Privacy Policy Navigation
- Introduction & Scope
- Key Definitions
- Data Collection Methods
- How We Use Your Information
- Legal Basis for Processing
- Data Sharing & Third Parties
- Data Security Measures
- Data Retention Periods
- Your Legal Rights
- Cookies & Tracking Technologies
- International Data Transfers
- Policy Changes & Updates
- Contact & Complaints
Bass Win Casino Privacy Policy Last Updated: January 2026
This comprehensive Privacy Policy outlines how Bass Win Casino Limited collects, uses, stores, and protects your personal information when you interact with our gaming services. As a licensed operator under the United Kingdom Gambling Commission (UKGC License Number: ########), we adhere strictly to the Data Protection Act 2018, UK General Data Protection Regulation (UK GDPR), and all applicable gambling legislation.
We are committed to maintaining the highest standards of data protection and privacy. This document explains your rights regarding personal data and provides transparent information about our processing activities. By accessing our services, you acknowledge that you have read, understood, and agreed to the practices described in this Privacy Policy.
Important Notice: This Privacy Policy applies to all users of Bass Win Casino services, including website visitors, registered players, and mobile application users. If you disagree with any aspect of this policy, you should discontinue using our services immediately.
Key Definitions & Terminology
To ensure clarity throughout this document, we provide the following definitions of key terms used in this Privacy Policy.
| Term | Definition | Application Context |
|---|---|---|
| Personal Data | Any information relating to an identified or identifiable natural person | Includes name, address, email, financial details, gaming history |
| Data Controller | Bass Win Casino Limited determines purposes and means of processing | We determine why and how your personal data is processed | >
| Data Processor | Third-party service providers processing data on our behalf | Payment processors, customer support providers, marketing agencies |
| Processing | Any operation performed on personal data | Collection, storage, modification, retrieval, disclosure, erasure |
| UK GDPR | United Kingdom General Data Protection Regulation | Primary data protection legislation applicable in the UK |
| Special Category Data | Sensitive personal data requiring enhanced protection | Biometric data, health information, political opinions |
Data Collection Methods & Categories
We collect personal information through various methods to provide and improve our services. The table below outlines the primary data collection categories and their purposes.
Direct Collection Methods
Registration Information
When you create an account with Bass Win Casino, we collect essential identification details including full name, date of birth, residential address, email address, and telephone number. This information enables us to verify your identity, establish your legal right to gamble, and create your gaming account.
Financial Information
To facilitate deposits and withdrawals, we collect payment details including bank account numbers, credit/debit card information, e-wallet account details, and transaction histories. We never store complete credit card numbers; payment processing occurs through PCI-DSS compliant third-party providers.
Verification Documentation
In compliance with UKGC regulations and anti-money laundering requirements, we collect copies of identification documents including passports, driving licences, utility bills, and bank statements. These documents are securely stored and used solely for regulatory compliance purposes.
Automated Collection Methods
Technical Information
Our systems automatically collect technical data including IP addresses, browser types, device information, operating systems, and connection details. This information helps us maintain security, prevent fraud, and optimise user experience across different devices.
Usage Information
We collect data about how you interact with our services including game preferences, betting patterns, session durations, page visit histories, and feature usage statistics. This information helps us personalise your experience and improve our platform functionality.
Location Data
We collect geographical location information to ensure compliance with jurisdictional restrictions and gambling regulations. Location data helps us verify that you are accessing our services from permitted territories and prevents access from prohibited jurisdictions.
How We Use Your Information
Your personal data serves multiple legitimate purposes within our operational framework. The following table details the specific uses of collected information.
| Purpose Category | Specific Uses | Legal Basis |
|---|---|---|
| Account Management | Creating and maintaining your gaming account, processing deposits and withdrawals, verifying identity and age | Contractual necessity, legal obligation |
| Regulatory Compliance | Preventing money laundering, fraud detection, responsible gambling monitoring, tax reporting | Legal obligation, legitimate interest |
| Service Provision | Game functionality, customer support, technical assistance, account administration | Contractual necessity, legitimate interest |
| Marketing Communications | Promotional offers, bonus notifications, new game announcements, personalised recommendations | Consent, legitimate interest |
| Platform Improvement | Analytics, user experience enhancement, feature development, security optimisation | Legitimate interest |
| Legal Protection | Enforcing terms and conditions, resolving disputes, protecting intellectual property rights | Legitimate interest, legal obligation |
Responsible Gambling: We use your gaming activity data to monitor for problematic gambling patterns. If we detect behaviour indicating potential gambling harm, we may use your contact information to provide responsible gambling support resources or implement protective measures in accordance with our duty of care.
