‌
    ‌
    Home
    Casino
    Bets
    Bonuses
    Status
    Favourite

    Pingwin Casino Privacy Policy

    1. Introduction

    This Privacy Policy applies to all websites and mobile applications operated by Pingwin Casino, as well as to any Services provided by the Company (hereinafter - "Websites" and "Services"). Effective Date: May 20, 2025.

    We comply with the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), as well as the provisions of the ePrivacy Directive (2002/58/EC as amended by 2009/136/EC), including the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, and ensuring the security and confidentiality of personal data.

    "Personal Data" means any information that allows a user to be identified, including name, email, address, phone number, account details, betting history, payment details, and more.

    Anonymized or aggregated data is not considered Personal Data.

    The Company may make changes to this Policy.

    In the event of significant changes, we will notify users via the Website or by email.

    By continuing to use our Services after the updated version of the Policy is published on the site, you confirm your agreement with such changes.

    2. What Data We Collect

    • Data provided by the user:
      • During registration, verification, contacting support, participating in promotions, or other forms of interaction with the Website.
    • Data collected automatically:
      • IP address, device, browser, language, behavior on the Website, error reports.
      • Cookies, log files, pixels, and tracking technologies.
      • We may also collect system activity, timestamps, and the URL of the page from which you came to our Website.
    • Data from third parties:
      • Payment gateways, KYC services, advertising platforms, and analytics.
    • KYC documents:
      • For identity verification and compliance with legal requirements (including AML and responsible gaming), we may request identification documents from you: a scanned copy of your passport, a selfie video, and proof of address.
      • This data is stored in encrypted form with role-based access limited to authorized employees.
    • All data you provide must be current, truthful, and complete. You are solely responsible for the accuracy of the information you provide.
    • In case of providing false data, the company reserves the right to restrict access to the Services or suspend the account.
    • Social media data:
      • (for SSO - Google, Apple, Facebook): ID, email, avatar.

    3. Legal Basis for Data Processing

    Principles of personal data processing observed by the Company:

    • Lawfulness, fairness, and transparency.
    • Limitation of processing purposes.
    • Minimization of processed data volume.
    • Accuracy and relevance of personal data.
    • Limitation of storage period.
    • Integrity, confidentiality, and security of data.
    • Performance of a contract — for example, when you register, you enter into an agreement with us; we process your data to create an account, conduct transactions, award bonuses, provide access to games, and support.
    • Legal obligation — we are required to process your data under anti-money laundering legislation, responsible gaming requirements, tax regulations, and the terms of our gambling license.
    • Legitimate interests — improving Services, ensuring security, fraud prevention, product development, internal administration, and profiling to assess fraud risk and gambling addiction.
    • Consent — email newsletters, marketing, and other actions requiring prior user permission.

    4. Purposes of Data Use

    • Managing your Account and Services.
    • Ensuring security and fraud protection.
    • Customer support.
    • Legal compliance (e.g., Curacao license).
    • Personalization of content and offers.
    • Marketing (with consent).
    • Developing new features, optimizing the Website, and technical analysis.
    • Conducting A/B tests and analyzing crash reports from mobile applications.
    • AML/CTF screening against international sanctions lists and PEP databases.
    • Conducting and confirming financial transactions.
    • Verifying your eligibility to use the Services, including age, location, identity, and self-exclusion status checks.
    • Assessing fraud risk, as well as verifying data with third parties such as banks, identity verification services, and credit bureaus.
    • Assessing and controlling gaming activity within responsible gaming requirements.
    • Generating aggregated and anonymous analytics for internal use, reporting, or provision to third parties.
    • Monitoring gameplay and managing our risks and probabilities.
    • Exercising our rights under user agreements.
    • Internal administrative purposes and restructuring, including data transfer within the group of companies.
    • Communicating with you, including notifications, updates, information about bonuses, security, and user support.
    • We may send you marketing materials via email, push notifications, SMS, messengers (including Telegram), and other channels with your consent.
    • You can withdraw such consent at any time by sending a corresponding request.
    • For resolving disputes and settling claims.
    • For obtaining information from users through surveys.

    5. Data Transfer

    Your Personal Data may be transferred to:

    • Companies within the Pingwin group.
    • Providers, including hosting platforms, payment services, advertising and analytical tools, as well as partners involved in providing, maintaining, or promoting our Services.
    • Regulatory, licensing, and law enforcement agencies, judicial authorities, government agencies, self-regulatory bodies in the gambling and esports industry, and fraud prevention agencies — if required by law or to protect legal rights.
    • Partners or other persons who referred you to us or with whom you have contractual relationships.
    • Other third parties based on your explicit consent.
    • Where possible and appropriate, we will take steps to notify you of data disclosure.
    • Data Protection Agreements (DPAs) are concluded with all third parties.

    6. International Data Transfer

    • We may transfer your Personal Data to countries other than your country of residence.
    • Such countries may have different data protection standards than your local legislation.
    • In particular, if you are in the European Economic Area (EEA), and data is transferred outside of it, we ensure an adequate level of protection, including the use of:
      • Standard Contractual Clauses of the European Commission (SCC);
      • ISO/IEC 27001 certification of contractors;
      • Contractual obligations to ensure security and confidentiality;
      • Encryption, pseudonymization, and other technical and organizational protection measures.
    • We take all reasonable measures to protect your Personal Data during transfer, regardless of the destination country.

