CasinoLab Privacy Policy: Data Use and Protection
Last updated: June 3, 2026
This privacy policy explains how CasinoLab casino service, operated by Genesis Global Limited, collects, uses, stores and protects personal information provided by players during registration, gameplay and account management. The policy applies to all interactions with the platform, including deposits, withdrawals, bonus claims and customer support requests.
Genesis Global Limited operates under UKGC remote casino licence 45235 and MGA licence MGA/CRP/314/2015. This policy covers all UK-facing services offered through the CasinoLab casino platform. Players accessing the site confirm that they understand how their data will be processed and consent to the practices described below.
Definitions and Interpretation
This section clarifies key terms used throughout the privacy policy. Understanding these definitions helps players recognize how their information is categorized and processed during platform use.
Defined Terms
Personal data refers to any information that can identify a player, either directly or when combined with other details. This includes names, email addresses, phone numbers, dates of birth, residential addresses and payment information. Technical data such as IP addresses, device identifiers and browser fingerprints also qualify as personal data under UK and Malta legislation.
Processing means any operation performed on personal data, including collection, storage, retrieval, alteration, sharing, deletion or destruction. Every action taken by the platform involving player information counts as processing and must comply with GDPR and UK Data Protection Act 2018 standards.
Account and Service Elements
An account is the player profile created during registration, which stores login credentials, personal details, transaction history, bonus activity and gameplay records. One account per player, household and IP cluster is permitted under the platform’s one-account policy.
The service refers to the CasinoLab casino platform, including slots, live casino, table games, jackpots, tournaments, promotions and payment processing. The service owner, Genesis Global Limited, acts as the data controller responsible for compliance with data protection legislation.
Devices and Technology
A device is any hardware used to access the platform, including desktop computers, laptops, tablets and smartphones. Device data includes operating system type, screen resolution, browser version and unique device identifiers. This information helps the platform detect duplicate accounts, VPN use and unusual activity patterns.
Cookies and tracking technologies are small files stored on a player’s device to enable account authentication, session management, analytics and advertising. Players can control cookie settings through their browser, though disabling essential cookies may limit platform functionality.
Personal Data Collection
CasinoLab collects several categories of personal information to operate the casino service, process transactions and comply with licensing requirements. Data collection begins during registration and continues throughout the player’s activity on the platform.
Registration and Identity Data
Players provide identity information during account creation, including full legal name, date of birth, residential address, email address and phone number. Registration fields also capture login identifier, password and preferred currency. UK players select GBP as their account currency during the signup process.
Date of birth verification confirms that all players are 18 years or older, as required by UKGC and MGA regulations. Address details enable the platform to verify player location, comply with geo-restriction rules and process withdrawal payments. Email and phone numbers serve as primary contact methods for account notifications, security alerts and bonus offers.
Contact and Communication Data
Contact information includes email address, phone number and any correspondence sent through live chat, support forms or account messages. Communication history is stored to maintain service quality, resolve disputes and track bonus claims or withdrawal requests.
Marketing preferences are recorded separately, allowing players to opt in or out of promotional emails, SMS notifications and targeted offers. Players can update communication preferences through account settings or by contacting customer support.
Technical and Device Data
Technical data is collected automatically when players access the platform. This includes IP address, browser type, operating system, screen resolution, device identifier and referral source. The platform also logs timestamps for login sessions, page views and gameplay activity.
IP address and device data help detect duplicate accounts, VPN or proxy use and irregular login patterns. Players accessing the platform from sanctioned or restricted territories may trigger geo-blocking controls. VPN detection systems compare player location against registered address details during KYC checks.
Financial and Transaction Data
Payment information includes card numbers, bank account details, MiFinity wallet identifiers and cryptocurrency addresses. For card deposits, the platform stores the first six and last four digits, expiry date and cardholder name. Full card numbers are tokenized and processed through PCI-compliant third-party gateways.
Transaction history records all deposits, withdrawals, bonus credits and wagering activity. Deposit limits vary by payment method: cards accept £10 to £2,000, bank transfers range from £10 to £5,000, MiFinity supports £10 to £2,500 and cryptocurrency deposits typically start at £10 or £30 depending on the coin.
Gameplay and Usage Data
Usage data tracks player activity across the platform, including game selections, bet sizes, session duration and bonus participation. The platform logs every spin, hand and round played, along with outcomes and associated wagering progress.
