burger icon
Spinz Win United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how we collect, use, disclose, protect, and store personal data when you use the Spinz Win online casino operated at spinswini.com for the United Kingdom market (the "Service"). It applies to visitors to our website, registered players, and any person who contacts us or otherwise interacts with the Service. Please read it carefully so that you understand your rights and how we handle your information.

For the purposes of this Privacy Policy, Spinz Win refers to the Spinz Win brand operated on the domain spinswini.com for players located in the United Kingdom, under the licences held by our platform operator. This Privacy Policy is effective from 6 November 2025 and is intended to remain in force while we continue to operate the Service, subject to updates described in the "Updates" section below.

Who We Are

Data controller and operator

The Service is operated on a white-label basis by the following company, which acts as the primary data controller for personal data processed in connection with the operation of Spinz Win on spinswini.com:

  • Company name: ProgressPlay Limited
  • Legal form: Limited company
  • Registered address: Soho Office, 3A, Punchbowl Centre, Elia Zammit Street, St. Julians, Malta
  • Registration number: C58305 (registered in Malta)
  • UK gambling licence: Licensed and regulated by the UK Gambling Commission under account number 39335 (see the UKGC public register for details)
  • MGA licence: Licensed and regulated by the Malta Gaming Authority under licence number MGA/B2C/231/2012 for non-UK markets

ProgressPlay Limited provides the technical platform, payment processing, customer support, and compliance infrastructure used by the Spinz Win brand. For UK players, the Service is regulated by the UK Gambling Commission (UKGC), including player funds protection and responsible gambling obligations such as participation in GamStop self-exclusion.

Data protection contact

We have designated a data protection contact point responsible for privacy matters (our Data Protection Officer or equivalent data protection function).

  • Postal contact: Data Protection Officer, ProgressPlay Limited, Soho Office, 3A, Punchbowl Centre, Elia Zammit Street, St. Julians, Malta
  • Website: via the contact or support forms available on https://spinswini.com (please clearly mark your request as "Privacy" or "Data Protection")
  • Email: please address your data protection requests to the dedicated privacy contact indicated in the "Contact Us" or "Privacy" section of spinswini.com, clearly stating that your query relates to Spinz Win

When contacting us, please provide sufficient information to identify your account (for example, username, registered email address, and country of residence) so that we can verify your identity and process your request securely.

What Personal Data We Collect

Identification and contact data

  • Account information: full name, date of birth, gender (where provided), username, password or other authentication credentials, and unique customer identifiers generated by our systems.
  • Contact details: email address, telephone number, postal address, country of residence, preferred language, and communication preferences (for example, marketing consents).
  • KYC/verification data: copies or details of identity documents (such as passport or ID card), proof of address (for example, utility bill or bank statement), source of funds or source of wealth documentation, and results of electronic identity checks performed through third-party providers.

Technical and usage data

  • Device and connection data: IP address, approximate geolocation derived from IP, device identifiers, browser type and version, operating system, screen resolution, and language settings.
  • Log data: dates and times of access, pages viewed, clicks, login attempts, session duration, error logs, and technical event logs for security, compliance, and troubleshooting purposes.
  • Cookies and similar technologies: unique identifiers stored through cookies, pixels, tags, SDKs, local storage, and other tracking technologies used for functionality, analytics, security, and marketing (see "Cookies & Tracking Technologies").

Financial and transactional data

  • Payment data: partial payment card data (for example, masked card number and expiry date), bank account details where required, electronic wallet identifiers, transaction tokens, and payment method preferences. We do not store full card numbers in plain text; secure payment processors handle card details.
  • Transaction history: deposits, withdrawals, bonus credits, balance adjustments, chargebacks, refunds, and related communication.
  • Anti-fraud and AML data: risk scores, internal risk flags, results of sanctions and politically exposed person (PEP) screening, and information derived from public databases or reputable third-party risk service providers.

