At VeryWell Casino, operated by Cerberlot N.V., we take the privacy and protection of your personal data extremely seriously. This Privacy Policy explains how we collect, use, store and share your information when you use our website at verywell.me.uk and related services.
We are committed to complying with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 and all other applicable data protection legislation. By using our services, you acknowledge that you have read and understood this Privacy Policy.
What Personal Data We Collect
We collect personal data that you provide directly to us during account registration, identity verification, payment transactions and customer support interactions. This includes your full name, date of birth, email address, telephone number (+441241340802 is our contact line — your number is collected for verification purposes), residential address, government-issued identification documents and financial information such as payment card details.
We also collect data automatically when you use our website, including your IP address, browser type and version, operating system, device information, pages visited, time spent on pages, referral sources and clickstream data. This information is gathered through cookies, web beacons and similar tracking technologies as described in our Cookie Policy.
In certain circumstances, we may receive personal data from third-party sources, including identity verification services, fraud prevention agencies, payment processors and regulatory bodies. We only collect data that is necessary for the purposes described in this policy.
How We Use Your Personal Data
We process your personal data for the following purposes: to create and manage your account; to verify your identity and comply with KYC and anti-money laundering regulations; to process deposits, withdrawals and other financial transactions; to provide customer support; to send important service communications; and to detect, prevent and investigate fraud, security breaches and other prohibited activities.
Where you have provided consent, we may also process your data for marketing purposes, including sending promotional offers, newsletters and personalised recommendations. You can withdraw your marketing consent at any time by updating your account preferences or contacting us at [email protected].
Our legal bases for processing your personal data under GDPR include: performance of our contract with you (providing gaming services), compliance with legal obligations (KYC, AML, licensing requirements), your consent (marketing communications) and our legitimate interests (fraud prevention, service improvement, business analytics).
Data Sharing and Third Parties
We may share your personal data with trusted third parties who assist us in operating our platform and delivering our services. These include payment processors (for transaction handling), identity verification providers (for KYC compliance), game software providers, cloud hosting and infrastructure partners, and customer support tools.
All third-party service providers are contractually bound to process your data only in accordance with our instructions and applicable data protection laws. We require all third parties to maintain appropriate technical and organisational security measures to protect your data.
We may also disclose your personal data where required by law, regulation, court order or governmental authority request. Additionally, we may share anonymised, aggregated data that cannot identify you for business analytics, research and statistical purposes.
Data Storage, Security and Retention
We store your personal data on secure servers protected by industry-standard encryption (SSL/TLS), firewalls, access controls and intrusion detection systems. All sensitive data, including payment information, is encrypted both in transit and at rest using AES-256 encryption.
Access to personal data is restricted to authorised personnel on a need-to-know basis. All staff with access to player data are bound by strict confidentiality obligations and undergo regular data protection training.
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, regulatory and reporting requirements. Account data is retained for a minimum of 5 years following account closure, in accordance with anti-money laundering regulations. After the retention period expires, data is securely deleted or anonymised.
Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse site usage and deliver personalised content. Cookies are small text files stored on your device when you visit our website.
We use essential cookies (required for the website to function), performance cookies (to analyse how visitors use our site), functionality cookies (to remember your preferences) and targeting cookies (to deliver relevant advertisements). For full details on the types of cookies we use and how to manage them, please refer to our dedicated Cookie Policy.
You can manage your cookie preferences through your browser settings or our cookie consent banner. Please note that disabling certain cookies may affect the functionality of our website.
Your Rights Under GDPR
Under the GDPR and UK Data Protection Act 2018, you have the following rights regarding your personal data: the right of access (to request a copy of the data we hold about you), the right to rectification (to correct inaccurate or incomplete data), the right to erasure (to request deletion of your data in certain circumstances), and the right to restriction of processing.
You also have the right to data portability (to receive your data in a structured, machine-readable format), the right to object to processing based on legitimate interests or for direct marketing purposes, and the right not to be subject to automated decision-making including profiling that produces legal or similarly significant effects.
To exercise any of these rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within 30 days, in accordance with GDPR requirements. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority (in the UK, the Information Commissioner's Office at ico.org.uk).
International Data Transfers
As Cerberlot N.V. is registered in Curaçao, your personal data may be transferred to and processed in countries outside the United Kingdom and European Economic Area. We ensure that any such transfers are carried out in compliance with GDPR and UK data protection laws.
Where we transfer personal data internationally, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions and binding corporate rules where applicable.
We regularly review our data transfer mechanisms to ensure they provide an adequate level of protection for your personal data. If you have any questions about international data transfers, please contact us at [email protected].
