Manekispin Privacy Policy

Use Manekispin Casino with a clear view of your data from the first click. This page tells you what the site collects, why it needs it, how it protects your account, and what rights you keep as a player. New users can check the rules before sign-up. Active players can see how verification, withdrawals, and privacy requests work in real use. Read this guide before you register. Contact the data team if you need a direct answer about your record.

Introduction to privacy at Maneki Spin

This Privacy Policy was last updated on 2025-11-05. It applies to browsing, account creation, deposits, gameplay, withdrawals, support messages, and identity checks on the Website. The aim is simple. Show the data flow in plain English. That fits the main rules of European data law. A site should tell users what it collects. It should use data for clear reasons. It should keep only what it needs. It should keep records accurate. It should protect them well. It should not store them for longer than needed.

The source policy also says staff receive regular security training. It says they must follow confidentiality rules when they handle player data. That matters because privacy is not only about servers. It also depends on people, access limits, and daily process. Support and payment teams need clear rules. If you have a data question, the listed contact is [email protected].

Privacy promise and identity checks

The policy promise is direct. Manekispin says it values customer privacy. It says personal data will be kept safe. It says users will be told why data is collected. It also says user rights will be respected where the law gives those rights. In practice, those rights include access, correction, erasure in some cases, restriction, objection, portability, and safeguards around some automated decisions.

Still, privacy on a casino site must work with AML and KYC duties. The source text says active deposited amounts must be played through at least once before a withdrawal is made. It also says the company may use extra Know Your Client checks when a deposit, withdrawal, or account review calls for them. These checks can include an ID document, proof of address, payment proof, a selfie with ID, or video verification if documents are not available in Latin or Cyrillic script.

That may sound strict, but the reason is simple. A casino must know who uses the account. It must check that the payment method fits the player. It must look for signs of fraud or misuse. Strong login security supports that same goal. Official cybersecurity guidance now puts more weight on stronger forms of MFA because weak login protection is a common way for attackers to enter online accounts.

What personal information Manekispin Casino may collect

To understand this privacy policy, it helps to follow the customer journey. A casino does not collect all data at once. Instead, information appears at different stages of your relationship with the site:

  • During account registration.
  • While using games and payment tools.
  • When you contact support.
  • When security or verification checks are triggered.

This layered approach matches general EU privacy rules, which require clear purpose, fair use, and data minimisation rather than unlimited collection..

Data collected during registration

When you register, the Website may request:

  • Your name, email address, postal address, phone number, gender, and date of birth.
  • Login credentials such as a username and password.
  • Photo ID and proof of address where due diligence is required.
  • Banking or financial details if a transaction raises source-of-funds questions.

That list is broad, but it is normal for regulated gambling services. Age checks, identity checks, and payment verification cannot work with only an email and a nickname. A player who wants deposits, gameplay access, and withdrawals should expect the operator to match account details with legal and payment records.

Data created through your use of the service

The policy also covers data created while you use the site. This may include:

  • Gameplay behaviour and product interactions.
  • Device details, IP address, browser type, and operating system.
  • Mobile identifiers and browsing data linked to cookies.
  • Recorded calls used for service quality, dispute handling, training, legal purposes, and fraud prevention.
  • Information you share voluntarily or make public through social media.

This matters because privacy is not only about forms you fill in. It also includes operational data. Device logs help detect account takeover. Payment patterns can flag abuse. Session data can help support teams solve account problems faster. In a gambling setting, those same data points may also be used for affordability checks, risk scoring, and account safety reviews.

Why personal data is processed and the legal basis used

The source policy says Maneki Spin relies on more than one legal basis. That reflects how GDPR works in practice. An operator may process data because it is needed for a contract, required by law, supported by consent in some cases, or justified by legitimate interests when those interests do not override the user’s rights and freedoms. The European Commission lists contract, legal obligation, consent, vital interests, public task, and legitimate interests as the main legal grounds.

Under contract, the site may use personal data to:

  • Open and manage player accounts.
  • Provide gaming services.
  • Send password reminders and account notices.
  • Process transactions.
  • Manage dormant accounts.

