burger icon
Vegas Wins United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Vegas Wins, operated via the website vegaswinsi.com, collects, uses, discloses, and protects your personal data when you visit our sites, create an account, play games, or otherwise interact with us. It applies to all visitors, registered players, and other individuals whose data we process in connection with our UK-facing online casino services. This Privacy Policy is effective from 6 November 2025 and remains valid until replaced by an updated version.

Who We Are

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller responsible for your personal data in connection with Vegas Wins and the website vegaswinsi.com is:

Grace Media (Gibraltar) Limited
Suite 7, Hadfield House
Gibraltar, GX11 1AA

Grace Media (Gibraltar) Limited operates the Vegas Wins brand, including Vegas Wins, for players in the United Kingdom. The services are licensed and regulated by the UK Gambling Commission under licence number 57869, and by the Gibraltar Gambling Commissioner under remote gambling licence RGL No. 125. This Privacy Policy covers the use of your data in connection with vegaswinsi.com and any UK-facing domains associated with the Vegas Wins brand (including the historical domain vegaswins.co.uk).

We have appointed an internal data protection function (Data Protection Officer or equivalent) responsible for overseeing questions in relation to this Privacy Policy and our data protection practices.

How to contact us about privacy

  • Data Protection contact: Data Protection Officer, Grace Media (Gibraltar) Limited, Suite 7, Hadfield House, Gibraltar, GX11 1AA.
  • Electronic contact: You can reach our data protection team using the contact methods provided in the "Contact Us" or "Help" sections on vegaswinsi.com (for example, via support email or in-site contact form, where available). Please state that your request is a "data protection/Privacy Policy request".
  • Player support: For general account queries, you may use the customer support channels indicated on vegaswinsi.com; support can help route your request to the appropriate team.

What Personal Data We Collect

We collect and process different categories of personal data depending on how you interact with Vegas Wins and vegaswinsi.com. We do not intentionally collect more data than is necessary for the purposes described in this Privacy Policy.

Identity and Contact Data

  • Registration and verification data: full name, date of birth, residential address, nationality, and other information required to verify your identity and age under UK gambling and anti-money laundering rules.
  • Contact details: email address, and any other contact details you provide to us via the website or support channels.
  • Account identifiers: username, player ID, security questions and answers, and similar identifiers used to manage your account.

Account, Financial, and Transaction Data

  • Gaming activity: bets placed, game sessions, wins and losses, bonus usage, loyalty or VIP status, self-exclusion settings, and responsible gambling tools you activate (such as deposit limits, loss limits, time-outs).
  • Payment details: partial card or payment instrument data (in line with applicable security standards), payment method type, bank or e-wallet details, transaction amounts, currency (GBP (£)), timestamps, and payment status. We do not accept credit cards as a funding method, in line with UK regulatory requirements.
  • Financial history: deposit and withdrawal records, chargebacks, refunds, and payment verification details.

Technical and Usage Data

  • Device and connection data: IP address, device identifiers, operating system, browser type and version, language settings, time zone, and mobile network information.
  • Log and interaction data: login and logout times, session identifiers, page views, clicks, navigation paths, error logs, and similar usage information collected when you access vegaswinsi.com or related services.
  • Geo-fencing and location indicators: high-level location derived from IP address or similar indicators used to ensure that only users within the United Kingdom can access Vegas Wins, and to prevent access via VPNs or other masking tools.

Regulatory, Risk, and Responsible Gambling Data

  • KYC and AML data: copies or details of identity documents, proof of address, source-of-funds or source-of-wealth information, sanctions and politically exposed persons (PEP) screening results, and other data needed to meet anti-money laundering and counter-terrorist financing obligations.
  • Responsible gambling data: information relating to self-exclusion, requests for gambling blocks, interactions related to gambling harm, records of contacts concerning safer gambling, and information received from or sent to national schemes such as GamStop.
  • Risk and fraud data: information from fraud prevention checks, device fingerprinting solutions, and internal risk scoring linked to account misuse, bonus abuse, or suspicious activity.

Cookies and Similar Technologies

  • Cookies: small text files placed on your device to remember your preferences, maintain your session, and track usage, as described in more detail in the "Cookies & Tracking Technologies" section.
  • Similar technologies: web beacons, pixels, SDKs and similar tools used in apps or embedded content to measure performance, deliver personalised content, and support analytics or advertising (where permitted).

Communication and Support Data

  • Support interactions: information you provide when you contact customer support or the data protection team (including voice recordings where calls are recorded, chat logs, and email correspondence).
  • Feedback and surveys: responses to satisfaction surveys, complaints, and other feedback you choose to provide.

