Privacy Policy

1.1  1red Casino UK Ltd is the data controller responsible for your personal data. We are registered under the Companies Act in England and Wales. As a data controller, we determine the purposes and means of processing your personal data in connection with your use of our website at 1redcasino-uk.org and all associated services.

1.2  This Privacy Policy covers all personal data we collect, process, store, and share in connection with your account registration, use of our gambling services, and any communications you have with us. It applies to all users of the Site, including visitors, registered players, and former account holders.

1.3  We are registered with the Information Commissioner's Office (ICO), the UK's independent authority set up to uphold information rights in the public interest. Our processing activities comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy was last updated in February 2026.

1.4  This Privacy Policy should be read alongside our Terms and Conditions and our Responsible Gaming Policy. By using the Site, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information in accordance with it.

2.1  Personal Data: When you register an account or use our services, we collect personal information including your full name, date of birth, residential address, email address, phone number, and nationality. This information is required for account creation, age verification, and identity checks mandated by our UKGC licence.

2.2  Financial Data: We collect and process financial information necessary to facilitate transactions on the Site. This includes payment card details (processed securely via certified payment processors), bank account information, e-wallet account details, and full transaction history including deposits, withdrawals, and gaming activity. We do not store full card numbers on our systems.

2.3  Usage and Technical Data: We automatically collect information about how you use the Site. This includes your IP address, device type and operating system, browser type and version, session data (pages visited, time spent, actions taken), login timestamps, and geolocation data (country-level, derived from IP address). This data helps us operate, maintain, and improve the Site.

2.4  Communications Data: We retain records of communications between you and our support team, including live chat transcripts, email correspondence, and call recordings (where applicable). We may also collect feedback, survey responses, and any other information you voluntarily provide when contacting us.

2.5  Identity Verification Documents: As part of our KYC and AML obligations, we may collect and retain copies of government-issued identity documents (passports, driving licences), proof of address documents, and source-of-funds documentation. These are processed securely and retained only for as long as required by law and our regulatory obligations.

3.1  Directly From You: The majority of the personal data we hold is provided directly by you. This happens when you register an account, complete identity verification, make deposits or withdrawals, contact customer support, respond to surveys, or otherwise interact with our services. You have control over what information you share with us beyond what is required for regulatory compliance.

3.2  Automatically Via Technology: We collect certain data automatically when you access the Site. This is done through cookies, web beacons, pixel tags, log files, and similar tracking technologies. Automatically collected data includes your IP address, browser type, referring URLs, pages viewed, and time spent on the Site. See Section 9 (Cookies) for full details.

3.3  From Payment Processors: When you make a deposit or withdrawal, our payment processors may share transactional confirmation data and fraud screening results with us. This allows us to match payments to accounts, detect suspicious activity, and meet our AML obligations. All data shared by payment processors is handled under strict contractual data protection terms.

3.4  From Third-Party Verification Services: We use third-party identity verification and age verification providers to confirm your identity and comply with UKGC requirements. These providers may return verification results, fraud risk scores, and document authentication outcomes to us, which we use solely for compliance and account management purposes.

4.1  Account Management: We use your personal data to create and maintain your account, authenticate your identity when you log in, personalise your experience on the Site, process your transactions, and communicate with you about your account activity.

4.2  Identity Verification and KYC: We are legally required under our UKGC licence and anti-money laundering regulations to verify your identity before you can withdraw funds. We process your identity documents and personal information to complete this verification and to meet our ongoing KYC obligations.

4.3  Legal Compliance and Regulatory Reporting: We process your data to comply with applicable laws and regulations, including anti-money laundering (AML) obligations, tax reporting requirements, UKGC reporting requirements, and court or regulatory orders. This processing is a legal obligation we cannot waive.

4.4  Fraud Prevention and Security: We use transaction data, usage patterns, and device information to detect and prevent fraud, money laundering, and other prohibited activities. This includes automated screening systems and manual review where appropriate.

