PLAY

Privacy Policy

Definitions

To make this Policy easier to read, the following terms have the meanings below.

Personal Data
Any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable directly or indirectly, for example by name, ID number, location data, online identifier, or factors specific to that person’s identity.

Processing
Any operation performed on Personal Data, automated or not, such as collecting, recording, organizing, storing, adapting, retrieving, using, disclosing, restricting, erasing, or destroying.

Profiling
Automated Processing used to evaluate personal aspects (e.g., preferences, interests, reliability, behavior, location, or economic situation).

Controller
The entity that determines the purposes and means of Processing Personal Data.

Processor
An entity that processes Personal Data on behalf of the Controller.

Recipient
A person or entity to whom Personal Data is disclosed (excluding certain public authorities acting within legal inquiries).

Third Party
An entity other than the data subject, Controller, Processor, or authorized persons acting under their authority.

Consent
A freely given, specific, informed, and unambiguous indication of your wishes, expressed by statement or clear affirmative action.

Personal Data Breach
A security breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.

Group of Undertakings
A controlling undertaking and its controlled undertakings.

Supervisory Authority
An independent public authority established pursuant to Article 51 GDPR.

General

This Privacy Policy explains how we collect, use, store, and protect Personal Data when you use our website and services. Together with our Terms and Conditions and Cookie Policy, it forms the basis on which we process your Personal Data.

By registering a Player Account or using the website, you confirm that you have read and understood this Privacy Policy. If you do not accept it or choose not to provide required information, access to certain features and services may be limited.

We may update this Privacy Policy from time to time. Any changes become effective once published on this page. Continued use of the website after an update constitutes acceptance of the revised Policy.

Age restriction
This website is intended only for persons aged 18+. We do not knowingly collect Personal Data of minors. If we become aware that Personal Data of a person under 18 has been collected, we handle it in accordance with applicable law and take steps to restrict access and address the situation.

Who we are

Hollycorn N.V.
Registered address: Heelsumstraat 51 E-Commerce Park, Curaçao

For the purposes of data protection law, Hollycorn N.V. acts as the Controller of your Personal Data when you use the Website.

Because we operate in a regulated environment, we have legal obligations to process certain Personal Data to provide gaming services, conduct identity and security checks, and comply with anti-money laundering and responsible gaming requirements.

Quick facts at a glance

TopicWhat it means for you
Why we collect dataTo provide the service, secure accounts, process payments, comply with legal duties, and prevent fraud/abuse
Main data sourcesInformation you provide, technical/cookie data, gameplay and transaction records, verification providers
Where data may goPayment providers, KYC/AML vendors, game providers, analytics tools, regulators where required by law
International transfersMay occur; we apply safeguards such as Standard Contractual Clauses where applicable
Retention periodKept as long as necessary; in many cases at least 5 years after last transaction/account closure where legally required
Your rightsAccess, correction, restriction, objection, portability, withdrawal of consent (where used), complaint to authority

Information we collect

5.1 Information you provide

This may include information submitted when you:

  • create an account and complete registration forms

  • make deposits, withdrawals, and place bets

  • claim bonuses or participate in promotions

  • submit verification documents (KYC), including proof of identity, proof of address, and information about source of funds/wealth where required

  • contact customer support or submit complaints through available support channels

Examples of data: name, username, date of birth, residential address, country of residence, identification number, phone number, payment-related details, copies/images of identity and address documents, and other information you provide voluntarily.

5.2 Technical and device information

This may include:

  • IP address and approximate location derived from it

  • login information and security events

  • browser type/version, device identifiers, operating system

  • time zone and language settings

  • cookie identifiers and similar technologies (see Cookie Policy)

  • page interactions, URLs visited, and error logs

5.3 Gameplay and usage information

This may include:

  • games played, session duration, and in-game activity

  • responsible gaming settings (limits, exclusions, history)

  • bonus usage, wagering activity, and related patterns

  • risk and fraud signals connected to gameplay behavior

5.4 Information from third parties

We may receive information from:

  • identity, age, address, and payment verification providers

  • AML screening providers (e.g., PEP/sanctions databases)

  • fraud prevention and cybersecurity vendors

  • advertising/affiliate networks (where applicable), analytics providers

  • other websites/services operated by our Group (if you use more than one brand/site)

We use such information to improve security, detect abuse, comply with legal obligations, and operate the service effectively.

Categories of Personal Data

We group Personal Data into the categories below:

  • Identity Data: name, date of birth, gender, username, account identifiers

  • Contact Data: residential address, phone number, other contact methods available in your profile

  • Financial Data: payment method details, bank/payment account identifiers, source of funds/wealth information where required

  • Transaction Data: deposits, withdrawals, wagering, chargeback and payment events

  • Technical Data: IP address, device details, browser data, time zone, platform data

  • Usage Data: login activity, duration of play, pages viewed, promotions claimed, settings and preferences

  • Marketing & Communications Data: opt-in/opt-out preferences and communication history (where applicable)

Special categories of data (limited cases):
In certain situations and where required by law, we may process information that could be considered sensitive, for example responsible gaming indicators that may relate to wellbeing, or data indirectly revealing racial/ethnic origin from identity documents. We limit access and apply additional safeguards to such data.

