English
Русский
Polski
Magyar
O‘zbek
Қазақша
Azərbaycan
日本語
Español
Türkçe
Italiano
СрпскиThis document describes how personal data is processed in connection with the use of the Vavada online casino site. The platform operator is Vavada B.V., a company registered in Curaçao under number 143168, operating under a licence from the Curaçao Gaming Control Board (OGL/2024/252/0153).
By registering an account or using the site's services, the user entrusts certain categories of data to the controller. This data is processed in order to provide online gambling services, verify identity, process payments and meet obligations arising from anti-money-laundering (AML) and counter-terrorist-financing rules.
1. Data controller and contact
The controller of personal data is the operator of the Vavada site. For matters relating to data protection, you can contact customer support through the live chat or the contact form available after logging in. Requests concerning the exercise of GDPR rights should be sent with a description of the request and details that allow the account to be identified.
2. Scope of data collected
The site processes data depending on the stage of using the services. At registration, an e-mail address or phone number and a password are required. During identity verification (KYC), we may collect first name, surname, date of birth, residential address, a photo of an identity document and - in justified cases - confirmation of the source of funds.
Transaction data is processed separately: the history of deposits and withdrawals, payment methods used, transaction identifiers at payment providers. Technical data is also recorded automatically: IP address, device identifier, browser type, operating system, activity logs on the site (login times, game sessions, addresses of visited subpages).
3. Purposes and legal bases of processing
| Purpose of processing | Legal basis | Example data |
|---|---|---|
| Registration and management of the player account | performance of a contract (Art. 6(1)(b) GDPR) | e-mail, phone, password, game history |
| Identity verification (KYC) | legal obligation (Art. 6(1)(c) GDPR) | identity document, personal data |
| Processing deposits and withdrawals | performance of a contract | payment data, transaction amounts |
| Fraud and money-laundering prevention | legal obligation / legitimate interest | logs, transaction patterns, IP address |
| Handling complaints and technical support | legitimate interest of the controller | content of correspondence, account data |
| Direct marketing (newsletter, promotions) | user consent (Art. 6(1)(a) GDPR) | e-mail, marketing preferences |
| Traffic analytics and site optimisation | legitimate interest / consent to cookies | technical data, cookies |
4. Cookies and tracking technologies
The site uses cookies necessary for the platform to function (login session, language preferences, CSRF protection) and - after consent is given - analytical and marketing cookies. The user can manage cookies in their browser settings; disabling session cookies will prevent correct login.
The site may use analytics tools that record anonymous visit statistics (number of sessions, traffic source, time on page). This data is not used to identify a specific person without being linked to a user account.
5. Data recipients and transfers outside the EEA
Data may be passed to entities that process it on the controller's instructions: payment providers (Visa, Mastercard, e-wallets, crypto operators), identity verification providers, hosting and IT companies, as well as supervisory and law-enforcement authorities - solely on the basis of applicable law.
The operator is established outside the European Economic Area (Curaçao). Transfers of data to third countries take place with appropriate safeguards provided for by the GDPR, including standard contractual clauses approved by the European Commission, where applicable.
6. Data retention period
Account data is stored for the duration of the contractual relationship and, after it ends, for the period required by AML/KYC rules (usually 5 years from the last transaction). Technical logs are stored for the period necessary for security purposes, usually up to 12 months. Data processed on the basis of marketing consent - until that consent is withdrawn.
7. User rights
The data subject has the following rights under the GDPR:
- the right to access the data and obtain a copy of it,
- the right to rectify inaccurate data,
- the right to erasure ("the right to be forgotten"), provided there is no legal obstacle,
- the right to restrict processing,
- the right to data portability for data provided to the controller,
- the right to object to processing based on legitimate interest,
- the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal,
- the right to lodge a complaint with the competent supervisory authority for data protection.
To exercise the above rights, contact customer support with details that identify the account. The controller responds to requests within 30 days, with the option of an extension of a further 60 days in particularly complex cases.
8. Data security
The site uses encryption of data transmission (TLS/SSL), access control to internal systems and procedures for responding to security incidents. Passwords are stored in hashed form; the operator has no access to passwords in plain text.
9. Changes to the policy
The controller reserves the right to update this policy in the event of legal, technological or organisational changes. The date of the last update is shown on this page. Significant changes will be communicated to registered users by e-mail or through a notification on the site.
This document is for information purposes. In case of legal doubt, we recommend consulting a lawyer specialising in personal data protection.