4.5  Marketing (With Consent): With your explicit consent, we may use your email address and preferences to send you promotional offers, newsletters, and updates about 1red Casino products and services. You can withdraw your consent and unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us at [email protected].

5.1  Consent (Article 6(1)(a)): Where you have given us clear, freely given, specific, and informed consent to process your data for a particular purpose — such as receiving marketing communications — we rely on consent as our legal basis. You can withdraw consent at any time without affecting the lawfulness of prior processing.

5.2  Contract Performance (Article 6(1)(b)): Much of our processing is necessary to perform the contract we have with you when you register an account. This includes processing data to create and manage your account, process deposits and withdrawals, and provide access to our gaming services.

5.3  Legal Obligation (Article 6(1)(c)): We are subject to a number of legal obligations that require us to process personal data. These include anti-money laundering regulations, UKGC licence conditions (including KYC and responsible gambling requirements), tax legislation, and requirements under the Proceeds of Crime Act 2002.

5.4  Legitimate Interests (Article 6(1)(f)): We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This includes processing for fraud detection, network security, improving our services, and conducting analytics on Site usage. We carry out a balancing test before relying on this basis.

6.1  Payment Processors: We share the minimum necessary financial data with our payment processing partners to facilitate deposits and withdrawals. All payment processors we work with are PCI DSS compliant and bound by strict data processing agreements. Payment card data is transmitted over encrypted channels and never stored on our servers in plain text.

6.2  UK Gambling Commission: As part of our regulatory obligations under our UKGC licence, we may be required to share player data, transaction records, and audit information with the Gambling Commission. This is a legal requirement and we do not have the ability to restrict such sharing.

6.3  Law Enforcement and Regulatory Bodies: We may disclose your personal data to law enforcement agencies, government bodies, courts, or regulatory authorities where we are legally required to do so, where we have a legitimate duty to prevent crime, or where disclosure is necessary to protect the safety of individuals.

6.4  No Sale of Data: We do not sell, rent, lease, or otherwise transfer your personal data to third parties for their own marketing or commercial purposes. Any data sharing that occurs is strictly limited to what is necessary for the purposes described in this policy, and is governed by appropriate contractual protections.

6.5  Service Providers: We engage third-party service providers to assist with operating the Site (e.g., cloud hosting, customer support platforms, analytics tools). These providers act as data processors on our behalf and are contractually obligated to process your data only on our instructions and in accordance with applicable data protection law.

7.1  Active Accounts: We retain your personal data for as long as your account remains active and for a period of five years after your last activity on the Site. This retention period is required to meet our regulatory obligations, resolve disputes, and enforce our Terms and Conditions.

7.2  Closed Accounts: When you close your account, we retain your personal data for a minimum of five years. This is required by anti-money laundering regulations (which mandate a five-year retention period for customer due diligence records), UKGC licence conditions, and general legal requirements. Financial transaction records may be retained for longer where required by tax legislation.

7.3  Marketing Data: If you have consented to marketing communications, we retain your marketing preferences and contact details until you withdraw your consent. Upon withdrawal of consent, we will remove you from marketing lists promptly, though we may retain a record of your opt-out to ensure we do not contact you again.

7.4  We regularly review our data holdings and securely delete or anonymise personal data that is no longer required for any of the purposes described in this policy. Where data cannot be fully deleted (e.g., due to backup schedules), it will be quarantined and not used for active processing until it is deleted.

8.1  Right of Access: You have the right to request a copy of the personal data we hold about you (a "Subject Access Request"). We will respond to verified requests within one month. There is no fee for a SAR unless the request is manifestly unfounded or excessive.

8.2  Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it. You can update many of your account details directly through the Site, or contact us to request corrections to other data.

8.3  Right to Erasure: You have the right to request deletion of your personal data in certain circumstances, such as where the data is no longer necessary for the purposes for which it was collected, or where you withdraw consent and there is no other legal basis for processing. Note that we may be required to retain certain data to comply with legal obligations even after an erasure request.

8.4  Right to Data Portability: Where we process your data by automated means on the basis of consent or contract performance, you have the right to receive a copy of your personal data in a structured, commonly used, machine-readable format and to transmit it to another data controller.

