Gala Casino's Privacy Policy

Gathering User Information

You may need to give exact identification and transaction information when you register, play the game, or pay for it. This makes sure that games are fair and that payouts are reliable, while also helping to stop money laundering.

Using Personal Data

We only use collected records for account management, safe transactions, responsible gaming monitoring, and personalized promotional offers (when allowed). You can change your permission for marketing at any time by going to your account settings.

Your Rights

Data laws in Europe and the UK give you the right to access, export, correct, or delete your stored information. You can send requests through the customer support portal. Requests that have been verified are handled within 30 days.

How To Use Cookies

Session and persistent cookies are used for authentication, betting, fraud detection, and analytics. If you turn off cookies, some features of the site may not work right, and you may not be able to log in to your account or play games.

Storing And Protecting Data

All personal and financial data is kept in ISO-certified buildings with cutting-edge firewalls and systems that can detect intrusions. Backups are done all the time, and there are written rules about how long data can be kept to stop people from keeping it without permission.

Information On How To Reach Us

If you have questions about your records or security measures, please use the Help Centre to submit a ticket or write to our Data Protection Officer. We look at all feedback and take action on it in full compliance with the rules.

How We Get And Keep Your Personal Information

Our platform gets and keeps track of client information using a number of safe and reliable methods that are all in line with the law and rules. Here's a structured look at how we collect and keep your sensitive information:

• Forms for Registration: When you make an account, you will be asked to give information like your name, address, date of birth, phone number, and payment method. Clearly marked fields that must be filled out ensure accurate records for account security and compliance with legal age requirements.
• Transaction Records: Information about deposits, withdrawals, and bets is kept in a systematic way. This record helps settle disagreements, keep an eye on dishonest behaviour, and give accurate account histories.
• KYC Papers: We ask for documents like government-issued ID and proof of address to meet our requirements for verifying identities. Files that are sent are encrypted and stored in separate, secure data vaults to lower the risk of unauthorized access.
• Cookies and Tracking: Cookies and analytics services keep track of how people use a website by recording session IDs, device information, and browsing habits. You can control cookies in your browser settings, but this data helps improve services and make experiences more personal.

The following rules apply to how all personal data is stored:

1. Secure servers in approved jurisdictions store data that is encrypted;
2. Role-based access restriction means that only trained staff with the right clearance can see sensitive records;
3. We do regular audits and penetration tests to find and fix weaknesses in our infrastructure;
4. Records are automatically deleted after the required retention periods, unless the law requires them to be kept longer (for example, to settle a dispute).

To make your account even safer, we suggest that you use strong, unique passwords, turn on two-factor verification when it's available, never share your credentials with anyone else, and let us know right away if you think someone has accessed your account without permission.

What Information You Need To Sign Up For An Account

When people sign up, they have to give certain information that proves who they are and that they are eligible to take part. The following categories show the information needed to set up an account:

• Identification Information: This includes your full legal name, birth date, and home address. It is important to enter the information correctly because it will be checked against official records to make sure it is correct for age and location.
• Information on how to get in touch: To finish registering, you need a working email address and phone number. These will be used for verifying your identity, letting you know about transactions, and getting your account back.
• Documents Issued by the Government: You might be asked to send in a scan or picture of your ID, like a passport, national ID card, or driver's license. These help to verify the identity provided at sign-up and meet the Know Your Customer (KYC) requirements set by regulatory bodies.
• Payment Credentials: When you deposit or withdraw money, information about your preferred payment methods, like credit or debit card numbers or digital wallet IDs, is collected. We only support secure and approved transaction gateways.
• Security Data: Users make a strong password and might be asked to answer security questions. This helps keep the account safe from unauthorized access and makes it easy to reset the password if necessary.

To avoid delays in registration or problems getting in, make sure you give all the right information. If you don't give proof of your data, your account may be suspended or closed for good until you can prove it.

Sharing Data With Third-party Vendors

We sometimes work with outside partners to help with important platform tasks like processing payments, checking ages, stopping fraud, and analyzing marketing data. Below is a list of our data transmission rules and the times when we might share your information with these service providers.

