Logo
Logo

CasinoLab Privacy Policy: Data Use and Player Rights

Last updated: June 4, 2026

This privacy policy explains how personal information is collected, used and protected when players access CasinoLab casino services operated by Genesis Global Limited. The policy applies to all users who register, browse or interact with the platform under UK Gambling Commission licence 45235 and Malta Gaming Authority licence MGA/CRP/314/2015. Players can use the information below to understand what happens to their data from registration through account closure.

The policy covers account creation, payment processing, identity verification, gameplay tracking and compliance checks. Genesis Global Limited, registered in Malta as company C65325, acts as data controller for all personal information submitted through the casino service. Players accept the terms of this policy by creating an account or using any feature of the platform.

Who Collects and Controls Personal Data

Genesis Global Limited operates the CasinoLab casino service and controls all personal data collected through the platform. The company holds regulatory permissions in the United Kingdom and Malta, meaning data processing aligns with both jurisdictions. UK players interact with a service licensed under UKGC reference 45235, while the Malta company number C65325 identifies the legal entity that stores and manages personal records.

The operator collects data directly from players during registration and indirectly through device activity, payment records and gameplay logs. Third-party providers, such as Evolution for live casino and Pragmatic Play for slots, may collect limited technical data under their own terms, but Genesis Global Limited remains the primary controller responsible for player privacy.

Definition of Personal Information

Personal data includes any information that identifies or relates to a specific user. This covers names, dates of birth, email addresses, phone numbers, postal addresses, payment card details, device identifiers and gameplay records. Technical data such as IP addresses, browser type, operating system and session timestamps also falls under personal information when linked to an account.

The casino treats all data submitted during registration, verification or payment as personal. Aggregated or anonymised data that cannot identify individual players is not classified as personal information under this policy.

Account and Service Definitions

An account refers to the registered profile created when a player completes the signup form. The account holds personal details, transaction history, bonus records and preferences. Service refers to all features provided by CasinoLab, including slot games, live casino tables, payment processing, promotional campaigns and customer support.

A device is any hardware used to access the platform, such as a smartphone, tablet, laptop or desktop computer. The platform recognises devices through cookies, IP addresses and browser fingerprints to maintain session security and detect duplicate accounts.

What Personal Information Is Collected

CasinoLab collects several categories of personal data depending on how players interact with the platform. Collection happens during account creation, payment submission, identity verification and gameplay. Some data is provided manually by players, while other information is captured automatically through system logs and tracking technologies.

The casino does not collect data from players under 18 years of age. Any account found to belong to a minor will be closed immediately, and funds may be forfeited under responsible gambling rules.

Identity and Contact Details

Players must provide a full legal name, date of birth, residential address, email address and phone number during registration. The signup form requires these fields to create an account and assign a unique login identifier. The date of birth is used to confirm that the player is 18 years or older, while the address is later verified during the KYC process.

Contact details allow the operator to send account notifications, payment confirmations, bonus updates and security alerts. Players can manage communication preferences in their account settings, but transactional messages related to withdrawals and compliance checks cannot be opted out.

Financial and Payment Records

Payment data includes card numbers, bank account details, MiFinity wallet identifiers and cryptocurrency wallet addresses. The platform stores the last four digits of cards and payment method names for transaction records, but full card numbers are handled by payment processors and not retained by the casino.

Deposit and withdrawal logs record amounts, timestamps, currency, method and transaction status. These records are kept for anti-money laundering checks, dispute resolution and financial audits. Players who use crypto payments provide wallet addresses, and transaction hashes are logged for reconciliation.

Technical and Usage Data

Technical data includes IP addresses, device type, browser version, operating system, screen resolution and language settings. The platform collects this information automatically when players visit the site or launch a game. IP addresses are used to enforce geographic restrictions and detect VPN or proxy use, which can trigger account reviews.

Usage data covers gameplay activity, such as bets placed, games played, session duration, win and loss records, bonus activation and wagering progress. This data helps the operator monitor responsible gambling limits, detect irregular betting patterns and prevent bonus abuse. Players can request a copy of their usage history through customer support.