This data helps identify irregular play patterns such as opposite-outcome betting, low-risk staking and bonus cycling. Hedge betting, rapid cashout attempts and systematic low-variance strategies can void bonuses and trigger manual review. Gameplay statistics also inform responsible gambling interventions, such as deposit limits, cooling-off periods and self-exclusion.
How Personal Data Is Used
CasinoLab processes personal information for several operational, legal and marketing purposes. Each processing activity is tied to a specific function necessary for platform operation or regulatory compliance.
Service Provision and Account Management
Personal data enables account creation, login authentication and session management. Identity information verifies that each player is unique and meets age and location requirements. Email and phone details support password recovery, two-factor authentication and account security alerts.
Transaction data powers deposit processing, withdrawal approvals and balance tracking. Payment method ownership is confirmed through document verification before first withdrawal. Address and identity checks ensure compliance with anti-money laundering legislation and prevent duplicate account abuse.
Security and Fraud Prevention
The platform uses technical data to detect unauthorized access, bot activity and account takeovers. Device fingerprinting identifies players using multiple accounts from the same hardware. IP clustering flags accounts registered from shared networks or households.
Withdrawal requests trigger enhanced security checks, including payment method verification and source-of-funds reviews. Large deposits, unusual betting patterns and rapid cashout attempts may prompt manual AML review. Players flagged for irregular activity receive requests for payslips, bank statements, tax returns or sale contracts to verify fund origin.
Compliance and Regulatory Obligations
UKGC licence 45235 requires Genesis Global Limited to maintain detailed records of player identity, transaction history and responsible gambling interactions. KYC documents such as UK passports, driving licences and proof of address are collected to satisfy regulator standards.
The platform reports suspicious transactions to the UK Gambling Commission and Malta Gaming Authority as required by law. Age verification prevents minors from accessing the service, while geo-blocking tools restrict play from sanctioned and internally blocked territories.
Analytics and Platform Improvement
Usage data informs decisions about game selection, user interface design and promotional targeting. Aggregated statistics track which slots, live tables and jackpot games attract the most activity. Session data reveals peak login times, average session length and preferred payment methods.
This information is anonymized wherever possible and does not identify individual players. Analytics help the platform optimize mobile web app performance, reduce page load times and improve navigation on Android Chrome and iOS Safari browsers.
Marketing and Personalization
Players who opt in to marketing communications receive emails about new games, reload bonuses, cashback offers and tournament prizes. Communication preferences are stored separately from essential account data, and players can withdraw consent at any time.
Targeted promotions may reference gameplay history, such as preferred game categories or recent activity on specific titles. Bonus notifications inform players about weekly reloads, weekend free spins and VIP-level perks. All marketing complies with UKGC advertising standards and includes responsible gambling messaging.
Legal Basis for Data Processing
Every processing activity must have a lawful basis under GDPR and UK Data Protection Act 2018. CasinoLab relies on four primary legal grounds to collect and use personal information.
Consent
Consent is the legal basis for marketing communications, cookies and optional data sharing. Players provide explicit consent during registration by ticking opt-in boxes for promotional emails and SMS notifications. Cookie consent is managed through browser settings or on-site preference tools.
Consent can be withdrawn at any time without affecting account status. Players can unsubscribe from marketing emails, disable non-essential cookies or request deletion of data collected under consent. Withdrawal of consent does not invalidate processing that occurred before the request.
Contractual Necessity
Processing personal data is necessary to fulfill the terms of service between the player and Genesis Global Limited. This includes account creation, deposit processing, game access, bonus activation and withdrawal handling.
Without identity verification, payment details and transaction records, the platform cannot offer casino services. Players cannot opt out of processing required to operate their account, process payments or comply with KYC obligations. Refusal to provide mandatory data results in account closure or service restriction.
Legal Obligation
UKGC and MGA licences impose strict requirements on identity verification, AML checks and responsible gambling measures. Genesis Global Limited must collect and retain KYC documents, transaction logs and source-of-funds evidence to satisfy regulatory audits.
Age verification prevents underage gambling, while geo-blocking enforces jurisdiction-specific access rules. The platform must report suspicious activity, retain records for up to 10 years and cooperate with regulator investigations. These obligations override player preferences and cannot be refused.
Legitimate Interests
The platform processes data to protect its business operations, prevent fraud and improve service quality. Legitimate interests include detecting duplicate accounts, enforcing bonus terms and identifying irregular betting patterns.
