Privacy Policy

Data Controller: The legal name and registered address of the Data Controller are displayed in the footer of this website. In this Policy, references to lunacasino.com (“lunacasino.com”, “we”, “us”, “our”) refer to the relevant website/brand and must be read as referring to the Data Controller.

Processing agent services: Skill On Net Limited (Registered No. 14264775) provides processing agent services (including deposits and withdrawals) to Skill on Net Ltd (Malta – registration number C50024).

SkillOnNet (Malta) – Registered Office:
Office 1/5297, Level G, Quantum House,
75 Abate Rigord Street,
Ta’ Xbiex, XBX 1120,
Malta

This Privacy and Cookies Policy (“Policy”, “Privacy Policy”) explains how LunaCasino processes personal data when you visit our website, create an account, make deposits/withdrawals, play games, or use our services.

We respect your privacy and aim to be clear about what we collect, how we use it, and why.

GamProtect (Single Customer View)

We participate in GamProtect, a UK safer gambling initiative designed to protect high-risk customers. If you meet the criteria for inclusion in GamProtect, certain personal data will be shared with GamProtect and then with other participating gambling operators where you hold accounts.

Lawful bases for this sharing may include: legitimate interests, substantial public interest, safeguarding of children, and safeguarding individuals at risk.

For more information on GamProtect processing, refer to the GamProtect privacy notice.

Controller Relationship for GamProtect

When we participate in the Single Customer View (SCV) initiative, we submit certain customer data to the SCV system operated by Tutelar. For SCV processing:

  • We act as Data Controller for the data we submit.
  • Tutelar acts as a Data Processor for the SCV system.

Outside SCV, we remain an independent controller of your personal data. In rare cases where the original operator is no longer available (“orphan” data), the receiving operator and GamProtect may act as joint controllers to ensure the data is used for safer gambling purposes.

GamProtect – Appeal Process

If you wish to appeal your account closure or your inclusion in GamProtect, follow the redress process described in the GamProtect privacy notice.
For GamProtect queries, contact: [email protected].

Purpose of this Policy

This Policy explains:

  • what personal data we collect and why,
  • how we use and share it,
  • the lawful bases we rely on under UK GDPR and related data protection laws,
  • your rights and how to exercise them,
  • how cookies and similar technologies are used.

Our employees receive regular privacy and security training and are bound by confidentiality and internal policies.

Our services are not intended for minors. We do not knowingly collect or retain personal data about children.

If you have questions or wish to exercise your rights, contact our Data Protection Officer (DPO) at: [email protected].

The Types of Information We Collect

We collect two categories of information:

1) Personal Information

“Personal Information” means data that identifies you directly or indirectly. This may include:

  • contact details (name, email address, phone number, home address),
  • date of birth,
  • payment details (e.g., card number or payment identifiers),
  • KYC/verification documents and government ID data,
  • occupation and income-related details (where required),
  • device and usage data (IP address, geolocation derived from IP, device identifiers),
  • activity on our services (pages viewed, clicks, scrolls, searches, gameplay interactions),
  • communications with us (support chats/emails and, where consented, recorded calls).

2) Sensitive / Special Category Data

We may process certain sensitive data where required, such as nationality, to comply with legal and regulatory obligations (e.g., KYC/AML requirements).

SCV (GamProtect) Data

For SCV purposes we may share limited identifying data such as:

  • name, date of birth, postcode,
  • email address, phone number,
  • a customer ID set by us,
  • a status flag indicating SCV inclusion due to risk of gambling-related harm.

We do not share detailed gambling history, patterns of play, self-exclusion records, or internal safer gambling indicators with SCV. Only the minimum necessary data is shared.

Non-Personal Information

We also collect aggregated or technical information that does not directly identify you, such as:

  • browser type, operating system, language preference,
  • access times, referral domains,
  • anonymised usage statistics.

If non-personal data is combined with personal data, it is treated as personal data while it remains combined.

How We Collect Your Information

Information you provide directly

We collect information when you:

  • register an account,
  • make deposits or withdrawals,
  • place bets or play games,
  • contact support,
  • use chat functions or social media features linked to our services,
  • consent to call recordings and/or marketing.

Information collected from your device

We may collect device and connection details such as IP address, device model, OS, and version.

