KaboomSlots Privacy Policy

KaboomSlots acts as the data controller for users in the United Kingdom and processes personal data in line with UK GDPR, the Data Protection Act 2018, PECR, and the Licence Conditions and Codes of Practice of the Gambling Commission.

Personal data collected may include:

• Identity and age verification information: name, date of birth, address, nationality, occupation, and identification documents.
• Contact information: email address and telephone number.
• Account details: username, preferences, responsible gambling settings, and security credentials.
• Payment and transaction information: tokenised card or bank identifiers, deposits, withdrawals, and payout details.
• Gameplay and betting history: stakes, outcomes, session information, limits, and self-exclusion data.
• Device and technical data: IP address, device identifiers, browser type, operating system, and cookies.
• Risk and compliance information: screening results for sanctions and PEPs, fraud indicators, and affordability assessments.
• Communications: support tickets, chat logs, and call recordings when permitted.
• Marketing preferences and consents.

Purposes for collection and processing:

• Provide and operate the online services and user accounts.
• Verify identity and age to meet legal and regulatory requirements.
• Process payments, payouts, and resolve billing queries.
• Detect and prevent fraud and money laundering, and support responsible gambling.
• Deliver customer support and improve site reliability and features.

Technical and organisational measures:

• Encryption in transit and at rest, network segregation, and secure backups.
• Access controls, multi-factor authentication, and least-privilege permissions.
• Continuous monitoring, audit logging, and incident response procedures.
• Staff training on data protection and confidentiality.
• Due diligence and contracts with processors, favouring ISO/IEC 27001 aligned providers.
• Data minimisation and retention schedules aligned to regulatory obligations.

User rights under UK GDPR:

• Access, rectification, erasure, restriction, and portability of personal data.
• Objection to processing based on legitimate interests and to direct marketing.
• Withdrawal of consent at any time where consent is the basis for processing.
• The right to lodge a complaint with the Information Commissioner’s Office (ICO).

Retention: personal data is kept only as long as needed for the purposes set out above and to meet legal requirements. Certain records may be retained for at least five years after account closure to comply with anti-money laundering and gambling regulation.

Processing is lawful, fair, and transparent. Personal data is not sold or rented. It is used for:

• Account creation, authentication, and provision of services.
• Payment processing, withdrawals, chargebacks, and accounting.
• Identity, age, affordability, and sanctions checks required by law.
• Fraud prevention, security monitoring, and platform integrity.
• Responsible gambling tools, self-exclusion, and interaction records.
• Customer support, service quality, and product improvement.
• Analytics, statistical reporting, and performance measurement.
• Personalisation of content and settings to improve user experience.
• Direct marketing and newsletters where the user has opted in under PECR.
• Compliance reporting, audits, dispute resolution, and legal claims.

Limited profiling may occur to detect fraud and manage responsible gambling. Significant outcomes that affect a user’s rights involve human review. Marketing profiles are used only where consent has been given, and users can withdraw consent or object at any time.

Users can access, update, or delete personal information by using account settings or by contacting the Privacy Team. Requests may require identity verification. A response will be provided within one month, or as permitted by law for complex requests.

Correction and deletion procedures:

• Incorrect or incomplete data will be corrected upon request.
• Deletion requests will be honoured where no lawful basis requires continued retention. Certain records must be kept for regulatory or legal reasons, in which case processing will be restricted.
• Account closure will result in deactivation and restricted processing subject to statutory retention periods.

By using KaboomSlots, users consent to security checks, identity verification, and processing of payment information by licensed payment service providers and card schemes for the purposes of transactions, fraud prevention, and compliance.

The services are intended for adults aged 18 and over. The operator cannot determine age without appropriate documents and may request proof to complete verification.

If personal information relating to a minor is discovered, the account will be closed and data will be deleted where permitted by law. A parent or legal guardian may contact the Privacy Team to request deletion, providing sufficient evidence of guardianship and the minor’s identity. Certain records may be retained to meet legal and regulatory duties.

Personal data may be processed in other countries where service providers and partners operate. By using the websites, users consent to these transfers. Confidentiality and security are required from all partners through contracts and oversight.

Transfers are protected by appropriate safeguards, including UK adequacy regulations where available, the UK International Data Transfer Agreement or Addendum, and standard contractual clauses. Additional technical and organisational measures are applied to reduce risk and maintain data protection standards.

This Policy and its disclaimer govern how the rules apply and may clarify or limit obligations to the extent allowed by United Kingdom law. The disclaimer applies when the user accepts the Policy through registration, ticking an acceptance box, continued use of the services, or by signing related documents.

Nothing in this section removes rights granted by applicable law or limits liability where such limitation is not permitted.

Cookies are small files placed on a device by websites to store and retrieve information. They are used for statistics, behaviour analysis, personalisation, and site improvement. Non-essential cookies are used only where consent has been given under PECR. Users can withdraw consent at any time via cookie settings.

Types used include strictly necessary, preferences, analytics, and marketing cookies. Unless a shorter period is stated in the cookie banner, cookies are retained for up to 1 year. Browser settings can also be used to manage or delete cookies. Similar technologies such as pixels may be used for the same purposes.

Use of KaboomSlots indicates full acceptance of this Privacy Policy and related data practices. The current version published on the websites prevails over any prior version. Material updates will be communicated where appropriate, and continued use of the services after updates constitutes acceptance of the revised Policy.

Personal data may be shared where necessary to comply with law, manage disputes, perform agreements, and deliver services. Categories of recipients include payment service providers and banks, identity and age verification suppliers, fraud prevention agencies, analytics and cloud hosting providers, responsible gambling service providers, professional advisers, auditors, regulators, and law enforcement.

A list of key processors is maintained on the websites. If a specific party is not listed, users will be informed of the purpose and scope of sharing where required. Providing data for the purposes described constitutes consent where consent is the lawful basis, and otherwise sharing occurs under contract, legal obligation, or legitimate interests. Third parties may act as processors or independent controllers and apply their own privacy notices.

The websites may contain links to third-party websites that have their own privacy policies. KaboomSlots is not responsible for how external sites collect, use, or disclose information. Users should review the privacy notices of those sites and exercise caution when providing personal data.