    7. Data Security

    We make every effort to ensure the security of your Personal Data using modern technical and organizational measures, including:

    • Data Encryption: All data we exchange with you is protected using Transport Layer Security (TLS) protocol.
      • Data stored on our servers, as well as backups and replications between data centers, are transmitted in encrypted form.
    • Access Restriction: Access to personal data is permitted only to employees, contractors, and agents who need it to perform their job duties, in accordance with the principle of least privilege.
    • Network Protection: Our systems are protected by a multi-layered security architecture, including firewalls, intrusion detection/prevention systems (IDS/IPS), network segmentation, and updated access policies.
      • We cooperate with leading cybersecurity solution providers and use their expertise and threat databases.
    • Secure Data Centers: All servers are located in facilities with industrial-grade security, 24/7 surveillance, physical access control, backup power systems, and security compliance checks.
      • We use geo-distributed data copies to minimize loss risks.
    • Monitoring and Audit: Our security service continuously monitors systems, event logs, notifications, and alerts.
      • Internal and external audits are regularly conducted to identify and eliminate vulnerabilities. If a breach affects your data, we will report the incident to the regulator within 72 hours and notify users without undue delay, indicating the nature of the leak and steps to minimize risks.
    • SSL and Cryptography: All connections are encrypted via SSL using a 256-bit key.
      • Data is protected from unauthorized access at all stages — from the user to Pingwin servers.

    8. Data Retention

    Data Category Retention Period Basis
    Account 5 years after deletion AML Curaçao
    Transactions & AML 10 years Tax and license
    KYC documents 10 years 5th EU AML Directive
    Marketing 3 years without user activity Legitimate interest
    Self-exclusion records Lock-out period + 1 year Responsible Gaming
    • Deletion is possible through the Personal Account or upon request.

    9. User Rights

    You have the right to:

    • Know what Personal Data of yours we store.
    • Access this data and request a copy in a machine-readable format.
    • Correct inaccurate or incomplete Personal Data.
    • Delete your Personal Data if one of the following conditions is met:
      • the data is no longer needed for the purposes for which it was collected;
      • you have withdrawn your consent, and there is no other legal basis for processing;
      • you have objected to the processing, and there are no legitimate grounds overriding your interests;
      • the data was processed unlawfully;
      • deletion is necessary to comply with a legal obligation.
    • Restrict data processing if there are grounds provided by law.
    • Object to the processing of your Personal Data if such processing is based on our legitimate interests.
    • Withdraw previously given consent for data processing. Please note: we may continue processing if other legal grounds exist.
    • Object to direct marketing and customer profiling for marketing purposes.
    • Lodge a complaint with the local data protection authority.
    • Important: Not all rights are absolute. We will consider each request and respond, if applicable, within the limits provided by law.
    • Exercising rights: You can exercise your rights through your Personal Account settings or by writing to [email protected].
    • Confirmation of your identity may be required to fulfill the request. Data portability — receive it in CSV / JSON format.
    • We respond to requests within 1 month. You have the right to file a complaint with the Curaçao Data Protection Authority or your local data protection authority.

    User Obligations:

    • Provide truthful and current information;
    • Update data promptly when it changes;
    • Notify of unauthorized access to personal data;
    • Notify of disagreement with data processing, understanding that this may lead to termination of service use.

    10. Google Analytics and cookies

    • We use Google Analytics to collect information about how you use our Website: which pages you visit, from which resource you came, how long you stay on the site.
    • Collection is carried out using cookies set by Google, which allow the browser to be recognized on the next visit.
    • Google Analytics does not collect your name, email, or other directly identifying data.
    • We do not combine this data with your Personal Data.
    • The Google Analytics cookie file is only accessible to Google and cannot be used by us or third parties.
    • The use and sharing of Google data are limited by the Google Analytics Terms of Service and the Google Privacy Policy.
    • You can disable cookies in your browser settings or using the cookie banner on the site.

    11. Children and Age Restrictions

    • Services are not intended for persons under 18 years of age.
    • If underage use is suspected, the account is blocked, and data is deleted after age verification (video KYC, GamStop, RGR).

    12. Responsible Gaming and Self-Exclusion

    • Limits on deposits, losses, and session time.
    • Cooling-off — 24 hours, 7 days, 30 days.
    • Permanent self-exclusion — minimum 6 months.
    • Telemetry is used to identify problem gambling; in case of risk, bonuses are disabled.

    13. Automated Decisions and Profiling

    • We use algorithms to automatically determine fraud risk and ensure compliance with responsible gaming rules.
    • You have the right to request a human review of such decisions by sending a request to support.

    14. Third-Party Websites and Social Networks

    • This Policy does not apply to game provider websites, affiliate links, Telegram channels, X, YouTube.
    • Check their policies before transferring data.

    15. Marketing Communications

    • Notification center (email, SMS, push, Telegram bot).
    • Double-opt-in, frequency cap ≤ 3 emails/week. Unsubscribe via link or account settings.
    • If you opt out of receiving marketing notifications, some bonus offers and promotions may become unavailable.

    16. Policy Changes

    • We may periodically update this Policy. Date of last revision: May 20, 2025.
    • We will notify you of significant changes at least 14 days before they take effect via a banner or email.
    • The history of changes is kept for 6 years and is available upon request.