burger icon
Kings United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Kings on https://kingsgam.com uses personal data so that you can understand what we collect, why we collect it, how we protect it, and which choices and rights you have. It applies to (i) website visitors, (ii) players who register for an account, and (iii) individuals who communicate with us (for example, via support channels) in connection with our services on kingsgam.com. Effective date: 6 November 2025.

Who We Are

OBSERVE: The Kings casino services presented on kingsgam.com are operated for UK players under a UK Gambling Commission licence.

EXPAND: UK privacy compliance requires clear identification of the controller/operator, a service contact route, and a dedicated privacy contact (DPO or data protection function), including for rights requests and complaints. Where some corporate identifiers are not available in the provided profile, we must be transparent and direct users to request them via the privacy contact.

REFLECT: For the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018), the operator is:

  • Operator / Controller: AG Communications Limited
  • Registered address: 135 High Street, Sliema, SLM 1548, Malta
  • UK Gambling Commission licence: 39483 (public register: https://gamblingcommission.gov.uk/public-register/business/detail/39483)
  • Company registration number: Not specified in the available profile data (you may request this from our Data Protection contact below).
  • Tax identification: Not specified in the available profile data (you may request this from our Data Protection contact below).

Data Protection Contact (DPO / Data Protection Department): If you have questions, want to exercise your rights, or wish to raise a privacy concern, contact our Data Protection function using the channels below. Where a value is not published in the available profile data, we will provide it upon request through this route.

  • Website: https://kingsgam.com
  • Privacy / data protection email: Not specified (request via support channels on kingsgam.com)
  • Phone (main office): Not specified
  • Contact form: Not specified (use available support/contact route on kingsgam.com)
  • Postal address for privacy correspondence: Data Protection Department, AG Communications Limited, 135 High Street, Sliema, SLM 1548, Malta

What Personal Data We Collect

OBSERVE: Kings needs data to create accounts, provide gambling services, process payments, meet UKGC/AML requirements, and keep the site secure.

EXPAND: UK GDPR requires data minimisation and transparency: we should disclose data categories (including behavioural and technical), sources, and whether data is required or optional. Gambling operations also typically involve identity verification, affordability/risk checks, fraud prevention, and responsible gambling signals.

REFLECT: Depending on how you use kingsgam.com, we may collect and process the following categories:

Account and identity data

  • Personal identifiers: full name, date of birth, username, password (hashed), gender (if provided), nationality (where needed for compliance).
  • Contact details: email address, telephone number, residential address.
  • Verification (KYC) data: identity document details, document images, proof of address, and verification outcomes (including checks against sanctions/PEP lists where required).

Financial and transaction data

  • Payment data: deposit and withdrawal amounts, timestamps, payment method type, partial card details (e.g., last four digits), bank/wallet identifiers, payment status and processor references. We do not intentionally store full card CVV codes.
  • Transaction history: statements, bonus/credit conversions, chargeback indicators and related communications.

Gameplay and behavioural data

  • Gambling activity: betting and gaming history, stakes, wins/losses, session duration, game preferences.
  • Responsible gambling signals: self-exclusion/timeout settings, limit settings, interaction history with safer gambling tools, and risk indicators used to comply with UKGC requirements.
  • Site usage: clicks, pages viewed, navigation patterns, referral sources, and engagement with communications (for example, email opens where tracking is enabled and permitted).

Technical, device and log data

  • Device and network data: IP address, device identifiers, browser type/version, operating system, language, time zone, approximate location inferred from IP.
  • Security and audit logs: login timestamps, authentication events, failed login attempts, fraud/risk flags, and other diagnostic logs.

Cookies and similar technologies

  • Cookie data: identifiers and preferences stored via cookies, SDKs, pixels or similar tools (see the Cookies section below for details and controls).

Communications and support data

  • Support content: messages, emails, chat transcripts, call notes (and recordings where legally permitted and notified), and attachments you provide.

