Privacy Policy

LeoVegas is committed to handling the personal data of its UK users responsibly, transparently, and in full compliance with applicable data protection law. Personal data is collected only for specified, legitimate purposes and is never processed in a manner incompatible with those purposes. The platform employs a range of technical and organisational security measures to safeguard user information from unauthorised access, loss, or misuse.

The following points summarise the key aspects of how personal data is collected and protected:

1. Personal data collected includes name, date of birth, address, email address, telephone number, payment details, and identification documents.
2. Data is collected at the point of account registration, during transactions, and through ongoing use of the platform.
3. Information is used for identity verification, account management, transaction processing, regulatory compliance, and service improvement.
4. Technical security measures include data encryption, secure socket layer (SSL) technology, and firewall protection.
5. Organisational measures include staff training on data protection obligations and restricted internal access to personal data.
6. Data is stored on secure servers and retained only for as long as necessary in line with legal and regulatory obligations.
7. Users are required to provide accurate and up-to-date information at the time of registration and throughout their use of the service.
8. Personal data is not sold to third parties under any circumstances.
9. Where data is shared with third parties, this is done only where necessary, lawful, and subject to appropriate data protection agreements.
10. The platform operates in accordance with the UK GDPR, the Data Protection Act 2018, and the requirements of the UK Gambling Commission.

Users in the United Kingdom hold a number of rights in relation to their personal data under UK GDPR. These include the right to access data held about them, the right to request correction of inaccurate data, and the right to request deletion of their data in certain circumstances. Requests relating to any of these rights can be submitted through the platform’s designated support channels.

LeoVegas operates in full compliance with United Kingdom privacy and data protection legislation. As a licensed operator under the UK Gambling Commission, the platform adheres to both gambling regulatory requirements and the data protection obligations imposed by the Information Commissioner’s Office (ICO).

Personal data collected by the platform is used for a range of clearly defined purposes that support the delivery of services to users in the United Kingdom. All processing activities are conducted on a lawful basis, including contractual necessity, legal obligation, legitimate interests, and, where applicable, user consent. Data is never processed for purposes beyond those communicated to users at the time of collection. The platform maintains full transparency regarding the basis on which personal data is used at every stage of the user relationship.

The key purposes for which personal data is used are as follows:

1. Account registration and management, including verifying user identity and maintaining accurate account records.
2. Processing deposits, withdrawals, and other financial transactions securely and accurately.
3. Fulfilling obligations under UK Gambling Commission licensing requirements, including responsible gambling checks and anti-money laundering (AML) compliance.
4. Communicating with users regarding account activity, service updates, and responses to support enquiries.
5. Sending marketing communications, where the user has provided explicit consent, including promotional offers and product updates.
6. Conducting analytics to improve the platform's performance, usability, and the overall user experience.
7. Detecting and preventing fraud, suspicious activity, and other forms of misuse of the platform.
8. Complying with legal and regulatory obligations, including responding to requests from law enforcement and regulatory bodies.
9. Conducting responsible gambling assessments and intervening where necessary to protect user welfare.
10. Personalising the platform experience based on user preferences and behaviour, where consent has been obtained.

All data processing activities are underpinned by a lawful basis as defined under UK GDPR. The platform does not engage in any form of automated decision-making that produces significant legal effects without appropriate human oversight, as required by applicable law.

Users of the platform in the United Kingdom have the right to view and manage the personal information held in their account at any time. Account details, including contact information and communication preferences, can be reviewed and updated directly through the account settings area of the platform. Where a user identifies inaccurate or outdated information, they are encouraged to correct it promptly to ensure that records remain accurate and current.

Requests to modify, restrict the processing of, or permanently delete personal data should be submitted through the platform’s customer support channels. Such requests will be handled in accordance with the timescales prescribed under UK GDPR, and users will be informed of the outcome without undue delay. In cases where identity verification is required before a request can be processed, users consent to the completion of necessary security checks as part of this procedure. Payment and financial information submitted to the platform is handled by regulated electronic service providers, who process such data in accordance with their own data protection obligations and applicable payment industry standards. The platform is committed to maintaining the highest standards of user privacy and data security throughout every stage of the user’s relationship with the service.

The platform is strictly intended for users who are 18 years of age or older, in accordance with United Kingdom gambling legislation. Access by minors is prohibited, and users are required to confirm their age and identity as part of the account registration process. However, the platform acknowledges that it cannot independently verify the age of every individual without the submission of appropriate identity documents.

The following points set out the platform’s approach to protecting the privacy of minors:

1. The platform does not knowingly collect personal data from individuals under the age of 18.
2. Age verification checks are conducted as part of the registration and onboarding process in compliance with UK Gambling Commission requirements.
3. Where a parent or legal guardian believes that a minor has submitted personal data to the platform, they are advised to contact the customer support team immediately.
4. Upon receiving a verified request from a parent or guardian, any personal data belonging to a minor will be deleted from the platform’s records without undue delay.
5. The platform cooperates with parental control tools and third-party services designed to restrict underage access to gambling websites.
6. Any account found to have been opened by a minor will be closed, and any funds held in that account will be handled in accordance with applicable legal and regulatory requirements.

Personal data collected from users in the United Kingdom may be transferred to and processed in countries outside the United Kingdom, in cases where LeoVegas partners, suppliers, or group entities operate in those jurisdictions. Such transfers may occur as part of standard business operations, including customer support, technical infrastructure, and payment processing. By using the platform and accepting this Privacy Policy, users consent to their personal data being transferred internationally in the circumstances described. All third parties and group entities receiving personal data are required to maintain the confidentiality and security of that data in accordance with applicable data protection standards.

