Privacy Policy

Who We Are

Slotbox Casino operates the website https://slotbox-casino-uk.com and is committed to protecting the personal information of everyone who uses our services. We take our responsibilities under UK data protection law seriously, and this Privacy Policy explains clearly what information we collect, why we collect it, how we use it, and what rights you have in relation to it.

When you create an account, make a deposit, play games, or simply browse our website, you are sharing information with us. This policy is intended to give you a full and honest picture of what that means in practice.

Slotbox Casino is the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This means we are responsible for deciding how and why your personal data is processed.

If you have questions about anything in this policy, you are welcome to contact us directly at [email protected].

The Legal Framework We Operate Within

As an online casino licensed by the UK Gambling Commission (UKGC), we are required to comply with a range of legal obligations that directly affect how we handle your personal data. These include:

• The UK General Data Protection Regulation (UK GDPR)
• The Data Protection Act 2018
• The Privacy and Electronic Communications Regulations 2003 (PECR)
• The Gambling Act 2005
• The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
• UKGC Licence Conditions and Codes of Practice (LCCP)

Some of our data processing activities are not optional. We are legally required to verify your identity, carry out anti-money laundering checks, and maintain records of gambling activity. These obligations exist regardless of your preferences and form part of our regulatory responsibilities as a licensed operator.

What Information We Collect

Information You Provide to Us

When you register an account or interact with our services, we collect the following:

• Full name
• Date of birth
• Residential address
• Email address
• Telephone number
• Username and password (stored in encrypted form)
• Gender (where provided)
• Payment information, including card details and e-wallet identifiers (we do not store full card numbers; this is handled through secure, PCI-DSS-compliant third-party providers)
• Identity verification documents such as a passport, driving licence, or utility bill
• Proof of source of funds where required under our AML procedures
• Responses to responsible gambling assessments and self-exclusion requests
• Communications you send to our customer support team

Information We Collect Automatically

When you visit or use our website, we automatically collect certain technical and behavioural data, including:

• IP address and approximate geolocation
• Device type, operating system, and browser version
• Pages visited, time spent on each page, and navigation patterns
• Session identifiers and login timestamps
• Game activity, including bets placed, games played, session duration, and outcomes
• Deposit and withdrawal records
• Referral sources (for example, whether you arrived via a search engine or a link)

Information from Third Parties

We may receive personal data about you from third parties in the following circumstances:

• Identity and age verification providers who confirm your identity documents
• Credit reference agencies and fraud prevention services
• Payment processors who handle transactions on our behalf
• The national self-exclusion scheme GamStop, which we are required to cross-reference before allowing play
• Regulatory bodies such as the UKGC, where information sharing is required

Why We Use Your Information and on What Legal Basis

UK GDPR requires us to have a valid legal basis for every way we use your personal data. The six available legal bases are: consent, contract, legal obligation, vital interests, public task, and legitimate interests. Below we explain which applies to each category of our processing.

To Fulfil Our Contract With You

We process your personal data to provide the services you have signed up for. Without this, we could not operate your account, process deposits or withdrawals, credit bonuses, or offer customer support.

This includes:

• Creating and managing your player account
• Processing financial transactions
• Delivering promotional offers you have opted into
• Responding to support queries and resolving disputes
• Sending transactional communications (account confirmations, withdrawal notifications, etc.)

To Comply With Our Legal Obligations

Several of our processing activities are carried out because we are legally required to do so as a licensed gambling operator. We have no discretion in these matters, and your consent is not required for them.

This includes:

• Verifying your identity and age before allowing you to gamble (Know Your Customer / KYC checks)
• Carrying out ongoing anti-money laundering (AML) monitoring
• Reporting suspicious activity to the National Crime Agency (NCA) where required
• Retaining gambling transaction records for inspection by the UKGC
• Cross-referencing your details against GamStop and complying with self-exclusion requests
• Complying with court orders and requests from law enforcement authorities
• Maintaining records as required under tax law

For Our Legitimate Interests

We carry out some processing where we have a genuine business reason that does not override your fundamental rights. Before relying on this basis, we weigh our interests against any potential impact on you.

This includes:

• Fraud prevention and the security of our platform
• Analysing how players use our services to improve them
• Monitoring for problem gambling indicators and fulfilling our safer gambling obligations under the LCCP
• Keeping basic records for the purpose of managing legal disputes
• Conducting internal audits and risk assessments

Where we rely on legitimate interests, you have the right to object to that processing. See the section on your rights below.

