Winthere Casino Privacy Policy sets out how we handle the personal information you share with us when you create an account, make a deposit, contact support or simply browse the site. We are committed to keeping your data safe, using it only for the purposes we have explained, and being transparent about who else might see it. This policy is written in plain English because we believe privacy notices should be readable, not legalese designed to discourage you from finishing them.
What personal information does Winthere collect?
We collect three broad categories of data. First, the identity information you give us when you open an account, including your name, date of birth, email address, phone number and postal address. Second, the verification documents we may request as part of our regulatory obligations, such as a copy of your passport or driving licence and a recent utility bill. Third, the technical and behavioural data that is generated automatically as you use the site, including your IP address, device fingerprint, browser type, the pages you visit and the games you play. Each category is used for specific purposes that are described later in this policy.
Why do you need my data and what is it used for?
Identity data lets us verify who you are, comply with anti money laundering law and process your deposits and withdrawals. Behavioural data helps us spot fraudulent activity, prevent bonus abuse and improve the site over time by understanding which features players actually use. Marketing communications are only sent to players who have opted in. You can unsubscribe at any time from the link at the bottom of every email or by toggling the preference inside your account settings. We never sell your personal data to third parties for advertising or any other purpose.
Who do you share my information with?
We share data with a small number of trusted partners who help us run the casino. Payment providers receive the information they need to process your deposits and withdrawals. Identity verification specialists check your documents against external databases to confirm you are who you say you are. Game studios receive anonymised play data so they can improve their products. Cloud hosting providers store the underlying data on infrastructure protected by industry standard security. We may also share information with regulators, law enforcement or our gaming licence authority when we are legally required to. The full list of categories of recipients is available on request.
How long do you keep my data?
Account data is kept for as long as your account is active, plus a further six years after closure to comply with anti money laundering retention rules. Marketing data is kept until you withdraw consent, at which point it is removed within thirty days. Technical logs are typically held for ninety days before being aggregated and anonymised. You have a number of rights under UK GDPR including the right to access your data, correct inaccuracies, request deletion subject to our legal retention obligations, and complain to the Information Commissioner's Office if you are unhappy with how we have handled your information. Requests can be sent to our data protection team via the contact details at the bottom of this page.
If you have any questions about how we use your data, or if you want to exercise any of your rights under UK GDPR, please contact our data protection team through the help page. We respond to every request within thirty days and we treat privacy enquiries with the same seriousness as any other player support matter.
How does Winthere protect data against breaches?
Player data is stored in encrypted databases hosted on infrastructure that meets ISO 27001 standards for information security. Access to the underlying systems is restricted to a small group of senior engineers and is monitored through audit logs that capture every read and write operation. Passwords are never stored in clear text. They are hashed using industry standard bcrypt with a per user salt, which means even an attacker who somehow obtained the database would not be able to recover the original passwords. Two factor authentication is mandatory for staff with access to player data, and the casino runs regular penetration tests by an independent security firm to identify and patch weaknesses before they can be exploited.
What happens to my data if I close my account?
Closed accounts move into a restricted access state where the data remains stored for the six year regulatory retention period but is no longer used for any active purpose. Marketing communications stop immediately. Behavioural and game play history is anonymised and aggregated within thirty days. The only data we are required to retain in full is the identity and financial transaction information needed to meet anti money laundering obligations. After six years, even that data is deleted unless a specific legal requirement extends the period. The Close Account page walks through the full closure flow and explains what happens at each stage.
How does the privacy policy fit with our use of cookies?
Cookies are a specific subset of the data collection covered by this privacy policy, and the rules around them are spelled out separately on the Cookie Policy page. Together the two documents give you a complete picture of what is collected when you visit Winthere, why, and how to control it. We treat both policies as living documents and we update them whenever a change in process or a change in regulation makes it necessary. Material changes are flagged through a notification inside your account and through a banner on the home page so that you do not miss them. If you are looking for tools to manage your activity at the casino itself rather than your data, those live on the Responsible Gambling page.