burger icon
Virgin Games United Kingdom Default
Sign Up

Privacy Policy

This Privacy Policy explains how we collect, use, disclose and protect personal data when you visit or use the Virgin Bet services available via https://virginicaz.com (the "Site") and related products. It applies to website visitors, registered players and other individuals whose data we process in connection with our UK-licensed online gambling operations. This Privacy Policy is effective as of 6 November 2025 and is intended to comply with applicable UK data protection law, including the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018, through to at least the end of 2026 unless replaced or updated as described below.

Who We Are

OBSERVE: You need to know who controls your personal data and how to contact us. EXPAND: We identify the operating company, its registered office and relevant contact channels, including for data protection queries. REFLECT: This supports transparency and enables you to exercise your rights.

The controller responsible for processing your personal data in connection with Virgin Bet on https://virginicaz.com is:

Gamesys Operations Limited
Registered office / legal address: Suite 2, Floor 4, Waterport Place, Gibraltar, GX11 1AA
Operator of the Virgin Bet / Virgin Games platform for UK customers under UK Gambling Commission Remote Operating Licence number 38905.

For data protection matters, including any questions about this Privacy Policy or your rights, you may contact:

  • Data Protection Contact (Data Protection Officer or Data Protection Team)
    Email: [email protected] (please include "Data Protection" in the subject line for faster routing)
  • Website: https://virginicaz.com
  • Mail: Data Protection, Gamesys Operations Limited, Suite 2, Floor 4, Waterport Place, Gibraltar, GX11 1AA

Gamesys Operations Limited is licensed and regulated by the UK Gambling Commission (licence reference: 38905) for remote gambling services offered to players in the United Kingdom.

What Personal Data We Collect

OBSERVE: We must specify which personal data we process. EXPAND: We group data into categories matching how an online gambling operator functions (account, technical, payments, behaviour, compliance, marketing, support, cookies). REFLECT: This enables you to understand what data is involved and why.

Account and Identity Data

  • Full name, date of birth, gender (where provided), nationality.
  • Residential address, billing address, proof of address details (e.g. utility bill information).
  • Username, password, security questions and answers, authentication tokens.
  • Contact details: email address, mobile/telephone number.
  • Copies or details of identity documents (e.g. passport, driving licence, ID card), including document numbers, expiry dates and issuing country, where required for KYC/age/identity verification.

Technical and Usage Data

  • IP address, approximate location derived from IP, device identifiers, browser type and version, operating system, device type and settings.
  • Log data (date and time of access, pages viewed, clickstream, session IDs, referring URLs).
  • Information about your interactions with the Site, mobile apps or embedded content, including game selections, time spent, and navigation paths.

Payment and Financial Data

  • Partial payment card details (such as masked card number, card type, expiry date) to the extent required for processing deposits or withdrawals.
  • Bank account details, e-wallet identifiers or other payment instrument information, as needed to process payouts.
  • Transaction history, including deposits, withdrawals, bonuses, chargebacks, adjustments and currency.

Behavioural, Gaming and Risk Data

  • Betting, gaming and wagering history (games played, stakes, wins/losses, bonuses used, session lengths).
  • Records of self-exclusion, time-outs, reality checks, deposit limits and other responsible gambling tools you use.
  • Internal risk ratings, affordability assessments, source-of-funds indicators and other risk profiling information derived from your activity and information you provide.

Compliance and Due Diligence Data

  • Data processed for "know your customer" (KYC), anti-money laundering (AML) and counter-terrorist financing checks.
  • Information from sanctions lists, politically exposed persons (PEP) screening, fraud databases and other due diligence sources where legally allowed.
  • Copies of correspondence and records required for regulatory reporting and audit trails.

Marketing and Communication Data

  • Your marketing preferences (channels, topics, consent status, opt-out history).
  • Records of emails, SMS messages, push notifications and in-account messages we send and your interactions with them (opens, clicks, unsubscribes).

Customer Support and Communication Data

  • Information you provide when you contact us by email ([email protected]), live chat, or other channels.
  • Support tickets, chat logs, call notes and complaint handling records.

Cookies and Similar Technologies

  • Identifiers stored in cookies, SDKs, web beacons, pixel tags and similar technologies on your device.
  • Information about your interactions with our marketing content and partner sites when tracking technologies are used.

Where we request personal data to comply with a legal or regulatory requirement, or to enter into or perform a contract with you, failure to provide that data may mean you cannot open or maintain an account or may have limited access to certain services.

Legal Basis for Processing

OBSERVE: UK GDPR requires us to identify a lawful basis for each processing activity. EXPAND: As a UK-licensed gambling operator we rely primarily on contract, legal obligation, legitimate interests and consent for some marketing/cookies. REFLECT: We clarify how these bases apply so you can understand and, where relevant, exercise choices.

