Log in

Videoslots Privacy Policy




17th May 2018

Creation of this Document

Version 1.0

30th June 2020

Revision of this Document

Version 1.1

12th November 2020

Revision of this Document

Version 1.2

Videoslots values your integrity and privacy immensely and is committed to managing all your personal data in a transparent, fair and lawful manner. This privacy policy (together with the Terms & Conditions and the Cookie Policy) sets out the basis upon which Videoslots collects, stores, and uses your personal data when you visit our website, as well as what your rights are, and how the law protects those rights (“Privacy Policy”). 

This Privacy Policy uses a layered approach, meaning you can click through any of the specific areas as set out below for your ease of reference:

1. About Us

2. Your Data

3. Sharing of Data

4. Joint Controllers

5. Transfers of Personal Data

6. Automated Decision Making

7. Data Security Measures

8. Data Retention

9. Your Rights


(a) Purpose of Policy

This Privacy Policy aims to give you a thorough understanding of how we process your personal data which is gathered through your use of this website, and which includes any data which you may provide us with upon registration and through your use of our online casino. 

This website is solely intended for persons over the age of 18, and we do not knowingly collect data relating to persons under such age. If it becomes apparent to us that we have collected personal data relating to persons under the age of 18, due to reasons relating to abuse of our website, we do our utmost to ensure that such data is handled in accordance with applicable law.

Unless otherwise defined within this Privacy Policy, capitalised terms contained herein shall have the same meaning as set out in the Terms & Conditions.

This Privacy Policy must be read in conjunction with any other privacy notices we may provide you with from time-to-time. This Privacy Policy is supplementary to other such notices and is not intended to override them.

We vow to protect your personal data and to always respect your privacy in accordance with the best business practices and applicable laws. You are responsible to provide us with personal data that is correct and inform us of any changes occurring in your data in writing, in order that we may take all reasonable measures to keep our records in your regard correct and up to date.

(b) Data Controller

Videoslots Ltd of The Space, Level 2 & 3, Alfred Craig Street, Pieta, PTA 1320 Malta is the data controller and is therefore responsible for your personal data (“Company” or “we”, “us”, “our” in this Privacy Policy). 

Since we take your privacy seriously, we have appointed a data protection officer (“DPO”) whose responsibility it is to oversee that the company is compliant with its legal obligations in respect of the processing of your personal data, and who is your contact point for any questions relating to this Privacy Policy. Should you have any queries about this policy, including any request to exercise your legal rights, please contact our DPO using the details provided below:

Full Name of Legal Entity

Videoslots Ltd (C49090)

Postal Address

The Space, Level 2 & 3, Alfred Craig Street, Pieta, PTA 1320 Malta

Email Address

You also have the right to file a complaint with the Information and Data Protection Commission (“IDPC”) at any time, being the main Supervisory Authority for data protection matters in Malta. However, we would truly appreciate the opportunity to address your issues before you contact the IDPC, so kindly contact us in the first instance.


(a)What is personal data?

The General Data Protection Regulation (“GDPR”) defines personal data as:

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”

You, as the Company’s customer, are the ‘data subject’ in relation to this privacy policy. In short, this means that any personal data relating to you as a data subject is protected under data protection law. However, it does not include data where the identifiers relating to the data subject have been removed (meaning anonymous data).

(b)The important stuff – what, how, and why?

We may collect, use, store, and transfer different kinds of personal data. In this section we explain the following:

(i)what kind of data we collect;

(ii)how we collect such data – do we get the data directly from you? Do we get it from other sources?;

(iii)for which purposes we collect the data – how and why do we use this data?; and

(iv)what our legal basis for processing such data is – the possible legal bases we could rely on are:

a.Legal Obligations - are we required by law or regulations to process this data? Do we need to process this data to satisfy a legal obligation? 

b.Legitimate interest – when relying on this legal ground, it means that we process your data in the interest of conducting and managing our business to ultimately provide you the best service and experience we possibly could. Before relying on this ground, we ensure that we evaluate that potential impact such processing may have on you and your rights. Therefore, we do not rely on this ground where your rights and interests as a data subject override our interests to process such data;

c.Performance of contract – the processing of personal data is necessary for the performance of contractual obligations we enter into with you and which you are a party to (i.e. the Terms and Conditions)

d.Consent - Where consent is used as a legal basis for processing your data, we only process your data in such a manner for as long as we have your consent to do so. If, at any time, you feel that you no longer wish for us to process your data in such a manner, we will no longer do so. However, this will not affect any processing of personal data that we carried out with your consent prior to the removal of your consent. Please see Section 8 of this Privacy Policy for further information on how you can remove your consent.


