Basswin

REGISTRATION

Privacy Policy

This Privacy Policy governs the collection, processing, storage, and protection of personal data by our online gaming platform operating under UK jurisdiction. We are committed to safeguarding your privacy in accordance with the Data Protection Act 2018, UK General Data Protection Regulation (UK GDPR), and other applicable data protection legislation. This policy explains how we handle your personal information when you access our gaming services, create accounts, make transactions, or interact with our platform in any capacity. By using our services, you acknowledge that you have read, understood, and agree to the practices described in this policy.

1. Data Controller and Legal Framework

We operate as the data controller for all personal information collected through our gaming platform. Our data processing activities are governed by UK data protection laws, including the Data Protection Act 2018 and UK GDPR. We maintain registration with the Information Commissioner’s Office (ICO) and adhere to their guidance on data protection best practices. Our commitment extends to implementing appropriate technical and organisational measures to ensure data security and compliance with regulatory requirements. We regularly review and update our data protection procedures to maintain the highest standards of privacy protection for our users.

All data processing activities are conducted with a lawful basis as defined under UK GDPR Article 6. We ensure that any international data transfers comply with adequacy decisions or appropriate safeguards as required by UK data protection legislation. Our legal team continuously monitors changes in data protection law to ensure ongoing compliance and protection of user rights.

2. Types of Personal Data Collected

We collect various categories of personal data necessary for providing our gaming services, ensuring regulatory compliance, and maintaining platform security. The following table outlines the primary types of data we collect:

Data CategoryData TypesCollection Method
Identity InformationFull name, date of birth, nationality, government-issued ID numbersAccount registration, KYC verification
Contact DetailsEmail address, postal address, telephone numberRegistration forms, profile updates
Financial InformationPayment method details, transaction history, banking informationDeposit/withdrawal processes, payment processing
Technical DataIP address, device information, browser data, login timestampsAutomatic collection during platform use
Gaming ActivityGame preferences, betting patterns, session duration, winnings/lossesPlatform interaction, game participation
Communication RecordsSupport tickets, live chat transcripts, email correspondenceCustomer service interactions

We also collect data through cookies and similar tracking technologies to enhance user experience and maintain platform functionality. This includes session cookies for account security, preference cookies for personalised settings, and analytics cookies for service improvement purposes.

3. Purposes and Legal Basis for Data Processing

We process personal data for specific, legitimate purposes with appropriate legal basis under UK GDPR. Our primary processing purposes include account management, regulatory compliance, fraud prevention, customer support, and service improvement. Each processing activity is conducted with one or more of the following legal bases: contractual necessity, legal obligation, legitimate interests, or explicit consent where required.

Account creation and management require processing of identity and contact information to establish and maintain user accounts, verify age and identity, and facilitate secure access to our services. Financial data processing is essential for payment processing, transaction monitoring, and compliance with anti-money laundering regulations. We process gaming activity data to provide personalised services, detect unusual patterns, and maintain responsible gambling measures.

  • Contract performance for service delivery and account management
  • Legal compliance including KYC, AML, and regulatory reporting requirements
  • Legitimate interests for fraud prevention, security monitoring, and service improvement
  • Consent for marketing communications and non-essential cookies
  • Vital interests for protecting users from gambling-related harm

4. Data Sharing and Third-Party Disclosure

We share personal data with carefully selected third parties only when necessary for service provision, legal compliance, or legitimate business purposes. All data sharing arrangements are governed by comprehensive data processing agreements that ensure recipient compliance with UK data protection standards. We conduct due diligence on all third-party processors to verify their data protection capabilities and compliance status.

Primary data sharing occurs with payment processors for transaction handling, identity verification services for KYC compliance, and regulatory bodies as required by gambling legislation. We also share data with technology service providers who support our platform infrastructure, security monitoring, and customer support systems. In all cases, we ensure that recipients process data only for specified purposes and implement appropriate security measures.

  • Payment service providers for processing deposits and withdrawals
  • Identity verification services for regulatory compliance
  • UK Gambling Commission and other regulatory authorities as legally required
  • Law enforcement agencies when compelled by legal process
  • Professional advisors including legal, accounting, and consulting services
  • Technology partners providing essential platform services

5. International Data Transfers

When transferring personal data outside the United Kingdom, we ensure appropriate safeguards are in place to protect your information. All international transfers comply with UK GDPR requirements through adequacy decisions, Standard Contractual Clauses, or other approved transfer mechanisms. We regularly review the adequacy status of destination countries and update our transfer mechanisms as necessary.

