We take your privacy as seriously as we take gaming integrity. This notice explains exactly how we handle your personal data - in plain language, without the smoke and mirrors.
Last updated: January 2026. This Privacy Notice applies to all players and visitors who interact with the Cazeus platform.
Cazeus is an online casino platform operated by a company licensed and regulated in accordance with applicable gambling legislation. We are the data controller in respect of all personal information you provide to us or that we collect about you in the course of your use of this platform.
As data controller, we are responsible for ensuring that your personal data is processed lawfully, fairly, and transparently. We take this responsibility seriously and have appointed a dedicated Data Protection Officer (DPO) whose role is to oversee our compliance with data protection legislation and to act as your point of contact for any privacy-related enquiries or requests.
If you have any questions about this Privacy Notice, wish to exercise any of your data protection rights, or want to raise a concern about how your personal data is being handled, you can contact our Data Protection Officer through the support channels available within your account. We commit to acknowledging all privacy-related communications within 48 hours and to providing a substantive response within the timeframes required by law - typically within one calendar month of receipt.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), which is the UK's independent data protection authority. The ICO's contact details and online complaint portal are available at ico.org.uk.
We collect personal data from you in several different ways and at several different stages of your relationship with us. The categories of personal data we may collect include the following.
Registration and identity data: When you create an account, we collect your full name, date of birth, residential address, email address, and username. This information is necessary to create your account and to verify your identity as required by our regulatory obligations.
Identity verification data: To comply with our Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations, we may collect copies of government-issued identity documents (such as a passport or driving licence), proof of address documents (such as a utility bill or bank statement), and, in some circumstances, source of funds documentation.
Financial data: We collect information about the payment methods you use, including card numbers (stored in tokenised form only - we never store your full card number), bank account details where relevant, and transaction history including deposits, withdrawals, and bonus activity.
Usage and behavioural data: We collect information about how you use our platform, including the games you play, session durations, bet amounts, win and loss patterns, device type, operating system, browser type, and IP address. This data is collected automatically when you use the platform.
Communications data: We retain records of communications you have with our support team, including chat transcripts and email correspondence, in order to ensure continuity of service and for quality assurance purposes.
Responsible gambling data: If you interact with our responsible gambling tools - such as setting deposit limits, requesting cooling-off periods, or initiating a self-exclusion - we record this information as part of our duty of care obligations.
Under UK GDPR, we must have a lawful basis for every processing activity involving your personal data. We rely on the following legal bases depending on the purpose of processing.
Performance of a contract: The processing of your registration data, financial data, and account activity data is necessary to provide you with the services you have signed up for. Without this processing, we cannot operate your account or deliver the casino experience.
Legal obligation: We are required by law to verify your identity, to monitor for suspicious activity, to maintain financial records for tax purposes, and to implement responsible gambling measures. These obligations arise from gambling legislation, anti-money laundering regulations, and data protection law itself.
Legitimate interests: We process certain data on the basis of our legitimate interests as a business - for example, using aggregated usage data to improve our platform, sending you service communications, and monitoring for fraud or cheating. In each case, we balance our legitimate interests against your rights and interests to ensure that this basis is appropriate.
Consent: Where we wish to send you marketing communications about promotions, new games, or special offers, we will ask for your explicit consent to do so. You can withdraw this consent at any time through your account settings or by contacting our support team, and withdrawal of consent will not affect the lawfulness of any processing that occurred before you withdrew it.
We use the personal data we collect for a defined set of purposes, all of which are connected to the operation of the Cazeus platform and our obligations as a licensed operator.
We use your data to create and manage your account, to process deposits and withdrawals, to verify your identity and eligibility to gamble, to administer bonuses and promotions, to detect and prevent fraud, money laundering, and other illegal activity, and to monitor and enforce compliance with our terms and conditions.
We also use data to improve the quality of our platform and services - for example, by analysing usage patterns to identify features that are not working as intended, or by reviewing support interactions to identify training needs within our team. This analysis is conducted on aggregated or pseudonymised data wherever possible, so that individual players are not directly identifiable in the resulting insights.
We use responsible gambling data specifically to fulfil our duty of care towards potentially vulnerable players - for example, by identifying behavioural patterns that may indicate a player is experiencing difficulties and proactively reaching out to offer support tools.
