The aim of this policy is to give you better understanding of:
- What personal information we collect
- Why we collect it and how we use it
- How this information is shared
- The rights you have to your personal data
- Other privacy and security information
Please note, you should read this notice in conjunction with our Terms and Conditions.
References to “we” “our” and “Mansion” all refer to the Mansion Group and the relevant Data Controller.
The data controller for Mansion is Mansion (Gibraltar) Ltd of Suite 741, Europort, Gibraltar.
Your Personal Information
To register an account with us, you will need to provide some personal information. Examples of this may include, but are not limited to; your name, email address, home address, telephone number, date of birth and debit/credit card data. It is our primary concern that this data is kept safe and secure at all times, and our methods of ensuring this are covered within this policy page. When we receive your registration information, your details will be processed, giving you access to our online gambling services, full customer support, and deposit and withdrawal options.
Additionally, as you start to enjoy using our Services, in order for us to provide you the gambling services contracted for, or to comply with a legal obligation, or in our or your legitimate interest, we will collect other types of information including: IP address and browser type; device information; your betting, gaming, payments and other account transactions; chat transcripts, email correspondence and occasionally phone calls are recorded for training purposes; social media details and other information derived from publicly available sources and third party sources – as discussed below. We will also use the personal data we collect to personalise our offering to you and as part of our risk management services, and will also use some personal data (email address and username only), to provide you with a facility to share your customer experience via a trusted 3rd party platform, in furtherance of our legitimate interests.
We'll also use some of this information to tell you about our latest and/or personalised offers and promotions, and notify you of any changes to our website or policies.
Sharing and Processing your Personal Information
We may share your information with any other companies within our Group, which is defined as “internal” sharing – ie it never leaves the Mansion infrastructure.
An example of this is in the case of a self-exclusion, where it is necessary to apply this across all brands and products operated by the Mansion Group. In such cases, the relevant data would need to be processed internally to Mansion Group companies that operate other brands or websites.
In order to provide you with the full gambling services you signed up to enjoy, your personal data will also be shared with essential third-party service-providers, such as platform providers, game providers, payment-facilitation processors, financial institutions, auditors and contractors.
This sharing & processing may also be required in order to comply with a particular legal or regulatory obligation, for example in relation to our legal obligation to properly identify and verify our customers, we may use 3rd party electronic database providers such as credit reference agencies who allow us to verify customer information. For further information on how your personal data may be processed in that respect, follow this link: https://www.transunion.co.uk/legal-information/bureau-privacy-notice
We reserve the right to re-run 3rd party verification checks on customers who completed the registration process but did not pass the verification check thus preventing them from using out Services, in an effort to assist such customers with finishing the process to create a verified account, up to 6 months from the first registration attempt.
In order to provide ease of access to the services contracted for customers making deposits using their credit or debit cards, card details are stored and presented in a truncated format upon future repeat use.
This information is your personal data and will only be used for the purpose described here. The information is stored securely in accordance with Card Scheme Regulations and is not accessible by Mansion employees. Card Scheme Regulations require us to inform you of the fact that we will store this information and, upon making your first deposit, you will be notified of this processing. Should you continue with the transaction, you will be deemed to have agreed to this processing.
This type of processing also applies in relation to our compliance with Anti-Money Laundering or Responsible Gambling requirements, as well as crime prevention, detection or investigation of a crime or fraud. This processing also includes referrals to regulatory or sporting integrity bodies.
Your information will not be disclosed to government institutions or authorities unless:
- We have your written consent OR,
- We are required to respond to subpoenas, court orders or legal processes
Where we have the appropriate consent or lawful basis and subject to your preferences, some of your personal details will be processed by our 3rd party marketing partners in order to allow us to communicate with all our customers either by phone or email or push notifications (if you downloaded the app). This may include Email & SMS sending platform providers, prize or gift suppliers, etc.
The intention of these communications is to send you marketing material which we hope will be of interest to you – about our promotions, new games, offers, prizes, events, etc. You will not receive marketing from third parties outside the Mansion Group.
