Security and Privacy

At, Mansion, our aim is to provide you with a fun and entertaining gambling experience, but we take your security and privacy just as seriously. For your peace of mind, you can find our complete Privacy Policy below. This Privacy Policy applies to Casino.com as well as to all Mansion Group’s other brands, websites, products or services.

The aim of this policy is to give you better understanding of:

  • What personal information we collect
  • Why we collect it and how we use it
  • How this information is shared
  • The rights you have to your personal data
  • Other privacy and security information

Please note, you should read this notice in conjunction with our Terms and Conditions.

References to “we” “our” and “Mansion” all refer to the Mansion Group and the relevant Data Controller.

Applicable Legislation

Prior to the UK (and thus Gibraltar)’s formal exit from the EU (“Brexit”), the EU General Data Protection Regulation 2016/679 governed data protection law in Gibraltar, from 25th May 2018 until 31st December 2020.

This Regulation was superseded by the Gibraltar GDPR following Brexit and the end of the Brexit transition period (ie as of 1st January 2021), by virtue of Section 6 of the European Union (Withdrawal) Act 2019.

Whilst largely the same, certainly in respect of the responsibilities it places on Data Controllers and Processors, as well as the rights afforded to Subjects, it is important to note that it isn’t the EU GDPR that is in effect, and the data protection law consists of both the Gibraltar GDPR and the Data Protection Act 2004.

Data Controller

The data controller for Mansion is Mansion (Gibraltar) Ltd of Suite 741, Europort, Gibraltar.

Your Personal Information

To register an account with us, you will need to provide some personal information. Examples of this may include, but are not limited to; your name, email address, home address, telephone number, date of birth and debit/credit card data. It is our primary concern that this data is kept safe and secure at all times, and our methods of ensuring this are covered within this policy page. When we receive your registration information, your details will be processed, giving you access to our online gambling services, full customer support, and deposit and withdrawal options.

Additionally, as you start to enjoy using our Services, in order for us to provide you the gambling services contracted for, or to comply with a legal obligation, or in our or your legitimate interest, we will collect other types of information including: IP address and browser type; device information; your betting, gaming, payments and other account transactions; chat transcripts, email correspondence and occasionally phone calls are recorded for training purposes; social media details and other information derived from publicly available sources and third party sources – as discussed below. We will also use the personal data we collect to personalise our offering to you and as part of our risk management services, and will also use some personal data (email address and username only), to provide you with a facility to share your customer experience via a trusted 3rd party platform, in furtherance of our legitimate interests.

We'll also use some of this information to tell you about our latest and/or personalised offers and promotions, and notify you of any changes to our website or policies.

Sharing and Processing your Personal Information

We may share your information with any other companies within our Group, which is defined as “internal” sharing – ie it never leaves the Mansion infrastructure.

An example of this is in the case of a self-exclusion, where it is necessary to apply this across all brands and products operated by the Mansion Group. In such cases, the relevant data would need to be processed internally to Mansion Group companies that operate other brands or websites.

In order to provide you with the full gambling services you signed up to enjoy, your personal data will also be shared with essential third-party service-providers, such as platform providers, game providers, payment-facilitation processors, financial institutions, auditors and contractors.

This sharing & processing may also be required in order to comply with a particular legal or regulatory obligation, for example in relation to our legal obligation to properly identify and verify our customers, we may use 3rd party electronic database providers such as credit reference agencies who allow us to verify customer information.

We reserve the right to re-run 3rd party verification checks on customers who completed the registration process but did not pass the verification check thus preventing them from using out Services, in an effort to assist such customers with finishing the process to create a verified account, up to 6 months from the first registration attempt.

In order to provide ease of access to the services contracted for customers making deposits using their credit or debit cards, card details are stored and presented in a truncated format upon future repeat use.

This information is your personal data and will only be used for the purpose described here. The information is stored securely in accordance with Card Scheme Regulations and is not accessible by Mansion employees. Card Scheme Regulations require us to inform you of the fact that we will store this information and, upon making your first deposit, you will be notified of this processing. Should you continue with the transaction, you will be deemed to have agreed to this processing.

This type of processing also applies in relation to our compliance with Anti-Money Laundering or Safer Gambling requirements, as well as crime prevention, detection or investigation of a crime or fraud. This processing also includes referrals to regulatory or sporting integrity bodies.

Your information will not be disclosed to government institutions or authorities unless:

  • We have your written consent OR,
  • We are required to respond to subpoenas, court orders or legal processes

Marketing Communications

Where we have the appropriate consent or lawful basis and subject to your preferences, some of your personal details will be processed by our 3rd party marketing partners in order to allow us to communicate with all our customers either by phone or email or push notifications (if you downloaded the app). This may include Email & SMS sending platform providers, prize or gift suppliers, etc.

The intention of these communications is to send you marketing material which we hope will be of interest to you – about our promotions, new games, offers, prizes, events, etc. You will not receive marketing from third parties outside the Mansion Group.