Legal Basis for Processing

OBSERVE: Under UK GDPR, each processing activity must have a lawful basis; gambling operations add legal obligations (KYC/AML, safer gambling) and strong security needs.

EXPAND: We must align purposes with lawful bases and explain when consent is used (especially for marketing and non-essential cookies). We also need to highlight that certain processing is mandatory to provide services or meet legal duties.

REFLECT: We rely on the following lawful bases, depending on the context:

  • Contract (UK GDPR Article 6(1)(b)): to create and administer your Kings account on kingsgam.com, provide games, process deposits/withdrawals, apply bonuses, and deliver customer support.
  • Legal obligation (Article 6(1)(c)): to comply with applicable laws and regulator requirements, including UK Gambling Commission (UKGC) licence obligations, anti-money laundering (AML) and counter-terrorist financing requirements, age verification, record-keeping, and reporting obligations.
  • Legitimate interests (Article 6(1)(f)): to secure our services, prevent fraud, defend legal claims, improve site performance, ensure network and information security, conduct internal analytics, and manage risk - balanced against your rights and expectations.
  • Consent (Article 6(1)(a)): for optional marketing communications (where required), and for non-essential cookies/third-party tracking where you are given a choice. You can withdraw consent at any time (see "Your Rights").

Special category/criminal offence data note: We do not seek to process special category data unless strictly necessary and permitted by law. Where we must process data related to criminal convictions/offences (for example, for AML/fraud screening), we do so under applicable legal safeguards.

Purpose of Processing

OBSERVE: Data is used to operate Kings on kingsgam.com, maintain compliance, and protect players and the business.

EXPAND: Purposes should be specific and understandable, including gambling-specific use cases: identity checks, safer gambling interventions, fraud prevention, and regulatory reporting.

REFLECT: We use personal data for the following purposes:

  • Service delivery: account creation, authentication, enabling gameplay, processing deposits/withdrawals, administering bonuses/promotions, and providing customer support.
  • Identity, age, and compliance checks: KYC/age verification, AML/CTF monitoring, sanctions/PEP screening where required, and maintaining records required by applicable law and UKGC guidance.
  • Safer gambling and player protection: enabling limits, self-exclusion, timeouts, monitoring for indicators of harm, contacting you when appropriate, and complying with UKGC safer gambling expectations (including GamStop participation where applicable to the licence holder's obligations).
  • Security and fraud prevention: detecting and preventing account takeovers, collusion, bonus abuse, chargeback fraud, and other misuse of kingsgam.com.
  • Analytics and service improvement: troubleshooting, performance monitoring, product improvement, and reporting (preferably using aggregated or pseudonymised data where feasible).
  • Marketing (where permitted): sending marketing messages and offers about Kings on kingsgam.com, subject to your preferences and applicable consent requirements.
  • Legal and dispute management: establishing, exercising, or defending legal claims, responding to lawful requests, and handling complaints.

Disclosure & Sharing

OBSERVE: Operating an online casino requires third parties (payment processors, verification providers, hosting, analytics) and may involve disclosures to regulators like the UKGC.

EXPAND: We must disclose categories of recipients, reasons for sharing, and controls (data processing agreements, confidentiality, minimisation). We should also clarify marketing/advertising sharing is consent-based where required.

REFLECT: We may share personal data in the following circumstances:

Service providers (processors)

  • Payment partners: banks, card acquirers, payment gateways, e-wallet providers, and fraud/chargeback management services to process transactions and manage risk.
  • KYC/AML and verification providers: age/identity verification, document verification, sanctions/PEP screening, and risk scoring services to meet legal and licence obligations.
  • Technology providers: hosting, cloud infrastructure, content delivery networks, email delivery, customer support tooling, and security monitoring.
  • Analytics providers: to understand performance and improve the user experience, using cookie consent where required.

Regulators, authorities, and legal recipients

  • Regulators: including the UK Gambling Commission where required for licensing oversight or audits (see licence record: https://gamblingcommission.gov.uk/public-register/business/detail/39483).
  • Law enforcement and competent authorities: when required by law, court order, or to prevent/identify crime and fraud.
  • Professional advisers: lawyers, auditors, and consultants under confidentiality obligations.

