Privacy Policy

1. Introduction

Gecko Entertainment Ltd ("GeckoPlay", "we", "us", or "our") is committed to protecting the privacy and personal data of every individual who interacts with our platform. This Privacy Policy explains how we collect, process, store, and safeguard your information when you visit geckoplay-casino-uk.com, register an account, or use any of our services.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK Data Protection Act 2018, and the Malta Data Protection Act. Gecko Entertainment Ltd acts as the data controller for all personal information collected through the GeckoPlay platform.

By accessing or using GeckoPlay, you acknowledge that you have read and understood this Privacy Policy. If you disagree with any aspect of our data handling practices, you should refrain from using our platform. This policy should be read alongside our Terms & Conditions.

2. Data We Collect

2.1 Personal Information

When you register for an account, we collect personally identifiable information that enables us to verify your identity and provide our services. This includes your full name, date of birth, residential address, email address, telephone number, nationality, and preferred currency. During the KYC verification process mandated by our Malta Gaming Authority licence, we may also collect copies of government-issued identification documents (passport, driver's licence, or national ID card), proof of address documentation, and proof of payment method ownership.

2.2 Financial & Transaction Data

We collect information related to your financial transactions on the platform, including deposit and withdrawal amounts, payment method details (card numbers are tokenised and never stored in full), transaction timestamps, and payment provider references. This data is necessary for processing your payments, detecting fraud, and fulfilling our anti-money laundering obligations.

2.3 Usage & Technical Data

We automatically collect technical data when you interact with our platform. This includes your IP address, browser type and version, device type, operating system, screen resolution, referring URLs, pages visited, time spent on each page, click patterns, game session durations, and betting activity. This data is collected through server logs, cookies, and similar tracking technologies as described in Section 8 of this policy.

2.4 Communications Data

When you contact our support team via live chat, email, or any other communication channel, we retain records of those interactions, including the content of messages, timestamps, and any attachments. This data helps us resolve disputes, improve our service quality, and maintain regulatory compliance.

3. How We Use Your Data

We process your personal data for the following specific purposes:

• Account Management: To create, maintain, and administer your player account, verify your identity, and authenticate your login sessions.
• Service Delivery: To process deposits and withdrawals, execute game wagers, calculate winnings, and deliver bonus offers you are eligible for.
• Regulatory Compliance: To fulfil our obligations under the Malta Gaming Authority licence (MGA/CRP/171/2009/01), including age verification, anti-money laundering checks, responsible gaming monitoring, and suspicious activity reporting.
• Platform Improvement: To analyse usage patterns, identify technical issues, optimise the user interface, and develop new features that enhance your gaming experience.
• Marketing Communications: To send you promotional offers, bonus notifications, and newsletters -- but only when you have provided explicit opt-in consent. You may withdraw marketing consent at any time.
• Fraud Prevention: To detect and prevent fraudulent activity, bonus abuse, multi-accounting, and other threats to the integrity of our platform.
• Dispute Resolution: To investigate and resolve complaints, disputes related to game outcomes, or account queries.

4. Legal Basis for Processing

Under Article 6 of the GDPR, we rely on the following lawful bases for processing your personal data:

• Contractual Necessity (Art. 6(1)(b)): Processing that is necessary for the performance of our contract with you, including operating your account, processing transactions, and delivering gaming services.
• Legal Obligation (Art. 6(1)(c)): Processing required to comply with our legal and regulatory obligations, including KYC/AML requirements, responsible gaming duties, tax reporting, and record-keeping mandated by the Malta Gaming Authority.
• Legitimate Interests (Art. 6(1)(f)): Processing that serves our legitimate business interests, provided those interests are not overridden by your fundamental rights. This includes fraud detection, platform security, internal analytics, and service improvement.
• Consent (Art. 6(1)(a)): Where we process your data based on your explicit consent -- such as for marketing emails or non-essential cookies -- you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. Data Sharing & Third Parties