Information collected via our mobile app

On install/first use, we may collect:

  • IP address and derived location data (country/state/city/postcode),
  • platform (iOS/Android), OS and app version,
  • advertising ID (only if you consent),
  • account and verification information required for security and compliance.

Cookies and similar technologies

We use cookies to:

  • keep the site working securely,
  • remember preferences,
  • analyse usage and improve performance,
  • (with consent) deliver more relevant advertising.

Details appear in the Cookies section below.

Information from third parties

To meet KYC/AML and social responsibility obligations, we may:

  • verify your details with external verification providers and/or public sources,
  • check self-exclusion registers where applicable,
  • use publicly available information (including social media) to validate information you provide,
  • log and retain verification outcomes where required.

Data received through business or asset transfers

If we acquire customers or assets, we may receive customer data from a previous provider to migrate accounts and provide services. This can include balances, registration data, account metadata, device details (where available), KYC documents (where usable), and exclusion/time-out status. Historic itemised transaction records may remain with the previous provider unless transferred.

How We Use Your Data and Our Lawful Bases

We process personal data only where we have a lawful basis, including:

  • contract performance (to provide services),
  • legal/regulatory obligations (UKGC, AML, RG),
  • legitimate interests (service improvement, fraud prevention), where your rights do not override,
  • consent (marketing, optional cookies, certain publications).

We use personal data for purposes including:

  • account creation and service delivery (verification, payments, self-exclusion checks),
  • safer gambling and AML compliance,
  • access authentication and age verification,
  • publishing winners/leaderboards using username (where applicable and based on consent),
  • customer communications and updates (consent-based where required),
  • marketing (consent-based),
  • analytics and research to improve services (legitimate interests),
  • support and troubleshooting (contract performance),
  • investigating breaches, fraud, and legal compliance (legal obligations),
  • SCV (GamProtect) harm-prevention purposes (legitimate interests and substantial public interest where applicable),
  • audits and governance (legal obligations),
  • business transfers or restructuring (legitimate interests and/or contract).

Where processing relies on consent, you can withdraw consent at any time via account settings, support channels, or by using unsubscribe options in marketing messages. Withdrawal does not affect processing that occurred before consent was withdrawn.

Service Providers We Work With

We may share your information with vetted service providers who process data on our behalf, under contracts requiring appropriate security and compliance. These services may include:

  • marketing campaign management,
  • payment processing and verification,
  • credit reference checks (including affordability checks, where applicable),
  • fraud prevention and AML screening (including enhanced due diligence),
  • detection of unfair use of services,
  • hosting, IT systems, app development and maintenance,
  • competitions/offers administration,
  • analytics, data cleansing, and market research,
  • customer feedback management,
  • IT support, audit, legal, and compliance services,
  • regulatory data storage and access,
  • analysis of gambling behaviour for safer gambling interventions.

We only share what is necessary for the specific service.

GamProtect Information Sharing

Data shared with SCV (GamProtect) may be accessed by other licensed operators only for cross-operator risk assessment and safer gambling interventions. It is not shared for marketing or commercial purposes.

Regulatory Reporting

We are required to provide periodic reports to regulators in licensed jurisdictions. These reports typically include aggregated, non-personal data such as volumes of self-exclusions, registrations, complaints, and suspicious activity reporting metrics.

Other Sharing and Business Transfers

We may share personal data with selected third parties where necessary to improve customer experience, manage offers/promotions, and resolve complaints or disputes, based on legitimate interests or another appropriate lawful basis.

If we sell, transfer, or restructure any part of our business, we may share relevant data with prospective buyers, bidders, investors, and professional advisors for due diligence and completion of the transaction. Where required, we will provide notice before such transfers take place.

International Transfers (Outside the UK/EEA)

We aim not to transfer personal data outside the UK/EEA unless safeguards are in place. Transfers may occur:

  • with your explicit consent,
  • to perform a contract with you,
  • to meet legal obligations,
  • where appropriate safeguards are implemented.

Safeguards may include:

  • adequacy decisions,
  • contractual protections (including Standard Contractual Clauses and the UK Addendum),
  • other approved mechanisms.

Certain providers (including SCV operators) may use secure infrastructure inside or outside the UK/EEA. Where SCV-related data is processed or stored outside the UK/EEA, we ensure appropriate safeguards are in place.

