How personal data is handled

This Privacy Policy explains how the WG casino official website collects, uses, stores, discloses, protects, and destroys personal data for its online casino and sportsbook services. The document covers account data, payment information, security checks, cookies, and records needed for legal compliance. Personal data is processed on the basis of user consent where consent is required, and on other lawful grounds under UK data protection law. The operator applies security controls to protect information and limits use to the purposes described in this policy.

Data collected and safeguards

The operator collects personal information needed to provide gambling services, meet legal duties, process payments, and protect users. Data collection is limited to information that is relevant, lawful, and proportionate.

Types of personal data collected

Personal data may include:

  • Identity data, including name, date of birth, nationality, and documents used for age and identity checks;
  • Contact data, including email address, postal address, and telephone number;
  • Account data, including username, account status, login records, preferences, responsible gambling settings, and support messages;
  • Payment information, including payment method details, transaction references, withdrawal records, and fraud prevention results;
  • Technical information, including IP address, device data, browser type, log data, cookie identifiers, and session activity;
  • Compliance records, including safer gambling checks, anti money laundering reviews, source of funds information, self exclusion records, and dispute history.

Reasons for collection

The operator may collect and process information to:

  • Create and manage user accounts;
  • Verify age, identity, and eligibility to use the services;
  • Process deposits, withdrawals, refunds, and account adjustments;
  • Detect fraud, money laundering, account misuse, and security risks;
  • Apply safer gambling controls and meet regulatory duties;
  • Improve website performance, customer support, and service reliability;
  • Meet duties under the UK General Data Protection Regulation, Data Protection Act 2018, Gambling Act 2005, Proceeds of Crime Act 2002, and Privacy and Electronic Communications Regulations.

Security measures

Technical and organisational safeguards may include:

  • Encryption of sensitive data during transmission and storage;
  • Restricted access based on business need and least privilege controls;
  • Multi factor access controls for internal systems where appropriate;
  • Staff confidentiality duties and data protection training;
  • Monitoring for unauthorised access, account misuse, and suspicious activity;
  • Secure retention and deletion procedures for records no longer required.

User rights

Users have rights under UK data protection law, subject to legal and regulatory limits. These rights may include:

  • Access to personal data held by the operator;
  • Correction of inaccurate or incomplete information;
  • Deletion of data where no legal retention duty applies;
  • Restriction or objection to certain processing activities;
  • Data portability where technically possible and legally required;
  • Withdrawal of consent where processing depends on consent;
  • A complaint to the Information Commissioner’s Office.

Purposes for data use

Personal data is used only for lawful and transparent purposes connected with the services, legal obligations, security, and user account management. The operator does not use personal information for undisclosed purposes.

Account and service operation

Information may be used to:

  • Register, maintain, suspend, or close user accounts;
  • Confirm identity, age, address, and eligibility;
  • Record bets, game activity, bonuses, balances, payments, and withdrawals;
  • Manage support enquiries, complaints, chargebacks, and disputes;
  • Apply safer gambling tools, limits, time outs, and self exclusion requests.

Transactions and payments

Payment data may be processed to:

  • Authorise deposits and withdrawals;
  • Check payment ownership and prevent unauthorised transactions;
  • Meet anti money laundering and fraud prevention duties;
  • Keep accurate accounting, audit, and tax records;
  • Share required details with banks, payment processors, card schemes, and fraud prevention providers.

Service improvement and analytics

Technical and usage information may be used to:

  • Measure website performance and service availability;
  • Analyse errors, loading issues, and security events;
  • Assess user behaviour for safer gambling and compliance purposes;
  • Improve account features, navigation, and support processes;
  • Prepare statistics in aggregated or anonymised form where possible.

Marketing and communications

Marketing use depends on consent or another lawful basis where permitted. Users may receive account notices, regulatory messages, service updates, and security alerts without marketing consent where those messages are necessary for the services. Direct marketing preferences can be changed through account settings or support channels where available.

Legal bases for processing

The operator may rely on:

  • Consent, where a user has agreed to a specific use;
  • Contract, where processing is needed to provide the services;
  • Legal obligation, where laws or regulators require processing;
  • Legitimate interests, where processing is necessary for security, fraud prevention, service administration, or legal claims;
  • Vital interests, where action is needed to protect a person in serious circumstances.

