Winner Island Casino - Privacy Policy

Winnerisland is a trading name of Winnerisland Ltd, registered in England and Wales. Our registered office address is provided on request to privacy@winnerislandcasino.co.uk. Our Data Protection Officer can be contacted at the same address.

We are registered with the UK Information Commissioner's Office (ICO) as a data controller. You can verify our registration at ico.org.uk.

Identity and contact data: full legal name, date of birth, gender, nationality, residential address, email address, telephone number, copies of identification documents (passport, driving licence, national ID) and proof-of-address documents.

Financial data: payment card details (tokenised by our PCI-DSS Level 1 payment processors — we never store full card numbers), bank account details, e-wallet identifiers, deposit and withdrawal history, source-of-funds evidence and tax identification numbers where required.

Gameplay and transaction data: account balance, bets placed, games played, session length, win/loss history, bonus history, chat messages and customer-service interactions.

Technical data: IP address, geolocation, device type, operating system, browser, language, time-zone, login times and a device fingerprint used for fraud prevention.

Marketing and communication data: your preferences for receiving marketing from us and our partners, and your communication preferences.

Performance of contract: to register and operate your account, process deposits and withdrawals, deliver the games and pay out winnings.

Legal obligation: to verify your identity and age (KYC), comply with anti-money laundering, counter-terrorist financing, sanctions and tax-reporting laws, and respond to lawful requests from regulators, courts and law enforcement.

Legitimate interests: to detect and prevent fraud, bonus abuse and problem gambling; to secure our platform; to improve our products; to manage complaints; and to defend legal claims. We have balanced these interests against your rights and consider them not overridden.

Consent: to send you marketing communications, to use non-essential cookies, and to share your data with marketing partners. You can withdraw consent at any time.

We share personal data with: payment service providers and banks; identity-verification and KYC vendors (e.g. Onfido, Jumio); fraud-prevention agencies; cloud and IT providers (under strict data-processing agreements); game-content suppliers; our regulator Anjouan Gaming and other competent authorities; tax authorities where legally required; law-enforcement agencies under valid legal process; and our professional advisors (lawyers, auditors, accountants).

Where data is transferred outside the UK or EEA, we rely on UK or EU adequacy decisions, the UK International Data Transfer Agreement, or Standard Contractual Clauses with appropriate supplementary measures.

We never sell your personal data. We may disclose anonymised, aggregated statistics for industry research.

Account, KYC, transaction and gameplay records: kept for the duration of your account plus 5 years after closure, in line with the Money Laundering Regulations 2017.

Customer-service correspondence: 3 years after last contact.

Marketing data: until you withdraw consent, then deleted within 30 days.

Cookies and analytics data: see our cookie banner for retention periods (typically 13 months or less).

Under UK GDPR you have the right to: access a copy of your personal data; have inaccurate data rectified; request erasure ("the right to be forgotten") subject to our retention obligations; restrict or object to processing; receive your data in a portable format; and withdraw consent where we rely on it.

To exercise any of these rights, email privacy@winnerislandcasino.co.uk. We will respond within one calendar month. If you are unhappy with our response, you may complain to the Information Commissioner's Office at ico.org.uk or call 0303 123 1113.

We use strictly necessary cookies to operate the site and, with your consent, performance, functional and marketing cookies. You can manage your preferences at any time via the cookie settings link in the site footer.

We use TLS encryption in transit, AES-256 encryption at rest, multi-factor authentication on all administrative accounts, segmented networks, regular penetration testing and 24/7 security monitoring. Despite these measures, no system is 100% secure; please notify us immediately if you suspect a breach.

We will notify you of material changes by email at least 14 days before they take effect. The current version is always available on this page.