Privacy Policy
Effective Date: 20 May 2026.
Last Updated: 20 May 2026.
Welcome to NorseWin Casino. This Privacy Policy outlines how NorseWin Casino collects, uses, stores, processes, shares, and protects your personal data when you interact with our website and use our remote iGaming services.
We operate under strict compliance with the data protection laws of the United Kingdom, specifically the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025. Furthermore, as an online casino platform servicing UK citizens, our data processing activities are deeply tied to our regulatory obligations set forth by the UK Gambling Commission (UKGC) under the Licence Conditions and Codes of Practice (LCCP).
For the purpose of data protection laws, the Data Controller is the operating entity of NorseWin Casino. If you have any questions or wish to exercise your data subject rights, you can contact our designated Data Protection Officer (DPO) via email at [email protected].
1. Information We Collect
To provide you with a secure, legal, and optimized remote gaming experience, we must collect varying categories of personal data. This information is gathered directly from you during registration, automatically as you navigate our platform, and from trusted third-party verification entities.
1.1 Personal Identity and Contact Data
- Registration Information: Full legal name, date of birth, gender, residential address, post code, email address, and mobile phone number.
- Verification Documentation: Copies of official photographic identification (such as a valid UK passport or UK driving licence), proof of address documents (such as utility bills, council tax statements, or bank statements issued within the last three months).
1.2 Financial and Transactional Data
- Payment Details: Partial payment card numbers (PANs), cardholder names, expiry dates, and billing details for Visa and Mastercard.
- Digital Wallet and Alternative Payment Data: Account identifiers, email aliases, or transaction IDs associated with PayPal, Neteller, Skrill, Paysafecard, Apple Pay, and Google Pay.
- Bank Account Information: Account numbers and sort codes used for direct bank transfers.
- Source of Funds (SoF) and Financial Vulnerability Records: Payslips, tax returns, dividend certificates, bank statements, and automated financial vulnerability indicators derived from external credit reference checks.
1.3 Gaming, Transaction, and Behavioral Data
- Activity Logs: Full records of your gameplay, including every wager placed, spin executed, bets made on Premier League football, horse racing, or cricket events, game outcomes, session duration, and wins or losses.
- Financial History: Comprehensive history of deposits, withdrawals, pending transactions, and internal balance transfers.
- Responsible Gambling Records: Data related to your interaction with player safety tools, including custom deposit limits, cooling-off periods, loss limits, session timers, and temporary or permanent self-exclusion requests.
1.4 Technical and Usage Data
- Device Information: Internet Protocol (IP) address, operating system (e.g, macOS, Windows, iOS, Android), device type, unique device identifiers, browser type, and browser version.
- Geolocation Data: Precise geographical location data to verify that you are physically located within the permitted regulatory borders of the United Kingdom.
- Tracking and Cookies: Data collected via cookies, web beacons, and similar tracking mechanisms regarding your browsing patterns, entry pages, clicks, and site preferences.
1.5 Interaction and Correspondence Data
- Customer Support Records: Full transcripts of live chat sessions, email correspondence sent to [email protected], and any telephonic interaction logs with our helpdesk.
2. How and Why We Use Your Personal Data (Lawful Bases)
Under the UK GDPR, we must have a valid lawful basis to process your personal data. The table below outlines how we use your data and the legal justifications supporting each activity.
