burger icon
Vinci Spin United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Vinci Spin collects, uses, discloses, and protects personal data when you use the Vinci Spin project available via the website vincisp.com, including when you register, play games, or visit our pages. It applies to players, website visitors, affiliates, and any other natural person whose data we process in connection with our online casino services.

The purpose of this Privacy Policy is to provide clear information about our data practices, your rights under applicable data protection laws, and how you can contact us in case of questions or complaints. This Privacy Policy is effective as of 1 January 2025 and remains in force until replaced or updated.

By using vincisp.com in connection with Vinci Spin, you acknowledge that you have read this Privacy Policy. Where required by law, we will seek your explicit consent before collecting or processing your personal data for certain purposes (for example, marketing cookies or promotional communications).

Who We Are

Vinci Spin is an online casino brand operated in connection with the Vinci Spin project on vincisp.com. For the purposes of data protection law, the primary data controller responsible for your personal data is:

Vinci Global N.V.
Registered office: Willemstad, Curaçao
Legal form: N.V. (public limited liability company under the laws of Curaçao)
Gambling licence: Curaçao eGaming, licence no. 365/JAZ (online casino / gambling operations)

Vinci Global N.V. operates vincisp.com for UK and other international players as an offshore non-GamStop casino. It is licensed in Curaçao and is not licensed by the United Kingdom Gambling Commission. This Privacy Policy covers data protection matters only and does not alter your rights and obligations under applicable gambling regulations.

In some cases, payment processing and related services may be provided by a group or partner entity established in Cyprus (for example, a subsidiary such as "VinciPay Ltd"), acting as our payment processor or data processor on our behalf. These entities process personal data strictly in accordance with our instructions and this Privacy Policy.

For privacy and data protection matters, you can contact our data protection contact point (Data Protection Officer or data protection team):

Data Protection Contact
Email: [email protected]
Postal address for privacy correspondence: Vinci Global N.V., Data Protection Officer, Willemstad, Curaçao (please state "Privacy request" in the subject line or on the envelope).

What Personal Data We Collect

Identification and Contact Data

  • Registration data: Full name, username, password, date of birth, country of residence, preferred language, and account ID created when you register on vincisp.com.
  • Contact details: Email address, postal address (where provided), and any telephone number you choose to share when creating or updating your account or when contacting support.
  • Verification/KYC data: Copies or details of ID documents (passport, ID card, driving licence), proof of address (utility bill, bank statement), payment ownership proofs, and any information we are required to collect to comply with anti-money laundering (AML) and "know your customer" (KYC) rules.

Financial and Transaction Data

  • Payment data: Limited payment instrument information (such as card type and the last digits of the card number, expiry date, IBAN or other account identifiers, payment method, and issuing country) processed through secure payment providers. We do not store full card numbers in plain text.
  • Transaction history: Deposits, withdrawals, bonuses credited or forfeited, chargebacks, refunds, bets placed, wins and losses, account balances, and loyalty or VIP status information.

Technical and Usage Data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, screen resolution, time zone setting, language settings, and approximate geolocation derived from your IP address.
  • Log data: Login and logout timestamps, session IDs, pages viewed, the URL from which you came to our site, error logs, and other diagnostic information captured by our servers and security systems.
  • Behavioural and gameplay data: Game preferences, game rounds played, stakes and outcomes, betting patterns, clicks, scrolls, time spent on each page, and interactions with promotions, messages, or interface elements.

Cookies and Similar Technologies

  • Cookies: Small text files stored on your device, including session cookies, persistent cookies, and cookies set by third parties (such as analytics providers or advertising networks).
  • Similar technologies: Web beacons, pixels, tags, local storage, SDKs, and device fingerprinting technologies used for security, fraud prevention, analytics, and marketing (where legally permitted).

Support, Compliance, and Responsible Gambling Data

  • Support communications: Records of chats, emails, and other communications with our customer support, including attachments or screenshots that you provide.
  • Compliance and risk data: Notes and flags created during AML/KYC checks, sanctions screening or fraud investigations, and data relating to disputes and chargebacks.
  • Responsible gambling data: Self-exclusion status, cooling-off periods, deposit and loss limits, affordability or risk assessments, and any information you provide about gambling-related problems or vulnerabilities.