Verification and Compliance Documents

Players must submit identity and address documents before their first withdrawal. Acceptable identity documents include a UK passport or driving licence, while address verification requires a utility bill, council tax letter or bank statement dated within the last three months. Payment proof, such as a card photo or bank statement, confirms ownership of the deposit method.

Source-of-funds requests may require additional documents, including payslips, tax returns or bank statements showing income. These checks are triggered by large deposits, high-value withdrawals or risk flags during anti-money laundering reviews. All documents are stored securely and handled by the KYC team within up to 10 business days.

How Personal Information Is Used

Personal data collected by CasinoLab is used to provide casino services, process payments, verify identities, enforce terms and comply with regulatory obligations. Each category of data serves a specific function, and the operator does not use personal information for purposes unrelated to the platform. Marketing communications are sent only to players who have opted in during registration or in account settings.

The operator may use aggregated or anonymised data for analytics, business reporting and product development. This data does not identify individual players and is not classified as personal information.

Account Creation and Service Delivery

Personal data is used to create and maintain player accounts. The registration form collects identity and contact details to assign a unique login identifier and establish account ownership. Once the account is active, the operator uses data to authenticate login attempts, restore access after password resets and track session activity.

Service delivery includes processing deposits, enabling gameplay, crediting winnings, applying bonuses and handling withdrawals. Payment records ensure that transactions are routed correctly and balances are updated in real time. Gameplay logs allow the casino to calculate wagering progress, enforce bonus terms and resolve disputes.

Payment Processing and Financial Operations

Financial data is used to process deposits, validate payment methods and approve withdrawals. The operator verifies that payment details match the account holder’s registered name and address. Mismatched payment profiles can trigger manual reviews or account restrictions.

Withdrawal requests require identity and payment verification before approval. The financial department reviews pending payouts to ensure compliance with anti-money laundering rules, including checks for deposit turnover, bonus wagering completion and source-of-funds documentation.

Identity Verification and KYC Compliance

Identity verification ensures that accounts belong to real adults and that payment methods are owned by the registered player. The KYC process requires submission of a passport or driving licence, proof of address and payment ownership documents. The review confirms that personal details on file match official records.

Verification is mandatory before the first withdrawal and may be repeated after large deposits, profile changes or risk alerts. Players who fail to submit valid documents within the requested timeframe may have withdrawals delayed or accounts suspended.

Anti-Money Laundering and Fraud Prevention

Personal data supports anti-money laundering checks by linking deposits to verified payment methods and tracking transaction patterns. The operator monitors for suspicious activity, including rapid cashouts, low turnover, mismatched payment details and attempts to use the platform for fund transfers.

Fraud prevention systems analyse device fingerprints, IP addresses and login behaviour to detect duplicate accounts, VPN use and automated betting tools. Players who trigger multiple risk flags may be asked to complete enhanced verification or face account closure.

Marketing and Promotional Communication

Players who opt in to marketing messages receive emails about new games, reload bonuses, tournament invitations and VIP offers. The operator uses contact details to deliver personalised campaigns based on gameplay preferences and account activity. Marketing consent can be withdrawn at any time through account settings or by contacting support.

Promotional communication does not include transactional messages, such as withdrawal confirmations, KYC requests or security alerts. These messages are sent regardless of marketing preferences because they are necessary for account operation.

Personal data is used to comply with UK Gambling Commission and Malta Gaming Authority regulations. The operator maintains records of player activity, financial transactions and responsible gambling interactions to meet audit and reporting requirements. Regulatory bodies may request access to player data during investigations or compliance reviews.

The casino also uses data to enforce terms and conditions, including age restrictions, duplicate account bans and bonus abuse prevention. Players who violate terms may have their accounts closed, and personal data is retained to prevent future registrations.

CasinoLab processes personal information based on legal grounds recognised under UK and EU data protection legislation. Each category of processing relies on one or more legal bases, and players have rights that vary depending on the basis used. The operator does not process personal data without a valid legal justification.

Processing continues as long as the legal basis remains valid. When a basis no longer applies, such as after account closure or consent withdrawal, the operator will stop processing or delete the data in line with retention policies.