Performance of a Contract

We process your personal data where it is necessary to enter into and perform our agreement with you, including:

  • Creating, verifying and managing your Virgin Bet player account on virginicaz.com.
  • Providing access to games, processing bets, awarding winnings and administering promotions.
  • Processing deposits, withdrawals and account adjustments.
  • Providing customer support and resolving operational queries or disputes.

Compliance with Legal and Regulatory Obligations

We must comply with laws and regulations applicable to remote gambling and financial transactions, including the UK Gambling Act, AML/CTF regulations, responsible gambling requirements and accounting rules. This includes:

  • Age and identity verification, KYC and ongoing monitoring.
  • Fraud, money laundering and terrorist financing prevention and detection.
  • Responsible gambling monitoring, affordability checks and interventions.
  • Regulatory reporting to the UK Gambling Commission and other authorities.
  • Keeping records for legally mandated periods.

Legitimate Interests

We process certain data where it is necessary for our legitimate interests, provided these are not outweighed by your interests or fundamental rights and freedoms. Our legitimate interests include:

  • Securing the Site, preventing abuse, fraud and cheating, and protecting the integrity of games (including using monitoring, profiling and automated tools).
  • Improving and developing our products, services and user experience, including analytics and performance measurement.
  • Defending and enforcing legal rights, managing risk, obtaining professional advice and handling complaints or claims.
  • Direct electronic marketing to existing customers about similar products and services, where permitted by law and subject to your right to opt out at any time.

Consent

In some cases we rely on your consent, for example:

  • Where we send certain types of electronic marketing communications to you and consent is required by law.
  • Where we use non-essential cookies or similar technologies for analytics or advertising purposes.

You may withdraw your consent at any time as described in the "Your Rights" and "Cookies & Tracking Technologies" sections. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

Purpose of Processing

OBSERVE: We must explain why we use personal data. EXPAND: For an online gambling operator, purposes include service delivery, compliance, security, improvement and marketing. REFLECT: Stating purposes clearly helps ensure data is only used in compatible ways.

Providing and Managing Our Services

  • Setting up, administering and maintaining your player account for Virgin Bet on virginicaz.com.
  • Processing deposits, withdrawals, bets, game play and bonus participation.
  • Providing customer support and managing your communication requests.

Regulatory, Legal and Compliance Purposes

  • Conducting KYC, AML and other due diligence checks before and during your use of the services.
  • Monitoring for responsible gambling indicators and implementing appropriate measures (e.g. limits, time-outs, self-exclusions).
  • Meeting reporting, record-keeping and audit obligations under UK law and our UKGC licence (38905).

Security, Fraud Prevention and Risk Management

  • Validating identity to prevent account takeover, impersonation and other abuses.
  • Detecting and preventing fraud, collusion, bonus abuse, match-fixing and other prohibited activities.
  • Protecting our systems, games, and users through security monitoring, testing and incident response.

Analytics, Improvement and Service Development

  • Understanding how players use our Site and games in order to improve usability, performance and product offerings.
  • Testing new features, functionalities and promotions.
  • Compiling aggregated and anonymised statistics for internal reporting and business planning.

Marketing and Personalisation

  • Sending you service messages and legally permitted marketing about promotions, bonuses, new games or features, in accordance with your preferences.
  • Customising content and offers based on your activity and preferences where allowed by law.
  • Measuring the effectiveness of our marketing campaigns.

Disclosure & Sharing

OBSERVE: We must indicate with whom we share data and why. EXPAND: In regulated gambling, sharing commonly involves payment processors, technical providers, group entities, regulators and specific partners, subject to safeguards. REFLECT: Transparency about recipients supports accountability and user trust.

Service Providers and Technical Partners

  • Payment processors and banks that handle card payments, bank transfers, e-wallets and other payment methods.
  • IT and hosting providers that support our infrastructure, data storage, disaster recovery and cloud services.
  • Gaming and platform providers, including companies providing random number generator (RNG) and game content, audited by bodies such as eCOGRA for fairness and security.
  • Customer support tools (e.g. live chat platforms) that enable us to respond to your queries 24/7.
  • Analytics and performance tools to better understand service usage and improve our offerings, subject to cookie/consent requirements.

Regulators, Authorities and Compliance Partners

  • The UK Gambling Commission and other competent authorities where we are required to provide information for licensing, supervision, enforcement or reporting purposes, including responsible gambling statistics and AML reports.
  • Law enforcement agencies, courts, and regulatory or governmental bodies where disclosure is required by law or necessary to establish, exercise or defend legal claims.
  • Due diligence, sanctions screening and fraud prevention service providers and databases, where permitted by law, to assist with KYC/AML checks and risk management.

