At Seven Casino, we understand that your trust is paramount. Our privacy policy is built on transparency and compliance with the UK General Data Protection Regulation (GDPR), the Information Commissioner's Office (ICO) 2026 guidelines, and the UK Gambling Commission (UKGC) data transparency standards. This comprehensive guide explains exactly how we collect, process, store, and protect your personal and financial data throughout your gaming journey with us.
Unlike generic privacy documents that obscure obligations beneath legal jargon, this policy contextualises Seven Casino player data protection within current UK regulatory frameworks. Whether you're registering for the first time, claiming a bonus, or withdrawing winnings, you deserve to know precisely what happens to your information.
📌 Table of Contents
- 🔐 What Data We Collect and Why
- ⚖️ Legal Basis for Data Processing
- 📊 Data Retention Periods and Storage
- 🤝 Third-Party Sharing and International Transfers
- 🍪 Cookie Usage and Tracking Technologies
- ✅ Your Player Rights Under UK GDPR
- 🛡️ Data Security and Encryption Standards
- 📞 Contact Us and Complaints
🔐 What Data We Collect and Why
When you engage with Seven Casino, we collect both mandatory and optional information to deliver our service, verify your identity, and comply with UK gambling regulations.
Initial Registration Data
During account registration, we collect:
- Identity Information: Full name, date of birth, address, and phone number — required to verify you're 18+ and comply with UKGC licensing requirements
- Contact Details: Email address and mobile number for account notifications, promotional communications (with your consent), and security alerts
- Account Credentials: Username and password (encrypted) to secure your account access
- Verification Documentation: Proof of identity (passport, driving licence) and proof of address (utility bills, bank statements) — legally required to prevent fraud and money laundering under the Proceeds of Crime Act 2002
Financial and Payment Data
When you deposit, withdraw, or place bets, we collect:
- Payment Card Information: Card number (tokenised and never stored in full), expiry date, and billing address — processed securely by PCI-DSS certified payment processors
- Bank Account Details: If using bank transfers or e-wallets (PayPal, Skrill, Neteller), we collect account identifiers required for transaction processing
- Transaction History: All deposits, withdrawals, and bet amounts to calculate bonuses, track spending, and detect suspicious activity
- Affordability Data: Income and financial situation (if provided) — processed under UKGC affordability checks to ensure responsible gambling
Gameplay and Behavioural Data
- Gaming Activity: Games played, stakes, winnings, loss amounts, session duration, and frequency — used to personalise your experience and identify at-risk behaviour
- Device Information: IP address, device type, operating system, and browser — essential for fraud detection and account security
- Location Data: Approximate geographic location (via IP geolocation) to ensure you're within the UK jurisdiction and not using VPNs
⚖️ Legal Basis for Data Processing Under UK GDPR
Seven Casino processes your data under six primary legal bases, each tailored to specific processing activities:
| Legal Basis | Processing Activity | Why This Applies |
|---|---|---|
| Contract Performance | Account creation, deposit processing, bonus crediting, withdrawal execution | Essential to deliver gaming services as agreed in our terms and conditions |
| Legal Obligation | Identity verification (KYC), anti-money laundering (AML) checks, affordability assessments, gambling harm reporting | Required by UKGC, FCA, and UK legislation (Gambling Act 2005, POCA 2002) |
| Legitimate Interest | Fraud prevention, account security, marketing analytics, customer support | Our interest in protecting operations balances against your privacy expectations as a reasonable player |
| Consent | Marketing emails and SMS promotions, Seven Casino bonus communications, analytics cookies | Entirely optional — you may withdraw consent at any time via account settings |
| Vital Interests | Reporting gambling addiction or self-exclusion flags to GAMSTOP and other databases | Protects vulnerable individuals from further gambling harm |
| Public Task | Reporting suspicious transactions to the Financial Conduct Authority (FCA) and National Crime Agency (NCA) | Seven Casino acts as a financial institution obliged to prevent financial crime |
📊 Data Retention Periods and Storage Compliance
Seven Casino data protection includes strict retention schedules aligned with ICO 2026 guidance and UKGC standards. We don't keep data longer than necessary.
