Privacy Policy
Privacy at Kong Casino — how we handle your personal data under UK GDPR and the Data Protection Act 2018.
What You'll Find Here
Privacy at Kong Casino
Kong Casino is operated by a UK Gambling Commission licensed operator (account 39175) and processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what we collect, why we collect it, the legal bases we rely on, who we share it with, how long we keep it, and the rights available to you as a data subject.
We process personal data only where it is necessary to deliver our gambling services, meet legal and regulatory obligations under the Gambling Act 2005, the Money Laundering Regulations 2017, and licence conditions issued by the UK Gambling Commission, or where we have a clear consent or legitimate interest. We do not sell personal data, and we apply data minimisation across every stage of the customer journey — from registration to KYC, gameplay, payments, and account closure.
Regulator
UKGC + ICO
Framework
UK GDPR
DSAR Response
≤ 30 days
Transit Encryption
TLS 1.2+
Categories of Personal Data We Process
The table below summarises the main categories of personal data Kong Casino processes, the kinds of information included in each category, and the operational purpose for processing. Categories such as identity, contact, financial and verification data are needed to meet UKGC licence conditions, anti-money laundering obligations, and safer gambling duties.
| Data category | Examples | Purpose |
|---|---|---|
| Identity data | Full name, date of birth, gender, nationality, photo ID (passport, driving licence) | Account creation, age verification, KYC under MLR 2017 |
| Contact data | Email, phone, residential address, postcode | Service notifications, support, address verification |
| Financial & payment data | Card last four digits, e-wallet ID, bank account details, deposit/withdrawal history, source-of-funds documents | Processing payments, fraud checks, AML monitoring |
| Gameplay & account data | Username, bets placed, games played, session duration, deposit limits, self-exclusion flags | Service delivery, safer gambling interactions, fairness audits |
| Technical data | IP address, device fingerprint, browser, OS, geolocation, login timestamps | Security, fraud prevention, geo-restriction, debugging |
| Marketing data | Communication preferences, opt-in status, campaign engagement | Sending bonuses and offers where you have consented |
| Special category data | Self-exclusion (GAMSTOP), responsible gambling interventions | Substantial public interest — safer gambling under licence conditions |
Legal Bases for Processing Under UK GDPR
Article 6 of the UK GDPR sets out six lawful bases for processing personal data. Kong Casino relies on the following bases — we will tell you which one applies whenever it is not already obvious from the context. Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
| Legal basis (UK GDPR Art. 6) | What we use it for |
|---|---|
| Contract (Art. 6(1)(b)) | Creating and operating your account, processing deposits and withdrawals, settling bets, providing customer support |
| Legal obligation (Art. 6(1)(c)) | Age verification, KYC and source-of-funds checks under MLR 2017, suspicious-activity reporting, UKGC reporting, tax records |
| Legitimate interests (Art. 6(1)(f)) | Fraud prevention, security monitoring, fairness/anti-bonus-abuse checks, service improvement, defending legal claims |
| Consent (Art. 6(1)(a)) | Marketing emails and SMS, non-essential cookies and analytics, optional profile data |
| Substantial public interest (DPA 2018, Sch. 1) | Safer gambling interventions, processing GAMSTOP self-exclusion data, regulatory compliance with the Gambling Commission |
| Vital interests (Art. 6(1)(d)) | Limited cases where processing is needed to protect a person's life or wellbeing, e.g. acute safer-gambling escalations |
Your Rights Under the UK GDPR
UK data subjects have a defined set of rights over their personal data. Kong Casino will respond to verified requests within one calendar month, as required by Article 12 of the UK GDPR, and may extend this by up to two further months for complex requests — you will be told if that happens. Some rights are not absolute and may be limited by competing legal duties such as anti-money laundering record keeping.
| Right | What it means | How to exercise it |
|---|---|---|
| Right to be informed | Receive clear information about how your data is used (this policy) | Read this page; ask support for clarification |
| Access (DSAR) | Obtain a copy of personal data we hold about you | Submit a Data Subject Access Request via the operator's privacy contact channel |
| Rectification | Have inaccurate or incomplete data corrected | Update profile details in your account; contact support for ID-locked fields |
| Erasure ("right to be forgotten") | Have data deleted where processing is no longer necessary | Request via privacy contact; subject to AML/regulatory retention |
| Restriction | Pause processing while accuracy or lawful basis is reviewed | Submit a written request via privacy contact |
| Data portability | Receive certain data in a structured, machine-readable format | Request portable export via privacy contact |
| Object | Object to processing based on legitimate interests or for direct marketing | Use the unsubscribe link or update marketing preferences in account settings |
| Rights related to automated decisions | Not be subject to solely automated decisions with legal or similarly significant effects without safeguards | Request human review of any automated outcome via privacy contact |
| Right to withdraw consent | Withdraw consent for marketing or non-essential cookies at any time | Use account preferences or the cookie banner |
| Right to complain | Lodge a complaint with the UK supervisory authority | Contact the Information Commissioner's Office at ico.org.uk |
How Long We Keep Your Data
We retain personal data only as long as necessary for the purpose it was collected for, plus any period required by law. The minimum financial-records retention of five years from the end of the customer relationship is set by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. After the retention period expires, data is deleted or fully anonymised.