Gaming and behavioural data

  • Gameplay information: betting and staking history, games played, sessions (start and end times), win/loss records, bonus usage, tournament participation, and features used on the platform.
  • Responsible gambling data: self-exclusion status (including participation in GamStop for UK players), deposit limits, loss limits, session limits, time-outs, reality checks, and internal observations relating to potential gambling-related harm.
  • Behavioural and interaction data: clicks, navigation patterns, engagement with messages or banners, response to promotional offers, and other usage analytics that help us understand how you interact with the Service.

Communication and support data

  • Customer support records: copies of emails, chat logs, call recordings (where applicable and permitted), complaints, dispute correspondence, and any attachments you send to us.
  • Feedback and surveys: information you provide through feedback forms, satisfaction surveys, reviews, or other voluntary communications.

Data from third parties

  • Verification and compliance partners: identity verification services, payment providers, fraud and risk scoring tools, and AML screening services may provide us with additional information about you (for example, verification results, risk indicators, or updated address data).
  • Self-exclusion and dispute resolution schemes: where relevant and permitted, we receive or share limited data with self-exclusion services such as GamStop and with approved alternative dispute resolution (ADR) providers such as IBAS (Independent Betting Adjudication Service) in connection with dispute handling.

Legal Basis for Processing

We process personal data only where we have a valid legal basis under the applicable data protection laws, including the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and where relevant the EU GDPR and other national laws such as Mexican privacy legislation. Depending on the context, we may rely on one or more of the following legal grounds:

  • Performance of a contract: we process your data where it is necessary to enter into, perform, and manage the contract between you and ProgressPlay Limited for the provision of the Service on spinswini.com. This includes setting up and operating your player account, verifying your eligibility to play, processing deposits and withdrawals, enabling gameplay, awarding bonuses, and providing customer support.
  • Compliance with legal obligations: we must process certain data to comply with our legal and regulatory obligations under UK gambling law, AML/CTF legislation, tax and accounting rules, responsible gambling requirements, and data protection laws. This covers KYC checks, age verification, transaction monitoring, reporting to regulators or law enforcement, and maintaining required records for specified periods.
  • Legitimate interests: we process data where it is necessary for our legitimate interests and where those interests are not overridden by your rights and freedoms. These interests include ensuring the security and integrity of our systems, preventing and detecting fraud and misuse, maintaining accurate records, improving and developing our products and services, analysing usage for business and risk management purposes, and defending or asserting legal claims. Where appropriate, we perform balancing tests to ensure that our interests do not unfairly impact you.
  • Consent: in certain situations we rely on your consent, for example for:
    • sending electronic marketing communications (email, SMS, push notifications) where required by law;
    • placing and accessing non-essential cookies or similar technologies for advertising or advanced analytics purposes;
    • processing specific categories of data or sharing data with particular partners where consent is the most appropriate legal basis.
    You may withdraw your consent at any time (see "Your Rights"), without affecting the lawfulness of processing carried out before withdrawal.
  • Protection of vital interests and public interest: in rare cases we may process or disclose data to protect your vital interests or those of another person, or where required for tasks carried out in the public interest, such as preventing serious crime or safeguarding vulnerable persons.

Purpose of Processing

Providing and managing the Service

  • Account creation and management: to register your player account for Spinz Win on spinswini.com, maintain your profile, manage access credentials, and administer your account settings and preferences.
  • Gaming operations: to provide you with casino games, process your bets, calculate and pay winnings, credit bonuses and promotions, and display your transaction and gameplay history.
  • Payments and withdrawals: to process deposits, withdrawals, refunds, chargebacks, and related payment operations through our payment partners, and to keep accurate financial records.

Compliance and risk management

  • Regulatory compliance: to fulfil our obligations under UKGC and MGA licence conditions, AML/CTF laws, responsible gambling regulations, tax laws, and other applicable rules, including monitoring transactions, performing checks, and supplying information to competent authorities.
  • Fraud prevention and security: to detect, investigate, and prevent fraud, money laundering, abuse of bonuses, account takeover, collusion, and any misuse of our systems or violations of our terms.
  • Responsible gambling: to monitor behaviour for potential signs of gambling-related harm, apply voluntary or mandatory limits, process self-exclusions (including via GamStop for UK players), and take other protective measures.