Category	Purpose	Data Elements Shared	Security Steps
Transaction Facilitators	Taking care of deposits, withdrawals, and questions about them	Payment identifiers, transaction history, and account number	Encrypted data channels and privacy based on contracts
Companies that check your age and identity	Following the rules about legal age and anti-money laundering	Full name, date of birth, and scans of government-issued IDs	Limited access and data retention limits
Partners in Marketing	Promotions and service updates that are unique to you	Email address (only with the user's permission) and behavioral data that has been made anonymous	Hashed identifiers and the ability to opt out
Vendors of IT and security	Reducing risks and making infrastructure more resilient	IP addresses, authentication tokens, and device metadata	Multi-factor authentication for vendors and role-based access

Before sending any information, each supplier is checked against strict due diligence rules. All outside contracts require the company to follow the law when it comes to handling information, reporting incidents, and having strong policies for destroying data when services end. We won't share user data for any other reasons than those listed without permission, unless the law requires it. You can ask for an updated list of our partners or use your right to block certain data transmissions by getting in touch with our support team through your account dashboard.

Ways To Protect Client Data

• Strong Encryption: 256-bit SSL encryption is used to send all personal and financial information. This encryption protocol makes sure that any data that users send and receive from the platform stays private and can't be read by people who aren't allowed to.
• Secure Authentication Protocols: Users have to go through multi-factor authentication (MFA) to log in. When a user does something sensitive, like withdrawing money or changing their password, a unique code is sent to their registered device or email. This adds another layer of security against unauthorized access.
• Firewall Architecture: Advanced firewall systems keep an eye on and control network traffic 24/7 to stop hackers from getting in and protect stored records from outside threats and cyber attacks.
• Data Segmentation: Personal data is kept separate from operational databases. This separation of data limits access to only authorized personnel who are responsible for managing user accounts and lowers the risk of exposure.
• Regular Security Reviews: Certified cybersecurity experts do penetration tests and vulnerability assessments on the platform on a regular basis. These regular reviews make sure that any possible security holes are found and fixed quickly.
• Physical Security Controls: All servers that hold client records are kept in secure data centres that have biometric access, 24/7 surveillance, and reinforced entry points. This keeps them safe from both digital and physical breaches.
• Training employees and controlling who can get in: Staff members are required to follow strict confidentiality agreements and receive ongoing training on how to handle data. Only people who need to see sensitive records to do their jobs can do so with permission-based access.

User Rights To View And Change Their Own Data

Registered members can still ask for a copy of their personal records that the platform keeps. Users must send a written request through the official support channel or the account dashboard in order to start this process. After confirming your identity, all relevant stored data will be sent to you in a standard electronic format within 30 days. This is in line with current laws like the UK Data Protection Act 2018 and GDPR. If users find any mistakes, they have the right to ask for changes or corrections. There is a clear way to ask for corrections: go to the account management section, click on "Update Personal Data," and enter the new information. If you need to make changes that need more proof, like changing your name or address, you may be asked to provide more supporting documents to make sure the data is correct and safe. Account holders can also take away certain optional information or change their minds about how certain types of data are processed right in the privacy preferences section. Legal requirements for retention, anti-fraud protocols, and compliance with financial regulations set limits on erasure requests and restrictions. If a request can't be carried out right away, we'll give you a full explanation and other options. If you have questions about managing your data, you can get help from a dedicated support liaison at the help centre. There is free help with exercising data-related rights, and every question is answered in a way that is completely private and open.

How Long To Keep Personal Records And How To Delete Them

Personal records are kept for as long as the law, regulations, anti-money laundering rules, and financial oversight rules say they should be. As required by law, registration information, transaction logs, and KYC documents are kept safe for at least five years after an account is deactivated. When the retention period is up, automatic erasure routines start. Cryptographic wiping and permanent database removal are used to safely process data that is going to be deleted. Requests to remove data by hand, sent through the official support channel, are handled within 30 days unless there are legal reasons that make it impossible. Identification and audit information needed to settle disagreements or enforce terms is kept only as long as absolutely necessary. If users no longer have to keep records, they can ask for them to be deleted early. Each request for removal is checked to make sure it follows tax, fraud prevention, and responsible gambling rules. Data that third parties keep for compliance or technical support purposes follows the same removal procedures, and proof can be provided upon request. We regularly review our retention periods and purging procedures to make sure they follow the most recent rules. Users get alerts about changes to the data lifecycle that affect their records. If you need clear instructions on how to delete your account or have other questions about managing your data, please contact customer support directly.