True Fortune Casino

Privacy Policy

This Privacy Policy governs the collection, processing, and protection of personal information provided by users of our online gaming platform. We are committed to maintaining the highest standards of data protection in accordance with UK legislation, including the Data Protection Act 2018 and UK GDPR requirements. This policy outlines our practices regarding personal data handling, user rights, and security measures implemented to safeguard your information throughout your gaming experience.

Last updated: January 23, 2026

1. Information We Collect

We collect various types of personal information necessary to provide our gaming services and ensure compliance with regulatory requirements. The scope of data collection is designed to facilitate account management, payment processing, and responsible gaming practices while maintaining legal compliance under UK gambling legislation.

  1. Personal identification information including full name, date of birth, residential address, and contact details such as email address and telephone number
  2. Financial information encompassing payment method details, banking information, transaction history, and withdrawal preferences for secure monetary operations
  3. Gaming activity data including gameplay patterns, betting history, session duration, preferred games, and wagering behaviour for responsible gaming monitoring
  4. Technical information such as IP address, device specifications, browser type, operating system, and connection details for security and service optimisation
  5. Identity verification documents including passport, driving licence, utility bills, and other documentation required for KYC compliance and age verification
  6. Communication records encompassing customer service interactions, live chat transcripts, email correspondence, and support ticket history
  7. Preference settings including notification preferences, game settings, deposit limits, and responsible gaming controls configured by users

2. Purpose of Data Processing

Personal data processing serves multiple legitimate purposes essential for operating our gaming platform while ensuring regulatory compliance and user safety. Our data processing activities are conducted under lawful bases including contractual necessity, legal obligations, and legitimate interests.

We process personal information to facilitate account creation and management, enabling users to access our gaming services and maintain their player profiles. Payment processing requires comprehensive financial data handling to execute deposits, withdrawals, and transaction monitoring for anti-money laundering compliance.

Regulatory compliance necessitates extensive data processing to meet UK Gambling Commission requirements, including identity verification, age confirmation, source of funds verification, and ongoing due diligence procedures. Responsible gaming measures rely on behavioural data analysis to identify potential problem gambling indicators and implement appropriate interventions.

Security monitoring utilises technical data to detect fraudulent activities, prevent unauthorised access, and maintain platform integrity through sophisticated risk assessment systems.

3. Legal Basis for Processing

Our data processing activities operate under specific legal bases established by UK data protection legislation. Each category of personal data processing aligns with appropriate lawful grounds ensuring compliance with regulatory requirements.

Contractual necessity forms the primary legal basis for processing personal data essential to providing gaming services, including account management, payment processing, and game access. Pre-contractual measures encompass identity verification and eligibility assessment procedures conducted before account activation.

Legal obligations require extensive data processing to comply with UK Gambling Commission regulations, anti-money laundering legislation, tax reporting requirements, and consumer protection measures. These obligations mandate specific data retention periods and reporting procedures.

Legitimate interests justify data processing for security monitoring, fraud prevention, service improvement, and marketing communications where balanced against user privacy rights and expectations.

4. Data Sharing and Third Parties

We maintain strict controls over personal data sharing, limiting third-party access to circumstances where necessary for service provision, regulatory compliance, or legal requirements. All data sharing arrangements incorporate appropriate safeguards and contractual protections.

  1. Payment service providers receive financial information necessary for transaction processing, including banking details and payment history for deposit and withdrawal operations
  2. Identity verification services access identification documents and personal details to conduct KYC procedures and age verification checks as required by gambling regulations
  3. Regulatory authorities may receive personal data and gaming records when required for compliance investigations, licence monitoring, or legal proceedings
  4. Technical service providers access limited technical data for platform maintenance, security monitoring, and system optimisation under strict confidentiality agreements
  5. Marketing partners may receive anonymised demographic data for promotional activities, excluding personally identifiable information unless explicit consent is provided
  6. Legal and professional advisors access relevant personal data when necessary for legal compliance, dispute resolution, or regulatory consultation purposes

5. Data Security Measures

We implement comprehensive security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. Our security framework incorporates industry-standard technologies and procedures designed to safeguard user information throughout its lifecycle.