Legal Basis for Processing

We process your personal data only where we have a valid legal basis under the UK GDPR. Depending on the specific activity, one or more of the following legal grounds will apply:

  • Performance of a contract: we process data that is necessary to enter into and perform our contract with you (our Terms and Conditions), including:
    • creating and managing your Vegas Wins player account on vegaswinsi.com;
    • providing games and related services, including processing bets, awarding winnings, and managing bonuses;
    • handling deposits, withdrawals, payment queries, and general customer support; and
    • maintaining the technical operation and security of your account.
  • Compliance with legal obligations: we must process certain data to comply with laws applicable to licensed gambling operators, including:
    • UK anti-money laundering, counter-terrorist financing and fraud prevention laws;
    • UK Gambling Commission licensing conditions and codes of practice (including age and identity verification, responsible gambling, and reporting obligations);
    • tax laws, accounting obligations and statutory retention periods; and
    • responding to lawful requests from regulators, courts, and law enforcement authorities in the UK and, where applicable, in other jurisdictions.
  • Legitimate interests: we process certain data because it is necessary for our legitimate business interests, provided these are not overridden by your rights and interests, such as:
    • maintaining the security and integrity of our systems and preventing fraud, bonus abuse, and other misuse;
    • improving our services, games, and user experience, including through aggregated analytics;
    • defending and enforcing our legal rights and managing business risk; and
    • conducting limited direct marketing to existing customers in line with applicable electronic marketing rules.
  • Consent: where required by law, we rely on your consent, for example:
    • to send you certain electronic marketing communications (such as email or SMS promotions) where these are not based on our legitimate interests;
    • to place non-essential cookies or use similar technologies for analytics or advertising; and
    • for any other processing where consent is clearly requested and you are free to decline.
  • Vital interests and legal claims: in rare cases we may process personal data to protect the vital interests of you or another person (for example, if we have reason to believe that someone is at serious risk of harm), or where necessary to establish, exercise, or defend legal claims.

Purpose of Processing

We use your personal data for clearly defined purposes, each linked to one or more of the legal bases described above:

  • To provide and operate our services: enabling you to register for and use your Vegas Wins account on vegaswinsi.com, access games, participate in promotions, and enjoy functionalities such as account management, loyalty features, and support.
  • To verify identity and meet regulatory obligations: conducting KYC checks, age verification, source-of-funds assessments, sanctions screening, and other due diligence required by gambling and AML regulations, as well as enforcing geo-fencing to ensure only eligible UK players can access the services.
  • To process payments: managing deposits, withdrawals, refunds, and chargebacks; preventing payment fraud; and maintaining records for accounting and regulatory reporting.
  • To provide customer support and handle complaints: responding to your enquiries, resolving technical issues, managing responsible gambling interactions, and documenting communications for quality assurance and regulatory compliance.
  • To promote responsible gambling and manage risk: monitoring play patterns, applying and managing self-exclusions, deposit limits, and time-outs; interacting with you where there are indications of potential harm; and working with schemes such as GamStop to enforce exclusions.
  • To improve our products and services: analysing aggregated and pseudonymised data about how players use Vegas Wins on vegaswinsi.com so we can improve game offerings, performance, user interface, and security, and to develop new features.
  • To carry out marketing and promotions: sending you tailored offers, bonuses, and news about Vegas Wins via permitted channels, subject to your preferences and applicable marketing rules, and measuring the effectiveness of campaigns.
  • To ensure security and prevent misuse: detecting and preventing fraud, money laundering, account takeover, abuse of promotions, and other suspicious activity; protecting the integrity of the platform and the wider gambling ecosystem.
  • To manage our business: producing internal reports and statistics, complying with audit obligations, planning and forecasting, and managing relationships with regulators, partners, and service providers.

Disclosure & Sharing

We treat your personal data as confidential and only share it where necessary, under appropriate safeguards, and in line with this Privacy Policy and applicable law. We do not sell your personal data in the sense commonly used in some data protection laws.

