Privacy and data transparency

This document complements our shorter cookie banner text. Here we explain, in depth, how All British Casino processes personal data across web and app surfaces, how automated decisions are constrained, and what logging looks like from a privacy perspective. It is written for players who want specifics, not just headlines.

Categories and sources

We obtain data directly from you (forms, uploads, chat transcripts you initiate), automatically from your device (IP, device identifiers compatible with law), and occasionally from trusted third parties such as credit-reference or fraud databases where permitted for verification. Combining sources helps us satisfy know-your-customer rules without asking you the same question twice.

Purposes and lawful bases

Contract and service delivery

Operating accounts, processing stakes, paying wins, and delivering support messages rely on performing our contract with you. Without this processing, the service cannot function lawfully.

Legal obligation

Licence holders must monitor transactions, report suspicious activity, and retain records. These duties override marketing preferences where conflict arises.

Legitimate interests

We analyse aggregated usage to secure our platform, debug errors, and plan capacity. Where required, we balance those interests against your rights and offer opt-outs where appropriate, for example certain non-essential analytics.

Profiling and restrictions

We do not use profiling to target vulnerable individuals with higher-loss products. Automated fraud scores may trigger manual review, but adverse decisions with legal or similarly significant effects receive human oversight where mandated.

Subprocessors and contracts

Infrastructure, messaging, and verification vendors process data only under written agreements specifying purpose limitation, confidentiality, and security measures. We assess high-risk vendors periodically and expect incident notifications without undue delay.

Where a subprocessor operates outside the UK, we document the transfer mechanism and carry out transfer impact assessments when required. You may request a summary of categories of recipients though commercial redactions may apply to protect security arrangements.

Retention schedule (summary)

Account records typically persist for years after closure to meet regulatory audit windows. Marketing consents expire when withdrawn, though suppression lists may be kept to honour your choice. Chat logs rotate on a schedule compatible with dispute resolution needs.

Exercising rights

Submit requests through authenticated channels when possible to prevent impersonation. We may ask proportionate questions to confirm identity. You may contact the ICO if unsatisfied with our response, and you may seek judicial remedy where available.

Access responses may exclude information that reveals confidential fraud rules or another person’s data. Erasure may be limited where law requires retention; in those cases we explain the constraint rather than silently refusing. Portability covers data you supplied and certain observed activity where technically feasible in a machine-readable format.

Children

Our services are strictly for adults of legal gambling age. We do not knowingly collect data from minors; if we learn we have, we delete it and take corrective steps.

Policy changes

Version history may be archived internally. When we update this page, we adjust the revision date and, where necessary, provide additional notice through email or on-login banners. Immaterial grammar fixes may occur without a prominent announcement.