Privacy Policy Basswin Casino

This Privacy Policy explains how Basswin Casino, operated by Fara Tech Services LTD ("we", "us", "our", the "Operator"), collects, uses, stores, shares and protects your personal data when you visit our website at casino-basswin.me.uk or use any of our services. We are committed to safeguarding your privacy and ensuring that your personal information is handled transparently and in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By accessing our website, creating an account, or using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the data processing practices described herein. If you do not agree with any aspect of this policy, you should not use our services.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or operational needs. The most current version will always be available on this page. We encourage you to review it periodically. Material changes will be communicated to registered players via email.

1. Information We Collect

We collect various types of personal data depending on how you interact with our platform. The categories of information we collect include:

Information you provide directly:

• Full name, date of birth, gender
• Residential address and postal code
• Email address and telephone number
• Username, password and security questions
• Payment information, including card details, bank account information and cryptocurrency wallet addresses
• Identity verification documents (government-issued photo ID, proof of address, source of funds documentation)
• Communication records, including emails, live chat transcripts and support tickets

Information we collect automatically:

• IP address and geolocation data
• Device type, operating system, browser type and version
• Pages visited, time spent on pages, click patterns and navigation behaviour
• Referral source and exit pages
• Session duration and frequency of visits
• Cookie data and similar tracking technologies (see our Cookie Policy for details)

Information from third parties:

• Identity verification results from our KYC service providers
• Fraud prevention data from anti-fraud screening services
• Payment processing confirmations from financial institutions
• Self-exclusion registry checks (e.g., GAMSTOP)

2. How We Use Your Information

We process your personal data for the following purposes, each supported by a lawful basis under the UK GDPR:

Performance of contract (Article 6(1)(b)):

• Creating and managing your player account
• Processing deposits, withdrawals and other financial transactions
• Providing customer support and responding to your enquiries
• Delivering bonuses, promotions and loyalty rewards you have opted into
• Settling bets and calculating winnings

Legal obligation (Article 6(1)(c)):

• Verifying your identity and age as required by gambling regulations
• Conducting anti-money laundering (AML) and counter-terrorism financing checks
• Reporting suspicious activity to relevant authorities
• Maintaining records for regulatory and tax compliance
• Processing self-exclusion and responsible gambling requests

Legitimate interests (Article 6(1)(f)):

• Detecting and preventing fraud, security threats and unauthorised access
• Analysing platform performance and improving our services
• Conducting internal audits and quality assurance
• Protecting our legal rights and enforcing our Terms and Conditions

Consent (Article 6(1)(a)):

• Sending marketing communications and promotional offers (only where you have opted in)
• Using non-essential cookies and analytics tools

You may withdraw your consent at any time by contacting us at [email protected] or adjusting your account preferences. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

3. Data Sharing and Third Parties

We do not sell, rent or trade your personal data to third parties for their own marketing purposes. We may share your information with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate data protection safeguards:

• Payment processors — To facilitate deposits, withdrawals and transaction verification. This includes card processors, bank partners and cryptocurrency payment gateways.
• Identity verification providers — To perform KYC checks, age verification and document authentication as required by law.
• Fraud prevention services — To screen transactions and account activity for potential fraud, money laundering or other illicit behaviour.
• Game providers — Our software partners may process limited data (such as player ID and game session data) to deliver games and ensure fair play.
• Regulatory authorities — We may disclose information to the Curaçao Gaming Authority, law enforcement agencies or other regulatory bodies when required by law or in response to a valid legal request.
• Professional advisors — Lawyers, auditors and accountants may access data in connection with legal, audit or compliance matters.
• Cloud and hosting providers — Our technical infrastructure providers store and process data on our behalf under strict contractual data protection obligations.

Where personal data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the Information Commissioner's Office (ICO), or transfers to countries with an adequacy decision.

4. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, or as required by applicable law. Our general retention periods are:

• Active accounts — Data is retained for the duration of your account activity plus 5 years after account closure, as required by anti-money laundering regulations.
• Financial records — Transaction data is retained for a minimum of 5 years following the transaction, in line with AML and tax compliance obligations.
• Marketing data — If you unsubscribe from marketing communications, we will remove you from our marketing lists within 30 days but may retain your opt-out preference indefinitely to honour your request.
• Support communications — Chat transcripts and email correspondence are retained for up to 3 years after the last interaction.
• Self-exclusion records — Retained for the duration of the exclusion period plus an additional 7 years.

When your data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.

5. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights in relation to your personal data:

• Right of access — You can request a copy of the personal data we hold about you (a Subject Access Request or SAR).
• Right to rectification — You can ask us to correct any inaccurate or incomplete personal data.
• Right to erasure — You can request that we delete your personal data, subject to certain legal exceptions (e.g., where we must retain data for regulatory compliance).
• Right to restriction of processing — You can ask us to limit how we use your data in certain circumstances.
• Right to data portability — You can request to receive your personal data in a structured, commonly used, machine-readable format.
• Right to object — You can object to processing based on legitimate interests or direct marketing at any time.
• Rights related to automated decision-making — You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. In certain circumstances, we may extend this period by up to 60 additional days, in which case we will inform you of the extension and the reason for it.

If you are dissatisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

6. Data Security

We take the security of your personal data seriously and implement a range of technical and organisational measures to protect it against unauthorised access, alteration, disclosure, loss or destruction. These measures include:

• SSL/TLS encryption for all data transmitted between your browser and our servers
• Encryption of sensitive data at rest, including passwords (hashed and salted) and payment information
• Access controls and role-based permissions to ensure only authorised personnel can access personal data
• Regular security audits, vulnerability assessments and penetration testing
• Employee training on data protection and information security best practices
• Incident response procedures to detect, report and manage data breaches

While we take every reasonable precaution to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will promptly notify you and the relevant authorities in the event of a data breach that poses a risk to your rights and freedoms, as required by the UK GDPR.

This Privacy Policy was last updated in March 2026. If you have any questions about this policy or our data practices, please contact Fara Tech Services LTD at [email protected].