Race Casino's Privacy Policy And User Data Protection Guide For Safe And Open Gaming

Last changed on March 15, 2024

Our promise to each client starts with making sure that private records are handled in a legal way. The UK Gambling Commission, the General Data Protection Regulation (GDPR), and other relevant rules all say that our system is up to code. SSL encryption and regular security audits are used to protect information like account activities, financial transactions, and identification.

Gathering And Using

We only collect your name, address, date of birth, email address, and payment information to verify your account, report to the government, and make sure that your deposits and withdrawals are safe. We may keep analytical logs to find fraud and make our interface better.

Sharing With Third Parties

We work with payment processors and compliance agencies that have been checked out. It is not okay to use or sell personal information for business purposes. As required by law, information is only shared with authorised parties who have strict confidentiality obligations.

Your Rights

You can ask for access, correction, or deletion of stored information at any time. You can also limit some processing activities or get a portable copy of your entries. You can send a question or complaint to our Data Compliance Officer by email or through the secure channel on your dashboard.

How Long Data Is Stored

According to anti-money laundering rules, records of identification and financial transactions must be kept for at least five years after the last account activity. Anonymization protocols are applied once legal retention periods expire.

Cookies And Analytics

Cookies optimize your browsing, track login sessions, and maintain device security. Analytical scripts never capture sensitive account information.

Updates

Any alterations to our handling procedures will be published with advance notice via this page and by e-mail. Clients are encouraged to review updates regularly for continued awareness.

How Information Is Collected And Processed

Upon account registration, the system requests identifying credentials such as full name, email address, residential location, phone number, birth date, and preferred payment methods. IP addresses are automatically logged to enhance session security and prevent identity fraud. When transactions happen, technical logs keep track of timestamps, device details, and browser fingerprints. Cookies that require consent help remember platform preferences and customise promotions. Without any extra permissions, only strictly necessary cookies are set. Every interaction, such as support chats and feedback submissions, is saved in an encrypted database so that it can be accessed later for compliance and better customer service. Third-party analytics integrations that are only used to check performance and find errors never save personal information that isn't masked. Financial gateway partners may only get important payment information for transaction approval, and they must always follow the rules set by the government. To limit exposure, collection is only allowed for tasks that are necessary for managing accounts, processing payments, and checking the law. Clients can look at, change, or ask for the removal of certain account elements through the profile settings panel or by calling the support number listed on the website. Role-based authentication limits who can see stored records. Automatic session expiration and regular audits help reduce the risk of leaks. Local licensing rules set the time limits for keeping information. After that, archived entries are safely deleted using standard industry deletion methods.

How To Keep Financial Information Safe During Transactions

1. All money transactions on this platform use end-to-end encryption with at least 256-bit SSL protocols, which is what international banking standards require; This kind of encryption keeps bank card numbers, e-wallet passwords, and other payment information safe from being watched and changed without permission.
2. Every request for a transaction goes through multiple levels of authentication.
3. When you connect to PCI DSS-compliant gateways, sensitive fields like CVV codes, cardholder names, and account numbers are tokenised right away; This reduces the risk of them being seen while they are being sent and processed; This method lets you make payments without giving back-end systems your real credentials.
4. Advanced intrusion detection tools keep an eye on payment modules for any strange activity; Automated fraud monitoring systems flag things that don't make sense, like sudden value spikes, strange frequency, or geographic irregularities; In these situations, both the customer and the support team get instant alerts, which require a manual review before the settlement goes through.
5. Access to account payment settings and transaction histories is restricted via multi-factor authentication, including biometric checks or one-time codes delivered directly to a personal device; Session timeouts and transaction limits lower risk even more by stopping unauthorised activity after a period of inactivity.
6. Payment system vendors go through a lot of testing and are checked once a year; Data masking and access logging are two examples of financial-grade controls that govern the storage of any transactional records.
7. Customers can look at, download, or ask for their payment records to be deleted in accordance with local financial laws and rules.

Security Layer Description

Users should set strong, unique passwords for each service interaction and turn on two-step verification to keep their accounts safe. Change the settings for your account notifications so that you get alerts right away for every transaction. This way, you can quickly respond to any unexpected activity.