Group Companies and Corporate Transactions

  • Group entities within the wider corporate group, including companies ultimately owned by Bally's Corporation, where necessary for centralised operations, compliance, risk management, internal reporting or service provision, in each case subject to appropriate safeguards and intra-group agreements.
  • Third parties involved in a corporate transaction (merger, acquisition, restructuring, asset sale) involving Gamesys Operations Limited or its business, in which case data will only be shared as necessary and subject to confidentiality and data protection obligations.

Marketing, Affiliates and Advertising Partners

  • Marketing and advertising networks that display our advertisements on third-party websites or platforms, where cookies or similar technologies are used with your consent where required.
  • Affiliates and partners who refer players to virginicaz.com, to confirm referrals, calculate commissions and prevent fraud or abuse.

Other Disclosures

  • Professional advisers (lawyers, auditors, accountants, consultants) where necessary for the protection of our business and compliance with our obligations.
  • Any other third party where you have expressly consented to the disclosure.

Whenever we share personal data with third parties, we do so on the basis of appropriate legal grounds and, where required, written agreements that oblige those parties to protect the data and use it only for the specified purposes.

International Transfers

OBSERVE: Data may be stored or accessed outside the UK/EEA. EXPAND: As a Gibraltar-based operator in an international group, some transfers to other jurisdictions or cloud providers are likely. REFLECT: We explain safeguards such as adequacy decisions and standard contractual clauses.

Your personal data may be transferred to, and processed in, countries outside the United Kingdom and the European Economic Area ("EEA"), including where:

  • Our group companies, service providers or partners operate in other jurisdictions.
  • Cloud hosting, support or technical services are provided from data centres located abroad.

Where we transfer your personal data to a country that has not been deemed to provide an adequate level of data protection by the UK government, we implement appropriate safeguards, which may include:

  • Standard Contractual Clauses approved by the UK (and, where relevant, EU) authorities, supplemented by additional measures where necessary.
  • Intra-group data transfer agreements ensuring consistent protection across our corporate group.
  • Technical and organisational measures (such as encryption and access controls) to protect data in transit and at rest.

Details of the specific safeguards used for international transfers can be requested by contacting us at [email protected], subject to redaction of commercially sensitive information.

Data Retention

OBSERVE: We must state how long data is kept. EXPAND: Gambling operators are subject to minimum retention periods for AML and licensing; we also need operational retention aligned with purpose limitation. REFLECT: We provide indicative periods and criteria, consistent with UK expectations through 2026.

We keep personal data only for as long as reasonably necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, tax, accounting and reporting requirements, and to resolve disputes and enforce our agreements. Retention periods may vary depending on the type of data and our regulatory obligations. In general:

  • Account and identity data: Retained for the life of your account and typically for up to 5 - 7 years after account closure or your last transaction, to meet AML, gambling regulatory and record-keeping obligations.
  • Transaction and gaming data: Retained for at least 5 - 7 years from the date of the relevant transaction or activity for regulatory, audit and legal purposes.
  • KYC and AML documentation: Retained for minimum periods set by applicable AML laws and UK Gambling Commission requirements, often 5 years from the end of the business relationship or the date of the last transaction, whichever is later.
  • Marketing and communication preferences: Retained while you have an active account and for a short period thereafter (typically up to 2 years) to document consent/opt-out history, unless a longer period is needed to evidence compliance.
  • Customer support data and complaints: Retained for the duration necessary to address your request and for an additional period (commonly 3 - 6 years) to establish, exercise or defend legal claims and demonstrate regulatory compliance.
  • Technical logs and security data: Retained for periods appropriate to security and fraud-prevention needs, usually from several months up to a few years, depending on the nature of the logs and any incidents.

When personal data is no longer required for the purposes described above, we will either securely delete it, anonymise it (so that it can no longer be associated with you) or aggregate it for statistical purposes. Where you exercise certain rights (for example, erasure), we will comply subject to our legal and regulatory retention obligations.

Your Rights

OBSERVE: Under UK GDPR, individuals have specific rights regarding their personal data. EXPAND: We explain each right, how to use it, timeframes and costs, while also acknowledging general international standards (including alignment with broad global principles, though our primary regime is UK). REFLECT: Clear procedures empower you and demonstrate compliance.

