Privacy Policy of Candyland Casino

To allow access to the platform and ensure the provision of secure and efficient services, we collect various types of information that may vary depending on user interaction:

Identification and contact data: Name, surname, date of birth, residential or domicile address, email address, and phone number provided during registration or profile update.

Site usage data: Information related to how the user navigates the platform, including pages visited, time spent, links clicked, and display preferences.

Device and connection data: IP address, type of browser used, operating system, unique device identifiers, and information about the mobile or fixed network.

Transaction data: Details related to financial operations carried out on the platform, including payment methods used, amounts transferred, deposit and withdrawal history, excluding sensitive credit card data which is managed by protected systems.

Support communications: All information provided by the user when contacting customer support, including email texts, chat transcripts, and related support requests.

The processing of users' personal data is carried out exclusively in the presence of at least one of the following legal bases provided by current regulations:

Execution of a contract: When processing is necessary for account activation, provision of requested services, and fulfillment of contractual obligations.

Legitimate interest: When processing is aimed at improving platform security, preventing fraud, analyzing site performance, and optimizing business efficiency, provided that the user's fundamental rights and freedoms do not prevail.

Consent of the data subject: If the user has given explicit and specific consent, for example, to receive direct marketing communications or to activate certain categories of cookies.

Legal obligations: When processing is strictly necessary to comply with legal duties, anti-money laundering regulations, age verification for access, and formal requests from competent authorities.

The personal data collected are used for specific and legitimate purposes, strictly related to the provision and security of services:

Account management and maintenance: Creation, verification, and administration of the user profile, allowing secure access to all platform features.

Security and fraud prevention: Monitoring activities to identify anomalous behavior, unauthorized access attempts, or violations of terms of use.

Statistical analysis and optimization: Evaluation of traffic flows and user behavior to improve technical performance and the site's graphical interface.

Customer support: Handling help requests, resolving technical issues, and answering questions about the services offered.

Marketing preferences: Sending promotional communications, updates, and special offers, only and exclusively in cases where the user has provided explicit consent and has not exercised the right to object.

Personal data are kept only for the time strictly necessary to achieve the purposes for which they were collected, in compliance with the principles of data minimization. Retention periods may vary based on the nature of the data and applicable legal obligations. At the end of the retention period, or in case of a legitimate deletion request, the data will be securely deleted or transformed into an anonymous and irreversible form for purely statistical purposes.

The platform does not sell or transfer users' personal data to third parties for commercial purposes. However, data may be shared with authorized service providers and data processors acting on our behalf. This category includes IT service providers, hosting companies, external payment processors, and legal or tax consultants. All third-party providers are bound by strict contractual agreements aimed at ensuring the utmost confidentiality and security of the processed data. Furthermore, data may be communicated to the competent authorities if required by legal obligations.

Personal data collected are typically processed and stored within the European Economic Area. Should it become necessary to transfer such information to countries outside this geographical area, the platform adopts all necessary and adequate safeguards. These measures include the use of standard contractual clauses approved by the competent regulatory authorities or the use of countries that ensure an adequate level of data protection, in order to ensure that personal data benefit from the same level of security applied internally.

We adopt a series of reasonable and appropriate technical, physical, and organizational security measures to protect personal data from unauthorized access, alteration, disclosure, or accidental destruction. These measures include data encryption protocols in transit, network firewalls, and strict logical access restrictions based on the need-to-know principle. Despite the implementation of these protection systems, please note that no method of transmission over the internet or electronic storage can be guaranteed to be 100% secure, therefore, absolute guarantees against any potential security breach cannot be provided.

In accordance with current data protection regulations, users have specific rights regarding their personal information:

Right of access: Obtain confirmation as to whether or not personal data are being processed and receive detailed information about it.

Right to rectification: Request the correction of inaccurate data or the completion of incomplete information.

Right to erasure (right to be forgotten): Request the deletion of one's personal data, provided certain legal prerequisites are met and there are no overriding retention obligations.

Right to restriction of processing: Request the suspension of processing in specific cases provided for by the regulations.

Right to object: Object at any time to the processing of data based on legitimate interest or for direct marketing purposes.

Right to data portability: Receive one's data in a structured, commonly used, and machine-readable format to transmit it to another controller.

To exercise any of the rights listed above or to submit questions regarding privacy management, users can send a formal request to the dedicated email address: candylandcasino_support@gmail.com.

This Privacy Policy is periodically reviewed to reflect any legislative changes, updates to our services, or technological evolutions. The date of the last update will always be indicated at the bottom of the document. We invite users to regularly consult this page to check for any changes and stay constantly updated on how their data is protected.