Legal Basis for Data Processing
Under UK GDPR, we must have a valid legal basis for processing your personal data. The following explains the legal grounds we rely upon for different processing activities.
Contractual Necessity
We process personal data necessary to fulfil our contractual obligations to you. This includes account creation, payment processing, game provision, and customer support services. Without this processing, we could not provide the gaming services you request.
Legal Obligation
As a UKGC-licensed operator, we have legal obligations to process certain data including identity verification, anti-money laundering checks, responsible gambling monitoring, and tax reporting. These processing activities are mandatory under UK gambling legislation.
Legitimate Interest
We process data where we have legitimate business interests, provided these do not override your rights and freedoms. This includes fraud prevention, network security, service improvement, and direct marketing. We conduct regular legitimate interest assessments to ensure balanced processing.
Consent
For certain marketing communications and optional data processing activities, we seek your explicit consent. You may withdraw consent at any time through your account settings or by contacting our Data Protection Officer. Consent withdrawal does not affect the lawfulness of previous processing.
Data Sharing with Third Parties
We share personal data with selected third parties under strict contractual agreements. The following categories outline our data sharing practices.
| Third-Party Category | Purpose of Sharing | Data Protection Safeguards |
|---|---|---|
| Payment Processors | Financial transaction processing, fraud prevention, payment verification | PCI-DSS compliance, data processing agreements, encryption standards |
| Game Providers | Game functionality, random number generation, game result verification | Technical and organisational measures, contractual data protection clauses |
| Regulatory Bodies | UKGC reporting, compliance verification, investigation support | Legal obligation basis, minimal necessary data sharing |
| Service Providers | Customer support, IT infrastructure, marketing services, analytics | Data processing agreements, security assessments, access limitations |
| Professional Advisors | Legal advice, audit services, financial consultation | Confidentiality obligations, professional ethical standards |
| Law Enforcement | Legal requests, criminal investigations, regulatory inquiries | Legal compliance basis, formal request verification procedures |
International Transfers: Some third parties may be located outside the United Kingdom. In such cases, we ensure adequate safeguards are in place through UK International Data Transfer Agreements or UK Addendum to the EU Standard Contractual Clauses.
Data Security Measures
We implement comprehensive technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.
Technical Security Measures
Encryption Technologies
All data transmissions between your device and our servers employ 256-bit SSL encryption. Sensitive data at rest is encrypted using industry-standard AES-256 encryption algorithms. Payment information undergoes additional encryption through PCI-DSS compliant payment gateways.
Access Controls
We implement role-based access controls, multi-factor authentication for administrative access, and principle of least privilege permissions. Employee access to personal data is strictly limited to those requiring it for legitimate business purposes.
Network Security
Our infrastructure is protected by enterprise-grade firewalls, intrusion detection and prevention systems, regular vulnerability scanning, and Distributed Denial of Service (DDoS) protection. We conduct periodic penetration testing by independent security experts.
Organisational Security Measures
Employee Training
All employees undergo mandatory data protection training upon hiring and annually thereafter. Training covers UK GDPR requirements, security protocols, incident response procedures, and confidentiality obligations.
Security Policies
We maintain comprehensive information security policies covering data classification, access management, incident response, business continuity, and third-party risk management. Policies are regularly reviewed and updated in response to emerging threats.
Incident Response
We have established procedures for detecting, reporting, and investigating personal data breaches. Our incident response team follows predefined protocols to contain breaches, assess risks, and notify affected individuals and regulators where required by law.