Overview of Your Data Protection Rights

Subject to conditions and exceptions set out in UK data protection law, you have the following rights in relation to your personal data:

  • Right of access: To obtain confirmation as to whether we process your personal data and, if so, to receive a copy of your data along with certain information about how we use it.
  • Right to rectification: To have inaccurate or incomplete personal data corrected or completed.
  • Right to erasure ("right to be forgotten"): To request deletion of your personal data where, for example, it is no longer needed for the purposes for which it was collected, or you have withdrawn consent and no other legal basis applies. This right may be limited where we must retain data to comply with legal or regulatory obligations (for example, AML or gambling regulations).
  • Right to restriction of processing: To request that we limit the processing of your personal data in certain circumstances, such as while we verify its accuracy or consider an objection.
  • Right to object: To object to processing based on our legitimate interests and to object at any time to processing for direct marketing purposes (including profiling related to such marketing). If you object to marketing, we will stop sending it.
  • Right to data portability: To receive personal data that you have provided to us, in a structured, commonly used and machine-readable format, and to request that we transmit that data to another controller where technically feasible and where the processing is based on consent or contract and carried out by automated means.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw your consent at any time. This will not affect the lawfulness of processing carried out before withdrawal, but may affect our ability to provide certain services or features.

How to Exercise Your Rights

  1. Submit your request: You can exercise your rights by:
    • Emailing us at [email protected] with "Data Protection Request" in the subject line; or
    • Using any dedicated privacy or contact form provided within your virginicaz.com account (where available).
  2. Verification: We may ask you to provide information to confirm your identity (for example, confirming account details or providing identity documentation) to ensure that personal data is not disclosed to anyone who has no right to receive it.
  3. Response timeframe: We aim to respond to all valid requests within one month of receipt. If your request is particularly complex, or you have made multiple requests, we may extend this period by up to a further two months, in which case we will inform you of the extension and reasons.
  4. Fees: We will handle your rights requests free of charge. However, we may charge a reasonable fee or refuse to act on a request that is manifestly unfounded, excessive or repetitive, in accordance with applicable law.
  5. Limitations: Your rights are not absolute. For example, we may retain certain data to comply with legal obligations (such as those relating to AML and gambling regulation), to establish, exercise or defend legal claims, or for other legitimate reasons permitted by law. Where we decline all or part of a request, we will explain why.

Nothing in this Privacy Policy affects any rights you may have under other applicable privacy or consumer protection laws in your jurisdiction, to the extent they apply, though our primary regulatory framework for personal data in relation to Virgin Bet on virginicaz.com is the UK GDPR and UK data protection law.

Cookies & Tracking Technologies

OBSERVE: Cookies are essential for online gambling services and marketing. EXPAND: We describe types, purposes and how to manage them. REFLECT: This supports informed consent and control.

Types of Cookies We Use

  • Strictly necessary cookies: Essential for the operation of the Site and to enable you to log in, navigate the platform, place bets, manage your account and maintain security. These cannot be switched off via our systems, though you may block them in your browser (which may impair site functionality).
  • Functional cookies: Allow the Site to remember your choices (e.g. language, region, preferences) and provide enhanced, more personalised features.
  • Analytics/performance cookies: Help us understand how visitors and players use the Site, which pages are most popular, and how campaigns perform, so we can improve services. These may be set by us or by third-party analytics providers.
  • Advertising/targeting cookies: Used to deliver relevant advertisements to you on our Site or third-party sites, measure the effectiveness of campaigns, and limit how often you see a particular advert. These may be set by us or by our advertising partners.
  • Session vs. persistent cookies: Session cookies are temporary and expire when you close your browser. Persistent cookies remain on your device for a fixed period or until deleted.

Managing Cookies and Similar Technologies

  • You may be presented with a cookie banner or preference centre when you first visit virginicaz.com or after significant changes, allowing you to accept or manage non-essential cookies.
  • You can modify your cookie preferences at any time via:
    • Our on-site cookie settings or preference tools (where provided); and/or
    • Your browser settings, which usually allow you to block, delete or disable cookies.
  • If you block or delete cookies, some features of the Site may not function properly, and your user experience may be affected.

For more detailed information about specific cookies used on virginicaz.com (including their names, purpose and duration), please refer to any dedicated Cookie Policy or cookie list made available on the Site.

Data Security

OBSERVE: Protecting personal data is fundamental, especially in online gambling. EXPAND: We outline technical and organisational measures, referencing common standards and best practices. REFLECT: While we cannot guarantee absolute security, we show that robust safeguards are in place.