Device fingerprinting and IP tracking fall under this category, as they prevent abuse without requiring explicit consent. However, legitimate interests are balanced against player privacy rights. Processing cannot continue if it causes undue harm or violates player expectations.
Data Sharing and Disclosure
CasinoLab shares personal information with third parties to operate the platform, comply with legal obligations and deliver services requested by players. Data is not sold to advertisers or unrelated commercial entities.
Service Providers and Processors
Third-party processors handle payment gateway operations, game hosting, live dealer streaming and customer support infrastructure. Payment providers such as Visa, Mastercard, MiFinity and cryptocurrency networks access transaction data to complete deposits and withdrawals.
Game providers including Pragmatic Play, Evolution, NetEnt, Play’n GO, Red Tiger and Hacksaw receive gameplay statistics to deliver slots, live tables and jackpot titles. Cloud hosting services store account data, transaction logs and session records on behalf of Genesis Global Limited.
All processors operate under data processing agreements that require GDPR compliance, secure storage and restricted data use. Processors cannot use player information for their own purposes or share it with unauthorized parties.
Affiliates and Business Partners
Genesis Global Limited operates a network of casino brands under the same licensing framework. Player data may be shared across this network for fraud prevention, duplicate account detection and VIP program management. Shared data includes identity details, payment methods and bonus history.
Business partners such as affiliate marketers receive anonymized traffic and conversion statistics. Individual player details are not disclosed unless required for dispute resolution or regulatory investigation.
Regulators and Legal Authorities
The UK Gambling Commission and Malta Gaming Authority have the right to audit player records, transaction logs and KYC documents. Genesis Global Limited must disclose data upon regulator request to demonstrate compliance with licensing conditions.
Law enforcement agencies may request player information in connection with criminal investigations, money laundering cases or court orders. Data is disclosed only when legally required and limited to the scope of the request.
Public Disclosures and Aggregated Data
Aggregated statistics about player demographics, popular games and payout percentages may be published in marketing materials or regulatory reports. This data is anonymized and cannot identify individual players.
Public forums, live chat transcripts and community interactions may be visible to other players. Players should avoid sharing sensitive personal details in public channels.
Data Retention and Deletion
Personal information is stored only as long as necessary to fulfill operational, legal and regulatory requirements. Retention periods vary depending on data type and the purpose of processing.
Retention Criteria and Periods
Account data is retained for the duration of the player relationship plus an additional period to satisfy legal obligations. Active accounts store identity details, transaction history and gameplay records indefinitely. Closed accounts retain data for up to 10 years to comply with AML and UKGC audit requirements.
KYC documents such as passports, driving licences and proof of address are stored for 10 years after account closure. Payment records, including deposit receipts and withdrawal confirmations, follow the same retention schedule. This aligns with UKGC and MGA guidelines for financial record-keeping.
Deletion and Anonymization
Players can request data deletion after account closure, subject to legal retention obligations. Data required for regulatory compliance cannot be deleted until the retention period expires. Non-essential data, such as marketing preferences and optional profile details, can be removed immediately upon request.
Anonymization replaces identifiable details with pseudonyms or aggregated values, making it impossible to link data back to a specific player. Anonymized data supports statistical analysis and platform improvement without breaching privacy rights.
Archived Records and Legal Holds
Archived records are stored securely in restricted-access systems after account closure. Legal holds prevent deletion when data is subject to ongoing investigations, disputes or litigation. Players notified of a legal hold must wait until the matter is resolved before requesting deletion.
Regulator audits may require Genesis Global Limited to produce historical records, including closed accounts and deleted profiles. The platform maintains backup copies to satisfy these obligations.
Player Rights and Control
Players have several rights over their personal data under GDPR and UK Data Protection Act 2018. These rights enable individuals to access, correct, restrict or delete information held by the platform.
Access and Information Rights
Players can request a copy of all personal data held by CasinoLab. Access requests are fulfilled within 30 days, subject to identity verification. The platform provides data in a structured, machine-readable format such as CSV or JSON.
Access requests include identity details, transaction history, bonus records, gameplay logs and communication history. Players receive confirmation of the legal basis for processing, retention periods and third-party recipients.
Rectification and Correction
Players can update inaccurate or incomplete information through account settings or by contacting customer support. Address changes, phone number updates and email modifications may trigger KYC review to confirm ownership.
Name corrections require supporting documentation such as a passport, marriage certificate or deed poll. Payment method changes are verified against cardholder identity to prevent fraud.
