Privacy Policy — Lunarspins Casino

Effective date: 18 April 2026

Introduction Lunarspins Casino (the “Casino”, “we”, “us”, “our”) operated by L.C.S. Limited is committed to protecting the privacy and personal data of our players and visitors. This Privacy Policy explains what personal data we collect, why we collect it, how we use and disclose it, your rights, and how to contact us. By registering, depositing, playing or otherwise using our services you accept the practices described in this Privacy Policy.

Controller The data controller for the services described in this Privacy Policy is L.C.S. Limited, a company licensed by the Malta Gaming Authority (MGA) under licence number MGA/B2C/233/2013. For privacy enquiries and to exercise your rights, you may contact our Data Protection Officer at [email protected] or by using live chat available from our website.

Scope This Privacy Policy applies to all personal data processed in connection with the Casino’s websites, mobile-responsive services, sportsbook, games (including live casino services), promotions, payments, customer support, marketing and affiliated services. It applies to players, registered account holders, trial users, visitors to our sites and third parties who interact with our services.

Personal data we collect We collect personal data to operate the Casino and comply with legal and regulatory obligations. Types of personal data we collect include:

  • Identity and account data: name, date of birth, gender, username, national ID/passport/driver’s licence number where required for verification, nationality.
  • Contact data: email address, postal address, telephone/mobile number.
  • Financial and payment data: payment card details (tokenised where possible), e‑wallet IDs, bank account details for withdrawals, transaction history, deposit and withdrawal amounts, billing address.
  • KYC and AML documents: copies/photos of identity documents, proof of address (utility bill, bank statement), screenshots or records required for anti-money laundering and counter-terrorist financing checks.
  • Gameplay and transactional data: games played, bet history, stake sizes, wins/losses, session length, jackpots, leaderboard and tournament results, sportsbook bets and bet outcomes.
  • Device and technical data: IP address, device identifiers, browser type and version, operating system, screen resolution, language, time zone, referring URLs, clickstream data, cookies and similar tracking data, geolocation data derived from IP or device where necessary to verify eligibility and enforce geographic restrictions.
  • Communications data: chat transcripts, emails, call recordings (where used for quality assurance), support tickets, complaint records.
  • Responsible gaming data: self-exclusion or limit settings, results of self-assessment questionnaires, responsible gaming interactions, indicators of problematic play used in safeguarding processes.
  • Marketing and preference data: marketing consent status, promotional opt-ins/opt-outs, player segmentation and targeting preferences.
  • Third-party verification and public record data: sanctions lists screening results, fraud databases and third-party identity verification results.

How we collect personal data We collect data:

  • Directly from you when you register, deposit, play, communicate with support, participate in promotions, submit documentation or otherwise interact with the Casino.
  • Automatically through your use of our websites and services (cookies and other tracking technologies).
  • From third parties and public sources, such as payment processors, identity verification providers, fraud prevention services, regulatory lists, affiliates (including C24 Partners) and game/content providers where relevant.
  • From your device or browser (see Device and technical data above).

Purposes of processing and legal bases We process personal data for the following purposes, under the legal bases indicated:

  1. To provide and administer your account, gaming, sportsbook and related services (Performance of contract)

    • Create and maintain accounts; authenticate users; enable deposits, wagering, gaming and withdrawals; deliver winnings and bonuses; customer care and account management.

  2. To perform identity verification, KYC, AML and regulatory compliance (Legal obligation / Public interest)

    • Verify identity and age (18+), perform background and sanctions screening, prevent fraud, money laundering and other financial crime, and fulfil reporting obligations to regulators.

  3. To process payments and manage transactions (Performance of contract / Legal obligation)

    • Process deposits and withdrawals, reconcile payments, comply with tax and accounting obligations.

  4. To prevent and detect fraud, money laundering, cheating or other abusive behaviour (Legitimate interests / Legal obligation)

    • Monitor gameplay and transactional patterns, detect prohibited automation, detect multi-accounting, enforce Terms & Conditions.

  5. To provide customer support and manage complaints (Performance of contract / Legitimate interests)

    • Respond to enquiries, handle disputes, maintain support records and improve service quality.

  6. To personalise the user experience and improve services (Legitimate interests / Consent where required)

    • Personalise game and marketing offers, recommend games, optimise website content and user interface.

