LuckyMister Privacy Policy

What personal data may be collected

The website may collect and process the following personal data and related information:

• Identity details: name, date of birth, age verification status, nationality, copies of identity documents where required.
• Contact details: email address, telephone number, postal address.
• Account details: username, password (stored in protected form), security questions, preferences.
• Financial and transaction information: payment method identifiers, deposits, withdrawals, chargeback information, fraud indicators.
• Verification and compliance information: source of funds or source of wealth information, responsible gambling interactions, self exclusion or limit settings.
• Technical data: IP address, device identifiers, browser type, operating system, log files, approximate location derived from IP.
• Usage data: pages viewed, clicks, session activity, login history, and error reports.
• Communications: emails, chat records, and calls with customer support.

Why personal data is collected

Information is collected to:

• Create and manage user accounts.
• Verify identity, age, and eligibility to use gambling services in the United Kingdom.
• Process payments, deposits, withdrawals, and prevent unauthorised transactions.
• Protect users and the business against fraud, account takeover, and security incidents.
• Meet legal and regulatory obligations, including anti money laundering and safer gambling duties.
• Maintain, test, and improve the online services, including performance and reliability.

Protection measures

The operator applies technical and organisational measures designed to protect personal data, including:

• Access controls and least privilege permissions for staff and authorised processors.
• Encryption in transit and other safeguards for data handling.
• Monitoring, logging, and incident response procedures.
• Vendor due diligence and contractual controls for service providers.
• Staff training and confidentiality commitments.

User rights in the United Kingdom

Subject to legal conditions and exemptions, users have rights to:

• Request access to personal data.
• Request correction of inaccurate or incomplete information.
• Request deletion of personal data in certain circumstances.
• Object to, or request restriction of, certain processing.
• Request portability for data provided by the user, where applicable.

United Kingdom compliance

Processing is aligned with applicable United Kingdom data protection law, including the UK GDPR and the Data Protection Act 2018. Gambling related processing also reflects relevant regulatory obligations applicable to licensed operators and their services.

Personal data and related information may be used for the following purposes:

• Account services: registration, login, account security, customer support, and user communications.
• Transactions: deposits, withdrawals, payment verification, refunds, dispute handling, and accounting records.
• Compliance: identity verification, age checks, anti money laundering checks, safer gambling monitoring, and meeting lawful requests from competent authorities.
• Security: fraud detection, risk scoring, prevention of prohibited activity, and protection of users and the websites.
• Service improvement: testing, troubleshooting, and improving functionality, reliability, and accessibility.
• Analytics: aggregated reporting to understand usage patterns and improve online services.
• Marketing preferences: sending messages only where permitted by law and aligned with user choices, with options to manage preferences.

Processing is carried out on a lawful basis such as performance of a contract, compliance with a legal obligation, legitimate interests balanced against user rights, or consent where required. The operator aims to keep processing transparent and limited to what is necessary for the stated purposes.

Access, update, and correction

Users can review and update certain account details through the account settings area. Requests to access personal data held beyond self service areas can be made through customer support. Identity verification may be requested before releasing information, to protect user accounts and personal data.

Deletion requests

Users may request deletion of personal data. Deletion is not always possible immediately or fully because certain information must be retained to meet legal, regulatory, and accounting requirements, including anti money laundering and dispute management obligations. If deletion is restricted, the operator may apply storage limitation, access restriction, or other safeguards as appropriate.

Security checks and payment processing

Use of the services involves security and compliance checks that help protect users and meet legal obligations. Payment transactions are processed by approved payment providers, and relevant payment data is shared with those providers to complete deposits and withdrawals, manage risk, and prevent fraud. Where required, additional verification information may be requested by payment providers and verification partners.

The websites and services are intended for users aged 18 years and over. The operator cannot confirm a user’s age without suitable evidence, so age and identity documents may be required before account access or transactions are permitted.

If personal data is believed to have been collected from a person under 18, a parent or legal guardian can contact customer support to request review. If verification confirms that the person is under 18, the operator will take steps to delete the minor’s personal data where lawful and to prevent further processing, subject to any mandatory legal retention duties.

Personal data may be processed in other countries where the operator’s group companies, suppliers, or partners operate, including technology hosting, identity verification, payments, customer support, and security services. Use of the websites and services indicates acceptance that information may be transferred internationally for these purposes.

When transfers occur, confidentiality and security are protected through appropriate safeguards, which may include:

• Contractual protections with partners and processors.
• Transfer risk assessments.
• Measures designed to maintain an equivalent level of protection for personal data.

Users can request more information about international transfers and applicable safeguards through customer support.

This Privacy Policy forms part of the rules that apply to use of the websites and services. If a conflict arises between this document and mandatory legal requirements, the mandatory requirements apply. The operator may interpret and apply this document to meet legal, regulatory, security, and operational obligations, which can affect the scope or practical effect of specific parts.

This disclaimer applies at the point the user accepts this policy, including acceptance by electronic confirmation, continued use after presentation of the policy, or other form of accession permitted by law.

Cookies are small text files stored on a user’s device when visiting websites. Similar technologies such as SDKs and pixels may also be used in the online services.

Cookies may be used for:

• Essential functions such as login, account security, and session management.
• Statistics and analytics to understand how users navigate the websites.
• Behaviour analysis to help identify technical issues and improve services.
• Personalisation, such as saving preferences and language settings.

Cookie retention

• Non essential cookies are kept for up to 1 year unless deleted earlier through browser or device settings.
• Some essential cookies may last for the duration of a session or longer where necessary for security.

Users can control cookies through browser settings and, where implemented on the websites, cookie preference tools. Blocking certain cookies can affect site functionality.

Use of the websites and services indicates full acceptance of this Privacy Policy. If a user does not agree with the terms in this document, access to the services should stop.

The version published on the websites at the time of use applies. Updates may be made to reflect changes in legal requirements, security standards, and operational practices.

Personal data may be shared with third parties where necessary and proportionate, including:

• Payment providers and financial institutions to process transactions and manage fraud risk.
• Identity and verification partners for age checks, KYC checks, and anti money laundering screening.
• Technology suppliers that host or support the websites and related services.
• Analytics and security providers to protect accounts, prevent abuse, and improve reliability.
• Professional advisers such as auditors, legal advisers, and insurers.
• Competent authorities, regulators, law enforcement, or dispute resolution bodies where required by law, in connection with disputes, or to enforce agreements.

Sharing is limited to the purpose and scope required for the task. The websites may list key categories of partners; if a specific partner is not listed, the user can request information about the purpose and type of information shared, subject to security and legal restrictions. Submission of personal data through the websites indicates consent where consent is the appropriate lawful basis, and other lawful bases apply where required by law.

The websites may contain links to third party websites, apps, or services that operate under their own privacy policies. The operator is not responsible for the collection, processing, or security of personal data by external websites.

Users should review the privacy policy of any third party website before submitting personal data or using external services.