Service improvement and analytics

  • Service optimisation: to analyse how the Service is used, identify technical issues, improve performance and stability, and develop new features, products, and promotional structures.
  • Business intelligence: to compile aggregated and anonymised statistics about gameplay, marketing campaigns, and platform usage for internal reporting, forecasting, and strategic planning.

Marketing and personalisation

  • Direct marketing: to send you offers, newsletters, and promotions via email, SMS, push notifications, or other electronic means, where permitted by law and in line with your preferences and consents.
  • Personalised content: to tailor bonuses, recommendations, and site content to your profile, playing style, and preferences, using profiling within the limits permitted by data protection law and gambling regulations.
  • Advertising and campaigns: to measure and improve the effectiveness of our advertising and affiliate campaigns, including through analytics and, where applicable, advertising networks (subject to your consent for non-essential cookies).

Communication, support, and legal matters

  • Customer support: to respond to your questions, handle complaints and disputes (including via ADR providers such as IBAS), and provide ongoing assistance.
  • Legal claims and enforcement: to establish, exercise, or defend legal claims, enforce our terms and conditions, investigate suspicious activities, and cooperate with law enforcement and regulators.
  • Record keeping: to create and maintain accurate records of our interactions and transactions with you, as required for compliance, audit, and governance purposes.

Disclosure & Sharing

We treat your data with care and share it only where necessary, applying appropriate safeguards and contractual protections. Depending on the circumstances, we may share your personal data with the following categories of recipients:

  • Group and platform entities: internal departments within ProgressPlay Limited and any affiliates or technical partners involved in operating the platform, solely for purposes consistent with this Privacy Policy.
  • Payment and financial service providers: banks, card payment processors, e-wallet providers, and other payment intermediaries that process deposits, withdrawals, and chargebacks and assist with fraud and AML checks.
  • Identity verification, AML, and risk management providers: third-party service providers that perform identity checks, age verification, sanctions and PEP screening, device fingerprinting, fraud analytics, and creditworthiness or affordability assessments where required.
  • Technical and operational service providers: hosting providers, IT and security service providers, analytics platforms, customer support tools, email and SMS delivery platforms, and other vendors who assist us in providing and improving the Service.
  • Marketing and affiliate partners: subject to your consent where required, we may share limited data with marketing agencies, affiliate networks, and advertising partners to measure campaign performance and avoid duplication of offers. We do not sell your personal data.
  • Self-exclusion and responsible gambling schemes: organisations such as GamStop and other national self-exclusion registries, where sharing limited information is necessary to implement or manage your self-exclusion or other protective measures.
  • Alternative dispute resolution (ADR) providers: approved ADR entities such as IBAS, where we need to share relevant account and transaction information to investigate and resolve a dispute you have raised.
  • Regulators and public authorities: the UK Gambling Commission, the Malta Gaming Authority, data protection authorities, tax authorities, law enforcement agencies, courts, and other governmental or supervisory bodies when required by law or regulation or when necessary to protect our rights, your safety, or the rights of others.
  • Professional advisers: lawyers, auditors, consultants, and other professional advisers, subject to confidentiality obligations, in connection with the operation of our business and the defence or management of legal matters.
  • Corporate transactions: in connection with any merger, acquisition, sale of assets, restructuring, or similar corporate transaction involving ProgressPlay Limited or the Spinz Win brand, personal data may be disclosed to prospective or actual counterparties and their advisers, subject to appropriate safeguards and, where required, notification to you or the authorities.

Whenever we share personal data with third parties acting as our processors, we ensure that they are bound by written contracts requiring them to process data only on our instructions, to apply appropriate security measures, and to respect confidentiality obligations.

International Transfers

Because ProgressPlay Limited is based in Malta and works with providers and partners in multiple jurisdictions, your personal data may be transferred to, and processed in, countries other than the one in which you reside. These countries may have data protection laws that are different from those in your home jurisdiction.