Under legitimate interests, data may also be processed for fraud prevention, service improvement, internal checks, and other reasonable business needs, provided a balancing assessment supports that use. That distinction is important. A password reset email is usually contractual. A behavioural fraud screen may rely on legitimate interests or legal duties, depending on the setup.

When personal information may be shared with third parties

A privacy policy becomes useful when it explains not only what a company collects, but who may see it and why. The source text says Manekispin Casino does not generally share personal information with third parties outside the company group for marketing purposes. That is an important limit. At the same time, the policy lists several cases where disclosure may still happen as part of normal operations, legal compliance, fraud controls, or a business transfer.

According to the policy, personal data may be shared in the following cases:

  • When required by a regulator or by law.
  • When a financial institution is asked to disclose account-related information to a regulator.
  • When the business must establish, exercise, or defend legal rights.
  • When third parties assist with verification, affordability checks, fraud detection, payments, storage, advertising, audits, or technical services.
  • When the business is sold, transferred, merged, or passed to a successor.
  • When self-exclusion issues must be reported to the relevant regulator.

This structure aligns with the broader GDPR model. A business can share personal data when there is a valid legal basis, when the use is transparent, and when the purpose is defined. EU guidance also stresses that organisations must tell individuals about the categories of recipients, the retention logic, and the rights available to the data subject.

How long Maneki Spin may keep your data

Retention is one of the most practical parts of any privacy notice. People want to know whether an old account disappears right away or remains on file for years. The source policy says the Website keeps information only as long as needed for the purposes for which it was collected. 

It then adds a more specific rule: after account closure, personal information may still be retained for at least 5 years, or longer if AML or CTF law requires that. The main reasons for retention include:

  • Compliance with EU or local law.
  • Legal claims and dispute handling.
  • Contractual rights and obligations.
  • Legitimate interests supported by balancing tests.

That approach mirrors official EU data protection guidance. The European Commission states that data should be stored for the shortest time possible, but legal obligations may require fixed retention periods, and organisations should define review or deletion timelines. In other words, deletion is not always immediate just because a user stops playing. In regulated sectors, recordkeeping may continue long after gameplay ends.

How retention works in practice

Data areaTypical reason for keeping itRetention logic described in the policy
Registration detailsAccount management, identity matching, legal complianceKept while the account is active and for a required period after closure
KYC documentsAge checks, identity verification, AML controlsMay be retained for at least 5 years after account closure if required
Payment and transaction recordsProcessing deposits, withdrawals, fraud review, audit trailStored according to legal, AML, tax, and contractual needs
Support and call recordsDispute handling, quality control, training, fraud preventionRetained as needed for service, legal, and compliance purposes
Security and device logsAccount protection, misuse detection, investigationsHeld for operational security and legitimate compliance needs

Your rights and choices over personal data

The source policy gives players a broad list of rights. These include the right to access, correct, erase in some cases, restrict processing, object, withdraw consent, and request portability. It also states that users can complain to a data protection authority and raise concerns about profiling or automated decision-making. That list closely matches the rights recognised under the GDPR framework.

The right to access is one of the most practical rights. A player can ask what data the company holds, why it uses it, and in some cases who received it. The source also says players can ask for inaccurate information to be corrected or removed where appropriate, and that such requests can be sent to the Data Protection Officer or customer support through [email protected]. EU guidance likewise states that controllers must facilitate the exercise of these rights and respond to valid requests within the legal timeframe.

The right to erasure, often called the right to be forgotten, is narrower than many users expect. The source correctly explains that deletion may apply when:

  • The data is no longer needed for the purpose for which it was collected.
  • Consent has been withdrawn and no other legal basis remains.
  • A legitimate-interest basis no longer outweighs the individual’s rights.
  • There was no valid legal basis for processing.
  • Erasure is required by law.

At the same time, the same section makes clear that mandatory retention rules under EU or local law can limit that right. In a gambling context, that limit is especially important because AML and dispute-related records often must stay on file for a fixed period.

The policy also covers restriction of processing, portability, objection, and withdrawal of consent. Restriction means the company may keep the data but stop using it in broader ways while an issue is reviewed. Portability applies only in narrower cases, such as data processed by automated means on the basis of consent or contract. Objection may apply to legitimate-interest processing and direct marketing. Withdrawal of consent must be possible at any time where consent is the legal basis, and the source says users can use an unsubscribe option or contact the DPO directly.