Affiliates and advertising networks

  • Affiliate tracking: we may share limited identifiers (for example, referral IDs) to attribute traffic and pay marketing partners, using appropriate contractual and technical controls.
  • Advertising/retargeting: where cookies or similar technologies are used for advertising, this is managed via your cookie choices and applicable consent requirements.

Corporate events

  • Reorganisation: if we are involved in a merger, acquisition, restructuring, or asset sale, data may be transferred subject to confidentiality and applicable law.

International Transfers

OBSERVE: The operator address provided is in Malta and the platform ecosystem may involve global vendors; UK users' data may be transferred outside the UK.

EXPAND: UK GDPR requires transparency about transfers and safeguards (UK IDTA / UK Addendum to EU SCCs, adequacy regulations). "Privacy Shield" is not a valid UK/EU transfer mechanism; we should instead reference adequacy and SCC/IDTA options.

REFLECT: Your personal data may be processed in the United Kingdom, Malta, and other jurisdictions where our group companies, infrastructure providers, payment partners, verification suppliers, and support teams operate. When we transfer personal data outside the UK, we apply appropriate safeguards, such as:

  • Adequacy regulations: transfers to countries recognised by the UK Government as providing an adequate level of protection.
  • UK transfer safeguards: the UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to the EU Standard Contractual Clauses, as applicable.
  • Additional measures: risk assessments, data minimisation, encryption, and contractual obligations for confidentiality and security.

If you want more information about the specific safeguards used for a particular transfer, you may request it via our Data Protection contact details in the "Who We Are" section.

Data Retention

OBSERVE: Gambling services require retaining certain records for compliance (AML, disputes, auditing) beyond account closure, while UK GDPR requires not keeping data longer than necessary.

EXPAND: We should provide clear retention ranges by category and state that legal obligations can override deletion requests. We must also define deletion/anonymisation triggers.

REFLECT: We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to meet legal, regulatory, accounting, and reporting requirements. Typical retention periods are:

  • Account profile data: generally up to 5 years after account closure, unless a longer period is required for legal/regulatory reasons or to resolve disputes.
  • KYC/AML and due diligence records: generally up to 5 years after the end of the business relationship or completion of a transaction, subject to applicable AML laws and regulatory expectations.
  • Transaction and payment records: generally up to 6 years (for financial, audit, and dispute handling purposes), subject to applicable legal requirements.
  • Security logs and fraud-prevention records: typically 6 - 24 months depending on the log type and risk needs, unless extended for investigations.
  • Marketing preferences: retained until you unsubscribe/withdraw consent, and then maintained on a suppression basis to respect your choice.
  • Cookies: retained for the durations described in our cookie tools or settings (session cookies expire when you close the browser; persistent cookies last for their configured duration unless deleted earlier).

Deletion/anonymisation: When retention periods expire, we securely delete data or anonymise it so it can no longer be linked to you, unless continued retention is required by law or to establish, exercise, or defend legal claims.

Your Rights

OBSERVE: UK users have rights under UK GDPR; the prompt also requires alignment references to Mexican privacy law, even though the target jurisdiction is the UK.

EXPAND: We must (i) provide UK GDPR rights and procedure, (ii) include timelines (30 days), (iii) confirm generally free of charge, and (iv) acknowledge limitations (identity verification, legal obligations). For Mexico references, we can map to ARCO rights and cite the LFPDPPP and its Regulation as "where relevant," without suggesting the service is primarily governed by Mexico.