We generally obtain this data directly from you when you use vincisp.com, but we may also receive information from payment providers, verification service providers, affiliates, and other third parties who lawfully share data needed to operate our services and comply with legal obligations.

Legal Basis for Processing

We process your personal data in line with applicable data protection laws, including the UK GDPR, the EU GDPR where relevant, and, for Mexican residents, the Federal Law on Protection of Personal Data Held by Private Parties and related regulations. Our main legal grounds are:

  • Performance of a contract: We need to process your data to create and manage your player account, verify your age and identity, process deposits and withdrawals, provide games, calculate and pay winnings, handle bonuses, and deliver customer support. Without this processing, we cannot provide our services.
  • Compliance with legal obligations: We are legally required to perform KYC/AML checks, prevent money laundering and terrorism financing, comply with fraud and sanctions laws, maintain certain records for tax and accounting purposes, and cooperate with regulators and law enforcement authorities in Curaçao and other jurisdictions.
  • Legitimate interests: We process data to protect the security and integrity of vincisp.com, to prevent fraud and misuse, to improve our platform, to perform statistical and business analytics, to personalise content, and to enforce our Terms and Conditions. When relying on legitimate interests, we balance our interests against your fundamental rights and freedoms and implement appropriate safeguards.
  • Consent: In situations where the law requires consent (for example, for certain marketing communications, non-essential cookies, or specific profiling activities), we process your data only if you have granted valid consent. You can withdraw your consent at any time, which will not affect the lawfulness of processing carried out before withdrawal.
  • Vital and other protected interests (where applicable): In rare situations, we may process data to protect your vital interests or those of another person, for example if we reasonably believe there is a serious and imminent risk of harm that we must report to relevant organisations or authorities.

Purpose of Processing

We use your personal data for clearly defined purposes connected to the operation and improvement of Vinci Spin on vincisp.com as part of the Vinci Spin project. Key purposes include:

  • Providing and managing our services: Creating and maintaining your account, enabling you to deposit and withdraw funds, providing access to casino games, managing bonuses and loyalty programmes, and ensuring the proper functioning of our website and mobile interfaces.
  • Compliance, KYC, and AML: Verifying your identity and age, assessing risk, carrying out AML and sanctions screening, detecting suspicious activity, and fulfilling record-keeping duties imposed by applicable laws and our Curaçao licence no. 365/JAZ.
  • Customer support and dispute resolution: Communicating with you about your account, answering questions, resolving technical or financial issues, managing disputes and complaints, and recording interactions for training and quality purposes.
  • Responsible gambling: Implementing self-exclusion, limits, and other player protection measures; monitoring patterns that may indicate problematic gambling; and contacting you where appropriate in line with our responsible gambling policies.
  • Analytics and service improvement: Analysing aggregated usage patterns, game performance, and technical metrics to enhance user experience, optimise our game portfolio, develop new features, and maintain system stability.
  • Marketing and personalisation: Sending you promotional offers about Vinci Spin and related services (where permitted), tailoring bonuses and recommendations based on your preferences and usage, and measuring the effectiveness of campaigns. You can opt out of marketing at any time.
  • Security and fraud prevention: Preventing unauthorised access, account takeover, bonus abuse, payment fraud, and other illicit activities through monitoring, authentication, logging, and risk assessment mechanisms.
  • Business operations and corporate transactions: Conducting audits, compliance checks, and business reporting, and, where necessary, sharing limited data during mergers, acquisitions, or restructuring, subject to strict confidentiality and legal safeguards.

Disclosure & Sharing

We do not sell your personal data. However, to operate Vinci Spin and comply with our obligations, we share personal data with carefully selected third parties under appropriate contracts and safeguards:

  • Group and related entities: Vinci Global N.V. and any associated companies or processing entities, including potential payment processors located in Cyprus (such as a subsidiary operating under the name VinciPay Ltd), which process data strictly as instructed by us.
  • Payment providers and banks: Card schemes, acquiring banks, e-wallet providers, bank transfer services, and other payment intermediaries that process deposits, withdrawals, and chargebacks in accordance with their own regulatory obligations.
  • Technical and hosting providers: Companies providing hosting, cloud infrastructure, content delivery, security services (including DDoS protection and firewalls), and IT support that enable the operation and protection of vincisp.com.
  • Game providers and platform vendors: Licensed software suppliers and platform operators who provide the games and gaming infrastructure. They may receive identifiers and gameplay data necessary to deliver and verify game outcomes.
  • Verification, AML, and fraud partners: KYC service providers, identity verification companies, credit reference or risk scoring agencies (where permitted by law), and fraud prevention networks that help us verify customers and prevent misuse of our services.
  • Marketing and affiliate partners: Email delivery platforms, analytics providers, advertising networks, affiliate networks, and campaign measurement services that assist us in marketing Vinci Spin. Where required, we share data only with your consent or subject to opt-out rights.
  • Professional advisers: Lawyers, auditors, accountants, consultants, and other professional service providers who require access to limited data for advising us or performing audits, subject to confidentiality obligations.
  • Regulators, authorities, and law enforcement: Curaçao eGaming, tax authorities, courts, police, and other governmental or regulatory bodies in Curaçao, the UK, the EU, Mexico, or other jurisdictions, where we are legally obliged or reasonably required to disclose data to comply with law or protect our rights.
  • Corporate transactions: Potential buyers, investors, or merger partners and their professional advisers, in connection with any actual or proposed purchase, merger, or restructuring relating to Vinci Spin, provided that such parties are bound by confidentiality and data protection obligations.

Whenever we share data with third parties who act as our processors, they are bound by written contracts requiring them to use the data only for the specified purposes, to apply appropriate security measures, and to comply with applicable data protection laws.

International Transfers

Because Vinci Spin operates internationally, your personal data may be transferred to and processed in countries outside the United Kingdom and the European Economic Area (EEA), including Curaçao, Cyprus, and other locations where our partners and service providers are established.

  • Primary locations: Data is processed in Curaçao (where Vinci Global N.V. is established) and may also be processed in Cyprus in connection with payment services, as well as in the UK and EEA states where our technical and support providers are located.
  • Other third countries: Some providers (for example, certain cloud, analytics, or email services) may be located in or may store data in countries that do not offer the same level of data protection as the UK or EEA, such as the United States or other jurisdictions.
  • Safeguards: When transferring personal data outside the UK/EEA, we implement appropriate safeguards, such as:
    • Standard Contractual Clauses approved by the European Commission and/or the UK Information Commissioner's Office.
    • UK International Data Transfer Addendum or similar contractual tools where required.
    • Technical measures such as encryption and pseudonymisation to reduce risks during transfer and storage.
    • Transfers to countries benefiting from adequacy regulations, where applicable.
  • Frameworks and updates: Where relevant, we may also rely on recognised international frameworks or their successors (for example, the EU-US Data Privacy Framework, which replaced the former Privacy Shield), provided they are valid and applicable at the time of transfer.

Further information on specific safeguards used for international transfers (including copies of or references to the relevant contractual clauses) can be obtained by contacting us at [email protected], subject to redaction of commercially sensitive information.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal, regulatory, and licensing obligations, and to resolve disputes. Retention periods may vary depending on the category of data and the jurisdiction, but we apply the following principles:

  • Player account and KYC data: Generally retained for the duration of your account and no longer than 5 years after account closure, unless a longer period is required by AML, tax, or other applicable laws, or necessary for ongoing disputes or investigations.
  • Transaction and financial records: Kept for up to 5 years from the end of the relevant financial year or such longer period as required by accounting and tax regulations, after which they are securely deleted or anonymised.
  • Technical logs and security data: Stored for periods typically ranging from several months to 2 years, depending on the type of log and our security needs, then deleted or aggregated.
  • Marketing data: Retained while you remain opted in to marketing communications and for up to 2 years after the last interaction with our marketing materials, or until you withdraw consent or object to processing.
  • Responsible gambling and complaints data: Data related to self-exclusion, limits, or serious complaints may be kept for up to 6 years after resolution to demonstrate compliance with legal and regulatory obligations.
  • Cookies: Stored according to their specific lifetimes (session or persistent). Details are provided in our cookie notices, and you can control them through your browser and cookie settings.

When personal data is no longer necessary for the purposes for which it was collected, we will either delete it securely, anonymise it so that it can no longer be linked to you, or, where deletion is not technically possible, securely store and isolate it from further processing until deletion becomes possible.