With Your Consent

Where we rely on your consent, we will make this clear at the point of collection. This applies primarily to:

• Sending you marketing communications by email, SMS, or post
• Placing non-essential cookies on your device (see the Cookies section below)

You may withdraw your consent at any time, and doing so will not affect the lawfulness of processing carried out before withdrawal.

Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to make the site function properly, understand how it is used, and, where you have given consent, to serve you relevant content.

Strictly Necessary Cookies

These cookies are essential for the website to work. They allow you to log in, navigate between pages, and use secure features. These cannot be disabled without breaking core functionality.

Performance and Analytics Cookies

These cookies collect information about how visitors use our site, such as which pages are visited most frequently and whether error messages are received. We use this data in aggregate to improve the website. These cookies are only placed with your consent.

Functionality Cookies

These remember choices you make, such as your language preference or whether you have dismissed a notification. They are placed with your consent.

Targeting and Advertising Cookies

We may use these cookies, with your consent, to serve advertisements that are more relevant to your interests and to measure the effectiveness of our promotional activity.

You can manage your cookie preferences at any time using the cookie settings available on our website. Refusing non-essential cookies will not prevent you from using our services, though some features may be less personalised.

For more information about cookies and your rights in relation to them, you can visit the Information Commissioner’s Office (ICO) website at ico.org.uk.

How We Share Your Information

We do not sell your personal data. We do not share it with third parties for their own marketing purposes. We share information only in the circumstances described below.

Service Providers

We work with third-party companies that help us deliver our services. These include:

• Identity verification and age-checking providers
• Payment processors and banking partners (including providers supporting Visa, Mastercard, Skrill, and other payment methods)
• Game software providers such as NetEnt, Pragmatic Play, Evolution Gaming, Red Tiger Gaming, Play’n Go, and Big Time Gaming, who may receive session data relevant to their games
• Customer support platforms
• IT infrastructure and hosting providers
• Analytics and fraud detection tools

All third-party service providers are required to process your data only on our instructions and in accordance with our data protection agreements. They are not permitted to use your data for any other purpose.

Regulatory and Legal Disclosure

We may be required to share your personal data with:

• The UK Gambling Commission (UKGC)
• HM Revenue and Customs (HMRC)
• The Financial Conduct Authority (FCA)
• The National Crime Agency (NCA)
• The police or other law enforcement agencies where we receive a lawful request
• Courts, tribunals, or regulatory bodies in connection with legal proceedings

These disclosures are made under legal obligation and do not require your consent.

GamStop and Safer Gambling Organisations

As a UKGC-licensed operator, we are required to check your details against GamStop, the national self-exclusion register. If you have self-excluded through GamStop, we are obligated to prevent you from creating or accessing an account with us. Your data may be shared with GamStop and related organisations as part of this process.

Business Transfers

In the event of a merger, acquisition, or sale of business assets, your personal data may be transferred to the acquiring entity. You will be notified in advance if this affects how your data is processed, and your rights will continue to apply.

Marketing Communications

We will only contact you with marketing material if you have consented to receive it or if we are communicating with you about products or services similar to those you have already used (the “soft opt-in” rule under PECR).

You can opt out of marketing communications at any time by:

• Clicking the unsubscribe link in any marketing email
• Updating your communication preferences in your account settings
• Contacting us at [email protected]

Opting out of marketing will not affect the transactional messages we send you, such as account confirmations, deposit notifications, or security alerts. These are sent as part of our contractual relationship with you and are not optional.

We do not send marketing communications to players who have self-excluded or taken other responsible gambling measures that would make such contact inappropriate.

Responsible Gambling and Data Processing

Our licence from the UKGC places specific requirements on us to protect players from gambling-related harm. Some of our data processing exists specifically to fulfil these obligations.

We monitor player behaviour to identify signs of problem gambling. This may include tracking changes in deposit frequency, session length, betting patterns, or self-reported information. Where we identify potential indicators of harm, we may make contact with you or take steps to limit your account activity.

This processing is carried out under our legitimate interests and our legal obligations as a licensed operator. It is not optional, and it forms a core part of our safer gambling commitment.

If you wish to set limits on your play, take a break, or self-exclude, you can do so through the Responsible Gambling section of your account or by contacting our support team at [email protected]. Self-exclusion requests are permanent if made through GamStop and binding for a defined period if made directly with us.

We retain records relating to self-exclusion and responsible gambling interactions for as long as required under our regulatory licence conditions.

Age Verification

We are legally prohibited from allowing anyone under the age of 18 to gamble. Before you can deposit or play, we carry out age verification checks using your personal data. These checks are conducted by accredited third-party verification providers.