8.5  Right to Object and Restriction: You have the right to object to processing based on legitimate interests and to request that we restrict processing of your data in certain circumstances. You also have the right to object to direct marketing at any time, and we must stop processing for that purpose immediately upon receiving your objection.

8.6  Right to Complain to the ICO: If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). Contact details for the ICO are provided in Section 12 of this policy.

9.1  We use cookies and similar tracking technologies (such as web beacons and local storage) on the Site. Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work more efficiently and to provide information to site operators. This section explains the types of cookies we use and how you can manage them.

9.2  Essential Cookies: These cookies are necessary for the Site to function and cannot be switched off in our systems. They include session cookies (which keep you logged in during a visit), security cookies (which help detect fraudulent activity and protect your account), and cookies that remember your cookie preferences. These cookies do not store any personally identifiable information.

9.3  Analytics Cookies: With your consent, we use analytics cookies to understand how visitors use the Site. This helps us measure Site performance, identify popular pages, and improve the user experience. Analytics data is aggregated and anonymised wherever possible. We use tools such as Google Analytics for this purpose.

9.4  Marketing Cookies: With your explicit consent, we and our advertising partners may use cookies to deliver relevant advertisements, track the effectiveness of campaigns, and build a profile of your interests. You can withdraw consent for marketing cookies at any time through your browser settings or our cookie preference centre.

9.5  Managing Cookies: You can control and manage cookies through your browser settings. Most browsers allow you to view, delete, and block cookies. Please note that disabling certain cookies may affect the functionality of the Site. For more information about managing cookies, visit your browser's help documentation.

10.1  Encryption: All data transmitted between your browser and our Site is protected using 256-bit SSL/TLS encryption. This is the same level of encryption used by major financial institutions and ensures that your personal and financial data cannot be intercepted during transmission.

10.2  Database Security: Personal data stored in our databases is encrypted at rest. Our databases are hosted on secure, ISO 27001-certified infrastructure with strict access controls, regular vulnerability assessments, and penetration testing conducted by independent security professionals.

10.3  Employee Access Controls: Access to personal data is restricted to employees who need it to perform their job functions. All staff with access to personal data receive regular data protection training and are bound by confidentiality obligations. We use role-based access controls and maintain audit logs of data access.

10.4  Security Audits: We conduct regular security audits and risk assessments to identify and address vulnerabilities in our systems. We also run a responsible disclosure programme and act promptly on any security issues reported to us.

10.5  Breach Notification: In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33. Where the breach poses a high risk to you personally, we will also notify you directly without undue delay.

11.1  1red Casino processes and stores all personal data of UK users on servers located within the United Kingdom and the European Economic Area (EEA). We do not routinely transfer personal data outside the UK or EEA. Where any transfer outside these areas is necessary, we ensure that adequate safeguards are in place before the transfer occurs.

11.2  Any transfer of personal data outside the UK/EEA is carried out using one of the following safeguards: (a) Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office under the International Data Transfer Agreement (IDTA); (b) transfer to a country that has been deemed to provide adequate protection by the UK Government; or (c) another approved transfer mechanism under UK GDPR.

11.3  We do not transfer personal data to countries or territories that do not provide an adequate level of protection for personal data, unless specific safeguards as described above are in place. If you would like more information about the specific safeguards applicable to any international transfer of your data, please contact our Data Protection Officer at [email protected].

12.1  If you have any questions about this Privacy Policy, wish to exercise any of your data protection rights, or have a concern about how we handle your personal data, please contact our Data Protection Officer (DPO):

12.2  If you are not satisfied with our response, or if you believe that we are processing your personal data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection matters. You can contact the ICO at ico.org.uk, by telephone on 0303 123 1113, or by post at ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

12.3  We encourage you to contact us first before approaching the ICO, as we are committed to resolving data protection concerns directly and will do our best to address your query promptly. You can also review our Terms and Conditions for additional information about how we operate the Site and handle user data.