Consent for this processing can be removed, in whole or in part, at any time, by contacting customer support and letting us know what type of marketing communications you are happy – or not – to receive.
All our marketing communications, whether by email or by SMS, will include instructions on how to opt out of receiving this specific type of marketing communication. Please contact us directly using the above details, if you wish to remove your consent for marketing activities completely and your personal details will be promptly removed from all of our marketing processes. Please allow up to 48 hours following on from your request for this to be fully carried out.
We will not share your personal data with unrelated third parties to market their products to you without your prior written consent.
Your Personal Data Rights
Under the General Data Protection Regulation that came into force on the 25th May 2018, you have a number of rights to your personal data, which are detailed here:
- Right to Access personal data: You have a right to request a copy of the personal information that we hold about you. Please visit the Contact Us page to get in touch should you wish to make such a request. In your contact please give as much information as possible to identify yourself with, to assist us in gathering the information.
- Right to Erasure: You can request us to erase your personal data where there is no lawful basis requiring us to continue processing this personal data. This right only applies in certain circumstances given that legal obligations include data retention periods.
- Right to Rectification of Personal data: You can request that we correct any personal data that we are processing about you which is incorrect.
- Right to be informed: Where the application of a personal data right has impacted on your personal data, you have the right to be informed.
- Right to data portability: Similar to the right to access personal data, this right allows you to obtain your personal data in an electronic format that would enable you to transfer that personal data to another organisation, should it be relevant.
- Right to restrict / object to processing of personal data: in certain circumstances you have the right to object or restrict the processing of your personal data, where this is processing is based on consent or our legitimate interest. However, despite your objections or wish to restrict processing, where there are compelling legitimate grounds or legal obligations, we would be required to continue said processing.
- Rights relating to automated decision making and profiling: you have the right to not be subject to a decision which is based only on automated processing – ie without human involvement – where that decision has a legal impact or otherwise significantly affects you. We confirm that we do not make automated decisions of this nature.
As referred to above, you also have the general right to withdraw the consent you have given us to process your personal data (in respect of our marketing activities) and where this processing is based on what we deem to be our legitimate interest.
We take the security of your data and personal information very seriously, and have a number of measures in place to keep you protected.
Robust security policies, rules, and technical measures have been implemented to safeguard all of your account information. All employees, data-processors and third parties contracted by MansionCasino.com are legally required to abide by a confidentiality agreement.
In addition, we use RSA 2048-bit encryption technology and state-of-the-art security infrastructure to help ensure that your details are always safe and secure.
We retain all customer personal data and records for at least a period of 5 years post-account closure, in compliance with regulatory requirements and guidelines. We engage in periodic deletion of customer records where the account has been closed for more than 5 years. Should a current customer request a right to erasure, this would only be possible 5 years after the right to erasure request. Even after this period has elapsed, we would need to retain certain information under legal obligation (for example, in relation to responsible gambling and self-exclusion). We will take all necessary steps to ensure that the privacy of your information is maintained for the periods of retention.
Data protection outside the European Union
The data protection, privacy and other laws of countries outside the European Union countries may not be as comprehensive as those of European Union-member countries. In these instances, we will take steps to ensure that a similar level of protection is given to your information as is afforded the data of players within the European Union.
Anti Money Laundering Obligations
Please note that as a licensed operator under both the UK and Gibraltar jurisdictions, we are legally obliged to comply with European and International Anti Money Laundering laws and regulations. These obligations require us to carry out certain tasks including but not limited to: screening for Politically Exposed Persons (‘PEPs'), Sanction List screening, monitoring of account activity to guard against potential money laundering risks, reporting of suspicious activity to the relevant financial crime authorities, etc. It also means that we are required to retain all customer records for a minimum of 5 years after the relationship between the customer and us has ended. This information is retained securely and confidentially at all times, where we comply with the highest standard of Information Security, being the ISO 27001 certification. Please contact Customer Support for more details.