Technical and Organisational Measures

  • Encryption: We use industry-standard encryption technologies, such as TLS 1.2+ for data transmitted between your browser and our servers. Sensitive data is protected using encryption or equivalent safeguards at rest and in transit.
  • Access controls: Access to personal data is restricted to authorised personnel and service providers who need it to perform their duties and who are subject to confidentiality obligations.
  • Authentication and account security: We implement authentication and session management controls and may support multi-factor authentication or additional verification steps for high-risk actions.
  • Network and system security: We use firewalls, intrusion detection/prevention systems, anti-malware controls, security logging and monitoring to protect our infrastructure.
  • Secure development and testing: Our systems and applications are developed using security-by-design principles, and we conduct regular testing, vulnerability management and, where appropriate, penetration testing.

Governance, Training and Incident Response

  • Policies and procedures: We maintain internal policies, procedures and controls addressing data protection, information security and incident response, aligned with recognised standards and good industry practice (including frameworks comparable to ISO 27001 and SOC 2 where applicable to our providers and infrastructure).
  • Staff training: Employees with access to personal data receive training on data protection, confidentiality, security requirements and how to recognise and respond to potential incidents.
  • Third-party oversight: We conduct due diligence on service providers that process personal data on our behalf and require them to implement appropriate security measures.
  • Incident response: We have procedures in place to detect, respond to and remediate security incidents. Where required by law, we will notify the relevant supervisory authority and affected individuals of certain personal data breaches without undue delay.

While we take extensive steps to protect your personal data, no system can be completely secure. You are also responsible for keeping your login details confidential and taking reasonable steps to protect your account and devices.

Complaints & Contacts

OBSERVE: Individuals must know how to contact us and regulators if they are dissatisfied. EXPAND: We outline internal complaint steps, response times and escalation to supervisory authorities. REFLECT: This supports accountability and offers clear routes for redress.

Contacting Us About Privacy

  • Email: [email protected] (include "Privacy" or "Data Protection" in the subject line).
  • Post: Data Protection, Gamesys Operations Limited, Suite 2, Floor 4, Waterport Place, Gibraltar, GX11 1AA.
  • On-site tools: You may also contact us via live chat (available 24/7) or any online feedback/contact forms provided on virginicaz.com.

Internal Complaint Procedure

  1. Initial contact: Submit your privacy-related question or complaint using one of the channels above, providing sufficient detail to allow us to understand your concerns (for example, account ID, relevant dates, and a description of the issue).
  2. Acknowledgement: We will acknowledge receipt of your complaint as soon as reasonably practicable, generally within a few working days.
  3. Investigation: We will investigate your complaint, which may involve reviewing records, consulting relevant teams and, where necessary, asking you for additional information.
  4. Response: We aim to provide a substantive response within one month of receiving a complete complaint. If we cannot respond within this period (for example, because the matter is particularly complex), we will inform you of the delay and the expected timeframe for a final response.

Escalation to Supervisory Authorities

If you are not satisfied with our response or believe that we are processing your personal data in breach of data protection law, you have the right to lodge a complaint with a data protection supervisory authority. For UK-based players using Virgin Bet on virginicaz.com, the primary supervisory authority is:

  • Information Commissioner's Office (ICO)
    Website: https://ico.org.uk
    Telephone (UK): 0303 123 1113
    Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

You may also have the right to bring a claim before a court. Nothing in this Privacy Policy limits your right to contact or lodge a complaint with any competent data protection authority that may have jurisdiction over you, to the extent applicable, though our core regulatory obligations arise under UK law.

Updates

OBSERVE: Privacy policies evolve as services and law change. EXPAND: We describe how changes are communicated, effective dates and user options. REFLECT: Advance notice and clarity support fairness and transparency.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our services, technology, legal or regulatory requirements, or our internal practices. When we make material changes, we will take appropriate steps to inform you.

Notification Procedures

  • On-site notices: We will post the updated Privacy Policy on virginicaz.com, indicating the "Last updated" date at the top or bottom of the document.
  • Email and account notifications: Where changes are material, we will notify you via email (to the address linked to your account) and/or via in-account messages or banners when you next log in.
  • Advance notice: For significant changes that materially affect your rights or the way we process your data, we will, where reasonably practicable, provide at least 30 days' advance notice before the changes take effect.

Version Control and User Choices

  • The "Last updated" date for this version is 6 November 2025, and it is intended to remain in force, subject to updates, through at least the end of 2026.
  • In the case of material changes, we may provide a brief summary or "changelog" highlighting key modifications (for example, new purposes of processing, new categories of recipients or significant changes in legal bases).
  • If you do not agree with an updated version of this Privacy Policy, you may choose to stop using Virgin Bet services on virginicaz.com and, where applicable, request account closure via customer support. Continued use of the services after the effective date of an update will be treated as acceptance of the updated Privacy Policy, to the extent permitted by law.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us via [email protected].