We do not sell your personal data to third parties. We share it only with carefully selected partners and service providers who are necessary to the operation of the platform, and only under strict contractual conditions that require them to protect your data to the same standard we do.
Categories of third parties with whom we share data include: identity verification and KYC service providers, payment processors and banking partners, game software studios (limited to technical data necessary for gameplay), fraud detection and cybersecurity services, customer support platform providers, email and communications infrastructure providers, and analytics partners who process data only in aggregated and anonymised form.
We may also disclose your data to regulatory authorities, law enforcement agencies, or courts when required to do so by law or when we believe in good faith that such disclosure is necessary to prevent or investigate illegal activity, to protect the safety of any person, or to protect our legal rights.
Where we transfer your data to third parties outside the United Kingdom, we ensure that appropriate safeguards are in place in accordance with UK GDPR - such as adequacy decisions, Standard Contractual Clauses, or other recognised transfer mechanisms.
We retain your personal data only for as long as is necessary for the purposes for which it was collected, subject to any longer retention periods required by law.
Account and identity data is typically retained for a period of five years following the closure of your account, in order to comply with anti-money laundering legislation and to allow us to respond to any regulatory enquiries that may arise during this period. Financial transaction data is retained for a minimum of six years in accordance with UK tax and accounting requirements.
Communications data - such as chat transcripts and email records - is retained for a period of two years from the date of the interaction, unless the content of the communication is relevant to an ongoing dispute or regulatory matter, in which case it may be retained for longer.
Responsible gambling data is retained throughout the period of any active self-exclusion and for a defined period afterwards to ensure that re-registration attempts by excluded players can be identified and prevented.
When personal data is no longer required for any of our lawful processing purposes, it is securely deleted or anonymised in accordance with our data retention and destruction procedures.
UK GDPR provides you with a number of rights in relation to your personal data. We are committed to facilitating the exercise of these rights promptly and without unnecessary obstacles.
Right of access: You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR), and we will respond within one calendar month of receipt.
Right to rectification: If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected. Where we are unable to update a record - for example, because the information forms part of a verified identity record - we will explain why.
Right to erasure: In certain circumstances, you have the right to request the deletion of your personal data. This right is not absolute - where we are legally required to retain data, we cannot delete it - but we will erase all data that we are not legally obliged to keep.
Right to restrict processing: You may ask us to restrict the processing of your data in certain situations - for example, while you contest the accuracy of data we hold, or while we consider your objection to our use of legitimate interests as a legal basis.
Right to data portability: Where processing is based on your consent or on a contract with you, and where processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
Right to object: You have the right to object to the processing of your personal data on the basis of legitimate interests, including profiling. You also have an absolute right to object to processing for direct marketing purposes.
To exercise any of these rights, please contact us through the support channels available within your account. We do not charge for the exercise of your rights, though we reserve the right to charge a reasonable fee or refuse requests that are manifestly unfounded or excessive.
Our platform uses cookies and similar tracking technologies to deliver a functional and personalised experience. Cookies are small files stored on your device that allow the platform to recognise you between sessions, maintain your login state, remember your preferences, and analyse your usage patterns.
We use the following categories of cookies: strictly necessary cookies that are essential for the platform to function (these cannot be disabled), functional cookies that remember your preferences such as language settings, performance and analytics cookies that help us understand how players use the platform (used only with your consent), and marketing cookies that may be used to show you relevant promotions (used only with your consent).
You can manage your cookie preferences through the cookie settings tool available on the platform. Please note that disabling certain categories of cookies may affect the functionality of the platform or the relevance of content shown to you. Strictly necessary cookies cannot be disabled as they are essential to platform operation.
We implement technical and organisational measures appropriate to the risk level of our processing activities to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include end-to-end SSL encryption for all data in transit, encrypted storage for sensitive data at rest, role-based access controls that limit data access to authorised personnel on a need-to-know basis, regular penetration testing and security audits, and staff training on data protection and information security practices.
Despite these measures, no digital system is entirely immune to security incidents. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office in accordance with our legal obligations.
We may update this Privacy Notice from time to time to reflect changes in our practices, our services, or applicable law. When we make material changes, we will notify you by email and by displaying a prominent notice on the platform. The date at the top of this notice always reflects when it was last revised.
We encourage you to review this notice periodically so that you remain informed about how we handle your personal data. Your continued use of the platform after a revised notice has been posted constitutes your acknowledgement of the updated terms.