Technical safeguards include advanced encryption protocols for data transmission and storage, secure server infrastructure with regular security updates, multi-factor authentication systems, and sophisticated intrusion detection mechanisms. Access controls ensure that personal data is accessible only to authorised personnel with legitimate business requirements.

Organisational measures encompass regular security training for staff members, strict data handling procedures, background checks for personnel with data access, and regular security audits conducted by independent specialists.

Physical security protections include secure data centres with restricted access, environmental controls, backup power systems, and comprehensive disaster recovery procedures to ensure data availability and integrity.

6. Data Retention Periods

Personal data retention periods are determined by regulatory requirements, business necessity, and legal obligations applicable to online gambling operations. We maintain clear retention schedules ensuring data is preserved for appropriate periods while avoiding unnecessary long-term storage.

Account information and gaming records are retained for seven years following account closure to comply with UK Gambling Commission requirements and financial record-keeping obligations. Payment transaction data is preserved for six years to meet anti-money laundering legislation and tax reporting requirements.

Identity verification documents are retained throughout the account lifecycle and for five years post-closure to maintain KYC compliance and facilitate regulatory inspections. Communication records are preserved for three years to support customer service quality and dispute resolution processes.

Technical logs and security data are retained for periods ranging from six months to two years depending on their purpose and regulatory relevance, with automated deletion procedures ensuring timely data removal.

7. User Rights and Controls

Under UK data protection legislation, users possess comprehensive rights regarding their personal data processing. We provide accessible mechanisms for exercising these rights while maintaining appropriate verification procedures to prevent unauthorised access.

  1. Access rights enable users to obtain confirmation of personal data processing activities and receive copies of processed information through secure account portals
  2. Rectification rights allow users to request correction of inaccurate or incomplete personal data through customer service channels or account management interfaces
  3. Erasure rights permit data deletion requests in specific circumstances, subject to regulatory retention requirements and legitimate business interests
  4. Processing restriction rights enable users to limit certain data processing activities while maintaining essential services and regulatory compliance
  5. Data portability rights facilitate transfer of personal data to alternative service providers in structured, commonly used formats where technically feasible
  6. Objection rights allow users to challenge processing based on legitimate interests, including direct marketing activities and automated decision-making
  7. Automated decision-making protections ensure human oversight of significant automated processing affecting user accounts or gaming privileges

8. Cookies and Tracking Technologies

Our platform utilises various tracking technologies to enhance user experience, ensure security, and comply with regulatory requirements. We provide transparent information about cookie usage and offer user controls where appropriate.

Essential cookies facilitate core platform functionality including session management, security features, and payment processing. These cookies are necessary for service provision and cannot be disabled without affecting platform operation.

Analytics cookies collect anonymous usage statistics to improve service quality, identify popular games, and optimise user interfaces. Performance cookies monitor system response times and identify technical issues requiring attention.

Marketing cookies enable personalised promotional content delivery and measure campaign effectiveness when users provide appropriate consent. Users can manage marketing cookie preferences through account settings or browser controls.

9. Contact Information and Complaints

We maintain accessible communication channels for privacy-related inquiries, data protection concerns, and complaint resolution. Our dedicated data protection team responds promptly to user requests while ensuring appropriate verification procedures.

Privacy inquiries can be submitted through our customer service portal, email correspondence, or written communication to our registered office address. We endeavour to respond to all privacy requests within one month of receipt, with extensions communicated where complex requests require additional processing time.

Users retain the right to lodge complaints with the Information Commissioner’s Office if unsatisfied with our data protection practices or response to privacy concerns. We encourage direct communication to resolve issues promptly while respecting users’ rights to regulatory recourse.

Regular policy updates reflect evolving legal requirements, service enhancements, and user feedback. Significant changes are communicated through account notifications, website announcements, and email communications to ensure users remain informed about data processing practices.