Privacy Policy
How MyStake Casino collects, processes and protects your personal data under UK GDPR and the Data Protection Act 2018.
Last updated: January 20251. Data Controller
The data controller is MyStake Ltd., registered in England and Wales, London, UK. See our Legal Notice and Contact pages for details.
2. Data We Collect
2.1 Data You Provide
- Full name, date of birth, gender
- Email address, telephone number, postal address
- Payment information (card details, PayPal ID, e-wallet data)
- Verification documents (photo ID, proof of address)
- Communication records (chat transcripts, emails)
2.2 Data Collected Automatically
- IP address and geolocation data
- Browser type, operating system, device information
- Access times, pages visited, session duration
- Gameplay activity, stakes, wins, losses
- Cookie and tracking data (see Section 7)
3. Purposes of Processing
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| Contract performance (account, games, payouts) | Article 6(1)(b) |
| Legal obligations (KYC, AML, tax, UKGC) | Article 6(1)(c) |
| Legitimate interests (fraud prevention, security) | Article 6(1)(f) |
| Consent (marketing, newsletters) | Article 6(1)(a) |
| Responsible gambling (GamStop, limits) | Article 6(1)(c)/(f) |
4. Sharing with Third Parties
- Payment providers — PayPal, Visa, Mastercard, Skrill, Google Pay, etc.
- Identity verification — KYC/AML compliance
- UK Gambling Commission — when required by law
- IT providers — hosting, security, analytics (under DPA)
- GamStop — when you self-exclude
International transfers use appropriate safeguards (Standard Contractual Clauses or adequacy decisions).
5. Data Retention
- Account data: up to 5 years after closure
- Transaction records: 7 years (regulatory)
- Gameplay logs: 5 years (UKGC)
- Marketing data: until consent withdrawn
6. Your Rights
- Access (Art. 15) — request a copy of your data
- Rectification (Art. 16) — correct inaccurate data
- Erasure (Art. 17) — request deletion
- Restrict processing (Art. 18) — limit usage
- Portability (Art. 20) — machine-readable format
- Object (Art. 21) — object to legitimate interest processing
- Withdraw consent — at any time
Contact: [email protected] or our Contact page.
7. Cookies & Tracking
| Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Login, session, security | Session / 30 days |
| Functional | Language, settings | 1 year |
| Analytical | Usage statistics | 2 years |
| Marketing | Personalised ads (consent) | 1 year |
8. Data Security
256-bit SSL encryption, regular security audits, MFA for staff, encrypted storage in ISO 27001-certified data centres.
9. Right to Complain
Lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk.
10. Changes
We may update this policy. Material changes communicated via email or website notice.