  • Intra-EEA/UK transfers: transfers between the United Kingdom, Malta, and other European Economic Area (EEA) countries generally take place within jurisdictions that provide an equivalent level of data protection under UK GDPR and EU GDPR.
  • Transfers to third countries: some of our service providers, technical partners, or support teams may be located outside the UK/EEA (for example, in countries where data protection standards may not be deemed equivalent). In such cases, we implement appropriate safeguards, including:
    • using standard contractual clauses or equivalent international data transfer agreements approved under UK GDPR and/or EU GDPR;
    • relying on adequacy regulations or decisions where applicable;
    • conducting transfer impact assessments and implementing additional technical and organisational measures, such as encryption and access controls.
  • Access from other jurisdictions: support, risk, or technical teams may access data remotely from jurisdictions outside your own, strictly on a need-to-know basis and under contractual and security controls.

Where required by law, we can provide you with further information on the specific safeguards applied to international transfers relating to your data, including copies of relevant contractual clauses, subject to redaction for confidentiality.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, to comply with legal and regulatory requirements, to resolve disputes, and to enforce our agreements. Retention periods may vary depending on the type of data and applicable law, particularly gambling and AML regulations in the UK and other relevant jurisdictions.

  • Player account and KYC data: typically kept for the duration of your relationship with us and for a period of up to five (5) to seven (7) years after the closure of your account or the end of the business relationship, in line with AML, gambling, and financial record-keeping obligations.
  • Transaction and gaming data: records of deposits, withdrawals, bets, wins/losses, bonus usage, and gameplay may be retained for up to five (5) to seven (7) years after the relevant transaction or account closure, to comply with legal, tax, accounting, regulatory, and dispute-resolution requirements.
  • Responsible gambling and self-exclusion data: retained for as long as necessary to implement your self-exclusion or other responsible gambling measures and for an additional period required by regulators or necessary to evidence compliance and protect you and us from harm.
  • Marketing data: information used for marketing is kept until you withdraw your consent or object to marketing, after which we will stop marketing and retain only minimal records of your preference (for example, on a suppression list) to ensure we respect your choice.
  • Customer support and complaint records: correspondence and case files related to complaints, disputes, or regulatory investigations may be retained for up to six (6) to seven (7) years from closure of the case, subject to longer retention where reasonably necessary in the context of legal claims.

When personal data is no longer needed for the purposes for which it was collected and there is no legal requirement to retain it, we will take steps to delete, anonymise, or irreversibly de-identify it. Where full deletion is not possible (for example, because data has been stored in backup archives), we will securely store it and isolate it from further processing until deletion is feasible.

Your Rights

Depending on your place of residence and the applicable law (including UK GDPR, EU GDPR, and, where relevant, Mexican data protection legislation such as the Federal Law on Protection of Personal Data Held by Private Parties), you may have some or all of the following rights in relation to your personal data:

  • Right of access: you can request confirmation as to whether we process your personal data and obtain a copy of the data we hold about you, together with information about how and why it is processed.
  • Right to rectification: you can request that inaccurate or incomplete personal data be corrected or updated. In many cases you can update certain details (such as contact information) directly via your account on spinswini.com.
  • Right to erasure ("right to be forgotten"): you can request that we delete your personal data in certain circumstances, for example where it is no longer necessary for the purposes for which it was collected or where you have withdrawn consent. This right may be limited by our obligations under gambling, AML, and record-keeping laws that require us to retain certain data for specified periods.
  • Right to restriction of processing: you can ask us to restrict the processing of your data in certain situations, such as while we verify its accuracy, assess an objection you have raised, or where processing is unlawful but you oppose deletion.
  • Right to object: you can object at any time to the processing of your personal data based on our legitimate interests, on grounds relating to your particular situation. We will assess your objection and stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for legal claims. You also have an absolute right to object at any time to processing for direct marketing purposes.
  • Right to data portability: where processing is based on your consent or on a contract and carried out by automated means, you may request to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible.
  • Right to withdraw consent: where we rely on your consent for specific processing, you may withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before withdrawal, but we will stop the relevant processing going forward.
  • Rights under Mexican privacy law (where applicable): if Mexican data protection laws apply to you, you may have additional or overlapping rights often described as ARCO rights (Access, Rectification, Cancellation, and Opposition), as well as the right to revoke consent under the Federal Law on Protection of Personal Data Held by Private Parties and its regulations.