Your Rights

Rights under UK and EU Data Protection Laws

Under the UK GDPR and, where applicable, the EU GDPR, you have a number of rights in relation to your personal data. These rights are subject to certain conditions and legal exceptions, particularly where processing is necessary for AML/KYC, gambling regulation, dispute handling, or legal claims. Your main rights include:

  • Right of access: You can request confirmation as to whether we process your personal data and obtain a copy of that data, along with information about how and why it is processed.
  • Right to rectification: You can ask us to correct inaccurate personal data and to complete incomplete data, taking into account the purposes of processing. You can usually update basic account data directly in your profile.
  • Right to erasure: You can request deletion of your personal data where it is no longer needed, where you withdraw consent (if consent was the basis), or where you successfully object to processing. We may need to keep certain data despite your request if required by law or necessary for legal claims.
  • Right to restriction: You can ask us to restrict processing in certain cases, for example while we verify accuracy of data or assess an objection. During restriction, we will store data but not use it except for limited purposes.
  • Right to object: You can object at any time to processing based on our legitimate interests, including profiling related to such interests. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests or where processing is needed for legal claims. You always have the right to object to direct marketing.
  • Right to data portability: You can request that we provide certain personal data to you or to another controller in a structured, commonly used, machine-readable format where processing is based on consent or contract and carried out by automated means.
  • Right not to be subject to certain automated decisions: Where we use automated decision-making that produces legal or similarly significant effects (for example, some risk or fraud checks), you may have the right to request human intervention, express your point of view, and contest the decision, subject to legal limitations.
  • Right to withdraw consent: Where we rely on your consent, you can withdraw it at any time using the tools provided (such as unsubscribe links, account settings, or by contacting us). Withdrawal will not affect previous lawful processing.

Additional Rights for Mexican Residents

If you are a resident of Mexico, additional rights may apply under the Federal Law on Protection of Personal Data Held by Private Parties and its regulations. These include the so-called ARCO rights:

  • Access: The right to know whether we hold your personal data and how we use it, and to obtain a copy of such data.
  • Rectification: The right to request correction of inaccurate or incomplete data.
  • Cancellation: The right to request that we stop processing and delete your personal data in certain circumstances, subject to legal and regulatory retention obligations.
  • Opposition: The right to oppose processing for specific purposes, including marketing or profiling, where permitted by law.
  • Consent and revocation: Where processing is based on your consent, you may revoke it at any time through the contact channels indicated in this Privacy Policy.

How to Exercise Your Rights

You can exercise your rights free of charge (except for manifestly unfounded or excessive requests) by contacting our data protection contact at [email protected] and clearly indicating:

  • Your full name, country of residence, and registered account details (username or account ID).
  • The specific right you wish to exercise (for example, access, rectification, objection) and the data or processing activities involved.
  • Proof of identity, where required, so that we can protect your account and data (this may include verifying your login or requesting limited additional documentation).

We aim to respond to your request within 30 days of receipt, as required by law. In complex cases or when handling multiple requests, this period may be extended by up to an additional two months, in which case we will inform you of the extension and the reasons. If we decline or partially fulfil your request due to legal constraints, we will provide an explanation, unless we are legally prevented from doing so.

Cookies & Tracking Technologies

We use cookies and similar technologies on vincisp.com to ensure the proper functioning of the site, enhance your experience, perform analytics, and, where allowed, deliver tailored marketing. Cookies can be placed by us (first-party cookies) or by third parties whose services we use.

Types of Cookies We Use

  • Strictly necessary cookies: Essential to operate the website and provide core features such as secure login, account management, session continuity, and fraud prevention. These cookies are usually set in response to actions made by you and cannot be switched off via our standard cookie tools.
  • Functional cookies: Enable the site to remember your preferences (such as language, region, or login choices) and provide enhanced features and personalisation. Disabling these cookies may impact user experience but should not prevent basic use of the site.
  • Analytics and performance cookies: Help us understand how visitors use the site, which pages are most visited, how long users stay, and how they interact with content. We use this data in aggregated form to improve performance and user experience.
  • Advertising and targeting cookies: Used to deliver relevant adverts about Vinci Spin, measure campaign performance, and limit the number of times you see a particular ad. These may be set through our site by advertising or affiliate partners.
  • Security and anti-fraud cookies: Used to detect and prevent fraudulent or suspicious activities, including bots, multiple-account abuse, and unauthorised access attempts.

Managing Cookies

On your first visit in 2025 or later, and periodically thereafter, we may present a cookie banner or preference centre allowing you to accept or reject non-essential cookies. You can change your preferences at any time by using the cookie management tools on our site (where available) or by adjusting your browser settings to block or delete cookies.