  • Group and affiliated companies: other entities within the same corporate group as Grace Media (Gibraltar) Limited may access your data where necessary to provide shared services, such as IT, compliance, risk management, and customer support.
  • Platform and technology providers: we use third-party platform and infrastructure providers (including our current platform provider, Markor Technology) to host the website, deliver games, perform technical operations, and support security and analytics. These providers only process your data on our instructions and under data protection contracts.
  • Payment and financial institutions: banks, payment processors, e-wallet providers, and other financial institutions that handle deposits, withdrawals, chargebacks, and related financial services, including fraud detection and creditworthiness checks to the extent permitted by law.
  • Verification, risk, and anti-fraud partners: third-party providers that assist with identity checks, age verification, sanctions and PEP screening, fraud prevention tools, device fingerprinting, and risk scoring, as required for regulatory compliance and platform security.
  • Responsible gambling and self-exclusion services: national and industry schemes such as GamStop, and other partners that help enforce self-exclusions and responsible gambling tools, where necessary under regulatory rules.
  • Analytics, advertising, and marketing partners: where you have consented to or not opted out of marketing cookies and communications, we may share limited data (such as cookie IDs, hashed contact details, or aggregated information) with analytics providers and advertising networks to measure campaign performance and deliver relevant content, in line with applicable electronic marketing laws.
  • Regulators, authorities, and ADR: the UK Gambling Commission, Gibraltar Gambling Commissioner, tax authorities, law enforcement agencies, courts, and other public authorities may require access to certain data. For gambling-related disputes, we may share relevant records with approved alternative dispute resolution bodies such as IBAS (Independent Betting Adjudication Service). Privacy-specific complaints are handled separately as described in the "Complaints & Contacts" section.
  • Professional advisers: lawyers, auditors, consultants, and other professional advisers may receive personal data where reasonably necessary for their services and subject to confidentiality obligations.
  • Business transfers: if we undergo a reorganisation, merger, sale, or transfer of business or assets, personal data may be transferred to the relevant third parties as part of the transaction, subject to appropriate safeguards and continuity of protections.

Whenever we share personal data with third parties, we take steps to ensure that only the minimum data necessary is disclosed, and that recipients use the data only for the purposes specified and protect it in line with applicable data protection laws.

International Transfers

Although Vegas Wins is focused on players in the United Kingdom, some of our service providers and group entities may be located outside the UK and Gibraltar. This can involve the transfer of your personal data to countries that may have different data protection standards from those in the UK.

  • EEA and adequate countries: where we transfer data to countries or territories that have been recognised by the UK government as providing an adequate level of data protection (such as EEA member states), the transfer is permitted on that basis.
  • Other third countries: where we transfer data to countries that do not have an adequacy decision (for example, some technology or support providers based outside the UK/EEA), we implement appropriate safeguards, such as:
    • the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses; and/or
    • other contractual and organisational safeguards to protect your data and your rights.
  • Access on a global basis: certain support or security functions may be provided from multiple locations. Access to personal data is strictly controlled and logged, and only granted where necessary for the task.

You may contact us using the details in the "Who We Are" or "Complaints & Contacts" sections if you would like more information about the specific safeguards applied to your data when it is transferred internationally, or to obtain a copy of relevant contractual protections (subject to redactions for commercial sensitivity).

Data Retention

We keep your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, and regulatory requirements, and to resolve disputes. Retention periods may differ depending on the type of data and applicable obligations.

In general:

  • Account and identity data: we retain core account and identity verification records for the duration of your relationship with us and normally for up to six (6) years after your account is closed, to comply with gambling, anti-money laundering, and limitation period requirements.
  • Transaction and gaming records: records of deposits, withdrawals, bets, wins, losses, and bonus usage are typically retained for up to six (6) years after the end of your relationship with us to comply with regulatory, tax, and audit obligations.
  • KYC and AML documentation: documents collected for identity and source-of-funds verification are generally kept for at least five (5) years after the end of the business relationship or the date of the last transaction, in line with applicable anti-money laundering rules.
  • Responsible gambling and self-exclusion data: data relating to self-exclusions and safer gambling interactions is retained for the period necessary to enforce exclusions and legal obligations, and for a reasonable period thereafter (normally up to six (6) years after account closure), subject to regulatory requirements.
  • Marketing data: your contact details and marketing preference records are kept until you withdraw consent or object to marketing, and for a short period thereafter to record your opt-out (usually no longer than two (2) years following your last meaningful interaction, unless needed longer for proof of consent or compliance).
  • Technical logs and security data: system logs and security-related data are generally retained for shorter periods (typically between six (6) months and two (2) years), unless needed longer for the investigation of security incidents or legal claims.
  • Customer support and complaints data: communications with support and records of complaints (including privacy complaints) are normally retained for up to six (6) years after resolution.