Consent is the legal basis for marketing communication and optional data collection. Players provide consent by ticking opt-in boxes during registration or adjusting preferences in account settings. Consent can be withdrawn at any time without affecting core account services.

Withdrawing consent stops future marketing emails but does not delete historical records or prevent transactional messages. The operator does not use consent as a basis for mandatory account functions, such as payment processing or identity verification.

Contractual Necessity for Account Services

Processing personal data is necessary to deliver the services players request when creating an account. This includes account creation, payment processing, game access, bonus crediting and customer support. Without this data, the operator cannot fulfil the contract established during registration.

Players who refuse to provide mandatory information, such as name, date of birth or payment details, cannot create or maintain an account. Contractual necessity covers all data required to operate the platform and complete transactions.

The operator must process personal data to comply with legal obligations under UK and Malta gambling regulations. This includes identity verification, anti-money laundering checks, age verification, responsible gambling monitoring and regulatory reporting. Legal obligations apply regardless of player consent.

Players cannot object to processing based on legal obligations, as these requirements are mandated by licensing authorities. Failure to comply could result in licence suspension or revocation.

Legitimate Interests for Security and Analytics

Legitimate interests allow the operator to process data for fraud prevention, security monitoring, dispute resolution and business analytics. These activities protect both the operator and players by detecting suspicious behaviour, preventing account theft and improving platform performance.

Players can object to processing based on legitimate interests, but objections will be refused if the operator can demonstrate compelling reasons related to security or compliance. Fraud detection, duplicate account prevention and risk assessment are examples of legitimate interests that outweigh individual objections.

How Personal Data Is Shared

CasinoLab shares personal information with third parties when necessary to provide services, comply with legal obligations or protect the platform. The operator does not sell or rent personal data to marketers, advertisers or unrelated businesses. All third-party recipients are bound by confidentiality agreements and data protection requirements.

Sharing occurs only when required for specific functions, such as payment processing, game delivery, identity verification or regulatory reporting. Players accept these disclosures by registering and using the platform.

Payment Processors and Financial Partners

Payment processors handle deposits, withdrawals and card transactions on behalf of the operator. Partners include Visa, Mastercard, bank transfer networks, MiFinity and cryptocurrency payment gateways. These providers receive financial data necessary to complete transactions but do not access full account histories or gameplay records.

Payment data is shared securely through encrypted connections, and processors are required to comply with PCI DSS standards for card security. The operator does not control how payment providers store or use data after transactions are completed, and players should review third-party terms separately.

Game Providers and Software Partners

Game providers such as Pragmatic Play, Evolution, NetEnt and Play’n GO deliver slot, live casino and table game content through their own platforms. These providers may collect technical data, including device type, IP address, session duration and gameplay activity, to operate games and generate random outcomes.

The operator shares limited account data with game providers to authenticate sessions and track balances. Providers do not receive personal identity details unless required for jackpot verification or compliance checks. Each provider operates under its own privacy policy, and players interact directly with third-party servers when launching games.

Verification and Compliance Services

Identity verification services assist with KYC checks by validating documents and matching personal details against official databases. These services receive copies of passports, driving licences, utility bills and bank statements to confirm identity and address accuracy.

Anti-money laundering partners analyse transaction patterns and payment sources to detect suspicious activity. The operator may share financial records, deposit logs and source-of-funds documents with compliance specialists during enhanced due diligence reviews.

Regulatory Authorities and Law Enforcement

Personal data may be disclosed to the UK Gambling Commission, Malta Gaming Authority or law enforcement agencies when required by law. Disclosures include player records, transaction histories and communications related to investigations, licence audits or legal proceedings.

The operator cooperates fully with regulatory requests and court orders. Players will not be notified in advance if disclosure is prohibited by legal process or if notification could interfere with an investigation.

Affiliated Companies and Service Providers

Genesis Global Limited operates multiple casino brands and may share personal data across its network for customer support, payment reconciliation and fraud detection. Affiliated companies within the Genesis Global Limited group are subject to the same privacy standards and regulatory oversight.

Service providers, including hosting companies, analytics platforms and customer support tools, receive limited data necessary to perform contracted functions. These providers are prohibited from using personal data for their own purposes and must delete or return data when contracts end.