Most browsers allow you to refuse cookies or to delete existing cookies. However, blocking or deleting certain cookies (especially strictly necessary cookies) may affect the operation of the site and your ability to access some features or services.

Data Security

We take the security of your personal data seriously and implement technical and organisational measures designed to protect it against unauthorised access, accidental loss, destruction, or damage. While no system can guarantee absolute security, we strive to maintain a level of protection consistent with industry best practices.

  • Encryption in transit and at rest: Data transmitted between your device and vincisp.com is protected using TLS (Transport Layer Security) version 1.2 or higher. Where appropriate, we use encryption and pseudonymisation to protect data stored on our systems or those of our service providers.
  • Access controls and authentication: Access to personal data is strictly limited to authorised personnel and service providers who need it for their tasks. We use role-based access controls, strong authentication methods, and, where applicable, multi-factor authentication for critical systems.
  • Secure infrastructure: We host our systems in secure data centres and cloud environments with physical security, network segmentation, firewalls, intrusion detection, DDoS protection, and regular backups.
  • Monitoring, testing, and audits: We monitor our systems for suspicious activity and vulnerabilities, carry out periodic security assessments, and may engage external experts to test and improve our defences. Our key providers are selected in part based on their alignment with recognised security standards such as ISO 27001 or SOC 2, where applicable.
  • Policies, training, and confidentiality: Our staff are subject to confidentiality obligations and receive training on data protection, information security, and responsible handling of player data. Internal policies and procedures govern how data is collected, accessed, and used.
  • Incident response: We maintain procedures to detect, investigate, and respond to security incidents. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authorities and, where required by law, affected individuals without undue delay.

Complaints & Contacts

If you have any questions, concerns, or complaints about how we handle your personal data, or if you wish to exercise your rights, you should contact us first so that we can seek to resolve the matter directly.

Contacting Us

  • Email: [email protected] (preferred channel for privacy and data protection matters).
  • Postal mail: Vinci Global N.V., Data Protection Officer, Willemstad, Curaçao. Please include sufficient details to identify your account and describe your request or complaint.
  • Online forms: Where vincisp.com provides contact or support forms, you may use them to submit privacy-related requests, clearly indicating that your message concerns data protection.

When you contact us with a complaint, we will acknowledge receipt and investigate your concerns. We aim to provide an initial response within 30 days. In more complex cases, we will keep you informed about the progress and any extended timelines that may be necessary.

Escalation to Supervisory Authorities

If you are not satisfied with our response or believe that we are processing your personal data unlawfully, you have the right to lodge a complaint with a data protection authority:

  • United Kingdom: Information Commissioner's Office (ICO) - you can find contact details and instructions on how to complain at www.ico.org.uk.
  • European Union/EEA: If you reside in an EU/EEA country, you may complain to your local data protection authority or to the authority of the Member State where you work or where the alleged infringement took place.
  • Mexico: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) - you can find contact details and procedures at www.inai.org.mx.

We encourage you to contact us first, so we can try to resolve your concerns quickly and effectively. However, you may contact a supervisory authority at any time, including in 2025 and beyond, without first exhausting our internal process.

Updates

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data processing practices. The version published on vincisp.com will always indicate the date of the latest update.

  • Last updated: November 2025.
  • Notification of changes: For material updates, we will take reasonable steps to notify you in advance, which may include email notifications, messages in your account dashboard, pop-up notices, or banners on vincisp.com.
  • Effective date and advance notice: Significant changes will normally take effect at least 30 days after we post the updated Privacy Policy or send you notice, unless a shorter period is required or permitted by law.
  • Changelog overview: Material changes may include updates to categories of data collected, new purposes or legal bases for processing, changes in our corporate structure or data controller, new categories of recipients, or changes to your rights and how to exercise them.
  • Your options: If you do not agree with an updated version of this Privacy Policy, you may choose to close your account and stop using vincisp.com before the changes take effect. Continued use of our services after the effective date will be taken as your acknowledgment of the updated policy, to the extent permitted by law.

We recommend that you review this Privacy Policy periodically, especially after receiving any update notices, to stay informed about how Vinci Global N.V. processes personal data in connection with Vinci Spin and the Vinci Spin project on vincisp.com.