When personal data is no longer required for the purposes described above, we will either securely delete it, anonymise it so that it can no longer be linked to you, or archive it securely where a longer retention is strictly required by law. If you request deletion of your data, we will also consider whether we must retain certain data to comply with our legal obligations or to establish, exercise, or defend legal claims, in which case we will restrict the data to those limited purposes.

Your Rights

Under the UK GDPR, the Data Protection Act 2018, and - where applicable - other data protection laws such as the Mexican Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and its Regulations, you have several rights in relation to the personal data we hold about you. These rights are subject to certain exceptions and limitations.

  • Right of access: you can ask us whether we process your personal data and request a copy of the data, together with information about how we use it.
  • Right to rectification/correction: you can request that inaccurate or incomplete personal data be corrected or completed. In many cases you can update certain details directly in your account on vegaswinsi.com.
  • Right to erasure ("right to be forgotten"): you can ask us to delete your personal data in certain circumstances, for example where it is no longer needed for the purposes for which it was collected, or where you withdraw consent and there is no other legal basis. We may need to retain some data where required by gambling, AML, tax, or other laws.
  • Right to restriction of processing: you can request that we restrict processing of your data in certain situations, for example while we verify its accuracy or assess an objection you have raised.
  • Right to object: you can object at any time to:
    • processing based on our legitimate interests, on grounds relating to your particular situation; and
    • direct marketing, including profiling for marketing purposes. If you object to marketing, we will stop sending you marketing communications.
  • Right to data portability: in certain cases, you can request that we provide your personal data in a structured, commonly used, and machine-readable format, or that we transmit it to another data controller where technically feasible. This right typically applies where processing is based on your consent or on a contract and carried out by automated means.
  • Right to withdraw consent: where we rely on your consent (for example, for certain marketing or cookies), you may withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal, but we will stop processing based on consent going forward.
  • Rights under Mexican law (where applicable): if Mexican data protection law applies to you, you also have ARCO rights (access, rectification, cancellation, and opposition) under the LFPDPPP, which broadly align with the rights described above. We will handle such requests in a manner consistent with both UK and Mexican requirements, where relevant.

How to exercise your rights

  • Submit a request using the contact details in the "Who We Are" or "Complaints & Contacts" sections, clearly indicating that it is a data protection request and specifying the right(s) you wish to exercise.
  • We may need to request additional information to verify your identity and ensure your data is not disclosed to unauthorised persons.
  • We will respond without undue delay and in any event within one (1) month of receiving your verified request. This period may be extended by up to two additional months where necessary due to complexity or number of requests; if so, we will inform you of the extension and reasons.
  • We generally handle rights requests free of charge. However, where requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act, as permitted by law.

Cookies & Tracking Technologies

Vegas Wins uses cookies and similar technologies on vegaswinsi.com to ensure the website functions properly, enhance your experience, and support analytics and marketing (where allowed). Cookies are small text files stored on your device when you visit our site.

Types of Cookies We Use

  • Strictly necessary cookies (session and persistent): required for the website and games to function, for example to maintain your login session, enable secure account access, process transactions, and implement security measures. These cookies are generally session-based but may also be persistent for limited periods.
  • Functional and preference cookies: used to remember your settings and preferences (such as language, game favourites, and display options) to provide a more personalised experience.
  • Analytics and performance cookies: help us understand how visitors use vegaswinsi.com, which pages are most popular, and where errors may occur. This allows us to improve site performance and usability. We may use internal analytics tools and/or third-party providers that set cookies or similar IDs.
  • Advertising and targeting cookies: used, where permitted, to deliver more relevant adverts and promotions related to Vegas Wins, limit the number of times you see an advert, and measure the effectiveness of campaigns. These may be set by us or by carefully selected advertising and affiliate partners.

Managing Cookies

  • Cookie banner and preferences: on your first visit and periodically thereafter, you may be presented with a cookie banner or preferences tool that allows you to accept or reject non-essential cookies (such as analytics and advertising cookies). You can change your preferences at any time using the tools provided on vegaswinsi.com, where available.
  • Browser settings: most browsers allow you to block or delete cookies via their settings. Please note that blocking strictly necessary cookies may affect the functioning of the site and may prevent you from logging in or playing games.
  • Other technologies: similar controls may exist for mobile app permissions or device-level settings when you access our services through applications associated with Vegas Wins.

For more detailed information about specific cookies used by Vegas Wins on vegaswinsi.com, including their names, purposes, and durations, please refer to any dedicated cookie information or settings panel provided on the site.