How Long Personal Data Is Stored

CasinoLab retains personal information for as long as necessary to provide services, comply with legal obligations and resolve disputes. Retention periods vary depending on data type, regulatory requirements and the purpose of processing. The operator does not keep data longer than required unless legal obligations mandate extended storage.

When retention periods expire, personal data is either deleted permanently or anonymised so it can no longer identify individual players. Anonymised data may be retained indefinitely for analytics and reporting.

Active Account Retention

Personal data is retained for the duration of an active account. This includes identity details, contact information, payment records, gameplay logs and verification documents. Active accounts are those where players can log in, deposit, play games or request withdrawals.

Retention continues as long as the account remains open, even if players do not use the platform regularly. Players who wish to stop data retention must request account closure through customer support.

Closed Account Retention

After account closure, personal data is retained for a minimum of five years to comply with UK Gambling Commission and Malta Gaming Authority record-keeping requirements. This period allows the operator to resolve disputes, respond to regulatory audits and prevent duplicate registrations.

Financial records, including deposit and withdrawal logs, are kept for up to seven years to meet anti-money laundering and tax reporting obligations. Identity documents may be retained longer if required by law enforcement or ongoing investigations.

Verification Document Retention

KYC documents, including passports, driving licences, utility bills and bank statements, are stored for the duration of the account and for five years after closure. These documents support compliance checks and provide evidence of identity verification in case of disputes or regulatory reviews.

Players who submit multiple versions of the same document type will have outdated versions deleted once new documents are approved. Original submission dates and verification statuses are logged separately.

Marketing and Communication Logs

Marketing consent records and communication logs are retained for three years after the last interaction. This includes email opt-in statuses, promotional messages sent and responses received. Players who withdraw consent will have their contact details removed from marketing databases within 30 days.

Transactional messages, such as withdrawal confirmations and security alerts, are retained as part of account history and follow the same retention rules as other account data.

Player Rights Over Personal Data

Players have legal rights over their personal information under UK data protection legislation. These rights allow players to access, correct, delete or restrict the use of their data. The operator processes rights requests through customer support and aims to respond within 30 days.

Some rights are subject to conditions or exemptions, particularly when data is required for legal compliance or ongoing investigations. Players can exercise rights by contacting support or submitting a formal request through the account interface.

Right to Access Personal Data

Players can request a copy of all personal information held by the operator. This includes identity details, payment records, gameplay logs, verification documents and communication history. The operator provides data in a structured, commonly used format such as PDF or CSV.

Access requests are processed within 30 days, and players receive a secure link to download their data. The first request per year is free, and subsequent requests may incur a reasonable administrative fee.

Right to Correct Inaccurate Data

Players can request corrections to personal details that are inaccurate or incomplete. This includes updating names, addresses, phone numbers or email addresses. Changes to identity details may require submission of updated verification documents.

Payment details cannot be corrected manually and must be updated by adding a new payment method and verifying ownership. Historical transaction records remain unchanged to maintain audit trails.

Right to Delete Personal Data

Players can request deletion of personal data once the account is closed and retention obligations have expired. The operator will delete identity details, contact information and gameplay logs after the minimum five-year retention period.

Deletion requests during active account status are treated as account closure requests. Data required for legal compliance, such as financial records and anti-money laundering logs, cannot be deleted until retention obligations expire.

Right to Restrict Processing

Players can request that processing be restricted while disputes about data accuracy or lawfulness are resolved. Restricted data is marked and stored securely but not used for active processing. The operator will notify players before lifting restrictions.

Restriction does not apply to data required for legal compliance or fraud prevention. Players cannot restrict processing of identity verification or anti-money laundering checks.

Right to Data Portability

Players can request that personal data be transferred to another service provider in a machine-readable format. This right applies only to data provided directly by the player, such as registration details and contact information. Gameplay logs and system-generated records are excluded.

Portability requests are processed within 30 days, and data is provided in JSON or CSV format. The operator is not responsible for compatibility issues with third-party platforms.

Right to Object to Processing

Players can object to processing based on legitimate interests, such as marketing analytics or fraud detection. The operator will stop processing unless it can demonstrate compelling legal grounds that override the objection.