Data collected

How do we collect your data?

Purpose for collection

Legal basis for processing data

Identification data – this includes full name, username of choice, date of birth, gender

Requested upon registration

(1) Customer identification and creation of unique customer profile

(2) Customer verification for Anti-Money Laundering (“ AML”) purposes

(3) Identification of customer when contact is made

(1) Performance of contract

(2) Legal obligation

(3) Performance of contract / Legitimate interest

Contact details – this includes email address, home address, mobile phone number

Requested upon registration

(1) Customer identification and creation of unique customer profile

(2) Contacting customers for support purposes

(3) Dissemination of marketing material

(1) Performance of contract

(2) Performance of contract

(3) Consent

Data required for verification purposes – this includes your identification documents, proof of address, and possibly source of funds, source of wealth.

Must be uploaded on player profile upon request; may be requested either through pop up on website or via email.

(1) Verification of player identity

(2) Required in order for us to comply with AML law

(1) Legal obligation

(2) Legal obligation

Financial data – this would include the financial details relating to your deposit and withdrawal methods of your choice, therefore your bank details, payment card details, or all relevant details relating to the chosen payment methods.

Collected upon deposit or withdrawal of funds into the player account. Could also be collected where we have queries via email / chat / calls

(1) Required to provide you with the service (i.e. to deposit funds into player account)

(2) Required for Know-Your-Customer (“KYC”) checks (source of funds)

(3) Required for cybercrime checks

(4) To ensure a closed-loop policy

(1) Performance of contract

(2) Legal obligation

(3) Legitimate interest

(4) Legal obligation

Transaction data – this includes details relating to payments made to and by you;

Automatically generated when deposits and withdrawals are made

(1) Required to provide you with the service

(2) Required to comply with AML law and gaming licence requirements

(3) Required to track your activity for social responsibility measures

(1) Performance of contract

(2) Legal obligation

(3) Legal obligation / legitimate interest

Gaming data – this includes details relating to the games you play on our website (i.e. your gaming activity)

Automatically generated with gaming activity

(1) Required to provide you with the service

(2) Required to comply with remote gaming law

(1) Performance of contract

(2) Legal obligation

Data relating to your communications with us (via email, live chat, phone call)

Email correspondence and live chat when contact is made, phone calls may be recorded for record-keeping requirements

(1) Required to provide you with the service (for customer queries, communicating necessary issues)

(1) Performance of contract

Profile data - Data relating to your gaming habits and your preferences

Automatically generated with game play, or using cookies to log preferences

(1) May be used in aggregated and anonymised form to improve service

(2) May be used to for a more personalised user experience

(3) Segmentation purposes – segmenting you into different groups depending on several factors, such as your game play, etc. This is mainly for us to improve our product and service by understanding our customers better

(4) Segmentation for AML and social responsibility measures

(5) Targeted marketing

(1) Legitimate interest – data in anonymised form is not personal data

(2) Consent

(3) Legitimate interest

(4) Legitimate interest

(5) Consent

Responsible Gaming Data

Automatically generated with self-assessment test

(1) Responsible gaming profiling

(2) Identification and investigation of gaming activity for responsible gaming purposes

(1) Performance of contract

(2) Legitimate interest

Self-exclusion data

Automatically generated with gameplay

(1) Identification and investigation of gaming activity for responsible gaming purposes

(1) Legitimate interest

Technical data - this may include your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, operating system and platform.

Usage data – includes data relating to how you use our website

Cookie data

(1) Location data / IP used to ensure customer is not from a restricted or high-risk country

(2) Location data / IP address also used to ensure that they do not use proxies or VPNs, to ensure that they do not abuse bonuses or defraud by application fraud

(3) All other data (including location and IP) is used to improve website functionality, troubleshoot technical issues, create more products for different platforms

(1) Performance of contract

(2) Legitimate interest

(3) Legitimate interest

My RTP data – May include your hit rate, total number of spins, overall RTP on your account, your own RTP compared to the games’ RTPs, biggest win on specific games and bet placed to achieve that win

Automatically generated with gameplay

(1) You can now view your own actual RTP based on your gaming activity - This is a feature of our service to provide you with our gaming service. We do this to improve transparency with you as a player under consumer protection law.