| Purpose / Processing Activity | Categories of Personal Data Involved | Lawful Basis for Processing (UK GDPR) |
|---|---|---|
| Account Creation & Maintenance: Setting up your player account, managing access, and delivering core casino services. | Identity, Contact, Technical Data | Performance of a Contract: Necessary to fulfill our Terms and Conditions with you. |
| Payment Processing: Facilitating deposits and withdrawals using Visa, Mastercard, PayPal, Neteller, Skrill, Apple Pay, Google Pay, or bank transfers. | Financial, Transactional, Identity Data | Performance of a Contract: Necessary to execute financial transactions requested by you. |
| Identity Verification (KYC): Confirming your legal identity, age (ensuring 18+ compliance), and residential address upon registration or withdrawal. | Identity, Contact, Verification Documents | Legal Obligation: Compliance with UKGC LCCP requirements and the Money Laundering Regulations. |
| Frictionless Financial Risk & Affordability Checks: Executing light-touch assessments at standard UKGC spending thresholds (e.g, net deposits reaching £150 within a rolling 30 days) or deep financial risk checks using third-party credit reference agency data. | Identity, Contact, Financial Data | Legal Obligation: Mandatory customer protection and affordability checks mandated by the UKGC. |
| Responsible Gambling & Harm Prevention: Tracking betting patterns, managing active deposit limits, monitoring for indicators of problematic behavior, and enforcing cross-operator self-exclusions. | Identity, Gaming History, Responsible Gambling Records | Legal Obligation & Vital Interests: Meeting statutory social responsibility requirements under the Gambling Act 2005 and protecting player well-being. |
| Anti-Money Laundering (AML) & Fraud Detection: Preventing bonus abuse, identifying collusive behavior, investigating suspicious financial patterns, and cross-checking data against sanctions lists. | Identity, Financial, Transactional, Technical Data | Legal Obligation & Legitimate Interests: Mitigating financial crime risks and defending our business from illicit operations. |
| Marketing Communications: Sending targeted promotions, special offers, and updates on popular sporting event markets via email or SMS. | Contact, Profile, Marketing Preferences | Consent: You explicitly opt-in to receive these materials and can withdraw consent at any time. |
| Platform Optimization & Troubleshooting: Managing server functionality, resolving software errors on macOS and PC devices, and analyzing aggregate user behavior to improve layouts. | Technical, Usage Data | Legitimate Interests: Keeping our digital infrastructure functional, responsive, and secure. |
3. Mandatory Regulatory Frameworks & Automated Checks
As a digital operator providing real-money gambling services to the UK market, our processing of your personal data is bound by severe statutory guardrails that override standard consumer privacy parameters.
3.1 Age and Identity Verification (KYC)
Before you are legally permitted to deposit money, place a single wager, or access any free-to-play versions of our catalog, your age and identity must be definitively verified. We cross-reference your registration info against national public databases, electoral rolls, and credit bureaus. If automated database verification fails, you must upload clear digital copies of your identification files. Failure to verify age (18+) or address results in immediate account suspension.
3.2 Frictionless Financial Risk Assessments
In accordance with current UKGC mandates, we carry out automated, non-intrusive financial vulnerability assessments.
- Light-Touch Safeguard: Triggered automatically when your net deposits hit £150 or more within a rolling 30-day window. This processing tracks basic commercial indicators to ensure you are not undergoing severe financial distress.
- Enhanced Financial Risk Evaluation: Triggered at higher statutory spending thresholds. This involves sharing your name, address, and date of birth with credit reference agencies to assess financial status without altering your credit score. If these background signals fail to provide clarity, we are required by law to ask you directly for Source of Funds documentation.
3.3 National Self-Exclusion Integration (GAMSTOP)
To uphold our social responsibility obligations, NorseWin Casino shares identity metrics with the national GAMSTOP multi-operator self-exclusion registry. Every time you log in or attempt to register a new account, your personal details are processed through an automated check against the GAMSTOP database. If a database match is verified, your access to our gambling facilities is blocked immediately, and your financial profile is shifted to a closed status to process the return of any residual funds.
4. Data Sharing and Disclosures
NorseWin Casino does not sell or rent your personal data to third parties. We do share your information with specific categories of processors and regulators to fulfill legal, contract, and technical obligations.
- The UK Gambling Commission (UKGC): As our primary regulatory authority, we share operational records, identity metrics, and compliance logs during standard audits or direct investigations.
- Law Enforcement and Financial Intelligence Units: In compliance with the Proceeds of Crime Act 2002 and Anti-Money Laundering protocols, data regarding suspicious actions or possible fraud will be forwarded directly to the National Crime Agency (NCA) or local UK police forces.
