may withdraw that consent at any time, without affecting the lawfulness of prior processing

Requests can be made using the contact details provided in the privacy section of the website. Identification may be requested to ensure data is provided to the correct individual.

Compliance in the United Kingdom

Slots Shine processes personal data in accordance with:

• The UK General Data Protection Regulation (UK GDPR)
• The Data Protection Act 2018
• Applicable guidance from the Information Commissioner’s Office (ICO)
• Requirements under the Gambling Act 2005 and licence conditions and codes of practice set by the Gambling Commission

If a user believes their data protection rights have been infringed, they have the right to lodge a complaint with the ICO in the United Kingdom, or with their local supervisory authority if they live outside the United Kingdom.

Slots Shine uses personal information only for specified, explicit, and legitimate purposes, and does not process data in a way that is incompatible with those purposes.

Account management and provision of services

Personal information is used to:

• Create and administer user accounts and profiles
• Verify identity and age before allowing access to gambling services
• Enable deposits, bets, gameplay, and withdrawals
• Maintain accurate records of transactions, balances, bonuses, and betting history
• Provide customer support and respond to questions or complaints

This is mainly based on the performance of a contract and compliance with regulatory duties.

Payments and financial operations

The operator processes limited financial data, while using regulated payment service providers to handle payment card and bank information. Personal data is used to:

• Process deposit and withdrawal requests
• Authenticate and confirm payments
• Monitor for unusual or suspicious financial patterns
• Satisfy anti-money laundering and counter-terrorist financing requirements

Service quality, analytics, and improvements

Usage, technical, and analytics data are used to:

• Monitor performance of the website and mobile channels
• Diagnose technical problems and maintain service reliability
• Analyse user behaviour in aggregate to improve game offering and layout
• Test and develop new features and responsible gambling tools

Where possible, data is aggregated or pseudonymised so that individual users are not identified.

Marketing communications

Slots Shine may use contact information and account data to send:

• Service messages required to run the account, such as changes to terms, policy updates, or information about significant service interruptions
• Marketing communications about products, promotions, or new services, where permitted by law and subject to user preferences

Users can opt out of direct marketing at any time through account settings or by following the instructions in the messages. Even if marketing preferences are updated, service messages that relate to the use of the account will still be sent.

Legal, regulatory, and risk management purposes

Personal information is processed to:

• Comply with duties imposed by the Gambling Commission and other competent authorities
• Carry out customer due diligence, ongoing monitoring, and source of funds checks
• Detect, investigate, and prevent fraud, misuse, or other criminal activity
• Enforce terms and conditions and protect the integrity of games and betting markets
• Handle complaints, disputes, chargebacks, and legal claims

Processing is conducted in a manner that is fair, lawful, and transparent. Records are kept only for as long as needed to meet contractual, legal, and regulatory requirements, or to resolve disputes.

Users have control over much of the personal information stored in their accounts and can manage certain details directly.

How users can access and update personal data

Users can typically access and amend basic account information by logging into their account, where they may:

• View key personal details and contact information
• Update certain fields, such as contact details, subject to security checks
• Review transaction history, betting records, and account activity

For information that cannot be edited directly, users may contact customer support or the data protection contact point indicated on the website. The operator may require identity verification before processing such requests.

Requests for correction, deletion, and restriction

Users may request:

• Correction of inaccurate, incomplete, or outdated personal data
• Deletion of data where it is no longer required for the purposes for which it was collected and there is no legal or regulatory obligation to keep it
• Restriction of processing while a request for correction or an objection is being considered

There are circumstances in which the operator is legally required to retain certain records, such as:

• Anti-money laundering and counter-terrorist financing rules
• Gambling Commission licence conditions and reporting obligations
• Accounting and tax record rules

In such cases, deletion requests may not be fully granted, but data use may be limited to essential legal purposes.

Security checks and payment information

By using the services, creating an account, or making a transaction, users consent to:

• Security checks that may involve identity verification, age verification, sanctions screening, affordability assessments, and fraud prevention checks
• Processing of payment and transaction information by the operator’s payment providers, card schemes, banks, and other regulated financial institutions

These security checks may include matching information provided by the user against information from third-party databases and credit reference agencies, in line with applicable law. Such processing helps ensure lawful and responsible operation of the gambling services and protection of both users and the operator.

The gambling services are intended only for persons aged 18 or over.

• Registration, verification, and access processes are designed for adults who can lawfully engage in gambling in the United Kingdom.
• The operator does not knowingly collect or process personal information from anyone under the age of 18.

Without official documents or reliable verification sources, it is not possible to confirm a user’s age in all circumstances. For this reason, age verification checks are carried out using identity documents and trusted verification tools.

If it is discovered that a user is under 18, the account will be closed as soon as reasonably possible and:

• All personal data relating to that account will be deleted, anonymised, or retained only where there is a strict legal obligation
• Any wagers will be handled in accordance with legal and regulatory guidance

Parents or legal guardians who believe that their child has provided personal information or created an account should contact the operator immediately using the contact details on the website. After verifying the requester, reasonable steps will be taken to locate and remove the minor’s data, unless retention is required by law.

