Privacy Policy
This Privacy Policy explains how Ninewin Casino Ltd collects, uses, stores, and protects your personal data when you use our website and services. We are committed to handling your data responsibly and in compliance with applicable data protection laws.
1. Introduction & Data Controller
1.1 This Privacy Policy applies to Ninewin Casino Ltd ("Ninewin", "we", "us", "our"), the operator of ninewin-casinouk.com. Ninewin Casino Ltd is the data controller responsible for your personal data collected through this Site and associated Services.
1.2 We are committed to protecting your privacy and processing your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and all other applicable data protection legislation.
1.3 This Policy covers all personal data collected through the Site including during registration, account use, customer support interactions, and any other interaction you have with our Services. It does not cover third-party websites or services that we link to — those are governed by their own privacy policies.
1.4 We have appointed a Data Protection Officer (DPO) who can be contacted at [email protected] for any data protection queries, complaints, or requests to exercise your data rights.
2. Data We Collect
2.1 Identity & Contact Data. Full legal name, date of birth, gender, nationality, residential address, email address, and telephone number. This is collected during Account registration and identity verification.
2.2 Financial Data. Payment method details (card type and last four digits only — full card numbers are never stored by Ninewin), transaction history, deposit and withdrawal records, and Account balance information. Full payment card data is processed by PCI-DSS compliant payment processors.
2.3 Identity Verification Documents. Copies of government-issued photo identification (passport, driving licence), proof of address documentation, and source of funds documentation where required for compliance purposes. These documents are stored securely and deleted when no longer required.
2.4 Gaming & Account Activity Data. Game session data, bet history, win/loss records, bonus usage, login timestamps, session durations, and responsible gambling tool settings. This data is used to deliver the Services and meet regulatory obligations.
2.5 Technical Data. IP address, device type, browser type and version, operating system, referring URLs, pages visited, time on site, and other diagnostic information collected automatically when you use the Site.
2.6 Marketing Preferences. Your communication preferences including whether you have opted in to receive promotional emails, SMS, or push notifications from us.
2.7 Correspondence Data. Records of communications between you and our customer support team via live chat, email, or telephone.
3. How We Collect Data
3.1 Directly From You. When you register an Account, complete our identity verification process, make deposits or withdrawals, contact customer support, participate in promotions, or otherwise interact with our Services.
3.2 Automatically. When you visit the Site, we automatically collect technical data through cookies, web beacons, server logs, and similar tracking technologies. This includes your IP address, browser information, and navigation behaviour on the Site.
3.3 From Third Parties. We may receive information about you from identity verification providers (for KYC compliance), credit reference agencies (for enhanced due diligence), fraud prevention services, payment processors, and the GAMSTOP self-exclusion scheme. We may also receive data from analytics providers and advertising partners where applicable.
3.4 From Public Sources. We may supplement the information you provide with data from publicly available sources where permitted by applicable law, primarily for identity verification and fraud prevention purposes.
4. Purpose of Processing
4.1 Account Management. Processing your personal data is necessary to create, maintain, and administer your Account and deliver the Services you have requested.
4.2 Identity Verification & Legal Compliance. We are legally required by the UKGC, the Money Laundering Regulations 2017, and the Gambling Act 2005 to verify your identity, age, and source of funds. This processing is a legal obligation.
4.3 Transaction Processing. Processing deposits, withdrawals, and related financial transactions requires handling your payment information in conjunction with our payment processing partners.
4.4 Responsible Gambling. We process gaming activity data to identify potential problem gambling behaviour, apply responsible gambling tools you have set, and meet our regulatory obligations to protect vulnerable customers.
4.5 Fraud Prevention & Security. We use automated systems and human review to detect and prevent fraud, money laundering, bonus abuse, and account security threats. This processing is in our legitimate interests and is a legal requirement.
4.6 Customer Support. Correspondence data is processed to respond to your enquiries, resolve complaints, and improve our service quality.
4.7 Marketing. Where you have provided consent, we may use your contact information to send promotional emails, SMS messages, or push notifications about our offers and services. You may withdraw consent at any time via your Account settings or by contacting us.
4.8 Analytics & Improvement. We process aggregated and anonymised usage data to understand how the Site is used, improve our products, and develop new features.
5. Legal Basis for Processing (UK GDPR)
5.1 Contract. Processing necessary for the performance of our contract with you — delivering gambling Services, processing transactions, managing your Account.
5.2 Legal Obligation. Processing required by law — KYC/AML verification, age verification, regulatory reporting, responsible gambling compliance, and GAMSTOP integration.
5.3 Legitimate Interests. Processing for our legitimate business interests — fraud prevention, system security, analytics, customer support quality, and direct marketing to existing customers (where not overridden by your interests).
5.4 Consent. Processing based on your explicit consent — promotional marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
6. Data Sharing
6.1 Payment Processors. We share financial transaction data with our payment processing partners to facilitate deposits and withdrawals. All payment processors are PCI-DSS compliant and process data under contracts providing equivalent data protection safeguards.
6.2 Identity Verification Partners. We share identity information with third-party verification providers to fulfil our KYC obligations. These providers are subject to strict data processing agreements and operate under equivalent data protection frameworks.
6.3 Regulatory & Law Enforcement. We are legally required to share information with the UKGC, the Financial Intelligence Unit, and other regulatory or law enforcement authorities when required by applicable law or court order.
6.4 GAMSTOP. We share information with the GAMSTOP national self-exclusion scheme as required by UKGC licence conditions. This includes checking new registrations against the GAMSTOP register and registering user self-exclusions.