In limited circumstances, we may be legally required to disclose data to third parties where we may have limited control over their protection measures.

Data Retention

We keep personal data only for as long as necessary for:

  • providing services,
  • compliance with legal/regulatory obligations,
  • fraud prevention and security,
  • dispute resolution and enforcement,
  • legitimate business needs and audits.

Retention periods vary by data type and purpose. When data is no longer needed, we securely delete or anonymise it.

SCV (GamProtect) data is retained only for as long as necessary for harm-prevention purposes. Orphan SCV data may be retained according to the SCV safeguarding purpose even if the original operator is no longer available.

Your Rights

You have rights under data protection law, including:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure (in certain circumstances)
  • Right to data portability
  • Right to restrict processing
  • Right to object (including an absolute right to object to direct marketing)
  • Rights relating to automated decision-making and profiling

For SCV (GamProtect), some rights may be limited where processing is necessary to safeguard individuals at risk or where substantial public interest applies. We will explain any limitations when responding to your request. For orphan SCV data, your rights may be exercised via the receiving operator or GamProtect, acting as joint controllers.

To exercise your rights, contact: [email protected]
For SCV/GamProtect data queries: [email protected]

We may request proof of identity before actioning requests and may apply additional verification steps to protect against unauthorised disclosure.

If you believe your rights have been infringed, you may complain to the relevant supervisory authority.

Cookies

What are cookies?

Cookies are small text files stored in your browser that help recognise your device and support secure, reliable site functionality. Some cookies are essential; others are optional and used only with your consent.

Cookies may help us:

  • keep you logged in securely,
  • remember preferences,
  • improve performance and usability,
  • understand how the site is used,
  • (with consent) tailor advertising and measure conversions.

Cookie categories we use

Strictly Necessary: Required for core features like secure access and registration. Disabling them may affect site functionality and security.
Performance: Helps us understand how the site is used (anonymised analytics) and improve performance.
Functionality: Remembers preferences such as language/region and certain tool settings.
Targeting/Tracking: Helps measure and deliver advertising relevant to your interests (consent required).

A cookie list is available via the cookie settings button shown on this page.

Managing cookies

You can manage cookies through your browser settings and delete cookies at any time. Blocking all cookies (including essential cookies) may limit access to parts of the site.

When you first visit, you will be asked to accept or reject optional cookies. You can change your preferences any time via the cookie settings button on this page. If you withdraw consent, optional cookies already set will be deleted where applicable and a consent prompt may reappear if settings are changed.

Google Analytics

We use Google Analytics to analyse browsing patterns and improve user experience. Opt-out settings apply per browser; if you use multiple browsers you must set preferences in each. If you delete cookies, you may need to opt out again.

Targeting and Retargeting

We may use targeting/retargeting technologies (e.g., through partners such as The Trade Desk) to personalise marketing where you have consented. These technologies may use pseudonymous identifiers (cookie IDs/online identifiers) and do not directly identify you unless you provide consent for such processing. Data collected can be removed by withdrawing consent.

Where used, data may be transferred to and processed in the United States, with appropriate safeguards applied as described in the International Transfers section.

You can manage targeting/retargeting preferences via the cookie settings button on this page.

Security

We apply administrative, organisational, and technical measures to protect your data, including:

  • access controls and least-privilege restrictions,
  • encryption and secure transmission,
  • anti-malware and data loss prevention measures,
  • physical security controls,
  • staff training and confidentiality obligations,
  • incident response procedures and regulatory notifications where required.

Access to personal data is limited to staff and service providers who need it to perform their duties and only under our instructions.

Limits of Confidentiality

We may disclose personal data where necessary to:

  • protect and defend our rights or property,
  • comply with legal processes and lawful requests,
  • investigate fraud, infringement, piracy, or unlawful/prohibited activity that may create legal exposure.

Complaints

If you have concerns about how we handle your personal data or this Policy, contact: [email protected] (in writing, with details so we can investigate).

We will review your complaint, may request further information, and will inform you of our response. UK and EEA users may also complain to the relevant supervisory authority at any time.

Some requests may be refused where lawful exemptions apply. If we decline a request, we will explain why (subject to legal restrictions).