Erasure and Deletion
Players can request data deletion after account closure, provided the information is no longer required for legal or regulatory purposes. Essential data subject to 10-year retention cannot be deleted until the obligation expires.
Deletion requests are fulfilled within 30 days for non-essential data. Marketing preferences, optional profile fields and non-transactional records are removed immediately. Identity documents, payment records and transaction logs remain archived until regulatory retention periods end.
Restriction and Objection
Players can restrict processing of their data while disputes are resolved or accuracy is verified. Restriction prevents the platform from using data for marketing, analytics or service improvements, but does not delete the information.
Players can object to processing based on legitimate interests, such as device fingerprinting or behavioral analytics. The platform must demonstrate overriding legitimate grounds to continue processing over the player’s objection.
Data Portability
Players can request transfer of their data to another service provider in a portable format. Portability applies only to data processed under consent or contractual necessity. Exported data includes account details, transaction history and gameplay records.
Data portability does not include information derived from analytics or internal risk scoring. The platform provides data in CSV, JSON or XML format within 30 days of the request.
Exercising Rights
Rights requests are submitted through account support, email or live chat. Players must verify their identity by providing a copy of their passport, driving licence or registered email address. Requests are processed within 30 days, with an extension to 60 days for complex cases.
The platform cannot charge fees for standard requests. Excessive or repetitive requests may incur administrative costs. Players dissatisfied with the response can escalate complaints to the UK Information Commissioner’s Office or Malta Data Protection Commissioner.
Security and Data Protection
CasinoLab employs technical, organizational and procedural safeguards to protect personal information from unauthorized access, disclosure, alteration or destruction. Security measures align with UKGC and GDPR standards.
Encryption and Secure Transmission
All data transmitted between player devices and platform servers is encrypted using TLS 1.2 or higher. Login credentials, payment details and personal information are protected during transit to prevent interception by third parties.
Stored data is encrypted at rest using AES-256 encryption. Payment card numbers are tokenized and processed through PCI-compliant gateways. Full card details are never stored on CasinoLab servers.
Access Controls and Authentication
Access to personal data is restricted to authorized personnel who require it for operational or compliance purposes. Role-based access controls ensure that support staff, payment teams and compliance officers can view only the data necessary for their tasks.
Multi-factor authentication protects administrative accounts and prevents unauthorized access to player records. Login sessions expire after periods of inactivity, and failed login attempts trigger account lockouts.
Monitoring and Incident Response
The platform monitors systems for suspicious activity, including unauthorized access attempts, data breaches and malware. Automated alerts notify security teams of anomalies such as unusual IP addresses, failed authentication attempts and large data exports.
In the event of a data breach, Genesis Global Limited notifies affected players within 72 hours and reports the incident to the UK Gambling Commission and Information Commissioner’s Office. Breach notifications include details of compromised data, potential risks and remedial actions.
Limitations of Security
No system is completely immune to cyber threats. While the platform employs industry-standard protections, players share responsibility for account security. Strong passwords, device security and caution with phishing emails reduce the risk of unauthorized access.
Players should avoid sharing login credentials, using public Wi-Fi for transactions or accessing the platform on shared devices. The platform is not liable for losses resulting from player negligence or failure to secure account details.
Cookies and Tracking Technologies
CasinoLab uses cookies and similar tracking technologies to enable account authentication, personalize content and analyze platform usage. Players can control cookie settings through their browser or on-site preference tools.
Cookie Categories
| Category | Purpose |
|---|---|
| 🔐 Essential | Enable login, session management and account authentication |
| 📊 Analytics | Track page views, session duration and gameplay statistics |
| 🎯 Advertising | Deliver targeted promotions and measure campaign performance |
| ⚙️ Functional | Remember language preferences, currency selection and theme settings |
| 🛡️ Security | Detect fraud, prevent duplicate accounts and identify VPN use |
Essential cookies are required for platform functionality and cannot be disabled without affecting service quality. Analytics cookies help improve user experience by identifying popular games, peak usage times and navigation patterns. Advertising cookies support marketing campaigns and bonus offers tailored to player preferences.
Tracking Technologies
Cookies are stored on player devices as small text files containing session identifiers, authentication tokens and preference settings. They expire after a set period or when the browser session ends.
Device fingerprinting captures technical data such as screen resolution, browser version and installed plugins. This information creates a unique identifier used to detect duplicate accounts and enforce one-account policy.
Pixel tags and web beacons track email opens, link clicks and page views. These tools measure engagement with promotional emails and help optimize marketing campaigns.
