Privacy Policy
Last updated: 04 September 2025
1) About this Policy
This Privacy Policy explains how Cresus Casino (“Cresus”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you visit our websites, create an account, make deposits/withdrawals, play games, contact support, or otherwise interact with us. It also explains your privacy rights and how to exercise them.
2) Who We Are (Data Controller)
If we appoint a Data Protection Officer (DPO) or EU/UK representative, we will list their contact details here.
3) Scope and Applicability
This Policy applies to:
Our website(s), mobile site, and any mobile applications we operate;
Player account registration and gameplay;
Payments, withdrawals, identity verification (KYC), and anti-money laundering (AML) checks;
Customer support, live chat, and marketing communications;
Cookies, analytics, and similar technologies.
This Policy does not apply to third-party websites or services we do not control (e.g., payment providers or external game studios you may access via our platform). Their privacy notices govern their processing.
4) Personal Data We Collect
We collect and process the following categories of personal data:
Account & Contact Data
Name, username, password, date of birth, address, email, phone, language, country.Identity & KYC/AML Data
Government ID (e.g., passport/ID card/driver’s licence), proof of address, liveness/face-match results (where applicable), source-of-funds/wealth documents for enhanced due diligence, sanction/PEP/adverse-media screening results, internal risk indicators and case notes.Financial & Transactional Data
Deposit/withdrawal records, method and status, limited payment instrument details (tokenized or masked where possible), bonuses, wagering, wins/losses, chargeback alerts.Gameplay & Responsible Gaming Data
Game sessions, bet history, limits you set (deposit/time/reality checks), self-exclusion or cool-off status, interactions with responsible gaming tools.Device, Technical & Usage Data
IP address, device IDs, browser/user-agent, operating system, time zone, cookie IDs, session telemetry, referral/UTM parameters, pages visited, clicks, and interactions.Communications & Support Data
Support tickets, emails, live-chat transcripts, call recordings (where applicable), and survey responses.Marketing Preferences
Newsletter opt-ins/opt-outs, channel preferences (email/SMS/push), and campaign engagement (opens, clicks).
5) Why We Process Your Data (Legal Bases & Purposes)
We rely on the following legal bases under GDPR/UK GDPR:
Contract necessity: To create and manage your account, provide games, process deposits/withdrawals, and deliver requested services.
Legal obligation: To perform KYC/AML checks, age verification, responsible-gaming controls, accounting, regulatory reporting, and to respond to lawful requests.
Legitimate interests: To prevent fraud/abuse, ensure platform security, measure and improve performance, personalize non-intrusive features, and handle routine business needs (balanced against your rights).
Consent: For certain cookies/analytics/marketing (where required by law). You can withdraw consent at any time.
Key purposes include:
Account onboarding, verification, and age checks;
KYC/AML screening and enhanced due diligence;
Payment processing and withdrawal routing;
Game operation, fairness monitoring, and dispute handling;
Fraud prevention, risk management, and security;
Responsible gaming tools and interventions;
Customer support and service communications;
Analytics, service improvement, and (with consent) marketing;
Compliance with laws and regulatory requests.
6) Cookies & Similar Technologies
We use necessary cookies to make the site work and (where permitted) analytics/marketing cookies to understand performance and improve your experience.
Strictly necessary: authentication, session security, fraud prevention.
Performance/analytics: usage metrics, diagnostics (consent where required).
Marketing: measuring campaign effectiveness, frequency capping (consent).
You can manage preferences through our cookie banner or in your browser settings. Disabling certain cookies may affect site functionality.
7) Automated Decision-Making & Profiling
We use automated systems to support:
Age/KYC checks (document validation, liveness/face matching);
Fraud and AML monitoring (velocity checks, unusual patterns, sanction/PEP matches);
Responsible gaming (usage patterns that may trigger reality checks or limits).
Where automated decisions produce legal or similarly significant effects, you have the right to request human review, express your point of view, and contest the decision (subject to legal constraints such as “no tipping-off” rules in AML contexts).
8) Who We Share Data With
We share data with trusted recipients under contracts that require appropriate security and confidentiality:
Payment processors and banking partners (to process deposits/withdrawals and verify ownership of payment methods).
KYC/AML and fraud-prevention providers (identity verification, sanctions/PEP screening, adverse-media, device fingerprinting).
Game studios/aggregators (to deliver games you choose to play; typically pseudonymous identifiers and gameplay metadata).
IT, hosting, analytics, and customer support tools (to operate and support our services).
Auditors, advisors, and insurers (for compliance and risk management).
Regulators, law enforcement, and competent authorities (where required by law or to protect rights, players, and our business).
Corporate transactions (in case of merger, acquisition, or reorganization, under confidentiality).
We do not sell your personal data.
9) International Data Transfers
If data is transferred outside the EEA/UK (e.g., to service providers or group companies), we use lawful transfer mechanisms such as EU/UK Standard Contractual Clauses (SCCs) and, where required, transfer risk assessments and supplementary measures.
10) Data Retention
We keep personal data only as long as needed for the purposes described above, including to meet legal/regulatory obligations and to resolve disputes. Typical retention horizons (may vary by law):
KYC/AML records: at least 5–10 years after account closure or last transaction (local law prevails).
Account & transactional data: while the account is active and for 5–10 years thereafter (legal/accounting).
Gameplay & RG data: for the account lifecycle and a legally required period afterward.
Marketing preferences: until you opt out or your account is deleted (kept on a suppression list after opt-out).
Support communications: usually 2–5 years, unless longer needed for disputes or compliance.
We may retain anonymized/aggregated data for analytics without time limit.
11) Security
We implement organizational and technical safeguards: encryption in transit and at rest where appropriate, access controls and role-based permissions, logging and monitoring, vulnerability management, staff training, and vendor due diligence. No system can be 100% secure; we maintain incident response procedures to detect, contain, and notify where required by law.
12) Your Privacy Rights
Depending on your location, you may have the following rights:
Access: receive a copy of your personal data.
Rectification: correct inaccurate or incomplete data.
Erasure: request deletion (subject to legal retention duties).
Restriction: request limited processing in certain cases.
Portability: obtain data in a structured, machine-readable format and request transfer.
Object: object to processing based on legitimate interests or to direct marketing.
Withdraw consent: where processing relies on consent, you can withdraw it at any time.
We will honour these rights in accordance with applicable law. Certain requests may be limited by legal obligations (e.g., AML “no tipping-off”, statutory retention).
13) Changes to this Policy
We may update this Policy from time to time to reflect changes in law, regulation, or our services. We will post the updated version with a new “Last updated” date, and, where appropriate, notify you via the website or email.