Introduction to this Privacy Policy

The platform collects the following types of personal information to provide and secure the services:

• Identity and contact details: name, date of birth, address, email, telephone number.
• Account and verification data: username, identity and age verification documents, self-exclusion status.
• Payment and transaction information: deposits, withdrawals, payment method tokens and references. Full payment card details are not stored.
• Technical and usage data: IP address, device identifiers, browser type, approximate location from IP, log files, interaction and session data.
• Safer gambling and interaction records: limits set, affordability assessments, communications with support.

Why this information is collected:

• To deliver online services, manage the user account, and provide support.
• To verify identity and age, prevent fraud, and meet anti-money laundering and gambling compliance duties.
• To process payments, resolve issues, and maintain transaction records.
• To improve websites and services through analytics and service performance monitoring.
• To send service communications and, where consent is given, marketing.

Technical and organisational measures include:

• Encryption in transit and at rest for personal data.
• Role-based access controls and multi-factor authentication for authorised staff.
• Network monitoring, vulnerability management, and independent security testing.
• Supplier due diligence, confidentiality obligations, and data processing agreements.
• Data minimisation, retention schedules, staff training, and incident response procedures.

Users have rights under data protection law:

• Access to a copy of personal data.
• Correction of inaccurate information.
• Deletion of data, subject to legal and regulatory retention requirements.
• Restriction or objection to certain processing.
• Data portability for information provided by the user.
• Withdrawal of consent at any time without affecting prior lawful processing.
• Complaint to the Information Commissioner’s Office (ICO).

Scarabwins aims to operate in line with the UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations for cookies, and the Gambling Commission’s regulatory framework.

To exercise rights or raise a concern, contact the Data Protection Officer at [email protected].

Personal data is processed for lawful, fair, and transparent purposes:

• Account creation, identity management, and service delivery (contract).
• Payment processing, withdrawals, and chargeback handling via authorised payment providers (contract and legal obligation).
• Identity, age, affordability, sanctions, and fraud checks (legal obligation, public interest, and legitimate interests).
• Customer support, complaints, and dispute resolution (contract and legitimate interests).
• Safer gambling tools, monitoring, and interventions (legal obligation and legitimate interests).
• Service improvement, analytics, and testing to enhance websites and services (legitimate interests).
• Personalisation of content and experience (consent where required).
• Marketing by email, SMS, or push only where the user has opted in, with the option to opt out at any time (consent).
• Compliance with laws, tax and accounting requirements, and requests from regulators or courts (legal obligation).

Processing is limited to stated purposes and appropriate safeguards are applied. Personal data is not sold.

Users can access and update profile details in account settings. Requests for access, correction, deletion, restriction, objection, or portability can also be made by emailing [email protected]. Identity verification may be required before actioning a request.

• Response time: normally within one month. Complex or numerous requests may take longer in line with law.
• Deletion limits: certain records must be kept for legal and regulatory reasons, including anti-money laundering and gambling compliance requirements. Typical transaction and verification records are retained for up to five years after account closure, unless a longer period is required by law or for the establishment, exercise, or defence of legal claims.
• Portability: where applicable, a machine-readable copy of information provided by the user can be supplied.
• Complaints: users may contact the ICO if dissatisfied with how a request is handled.

By using Scarabwins, the user consents to security checks, identity screening, sanctions screening, and the processing of payment data by authorised payment service providers to confirm transactions and prevent fraud.

The services are intended for persons aged 18 or over. Scarabwins does not knowingly collect or process personal data from anyone under 18.

The operator cannot confirm age without appropriate documents and may request identification to comply with legal duties. If an account is found to belong to a minor, the account will be closed and personal data will be deleted where permitted, subject to lawful retention.

A parent or legal guardian may request deletion of a minor’s information by contacting [email protected] and providing proof of responsibility.

Personal data may be processed in other countries where service partners operate, including providers of cloud hosting, payments, identity verification, and support. By using the services, the user consents to such international transfers.

Where required, safeguards are applied, such as UK adequacy regulations, the UK International Data Transfer Agreement or Standard Contractual Clauses, along with technical and organisational security measures. All partners are bound by confidentiality and data protection obligations consistent with the level of protection required under UK law.

Scarabwins reviews transfer mechanisms periodically to reflect legal developments and ensures that partners maintain appropriate security throughout the transfer and processing lifecycle.

This notice sets out the rules for handling personal data. If any part conflicts with mandatory law, the law prevails. Disclaimers or notices in the Terms and Conditions may define scope, limitations, or exceptions to processing to the extent permitted by law.

The notice applies when the user accepts it by registering, providing an electronic acceptance, acceding to the terms, or continuing to use the services. Nothing in this document limits statutory rights under applicable law.

Cookies are small files placed on a device to store or retrieve information when using our websites or apps. They support statistics, behaviour analysis, personalisation, site improvement, security, and remembering preferences.

• Types: strictly necessary, preference, analytics, and marketing cookies. Both first-party and third-party cookies may be used.
• Retention: cookies are kept for up to 1 year unless removed earlier by the user.
• Control: users can manage cookies in their browser and may change non-essential cookie preferences at any time. Blocking some cookies may affect the availability or quality of certain services.

For detailed cookie tables and partners, refer to the Cookie Policy available on the website.

Using the services constitutes full acceptance of this Privacy Policy. The current version of this document prevails over any previous versions.

The policy may be updated to reflect changes in law or operations. Material changes will be signposted in service where appropriate, and continued use after an update indicates acceptance of the revised policy.

Effective date: 1 December 2025.

Personal information may be shared in limited cases and only for specified purposes:

• Payment service providers and banks to process transactions and prevent fraud.
• Identity verification, anti-money laundering, sanctions, and fraud prevention agencies to meet legal duties.
• Analytics, customer support, and operational suppliers to maintain and improve services.
• Cloud hosting, security, and IT maintenance providers to operate the platforms.
• Communication providers to send service messages.
• Regulators, law enforcement, courts, tax authorities, and the Gambling Commission where required by law.
• Professional advisers and dispute resolution bodies for legal claims and compliance.

Where a specific list of recipients is not shown on the website, users will be informed about the purpose and scope before any materially new sharing. Providing data is treated as consent to the sharing described here, in addition to other lawful bases that apply. Third parties must process data only on documented instructions and apply appropriate security.

The services may contain links to external websites that operate their own privacy policies. Responsibility for how those websites collect, use, or share personal information lies with the respective operators.

Users should review the privacy notices of any external site before providing personal data or continuing to use those services.