Retention Schedule
| Data Category | Retention Period | Justification |
|---|---|---|
| Account Registration Data (name, DOB, address) | 7 years after account closure | UKGC audit requirements and anti-money laundering regulations |
| Payment and Transaction Records | 6 years (active account) + 5 years after closure | Financial Services and Markets Act 2000 and accountancy standards |
| Identity Verification Documents (KYC) | 6 years active + 5 years post-closure | Money Laundering Regulations 2017 and POCA compliance |
| Gaming Activity and Bet History | 7 years | Tax and regulatory audit trails, dispute resolution |
| Cookies and Tracking Data | Up to 24 months (configurable via browser settings) | Website analytics, fraud detection, personalisation |
| Marketing Consent Preferences | 3 years or until withdrawal of consent | GDPR consent records must be auditable and timestamped |
| Complaint and Dispute Records | 3 years post-resolution (minimum) | UK Gambling Commission and ADR provider requirements |
Storage Location: Your data is stored on encrypted servers located within the UK and EU data centres. We do NOT transfer personal data outside these regions except where legally mandated (e.g., to parent company jurisdictions), and only with Standard Contractual Clauses (SCCs) safeguards as per ICO 2026 international transfer guidance.
🤝 Third-Party Sharing and Data Processing Partners
Seven Casino does not sell your data. However, we share essential information with carefully vetted partners to deliver our service and meet regulatory obligations.
Who We Share Data With
- Payment Processors: Stripe, PayPal, and Skrill receive transaction data (amount, date, merchant reference) for payment authorisation and settlement. These processors are PCI-DSS Level 1 certified and GDPR-compliant.
- Identity Verification Providers: Third-party KYC vendors (such as IDology and Jumio) receive name, DOB, address, and document images for automated identity confirmation. These are contractually bound to delete your data after verification completion.
- Fraud and Risk Management: Our AML compliance team uses specialist software to cross-reference your information against sanctions lists, PEP (Politically Exposed Persons) databases, and suspicious transaction repositories operated by the National Crime Agency (NCA).
- Software and Game Providers: Games are powered by licensed studios (NetEnt, Pragmatic Play, Evolution Gaming). These partners receive anonymised gameplay data (wins, losses, session duration) for game analytics and fairness auditing, but never personally identifiable information.
- Affiliate and Marketing Partners: If you registered via an affiliate referral link, we share your registration confirmation (username and signup date only) with the affiliate network for commission attribution. No financial data is shared.
- GAMSTOP and Self-Exclusion Registries: If you request self-exclusion, we register your request with GAMSTOP (the UK's national self-exclusion scheme) and other operator networks to prevent you re-registering across affiliated casinos.
- Sister Sites and Operator Network: Seven Casino operates within a licensed operator network. If you use multiple brands within this network, account and fraud data may be shared to prevent bonus abuse and identify multi-accounting. However, each site maintains separate customer support and account credentials.
- Legal and Regulatory Bodies: The UKGC, ICO, FCA, and UK law enforcement agencies may receive your data upon legal request (warrant, court order, or regulatory investigation). We notify you of such requests unless prohibited by law.
- Customer Support and Communications Providers: Email and live chat services are handled by compliant third parties (such as Zendesk) that meet GDPR standards.
🍪 Cookie Usage and Tracking Technologies
Seven Casino uses cookies and similar technologies to enhance your experience, detect fraud, and understand user behaviour. Understanding these is critical to your privacy awareness in 2026.
Cookie Categories
- Essential/Functional Cookies: Required for login, account security, and payment processing. These cannot be disabled without breaking core functionality.
- Analytics Cookies: Google Analytics and similar tools track page views, click patterns, and session duration — used to improve site speed and usability. Data is pseudonymised (not directly linked to your name).
- Marketing/Advertising Cookies: Allow us to display relevant Seven Casino bonus ads across Google, Facebook, and affiliate networks. These require your explicit consent and can be withdrawn anytime.
- Third-Party Cookies: Payment processors, live chat providers, and content delivery networks (CDNs) set their own cookies. These are governed by their privacy policies.
You can control cookies via your browser settings or our cookie preference centre on first visit. Disabling non-essential cookies will not prevent you from gaming; it only reduces ad personalisation and analytics accuracy.