Automated decision-making and profiling

Many users pay attention to cookies, but fewer notice profiling clauses. Here, the source is unusually clear. It says automated systems may be used to:

  • Segment customers for more tailored services.
  • Detect fraud or money laundering risks.
  • Assess whether an account should be opened.
  • Verify age, residency, or similar eligibility conditions.
  • Review betting-related risk.

That means some decisions can be made quickly by systems before a human steps in.

The policy also explains the safeguard that matters most. A player has the right not to be subject to a solely automated decision that has legal or similarly significant effects, unless the decision is necessary for a contract, authorised by law, or based on explicit consent. It adds that requests in this area can be sent to the Data Protection Officer, that the normal response period is one month, and that the period may be extended by one more month if the request is complex or numerous. If a request is rejected, the company says it will explain why. It also reserves the right to charge a reasonable fee or reject a request that does not meet legal requirements.

That wording follows the broader GDPR structure. Automated screening is allowed in some settings, but it needs guardrails. For a casino, the most common impact points are account opening, transaction monitoring, and fraud blocks. If a user is flagged, the real question is not whether automation exists, but whether there is a lawful basis, a clear explanation, and a route to challenge the outcome.

Security of your data and confidentiality

Security is where promises must become a process. The source says Manekispin uses robust procedures and technologies to protect personal information from unauthorised access and misuse. According to the policy, these measures include:

  • Encryption of card details by payment providers.
  • Security testing of systems and applications several times each year by third-party experts.
  • An intrusion detection system that monitors network traffic 24/7.
  • A dedicated fraud department.
  • Advanced systems for detecting suspicious activity.
  • Suspension and investigation of accounts linked to suspicious behaviour.

The policy further states that SSL encryption is used for data in transit, and that card data is not collected, stored, or transferred directly by the Website because payment operations run through the payment gateway’s secure server. That division of roles is common in modern payment setups. The site still handles account and transaction context, but the card-processing environment sits with the payment provider.

Current cybersecurity guidance supports this layered model. The UK National Cyber Security Centre’s updated guidance says stronger forms of multi-factor authentication provide better protection against phishing attacks, which shows why account protection today depends on more than a password alone. Security is strongest when encryption, access control, monitoring, fraud review, and strong authentication work together, rather than as isolated tools.

Complaints and contact routes

If a player believes personal data was handled badly, the source policy gives two levels of action. First, the user can contact the Data Protection Officer at [email protected] and ask for the matter to be investigated. Second, if the answer is unsatisfactory or the user believes the processing is unlawful, the complaint can be taken to the relevant national data protection regulator. That two-step route is standard under EU privacy practice: raise the issue with the controller, then go to the supervisory authority if needed.

Changes to this Privacy Policy

Privacy rules do not stay fixed forever. The source says this policy may be updated from time to time to reflect operational or regulatory changes. It says the latest revision date will appear on the page and that users who continue to submit personal data or use the services after changes are made will be treated as having accepted them. It also adds an important safeguard: if significant changes affect how personal information is used, the site will provide a more prominent notice, and continued use of the services may require express acceptance of the new terms.

That is a practical rule for users. Checking the update date is not just a formality. It can reveal whether the operator changed retention logic, added new processors, introduced new verification tools, or adjusted rights-handling language.

Your obligations as a user

The last section of the source policy turns the focus back to the player. It says users must:

  • Provide real, accurate, and complete personal data.
  • Keep their information up to date.

If the Website finds a breach of those obligations, or reasonably suspects the information is false, incomplete, or inconsistent with data protection law or the privacy policy, it may reject registration or suspend or terminate the account without notice.

The source also states that in such a case the user has no right to compensation linked to the rejection, suspension, or closure.

That clause is easy to overlook, but it matters. Privacy is not only about what the operator must do. It also depends on whether the account holder gives true information. A casino cannot run valid KYC, age checks, or payment reviews against invented details. In that sense, accurate data is part of account security as much as a legal requirement.