How we use your information

We process Personal Data for the following purposes:

7.1 To provide the service and manage your account

  • create and administer your Player Account

  • provide access to games and website functions

  • process deposits and withdrawals

  • manage bonuses, promotions, and loyalty/VIP features

  • handle support requests and complaints

7.2 To comply with legal and regulatory obligations

  • KYC verification and ongoing monitoring

  • AML and counter-terrorism financing checks

  • responsible gaming obligations and monitoring where required

  • record-keeping duties imposed by gaming and financial regulations

7.3 To protect the Casino, players, and integrity of the platform

  • detect and prevent fraud, chargebacks, multi-accounting, bonus abuse, and other prohibited conduct

  • investigate suspicious activity and enforce Terms and Conditions

  • secure the website and prevent unauthorized access

7.4 To improve and personalize the website (where permitted)

  • analyze performance, troubleshoot issues, and improve user experience

  • understand which features are useful and how the site is used

  • optimize content presentation for devices and browsers

7.5 Marketing and promotions (where applicable)

Where permitted by law and depending on your settings and choices, we may use certain data to:

  • provide promotional communications

  • display relevant offers on-site

  • measure advertising effectiveness

You can control marketing preferences through your account settings where such features are available.

Lawful bases for processing

We rely on one or more of these legal bases under GDPR (where applicable):

  • Performance of a contract: to provide the services you request and operate your account

  • Legal obligation: to comply with AML/KYC, gaming regulation, and record-keeping rules

  • Legitimate interests: fraud prevention, security, service improvement, and business protection (balanced against your rights)

  • Consent: where required, such as certain marketing activities or optional features

Summary table

Data typeTypical purposeLegal basis (examples)
Identity & Contact DataAccount creation, verification, supportContract; legal obligation
Verification documentsKYC/AML complianceLegal obligation
Financial & Transaction DataPayments, closed-loop controls, AMLContract; legal obligation; legitimate interests
Technical & Usage DataSecurity, restricted-country checks, site improvementLegal obligation; legitimate interests
Gameplay dataService provision, fairness, compliance monitoringContract; legal obligation
Marketing preferencesPromotions and communications (where permitted)Consent or legitimate interests (depending on jurisdiction)

Profiling and risk assessments

To protect the platform and meet legal obligations, we may use limited profiling techniques as part of fraud prevention, AML monitoring, and responsible gaming measures. Final decisions that materially affect your account are generally subject to human review.

We do not disclose the full logic of certain risk systems where doing so could enable circumvention of controls designed to protect the Casino and comply with legal obligations.

Sharing your Personal Data

We may share Personal Data with trusted third parties when necessary to operate our service, comply with law, or protect the platform. We require contractual safeguards and confidentiality commitments where appropriate, and we share only what is necessary.

10.1 Who we may share data with

  • Group companies (where required for fraud prevention, AML, responsible gaming, and operational support)

  • Payment providers and banking partners to process transactions and refunds

  • KYC/AML and fraud prevention vendors for verification, screening, and risk checks

  • Game providers where limited data is required to deliver games and ensure security (e.g., technical identifiers)

  • Analytics and technical service providers for performance, security, and troubleshooting

  • Regulators, law enforcement, and public authorities where required or authorized by law

  • Professional advisors (lawyers, auditors, consultants) where necessary for legal claims, compliance, and risk management

International data transfers

Your Personal Data may be transferred to and processed in countries outside the EU/EEA when required to provide the service or use certain vendors.

When such transfers occur, we implement appropriate safeguards to protect your data, such as:

  • Standard Contractual Clauses approved by the European Commission

  • vendor due diligence and contractual security obligations

  • access controls and data minimization

By using the Website, you acknowledge that such transfers may occur with appropriate safeguards in place.

Data retention

We retain Personal Data only as long as necessary for the purposes described in this Policy, including legal, regulatory, accounting, and reporting requirements.

Key points:

  • retention periods depend on data type, purpose, and legal obligations

  • after account closure, certain records may be kept where required for regulatory compliance, AML obligations, dispute resolution, fraud prevention, and financial auditing

  • in many licensed gaming contexts, we may be required to retain specific data for a minimum of five (5) years after the last transaction or account closure

  • we may keep anonymized or aggregated data for analytics and service improvement, where it no longer identifies you

Requests to erase data may be limited where retention is required by law or necessary to establish, exercise, or defend legal claims.

Your rights

Depending on applicable law (including GDPR where relevant), you may have the right to:

  • Access your Personal Data and receive a copy

  • Correct inaccurate or incomplete Personal Data

  • Request erasure where there is no legal basis to retain data (subject to legal retention duties)

  • Object to Processing based on legitimate interests in certain circumstances

  • Restrict Processing in specific cases (e.g., dispute about accuracy)

  • Data portability for certain data processed by automated means based on consent or contract

  • Withdraw consent at any time where Processing is based on consent (does not affect prior Processing)

  • Lodge a complaint with a Supervisory Authority

To protect your account, we may ask for additional information to verify identity before fulfilling a rights request.

Response time: we aim to respond within one month. Complex requests or multiple requests may require additional time, and we may inform you accordingly.

Automated decision-making

We generally do not rely on fully automated decision-making that produces legal or similarly significant effects. Where such processing is used in a specific case and disclosure is required by law, we will provide the relevant information.

Security of your data

We take security seriously and apply reasonable technical and organizational measures designed to protect Personal Data, including:

  • encryption in transit where applicable (e.g., SSL/TLS)

  • access controls and least-privilege policies

  • monitoring, logging, and fraud detection tools

  • internal confidentiality obligations for staff and contractors

  • secure account access using unique credentials and optional additional protections where available (e.g., 2FA)

You are responsible for keeping your login credentials confidential and for using secure practices when accessing your account.

Contact and requests

If you have questions about this Privacy Policy or want to exercise your rights, you can contact us using the contact form available on the About Us page.