- Credit Reference Agencies and Fraud Prevention Bureaus: Data is shared with these entities to execute mandatory financial vulnerability profiling, identity cross-matching, and to protect against cross-site bonus abuse.
- Payment Gateways and Financial Institutions: Your transactional information is processed directly by secure clearing systems handling Visa, Mastercard, PayPal, Neteller, Skrill, Paysafecard, Apple Pay, Google Pay, and clearing banks.
- Responsible Gambling Support Networks: If a player exhibits signs of acute gambling harm or explicitly requests crisis intervention, relevant identity and contact details may be shared with safety helplines like GamCare or BeGambleAware to support targeted safety measures.
5. International Data Transfers
The data we collect from you is processed primarily within the United Kingdom and the European Economic Area (EEA). However, some of our third-party technical providers, software providers, or backup server operators may maintain facilities located outside the UK or EEA.
When personal data is transferred outside the United Kingdom to a country that does not benefit from an adequacy decision by the UK government, we implement appropriate safeguards to guarantee your data retains a level of protection equivalent to UK law. These safeguards include:
- Utilizing Standard Contractual Clauses (SCCs) approved by the European Commission, adapted for UK use via the International Data Transfer Addendum (IDTA).
- Ensuring our external technology partners maintain active compliance certifications or binding corporate rules that enforce rigorous security standards.
6. Data Security Measures
NorseWin Casino deploys extensive physical, electronic, and managerial systems designed to prevent unauthorized data access, maintaining absolute data confidentiality and integrity.
- Encryption: All data transmitted between your device (whether accessing via desktop macOS/PC or mobile operating systems) and our servers is secured using modern Transport Layer Security (TLS) and Secure Sockets Layer (SSL) encryption protocols. Financial databases containing card records or digital wallet tokens are stored using Advanced Encryption Standard (AES) 256-bit keys.
- Access Containment: Internal access to your personal information is restricted under a strict "least-privilege" model. Only compliance officers, risk managers, specialized support technicians, and legal personnel who require access to complete explicit duties are granted data clearance.
- Network Audits: Our server networks are protected by enterprise-grade firewalls, continuous intrusion detection software, and undergo routine third-party vulnerability scans and penetration testing to address emerging security vulnerabilities.
7. Data Retention Profiles
We retain your personal data only for as long as is strictly necessary to fulfill the operational purposes for which it was gathered, or to comply with our explicit legal and regulatory duties under UK law.
- Active Account Life: Throughout the active life of your NorseWin Casino profile, all identity, financial, and transactional data are retained to preserve your player history and maintain contract fulfillment.
- Post-Closure Statutory Retention: Once an account is closed or terminated, we do not erase your records immediately. Under UK Anti-Money Laundering legislation and UKGC regulatory frameworks, we are legally required to store your identity data, financial transaction logs, and gaming history for a minimum period of five (5) to seven (7) years from the formal date of account closure.
- Self-Exclusion Retention Records: Information concerning players who have self-excluded due to gambling safety concerns is maintained indefinitely or for significantly longer windows. This retention ensures we can enforce active blockades and refuse registration requests to protect vulnerable persons over the long term.
- Anonymized Statistics: Data stripped entirely of personally identifiable elements may be held indefinitely for internal performance analysis, reporting on sport betting trends, or adjusting casino software capabilities.
8. Your Data Subject Rights under UK GDPR
As a citizen or resident of the United Kingdom, you hold clear, enforceable rights regarding how businesses handle your personal details under the UK GDPR and the Data Protection Act 2018.
8.1 Right of Access (Subject Access Request - SAR)
You have the right to request confirmation that your personal data is being processed, along with a complete digital copy of all personal information we hold about you. This includes your specific gaming logs, payment histories, and verification profiles. We will supply this information free of charge within one calendar month of confirming your identity.
8.2 Right to Rectification
If you discover that any personal details we hold are inaccurate, outdated, or incomplete, you have the right to demand swift corrections. You can modify minor communication profiles directly within your account dashboard, while core identity changes (such as a updated legal name or new physical address) require supporting verification documents submitted via email to [email protected].
