Privacy Policy

Effective date: 1 January 2026  |  Last updated: 15 March 2026

LuckysBet s.r.o., with its registered office at Vodickova 710/31, 110 00 Prague 1, Czech Republic, Company ID (ICO): 12345678 ("we", "us", "the Operator"), is the data controller responsible for the processing of your personal data. We process personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR"), Czech Act No. 110/2019 Coll. on the Processing of Personal Data, and Czech Gambling Act No. 186/2016 Coll.

1. What Data We Collect

We collect and process the following categories of personal data:

1.1 Data You Provide Directly

• Registration data: Full name, date of birth, permanent address, email address, phone number, and nationality.
• Identity verification documents: Copy of government-issued ID (passport, national ID card, or driving licence), proof of address (utility bill or bank statement), and selfie for facial verification.
• Financial data: Bank account details, payment card information (processed by our PCI DSS-compliant payment processor), e-wallet identifiers, and transaction history.
• Communication data: Content of emails, live chat transcripts, phone call recordings (where permitted), and support ticket correspondence.

1.2 Data Collected Automatically

• Technical data: IP address, browser type and version, operating system, device type, screen resolution, and language settings.
• Usage data: Pages visited, games played, session duration, click patterns, login/logout timestamps, and referral sources.
• Gambling activity data: Bets placed, stakes, winnings, losses, bonus usage, deposit and withdrawal amounts, and responsible gambling tool settings.
• Cookie and tracking data: Information collected through cookies, web beacons, and similar technologies (see Section 6 below).

2. How We Use Your Data

We process your personal data for the following purposes and legal bases:

• Contract performance: To create and manage your player account, process deposits and withdrawals, operate games, credit winnings, and provide customer support.
• Legal obligations: To comply with anti-money laundering (AML) regulations, know-your-customer (KYC) requirements, tax reporting obligations, and gambling regulatory requirements including player exclusion checks and responsible gambling monitoring.
• Legitimate interests: To detect and prevent fraud, ensure platform security, analyse usage patterns for service improvement, and enforce our Terms and Conditions.
• Consent: To send you marketing communications, promotional offers, and newsletters. You may withdraw your consent at any time (see Section 5).

3. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

• Payment processors: Banks, card networks, and e-wallet providers for the purpose of processing your financial transactions.
• Game providers: Licensed software providers whose games you play on our platform, to the extent necessary for game operation and audit.
• Regulatory authorities: The Ministry of Finance of the Czech Republic, the Czech customs authority, tax authorities, and other bodies as required by law.
• Identity verification providers: Third-party KYC/AML service providers that assist with identity verification and risk assessment.
• IT and hosting providers: Cloud infrastructure, security, and technical service providers that host and maintain our platform.
• Professional advisors: Lawyers, auditors, and consultants, where necessary for legal, regulatory, or business purposes.
• Law enforcement: Police, courts, or other authorities when required by law or to protect our legal rights.

We do not sell your personal data to third parties. Any data sharing is conducted under appropriate contractual safeguards, including data processing agreements compliant with Article 28 of the GDPR.

4. Data Storage and Security

Your personal data is stored on secure servers located within the European Economic Area (EEA). In cases where data is transferred outside the EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognised transfer mechanisms.

We implement the following security measures to protect your data:

• TLS 1.3 encryption for all data transmitted between your browser and our servers.
• AES-256 encryption for sensitive data at rest, including financial records and identity documents.
• Multi-factor authentication for administrative access to our systems.
• Regular penetration testing and vulnerability assessments by independent security firms.
• Strict access controls ensuring that only authorised personnel can access personal data, on a need-to-know basis.
• Comprehensive logging and monitoring of all data access activities.
• Incident response procedures in compliance with GDPR breach notification requirements (72-hour notification to the supervisory authority).

