logo
EN DE IT PL DE ES FI DE
EN

Kingmaker Casino Privacy policy

General provisions and scope

This Privacy Policy governs the processing of personal data in connection with the services made available through kingmakeronline.it.com and is referred to as the Kingmaker Casino Privacy policy for the purposes of this document. It applies to privacy, users, and operational interactions that occur through web, mobile, and customer support channels, including account related communications. The controller acts under a global audience framework and applies GDPR aligned principles where relevant, including lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability. This document does not address third party sites that may be accessed via external links, and such destinations remain subject to their own policies. Where local mandatory rules impose higher standards, such rules shall prevail to the extent of their applicability.

Data controller, governance, and accountability

For the purposes of applicable data protection laws, the data controller is the entity responsible for determining the purposes and means of data processing for the website and associated services. Controller responsibilities include establishing internal policies, maintaining records of processing activities where required, and ensuring that staff access to personal data is limited to authorised functions. The controller assesses risks and implements technical and organisational measures appropriate to the nature of the processing, including measures that support personal data protection. Where a processor is engaged, the controller requires contractual commitments concerning confidentiality, security, and assistance with rights requests and incident response. Accountability is supported through documented procedures, periodic reviews at least 1 time per year, and escalation pathways for suspected non compliance.

Definitions and interpretative rules

Personal data means any information relating to an identified or identifiable natural person, including identification data and online identifiers associated with accounts or devices. Data processing means any operation performed on personal data, such as collection, recording, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, restriction, erasure, or destruction. Registration data refers to information provided at account creation and during verification steps, while login details include credentials and security related authentication factors. Financial data refers to payment related information necessary to process deposits, withdrawals, chargeback management, and fraud screening, subject to minimisation. Cookies are small files stored on devices that facilitate functionality, preferences, and measurement, and they are further described in the cookies section.

Categories of personal data processed

The service may process identification data such as name, date of birth, nationality, and government issued identifiers where lawful and necessary for verification and compliance screening. Registration data may include email address, telephone number, residential address, preferred currency, and selected account settings, and may be updated during the customer relationship. Login details and device information may include IP address, device identifiers, browser type, and security events, which are used for authentication integrity and data security. Financial data may include transaction references, payment method tokens, and banking routing information where required to execute a withdrawal, while full card numbers are not stored where tokenisation is available. The service may also process communications content provided through support channels, including complaint narratives and attachments, where such processing is necessary to manage the relationship and meet legal obligations.

Methods and sources of collection

Collection occurs through operational steps, including account creation, identity verification, payment initiation, responsible gaming controls, and customer support interactions. The Kingmaker Casino Privacy policy applies when information is provided directly, such as when completing forms, uploading documents, or confirming contact details. Data may also be obtained from lawful third party sources, such as payment service providers, identity verification vendors, fraud prevention databases, and regulatory or law enforcement bodies, where permitted and proportionate. Automated collection occurs through files, cookies, and server logs, which may record events such as login attempts, session timing, and error diagnostics for stability and protection. Where legally required, consent mechanisms or equivalent lawful bases will be used for optional tracking and non essential cookies.

Processing is conducted under one or more lawful bases depending on the context, including performance of a contract, compliance with legal obligations, legitimate interests, and consent where required. Contract necessity generally applies to processing required to create and administer accounts, enable gameplay, process transactions, and provide support. Legal obligations may apply to anti money laundering controls, know your customer verification, sanctions screening, and recordkeeping, which may require processing beyond immediate service delivery. Legitimate interests may apply to fraud prevention, account security, dispute handling, and service improvement, subject to documented balancing tests and appropriate safeguards. Consent is used for activities that require an opt in under certain laws, including specific marketing related communications where applicable and certain cookie categories.

Purposes of processing and operational justifications

The primary purposes of processing include account administration, identity and age verification, transaction processing, fraud detection, and compliance with applicable regulatory requirements. The Kingmaker Casino Privacy policy further covers processing necessary for customer support operations, complaint management, and the maintenance of audit trails for operational integrity. Security monitoring may include analysis of unusual login patterns, repeated authentication failures, and device reputation signals to reduce unauthorised access. Communications may be processed to send service notices, verification updates, transactional confirmations, and responsible gaming related notices where required. Aggregated and de identified analytics may be used to understand service performance and user experience, provided that such processing does not re identify individuals.

