Privacy Notice - How Cazeus Handles Your Personal Data

Introduction & Who We Are

This Privacy Notice explains how Cazeus ("we", "us", "our") collects, uses, stores, and protects personal information when you use our website or services. We are committed to handling your data responsibly and in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We act as the data controller for the personal information we hold about you. This means we are responsible for deciding how and why your data is processed. If you have any questions about this notice or about how we handle your personal information, please contact us using the details provided on our Contact page.

This notice applies to all visitors and registered users of our website, as well as anyone who contacts us by any means including live chat, email, and telephone. Please read it carefully. If you do not agree with any part of this notice, you should not use our services.

Last updated: January 2026. We will notify registered users of any material changes to this notice.

What Personal Data We Collect

The personal data we collect depends on how you interact with us. We only collect information that is necessary for a specific, identified purpose.

When you create an account:

Full name and date of birth
Email address and chosen username
Residential address, including postcode
Phone number (optional, but required for certain account verification steps)
Username and password (your password is stored in encrypted form and is never accessible in plain text by our staff)

During identity verification (KYC):

Government-issued photo identification (passport, driving licence)
Proof of address (utility bill, bank statement)
In some cases, proof of payment method or source of funds documentation

When you make deposits or withdrawals:

Payment method details (we do not store full card numbers - payment processing is handled by regulated third-party providers)
Transaction amounts and timestamps
Associated currency and method type

When you use our platform:

Gaming activity, including game sessions, bets placed, outcomes, and account balance history
Responsible gaming settings and limit preferences you have applied
Device type, browser, operating system, and IP address
Session timestamps and pages visited

When you contact our support team:

The content of your messages
Chat transcripts and email correspondence
Any documents you share in connection with your enquiry

Marketing preferences: If you opt in to marketing communications, we record this preference and use it to send relevant offers. You can withdraw consent at any time.

How and Why We Use Your Data

We use the personal data we collect for the following purposes:

Account management and service delivery: To create and maintain your account, process deposits and withdrawals, deliver customer support, and provide access to games and features. This is the core purpose for which your data is processed, and without it we cannot provide you with services.

Identity verification and fraud prevention: We are required by UK Gambling Commission regulations to verify the identity of all players. We use the identity documents you provide to confirm who you are, to check that you meet our minimum age requirement (18+), and to conduct checks against financial crime and sanctions databases.

Regulatory compliance: As a licensed operator, we are subject to legal obligations relating to anti-money laundering (AML), counter-terrorism financing (CTF), responsible gambling, and record-keeping. Processing your data for these purposes is a legal requirement, not optional.

Responsible gambling monitoring: We analyse gaming behaviour to identify patterns that may indicate problematic gambling. This analysis is used to trigger proactive contact from our responsible gaming team or to apply account restrictions. The legal basis for this processing is our legitimate interest in preventing harm to our customers, as well as our regulatory obligations.

Service improvement and analytics: We use aggregated, anonymised data about how players use our platform to improve our product, identify technical issues, and prioritise development work. Where data is genuinely anonymised, it is no longer personal data and falls outside the scope of this notice.

Marketing communications: If you have opted in, we use your contact details and preferences to send you information about promotions, new games, and other offers. You can opt out at any time by clicking the unsubscribe link in any email, or by updating your preferences in your account settings.

Legal claims and disputes: We may process your data to establish, exercise, or defend legal claims, including disputes over account outcomes or financial transactions.

Legal Basis for Processing

Under UK GDPR, we are required to identify a legal basis for each category of data processing. Our processing activities rely on the following bases:

Contract performance: Processing necessary to create and manage your account and to deliver the services you have registered for.
Legal obligation: Processing required by law, including identity verification, anti-money laundering checks, responsible gambling obligations, and record-keeping requirements imposed by the UK Gambling Commission and other regulatory bodies.
Legitimate interests: Processing for fraud prevention, security monitoring, responsible gambling oversight, and general platform improvement, where these interests are not overridden by your rights and freedoms. We conduct a legitimate interest assessment for each such use.
Consent: Processing for marketing communications and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing that occurred before withdrawal.

Sharing Your Data with Third Parties

We share personal data with third parties only where necessary and only in circumstances consistent with this Privacy Notice. We do not sell personal data, and we do not share it for third parties' own marketing purposes without your explicit consent.