(1) Legal Obligation / Legitimate Interest

Marketing and communications data – includes your preferences relating to receiving marketing messages from us and other third parties (such as affiliates), as well as your communication preferences.


(1) Own marketing via different communication channels

(2) Marketing through affiliates

(1) Consent (granular - per channel)

(2) Consent

Cookie data – please see our Cookie Policy for further information on how and for which purposes we collect your cookies.

You may find further information below relating to how we may process your data for the following reasons:

  • Marketing – we do our best to ensure that you have the utmost control over what kind of marketing material you receive from us or from other third parties on our behalf. You may see and amend your choices relating to marketing in our Privacy Dashboard on your user account here. If you feel you would like more control over what kind of marketing material we send to you, please feel free to send your suggestions to our DPO at the contact details listed above. Should you wish to revoke your consent for certain processing activities, it may take up to 48 hours for us to ensure that the changes were implemented into our systems and those of our marketing partners (and therefore you might receive some emails or information from us within those 48 hours for this reason). Section 8 explains exactly how you can revoke your consent.
  • AML and social responsibility – Videoslots is committed to providing you with the safest and most secure gaming environment we could possibly provide. For this reason, we may process certain personal data relating to you to an extent which slightly exceeds the statutory requirements, however this is done for your own safety and peace of mind. We have a legitimate interest to do so, as we feel responsible for your online safety, however we can assure you that none of the checks we carry out are unnecessarily invasive to your rights and freedoms as a data subject.

Your personal data shall not be processed for purposes other than those it was collected for; should further processing be required, you will be informed of that purpose and provided with all necessary information.


Due to the nature of our service, in order to process your data as explained in section 2 of this Privacy Policy, we may need to share your personal data with a number of trusted third parties. These third parties include:

(i)Game providers – sometimes our game providers would require access to select data attributes (such as username and IP address, for instance), in order to provide us with the games you play on our website;

(ii)Payments providers and related service providers – similarly, we may share some of your personal data with the payment providers you use to make and receive payments on our website;

(iii)Marketing partners - where you give us your consent to send you marketing and promotions, we may share your contact details (such as email address or mailing address) with our marketing partners who take care of sending out all our marketing material to you;

(iv)Governmental or regulatory authorities - We may, if necessary or authorised by law, provide your personal data to law enforcement agencies, governmental or regulatory organisations, courts or other public authorities. We attempt to notify all our customers about legal demands for their personal data unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe that the requests are disproportionate, vague or lack proper authority, but we do not promise to challenge every demand;

(v)Client communication software – we use a third-party software to help us communicate with you. This software enables us to send you emails and chat with you on live chat whenever you have queries;

(vi)AML and fraud verification tools – we use third party software to conduct certain AML and fraud verification checks which are required to satisfy our legal obligations in this regard.

We always ensure that any third party having access to your personal data is bound to respect the security of your personal data, and to process it in a lawful manner at all times and in compliance with our Privacy Policy and strict codes of conduct. We do not allow any third-party service providers to use your personal data for their own purposes. Processing by such third parties (also known as “Data Processors”) is solely carried out for specific purposes and in accordance with our instructions as Data Controller and on our behalf, and such third parties may only use your personal data to the extent to which we ourselves are entitled. Furthermore, in all cases, we strive to ensure that we do not share more data than is necessary to be shared for the service providers to carry out the processing activities in accordance with our instructions.


Videoslots may act as a joint controller when together with one or more organisations it jointly determines the purposes and means of the processing of personal data. In such cases, the joint controllers have entered into a data sharing agreement that establishes the commitments and responsibilities of each party.


Some of the service providers outlined in section 3 above may be based in countries which do not form part of the European Economic Area (“EEA”). This may mean that your data may be stored in a location outside of the EEA. Whenever any transfers of your personal data are made to Data Processors located outside of the EEA, we always ensure that your data is protected in the same way as it is in the EEA. In order to ensure the protection of your data, we implement at least one of the following safeguards:

(i)Adequacy decision – we ensure that we transfer your personal data to countries providing an adequate level of protection according to the European Commission;

(ii)Standard clauses – where the Data Processor is not based in a country benefiting from an adequacy decision or is not part of the US/Swiss privacy shield, as explained in (i) and (ii) above, we may use specific contracts, known as standard contract clauses, which are model contracts approved by the European Commission. These contracts also ensure that the personal data is afforded the same protection as it is in the EEA.