Consent for this processing can be removed, in whole or in part, at any time, by contacting customer support and letting us know what type of marketing communications you are happy – or not – to receive.

All our marketing communications, whether by email or by SMS, will include instructions on how to opt out of receiving this specific type of marketing communication. Please contact us directly using the above details, if you wish to remove your consent for marketing activities completely and your personal details will be promptly removed from all of our marketing processes. Please allow up to 48 hours following on from your request for this to be fully carried out.

We will not share your personal data with unrelated third parties to market their products to you without your prior written consent.

Your Personal Data Rights

Under the Gibraltar GDPR, you have a number of rights to your personal data, which are detailed here:

  • Right to Access personal data: You have a right to request a copy of the personal information that we hold about you. Please visit the Contact Us page to get in touch should you wish to make such a request. In your contact please give as much information as possible to identify yourself with, to assist us in gathering the information.
  • Right to Erasure: You can request us to erase your personal data where there is no lawful basis requiring us to continue processing this personal data. This right only applies in certain circumstances given that legal obligations include data retention periods.
  • Right to Rectification of Personal data: You can request that we correct any personal data that we are processing about you which is incorrect.
  • Right to be informed: Where the application of a personal data right has impacted on your personal data, you have the right to be informed.
  • Right to data portability: Similar to the right to access personal data, this right allows you to obtain your personal data in an electronic format that would enable you to transfer that personal data to another organisation, should it be relevant.
  • Right to restrict / object to processing of personal data: in certain circumstances you have the right to object or restrict the processing of your personal data, where this is processing is based on consent or our legitimate interest. However, despite your objections or wish to restrict processing, where there are compelling legitimate grounds or legal obligations, we would be required to continue said processing.
  • Rights relating to automated decision making and profiling: you have the right to not be subject to a decision which is based only on automated processing – ie without human involvement – where that decision has a legal impact or otherwise significantly affects you. We confirm that we do not make automated decisions of this nature.

As referred to above, you also have the general right to withdraw the consent you have given us to process your personal data (in respect of our marketing activities) and where this processing is based on what we deem to be our legitimate interest.

Cookies

We collect browser and cookie information when you first navigate to our websites. We use cookies to personalise your experience and for ease of your access. Some cookies will remember your username and password, or to remember your language preferences, etc. Cookies also then record other pages visited and content viewed before and after you use our services. For users who opt in to have their personal data processed for marketing communications and promotional information, this usage may extend to displaying selected  advertising of Company promotions that will interest you, either by device notifications or on social media pages. Please visit our Cookies Policy page for more information about cookies and how to manage the cookies we set, as well as third party cookies such as those used by your web browser.

Security

We take the security of your data and personal information very seriously, and have a number of measures in place to keep you protected.

Robust security policies, rules, and technical measures have been implemented to safeguard all of your account information. All employees, data-processors and third parties contracted by Casino.com are legally required to abide by a confidentiality agreement.

In addition, we use RSA 2048-bit encryption technology and state-of-the-art security infrastructure to help ensure that your details are always safe and secure.

Retention

We retain all customer personal data and records for at least a period of 5 years post-account closure, in compliance with regulatory requirements and guidelines. We engage in periodic deletion of customer records where the account has been closed for more than 5 years. Should a current customer request a right to erasure, this would only be possible 5 years after the right to erasure request. Even after this period has elapsed, we would need to retain certain information under legal obligation (for example, in relation to safer gambling and self-exclusion). We will take all necessary steps to ensure that the privacy of your information is maintained for the periods of retention.

Data protection outside the European Union

Your personal information may be processed in any country where we or our affiliates, suppliers, subsidiaries or other companies within our Group operate. By submitting your personal information to us, you consent to the use of that information as set out in this Privacy Policy.

The data protection, privacy and other laws of countries outside the European Union countries may not be as comprehensive as those of European Union-member countries. In these instances, we will take steps to ensure that a similar level of protection is given to your information as is afforded the data of players within the European Union.

Anti Money Laundering Obligations

Please note that as a licensed operator under both the Gibraltar jurisdiction, we are legally obliged to comply with local and  International Anti Money Laundering laws and regulations. These obligations require us to carry out certain tasks including but not limited to: screening for Politically Exposed Persons (‘PEPs'), Sanction List screening, monitoring of account activity to guard against potential money laundering risks, reporting of suspicious activity to the relevant financial crime authorities, etc. It also means that we are required to retain all customer records for a minimum of 5 years after the relationship between the customer and us has ended. This information is retained securely and confidentially at all times, where we comply with the highest standard of Information Security, being the ISO 27001 certification. Please contact Customer Support for more details.

Our Customer Support team are available 24/7 to answer any queries you may have regarding data protection and our privacy policy, or to withdraw your consent you’re your personal data being used by us to send you marketing communications. Click here to visit our contact page.

Privacy policy last updated:  18/05/2023