Data retention policy and storage limitation

Retention periods are determined by legal obligations, limitation periods for disputes, and operational necessity, applying storage limitation and minimisation principles. The Kingmaker Casino Privacy policy is applied so that account related records may be retained for 5 years after account closure where required for compliance, audit, and anti fraud obligations, subject to local law variations. Verification records may be retained for 2 years after completion of checks when allowed, or longer where mandated by statutory duties, and access is restricted to authorised compliance functions. Certain security logs may be retained for 90 days to support incident investigation and system integrity, unless extended due to an active investigation. Where erasure is required and no overriding legal basis exists, data will be deleted or irreversibly anonymised within a reasonable period following the relevant trigger.

Criteria used to set retention periods

Retention criteria include regulatory requirements, contractual obligations, potential litigation windows, and demonstrable security needs, each assessed against proportionality. Financial data related to completed transactions may be retained to support accounting, reconciliation, chargeback management, and compliance checks, while unnecessary fields are removed where feasible. Files provided for verification are stored in controlled repositories with access logging, and are segregated from general support content where practicable. If a legal hold is applied due to a dispute, retention may extend until resolution, after which normal schedules resume. Review of retention schedules occurs at least every 12 months to ensure continued alignment with law and operational risk.

Disclosure to third parties and onward sharing

Disclosure is limited to what is necessary for the stated purposes and is governed by confidentiality and data processing commitments. Service providers may receive personal data to perform functions such as payment processing, identity verification, fraud screening, hosting, customer support tooling, analytics, and security monitoring. The term casino Kingmaker may appear in payment descriptors or support workflows, and associated data flows are limited to operational necessity and legal compliance. Disclosure to regulators, tax authorities, or law enforcement may occur where there is a valid legal request, statutory duty, or defensible necessity to protect rights and public interests. Third party recipients are assessed for security posture and compliance capability, and where required, standard contractual protections are applied.

Corporate transactions and business continuity

If the controller undergoes a merger, acquisition, restructuring, or asset transfer, personal data may be disclosed as part of due diligence and transfer processes subject to confidentiality restrictions. Disclosure in this context is limited to what is reasonably necessary to evaluate or execute the transaction, and safeguards are applied to prevent unauthorised reuse. Where ownership or control changes, affected individuals will be informed when required by law and where doing so would not compromise investigations or security. Data transferred as part of a transaction remains subject to the protections described in this policy and applicable law. If a transfer is not completed, data shared for due diligence is returned or securely deleted in accordance with contractual undertakings.

International transfers and cross border access

Given the global audience context, personal data may be processed in jurisdictions outside the location where an individual resides. The Kingmaker Casino Privacy policy provides that international transfers are carried out using lawful mechanisms where required, such as adequacy decisions, standard contractual clauses, or other recognised safeguards. Cross border access may occur when support teams, compliance staff, or security operations are distributed across regions, and access is restricted by role based controls. Transfer risk assessments are conducted where applicable to evaluate local laws and the effectiveness of safeguards, including encryption and contractual commitments. Where a transfer mechanism is not available or cannot provide an essentially equivalent level of protection, the controller will implement additional measures or refrain from the transfer.

Security measures, incident handling, and confidentiality

Security is implemented through layered measures designed to protect confidentiality, integrity, and availability of personal data across systems and operational processes. The Kingmaker Casino Privacy policy requires access controls, multi factor authentication where appropriate, network segmentation, secure development practices, monitoring, and incident response procedures. Encryption is used in transit and, where appropriate, at rest, and keys are managed under controlled processes, with periodic rotation based on risk. Administrative safeguards include least privilege access, staff confidentiality obligations, and targeted training, supported by audits and access reviews conducted at least every 6 months. For security testing and compliance assurance, sampling based controls may cover 10% of high risk access events for enhanced review, and escalations are documented for accountability.

Personal data breach response

A personal data breach is an incident leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data. Where a breach is detected, the controller follows an incident response plan that includes containment, assessment of impact, remediation, and documentation. Notifications to supervisory authorities and affected individuals will be made when required by law, taking into account the nature of the data, the risk to rights and freedoms, and available mitigation. Where GDPR like standards apply, the controller aims to assess reportable incidents without undue delay and, where feasible, within 72 hours of awareness, while recognising that some jurisdictions apply different thresholds. Post incident reviews are performed to identify root causes and to implement corrective actions proportionate to the risk.