We will not charge you a fee for exercising your rights, unless requests are manifestly unfounded or excessive (for example, repeated requests), in which case we may charge a reasonable fee or refuse to act, in accordance with the law.

How to exercise your rights

  1. Submit your request: please contact us using the privacy contact channels indicated in the "Who We Are" or "Complaints & Contacts" sections, clearly stating that your request concerns your data protection rights and relates to Spinz Win.
  2. Provide identification: we may ask for additional information to verify your identity and ensure that we do not disclose personal data to an unauthorised person. This may involve confirming details of your account or providing supporting documentation.
  3. Clarify your request: where necessary, we may ask you to specify which right you wish to exercise and what data your request concerns, especially if your request is broad or relates to large volumes of data.
  4. Response timeframe: we aim to respond to all valid requests within one (1) month of receipt. In complex or numerous cases, this period may be extended by up to an additional two months, in which case we will inform you of the extension and the reasons.
  5. Outcome: we will provide a clear response explaining the actions taken or reasons for not taking action (for example, if legal obligations require us to retain certain information). If you are not satisfied, you may lodge a complaint with a supervisory authority (see "Complaints & Contacts").

Cookies & Tracking Technologies

We use cookies and similar tracking technologies on spinswini.com to ensure the proper functioning of the Service, enhance your experience, carry out analytics, and, where permitted, deliver personalised content and marketing. The use of cookies is also governed by the Privacy and Electronic Communications Regulations (PECR) and relevant data protection laws.

Types of cookies we use

  • Strictly necessary (functional) cookies: session or persistent cookies that are essential for operating the website, enabling you to log in, navigate secure areas, manage your account, place bets, and use core features. These cookies are required for the Service to function and cannot be switched off in our systems.
  • Preference cookies: cookies that remember your settings and choices (e.g., language, region, display preferences) to provide a more personalised experience.
  • Analytics and performance cookies: first-party or third-party cookies (for example, from analytics providers) that collect information about how visitors use the site, such as which pages are visited most often and error messages encountered. We use this information to improve performance and usability.
  • Advertising and marketing cookies: cookies and similar technologies used to deliver or measure advertising and to limit the number of times you see an advertisement. These may collect information about your interactions with our site and with marketing communications. They are typically set only where you have given consent.
  • Third-party cookies: cookies set by external services integrated into our site (such as analytics, security tools, or marketing networks). These third parties may process data as independent controllers in line with their own privacy policies.

Managing cookies

  • Cookie banner and preferences: when you first visit spinswini.com, you may be presented with a cookie banner or consent tool that allows you to accept or reject different categories of non-essential cookies. You can adjust your preferences at any time through the cookie settings available on the site, where provided.
  • Browser settings: most browsers allow you to block or delete cookies. The method varies by browser, but typically you can find the options in the "Settings," "Privacy," or "Security" menus. Please note that blocking certain cookies may impact the functionality of the Service.
  • Do Not Track and similar signals: unless required by law, our systems may not respond to Do Not Track signals. We will, however, honour consent choices made via our cookie tools and, where applicable, platform-level privacy controls.

Data Security

We implement a combination of technical, organisational, and physical security measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or destruction. While no system can guarantee absolute security, we continuously assess and enhance our controls in line with industry standards and regulatory expectations.