To provide reliable online services, personal information may be stored or processed in locations outside the United Kingdom.

This can occur when:

• The operator uses service providers, cloud hosting, or technical support based in other countries
• Payment processors, identity verification services, and fraud prevention partners operate from or store data in other jurisdictions
• Group companies or carefully selected partners handle support, analytics, or back-up services in different regions

By using the website and services, users acknowledge and consent to the transfer and processing of their personal data outside the United Kingdom, where permitted by law.

When information is transferred internationally, the operator takes steps to ensure an equivalent level of protection, including:

• Using countries that have been recognised as providing an adequate level of data protection
• Putting in place appropriate safeguards such as UK-approved standard contractual clauses
• Ensuring that partners and processors are bound by confidentiality duties and data protection obligations

All partners who process personal information on behalf of the operator are required to handle that data securely, lawfully, and in line with this Privacy Policy and applicable data protection laws.

This Privacy Policy sets out how personal data is collected, used, shared, and protected, but it does not create rights or duties beyond those required by applicable law and the contractual relationship between the user and the operator.

The operator may include legal disclaimers that clarify or limit liability or responsibility in certain situations, for example in relation to:

• Availability and performance of the website and online services
• Accuracy of information where it is obtained from third parties
• Actions taken to meet legal or regulatory obligations

Such disclaimers may, to the extent permitted by law, affect how the rules in this Policy apply in individual cases. The Privacy Policy, including any legal disclaimers, applies from the moment the user indicates acceptance, for example by:

• Creating an account or continuing to use the website after being notified of the Policy
• Clicking to confirm agreement to terms and conditions that reference this Policy
• Otherwise signalling consent or accession in line with the procedures on the website

In the event of a conflict between this document and mandatory provisions of law, the provisions of law will prevail.

Cookies are small text files that are stored on a computer, mobile, or other device when a user accesses the website.

Slots Shine uses cookies and similar technologies for several purposes, including:

• Essential operation: to enable the website, login process, and core account functions
• Statistics and measurement: to compile anonymous or aggregated statistics about how the website is used
• Behaviour analysis: to understand how users navigate pages, interact with games, and use features, in order to improve usability and layout
• Personalisation: to remember preferences such as language, settings, and previously used features
• Performance and security: to protect accounts and detect misuse or technical issues

Cookies are stored for a limited period. Unless a shorter or longer period is required for a particular purpose or by law, cookies are not kept for more than 1 year from the date they are set or last updated.

Most web browsers allow users to manage cookies through settings, including:

• Accepting or rejecting all cookies
• Deleting existing cookies from the device
• Setting alerts before cookies are stored

Rejecting certain cookies may affect how the website functions, and some services may not be fully available without essential cookies.

Further information about the types of cookies used and options for managing them is provided in the separate cookies documentation, where applicable.

By accessing the website or using the casino and sportsbook services, the user confirms that they have read, understood, and fully accept this Privacy Policy.

If a user does not agree with any part of this Policy, they should stop using the website and services. Continuing to access or use the services after changes have been made to the Policy will be treated as acceptance of the updated version.

The Policy that is published on the website at the time of use is the version that applies. If there is any difference between a previous version and the version currently displayed, the current version prevails and governs how personal data is collected, processed, and protected.

Slots Shine may share personal information with third parties in limited and controlled circumstances, such as when this is required by law, necessary to provide services, or appropriate to protect legitimate interests.

Types of third parties

Personal data may be disclosed to:

• Regulatory and law enforcement authorities when required under applicable law or regulatory rules
• The Gambling Commission and other governmental bodies in connection with compliance, reporting, safer gambling, and investigations
• Payment service providers, banks, card schemes, and financial institutions that process deposits, withdrawals, and related transactions
• Identity verification providers, fraud prevention agencies, and credit reference agencies
• Professional advisers, such as legal, financial, or compliance consultants, where reasonably needed
• Technology and hosting providers that support the operation, maintenance, and security of the website and systems
• Other parties involved in a dispute, complaint, chargeback, or legal claim, where disclosure is necessary to establish, exercise, or defend legal rights

Where the website lists specific partners or third parties, those lists describe the main categories and, where possible, the purposes for which data is shared. If an unlisted third party must be used, users will be informed of the purpose and scope where reasonably practical and not restricted by law.

By providing personal data and using the services, users consent to the sharing of their information with such third parties for the purposes explained in this Policy and in the terms and conditions. All third parties that process information on behalf of the operator are subject to confidentiality and data protection obligations and may only use the data as instructed.

The website may contain links to third-party websites, applications, or services that are not operated or controlled by the operator.

When a user follows a link to another site, any personal information provided on that site is subject to the privacy policy and data handling practices of that third party. The operator:

• Does not manage and is not responsible for how external sites collect, use, or protect personal information
• Cannot guarantee that third-party content is accurate, complete, or up to date

Users are encouraged to:

• Read the privacy policies and terms of use of any external websites they visit
• Review how those sites collect and use personal data, and what choices and rights are provided

Use of external websites is at the user’s own discretion and risk.