| Data type | Retention period | Reason |
|---|---|---|
| KYC & identity documents | 5 years after end of relationship | MLR 2017, reg. 40 |
| Transaction & financial records | 5 years (extendable to 10 if required by regulator or court) | AML, tax and audit obligations |
| Account & gameplay data | Duration of account + 5 years | UKGC licence conditions and dispute resolution |
| Self-exclusion & safer gambling records | Minimum 6 years from exclusion expiry | Safer gambling code & regulatory enquiries |
| Customer support & complaints | 6 years after closure | Limitation Act 1980; ADR records |
| Marketing data | Until consent withdrawn, then suppression list only | PECR & UK GDPR consent rules |
| Website analytics & cookies | Up to 26 months | ICO cookie guidance |
| Server logs (IP, access) | Up to 12 months | Security, fraud, debugging |
Who We Share Your Data With
Kong Casino works with carefully selected processors and regulated third parties to deliver the service. Each processor is bound by a written agreement under Article 28 of the UK GDPR that sets out their obligations regarding security, confidentiality and assistance with data-subject rights. We do not sell personal data to third parties.
| Recipient category | Examples | Purpose |
|---|---|---|
| Game & platform providers | Pragmatic Play, NetEnt, Microgaming, Evolution | Delivering games and live-dealer streams |
| Payment processors | Card acquirers, Visa, Mastercard, PayPal, Skrill, Neteller, Trustly, Apple Pay | Processing deposits, withdrawals and chargebacks |
| KYC / AML / fraud vendors | Identity verification and credit reference agencies (e.g. Experian, GBG, Jumio-class) | Age verification, source-of-funds, sanctions and PEP screening |
| Regulators & authorities | UK Gambling Commission, HMRC, NCA, ICO, courts, law enforcement | Statutory reporting, investigations, lawful requests |
| Safer gambling schemes | GAMSTOP, GamCare, BeGambleAware | Self-exclusion checks and safer-gambling support |
| IT & cloud infrastructure | UK/EEA-based hosting, CDN, backup, email, helpdesk | Hosting and operational continuity |
| Marketing & analytics | Email service providers, web analytics tools (consent-based) | Sending opted-in offers and measuring site performance |
| Professional advisors | External auditors, lawyers, ADR provider (IBAS) | Audit, legal advice, complaints resolution |
International transfers
Where personal data is transferred outside the UK, we rely on UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses, plus a transfer risk assessment, to maintain UK GDPR-equivalent protection.
How We Protect Your Data
Kong Casino applies organisational and technical measures aligned with Article 32 of the UK GDPR. These include 256-bit TLS encryption for data in transit, encryption at rest for sensitive identifiers, role-based access control, documented data-protection-by-design reviews, regular penetration tests, vulnerability management, and staff confidentiality obligations.
In the event of a personal data breach that risks people's rights and freedoms, Kong Casino will notify the ICO within 72 hours of becoming aware, and will inform affected users without undue delay where the risk is high, in line with Articles 33 and 34 of the UK GDPR.
Encryption
256-bit TLS in transit, AES at rest for high-risk data.
Access control
Least-privilege access, MFA for staff, audit logging.
Breach response
72-hour ICO notification, documented incident playbook.
Contacting Us About Privacy
For questions about this policy, to exercise any of the rights above, or to raise a concern, please contact via the operator's privacy contact channel inside your account or through the live-chat customer support service. When contacting us, include your account username and a clear description of your request so that we can verify your identity and respond promptly.
If you remain unsatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk/make-a-complaint. For gambling-specific concerns, you may also contact the UK Gambling Commission via gamblingcommission.gov.uk.
Explore More at Kong Casino
Main casino page
All BonusesWelcome offers & promos
Sign Up GuideRegistration steps
Current page
Privacy FAQs
Who is the data controller for Kong Casino?
The data controller is the UK Gambling Commission-licensed operator behind Kong Casino (UKGC account 39175). The controller decides how and why your personal data is processed and is registered with the UK Information Commissioner's Office.
How do I make a Data Subject Access Request (DSAR)?
Contact via the operator's privacy contact channel inside your account or through live chat. Include your username and confirm your identity. We will respond within one calendar month, free of charge, unless the request is manifestly unfounded or excessive.
Can I have my account deleted entirely?
Yes — you can request erasure under UK GDPR Article 17. However, anti-money laundering law (MLR 2017) requires us to keep KYC and transaction records for at least five years after the relationship ends. Records that we are legally obliged to retain will be archived with restricted access rather than deleted immediately.
Does Kong Casino sell my data to third parties?
No. Kong Casino does not sell personal data. Data is shared only with regulated processors and authorities listed in the third-party sharing table above, all of which act on our written instructions or under a legal duty.
How do I stop receiving marketing emails?
Use the unsubscribe link in any marketing email or update your communication preferences in your account. You will be added to a suppression list so we can honour your choice without retaining unnecessary data.
Where can I complain about Kong Casino's data handling?
You can complain to the Information Commissioner's Office at ico.org.uk/make-a-complaint. We encourage you to contact us first so we can try to resolve the issue directly.
Play With Confidence at Kong Casino
Your data is handled lawfully, transparently and securely under UK GDPR. Ready to enjoy the games?
18+ only · BeGambleAware.org · Play responsibly