Rights To Access, Correct, And Delete Information

Patrons are entitled to review any personal records maintained on their accounts. Requests to view information can be submitted via the support portal or through the official contact email. According to the law, a response, which includes a report of all relevant entries, should be sent within 30 days. Clients can ask for corrections if they find mistakes or differences. Precise procedures are outlined in the account settings section. To protect against unauthorised changes, supporting documents may be needed to prove identity or support requested changes. Elimination of records is possible when permitted by local laws. Users must send a written request to the right contact address in order to ask for erasure. Financial or anti-fraud rules may require that certain documents, like transaction records or entries related to compliance, be kept for a certain amount of time. In these situations, customers will be told which records need to be kept and for how long. If you have a problem with how rights are being handled, you should contact the internal Data Officer through the proper channels. If satisfaction is not achieved, individuals may escalate concerns to the relevant supervisory authority in their jurisdiction. A list of competent authorities is available upon request from the compliance team.

Procedures For Third-party Sharing And Data Disclosure

Before any information is transferred externally, each partner’s compliance status is meticulously vetted. Only entities holding appropriate certifications, including GDPR adequacy decisions and recognized security standards such as ISO/IEC 27001, are considered eligible recipients. An agreement must be made for every possible collaboration that spells out the rules for confidentiality, the scope of acceptable use, and who is responsible for breaking them. Disclosure only happens when it's absolutely necessary, such as to process payments, check someone's identity, or respond to legal requests. Each transmission uses encrypted channels (TLS 1.2 or higher), and only authorised people can access them with multi-factor authentication. We do internal reviews every three months to check outgoing flows and make sure they stay within the limits set by the contract. If a regulatory or financial authority makes a request that can be verified, only the records that are relevant to that request are given, and they are never more than what is needed to be compliant. People are quickly told about mandatory disclosures, unless the law says they can't be told. Every third party that does marketing or analysis work must have regular privacy impact assessments. These partners are not allowed to use or sell any information that was given to them. Periodic due diligence is done to make sure that audit standards are still being followed, and if there is any deviation, transmission privileges are immediately suspended until full remediation is verified. You can withdraw or change your consent for certain types of third-party activities at any time. Revocations are handled within 72 hours, making sure that any related external transfers stop right away.

How Long Data Can Be Kept And How To Get Rid Of It

The information collected is only kept for the amount of time that the law says it must be. After the last interaction or account closure, identification documents, payment confirmations, and records of account activity are kept for five years. This time frame is in line with requirements for anti-money laundering and financial oversight. Secure deletion protocols remove information from active systems that is no longer needed for compliance or business purposes. When deciding if retention is still needed, things like audit trails, timelines for resolving disputes, and legal requirements are all taken into account. After the required time, payment method references and transaction logs are deleted. However, they may be kept longer if there are ongoing investigations or legal proceedings. Only the relevant parts are kept in storage because of manual review processes. Automated scripts flag outdated entries for erasure, followed by irreversible destruction across backup environments. Where applicable, anonymization replaces strict deletion to support statistical analysis without exposing personally identifiable markers. Regulatory frameworks say that account owners' requests to have their accounts removed are given the highest priority. Validation steps make sure that deletion won't violate any legitimate interests, like legal holds or the duty to report finances. Once the process is finished, a written notice confirms that the data has been deleted.

How To Help Customers With Questions Or Requests For Information

People who want to voice their concerns or make a request about their personal information can follow the steps below to make sure their issue is resolved quickly and completely.

Contact Point:

Send all questions or requests to the Data Controller at [email protected] or use the secure contact form on the website's "Contact Us" page.

Give Enough Information To Prove Who You Are And Explain What The Problem Or Request Is.

What You Need To Do To Submit:

• Clearly state the issue, question, or desired action (like access, correction, restriction, or objecting to processing);
• Attach any identification documents that are necessary to make the process safe;
• If you want something removed or to get access, be sure to be clear about what information you want.

The Process Of Verification:

The administration may ask for more proof of authenticity and protection of sensitive records for all requests. You might get a secure link to confirm your identity or be asked to send in more documents before anything is done.

Timeline For Responses:

Usually, feedback on concerns or requests is given within 30 days. If your questions are very complicated or long, you should expect to be told about any possible extensions, as long as they are in line with the law. If the resolution doesn't meet your expectations or you think someone has broken their obligations, you can take your complaint to the appropriate national supervisory authority. You can find the contact information for these authorities on their website or ask for it.

Extra Help:

The support team is still available through live chat and the email address you provided to answer any questions you may have about your rights, processing activities, or any ongoing requests for transparency. This process makes sure that every question or concern is handled in accordance with set rules, protecting your interests at every stage.