✅ Your Player Rights Under UK GDPR
As a UK resident, you have eight fundamental data protection rights. Seven Casino respects each one, and we've designed our processes to fulfill requests within ICO 2026 timescales.
Your Eight Rights
- Right to Access (Subject Access Request): Request a copy of all personal data we hold about you, including gameplay history, financial records, and correspondence. We respond within 30 days.
- Right to Rectification: Correct inaccurate or incomplete data (e.g., change your address if we have an old one on file).
- Right to Erasure ('Right to be Forgotten'): Request deletion of your data — with exceptions for legal obligations (e.g., we must retain anti-money laundering records for 5 years). After account closure, most data is securely deleted unless retention is mandated.
- Right to Restrict Processing: Ask us to 'freeze' your data — e.g., if you dispute a transaction, we can stop using it for marketing while investigating.
- Right to Data Portability: Receive your data in a portable, machine-readable format (CSV, JSON) to transfer to another provider. Applies to data you've actively provided.
- Right to Object: Opt-out of marketing communications, profiling for ad targeting, and processing based on legitimate interest (except where legal obligations override).
- Right Not to Be Subject to Automated Decision-Making: If we use algorithms to make decisions affecting you (e.g., account suspension due to fraud flags), you can request human review and explanation.
- Right to Lodge a Complaint: If you believe we've violated your rights, file a complaint with the Information Commissioner's Office (ICO) without needing to contact us first.
How to Exercise Your Rights
Submit requests via email to [email protected] or through your account dashboard's 'Privacy Settings' menu. Include your username, account email, and request type. We'll verify your identity (for security) and respond within 30 calendar days. Complex requests may take up to 90 days if they require substantial data collation.
🛡️ Data Security and Encryption Standards
Seven Casino player data security is built on industry-standard encryption and access controls reviewed annually by independent auditors.
Security Measures in Place
- TLS 1.3 Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.3 (visible by the padlock icon in your browser).
- AES-256 Encryption: Data stored on our servers is encrypted at rest using AES-256, the military-grade standard.
- PCI-DSS Level 1 Compliance: Payment card data never touches our systems directly — it's tokenised by certified payment processors and deleted after transaction completion.
- Multi-Factor Authentication (MFA): Encourage (and eventually require) MFA via authenticator apps to prevent account takeover.
- Regular Penetration Testing: Independent security firms conduct quarterly penetration tests to identify vulnerabilities before attackers do.
- Access Controls: Only authorised staff (with background checks) access personal data, and access is logged and monitored.
- Data Minimisation: We collect only data necessary for service delivery — no unnecessary profiling or data hoarding.
- Incident Response Plan: In the unlikely event of a breach, we notify affected users within 72 hours (as required by GDPR Article 33) and the ICO if risk to rights is high.
📞 Contact Us and File a Complaint
Seven Casino Privacy Contact
Data Protection Officer (DPO): [email protected]
Mailing Address: Seven Casino, Data Protection Team, [UK Office Address], United Kingdom
Response Time: We aim to acknowledge all privacy queries within 48 hours and resolve requests within 30 days.
Escalating to the Information Commissioner's Office (ICO)
If you're unsatisfied with our response or believe we've breached GDPR, file a formal complaint with the ICO:
- Website: ico.org.uk
- Phone: 0303 123 1113
- Email: [email protected]
- Office: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
You have the right to lodge a complaint at no cost, and the ICO will investigate independently of our involvement.
UK Gambling Commission Complaints
For complaints specifically about Seven Casino data security in the context of gambling harm or unfair treatment:
- UKGC Contact: gamblingcommission.gov.uk/contact-us
- Alternative Dispute Resolution (ADR): Seven Casino is registered with an independent ADR provider for disputes up to £50,000. Details provided in our terms and conditions.
📅 Policy Updates and 2026 Compliance
This privacy policy is effective as of January 2026 and reflects current ICO guidance, UKGC standards, and UK GDPR case law. We review and update this policy annually or when regulations change. Material changes (e.g., new data processing activities) trigger email notifications to registered users. Your continued use of Seven Casino constitutes acceptance of these terms.
Last Updated: January 2026 | Next Review: January 2027
Thank you for entrusting Seven Casino with your data. We're committed to transparency, security, and your privacy rights as a UK player.