Objections to direct marketing are always honoured, and opt-out requests are processed within 48 hours. Objections to processing required for legal compliance or contractual necessity will be refused.

How Personal Data Is Protected

CasinoLab implements technical and organisational measures to protect personal information from unauthorised access, disclosure, alteration and destruction. Security controls cover data transmission, storage, access management and incident response. The operator reviews security measures regularly to address emerging threats.

No system is completely secure, and players are responsible for protecting their login credentials and enabling account security features such as two-factor authentication.

Encryption and Secure Transmission

All data transmitted between player devices and CasinoLab servers is encrypted using TLS 1.2 or higher. This includes login credentials, payment details, gameplay activity and account settings. Encryption prevents interception of data during transmission over public networks.

Stored data, including identity documents and payment records, is encrypted using AES-256 encryption. Encryption keys are stored separately from data and rotated regularly to reduce exposure in case of breach.

Access Control and Authentication

Access to personal data is restricted to authorised personnel who require it to perform their duties. Employees are assigned role-based permissions, and access logs are monitored for unusual activity. The operator conducts regular audits to ensure compliance with access policies.

Players protect their accounts by choosing strong passwords and enabling two-factor authentication when available. Account lockout features prevent brute-force login attempts, and suspicious login patterns trigger email alerts.

Fraud Detection and Account Monitoring

The operator uses automated systems to detect duplicate accounts, VPN use, irregular betting patterns and payment fraud. Risk flags trigger manual reviews by the compliance team, and accounts with multiple violations may be suspended.

Device fingerprinting and IP tracking help identify shared devices and household overlaps. Players who register multiple accounts will have duplicates closed and balances forfeited under one-account rules.

Incident Response and Breach Notification

The operator maintains an incident response plan to address data breaches, system failures and security incidents. Affected players are notified within 72 hours if a breach results in high risk to personal data. Notifications include details of the breach, data affected and steps taken to mitigate harm.

Players should report suspected security issues, such as unauthorised account access or phishing attempts, to customer support immediately.

Cookies and Tracking Technologies

CasinoLab uses cookies and similar technologies to operate the platform, analyse usage and deliver personalised experiences. Cookies are small text files stored on player devices that track session activity, preferences and interactions. Players can control cookie settings through browser options, but disabling cookies may affect platform functionality.

The operator does not use cookies to collect personal data without consent unless required for essential platform operation.

Essential Cookies for Platform Operation

Essential cookies are required to operate the platform and cannot be disabled without breaking core functions. These cookies manage login sessions, maintain account authentication, store language preferences and enable secure payment processing.

Essential cookies do not track activity across other websites and are deleted when the browser session ends or after a set period of inactivity.

Performance and Analytics Cookies

Performance cookies collect data about page load times, error rates, popular game categories and navigation patterns. This data helps the operator identify technical issues, improve user experience and optimise game delivery.

Analytics cookies may track device type, screen resolution, browser version and session duration. Data collected is aggregated and anonymised before use in reporting.

Functional and Preference Cookies

Functional cookies remember player preferences, such as display settings, currency selection and game filters. These cookies improve convenience by reducing repetitive input and personalising the interface.

Preference cookies are stored for extended periods to maintain consistency across sessions. Players can clear cookies through browser settings to reset preferences.

Marketing and Advertising Cookies

Marketing cookies track interactions with promotional campaigns, including bonus claims, tournament registrations and VIP invitations. These cookies allow the operator to measure campaign effectiveness and deliver targeted offers based on gameplay activity.

Players who opt out of marketing communication will still receive functional and essential cookies. Third-party advertising cookies from external partners are not used by CasinoLab.

How to Manage Cookies

Players can control cookies through browser settings by accepting, blocking or deleting cookies. Most browsers allow cookie management at the site level, enabling selective control over which platforms can store data. Clearing cookies logs players out of active sessions and resets preferences.

Disabling essential cookies prevents login and payment processing. Disabling functional cookies reduces personalisation but does not block core platform access.

CasinoLab may include links to external websites, including payment providers, game developers and responsible gambling resources. The operator does not control third-party websites and is not responsible for their privacy practices. Players who follow external links leave the CasinoLab platform and interact under separate terms.

