This Privacy Policy outlines how Bass Win Casino collects, uses, stores, and protects your personal data in compliance with UK GDPR, Data Protection Act 2018, and UK Gambling Commission requirements.
At Bass Win Casino, we are committed to protecting your privacy and personal data. This Privacy Policy applies to all users of our gaming services, including visitors to our official website, mobile applications, and registered players. As a UK-licensed operator regulated by the Gambling Commission, we adhere to strict data protection standards that exceed industry norms.
| Term | Definition | Application at Bass Win |
|---|---|---|
| Personal Data | Any information relating to an identifiable individual | Includes name, address, payment details, gaming history |
| Data Controller | The entity determining purposes of data processing | Bass Win Casino Ltd |
| Data Processor | Entity processing data on controller's behalf | Payment providers, game developers, CRM platforms |
| Special Category Data | Sensitive data requiring enhanced protection | Biometric data for verification, health data for RG |
This policy supplements our Terms & Conditions and Responsible Gambling Policy. By using Bass Win Casino services, you consent to the data practices described in this document, which has been drafted in accordance with guidance from the Information Commissioner's Office (ICO).
Bass Win Casino collects data through multiple lawful channels to provide our gaming services, comply with regulatory obligations, and enhance your user experience. Our data collection is proportionate, transparent, and necessary for legitimate business purposes.
| Data Category | Specific Elements | Purpose of Collection | Legal Basis |
|---|---|---|---|
| Identity Information | Full name, date of birth, nationality | Age verification, UKGC compliance, fraud prevention | Legal obligation, Contract fulfilment |
| Contact Details | Email address, telephone number, postal address | Account communication, withdrawal processing | Contract fulfilment, Legitimate interest |
| Financial Information | Payment method details, transaction history | Deposit/withdrawal processing, AML checks | Legal obligation, Contract fulfilment |
| Verification Data | Passport scans, utility bills, proof of address | KYC compliance, regulatory requirements | Legal obligation, Legitimate interest |
We automatically collect technical information through cookies and similar technologies when you access Bass Win Casino services:
| Data Type | Examples | Collection Method |
|---|---|---|
| Device Information | IP address, browser type, operating system | Automatic logging, cookies |
| Usage Patterns | Pages visited, games played, session duration | Analytics tools, server logs |
| Geolocation Data | Country, region, city-level location | IP analysis, voluntary sharing |
| Responsible Gaming Data | Deposit limits, self-exclusion periods, play history | Account settings, user input |
Bass Win Casino processes your data for specific, legitimate purposes that align with our regulatory obligations and your expectations as a player. Below is a comprehensive overview of our data usage practices for 2026:
| Purpose | Data Used | Processing Activities | Legal Basis |
|---|---|---|---|
| Account Management | Identity, contact, verification data | Account creation, login authentication, profile updates | Contract fulfilment |
| Regulatory Compliance | Full identity verification documents | KYC checks, AML monitoring, age verification | Legal obligation (UKGC) |
| Payment Processing | Financial information, transaction history | Deposit acceptance, withdrawal verification, fraud detection | Contract fulfilment, Legal obligation |
| Gaming Services | Game history, preferences, technical data | Game personalisation, fairness monitoring, bug resolution | Legitimate interest, Contract fulfilment |
| Customer Support | Contact details, account history, communications | Query resolution, complaint handling, service updates | Legitimate interest, Contract fulfilment |
| Marketing Communications | Email address, preferences, game history | Bonus offers, promotions, new game announcements | Consent (opt-in required) |
| Responsible Gambling | Play patterns, deposit history, self-exclusion data | Player protection, limit setting, intervention support | Legal obligation, Vital interests |
We analyse aggregated, anonymised data to improve Bass Win Casino services, develop new features, and enhance security. This includes analysing game popularity, identifying technical issues, and optimising user experience. Personal identifiers are removed from analytics datasets.
Under UK GDPR and Data Protection Act 2018, we process your personal data based on one or more of the following legal grounds:
| Legal Basis | Application at Bass Win Casino | Your Rights |
|---|---|---|
| Contract Fulfilment | Processing necessary to provide gaming services you request | Cannot opt-out without terminating account |
| Legal Obligation | Processing required by UKGC, AML, and gambling laws | Cannot opt-out due to regulatory requirements |
| Legitimate Interests | Processing for business needs that don't override your rights | Right to object to specific processing |
| Consent | Processing for marketing, cookies, optional features | Right to withdraw consent at any time |
| Vital Interests | Processing to protect your health/safety (RG interventions) | Limited right to restriction |
Where we rely on legitimate interests, we conduct balancing tests to ensure our interests don't override your fundamental rights. For consent-based processing, we maintain clear records of when and how consent was obtained.