Data Retention Periods
We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by law.
| Data Category | Retention Period | Retention Justification |
|---|---|---|
| Account Registration Data | 6 years after account closure | UKGC regulatory requirements, financial record-keeping obligations |
| Financial Transaction Records | 7 years after transaction date | Taxation laws, anti-money laundering regulations |
| Identity Verification Documents | 5 years after account closure | UKGC licence conditions, fraud prevention requirements |
| Gaming Activity Records | 6 years after activity date | Dispute resolution, regulatory compliance, responsible gambling |
| Marketing Consent Records | 3 years after consent withdrawal | Proof of consent, regulatory compliance evidence |
| Customer Support Communications | 6 years after communication date | Service quality monitoring, dispute resolution evidence |
Data Disposal Procedures
Upon expiration of retention periods, we securely destroy or anonymise personal data using certified data destruction methods. Physical documents are shredded and electronically destroyed, while digital data undergoes secure erasure following NIST 800-88 standards for media sanitisation.
Your Data Protection Rights
Under UK data protection laws, you possess specific rights regarding your personal data. The following table outlines these rights and how to exercise them.
| Right | Description | How to Exercise |
|---|---|---|
| Right of Access | Obtain confirmation of whether we process your data and access to that data | Submit a Subject Access Request via your account or contact DPO |
| Right to Rectification | Request correction of inaccurate or incomplete personal data | Update information in account settings or contact customer support |
| Right to Erasure | Request deletion of personal data under specific circumstances | Submit erasure request through account closure procedure |
| Right to Restriction | Request limitation of processing under certain conditions | Contact Data Protection Officer with specific restriction request |
| Right to Data Portability | Receive personal data in structured, commonly used format | Request portable data export through account settings |
| Right to Object | Object to processing based on legitimate interests or direct marketing | Adjust marketing preferences in account or contact DPO |
| Rights Related to Automated Decision Making | Right to human intervention, explanation, and challenge automated decisions | Request manual review of automated decisions affecting you |
Exercise Your Rights: To exercise any of these rights, please contact our Data Protection Officer using the details provided in the Contact section. We will respond to valid requests within one month, though this may be extended for complex requests. We may request specific information to verify your identity before processing rights requests.
International Data Transfers
As an international gaming operator, we may transfer personal data outside the United Kingdom in specific circumstances.
Transfer Mechanisms
When transferring personal data outside the UK, we implement appropriate safeguards as required by UK data protection laws. These include:
UK Adequacy Regulations
We transfer data to countries recognised by the UK as providing adequate data protection standards. These currently include European Economic Area countries and other jurisdictions with UK adequacy decisions.
UK International Data Transfer Agreement
For transfers to countries without adequacy decisions, we use the UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses to ensure appropriate safeguards.
Binding Corporate Rules
For intra-group transfers, we implement Binding Corporate Rules approved by the UK Information Commissioner's Office, ensuring consistent data protection standards across our organisation.
Third-Country Processing
Some of our service providers may process data in locations outside the UK. In all such cases, we conduct thorough due diligence and implement contractual safeguards to ensure equivalent protection of your personal data.
You may obtain details about specific international transfers and the safeguards in place by contacting our Data Protection Officer.
Policy Changes & Updates
We regularly review and update this Privacy Policy to reflect changes in our practices, services, and legal requirements.
Update Procedure
When we make material changes to this Privacy Policy, we will notify you through prominent notices on our website, email communications, or within your account dashboard. We will indicate at the top of this policy when it was most recently updated.
Minor changes or clarifications that do not materially affect your rights or our processing activities may be made without individual notification. However, we encourage you to review this policy periodically to stay informed about how we protect your information.
Version Control
We maintain version control of all policy documents, with change logs documenting modifications, reasons for changes, and effective dates. Previous versions of this Privacy Policy are archived and available upon request.
Your continued use of our services after policy updates constitutes acceptance of the revised terms. If you disagree with substantial changes, you may close your account and cease using our services.
Contact & Complaints
If you have questions, concerns, or wish to exercise your data protection rights, please contact us using the following information.
Data Protection Officer
Our Data Protection Officer oversees compliance with data protection laws and can address any privacy-related inquiries:
Postal Address
Data Protection Officer
Bass Win Casino Limited
United Kingdom
Email Contact
Complaint Procedure
If you have concerns about our data handling practices, please contact our Data Protection Officer first. We aim to resolve all complaints promptly and fairly.
If you remain dissatisfied, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: https://www.ico.org.uk