In establishing and carrying out our business relationship, we generally do not make use of fully automated decision making. If we use this procedure in individual cases, we shall inform you of this separately, provided it is a legal requirement. 


Videoslots always strives to ensure that your data is safe, both in our hands and in the hands of any third-party to whom we may disclose your data. Internally, we have put in place a number of security measures, both from a technical aspect as well as from an organisational aspect, to ensure that your data is not accidentally lost, used, accessed in an unauthorised manner, altered, or disclosed. We also ensure that access to your personal data is determined on a ‘need-to-know’ basis, meaning that only the persons who have a direct need to access your personal data will have access to it. Furthermore, anyone having access to your personal data is subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected or actual personal data breaches. We will notify both you as an affected data subject and the supervisory authority concerned of any such data breach whenever we are legally required to do so and we shall maintain a log of any such breaches.


Videoslots shall only retain your personal data for as long as necessary in view of the purposes for which they were collected. Such purposes could include the satisfaction of any legal, accounting, or reporting requirements.

When determining the appropriate retention period applicable to your data, we take several factors into consideration, such as the nature and sensitivity of the personal data, the potential risks surrounding the unauthorised use or disclosure of such data, the purposes for which we collect and process such data, and the applicable laws and/or regulatory requirements imposed on us. We are duty bound by Anti-Money Laundering Law to retain your personal data for a period of at least five (5) years following the end of our business relationship. The end of our business relationship starts to run on the day that your account with us is formally closed. 

Please feel free to contact our DPO on the contact details provided above for further information on our retention periods. 


Data protection law gives you, as a data subject, certain rights in certain circumstances. In accordance with law, you have a right to:

(i)Request access to your personal data - This means that you have a right to request, free of charge, a copy of the personal data we hold about you;

(ii)Request the correction of your personal data – This means that if any personal data we hold about you is incomplete or incorrect, you have a right to have this corrected. Keep in mind, however, that we may need you to provide evidence and documentation (such as your ID documentation or proof of address) to support your request;

(iii)Request the erasure of your personal data - This means that you may request the erasure of your personal data where we no longer have a legitimate reason to continue processing it or retaining it. Please be aware that this right is not absolute – meaning that we are not able to satisfy your request where we are obliged under a legal obligation to retain the data, or where we have reason that the retention of data is necessary for us to defend ourselves in a legal dispute;

(iv)Object to the processing of your personal data where we rely on our legitimate interests (or those of a third party) to process your data and you feel that our processing of your data in such a manner impacts your fundamental rights and freedoms. However, in some cases, we may be able to demonstrate that we have a compelling legitimate ground to process your data which may override your rights and freedoms. You may submit your objections to processing of your personal data on the grounds of the above-mentioned legitimate company interests by contacting our DPO;

(v)Request the restriction of the processing of your personal data – You may ask us to temporarily suspend the processing of your personal data in one of the following scenarios: (a) where you want us to establish the accuracy of the data, (b) where our use of the data is unlawful but you do not wish for us to delete it, (c) where you need us to retain your data even when we no longer need it in order for you to establish, exercise, or defend legal claims, or (d) where you have objected the use of your data but we need to verify whether we have overriding legitimate grounds to use it;

(vi)Request the transfer of your personal data (i.e. data portability) – This means you may request us to transfer certain data we process about you to a third party. This right only applies to data acquired through automated means which you initially provided consent for us to use, or where we used the data to perform our obligations under a contract with you;

(vii)Withdraw your consent at any time where we rely on your consent to process the data - ‘Opting out’ or withdrawing your consent will not affect the lawfulness of the processing carried out by us up until the time you withdrew your consent. Withdrawing your consent means that, going forward, you no longer wish for us to process your data in such a manner. This means that you may no longer consent for us to provide you with certain services (such as marketing. You may withdraw your consent at any time through the Privacy Dashboard, found on “Your Account” on the website;

(viii)File a complaint with a supervisory authority - as explained in section 1(b) of this Privacy Policy.

In order to exercise your rights as explained above, we may need to request specific information about you to help us verify your identity. This is a security measure to ensure that we are certain that the person to whom we disclose your personal data is really you.

We will do our utmost to respond to all legitimate requests within a one-month timeframe from the submission of a request. If your request is particularly complex, or if you have made multiple requests in a certain time period, it may take us a little longer. In such a case, we will notify you of this extension.