REFLECT: Subject to conditions and exceptions under applicable law, you have the following rights:

UK GDPR rights (United Kingdom)

  • Right of access: obtain confirmation of whether we process your data and receive a copy of it.
  • Right to rectification: correct inaccurate or incomplete personal data.
  • Right to erasure: request deletion of your data where the legal conditions are met (note: we may need to retain certain data to comply with UKGC/AML obligations or to handle disputes).
  • Right to restriction: request that we limit processing in certain cases.
  • Right to object: object to processing based on legitimate interests and to direct marketing at any time.
  • Right to data portability: receive certain data you provided in a structured, commonly used, machine-readable format, and transmit it to another controller where applicable.
  • Right to withdraw consent: where processing is based on consent (for example, certain marketing or non-essential cookies), you can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Mexican privacy law alignment (where relevant)

Where Mexican data protection principles apply in a specific context (for example, if you are located in Mexico or interact with a service feature routed through Mexican legal requirements), we will also respect the core rights and concepts recognised under Mexico's Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP) and its Regulation, including ARCO rights:

  • Access, Rectification, Cancellation, and Opposition (ARCO): rights broadly comparable to access/rectification/erasure/objection, subject to applicable legal limits.

How to exercise your rights

  1. Submit a request: send your request to our Data Protection contact listed in "Who We Are" (or via the available support route on kingsgam.com if an email is not published).
  2. Verify identity: we may request additional information to verify you (especially for access/erasure requests) to protect you against unauthorised disclosure.
  3. Response timeframe: we aim to respond within 30 days of receipt (or within the legally permitted extension period for complex requests, in which case we will inform you).
  4. Fees: requests are generally handled free of charge, unless a request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request as permitted by law.

Marketing opt-out: you can opt out of marketing at any time by using the unsubscribe link in marketing messages (where provided) and/or by updating your account preferences on kingsgam.com (where available).

Cookies & Tracking Technologies

OBSERVE: kingsgam.com uses cookies and similar technologies to make the site work, keep it secure, and measure performance; some cookies may be optional.

EXPAND: UK rules also include PECR (Privacy and Electronic Communications Regulations) for cookies: non-essential cookies typically require consent. We should describe types, purposes, and management options.

REFLECT: We use cookies and similar technologies (such as pixels and SDKs) for the purposes below:

Types of cookies

  • Strictly necessary (functional) cookies: required to operate kingsgam.com (for example, login sessions, security, load balancing). These cannot usually be disabled without affecting functionality.
  • Preferences cookies: remember choices such as language, region, or interface settings.
  • Analytics cookies: help us understand how visitors use kingsgam.com (for example, pages visited, errors encountered) so we can improve performance.
  • Advertising/marketing cookies: used to measure campaign effectiveness and, where enabled, to show more relevant ads or limit repetition.
  • Third-party cookies: set by third parties (for example, analytics or advertising partners) when you interact with their tools on our site, subject to your consent where required.

How to manage cookies

  • Cookie banner/controls: where available on kingsgam.com, you can accept or reject non-essential cookies and change choices later.
  • Browser settings: you can delete or block cookies using your browser controls. Note that blocking strictly necessary cookies may prevent the site from working correctly.
  • Device controls: some mobile devices allow limiting ad tracking in device settings.

Regional compliance note (UK): For UK users, we seek consent for non-essential cookies in line with PECR and UK GDPR requirements, and we provide a mechanism to withdraw that consent.

Data Security

OBSERVE: The service processes identity and financial information and must meet high security expectations for online gambling operations.

EXPAND: Security disclosures should cover encryption in transit/at rest, access control, MFA, monitoring, audits, training, and incident response; we should avoid overpromising certification but can state "where applicable" and "aligned with".

REFLECT: We implement organisational and technical measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, including:

  • Encryption in transit: TLS 1.2+ (or higher where supported) to protect data transmitted between your device and kingsgam.com.
  • Encryption at rest: encryption and/or cryptographic protections for sensitive datasets where appropriate, including secure key management practices.
  • Authentication safeguards: multi-factor authentication (MFA) and step-up verification for privileged access and high-risk actions where appropriate.
  • Access controls: role-based access, least-privilege principles, segregation of duties, and logging of administrative actions.
  • Monitoring and testing: vulnerability management, penetration testing, and security monitoring to detect suspicious activity.
  • Operational security: secure development practices, change management, and environment hardening for infrastructure supporting Kings on kingsgam.com.
  • Staff training: privacy and security awareness training, with access granted only to authorised personnel who need data for legitimate business purposes.
  • Incident response: procedures to assess, contain, remediate, and notify relevant parties of personal data breaches where required by law and within regulatory timelines.