  7. For marketing and promotional communications (Consent / Legitimate interests where permitted)

    • Send newsletters, promotional materials, offers and updates by email, SMS, push and other channels in accordance with your preferences and applicable laws. We will obtain consent where legally required and provide opt-out options at any time.

  8. For analytics, research and product development (Legitimate interests / Consent where required)

    • Conduct aggregated analytics and product testing to improve performance, security, game offering and customer experience.

  9. For dispute resolution, enforcement of Terms & Conditions and legal claims (Legal obligation / Legitimate interests)

    • Retain records, exercise or defend legal claims, cooperate with law enforcement and regulators.

Profiling and automated decision-making We may use automated profiling and risk-scoring systems for legitimate and necessary purposes such as fraud detection, responsible gaming monitoring, bonus eligibility checks and internal risk management. These systems analyse gameplay, deposit history, transactional patterns and device data to identify abnormal patterns or indicators of risk. Decisions that materially affect you (for example, permanent account closure or refusal of a withdrawal) are subject to human review on request. You have the right to request human intervention, to express your point of view and to contest automated decisions. To exercise this right, contact [email protected] or use live chat.

Cookies and tracking technologies We use cookies and similar technologies to operate our services, analyse usage, personalise content and deliver marketing. Cookie categories:

  • Strictly necessary cookies: required for the operation of the site and to provide services (e.g. session cookies, login).
  • Functional cookies: remember preferences and improve functionality (language, display settings).
  • Performance and analytics cookies: collect information about use and performance to improve the site.
  • Marketing and advertising cookies: used to deliver targeted ads, measure campaign performance and for remarketing across platforms.

We will obtain consent for non-essential cookies where required by applicable law. You can manage cookie settings through our cookie banner, browser settings and preference controls. Blocking certain cookies may impair functionality and your user experience.

Recipients and categories of recipients We disclose personal data to the following categories of recipients where necessary for the purposes set out above:

  • Service providers and processors: payment processors, banks, e-wallets, card networks, identity and KYC verification providers, anti-money laundering and fraud screening providers, hosting and cloud infrastructure providers, CRM and email service providers, analytics and tracking providers, live chat and customer support platforms, back-office providers, data archiving services.
  • Game and content providers: third-party game studios and live dealer suppliers for the purpose of delivering games and related services.
  • Regulatory, law enforcement and government authorities: where required by law or regulation, or to comply with legal processes.
  • Affiliate and marketing partners: where you have been referred by, or interact with, affiliates (including C24 Partners) or where affiliate tracking is required; affiliates may receive limited attribution data in accordance with applicable law and contracts.
  • Third parties in connection with a sale or reorganisation: in the event of a merger, acquisition or sale of all or part of our business, personal data may be transferred to a buyer or successor subject to appropriate safeguards. We use contracts and other means to ensure third parties process personal data only according to our instructions and in compliance with data protection laws.

International transfers Our operations are based in Malta and within the European Economic Area (EEA). We may transfer personal data to recipients outside the EEA (for example, to cloud providers, game providers or payment processors in jurisdictions such as the United Kingdom, Switzerland, or the United States). Where transfers occur to countries not deemed to provide an adequate level of data protection by the European Commission, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, Binding Corporate Rules, or rely on other lawful transfer mechanisms. If transfers are based on your consent or necessary for performance of a contract, we will notify you and implement adequate protections.

Data retention We retain personal data only for as long as necessary for the purposes described above and to comply with legal and regulatory obligations. Typical retention periods:

  • Account and transactional records: retained for a minimum period required by applicable law (including anti-money laundering and tax laws) — commonly 5 to 7 years from account closure or last activity.
  • KYC and identity documents: retained while your account is active and for the statutory period thereafter required by law.
  • Support and complaint records: retained for the period necessary to resolve the matter and to comply with regulatory obligations.
  • Marketing consents: retained until withdrawal of consent or termination of account. After retention periods expire personal data will be securely deleted or anonymised so it can no longer be associated with an identifiable individual.