Categories of third parties with whom we share data:

Payment processors: To facilitate deposits and withdrawals. These providers are subject to strict contractual data protection obligations and are regulated in their own right.
Identity verification providers: To conduct KYC checks, including document verification and database screening. These providers handle data on our behalf under data processing agreements.
Game software providers: To deliver games. Where necessary, session data is shared with providers to ensure game functionality, fairness auditing, and dispute resolution.
Regulatory and law enforcement authorities: Where required by law, including the UK Gambling Commission, HMRC, and law enforcement agencies. We disclose data to these bodies only to the extent required.
Self-exclusion schemes: We share relevant data with GamStop and similar schemes as required by our regulatory obligations.
IT infrastructure and hosting providers: Who process data on our behalf to maintain the technical operation of our platform. These providers are subject to data processing agreements and are required to implement appropriate security measures.

All third parties with whom we share personal data are required to process it only for the purposes for which it was shared, in accordance with applicable data protection law, and to maintain appropriate security standards.

Cookies and Tracking Technologies

We use cookies and similar technologies to operate our website, remember your preferences, and understand how you use our platform. Cookies are small text files stored on your device by your browser.

Essential cookies are necessary for the website to function. They enable features such as session management, login persistence, and security. These cookies cannot be disabled without preventing the website from working correctly.

Analytics cookies allow us to measure traffic and user behaviour on an aggregated basis. We use this data to improve our platform. These cookies do not identify you personally.

Marketing and tracking cookies may be set by us or by third-party advertising partners to track your activity across websites and deliver relevant advertising. These cookies are only placed with your consent.

You can manage your cookie preferences at any time using the cookie settings tool available on our website. You can also manage cookies through your browser settings, although blocking essential cookies will affect your ability to use our platform.

Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this notice, and for as long as required by applicable law.

For active accounts, we retain data for the duration of your relationship with us. Following account closure, we are required by UK Gambling Commission regulations and anti-money laundering legislation to retain certain records for a minimum of five years. In some cases, this period may be extended where required to resolve ongoing disputes or comply with regulatory requests.

Marketing data is retained until you withdraw consent, after which it is removed from active marketing lists. It may be retained in suppression lists to ensure we honour opt-out requests.

Anonymised and aggregated data may be retained indefinitely, as it does not constitute personal data.

When personal data is no longer required, it is deleted or anonymised using secure methods appropriate to the sensitivity of the data in question.

Your Rights Under UK GDPR

As a data subject under UK GDPR, you have the following rights in relation to your personal data:

Right of access: You have the right to request a copy of the personal data we hold about you. We will respond to subject access requests within one calendar month.
Right to rectification: If any personal data we hold is inaccurate or incomplete, you have the right to request that we correct it. You can update many details directly in your account settings.
Right to erasure: In certain circumstances, you have the right to request deletion of your personal data. Please note that this right is subject to exceptions, including where we are required to retain data by law or for the establishment, exercise, or defence of legal claims.
Right to restriction of processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, for example while the accuracy of data is disputed.
Right to data portability: Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
Right to object: You have the right to object to processing based on legitimate interests. Where you object to marketing, we will always respect this. Other objections are assessed on a case-by-case basis.
Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.
Right to lodge a complaint: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have handled your personal data in a manner inconsistent with UK GDPR.

To exercise any of these rights, please contact us using the details on our Contact page. We may require verification of your identity before processing your request. There is no charge for most requests, and we will not discriminate against you for exercising your rights.

Data Security

We implement technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, loss, or destruction. These measures are appropriate to the sensitivity of the data and the risks involved in its processing.

Specific security measures include 256-bit SSL/TLS encryption for all data transmitted between your device and our servers, encryption of sensitive data fields within our databases, role-based access controls that limit staff access to personal data to what is necessary for their role, regular security assessments and penetration testing, and staff training on data protection obligations.

Player funds are held in segregated accounts, entirely separate from our operational finances. This ensures that your funds are protected independently of our business performance.

Despite our best efforts, no security system is completely impenetrable. If we become aware of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, will notify affected individuals without undue delay.

Changes to This Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, our technology, legal requirements, or other factors. When we make significant changes, we will notify registered users by email and will update the "last updated" date at the top of this document.

We encourage you to review this notice periodically. Continued use of our services following notification of a material change constitutes acceptance of the updated notice.

If you have any questions about this Privacy Notice or about the way we handle your personal data, please contact us via the details on our Contact page. We are committed to transparency and will respond to all genuine enquiries promptly.