Privacy Policy

1. Introduction

This Privacy Policy explains how BV Gaming Limited ("we", "us", "the Company"), operating the Puntit Casino website at puntitcasino-uk.com, collects, processes, stores, and protects your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are committed to safeguarding your privacy. By using our services, you acknowledge that you have read and understood this Policy. If you have questions, contact our Data Protection Officer at [email protected].

2. Data We Collect

Personal Data: When you register an account, we collect your full name, date of birth, email address, postal address, telephone number, and government-issued identification documents for verification purposes.

Financial Data: Payment card details (processed securely via PCI DSS-compliant payment processors), deposit and withdrawal history, and transaction records.

Usage Data: IP address, device type, browser information, operating system, pages visited, session duration, game play history, betting patterns, and interactions with promotional content.

Cookies & Tracking: We use cookies and similar technologies to enhance your experience, analyse site usage, and deliver personalised content. See Section 8 for full details.

3. How We Use Your Data

We process your personal data for the following purposes:

• To create, manage, and verify your account.
• To process deposits, withdrawals, and financial transactions securely.
• To comply with legal and regulatory obligations, including anti-money laundering (AML) and Know Your Customer (KYC) requirements under the Proceeds of Crime Act 2002 and the UK Gambling Commission's Licence Conditions and Codes of Practice.
• To provide customer support and respond to enquiries.
• To detect and prevent fraud, cheating, collusion, and other prohibited activities.
• To send promotional communications where you have opted in (you may opt out at any time).
• To monitor responsible gambling patterns and implement player protection measures.
• To improve our services, site functionality, and game offerings through aggregated analytics.

4. Legal Basis for Processing

Under UK GDPR, we process your data based on the following legal grounds:

• Contractual Necessity: Processing required to perform our contract with you (account services, gameplay, payments).
• Legal Obligation: Processing required to comply with UKGC regulations, AML legislation, and tax reporting requirements.
• Legitimate Interest: Processing necessary for fraud prevention, security, and service improvement, balanced against your rights and freedoms.
• Consent: For marketing communications and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. Data Sharing & Third Parties

We may share your personal data with the following categories of recipients:

• Payment Processors: To facilitate deposits and withdrawals (e.g., Visa, Mastercard, PayPal, Skrill).
• Regulatory Bodies: The UK Gambling Commission, HMRC, and law enforcement agencies when required by law.
• Identity Verification Services: Third-party KYC providers for age and identity verification.
• Game Providers: Technical data necessary for game delivery and fair play auditing.
• Analytics Providers: Aggregated, anonymised data for site performance analysis.
• GAMSTOP: To verify self-exclusion registrations.

We do not sell your personal data to third parties. All data sharing is conducted under appropriate contractual safeguards and in compliance with UK GDPR.

6. Data Retention

We retain your personal data for the following periods:

• Active Accounts: For the duration of your account plus 6 years after closure (as required by UKGC and AML regulations).
• Financial Records: 6 years from the date of the last transaction (HMRC requirements).
• Marketing Preferences: Until you withdraw consent or for 2 years from last activity.
• Cookie Data: Varies by cookie type (see Section 8).

After the retention period, data is securely deleted or anonymised so that it can no longer be associated with you.

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of all personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data where no legal obligation requires retention.
• Right to Restrict Processing: Request limitation of processing in certain circumstances.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Rights related to Automated Decision-Making: Right not to be subject to decisions based solely on automated processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

8. Cookies Policy

We use the following types of cookies:

• Essential Cookies: Required for the Site to function (authentication, session management, security). Cannot be disabled.
• Performance Cookies: Collect anonymous usage statistics to help us improve Site performance.
• Functional Cookies: Remember your preferences (language, display settings).
• Marketing Cookies: Track your activity across sites to deliver targeted advertising. Only set with your consent.

You can manage cookie preferences through your browser settings. Blocking essential cookies may impair Site functionality.

9. Security Measures

We implement industry-standard security measures to protect your data, including:

• 256-bit SSL/TLS encryption for all data transmission.
• PCI DSS Level 1 compliance for payment processing.
• Multi-factor authentication support for account access.
• Regular security audits and penetration testing.
• Access controls limiting employee access to personal data on a need-to-know basis.
• Encrypted data storage with regular secure backups.

While we take all reasonable precautions, no system is completely secure. We cannot guarantee absolute security of your data during internet transmission.

10. Children's Privacy

Our services are strictly for individuals aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If we discover that a minor has provided us with personal information, we will immediately close the account, void any transactions, and securely delete all associated data.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. Material changes will be communicated via email or a prominent notice on the Site. The "Last Updated" date at the top of this page indicates the most recent revision.

12. Contact & Data Protection Officer

For any questions, requests, or concerns regarding this Privacy Policy or your personal data:

• Data Protection Officer: [email protected]
• General Support: [email protected]
• Company: BV Gaming Limited
• Address: Suite 2, Waterport Place, 2 Europort Avenue, Gibraltar GX11 1AA
• Regulator: UK Gambling Commission
• Data Authority: Information Commissioner's Office
• GDPR Info: gdpr.eu