GeckoPlay does not sell your personal data to third parties. However, we may share your information with carefully selected partners and service providers in the following circumstances:

• Payment Processors: Banks, card networks, e-wallet providers, and cryptocurrency exchanges that facilitate your financial transactions. These entities operate as independent data controllers for the transaction data they receive.
• Game Providers: Third-party software studios whose games are available on our platform. They receive limited session data necessary to deliver the gaming experience.
• Identity Verification Providers: Specialised KYC service providers who assist us in verifying player identities and screening against politically exposed person (PEP) and sanctions lists.
• Regulatory Authorities: The Malta Gaming Authority, law enforcement agencies, or other competent authorities when required by law, regulation, or legal process.
• Analytics & Infrastructure: Cloud hosting providers, CDN services, and analytics platforms that support the technical operation of our platform. These providers act as data processors under written agreements that include GDPR-compliant data processing terms.

All third-party data processors engaged by GeckoPlay are contractually required to implement appropriate technical and organisational safeguards to protect your data. Where data is transferred outside the European Economic Area, we ensure that adequate protection is in place through Standard Contractual Clauses or equivalent mechanisms approved by the European Commission.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations. The specific retention periods are as follows:

• Account Data: Retained for the duration of your active account and for a minimum of five (5) years after account closure, as mandated by Malta Gaming Authority regulations and anti-money laundering directives.
• Transaction Records: Retained for a minimum of seven (7) years from the date of the transaction for tax, accounting, and regulatory audit purposes.
• KYC Documentation: Retained for five (5) years after the end of the business relationship, in accordance with the Prevention of Money Laundering Act (Cap. 373 of the Laws of Malta).
• Marketing Preferences: Retained until you withdraw consent, after which we suppress your contact details to ensure we do not contact you again.
• Game Session Logs: Retained for a minimum of two (2) years for dispute resolution and regulatory compliance purposes.
• Support Communications: Retained for three (3) years from the date of the interaction.

When the applicable retention period expires, we securely delete or anonymise your data so that it can no longer be associated with you. Anonymised data that cannot identify any individual may be retained indefinitely for statistical and analytical purposes.

7. Your Rights

Under the GDPR and the UK Data Protection Act 2018, you are entitled to exercise the following rights in relation to your personal data:

• Right of Access (Art. 15 GDPR): You have the right to obtain confirmation of whether we hold personal data about you and to request a copy of that data in a structured, commonly used, machine-readable format.
• Right to Rectification (Art. 16 GDPR): You can request correction of inaccurate or incomplete personal data that we hold about you.
• Right to Erasure (Art. 17 GDPR): Also known as the "right to be forgotten", you may request the deletion of your personal data where there is no compelling reason for its continued processing. Note that this right is subject to our legal obligations to retain certain data as outlined in Section 6.
• Right to Restriction (Art. 18 GDPR): You may request that we restrict the processing of your data in certain circumstances, such as when you contest the accuracy of the data or object to processing based on legitimate interests.
• Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a portable format and to transmit that data to another controller, where technically feasible.
• Right to Object (Art. 21 GDPR): You may object to the processing of your personal data based on legitimate interests or for direct marketing purposes. Where you object to marketing, we will cease processing without delay.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact our Data Protection Officer at [email protected] with the subject line "Data Rights Request". We will respond to all valid requests within thirty (30) days of receipt. In exceptional circumstances where a request is particularly complex, we may extend this period by an additional sixty (60) days, and we will inform you of the extension within the initial thirty-day period.

If you believe that we have not handled your data request appropriately, you have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner in Malta, or with the Information Commissioner's Office (ICO) in the UK.