Rights of data subjects and lawful limitations

Data subject rights are recognised in accordance with applicable law, including rights related to transparency, access, rectification, erasure, restriction, portability, and objection where relevant. The Kingmaker Casino Privacy policy is applied so that rights requests are assessed against legal obligations, including duties to retain data for compliance, fraud prevention, or dispute resolution. Where processing is based on consent, consent may be withdrawn at any time, without affecting the lawfulness of processing carried out prior to withdrawal. Where processing is based on legitimate interests, objections will be evaluated with reference to compelling legitimate grounds, including security and regulatory compliance. Identity verification may be required to prevent unauthorised disclosure, and the scope of disclosure will be limited to what is necessary to fulfil the request.

Response timelines and complaint avenues

Requests are handled within the timeframes required by applicable law and in a manner that supports secure communication. The controller generally aims to respond within 30 days of receiving a verifiable request, subject to lawful extensions for complex matters or high request volumes. If additional time is required, the requester will be informed of the extension and the reasons, where such communication is permitted and does not compromise security. Where a request is refused or limited, reasons will be provided consistent with legal requirements, including references to exemptions or overriding obligations. Individuals may lodge a complaint with a competent supervisory authority in their jurisdiction, and internal escalation routes are available to address concerns prior to external filings.

Cookies, tracking technologies, and device information

Cookies and similar technologies are used to support core functionality, security, and service performance, and to maintain session integrity. The term casino Kingmaker may be present in certain cookie names or internal identifiers used to distinguish service environments, and such identifiers are not intended to reveal sensitive content. Essential cookies are used to enable authentication, prevent fraudulent activity, and support load balancing, while non essential cookies may be used for measurement or preference storage subject to applicable consent rules. Device and browser information may be collected to detect anomalies, prevent credential stuffing, and support troubleshooting, and such processing is performed under data minimisation principles. Where consent is required, cookie preferences can be managed through consent tools, and where browsers provide controls, those settings may also limit certain cookie operations.

Cookie lifetimes vary depending on their purpose, with some session cookies expiring at session end and others persisting for defined periods. Where persistent cookies are used for preferences, retention may be set up to 180 days unless a shorter period is appropriate or required by law. Analytics related cookies, where enabled, may use aggregated metrics and are configured to reduce identifiability, including truncation or hashing where feasible. Withdrawal of consent for non essential cookies is respected, and systems are designed to apply updated preferences within a reasonable time, typically within 24 hours. Some features may be limited if essential cookies are blocked, because such cookies are necessary for authentication and security.

Contact, data requests, and verification procedures

Operationally, rights and privacy requests are handled through dedicated channels to ensure traceability, controlled access, and timely processing. The Kingmaker Casino Privacy policy applies to requests submitted via support channels on kingmakeronline.it.com, and such requests are logged to support accountability and response deadlines. To protect personal data protection and prevent social engineering, the controller may request additional information to verify identity, such as matching registration data, proof of control of contact methods, or limited additional documentation. The controller will not request unnecessary data for verification, and will limit any verification data to the shortest retention compatible with fraud prevention and audit needs. Where an authorised agent submits a request, evidence of authority may be required, and disclosures will be limited to the authorised scope.

Policy amendments, governance updates, and compliance commitment

This section sets out the manner in which the Kingmaker Casino Privacy policy may be updated to reflect changes in law, regulatory guidance, operational practices, or security requirements. Amendments may be implemented to address new data processing activities, changes to processors, revisions to retention schedules, or updates to cookies and tracking technologies, while maintaining the principles of transparency and data minimisation. Where changes materially affect the rights or expectations of privacy, users, the controller will provide a notice through appropriate channels, such as an on site notification or account message, taking into account the nature of the change and applicable legal requirements. The controller maintains internal records of versions and aims to retain a change history for at least 3 years to support auditability and accountability. The term casino Kingmaker may continue to appear in operational documentation as part of service identification, and such references do not alter the scope of protections described herein.

The controller confirms an ongoing commitment to lawful processing, confidentiality, and data security, including the use of encryption and access controls proportionate to risk and aligned with recognised GDPR principles where relevant. Any update will be assessed for compatibility with existing legal bases, and where a new basis such as consent is required, the controller will implement mechanisms to obtain and record it before the relevant processing begins. Requests and complaints relating to amendments will be handled according to the same contact and verification procedures described above, and the controller will aim to respond within 30 days to verifiable inquiries concerning material changes. Continued use of the services after an effective date may indicate acceptance where permitted by law, while acknowledging that certain changes require affirmative action under specific jurisdictions. This concluding statement forms part of the Kingmaker Casino Privacy policy and is intended to ensure that governance, transparency, and compliance remain demonstrable over time, including periodic reviews scheduled at least once every 12 months.