Privacy Policy

• The operator collects account details, identity and age verification documents, contact information, payment information, betting activity, device identifiers, IP address, location indicators, and communications sent to support.
• Information is used for account setup, age and identity checks, transaction processing, safer gambling measures, prevention of fraud, and compliance with UK gambling laws.
• Technical safeguards include encryption in transit and at rest, access controls, multi-factor authentication, and network segregation.
• Organisational measures include staff training, role-based access, incident response plans, and supplier due diligence.
• Payments are processed by PCI DSS compliant providers; the platform does not store full card numbers.
• Data minimisation and purpose limitation are applied to reduce unnecessary collection and processing.
• Logs, audit trails, and monitoring detect misuse or unauthorised access.
• Retention follows legal and regulatory requirements, including anti-money laundering record-keeping.
• Aggregated and anonymised statistics support service improvement and integrity monitoring.
• Users are informed about material changes to this document.

Users have the right to access, correct, delete, restrict, or object to processing of their personal data, and to data portability where applicable. Consent can be withdrawn at any time, without affecting processing carried out before withdrawal. Users also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk.

Compliance is aligned with UK GDPR, the Data Protection Act 2018, PECR, and the UK Gambling Commission’s Licence Conditions and Codes of Practice. The company maintains records of processing activities and conducts risk-based assessments to safeguard user data.

Kaboom Slots uses personal data to operate accounts, provide the online services securely, and meet legal obligations in the United Kingdom. Processing covers identity verification and affordability checks required by regulation. Information supports the handling of payments and withdrawals through trusted electronic service providers. Service analytics guide improvements and help detect misuse. Marketing communications are sent where permitted by consent or legitimate interests, and users can manage preferences at any time.

• Create and administer user accounts, profiles, and preferences.
• Verify identity, age, address, source of funds, and affordability.
• Process deposits, wagers, withdrawals, and payment reconciliations.
• Operate safer gambling tools, self-exclusion, and risk assessment.
• Detect and prevent fraud, misuse, and match manipulation.
• Provide support, respond to queries, and handle disputes.
• Run analytics to improve performance, stability, and usability.
• Personalise content, odds display, and navigation based on usage.
• Send service notices and policy updates.
• Meet legal, regulatory, tax, and audit requirements.

All processing is carried out on lawful bases such as contract, legal obligation, legitimate interests, and consent where required. The operator aims for transparent information about each use and offers controls where feasible.

Users can view and update most account information through profile settings and support channels. Requests for correction or deletion are handled after reasonable verification and in line with legal retention duties. When a user asks to close an account, certain records may be retained for a defined period to meet anti-money laundering and gambling regulatory obligations. Users acknowledge that security checks, including identity and payment verification, may be conducted and that payment information is handled by electronic service providers and financial institutions subject to their own security standards. The operator applies proportionate security controls to maintain confidentiality and integrity throughout these processes.

The services are intended for users aged 18 or over. The operator cannot confirm age without suitable documents and will request evidence if required. If personal data relating to a minor is identified, it will be deleted on verification of a parental or guardian request.

• No accounts are permitted for individuals under 18.
• Age verification checks are carried out before gambling activity.
• Attempts by minors to register may be reported to relevant authorities.
• Parents or guardians may contact support to request deletion of a minor’s information.
• Personal data linked to underage use is removed once verification is complete.
• Educational guidance on responsible and legal use of the services is provided on the website.

Personal data may be stored or processed in other countries where group entities or trusted partners operate. Using the site constitutes consent to such transfers where consent is the appropriate lawful basis. The operator ensures that each recipient maintains confidentiality and robust security controls. Transfers are structured to comply with UK data protection requirements.

• Transfers rely on UK adequacy regulations where available.
• Standard Contractual Clauses plus the UK Addendum apply when adequacy is not in place.
• Encryption, access controls, and least-privilege permissions protect information.
• Vendors are vetted for security, privacy, and compliance certifications.
• Periodic audits and assessments review transfer safeguards.
• Users may request information about transfer mechanisms and key safeguards.

This disclaimer explains how certain provisions may limit or clarify the scope and effect of the rules in this document. It applies once the user accepts the policy, including by ticking acceptance boxes, electronic signature, or accession by use of the services.

• Nothing in this policy limits statutory rights under UK GDPR or the Data Protection Act 2018.
• Security measures reduce risk but cannot guarantee absolute protection against all threats.
• The operator may update this document; the current version applies from publication.
• If a conflict arises between this policy and applicable law, the law prevails.
• Separate product or promotion terms may apply to specific processing activities.
• Proof of identity may be required before the operator acts on a user request.

Cookies are small files placed on a device to store settings and recognise a browser across visits. They are used for statistics, behaviour analysis, personalisation, and to improve the online services by understanding performance and usage patterns. Some cookies are essential for account security and session management, while optional ones support analytics and tailored content. Users can control cookies in browser settings or through on-site tools, and consent will be requested where required under PECR. Unless a shorter period is stated in the cookie notice, cookies are retained for up to one year.

Use of the services in the United Kingdom signifies full acceptance of the current Privacy Policy, including any updates published on the website. The latest version of this document replaces all previous versions and applies from the date of publication.

Personal data may be shared with third parties where required by law, to resolve disputes, to perform contracts, or to operate the services. The website lists key categories of recipients, and where a specific partner is not listed, users will be told the purpose and scope of disclosure where appropriate. Providing information may constitute consent to such sharing when consent is the relevant lawful basis. Each recipient is expected to protect confidentiality and process data only for authorised purposes.

• Payment processors and banking partners for deposits and withdrawals.
• Identity verification, fraud prevention, and credit reference agencies.
• Regulatory bodies, law enforcement, tax authorities, and dispute resolution services.
• Platform hosting, cloud infrastructure, and cybersecurity providers.
• Customer support, communication, and ticketing platforms.
• Analytics and personalisation tools subject to PECR and consent rules.
• Professional advisors including auditors and legal counsel.
• Affiliates or group companies for centralised compliance and reporting.

The website may contain links to third-party websites or services that operate their own privacy policies and security controls. The operator is not responsible for how external websites collect, use, or disclose information. Users should review the privacy notices of external websites before providing any personal details. Caution is advised when following links from the platform to other services.

• External links are provided for convenience and information.
• Third-party websites may collect personal data under their own policies.
• Users should review cookie and tracking practices on external websites.
• Logging out and closing the browser reduces risk when leaving the platform.
• Security on third-party websites cannot be guaranteed by the operator.
• Disputes about external services must be addressed to the relevant provider.
• Links may be removed or updated without notice.
• This document applies only to the operator’s websites and mobile applications.