8. Cookies Policy

GeckoPlay uses cookies and similar tracking technologies to enhance your experience, analyse platform usage, and deliver personalised content. A cookie is a small text file stored on your device when you visit our website. We use the following categories of cookies:

8.1 Strictly Necessary Cookies

These cookies are essential for the basic operation of the platform. They enable core functions such as session management, authentication, account security, and load balancing. Disabling these cookies will prevent the website from functioning correctly. These cookies do not require your consent under the GDPR ePrivacy Directive.

8.2 Functional Cookies

Functional cookies remember your preferences -- such as language settings, display currency, and game favourites -- to provide a more personalised experience on subsequent visits. While not strictly necessary, they significantly improve usability.

8.3 Analytics Cookies

We use analytics cookies to understand how visitors interact with our platform, which pages attract the most traffic, and where users encounter difficulties. This data is aggregated and anonymised where possible. We may use tools such as Google Analytics, with IP anonymisation enabled, to process this information.

8.4 Marketing Cookies

Marketing cookies track your activity across websites to deliver advertising that is relevant to your interests. These cookies are only placed with your explicit consent. You may manage your cookie preferences at any time through our cookie banner or your browser settings. Most modern browsers also allow you to block or delete cookies, though doing so may impact the functionality of certain features.

9. Security Measures

Gecko Entertainment Ltd implements robust technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security framework includes:

• Encryption: All data transmitted between your device and our servers is protected by industry-standard TLS 1.3 encryption. Sensitive data at rest, including financial information and identity documents, is encrypted using AES-256 encryption.
• Access Controls: Employee access to personal data is restricted on a need-to-know basis, with role-based permissions, multi-factor authentication, and thorough audit logging of all data access events.
• Infrastructure Security: Our servers are hosted in ISO 27001-certified data centres with physical access controls, redundant power systems, and 24/7 monitoring. We deploy firewalls, intrusion detection systems, and conduct regular penetration testing.
• Incident Response: We maintain a documented data breach response plan. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, as required by Article 33 of the GDPR.
• Staff Training: All employees with access to personal data undergo mandatory data protection training upon onboarding and receive annual refresher training to remain current with evolving privacy regulations and threats.

While we employ industry-leading security practices, no system connected to the internet is completely impervious to attack. We encourage you to take your own precautions, including using strong, unique passwords, enabling two-factor authentication on your account, and keeping your device software up to date.

10. Children's Privacy

GeckoPlay is an online gambling platform intended exclusively for individuals aged eighteen (18) and over. We do not knowingly collect, solicit, or process personal data from anyone under the age of 18. Our registration process includes mandatory age verification, and we employ third-party verification services to confirm that all players meet the minimum age requirement.

If we discover or are informed that we have inadvertently collected personal data from a minor, we will take immediate steps to delete all associated data and close the account. Any funds deposited by a minor will be returned to the originating payment method where possible. If you believe a minor has registered on our platform, please contact us immediately at [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or operational needs. When we make material changes, we will notify you through a prominent notice on the platform, a direct email to your registered address, or both. The "Last updated" date at the top of this policy indicates when it was most recently revised.

We encourage you to review this policy periodically to stay informed about how we protect your data. Your continued use of GeckoPlay after any modifications to this Privacy Policy constitutes your acceptance of the updated terms. If a change materially reduces your rights under this policy, we will seek your affirmative consent before implementing that change.

Previous versions of this Privacy Policy are available upon request by contacting our Data Protection Officer.

12. Contact & Data Protection Officer

For any questions, concerns, or requests related to this Privacy Policy or the way we handle your personal data, you may contact our Data Protection Officer through the following channels:

If you are not satisfied with our response to a data protection matter, or believe that your data protection rights have been infringed, you have the right to lodge a complaint with a supervisory authority. For players in the European Union, this is the Office of the Information and Data Protection Commissioner (IDPC) in Malta. For UK players, complaints can be directed to the Information Commissioner's Office (ICO).

For further information about your data protection rights under GDPR, you may visit gdpr.eu. UK residents may also consult the guidance provided by the Information Commissioner's Office (ICO).