Bass Win Casino may share your data with trusted third parties under strict contractual agreements. We never sell your personal data to third parties for marketing purposes.
| Third Party Category | Purpose of Sharing | Data Elements Shared | Location |
|---|---|---|---|
| Payment Processors | Transaction processing, fraud prevention | Payment details, transaction amounts | UK/EEA, with adequacy decisions |
| Game Providers | Game delivery, fairness verification | Game history, technical session data | Primarily UK/EEA based |
| KYC/AML Providers | Identity verification, fraud prevention | Full identity documents, proof of address | UK based, regulated providers |
| IT Service Providers | Infrastructure, hosting, maintenance | Technical data, account information | UK data centres |
| Regulatory Bodies | Compliance reporting, investigations | Account data, transaction history | UK Gambling Commission only |
As a UK-licensed operator, Bass Win Casino primarily stores and processes data within the United Kingdom. Where international transfers occur (e.g., to EEA-based game providers), we ensure adequate safeguards through:
We implement comprehensive technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.
| Security Area | Measures Implemented | Compliance Standard |
|---|---|---|
| Technical Security | 256-bit SSL encryption, firewalls, intrusion detection | PCI DSS Level 1, ISO 27001 |
| Access Control | Role-based access, multi-factor authentication, audit logs | UKGC security requirements |
| Data Encryption | Encryption at rest and in transit, tokenisation | GDPR Article 32 |
| Staff Training | Regular data protection training, confidentiality agreements | ICO guidance |
| Incident Response | 72-hour breach notification procedure, recovery plans | GDPR breach notification rules |
Payment card details are never stored on Bass Win Casino servers. All financial transactions are processed through PCI DSS Level 1 certified payment gateways using tokenisation technology. We only retain masked card references for verification purposes.
Under UK data protection law, you have specific rights regarding your personal data. Bass Win Casino respects these rights and has established procedures to facilitate their exercise.
| Right | Description | How to Exercise at Bass Win | Potential Limitations |
|---|---|---|---|
| Right of Access | Receive copy of your personal data | Submit Subject Access Request via account portal | Identity verification required |
| Right to Rectification | Correct inaccurate/incomplete data | Update profile or contact support | Verification documents may be required |
| Right to Erasure | Request deletion of your data | Account closure request via support | Legal/regulatory retention periods apply |
| Right to Restriction | Limit processing of your data | Contact DPO with specific request | May affect service availability |
| Right to Data Portability | Receive data in machine-readable format | Request via account settings | Applies only to consent/contract data |
| Right to Object | Object to specific processing activities | Update preferences or contact DPO | Doesn't apply to legal obligation processing |
Response Times: We aim to respond to all rights requests within 30 calendar days, though complex requests may require up to 90 days (we will notify you if extended). All requests are processed free of charge unless manifestly unfounded or excessive.
We retain personal data only for as long as necessary for the purposes collected, considering legal, regulatory, and business requirements. Our retention schedule complies with UKGC license condition 12.1.1 and GDPR storage limitation principle.
| Data Category | Retention Period | Rationale | Disposal Method |
|---|---|---|---|
| Active Account Data | Duration of account plus 6 years | Contract fulfilment, tax records | Secure deletion/anonymisation |
| Financial Records | 7 years from last transaction | HMRC requirements, AML regulations | Secure deletion |
| KYC Documents | 10 years from account closure | UKGC license conditions, fraud prevention | Secure deletion |
| Self-Exclusion Data | Minimum 6 years from expiry | Player protection, regulatory requirement | Secure deletion |
| Marketing Consent | Until withdrawal of consent | Consent-based processing | Immediate suppression |
| Closed/Inactive Accounts | 6 years from closure | Legal claims limitation period | Secure deletion/anonymisation |
Anonymisation: After retention periods expire, we either securely delete data or anonymise it for statistical analysis. Anonymised data cannot be linked back to individuals and is used indefinitely for business intelligence.
For questions about this Privacy Policy or to exercise your data rights, contact our Data Protection Officer using the following channels:
Email: [email protected]
Post: Data Protection Officer
Bass Win Casino Ltd
123 Regulatory Street
London, EC2A 4JT
Support: [email protected]
Phone: +44 (0)20 7123 4567
Live Chat: Available 24/7 via website
If unsatisfied with our data handling, you have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Phone: 0303 123 1113 | Website: ico.org.uk/make-a-complaint/
This Privacy Policy may be updated periodically to reflect legal, regulatory, or operational changes. We'll notify you of significant changes via email or website notice. Continued use of Bass Win Casino services after updates constitutes acceptance of the revised policy.
Version: 3.2 | Effective Date: 15 January 2026