Managing Cookie Preferences
Players can disable non-essential cookies through browser settings or on-site consent tools. Most browsers allow users to block third-party cookies, delete existing cookies or receive notifications before new cookies are set.
Disabling cookies may limit platform functionality, including bonus activation, game loading and personalized recommendations. Essential cookies required for login and security cannot be disabled while using the service.
Players can withdraw cookie consent at any time by adjusting browser settings or contacting customer support. Withdrawal does not affect data collected before the request.
Third-Party Links and External Services
The CasinoLab platform may include links to external websites, game providers and affiliate partners. Genesis Global Limited is not responsible for the privacy practices or content of third-party sites.
External Website Disclaimer
Clicking on external links directs players away from the CasinoLab platform. Third-party sites operate under their own privacy policies, terms of service and data protection standards. Players should review these policies before providing personal information.
Game providers such as Evolution, Pragmatic Play and NetEnt may collect technical data during gameplay. This data is processed under the provider’s privacy policy and is not controlled by Genesis Global Limited.
Affiliate and Marketing Partners
Affiliate websites that promote CasinoLab may use tracking cookies to attribute registrations and deposits. These cookies are set by the affiliate, not by Genesis Global Limited. Players should consult affiliate privacy policies for details on data collection and use.
Marketing partners may display CasinoLab advertisements on third-party platforms. Clicks on these ads may be tracked for performance measurement, but Genesis Global Limited does not control data collected by advertising networks.
Children and Underage Gambling
CasinoLab prohibits access by individuals under 18 years of age. The platform enforces strict age verification measures to prevent minors from creating accounts or engaging in real-money gameplay.
Age Verification and Restriction
All players must confirm they are 18 or older during registration. Date of birth is verified against identity documents such as UK passports and driving licences before first withdrawal. Players who provide false age information risk permanent account closure and forfeiture of balances.
Age verification tools cross-reference player details against third-party databases to detect fraudulent registrations. Accounts suspected of underage use are suspended pending identity confirmation.
Removal of Underage Data
If CasinoLab discovers that a minor has created an account, the profile is closed immediately and all deposits are refunded to the payment source. Personal data collected from the minor is deleted without delay, subject to legal retention requirements for fraud prevention.
Parents or guardians who believe a minor has accessed the platform should contact customer support with details of the account. The platform cooperates with families to resolve underage access incidents.
Policy Updates and Amendments
This privacy policy is reviewed periodically to reflect changes in legislation, platform features and data processing practices. Updates ensure continued compliance with UKGC, GDPR and Malta Data Protection Act requirements.
Update Frequency and Notification
Policy changes are published on the CasinoLab platform with an updated “Last updated” date at the top of the document. Players are notified of material changes via email or account notification at least 30 days before the new policy takes effect.
Minor updates, such as clarifications or formatting changes, may be implemented without prior notice. Players are encouraged to review the policy regularly to stay informed about data protection practices.
Effective Date and Acceptance
Continued use of the platform after a policy update constitutes acceptance of the revised terms. Players who disagree with changes can close their account before the effective date. Account closure requests submitted before the new policy takes effect are processed under the previous policy.
Archived versions of past policies are available upon request through customer support. This allows players to reference the policy in effect at the time of a specific transaction or interaction.
Contact and Data Protection Inquiries
Players with questions about this privacy policy, data processing practices or their rights can contact Genesis Global Limited through the following channels.
Privacy Contact Information
- 📧 Email: Submit a privacy inquiry through the account support form
- 💬 Live chat: Available 6 AM to 5 PM GMT, Monday to Friday
- 📝 Help centre: Access FAQs and self-service guidance on data protection topics
Privacy requests, including access, deletion and rectification, are processed within 30 days. Complex cases may extend the response time to 60 days, with notification provided within the initial 30-day period.
Data Protection Officer
Genesis Global Limited designates a Data Protection Officer responsible for overseeing compliance with GDPR and UK Data Protection Act 2018. Players can contact the DPO directly for concerns about data security, processing legality or regulator complaints.
Regulatory Complaints
Players dissatisfied with the platform’s response to privacy requests can escalate complaints to the UK Information Commissioner’s Office or Malta Data Protection Commissioner. Contact details for both regulators are available through their official websites.
The UK Gambling Commission also accepts complaints related to data handling, KYC procedures and responsible gambling measures. Licence 45235 governs the platform’s obligations to UK players, and regulator oversight ensures compliance with consumer protection standards.