If your age cannot be confirmed electronically, we will ask you to provide documentary evidence such as a passport or driving licence. Until your age is verified, you will not be permitted to place real-money bets.

We may share your date of birth and other identifying information with third-party verification services solely for this purpose.

How Long We Keep Your Data

We do not retain your personal data for longer than necessary. The retention periods we apply are determined by our legal obligations, regulatory requirements, and genuine operational needs.

As a general guide:

• Account information and transaction records are retained for a minimum of five years following the closure of your account, as required under anti-money laundering regulations
• Identity verification documents are retained for five years from the date of verification or from the end of the business relationship, whichever is later
• Marketing consent records are retained for as long as necessary to demonstrate compliance with PECR
• Customer service communications are retained for up to three years
• Responsible gambling records, including self-exclusion requests, may be retained for longer where our regulatory obligations require it

When data is no longer required, it is securely deleted or anonymised.

Your Rights Under UK GDPR

UK data protection law gives you a number of rights in relation to your personal data. These rights are not absolute, and in some cases they may be limited by our legal obligations. We will always explain our position if we are unable to fulfil a request.

The right to access. You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one month of receipt.

The right to rectification. If any of the information we hold about you is inaccurate or incomplete, you can ask us to correct it.

The right to erasure. In certain circumstances, you can request that we delete your personal data. This right does not apply where we are required to retain data by law, for example under our AML obligations.

The right to restrict processing. You can ask us to pause the use of your data in certain situations, for example while a dispute about accuracy is being resolved.

The right to data portability. Where we process your data based on your consent or to fulfil a contract, you can request that we provide it in a structured, commonly used, machine-readable format.

The right to object. You can object to processing carried out on the basis of legitimate interests. We will stop unless we can demonstrate a compelling reason to continue. You have an unconditional right to object to processing for direct marketing purposes.

Rights in relation to automated decision-making. Where decisions with significant effects on you are made automatically, you have the right to request human review. We will inform you if such processing applies to your account.

To exercise any of these rights, please contact us at [email protected]. We will verify your identity before acting on a request to ensure your data is not disclosed to someone acting without authorisation.

Security

We take the security of your personal data seriously and implement technical and organisational measures appropriate to the risks involved. These include:

• SSL encryption across all pages of the website
• Secure, encrypted storage of passwords
• Restricted internal access to personal data on a need-to-know basis
• Regular security reviews and testing
• PCI-DSS compliant payment processing

No method of transmission over the internet is entirely without risk, and we cannot guarantee the absolute security of data transmitted to our site. However, once we receive your information, we apply strict security procedures to protect it against unauthorised access, alteration, or disclosure.

If you become aware of any suspected security incident involving your account, please contact us immediately at [email protected].

International Transfers of Personal Data

Some of our service providers are based outside the United Kingdom. Where personal data is transferred internationally, we ensure that appropriate safeguards are in place, consistent with the requirements of UK GDPR.

These safeguards may include:

• Transfers to countries with an adequacy decision from the UK Secretary of State
• Standard Contractual Clauses (SCCs) approved for use in the UK context
• Binding Corporate Rules where applicable

You can request further information about the specific safeguards we apply to international transfers by contacting us at [email protected].

Third-Party Links

Our website may contain links to external websites or services operated by third parties. This Privacy Policy does not apply to those websites. We have no control over the content or privacy practices of third-party sites and encourage you to review their own privacy notices before sharing any personal information with them.

Children

Our services are strictly for adults aged 18 and over. We do not knowingly collect personal data from children. If we become aware that data has been collected from someone under 18, we will delete it without delay.

If you believe that a minor has registered an account or shared data with us, please contact us at [email protected] so that we can take immediate action.

Changes to This Privacy Policy

We review and update this Privacy Policy periodically to reflect changes in law, our practices, or the services we offer. When we make material changes, we will notify you through your registered email address or by displaying a notice on our website. Continued use of our services following notification constitutes your acknowledgement of the updated policy.

How to Complain

If you are unhappy with how we have handled your personal data, we would ask that you contact us first so that we can try to resolve the matter directly. You can reach us at [email protected].

If you remain dissatisfied after raising the matter with us, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the UK’s independent supervisory authority for data protection matters.

You can contact the ICO at:

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Telephone: 0303 123 1113 Website: https://ico.org.uk

Contact Us

For any questions, requests, or concerns relating to this Privacy Policy or the way we handle your personal data, please get in touch with us:

Slotbox Casino Email: [email protected] Website: https://slotbox-casino-uk.com