Smash Casino Privacy Policy
Smash Casino respects your privacy and handles your personal data with care. This page explains what data we collect, why we collect it, and what rights you hold under UK law.
TLS Encryption
All data transmitted between your device and our servers is protected with modern encryption.
Data Minimisation
We collect only what is strictly necessary for your account and gaming experience.
UK GDPR Compliant
We comply with the UK General Data Protection Regulation and the Data Protection Act 2018.
What data we collect
When you register we ask for your email address, a password of your choosing and your date of birth. At the point of your first withdrawal we additionally request a valid identity document to verify that you are aged eighteen or over. While you use the platform we automatically record technical data such as your IP address, browser type, device type and the pages you visit. This data is used for security monitoring and platform analytics.
Why we collect this data
Personal data is used to manage your account, process payments, meet our legal obligations under anti-money-laundering legislation, and provide customer support. Technical data helps us prevent fraud, optimise the platform and implement targeted improvements to the player experience.
Retention periods
Account data is retained for as long as your account is active plus five years after closure, in line with our licence conditions. Payment data is kept for seven years to satisfy tax and anti-money-laundering obligations. Marketing preferences are retained until you withdraw your consent or close your account.
Who we share data with
We share data only with the parties necessary to operate the platform: payment providers, fraud prevention services, identity verification partners and game suppliers. Each of these parties is contractually obliged to keep your data confidential and to use it solely for the agreed purposes. We never sell your data to third parties.
Your rights
Under UK GDPR and the Data Protection Act 2018 you have the right to access your data, have it corrected, have it erased, withdraw your consent to processing and object to processing on the basis of legitimate interests. Submit requests via live chat or by emailing our Data Protection Officer. We will respond within thirty calendar days.
Cookies
Smash uses cookies for the correct functioning of the platform, for analytics and for marketing purposes. We ask for your consent on your first visit. You can update your preferences at any time via the cookie banner or your browser settings. For full details, please refer to our cookie policy.
Security
In addition to TLS encryption we offer two-factor authentication as an optional account security measure, conduct regular independent security audits and operate automated fraud detection systems. Our data centres meet the ISO 27001 standard for information security management.
Changes
This privacy policy may be updated periodically. We will notify you of material changes at least thirty days before they take effect, either by email or through a notice in your account. The most recent update was made in May 2026.
Contact and complaints
If you have questions about this policy or the way in which we handle your data, please contact us via live chat. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection, at ico.org.uk or by post to Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
What data we collect (expanded)
In addition to the basic registration data, we collect further information over the course of your account's lifetime. This includes gameplay data such as session duration, wagering patterns and times of activity. We record communication history via live chat and email, including timestamps. When you use bonuses we document bonus activity and the fulfilment of any applicable wagering requirements. Location data is derived in limited form from your IP address in order to comply with the geographic restrictions of our operating licence. All data categories are documented separately in our internal Record of Processing Activities, maintained in compliance with Article 30 of UK GDPR, and are available for inspection upon request.
Purposes of processing
Every piece of data we process is tied to a specific, well-defined purpose. Registration data is used solely for identity verification and account management. Gameplay data is used for fraud detection, responsible gambling monitoring and compliance with gambling regulations. Payment data is necessary for transaction processing and the prevention of financial crime. Communication history is retained to maintain customer service quality and resolve disputes. Technical log data supports our information security and platform stability. We do not process data for purposes incompatible with the original purpose of collection without your explicit consent.
Retention periods in detail
We apply differentiated retention periods depending on the category and purpose of processing. Identity documents and verification results are retained for five years after your last interaction, in compliance with UK gambling legislation. Financial transaction records are kept for seven years on the basis of our tax obligations and the Proceeds of Crime Act 2002. Gameplay logs and session data are kept for three years for dispute resolution and regulatory audit purposes. Customer service correspondence is retained for three years. Inactive accounts are flagged after two years of inactivity and closed following notification, after which the minimum statutory retention periods continue to apply to archived data.
International data transfers
When we transfer personal data to recipients outside the United Kingdom, we ensure an adequate level of protection at all times. For transfers to countries not covered by a UK adequacy decision, we rely on UK International Data Transfer Agreements or other appropriate safeguards approved by the ICO. Some of our cloud providers and analytics partners are based in the United States; such processing takes place solely on the basis of approved transfer mechanisms supplemented by technical measures such as end-to-end encryption. We maintain an up-to-date list of all countries to which data is transferred. You may request a copy of the applicable safeguards from our Data Protection Officer.
Your rights under UK GDPR
As a data subject you hold a comprehensive set of rights that we actively facilitate. The right of access gives you an overview of all data we process about you. The right to rectification allows you to correct inaccurate data. Via the right to erasure you can request deletion, unless retention obligations or other legitimate grounds apply. The right to data portability enables you to receive your data in a machine-readable format or transfer it directly to another provider. The right to object can be invoked against processing carried out on the basis of legitimate interests. All requests are handled via live chat or email; we respond within thirty calendar days.
Automated decision-making and profiling
Smash Casino uses automated systems for risk scoring and fraud detection. These systems analyse transaction patterns, login behaviour and gameplay activity to flag unusual activity. When an algorithm triggers a significant restriction such as a temporary account block, you always have the right to human review. You may request an explanation of the decision logic, submit your viewpoint and ask for the decision to be reconsidered by a member of staff. We do not profile players for marketing purposes without explicit consent. Automated decisions with legal or similarly significant effects are never taken entirely outside human oversight, in compliance with Article 22 of UK GDPR.
More detail on legal bases, international data transfers and your full rights under UK GDPR. Click to read more.