Data Retention Periods

We retain your personal data for the following periods:

• Account data: For the duration of your account plus 10 years after account closure, as required by Czech gambling and anti-money laundering regulations.
• Transaction records: 10 years from the date of each transaction, as required by accounting and tax legislation.
• Identity verification documents: 10 years after account closure or last transaction.
• Marketing consent records: Until consent is withdrawn, plus 3 years for proof of consent.
• Technical logs: Up to 12 months from the date of collection.
• Support correspondence: 5 years after resolution of the inquiry.

5. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): You have the right to obtain confirmation as to whether we process your personal data and, if so, to request a copy of that data along with information about the purposes and categories of processing.
• Right to rectification (Art. 16): You have the right to request correction of inaccurate personal data or completion of incomplete data. You can update most account information directly in your profile settings.
• Right to erasure (Art. 17): You have the right to request deletion of your personal data ("right to be forgotten"), subject to our legal retention obligations. Please note that gambling regulatory requirements may prevent immediate erasure of certain data.
• Right to restriction (Art. 18): You have the right to request that we restrict processing of your data in certain circumstances, for example while we verify the accuracy of contested data.
• Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., CSV or JSON), and to transmit that data to another controller.
• Right to object (Art. 21): You have the right to object to processing based on legitimate interests, including profiling. You also have the right to object to direct marketing at any time.
• Right to withdraw consent: Where processing is based on your consent (e.g., marketing communications), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
• Right to lodge a complaint: You have the right to lodge a complaint with the Office for Personal Data Protection of the Czech Republic (UOOU), Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.

6. Cookie Policy

Our Platform uses cookies and similar tracking technologies. Cookies are small text files stored on your device that help us provide and improve our services.

6.1 Types of Cookies We Use

• Strictly necessary cookies: Essential for the operation of the Platform (e.g., session management, authentication, security). These cannot be disabled. Legal basis: legitimate interest.
• Functional cookies: Remember your preferences such as language, display settings, and recently played games. Legal basis: legitimate interest.
• Analytics cookies: Help us understand how visitors use the Platform, which pages are most popular, and where users encounter errors. We use Google Analytics with IP anonymisation enabled. Legal basis: consent.
• Marketing cookies: Used to deliver relevant advertising and measure the effectiveness of marketing campaigns. These may be set by third-party advertising partners. Legal basis: consent.

6.2 Managing Cookies

When you first visit our Platform, you will be presented with a cookie consent banner allowing you to accept or reject non-essential cookies. You can change your cookie preferences at any time through the cookie settings link in the footer of our website.

You can also control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. For more information about managing cookies, visit www.aboutcookies.org.

7. Automated Decision-Making

We may use automated processes for the following purposes:

• Fraud detection: Automated systems analyse transaction patterns and player behaviour to identify potentially fraudulent activity. Flagged accounts are always reviewed by a human operator before any action is taken.
• Responsible gambling monitoring: Automated tools monitor playing patterns to identify signs of problem gambling behaviour. Alerts are reviewed by trained responsible gambling staff who may contact you to offer support.
• AML screening: Automated checks against sanctions lists and politically exposed persons (PEP) databases during registration and periodically thereafter.

You have the right not to be subject to a decision based solely on automated processing that produces legal effects or significantly affects you. If you believe an automated decision has been made about you, you may contact us to request human review.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated to registered players via email and/or a notice on the Platform at least 14 days before they take effect. The "Last updated" date at the top of this policy indicates when the most recent revision was made.

9. Contact for Data Requests

To exercise any of your rights, or if you have questions about this Privacy Policy or our data processing practices, please contact our Data Protection Officer:

• Data Protection Officer: DPO, LuckysBet s.r.o.
• Email: dpo@luckysbet.cz
• Postal address: LuckysBet s.r.o., Attn: Data Protection Officer, Vodickova 710/31, 110 00 Prague 1, Czech Republic
• Phone: +420 222 333 445 (Mon-Fri, 9:00-17:00 CET)

We will respond to all data subject requests within 30 days of receipt. In complex cases, this period may be extended by an additional 60 days, in which case we will inform you of the extension and the reasons for it within the initial 30-day period.

For general customer support inquiries (not related to data protection), please visit our Support page.