Kingdom Casino UK Privacy Policy

Your data is your data. This policy spells out what Kingdom Casino collects from UK players, why we hold it, how long we keep it and the rights you have over it under the UK GDPR and the Data Protection Act 2018. Registering an account is your acceptance of the practices set out below; if anything here gives you pause, do not deposit until you have spoken to support.

The data we collect from you

Account opening pulls a basic identity set: full name, date of birth, residential address, email, phone number and country of residence. These are the absolute minimum required to satisfy age verification, sanctions screening and anti-money-laundering rules. We also keep a record of any document you upload during a later KYC check, stored encrypted at rest.

Cashier activity generates a separate slice of data. Card numbers never reach our own servers — our PSPs tokenise them before the request lands with us. We do hold the token, the issuing country, the last four digits and the transaction amount. Crypto deposits keep the on-chain wallet address as a reference.

Browsing the site adds technical information automatically: IP address, user agent string, device fingerprint hash, the pages you load and how long you stay on each one. The cookie policy covers the cookie and tracking pixel side of this in detail.

Why we hold it and what we do with it

Three jobs. One: deliver the service — opening the account, taking deposits, settling bets, paying out winnings, answering support tickets. Two: comply with regulators — verifying you are old enough to play, screening against sanctions lists, monitoring transaction patterns for AML signals, and producing audit trails on demand. Three: marketing — only if you have ticked the consent box at signup or later, and only until you withdraw that consent (you can do so from your account preferences at any time).

How long the data sticks around

Live account data is retained for the lifetime of the account. After closure we move it into a regulatory archive for the period set by anti-money-laundering law — usually seven years from the date of the last transaction. After that window, the archive is purged on a rolling schedule. Marketing consent records are wiped within 30 days of withdrawal.

Security

Data in transit is TLS 1.3 only. Data at rest uses AES-256. Access to player records is role-gated and every read is logged; senior reviews of those logs run on a quarterly schedule. The infrastructure is hosted in EU data centres and the operations team runs a SOC 2 Type II programme.

Who we share data with

We do not sell your personal data and we never will. The only third parties who touch it are the operational partners essential to running the site: payment processors, KYC document checkers, game studios that need a session reference to credit a jackpot, and cloud infrastructure providers. Each sits under a written data processing agreement. Disclosures to a regulator or law enforcement happen only when legally required, and we publish summary numbers on those requests each year.

Your rights under the UK GDPR

You can request a copy of every piece of personal data we hold on you (access), correct anything inaccurate (rectification), ask us to delete data we no longer need to keep (erasure), restrict our processing of it, port it to another controller, or object to processing based on legitimate interests. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any point.

To exercise any of these rights, email support@kingdomnz.org from the address attached to your account. We respond inside the statutory one calendar month, extendable by two further months for complex requests with notice.

Age verification

Kingdom Casino is strictly for adults aged 18 and over. We verify date of birth at signup and reserve the right to ask for additional proof at any point. Accounts suspected of belonging to a minor are suspended immediately and any deposits returned to the original payment source after the appropriate checks.

Breach notification

If a breach occurs that is likely to result in a high risk to your rights, we will notify you directly without undue delay, in line with our obligations under the UK GDPR. The notification will explain what happened, what data was involved, what we have done in response and what practical steps you should take — typically a password reset and a watchful eye on your bank statements over the following weeks.

Contact and updates

Questions about your data or this policy? Email support@kingdomnz.org or open the in-product chat. The cookie policy covers the tracking side, and the responsible gambling page covers the welfare tools. This policy was last updated on 1 May 2026; the next scheduled review is January 2027.