Our primary data processing occurs within the UK and European Economic Area where possible. However, some technology services and support functions may involve transfers to countries with different data protection frameworks. In such cases, we implement additional contractual protections and technical safeguards to maintain UK-equivalent data protection standards throughout the transfer and processing lifecycle.

6. Data Retention and Deletion

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and protect our legitimate interests. Our retention periods are determined based on regulatory requirements, contractual obligations, and business necessity. We maintain detailed retention schedules that specify retention periods for different data categories and automated deletion processes where appropriate.

Account information and transaction records are typically retained for seven years after account closure to comply with financial services regulations and potential dispute resolution requirements. Marketing data is retained until consent is withdrawn or the individual exercises their right to erasure. Technical data such as logs and cookies are generally retained for shorter periods based on their specific purpose and legal requirements.

  • Active account data: Duration of account relationship plus seven years
  • Transaction records: Seven years from transaction date for regulatory compliance
  • KYC documentation: Seven years after account closure or relationship termination
  • Communication records: Three years for dispute resolution purposes
  • Technical logs: Up to two years for security and operational purposes
  • Marketing data: Until consent withdrawal or legitimate interest cessation

7. Data Security and Protection Measures

We implement comprehensive technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. Our security framework includes multiple layers of protection covering data encryption, access controls, network security, and incident response procedures. We regularly test and update our security measures to address emerging threats and maintain industry-leading protection standards.

All personal data is encrypted both in transit and at rest using industry-standard encryption protocols. Access to personal data is restricted to authorised personnel who require access for their specific job functions, with regular access reviews and prompt removal of unnecessary privileges. We maintain robust backup and disaster recovery procedures to ensure data availability and integrity in all circumstances.

  • End-to-end encryption for all data transmission and storage
  • Multi-factor authentication for system access and user accounts
  • Regular security audits and penetration testing
  • Employee training on data protection and security procedures
  • Incident response procedures for data breach management
  • Continuous monitoring for suspicious activities and security threats
  • Secure development practices for all software and system updates

8. Individual Rights and Exercising Control

Under UK data protection law, you have several rights regarding your personal data. These rights enable you to maintain control over how we collect, process, and store your information. We provide clear mechanisms for exercising these rights and respond to requests within the legally required timeframes. Our customer support team is trained to handle data protection requests and can guide you through the process of exercising your rights.

You can exercise most rights through your account settings or by contacting our data protection officer directly. We verify the identity of individuals making data subject requests to prevent unauthorised access to personal information. Some rights may be subject to exemptions under UK law, particularly where processing is necessary for regulatory compliance or fraud prevention purposes.

  • Right of access: Request copies of your personal data and processing information
  • Right to rectification: Correct inaccurate or incomplete personal data
  • Right to erasure: Request deletion of personal data in specific circumstances
  • Right to restrict processing: Limit how we process your personal data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Rights related to automated decision-making: Human review of automated decisions

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your gaming experience, maintain platform functionality, and improve our services. Our cookie policy provides detailed information about the types of cookies we use, their purposes, and how you can manage your preferences. We obtain appropriate consent for non-essential cookies and respect your choices regarding cookie acceptance.

Essential cookies are necessary for basic platform functionality and cannot be disabled without affecting service availability. These include session cookies for account security, load balancing cookies for optimal performance, and security cookies for fraud prevention. Analytics cookies help us understand user behaviour and improve our services, while preference cookies remember your settings and personalise your experience.

10. Contact Information and Complaints

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or need to report a privacy concern, please contact our Data Protection Officer. We are committed to addressing your inquiries promptly and transparently. You also have the right to lodge a complaint with the Information Commissioner’s Office if you believe we have not handled your personal data appropriately.

Our data protection team regularly reviews and responds to user feedback about our privacy practices. We welcome suggestions for improving our data protection procedures and maintaining the highest standards of privacy protection. All communications regarding data protection matters are treated with strict confidentiality and handled by qualified personnel with expertise in UK data protection law.