  • Encryption in transit and at rest: data transmitted between your device and our servers is protected using modern encryption protocols such as TLS 1.2 or higher. Where appropriate, we also encrypt data at rest in databases and backups.
  • Access controls and authentication: access to personal data is restricted to authorised personnel who require it for their job responsibilities, based on the principle of least privilege. Multi-factor authentication, strong password policies, and session controls are used to reduce the risk of unauthorised access.
  • Secure infrastructure: we host our systems in secure facilities with environmental protections, redundancy, and resilience measures. Firewalls, intrusion detection and prevention systems, anti-malware tools, and continuous monitoring are used to protect the platform.
  • Segregation and pseudonymisation: where feasible, we apply data segregation, tokenisation, or pseudonymisation techniques to reduce direct identifiability and limit the impact of potential breaches.
  • Vendor security: we select third-party service providers that commit to appropriate security standards and are bound by data processing agreements. We assess their security measures and compliance posture, particularly where they process personal data on our behalf.
  • Training and awareness: staff involved in processing personal data receive training on data protection, confidentiality, and security, and are subject to contractual obligations to keep information confidential.
  • Incident response: we maintain procedures to detect, assess, and respond to security incidents. In the event of a personal data breach, we will take appropriate steps to mitigate the impact and, where required by law, notify the relevant supervisory authorities and affected individuals without undue delay.
  • Standards and good practice: our security frameworks are designed with reference to recognised industry standards and good practices (such as ISO/IEC 27001-style controls and SOC 2-type principles), adapted to our operational and regulatory environment.

Complaints & Contacts

Contacting us

If you have questions, concerns, or complaints about this Privacy Policy or our handling of your personal data in connection with Spinz Win, please contact us first so that we can try to resolve the issue directly.

  • Data Protection Officer / Privacy contact:
    • Postal: Data Protection Officer, ProgressPlay Limited, Soho Office, 3A, Punchbowl Centre, Elia Zammit Street, St. Julians, Malta
    • Online: via the contact or support forms available on https://spinswini.com (please select the appropriate category and mention that your query relates to privacy).

Complaint procedure

  1. Initial contact: submit your complaint or query to our data protection contact using the channels above, providing your account details (where applicable) and a clear description of your concerns.
  2. Acknowledgement: we will acknowledge receipt of your complaint and may request additional information if needed to understand and address the issue.
  3. Investigation: we will investigate your complaint, involving relevant internal departments (such as compliance, security, or customer support) as appropriate. During this period, we may contact you for clarification or further evidence.
  4. Response: we aim to provide a substantive response within one (1) month from receipt of a complete complaint. For complex matters, we may need more time; in that case we will keep you informed about the delay and the expected timeframe.
  5. Further steps: if you are not satisfied with our response, you have the right to escalate your complaint to the relevant data protection authority or, where applicable, to engage ADR mechanisms (for gaming-related disputes) in parallel with or separate from privacy complaints.

Supervisory authorities

  • United Kingdom: if you are located in the UK or your complaint relates to processing subject to UK GDPR, you can lodge a complaint with the Information Commissioner's Office (ICO):
    • Website: https://www.ico.org.uk
    • Further contact details and complaint forms are available on the ICO's website.
  • European Union / EEA: if EU GDPR applies to you (for example, you are an EEA resident using our services where lawfully available), you may contact your local data protection authority in the EU/EEA. Contact details are available via the European Data Protection Board website.
  • Mexico: where Mexican data protection law applies, you may lodge complaints with the Mexican data protection authority, the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI):
    • Website: https://www.inai.org.mx
    • INAI provides guidance and procedures for submitting privacy-related complaints.

You may also have the right to bring a claim before a competent court. We encourage you, however, to contact us first so that we can seek to resolve your concerns in a timely and cooperative manner.

Updates

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal obligations, regulatory guidance, or technical and organisational measures. The most current version will always be available on spinswini.com, and the "Last updated" date at the end of the Policy indicates when it was last revised.

  • Notification of changes: for minor or clarifying updates, we may simply publish the revised Policy on spinswini.com. For material changes that significantly affect how we process your data or your rights, we will provide additional notice through appropriate channels, such as email notifications, account messages, or prominent banners on the website.
  • Advance notice: where reasonably practicable and required by law, we will provide at least 30 days' notice before material changes take effect, so that you have time to review them.
  • Your options: if you do not agree with the updated Privacy Policy, you may choose to stop using the Service and, where applicable, request the closure of your account. Continued use of the Service after the effective date of an update will generally be taken as your acknowledgement of the revised Policy, to the extent permitted by law.
  • Record of changes: in the case of significant updates, we may maintain a brief changelog or summary of key amendments, accessible from the Privacy Policy page, to help you understand how our practices have evolved.

Last updated: November 2025