8.3 Right to Erasure ("Right to be Forgotten")
You can request that we completely erase your personal data from our systems. However, this right is not absolute for gambling operators. If your request for deletion conflicts with our statutory obligations to retain transaction histories under UK Anti-Money Laundering laws, or compromises active self-exclusion flags designed to ensure player safety, your request will be legally denied. Your data will instead be isolated and retained strictly for compliance purposes.
8.4 Right to Restrict Processing
You have the right to ask us to freeze the processing of your personal information in specific circumstances — such as if you contest the accuracy of the data or object to our lawful basis of processing, pending an independent review. While processing is restricted, we can store your data but cannot utilize it for live gameplay, promotions, or financial clearing.
8.5 Right to Data Portability
You have the right to receive a structured, machine-readable, and commonly used digital file containing the personal information you supplied to us, allowing you to transfer that data to another provider. This applies strictly to data processed via your explicit consent or under contract fulfillment.
8.6 Right to Object
You have an unconditional right to object at any time to the processing of your personal data for direct marketing purposes. Upon receiving your objection via account toggles or support communications, we will stop sending marketing communications immediately. You can also object to processing justified under our "legitimate interests" framework, though we may override this if we demonstrate compelling, legally binding grounds for the processing.
8.7 Rights Regarding Automated Decision-Making and Profiling
You have the right not to be subject to decisions based solely on automated processing (such as algorithmic profiling) that produce legal effects or significantly affect you. Within our platform, automated profiling occurs primarily during financial risk checks and responsible gambling behavioral tracking. You have the right to request human intervention, express your point of view, and contest automated determinations that impact your account status.
To exercise any of these data rights, please submit a formal request to our support infrastructure at [email protected]. We process all legitimate requests within 30 days, following verification of your identity.
9. Marketing Preferences and Opt-Out Controls
When you register an account at NorseWin Casino, you are given clear, un-ticked options regarding whether you wish to receive promotional updates, bonus offerings, or newsletters concerning upcoming sports fixtures or new casino games.
- Granular Consent: We do not engage in bundle consent practices. You can opt-in to email notifications while choosing to decline SMS communications.
- Simple Opt-Out Mechanisms: If you wish to revoke your marketing consent, you can use the "Unsubscribe" hyperlink embedded at the footer of every promotional message. Alternatively, you can modify your communication preferences within your account settings menu or notify our customer support network at [email protected].
- Operational Communications: Opting out of marketing updates does not stop crucial operational communications. We will continue to transmit essential messages concerning account verification updates, safety policy revisions, deposit limit notifications, or balance returns.
10. Third-Party Links and Contextual Content
Our platform may contain contextual information, structural elements, or tools linked to external entities, such as transaction clearing partners, independent dispute resolution bodies, or social responsibility support frameworks.
Please note that once you navigate away from norsewincasino.org, we do not exercise control over the privacy architectures or data collection methods of external providers. We advise you to read the privacy policies of any third-party digital environment you interact with to understand their specific data management frameworks.
11. Revisions to This Privacy Policy
NorseWin Casino reserves the right to modify, amend, or update this Privacy Policy at any time to reflect shifting regulatory demands, updates to technical standards, or adjustments to our operational processing methods.
When substantial adjustments are made to this document, we will notify you through prominent notifications displayed upon logging into your player profile, or via direct email communications sent to your registered address. We encourage you to review this policy periodically to stay informed about how we safeguard your personal data. Your continued use of our platform following these notifications constitutes acknowledgment of the updated privacy practices.
12. Regulatory Recourse and Complaints
If you have concerns regarding how NorseWin Casino handles your personal data, or believe our processing methods violate your legal rights under UK law, we request that you contact our internal DPO at [email protected] to allow us to investigate and resolve the issue.
However, you maintain the right to file a formal complaint with the UK data protection supervisory authority at any time. You can contact them directly via the following details:
- Supervisory Authority: Information Commissioner’s Office (ICO).
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
- Telephone Helpline: 0303 123 1113.
- Website: ico.org.uk.