Control over account information

Users may request access, correction, or deletion of personal information held by the operator. Some records must be retained for legal, regulatory, accounting, fraud prevention, or safer gambling reasons.

Access and update process

A request may be handled through the following steps:

  1. The user submits a request through account support or the privacy contact available on the website.
  2. The operator verifies the requester’s identity before releasing or changing personal data.
  3. Relevant information is supplied in a structured format where required by law.
  4. Incorrect or incomplete records are corrected after verification.
  5. Deletion requests are assessed against legal retention duties and active dispute records.

Deletion and restriction

Where deletion cannot be completed immediately, the operator may restrict access to the record or retain only the information required by law. Examples include anti money laundering records, payment evidence, self exclusion data, responsible gambling records, and dispute documents.

Security checks and payment processing

By creating or using an account, a user consents where required to identity checks, age checks, fraud screening, safer gambling reviews, and payment data processing by authorised service providers. Payment providers process transaction information under their own security controls and applicable payment industry requirements.

Age limits and minors

The services are intended only for persons aged 18 or over. It is unlawful for a person under 18 to gamble on a casino or sportsbook website serving the United Kingdom.

The operator may request documents or electronic checks to confirm age and identity. Without reliable documents or trusted verification sources, the operator may not be able to confirm a user’s age.

If a parent or guardian believes that a minor has submitted personal data, they may contact the operator with enough information to identify the account or record. After verification, the operator will take appropriate action, which may include account closure, deletion of the minor’s personal data where permitted, and retention of limited records where required by law.

Transfers outside the United Kingdom

Personal data may be processed in other countries where the operator, hosting providers, payment processors, identity verification providers, fraud prevention services, analytics providers, or support suppliers are located. Such processing may occur when it is necessary to operate the services, manage accounts, complete transactions, or meet legal duties.

Where data is transferred outside the United Kingdom, the operator applies appropriate safeguards under UK data protection law. These safeguards may include adequacy regulations, the International Data Transfer Agreement, the UK addendum to standard contractual clauses, access controls, confidentiality terms, and supplier due diligence.

Continued use of the website confirms consent to international processing where consent is the relevant lawful basis. All partners that receive personal information must protect confidentiality and use the data only for agreed purposes.

Effect of disclaimers and acceptance

A legal disclaimer published with this policy may affect how particular rules apply, including the scope, limits, or effect of a stated provision. A disclaimer cannot remove statutory rights that apply under UK data protection law.

The disclaimer applies once the user accepts this policy or related website terms. Acceptance may occur through:

  • Electronic tick box acceptance;
  • Written or digital signature;
  • Account registration where the terms state acceptance by accession;
  • Continued account access after notice of a policy update;
  • Another documented consent method recognised by applicable law.

If any part of a disclaimer conflicts with mandatory law, the mandatory legal requirement will prevail.

Policy agreement and current version

Use of the website, account registration, or continued access to the services confirms full acceptance of this Privacy Policy. If a user does not agree with the policy, the account or service access may be limited according to the website terms and applicable law.

The current version published on the website prevails over earlier versions. If the policy is updated, the new version applies after publication or notice where notice is required. Historical versions may be retained for legal, audit, or dispute purposes.

Sharing with external recipients

Personal data may be shared with third parties where this is lawful, necessary, and proportionate. Disclosures may occur because of legal duties, dispute handling, service agreements, payment processing, identity checks, security reviews, or regulatory requirements.

Possible recipients

Personal information may be disclosed to:

  • Regulators, law enforcement bodies, courts, and public authorities;
  • Payment processors, banks, card schemes, and fraud prevention providers;
  • Identity, age verification, and anti money laundering suppliers;
  • Hosting, security, analytics, and technical service providers;
  • Professional advisers, auditors, insurers, and legal representatives;
  • Business partners where an agreement requires processing for the services.

Where recipients are listed on the website, users can review the named parties and the relevant purpose. If a recipient is not named, the operator may identify the category of recipient, purpose, and scope of sharing when required by law.

A user who submits personal data gives consent to the described sharing where consent is the relevant lawful basis. Each recipient must process information under confidentiality duties, contract terms, and applicable data protection law.