Privacy Policy

1. Introduction

Casino Pandemonium ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website casinopandemonium.com and use our services.

This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws.

2. Data Controller

Casino Pandemonium is the data controller for personal information collected through our website and services. You can contact us about privacy matters at:

3. Information We Collect

3.1 Personal Information

We may collect the following types of personal information:

Data Type	Examples	Collection Method
Identity Data	Name, username, date of birth	Registration forms, account creation
Contact Data	Email address, phone number, postal address	Contact forms, newsletter signup
Technical Data	IP address, browser type, device information	Automatic collection via cookies
Usage Data	Pages visited, time spent, click patterns	Website analytics, user behavior tracking
Marketing Data	Preferences, interests, communication preferences	Opt-in forms, preference centers

3.2 Special Categories of Data

We do not intentionally collect special categories of personal data (such as health information, political opinions, or religious beliefs). However, we may collect information related to gambling behavior for responsible gambling purposes, which we process under legitimate interests and with appropriate safeguards.

3.3 Information from Third Parties

We may receive information about you from:

• Casino operators you visit through our referral links
• Analytics providers (e.g., Google Analytics)
• Advertising networks and social media platforms
• Credit reference agencies (for age verification)

4. How We Use Your Information

4.1 Lawful Bases for Processing

We process your personal data based on the following lawful bases:

1. Consent: Where you have given clear consent for specific processing activities
2. Contract: To perform our services as outlined in our Terms of Service
3. Legal Obligation: To comply with regulatory requirements and age verification
4. Legitimate Interests: To operate our business, improve services, and prevent fraud

4.2 Purposes of Processing

We use your information for the following purposes:

• Service Provision: To provide our casino comparison and referral services
• Account Management: To create and manage user accounts
• Communication: To respond to inquiries and provide customer support
• Age Verification: To ensure compliance with 18+ age restrictions
• Marketing: To send promotional materials (with consent)
• Analytics: To understand user behavior and improve our website
• Legal Compliance: To comply with applicable laws and regulations
• Fraud Prevention: To detect and prevent fraudulent activities

5. Cookies and Tracking Technologies

5.1 Types of Cookies We Use

Our website uses cookies and similar tracking technologies:

Cookie Type	Purpose	Duration
Essential Cookies	Enable core website functionality	Session/1 year
Analytics Cookies	Understand website usage and performance	2 years
Marketing Cookies	Deliver relevant advertisements	1 year
Functional Cookies	Remember user preferences and settings	1 year

5.2 Managing Cookies

You can manage cookies through:

• Your browser settings (instructions vary by browser)
• Our cookie consent banner when you first visit
• Third-party opt-out tools (e.g., Google Analytics opt-out)

5.3 Third-Party Tracking

We use third-party services that may set cookies:

• Google Analytics: Website analytics and user behavior tracking
• Facebook Pixel: Social media advertising and conversion tracking
• Affiliate Networks: Tracking referrals and commissions

6. Data Sharing and Disclosure

6.1 When We Share Information

We may share your personal information with:

1. Casino Operators: When you click referral links or sign up for bonuses
2. Service Providers: Third-party companies that provide services on our behalf
3. Legal Authorities: When required by law or to protect our legal rights
4. Business Transfers: In connection with mergers, acquisitions, or asset sales

6.2 Third-Party Recipients

Categories of recipients who may receive your data:

• UK-licensed casino operators
• Cloud hosting providers (e.g., AWS, Google Cloud)
• Analytics providers (e.g., Google, Facebook)
• Email marketing platforms
• Age verification services
• Legal and compliance advisors

6.3 International Transfers

Some of our service providers are located outside the UK/EEA. When we transfer data internationally, we ensure adequate protection through:

• Adequacy decisions by the UK Government
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules
• Certification schemes

7. Data Retention

7.1 Retention Periods

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy:

Data Type	Retention Period	Reason
Account Data	Until account closure + 7 years	Legal obligations, fraud prevention
Marketing Data	Until consent withdrawn + 2 years	Marketing purposes, legal compliance
Analytics Data	26 months (aggregated data indefinitely)	Business analysis and improvement
Communication Records	3 years	Customer service and legal purposes

7.2 Secure Deletion

When retention periods expire, we securely delete or anonymize personal data using industry-standard methods to prevent recovery or reconstruction.

8. Data Security

8.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption: Data encrypted in transit and at rest using industry-standard protocols
• Access Controls: Role-based access with multi-factor authentication
• Regular Audits: Security assessments and penetration testing
• Staff Training: Regular data protection and security training
• Incident Response: Procedures for detecting and responding to security breaches

8.2 Data Breach Notification

In the event of a personal data breach, we will:

1. Assess the breach within 72 hours
2. Notify the Information Commissioner's Office (ICO) if required
3. Inform affected individuals if there is a high risk to their rights and freedoms
4. Document the breach and our response measures

9. Your Rights Under GDPR

9.1 Right of Access

You can request a copy of the personal data we hold about you, including:

• Confirmation that we process your data
• The purposes of processing
• Categories of data and recipients
• Retention periods
• Your other GDPR rights

9.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data. We will update your information within one month of your request.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

• It's no longer necessary for the original purpose
• You withdraw consent and there's no other legal basis
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

9.4 Right to Restrict Processing

You can request restriction of processing when:

• You contest the accuracy of the data
• Processing is unlawful but you don't want deletion
• We no longer need the data but you need it for legal claims
• You've objected to processing pending verification

9.5 Right to Data Portability

You can receive your personal data in a structured, commonly used format and transmit it to another controller when processing is based on consent or contract and carried out by automated means.

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes at any time.

9.7 Rights Related to Automated Decision Making

We do not currently engage in automated decision-making or profiling that produces legal or similarly significant effects. If this changes, we will update this policy and inform you of your rights.

9.8 How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected]. We will:

• Respond within one month (extendable by two months for complex requests)
• Provide services free of charge (unless requests are unfounded or excessive)
• Verify your identity before processing requests
• Inform you if we cannot comply with your request and why

10. Children's Privacy

If we become aware that we have collected personal data from someone under 18, we will delete that information immediately. Parents or guardians who believe their child has provided personal information should contact us immediately.

11. Marketing and Communications

11.1 Marketing Consent

We will only send you marketing communications with your explicit consent. You can:

• Opt-in to marketing during registration or via preference centers
• Unsubscribe at any time using links in emails
• Update your preferences by contacting us
• Object to direct marketing at any time

11.2 Types of Marketing

With your consent, we may send you:

• Exclusive casino bonus offers
• Industry news and updates
• Service announcements and improvements
• Educational content about responsible gambling

12. Complaints and Supervisory Authority

12.1 Making a Complaint

If you're unhappy with how we handle your personal data, you can:

1. Contact us directly at [email protected]
2. File a complaint with the Information Commissioner's Office (ICO)

12.2 ICO Contact Information

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending email notifications for significant changes
• Providing prominent website notices

We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

14. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15. Effective Date

This Privacy Policy is effective as of August 25, 2025, and applies to all information collected by Casino Pandemonium on or after this date.