The following points outline the safeguards and conditions that apply to international data transfers:

1. Personal data is transferred internationally only where a lawful basis for the transfer exists under UK GDPR, such as adequacy decisions, standard contractual clauses, or binding corporate rules.
2. All third parties receiving personal data are required to process it solely for the purposes for which it was shared.
3. Data transferred outside the United Kingdom is afforded a level of protection equivalent to that required under UK data protection law.
4. The platform maintains records of all international data transfer arrangements and reviews them periodically to ensure ongoing compliance.
5. Where data is transferred to countries without an adequacy decision from the UK government, appropriate safeguards are implemented prior to any transfer.
6. Users retain all rights over their personal data, including the right to access and request deletion, regardless of where that data is processed.

A disclaimer forms part of this Privacy Policy and may, in certain circumstances, alter the scope, application, or legal effect of specific provisions contained within this document. Any such disclaimer applies from the moment a user accepts this Privacy Policy, including by creating an account, continuing to use the platform, or otherwise indicating acceptance through signature, affirmative action, or accession to the terms.

The following points clarify the basis and scope of the legal disclaimer:

1. The disclaimer does not override mandatory rights afforded to users under UK GDPR or any other applicable United Kingdom legislation.
2. Certain limitations on liability contained within this document apply only to the extent permitted by applicable law.
3. The platform reserves the right to amend this Privacy Policy at any time, with changes taking effect upon publication on the platform.
4. Continued use of the platform following the publication of an updated Privacy Policy constitutes acceptance of the revised terms.
5. Where any provision of this Privacy Policy is found to be unenforceable under applicable law, the remaining provisions shall continue in full force and effect.
6. Users are advised to review this document periodically to remain informed of any changes to the terms governing the collection and processing of their personal data.

Cookies are small text files placed on a user’s device by a website, which allow the site to recognise the device and store certain information about the user’s preferences and interactions. The platform uses cookies to collect statistical data about how users interact with the site, to analyse browsing behaviour, to personalise the experience presented to each user, and to support ongoing improvements to the platform’s functionality and performance. Cookies may also be used by authorised third-party analytics providers who assist the platform in understanding user activity in aggregate form. By default, cookies placed by the platform are retained on a user’s device for a period of up to one year, after which they expire and are no longer active. Users may manage their cookie preferences through their browser settings or through the platform’s cookie management tool; however, disabling certain cookies may affect the functionality of the service.

By accessing and using the services provided by the platform in the United Kingdom, users are deemed to have read, understood, and accepted the terms set out in this Privacy Policy in their entirety. The most current version of this Privacy Policy supersedes all previous versions and applies to all personal data collected and processed from the date of its publication. Users are encouraged to review this document on a regular basis, as the platform reserves the right to update its terms in response to changes in applicable law, regulatory guidance, or operational practice.

Personal data held by the platform may be disclosed to third parties in circumstances where such disclosure is required by law, is necessary for the resolution of disputes, or is otherwise required under contractual or regulatory obligations. Where a list of authorised third-party recipients is maintained on the platform, users are directed to consult that list for full details. In cases where recipients are not listed, users will be informed of the purpose and scope of any data sharing prior to, or at the time of, disclosure. By accepting this Privacy Policy and using the platform's services, users consent to the sharing of their personal data with third parties in the circumstances described.

The following points identify the categories of third parties with whom personal data may be shared:

1. Regulatory and law enforcement authorities, including the UK Gambling Commission, the Information Commissioner's Office, and other statutory bodies, where disclosure is required by law.
2. Identity verification and know-your-customer (KYC) service providers, who assist in confirming user identity in compliance with anti-money laundering legislation.
3. Payment processors and financial institutions, who facilitate the secure processing of deposits and withdrawals.
4. Responsible gambling organisations and self-exclusion scheme operators, such as GamStop, as required under UK Gambling Commission licence conditions.
5. Fraud detection and prevention services, which assist in identifying and mitigating suspicious account activity.
6. Analytics and technology providers, who support the technical operation and improvement of the platform under appropriate data processing agreements.
7. Legal advisers and professional consultants, where disclosure is necessary in connection with legal proceedings or regulatory enquiries.
8. Group companies and affiliated entities within the LeoVegas corporate structure, where data sharing supports the delivery of services to users.

The platform may contain hyperlinks to third-party websites that are not owned or operated by LeoVegas. Each of those external websites operates under its own privacy policy, which governs the collection and use of personal data by that site independently of this document. The platform does not accept responsibility for the privacy practices, data handling procedures, or content of any external websites linked to from the platform. Users are advised to exercise caution when following links to external sites and to review the relevant privacy policy of any third-party website before submitting personal information.

The following points clarify the platform’s position in relation to external website links:

1. The inclusion of a link to an external website does not constitute an endorsement of that site, its content, or its privacy practices.
2. The platform has no control over how third-party websites collect, store, or process personal data submitted by users on those sites.
3. Users access external websites entirely at their own discretion and assume full responsibility for any personal data they choose to share with those sites.
4. Third-party websites may use tracking technologies, including cookies and pixel tags, that are independent of those used by the platform.
5. Any personal data shared with a third-party website is governed solely by that website’s privacy policy and applicable law.
6. Users who identify a link on the platform that directs to an inappropriate or potentially harmful external website are encouraged to report it through the platform’s customer support channels.
7. The platform periodically reviews outbound links to remove or update references to sites that are no longer active or appropriate.
8. Neither the platform nor LeoVegas accepts liability for any loss or damage arising from a user’s interaction with an external website accessed via a link on the platform.