Third-party websites may collect personal data, set cookies and apply different privacy policies. Players should review external privacy statements before submitting information.

Responsibility for External Content

The operator provides links for convenience and information but does not endorse or verify third-party content. External websites may have different security standards, data retention policies and regulatory oversight.

Players who experience issues on third-party platforms should contact the relevant website directly. CasinoLab cannot resolve disputes or recover data from external services.

Game Provider Privacy Policies

Game providers such as Pragmatic Play, Evolution and NetEnt operate independent platforms that deliver casino content. These providers collect technical data when players launch games, including IP addresses, device type and session activity. Each provider operates under its own privacy policy, and players interact directly with third-party servers during gameplay.

The operator does not control how game providers store or use data. Players should review provider terms separately if they have concerns about game-level tracking.

Protection of Minors and Age Verification

CasinoLab prohibits players under 18 years of age from creating accounts, depositing funds or playing games. The operator implements age verification checks during registration and KYC to ensure compliance with UK Gambling Commission regulations. Accounts found to belong to minors are closed immediately, and deposits may be returned to the funding source.

Parents and guardians can contact support to report suspected underage access. The operator cooperates with law enforcement and regulatory authorities on matters involving minors.

No Data Collection from Minors

The operator does not knowingly collect personal data from individuals under 18. Players confirm their age during registration by providing a date of birth, and identity verification checks confirm age through official documents.

If the operator discovers that data has been collected from a minor, the account will be closed, data will be deleted, and winnings will be forfeited. Deposits may be returned depending on the circumstances and available evidence.

Parental Controls and Reporting

Parents who discover that their child has accessed the platform should contact customer support immediately. The operator will close the account, investigate how access was obtained and take steps to prevent future registrations from the same household.

Players are encouraged to use device-level parental controls, browser filters and network restrictions to prevent minors from accessing gambling websites.

Changes to the Privacy Policy

CasinoLab updates this privacy policy when changes are made to data collection, processing, sharing or retention practices. Updates reflect regulatory changes, platform improvements and feedback from players. The operator notifies players of material changes through email, account alerts or prominent notices on the homepage.

Players are responsible for reviewing the policy regularly to stay informed of updates. Continued use of the platform after changes take effect constitutes acceptance of the revised policy.

Notification of Material Changes

Material changes include new data collection practices, changes to sharing recipients, adjustments to retention periods or modifications to player rights. The operator provides at least 30 days’ notice before material changes take effect, allowing players to withdraw consent or close accounts if they disagree.

Non-material changes, such as clarifications, formatting updates or corrections, do not require advance notice. The Last Updated date at the top of the policy indicates when the most recent revision was published.

How to Review Policy Updates

The privacy policy is available at all times through the footer menu and account settings. Players can compare previous versions by contacting support or requesting archived copies. The operator maintains records of policy changes for audit and compliance purposes.

Players who have questions about updates can contact customer support for clarification. The operator provides plain-language summaries of significant changes upon request.

How to Contact the Operator About Privacy

Players can contact CasinoLab customer support for privacy-related inquiries, rights requests or complaints. Support channels include live chat, account support form and email. The operator aims to respond to privacy requests within 30 days and provides updates if additional time is needed.

Complex requests, such as data portability or deletion after account closure, may require additional verification to confirm identity. Players should provide clear details about the request and include account information to expedite processing.

Submitting Privacy Requests

Players can submit rights requests through the account interface or by contacting support directly. Requests should specify the action desired, such as access, correction, deletion, restriction or objection. The operator may request additional verification, such as a copy of the identity document on file, to prevent unauthorised access to personal data.

Requests are processed in the order received, and players receive confirmation once the request is completed. Refusals are explained in writing, including legal grounds and available appeal options.

Complaints and Regulatory Contact

Players who are dissatisfied with how the operator handles privacy requests can file complaints with the UK Information Commissioner’s Office or the Malta Data Protection Commissioner. Contact details for regulatory authorities are available through official government websites.

The operator cooperates fully with regulatory investigations and provides requested documentation within mandated timeframes. Players can escalate unresolved issues by referencing their account number and request history.