Data Security

We take the security of your personal data very seriously and implement technical and organisational measures designed to protect it against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

  • Encryption and secure transmission: data transmitted between your device and vegaswinsi.com is protected using industry-standard encryption, such as TLS 1.2 or higher, where supported by your device and browser.
  • Protection at rest: we use appropriate security measures, which may include encryption, tokenisation, and access controls, to protect personal data stored within our systems and those of trusted service providers.
  • Access controls and authentication: access to personal data is restricted to authorised personnel who need it for their role and is managed through role-based access, strong authentication methods (including multi-factor authentication where appropriate), and logging of access and actions.
  • Secure infrastructure and monitoring: we work with reputable hosting and platform providers (including our current platform provider, Markor Technology) that implement robust physical and logical security controls, regular patching, and continuous monitoring for threats.
  • Testing and audits: we undertake regular reviews, risk assessments, and testing of our security controls. External audits or assessments may also be conducted on us and/or on key service providers, some of whom may hold recognised certifications such as ISO 27001 or SOC 2.
  • Staff training and policies: employees and contractors with access to personal data receive data protection and security training and are bound by confidentiality obligations and internal policies.
  • Incident response: we maintain procedures for identifying, investigating, and responding to potential data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (such as the UK Information Commissioner's Office) and, where required, affected individuals, in accordance with applicable law.

While no system can be guaranteed to be completely secure, we continuously work to enhance our security posture in line with evolving threats, industry standards, and regulatory expectations.

Complaints & Contacts

If you have questions about this Privacy Policy, our use of your personal data, or if you wish to exercise your data protection rights, you can contact us using the details below.

Contacting Us

  • Data Protection Office: Data Protection Officer, Grace Media (Gibraltar) Limited, Suite 7, Hadfield House, Gibraltar, GX11 1AA.
  • Online contact: use the contact channels listed on vegaswinsi.com (such as "Contact Us", "Help", or in-account messaging, where available) and clearly indicate that your message relates to data protection or privacy.

Our Complaint Handling Process

  1. Step 1 - Initial contact: contact customer support or our data protection team with your question or complaint, providing as much detail as possible. We will acknowledge receipt of your complaint.
  2. Step 2 - Investigation: we will review your complaint, gather relevant information, and, where necessary, ask you for additional details or documentation.
  3. Step 3 - Response: we aim to provide a substantive response within one (1) month of receiving your verified complaint or request. For complex matters, this period may be extended; if so, we will inform you of the extension and reasons.
  4. Step 4 - Escalation internally: if you are not satisfied with the initial response, you may ask for the matter to be escalated within our organisation, for example to the Data Protection Officer or senior management.

This internal process is free of charge and does not affect your right to complain to a supervisory authority.

Supervisory Authorities and External Recourse

  • United Kingdom - Information Commissioner's Office (ICO): you have the right to lodge a complaint with the ICO if you believe your data has been processed in a way that does not comply with data protection laws.
    • Website: https://ico.org.uk
    • Telephone: +44 303 123 1113
    • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
  • Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI): if Mexican data protection law applies to you and you believe your rights under the LFPDPPP have been infringed, you may have the right to complain to INAI.
    • Website: https://www.inai.org.mx
  • Other jurisdictions: if data protection laws of another country or region (such as an EU/EEA Member State) apply to you, you may also have the right to lodge a complaint with your local supervisory authority. Details are generally available on the authority's official website.

Please note that gambling-related contractual or game outcome disputes may fall under the remit of approved alternative dispute resolution bodies such as IBAS, but privacy and data protection complaints should be directed to the data protection contacts and authorities described in this section.

Updates

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, regulatory guidance, or technical developments affecting Vegas Wins and vegaswinsi.com. When we make changes, we will revise the "Last updated" date below and, where appropriate, provide additional notice.

  • Minor changes: for non-material updates (for example, clarifications or changes that do not affect your rights or our core processing practices), we will post the updated Privacy Policy on vegaswinsi.com and indicate the new effective date.
  • Material changes: where we make significant changes - for example, introducing new purposes for processing, new categories of data, or changes to how your rights can be exercised - we will provide more prominent notice, which may include:
    • email notifications sent to the email address associated with your account;
    • in-account notifications or messages; and/or
    • website banners or pop-ups when you next log in.
  • Advance notice and choices: where required by law, we will give you reasonable advance notice of material changes, generally at least thirty (30) days before the change takes effect. If you do not agree to the updated policy, you may choose to close your account and stop using Vegas Wins on vegaswinsi.com. Continued use after the effective date will constitute your acknowledgement of the updated policy.

Last updated: November 2025