Standards alignment: Our security program is designed to be consistent with widely recognised information security frameworks (for example, ISO/IEC 27001 and SOC 2 principles) where applicable to our operations and vendors.

No method of transmission or storage is 100% secure; however, we continuously improve our controls to reduce risk and maintain a level of security appropriate to the nature of the data and processing.

Complaints & Contacts

OBSERVE: Users must have clear routes to raise concerns and escalate to supervisory authorities. The available profile data includes a postal address but not specific privacy email/phone.

EXPAND: UK users should be informed about the UK ICO. The prompt also requests Mexican authority and EU authority contacts "where applicable." Mexico: INAI. EU: a relevant supervisory authority in the EEA if EU GDPR applies (e.g., if processing is caught by EU GDPR in a specific scenario). We must provide direct contact details without adding extra sections.

REFLECT: If you have a complaint, question, or request relating to privacy on Kings at kingsgam.com, you can contact us and escalate as follows:

Contact channels

  • Postal: Data Protection Department, AG Communications Limited, 135 High Street, Sliema, SLM 1548, Malta
  • Email (data protection): Not specified (submit via available support route on https://kingsgam.com and request routing to the Data Protection Department)
  • Phone (main office): Not specified
  • Online form: Not specified (use any support/contact mechanism made available on kingsgam.com)

Complaint procedure

  1. Step 1 - Submit your complaint: provide your account identifier (if any), details of the issue, relevant dates, and the outcome you seek.
  2. Step 2 - Identity verification (if needed): we may request information to confirm you are the account holder or authorised requester.
  3. Step 3 - Investigation and response: we aim to respond within 30 days. If the matter is complex, we will explain any lawful extension and keep you informed.
  4. Step 4 - Escalation: if you are not satisfied, you may escalate to the appropriate supervisory authority (details below).

Supervisory authorities

  • United Kingdom (ICO): Information Commissioner's Office
    Website: https://ico.org.uk/
    Phone: +44 (0)303 123 1113
    Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
  • Mexico (INAI): Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales
    Website: https://www.inai.org.mx/
    Address (HQ): Insurgentes Sur 3211, Col. Insurgentes Cuicuilco, Alcaldía Coyoacán, C.P. 04530, Ciudad de México, México
  • European Union/EEA (where applicable): If EU GDPR applies to a specific processing activity, you may also contact your local EU/EEA supervisory authority. A directory is available at:
    EDPB directory: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Updates

OBSERVE: The profile includes a last updated date and the policy needs an update mechanism with notice periods and a version marker.

EXPAND: UK GDPR transparency favours clear notice of material changes. We should specify channels (email, banner, dashboard) and user options (object/close account). The prompt also requires a changelog and a minimum 30-day notice for significant changes.

REFLECT: We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or regulatory guidance affecting Kings on kingsgam.com.

  • Notification channels: for material changes, we may notify you via email (where we hold a verified email for your account), by a prominent notice/banner on kingsgam.com, and/or via alerts in your account dashboard (where available).
  • Advance notice: for significant changes that materially affect your rights or how we use your data, we aim to provide at least 30 days' prior notice before the change takes effect, unless a shorter period is required to address urgent security or legal issues.
  • Your options: if you object to significant changes, you may contact us to discuss your concerns and/or you may close your account (subject to any mandatory legal retention obligations described in this Policy).

Last updated: November 2025.

Version / material changes log:

  • November 2025: Initial publication for Kings on kingsgam.com; added UK GDPR lawful bases, UKGC context, international transfer safeguards (IDTA/UK Addendum), enhanced retention ranges, and complaints escalation routes (ICO / INAI / EDPB directory).