CandyLand Casino takes the handling of personal data seriously. This policy sets out the categories of information we gather, the reasons behind each type of processing and the rights available to you as a data subject under applicable UK legislation.
By accessing or using the CandyLand Casino website, you acknowledge and accept the practices described below. If any part of this policy is unclear, our support team can provide further clarification — reach out before continuing to use the platform.
1. General
CandyLand Casino operates in accordance with UK data protection law, including the UK General Data Protection Regulation and the Data Protection Act 2018. These rules govern every stage of the data lifecycle — from the moment information is collected to the point it is securely deleted.
We act as the data controller for all personal information processed through the website. That means we decide what data is collected, why it is needed and how long it is kept.
Amendments to this policy may occur from time to time. Material changes will be communicated through on-site notifications or direct email. Continued use of the platform after such notice constitutes acceptance of the revised terms.
2. Information We Collect
Registration requires basic identification details: full name, date of birth, residential address, email and a contact telephone number. Financial data — such as payment card numbers or e-wallet identifiers — is recorded when you make deposits or request withdrawals. We also collect verification documents (government-issued ID, proof of address, proof of funds) as part of our regulatory obligations.
Technical data is gathered automatically. This includes IP address, browser type, operating system, device identifiers, referring URLs, pages visited, session duration and clickstream patterns. Server logs retain this information for diagnostic and security purposes.
How We Use Your Information
Personal data serves several defined purposes: account creation and management, identity verification, transaction processing, responsible gambling monitoring and compliance with anti-money laundering requirements. Each purpose has a lawful basis — either contractual necessity, legal obligation, legitimate interest or, where applicable, your explicit consent.
We analyse aggregated, anonymised usage statistics to improve site performance and game offerings. None of this analytical work identifies individual users. Where profiling is used for fraud detection, the logic is regularly reviewed to prevent unfair outcomes.
Marketing Communication
Promotional emails, SMS messages or push notifications are sent only when you have given prior opt-in consent. Every marketing message includes a clear unsubscribe mechanism. Opting out takes effect within 48 hours — during that window a previously scheduled message may still arrive.
Withdrawing marketing consent does not affect service-related communications. Account notifications, security alerts and regulatory updates will continue regardless of your marketing preferences.
Obtaining Personal Information
Most personal data comes directly from you — during registration, account updates or support interactions. Some information is received from third-party verification providers we engage to confirm identity, address or payment instrument ownership.
In certain cases, data may be obtained from publicly accessible registers or from regulatory bodies that share information with licensed operators for compliance purposes. We do not purchase personal data from data brokers or unrelated commercial sources.
Data Recipients
Internal access is restricted on a need-to-know basis. Only staff members whose role requires it — customer support, compliance, fraud prevention, finance — can view personal records. Role-based access controls and audit trails are in place.
External recipients include payment processors, identity verification vendors, cloud hosting providers and professional advisers (legal, audit). Each external party is bound by a data processing agreement that limits use to the specific service they provide and mandates equivalent security standards.
Releasing Data To Third Parties
CandyLand Casino will not sell, rent or trade your personal information. Disclosure to third parties occurs only under clearly defined circumstances: when required by law or regulation, when ordered by a court or competent authority, or when necessary to protect the rights and safety of the company, its users or the public.
If a corporate restructuring event (merger, acquisition, asset sale) involves the transfer of user data, affected individuals will be notified in advance. The acquiring entity must honour the protections set out in this policy or obtain fresh consent for any material change in data handling.
Data Retention
Personal data is retained for the duration of the account relationship plus any additional period mandated by law. UK anti-money laundering regulations, for example, require transaction records to be kept for a minimum period after the business relationship ends.
Once the applicable retention period expires, data is either permanently deleted or irreversibly anonymised. Anonymised data — stripped of all identifying elements — may be retained indefinitely for statistical analysis without impact on your privacy.
Security Of Your Data
Technical safeguards include TLS encryption for data in transit, AES-256 encryption for data at rest, firewalls, intrusion detection systems and regular vulnerability scanning. Infrastructure is hosted in data centres that maintain recognised security certifications.
Organisational measures complement the technical layer. Staff undergo mandatory data protection training. Access credentials follow strong password policies and multi-factor authentication. Incident response procedures are documented and tested — any breach that poses a risk to individuals will be reported to the relevant supervisory authority and affected users without undue delay.
Contacting Us
Questions about this policy or any aspect of data handling can be directed to our Data Protection Officer via the support email address listed in your account dashboard. Include your registered username so the team can locate your records quickly.
You have the right to request access to your personal data, correction of inaccuracies, erasure (where legally permissible), restriction of processing, data portability and objection to processing based on legitimate interest. Requests are handled within one calendar month. If a request is complex or voluminous, we may extend this by a further two months — you will be informed of any extension and the reason behind it.
Cookie Policy
CandyLand Casino uses cookies and similar tracking technologies (local storage, pixel tags) to operate the website, remember your preferences and analyse traffic patterns. A cookie is a small text file placed on your device by the web server.
Some cookies are strictly necessary — without them core functions such as login, session continuity and payment processing would fail. These do not require consent under UK privacy regulations.
Non-essential cookies (analytics, advertising, personalisation) are activated only after you provide consent through the cookie banner displayed on your first visit. Your choice is stored and respected for twelve months, after which the banner reappears.
Types of Cookies We Use
Essential cookies maintain session state, authenticate users and apply security tokens. They expire when the browser session ends or, for persistent login preferences, after a defined period.
Performance and analytics cookies collect anonymised data about page views, load times and navigation paths. This information helps us identify technical issues and prioritise improvements. No individual user is singled out.
Functionality cookies store your language selection, display preferences and previously entered form data to reduce repetitive input across visits.
Third-party cookies may be set by integrated service providers — payment gateways, analytics platforms or age-verification tools. Each provider's own privacy policy governs those cookies. We review third-party partners periodically to confirm their practices remain aligned with applicable standards.
Managing Cookies
You can adjust cookie settings at any time through the preference centre accessible from the website footer. Browser-level controls also allow you to block or delete cookies — consult your browser's help section for specific instructions. Blocking essential cookies may degrade core site functionality, including the ability to log in or complete transactions.
