Privacy Policy

LuckyWins Casino

By accessing or using LuckyWins Casino, you agree to the terms of this privacy policy. This notice, together with our General Terms and Conditions, explains how we collect, process, store, and protect your personal data. Last updated on 9 September 2024 (Version 2.0.1), this policy complies with the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) and other applicable laws. We may update it from time to time; significant changes will be communicated where feasible, but we recommend checking this page regularly. Continued use of the website signifies your acceptance of the current version. If you do not agree or prefer not to share required information, please refrain from registering or using our services. The site is strictly for individuals aged 18 and over; we do not knowingly collect data from minors.

Start Playing Now 🎰

About Us

The website www.luckywins-casino.nz, referred to as “LuckyWins Casino,” “we,” “us,” or “our,” is owned and operated by Dama N.V., a company incorporated under the laws of Curaçao (registration number 152125, address: Scharlooweg 39, Willemstad, Curaçao). We hold an E-gaming license (No. OGL/2023/174/0082) issued by the Curaçao Gaming Control Board. As the data controller, we are legally required to process certain personal data to enable participation in games, handle transactions, and deliver related services.

We take privacy seriously and have appointed a Data Protection Officer (DPO) to oversee compliance and serve as your primary contact for privacy matters. For questions, rights requests, or concerns, reach out via email at [email protected]. General support is available through [email protected], live chat, or the account settings page.

Information We Collect

We gather data directly from you and automatically during your interactions with the site. This includes:

  • Identity and contact details provided during registration, verification, deposits, withdrawals, bonus claims, complaints, or other communications: full name, username, date of birth, gender, email, phone number, residential address, nationality, and identification documents.
  • Financial and transaction records: payment method details, deposit/withdrawal history, source of funds/wealth documentation, and related proofs.
  • Technical and usage data: IP address, browser type/version, operating system, login/logout times, pages visited, time spent, gameplay activity, device information, and cookie-derived data.
  • Responsible gambling and analytics information: self-assessment responses, play patterns, bonuses used, limits set, and aggregated usage statistics.
  • Data from third parties: verification results from age/ID checks, AML screening providers, credit agencies, group-operated sites, and marketing/affiliate partners.

We may also receive combined information if you hold accounts across multiple Group sites.

How We Use Your Information

Your data is processed for specific, lawful purposes, including:

  • Performing our contractual obligations: creating and managing your account, delivering games, processing payments, providing support, and handling transactions.
  • Complying with legal requirements: conducting KYC/AML checks, preventing fraud/money laundering/terrorism financing, adhering to gaming regulations, and maintaining responsible gambling standards.
  • Operating and improving the site: troubleshooting, analyzing usage patterns, conducting research, personalizing experiences, and enhancing functionality.
  • Marketing and communications: sending updates, promotions, and offers about our services or partner products, only with your consent.
  • Risk management: profiling for fraud detection, bonus abuse prevention, responsible gambling assessments, and assigning risk scores (with human oversight for final decisions).

We may create aggregated or anonymized datasets for statistical purposes that do not identify individuals.

Lawful Basis for Processing

Processing relies on one or more of the following grounds:

  • Performance of contract (e.g., account setup, gameplay, payments).
  • Legal obligation (e.g., AML/KYC, gaming license rules, responsible gambling).
  • Legitimate interests (e.g., fraud prevention, site security, service improvement), provided they do not override your rights.
  • Consent (e.g., marketing communications, certain profiling for personalization).

Sharing Your Data

We do not sell or rent personal data. Sharing occurs only when necessary and under strict controls:

  • Within the Dama N.V. Group for service delivery, fraud/AML/responsible gambling compliance, and (with consent) cross-promotion.
  • Employees and authorized personnel (bound by confidentiality agreements) such as compliance officers, fraud analysts, support teams, and VIP managers.
  • Service providers: game developers, payment processors (e.g., Trustly, Paysafe), marketing partners, hosting/analytics firms, verification/AML tools, and communication software providers.
  • Authorities: when required by law, court order, regulatory request, or to protect rights/safety.
  • In business transfers: during mergers, acquisitions, or similar events (with prior notice where possible).

All third parties are bound by data processing agreements ensuring GDPR-level protection.

International Transfers

Some recipients or processors may be located outside the EEA. We use safeguards such as European Commission-approved standard contractual clauses to maintain an adequate level of protection.

Data Retention

We keep personal data only as long as necessary for the purposes collected, legal obligations, or legitimate business needs. Anti-money laundering rules typically require retention of registration and transaction records for at least five years after the last activity or account closure. Anonymized data may be kept longer for analytics and service improvement.

Your Rights

Under data protection law you may:

  • Access your data (free copy).
  • Rectify inaccurate/incomplete information.
  • Erase data (subject to legal retention obligations).
  • Restrict processing in certain situations.
  • Object to processing based on legitimate interests.
  • Request data portability (where applicable).
  • Withdraw consent for consent-based processing.
  • Lodge a complaint with a supervisory authority.

To exercise these rights, contact our DPO. We aim to respond within one month, requesting identity verification where needed. Complex requests may require additional time.

Automated Decision-Making

We generally avoid fully automated decisions with legal or significant effects. Where profiling occurs (e.g., risk scoring), final decisions involve human review.

Data Security

We implement robust technical and organizational measures to protect your information against unauthorized access, loss, or misuse. Accounts require unique credentials, with optional two-factor authentication available. You must keep login details confidential and secure.

This policy forms part of our commitment to transparency and lawful data handling. For further assistance, contact support or the DPO directly.