6.5 No Sale of Data. We do not sell, rent, or lease your personal data to any third party for their own marketing purposes. Any data sharing is strictly limited to what is necessary for the purposes described in this Policy.
6.6 Service Providers. We may share data with trusted service providers who assist in operating our business (IT services, hosting, analytics, customer support). All service providers are contractually bound to process data only as instructed and to maintain appropriate security measures.
7. Data Retention
7.1 We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations.
7.2 Account Data. Account information is retained for the duration of your Account and for a minimum of 5 years after Account closure, as required by anti-money laundering regulations and UKGC licence conditions.
7.3 Transaction Data. Financial transaction records are retained for a minimum of 6 years following the date of the transaction, as required by UK financial regulation and tax law.
7.4 Identity Verification Documents. KYC documents are retained for 5 years after the end of the customer relationship, as required by the Money Laundering Regulations 2017.
7.5 Marketing Data. Where you have withdrawn marketing consent, your preference is retained to prevent accidental re-contact. Underlying contact data is deleted or anonymised when no longer required for other purposes.
7.6 Deletion Requests. If you request erasure of your personal data, we will delete or anonymise all data we are not legally required to retain. We will inform you of any data we are required to retain and the legal basis for doing so.
8. Your Rights Under UK GDPR
Under UK GDPR, you have the following rights regarding your personal data:
8.1 Right of Access. You have the right to request a copy of all personal data we hold about you (a Subject Access Request). We will respond within 30 days.
8.2 Right to Rectification. You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
8.3 Right to Erasure. You have the right to request deletion of your personal data where it is no longer necessary for the purposes it was collected, where you withdraw consent, or where it has been processed unlawfully. This right is subject to our legal retention obligations.
8.4 Right to Data Portability. Where processing is based on your consent or contract performance, you have the right to receive your personal data in a structured, machine-readable format and to transmit that data to another controller.
8.5 Right to Object. You have the right to object to processing based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
8.6 Right to Restriction. You have the right to request restriction of processing in certain circumstances, including where you contest the accuracy of the data or have objected to processing pending verification of legitimate interests.
8.7 Automated Decision-Making. You have the right not to be subject to decisions made solely by automated processing (including profiling) that produce legal or similarly significant effects. Where we use automated systems for fraud detection or responsible gambling monitoring, human review is available upon request.
8.8 Exercising Your Rights. To exercise any of these rights, contact our DPO at [email protected]. We will respond within 30 days and require identity verification before processing any rights request.
9. Cookies
9.1 We use cookies and similar tracking technologies (web beacons, pixels) on the Site to provide functionality, improve performance, and support analytics.
9.2 Essential Cookies. These cookies are necessary for the Site to function and cannot be switched off. They support session management, security, and Account login functionality. No consent is required for essential cookies.
9.3 Analytics Cookies. With your consent, we use analytics cookies (including Google Analytics) to understand how visitors interact with the Site, which pages are most visited, and how we can improve the user experience. This data is aggregated and anonymised.
9.4 Marketing Cookies. With your consent, we may use cookies to track the effectiveness of our advertising campaigns and to deliver relevant promotional content based on your browsing behaviour on and off the Site.
9.5 Managing Cookies. You can manage cookie preferences through our cookie consent banner when you first visit the Site, or through your browser settings. Blocking essential cookies may affect Site functionality. Most browsers allow you to delete, block, or receive warnings about cookies through the browser's settings.
9.6 Cookie Retention. Cookie lifespans vary: session cookies expire when you close your browser; persistent cookies may be set for periods up to 24 months depending on their purpose.
10. Security Measures
10.1 We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage.
10.2 All data transmitted between your device and our servers is encrypted using TLS 1.3 with 256-bit encryption. HSTS (HTTP Strict Transport Security) is enabled to prevent downgrade attacks.
10.3 Access to personal data within our organisation is restricted to authorised personnel with a legitimate need and is subject to contractual confidentiality obligations.
10.4 We conduct regular security assessments, penetration testing, and vulnerability scans of our systems. Our infrastructure is subject to regular independent security audits.
10.5 In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware, and will inform affected individuals without undue delay where the breach is likely to result in a high risk to those individuals.
11. International Data Transfers
11.1 We primarily store and process your personal data within the United Kingdom and European Economic Area (EEA). Where transfers outside the UK or EEA are necessary (for example, when using internationally hosted service providers), we ensure equivalent protections are in place.
11.2 For transfers to countries without an adequacy decision from the UK Secretary of State, we rely on Standard Contractual Clauses (SCCs) approved under UK GDPR, or other appropriate safeguards, to ensure that the data receives equivalent protection to that afforded under UK law.
11.3 Where we transfer data to third parties based in the United States, we ensure these recipients are certified under the UK-US Data Bridge framework or are subject to Standard Contractual Clauses.
12. Contact & Complaints
12.1 For any questions about this Privacy Policy, to exercise your data rights, or to raise a data protection concern, please contact our Data Protection Officer at: [email protected]
12.2 If you are not satisfied with our response to a data protection concern, or believe we are processing your data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection matters.
12.3 The ICO can be contacted at: ico.org.uk — Telephone: 0303 123 1113 — Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
12.4 This Privacy Policy was last updated in February 2026. We will notify you of any material changes via email to your registered address and by updating the "Last Updated" date at the top of this page.
Last Updated: February 2026 · Ninewin Casino Ltd · UK GDPR Compliant · Data Controller Registration Pending · ICO Registration in progress