Security measures We implement technical and organisational measures to safeguard personal data, including:

  • Encryption of communications (TLS/SSL) and secure handling of payment data. Our systems use industry-standard encryption protocols to protect data in transit and at rest, including 128-bit SSL/TLS for web communications.
  • Access controls and role-based access to personal data; authentication and strong password policies.
  • Regular security audits and vulnerability testing, patch management and monitoring.
  • Staff training in data protection and security best practices.
  • Secure channels for transmitting sensitive documents (for example, secure upload portals for KYC documents). While we take reasonable steps to protect personal data, no system is completely secure. If a security incident affects your personal data we will notify you and relevant authorities as required by law.

Children and underage protection Gambling services are strictly for adults. You must be at least 18 years old (or older if required by law in your jurisdiction) to register and play. We do not knowingly collect personal data from persons under 18. If we become aware that we have collected personal data from a person under 18, we will promptly delete that data and close the account. If you believe we may hold data about a person under the minimum age, contact [email protected].

Your rights Subject to applicable law, you have the following rights in relation to your personal data:

  • Right of access: request a copy of personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of personal data where there is no lawful basis for continued processing (right to be forgotten), subject to legal and contractual exceptions.
  • Right to restriction of processing: request restriction of processing in certain circumstances.
  • Right to data portability: receive personal data you provided to us in a structured, commonly used and machine-readable format and transmit it to another controller where technically feasible.
  • Right to object: object to processing based on legitimate interests, including profiling, and to direct marketing.
  • Right to withdraw consent: where processing is based on consent, withdraw that consent at any time; withdrawal does not affect processing prior to withdrawal.
  • Right to lodge a complaint with a supervisory authority: you have the right to lodge a complaint with the Maltese Data Protection Authority (Information and Data Protection Commissioner) or the supervisory authority in your place of residence. To exercise your rights, contact our Data Protection Officer at [email protected] or via live chat. We may request proof of identity before fulfilling requests. We will respond to requests in accordance with applicable law.

Marketing and direct communications We will only send marketing communications where we have your consent or another lawful basis. You may opt out of promotional communications at any time by clicking unsubscribe links in emails, replying with STOP where permitted by SMS, adjusting your account preferences or contacting [email protected] or live chat. Transactional and service messages (e.g., account, payment and security notifications) are necessary to provide services and cannot be unsubscribed from without closing your account.

KYC, verification and withdrawal processing To comply with MGA rules and anti-money laundering laws we require identity verification and proof of payment method prior to allowing withdrawals. You must submit valid documents on request; failure to provide requested documentation may result in suspension of withdrawals or account closure. We retain verification documents for the period required by law.

Third-party services, game providers and advertising networks Our website links to third-party sites and partners. Game providers, live dealer studios, payment processors, affiliate networks (including C24 Partners) and advertising networks act as independent controllers or processors for their respective services. They will have their own privacy policies. We recommend reviewing third-party privacy notices before engaging with their services. We may share limited player attribution data with affiliates for tracking and commission purposes; this will be processed in accordance with applicable law and contractual protections.

Live chat, recordings and monitoring Live chat interactions and (where implemented) telephone conversations may be recorded for quality assurance, training and security. By using live chat and phone services you consent to such recording. Recordings are retained in accordance with our retention policy and accessible to regulatory authorities on request.

Dispute resolution and supervisory authorities If you have a privacy complaint you should first contact us at [email protected] or via live chat so we can try to resolve the matter. If you remain dissatisfied you may lodge a complaint with the Maltese supervisory authority: Office of the Information and Data Protection Commissioner (Visit the official IDPC Malta website for current contact details and complaint procedures.) Additionally, for disputes related to gaming operations and outcomes you may have recourse under MGA procedures and recognised alternative dispute resolution mechanisms where applicable (including eCOGRA arbitration where eligible).

Changes to this Privacy Policy We may update this Privacy Policy to reflect changes in our services, legal requirements or business practices. We will post the updated policy on our website with a revised effective date and, where required by law, obtain renewed consent for material changes. Continued use of our services following publication constitutes acceptance of the revised policy.

Contact For privacy-related enquiries, to exercise your rights, or to obtain additional information about how we process your personal data contact: Data Protection Officer Email: [email protected] Live chat: available 24/7 via the website

Final note Lunarspins is committed to operating transparently and in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and local Maltese regulations applicable to licensed gaming operators. If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection Officer at [email protected].