[tr:auto] Legal
[tr:auto] Privacy Policy
[tr:auto] Transparency about personal data for your Citadel account, play activity, and support interactions.
[tr:auto] Last updated · [tr:auto] April 2026
[tr:auto] Data we collect
[tr:auto] We collect information you provide at registration and during the relationship: identity, contact details, date of birth, KYC documents, transaction history, and support messages. Technical data (IP address, device, session identifiers, security logs) is processed for safety and compliance.
[tr:auto] Payment details are handled by certified partners; we do not store full card numbers on our servers when tokenisation is used.
[tr:auto] Purposes
[tr:auto] Data is used to operate your account, execute gaming and betting contracts, process payments, prevent fraud and money laundering, meet legal obligations (gaming regulation, tax), and improve services and UX.
[tr:auto] Where required, we send marketing only with consent. You can withdraw marketing consent via preferences or unsubscribe links.
[tr:auto] Legal bases (GDPR)
[tr:auto] Processing relies on contract performance, legal obligations, legitimate interests (security, fraud prevention, aggregated analytics), and consent for certain marketing or non-essential cookies.
[tr:auto] Sharing
[tr:auto] We share data with processors (hosting, payments, identity verification, support tools) under strict contracts. Authorities receive data when the law requires. Transfers outside the EEA use appropriate safeguards (e.g. standard contractual clauses).
[tr:auto] Cookies
[tr:auto] See our Cookie policy for categories, purposes, and how to manage preferences.
[tr:auto] Retention
[tr:auto] Data is kept for the life of the relationship and then archived per statutory periods (e.g. accounting, AML). Security logs may be retained longer if disputes or investigations require it.
[tr:auto] Your rights
[tr:auto] Subject to GDPR (and similar laws), you may request access, rectification, erasure, restriction, portability, and object to certain processing. Withdraw consent without affecting prior lawful processing.
[tr:auto] Contact the DPO below. You may lodge a complaint with your supervisory authority (e.g. CNIL in France).
[tr:auto] Security
[tr:auto] We apply technical and organisational measures: TLS encryption, access controls, logging, training, and reviews. Please protect your credentials and enable 2FA when offered.
[tr:auto] Data controller & DPO
[tr:auto] The controller is the Citadel operator identified in site legal notices. Privacy questions: dpo@citadelcasino.example [tr:auto] — replace with your production address.