Privacy Policy of OnlySpins Casino
OnlySpins Casino respects the confidentiality of every visitor and registered member, treating personal information as a stewardship responsibility. This document outlines the categories of data we handle and the safeguards surrounding them.
Categories of information collected
When opening an account, OnlySpins Casino gathers identifying details such as full name, date of birth, residential address, telephone number, and a valid email address.
Transactional records cover deposits, withdrawals, payment instrument metadata, gameplay history, and wagering volume, all of which are required under anti-money-laundering rules.
Technical signals like IP addresses, device fingerprints, browser configurations, and approximate geolocation are logged automatically when interacting with the platform.
Lawful bases for processing
Processing rests primarily on contractual necessity to deliver the gaming services you have requested, supplemented by statutory duties imposed by the Tobique Gaming Commission.
Legitimate interests cover fraud detection, anti-cheat monitoring, and credit risk evaluation, while marketing personalisation depends on freely given, withdrawable consent.
Special categories of data, such as biometric verification samples, are processed only with explicit consent and remain encrypted at rest and in transit.
Sharing with third parties
Trusted vendors handle payment clearing, identity verification, hosting infrastructure, and customer messaging, and each one is bound by confidentiality undertakings.
Regulatory bodies, tax authorities, and law enforcement agencies may receive disclosures when valid legal instruments compel cooperation from OnlySpins Casino.
We do not sell or rent personal information to advertising brokers, data marketplaces, or affiliated entities outside the strict purposes described in this notice.
Storage periods and security measures
Account-related documentation is preserved for a minimum of five years following the closure of the relationship, in line with licensing requirements.
Servers are housed in certified data centres featuring round-the-clock physical security, redundant power systems, and SOC 2 compliance.
Cryptographic protocols including TLS 1.3 for transport and AES-256 for storage protect sensitive records from unauthorised interception or tampering.
Your rights as a data subject
Users in the European Economic Area, including Germany, may invoke the GDPR rights of access, rectification, erasure, restriction, portability, and objection.
Requests can be submitted through the privacy desk, and OnlySpins Casino will respond within thirty calendar days unless the matter is exceptionally complex.
Complaints unresolved internally can be escalated to the German supervisory authority (Landesbeauftragte für Datenschutz) or the licensing regulator.
Contact
- Data Protection Officer reachable at [email protected]
- Customer service portal located in the help centre after sign-in
- Postal correspondence to the registered office indicated in the imprint section
This notice summarises our practices in accessible language. Where this summary diverges from binding regulations, statutory frameworks, or licensing obligations, the latter take precedence in all matters of interpretation.