Privacy Policy
How Iris Casino collects, processes, and safeguards your personal information in line with GDPR and Curacao GCA requirements.
Contents
1. Data Controller
Iris Casino ("we", "us", "our") is the data controller responsible for your personal information collected through iris-official.com. We operate under the supervision of the Curacao Gaming Control Authority (Curacao GCA) and comply with the European Union General Data Protection Regulation (GDPR) where applicable.
By registering an account or using our platform, you agree to the processing of your personal data as described in this Privacy Policy.
2. Data We Collect
Account & Identity Data
- Full name, date of birth, and nationality
- Email address and phone number
- Username and encrypted password
- Government-issued photo ID and proof of address (KYC verification)
Financial Data
- Payment method details (card numbers are tokenised; we never store full card data)
- Deposit and withdrawal history
- Transaction identifiers from payment processors
Technical & Usage Data
- IP address and geolocation (country level)
- Device type, browser, and operating system
- Session timestamps and game logs
- Cookies and similar tracking technologies (see Section 8)
Communication Data
- Live chat transcripts and email correspondence
- Survey responses and feedback submissions
3. How We Use Your Data
We process your personal data for the following purposes:
- Account management — creating, verifying, and maintaining your player account
- Transaction processing — handling deposits, withdrawals, and bonus crediting
- Regulatory compliance — fulfilling KYC, AML, and Curacao GCA obligations
- Responsible gambling — monitoring play patterns and enforcing player-set limits
- Fraud prevention — detecting and preventing unauthorised access and financial crime
- Customer support — responding to your queries and resolving disputes
- Marketing communications — sending promotions you have opted in to receive
- Platform improvement — analysing aggregate usage to enhance performance and UX
4. Legal Basis for Processing
We rely on the following legal bases under GDPR Article 6:
- Contract performance — processing necessary to provide the services you requested
- Legal obligation — KYC, AML checks, and regulatory reporting
- Legitimate interests — fraud detection, security, and platform analytics
- Consent — marketing emails and non-essential cookies (withdrawable at any time)
5. Data Sharing
We do not sell your personal data. We share it only where necessary:
- Payment processors (Visa, Mastercard, Skrill, Neteller) — to execute transactions
- Identity verification providers — to complete KYC checks
- Regulatory authorities — Curacao GCA and law enforcement when legally required
- Game providers — anonymised session data to power the game library
- Customer support platforms — to manage live chat and ticketing
All third-party partners are contractually required to handle your data securely and only for the specified purpose.
6. Data Retention
We retain your personal data for as long as your account is active and for five (5) years after account closure to meet AML and regulatory record-keeping requirements. Financial transaction records may be kept for up to seven (7) years. Data held solely for marketing purposes is deleted within 30 days of an opt-out request.
7. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion where no legal obligation requires retention
- Restriction — ask us to pause processing in certain circumstances
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — at any time for consent-based processing
To exercise any right, email our Data Protection Officer at [email protected]. We will respond within 30 days.
8. Cookies
We use cookies and similar technologies to operate the platform, remember your preferences, and improve your experience. For full details on which cookies we use and how to manage them, please see our Cookie Policy.
9. Security
We protect your data with industry-standard security measures including:
- 256-bit SSL/TLS encryption for all data in transit
- At-rest encryption for stored personal data
- Regular penetration testing and vulnerability assessments
- Role-based access controls limiting staff access to personal data
- Automatic session timeouts and two-factor authentication options
In the event of a data breach affecting your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Article 33.
10. Contact & Complaints
For any privacy-related questions or to exercise your rights, contact our Data Protection Officer:
- Email: [email protected]
- Live Chat: available 24/7 on iris-official.com
If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.
This policy may be updated periodically. Material changes will be communicated via email or a prominent notice on the site. Continued use of the platform after changes constitutes acceptance.