Privacy Policy | WinCraft

1. Introduction and Scope

As the operator of wincraftcasino-hu.com, we are committed to protecting personal data. This policy clearly explains what data we collect, for what purpose and legal basis we process it, how long we retain it, to whom we may disclose it, what security measures we apply, and what rights you have under the GDPR (EU 2016/679). The policy applies to all visitors of the website, registered players, and those who contact us.

2. Data Controller and Contact Information

Data Controller: Casiworx N.V., Groot Kwartierweg 10, Curaçao, company registration number: 163922
Data Processor (payment partner): Xenith Ltd., Chytron 30, 2nd floor, Office A22, 1075 Nicosia, Cyprus, HE 450395
Privacy contact: [email protected]
General customer support: [email protected]

3. Categories of Data Processed

The scope of processed data depends on the use of the service. The most common categories:

  • Registration data: full name, email address, username, date of birth, country of residence.
  • Login and technical data: IP address, browser and device identifiers, session IDs, log files.
  • Gaming and transaction data: deposits and withdrawals, bets, balance, playtime and game type.
  • KYC/AML documents: photo ID, proof of address, and if necessary, source of funds and proof of transactions.
  • Communication: live chat and email messages, complaint handling content.
  • Cookies and similar identifiers: functional, analytical, and – with consent – marketing cookies.

4. Purposes and Legal Bases

  • Contract performance (GDPR Art. 6(1)(b)): creating and managing accounts, providing games and promotions, processing transactions.
  • Legal obligation (Art. 6(1)(c)): age verification, KYC/AML checks, accounting and retention obligations.
  • Legitimate interest (Art. 6(1)(f)): IT and platform security, fraud and abuse prevention, service quality improvement (only to the necessary extent, with balancing of interests).
  • Consent (Art. 6(1)(a)): newsletters and promotional messages, marketing cookies. Consent may be withdrawn at any time.

5. Cookies and Tracking

The website uses cookies to maintain login sessions, analyze traffic, and – with separate consent – for marketing purposes.

  • Functional: session, language, security.
  • Analytical: traffic and usage statistics (e.g., Google Analytics).
  • Marketing: targeted offers and campaign measurement.

Cookie settings can be modified in your browser and through the on-site cookie settings panel; non-essential cookies load only with consent.

6. Data Retention

Data typeRetention period
Registration/account data5 years from account deletion
Transaction and financial logsMinimum 7 years (legal obligation)
KYC/AML documents5 years from verification
Customer service communication2 years
Cookie identifiersMaximum 12 months

7. Data Sharing and International Transfers

Personal data is shared only for specific purposes and under contractual safeguards:

  • Payment providers and banking partners: transaction processing.
  • KYC/AML providers: identity verification and compliance.
  • IT operators and hosting providers: hosting, maintenance, security.
  • Authorities and regulators: where legally required.

For transfers outside the EU/EEA, we apply appropriate safeguards (e.g., European Commission–approved Standard Contractual Clauses) and protect data with technical/organizational measures (encryption, access restrictions).

8. Security Measures

Data transmission is protected by SSL/TLS encryption. Systems have access controls and logging, regular backups, and internal/external audits. Admin panels require multi-factor authentication, and access rights follow the principle of “least privilege necessary.”

9. Automated Decision-Making and Profiling

Automated systems assist in detecting fraud, bonus abuse, and multi-account activity, as well as in risk management. No final decision with legal effect is made solely based on automated processing; all such decisions are subject to human review.

10. Data Subject Rights and Request Handling

Under GDPR, you have the right to access, rectification, erasure, restriction of processing, data portability, and objection. Consent to marketing may be withdrawn at any time.
Requests can be sent to [email protected]; a substantive response will be provided within a maximum of 30 calendar days. If necessary, the deadline may be extended once, with prior notification.

11. Protection of Minors

Our services are only available to persons over 18. Age verification is performed, and KYC is mandatory before any withdrawal. In cases of suspected minors, the account will be blocked, and verification requested. Recommended parental control tools: Qustodio, NetNanny, Norton Family.

12. Complaints and Legal Remedies

Please submit complaints first to the Data Controller ([email protected]). If unsatisfied, you may contact the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) or seek judicial remedy. Due to international operations, requests may also be forwarded to relevant foreign supervisory authorities if required by the nature of the case.

13. Changes and Entry into Force

This policy may be updated from time to time; changes take effect on the date of publication on the website. The current version is always available at the /privacy-policy page. Continued use of the service constitutes acceptance of the updated terms.