We collect only what we need, keep it only as long as we must and never sell it to anyone. Here is exactly what that means in practice.
Last updated: January 2026. This Privacy Notice applies to all users of the Cazeus casino platform and related services.
Cazeus is an online casino operated by a licensed entity under the authority of the UK Gambling Commission. As the operator of this platform, we act as the data controller for all personal information collected through our website, account systems, payment processes and customer service channels. That means we are responsible for deciding how and why your personal data is processed, and we are accountable for doing so lawfully and transparently.
If you have any questions about this Privacy Notice, about how we handle your personal data, or if you wish to exercise any of your rights under UK data protection law, you can reach our Data Protection contact through the email address provided in your registered account area. We aim to respond to all privacy-related correspondence within one calendar month, which is the timeframe required by UK GDPR.
If you believe we have not handled your personal data appropriately and our response does not satisfy you, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent data protection supervisory authority, at ico.org.uk.
We collect personal data in three broad ways: information you give us directly, information we collect automatically when you use the platform and information we receive from third parties as part of our legal and regulatory obligations.
Information you provide directly:
Information collected automatically:
Information from third parties:
We use your personal data only for defined, legitimate purposes. We do not process your data in ways that are incompatible with why it was originally collected, and we do not sell personal data to third parties for their own marketing purposes under any circumstances.
To operate your account and deliver the casino service: Processing registration, verifying identity, enabling deposits and withdrawals, recording game history, delivering bonuses and promotions you are eligible for, and maintaining the technical infrastructure that keeps the platform running.
To comply with legal and regulatory obligations: Under UK gambling law and anti-money laundering legislation, we are required to verify your identity before allowing real-money play, to monitor transactions for suspicious activity, to carry out affordability assessments in certain circumstances and to keep records of your gaming activity for defined periods. These are not optional - they are conditions of our operating licence, and we process data for these purposes regardless of your marketing preferences.
To protect responsible gambling: We analyse your gaming behaviour - session length, deposit frequency, stake escalation patterns, self-exclusion history - to identify signs of potential harm and to fulfil our regulatory duty of care. This processing is in your interest and in fulfilment of our legal obligations.
To provide customer support: Records of your contact with our support team are retained so that agents handling follow-up contacts have full context, disputes can be investigated accurately and quality assurance reviews can take place.
To send you relevant communications: Where you have provided consent, we may send you promotional emails, bonus notifications and news about features or games we think you will find interesting. You can withdraw this consent at any time through your account settings or by clicking the unsubscribe link in any marketing email. Withdrawing marketing consent does not affect service communications (such as withdrawal confirmations or verification requests), which we send on the basis of contractual necessity.
To improve the platform: Aggregate and anonymised usage data helps us understand how players use the site, identify technical problems and prioritise development work. This data is stripped of identifying information before analysis.
To prevent fraud and ensure security: Technical and behavioural data is used to detect unusual access patterns, identify potential account takeovers and prevent fraudulent transactions.
UK GDPR requires that every act of personal data processing has a documented legal basis. The bases we rely on at Cazeus are as follows.
Performance of a contract - Processing necessary to register your account, verify your identity, process payments, deliver games and bonuses, and provide customer support. Without this processing, we cannot provide the casino service.
Legal obligation - Processing required by UK gambling regulations, anti-money laundering law, the Data Protection Act 2018 and other applicable legislation. This includes identity verification, transaction monitoring, GAMSTOP checks and record-keeping requirements.
Legitimate interests - Processing that serves our genuine business interests in preventing fraud, maintaining platform security, improving our services and conducting internal analytics, provided those interests are not overridden by your rights and expectations. We conduct a formal balancing test before relying on legitimate interests for any new processing activity.
Consent - Processing for marketing communications and non-essential cookies, where we have asked for and received your clear, informed agreement. You can withdraw consent at any time without affecting the lawfulness of processing that took place before withdrawal.
Cazeus uses cookies and similar technologies to make the website work correctly and, where you have consented, to improve and personalise your experience. A cookie is a small text file stored on your device by your browser. We use four categories of cookies.
Strictly necessary cookies keep the site functional. They manage your login session, remember your preferences during a visit, enable secure payment processing and ensure that responsible gambling tools are applied correctly. You cannot opt out of strictly necessary cookies without breaking core site functionality.
Performance and analytics cookies collect information about how pages are used - which sections are visited most, where players encounter errors, how long pages take to load. This data is aggregated and anonymised before analysis. We use it to prioritise improvements.
Functional cookies remember choices you make - your preferred language, your notification settings, whether you have previously dismissed a particular banner - so you do not have to repeat those choices on every visit.
Marketing cookies are used, with your consent, to track the effectiveness of campaigns and to present relevant offers. We do not use marketing cookies to build profiles that are sold to or shared with unrelated third-party advertisers.
You can manage your cookie preferences through the banner shown on your first visit and through your browser settings. Withdrawing consent for non-essential cookies does not affect your ability to use the casino.
We do not sell, rent or trade your personal data. We share it only with parties that have a legitimate role in delivering the casino service or in meeting our legal obligations.
All third parties with whom we share personal data are required to handle it in accordance with applicable data protection law and are prohibited from using it for their own independent purposes.
We retain personal data only for as long as is necessary for the purpose for which it was collected, or as required by law. UK gambling regulations require us to retain full account records - including identity documents, transaction histories and gaming activity - for a minimum of five years from the date your account is closed. Anti-money laundering legislation imposes similar retention periods for financial records.
Customer service communications are retained for three years after the date of contact to allow dispute resolution and quality assurance. Marketing preferences and consent records are retained for as long as your account is active and for one year after closure, to demonstrate compliance with consent requirements.
Technical logs and security data are retained for up to 12 months. Aggregated, anonymised analytics data may be retained indefinitely as it no longer constitutes personal data.
When data reaches the end of its retention period, it is deleted or irreversibly anonymised using secure methods. We do not retain data "just in case" - every category of data we hold has a documented retention period and a review schedule.
You have a range of rights in relation to your personal data, which you can exercise by contacting us through the privacy contact details in your account area. We will respond within one calendar month.
Protecting your personal data from unauthorised access, loss or disclosure is a core operational priority at Cazeus. We implement a layered security architecture that covers both technical controls and organisational processes.
All data transmitted between your browser and our servers is protected by Transport Layer Security (TLS) encryption at the current industry standard. Sensitive data at rest - including identity documents and financial records - is stored in encrypted form. Our payment processing environment is certified to PCI DSS standards, which means card data is handled within a highly controlled, audited environment.
Access to personal data within the organisation is restricted to staff whose role requires it. All staff with access to personal data are required to complete data protection training and are bound by confidentiality obligations. Our infrastructure undergoes regular penetration testing by independent security firms, and we maintain a formal incident response plan for any suspected data breach.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of it, as required by UK GDPR. If you are directly affected in a way that poses a high risk, we will also notify you directly without undue delay.
This Privacy Notice will be updated from time to time to reflect changes in our data processing practices, changes in applicable law or feedback from players and regulators. When we make material changes - changes that significantly affect how we use your personal data or your rights in relation to it - we will notify you by email before the changes take effect and update the "last updated" date at the top of this document.
Minor updates, such as clarifications of language or corrections of typographical errors, will be made without specific notice but will always be reflected in the document date. We encourage you to review this notice periodically. The current version always supersedes any previous version and is always the version governing current data processing.
If you have any questions about this notice or about how we handle your data, please reach us through the contact details in your account area. We are committed to being transparent about our data practices and to treating every privacy query with the attention it deserves.
