burger icon
Get Lucky Casino United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how personal data is collected, used, stored, and shared when you visit, register or interact with Get Lucky Casino through the website getlucku.casino. It applies to players, former players, and website visitors who access our services from the United Kingdom or elsewhere. By reading this document you can OBSERVE what information we hold about you, EXPAND your understanding of how and why we use it, and REFLECT on the rights and choices available to you. This Privacy Policy is effective from 6 November 2025 and replaces any earlier versions published on getlucku.casino.

Who We Are

For the purposes of data protection law, the controller responsible for your personal data in connection with Get Lucky Casino is:

Co-Gaming Limited
Company number: C47444
Registered address / operational headquarters:
3rd Floor, Spinola Park, Triq Mikiel Ang Borg,
St. Julians, SPK1000,
Malta

Co-Gaming Limited is a Maltese-registered limited company and part of the wider ComeOn Group in the European iGaming market. It historically operated Get Lucky Casino for the UK market under UK Gambling Commission licence number 39286; however, as of 2025, this licence is no longer used for the Get Lucky Casino brand, which is not currently licensed to provide gambling services to players in the UK. This Privacy Policy nonetheless explains how personal data is handled when you interact with the brand via getlucku.casino.

If you have any questions about this Privacy Policy or how we OBSERVE, EXPAND, and REFLECT on personal data processing, you can contact our data protection function:

  • Data Protection contact (DPO / data protection team): [email protected]
  • Website: https://getlucku.casino
  • Postal contact: Data Protection Officer, Co-Gaming Limited, 3rd Floor, Spinola Park, Triq Mikiel Ang Borg, St. Julians, SPK1000, Malta

What Personal Data We Collect

We collect and process different categories of personal data when you visit getlucku.casino, create or use an account with Get Lucky Casino, or otherwise interact with our services. We OBSERVE this data so we can provide and secure our services, EXPAND its use for legitimate operational needs, and REFLECT your rights and choices.

Identity and Contact Data

  • Identification data: full name, date of birth, gender, nationality, and unique customer identifiers.
  • Contact details: e-mail address, telephone number, residential address, country of residence, preferred language.
  • KYC / verification data: copies and details of identity documents (passport, ID card, driving licence), address verification documents (utility bills, bank statements), and information collected as part of "know your customer" (KYC) and anti-money laundering (AML) checks.

Account and Behavioural Data

  • Account data: username, password (stored in hashed form), security questions, account settings and preferences, responsible gambling settings, communications preferences.
  • Gameplay and betting data: game selections, betting history, stakes, wins and losses, session times, bonuses and promotions used, tournament participation, and in-game behaviour patterns.
  • Interaction and support data: records of your communications with us (e.g. e-mails, chat logs, complaint correspondence, survey responses), and information you provide via forms on getlucku.casino.

Technical and Device Data

  • Technical identifiers: IP address, approximate location based on IP, device identifiers, browser type and version, operating system, time zone, and language settings.
  • Usage logs: login and logout times, session duration, authentication logs, access times, pages viewed, clicks, referral URLs, and performance/diagnostic events.
  • Security and fraud indicators: failed login attempts, unusual transaction patterns, device fingerprinting information where legally permitted.

Payment and Financial Data

  • Payment details: limited card details (such as masked card number, expiry date), bank account information, payment method identifiers, and wallet information as necessary to process deposits and withdrawals.
  • Transaction data: payment amounts, currencies, timestamps, payment provider data, transaction identifiers, and chargeback information.
  • AML/CTF data: information related to source of funds/wealth and other financial data collected to comply with anti-money laundering and counter-terrorist financing obligations.

Cookies and Similar Technologies

  • Cookies: small text files stored on your device to remember your preferences, authenticate your session, and enhance your experience.
  • Similar technologies: web beacons, tracking pixels, tags, and local storage used for analytics, security, and marketing (where permitted).
  • Third-party tracking: data collected via third-party analytics and advertising providers (for example, aggregated data on how you navigate the site) where you have given consent or where permitted under applicable law.

Legal Basis for Processing

We process personal data in accordance with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and relevant e-privacy rules (including the Privacy and Electronic Communications Regulations "PECR"). We apply a System 2 analytical approach to ensure that every processing activity is grounded in a clear legal basis:

  • Performance of a contract: We process your data where it is necessary to enter into, perform, or administer the agreement between you and Get Lucky Casino, such as:
    • creating and managing your player account at getlucku.casino;
    • processing deposits, wagers, and withdrawals;
    • providing customer support and handling your requests;
    • ensuring that games and services operate as expected.
  • Compliance with legal obligations: We process your data when required by applicable laws and regulations, including but not limited to:
    • AML/CTF and KYC regulations, which require us to verify your identity and monitor transactions;
    • bookkeeping, accounting, and tax laws requiring us to retain certain transaction and financial records;
    • gambling, remote-gaming and consumer protection rules in the jurisdictions in which we operate (including Malta and historically the UK market), and requests from competent authorities.
  • Legitimate interests: We process data where necessary for our legitimate business interests, provided these do not override your rights and freedoms. These interests include:
    • securing our systems, preventing fraud and abuse, and protecting the integrity of games and payment processes;
    • performing analytics and statistical reporting to improve our services and user experience;
    • defending, exercising, or establishing legal claims, including dispute handling and regulatory reporting;
    • ensuring business continuity and IT operations.
  • Consent: In specific situations, we rely on your explicit consent, for example:
    • sending you direct electronic marketing (e-mail, SMS, push notifications) where consent is required by UK GDPR or PECR;
    • using non-essential cookies and similar technologies for analytics and advertising;
    • processing special categories of data (if ever collected) only where permitted and with your explicit consent or another lawful basis.

You may withdraw your consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.

Purpose of Processing

We EXPAND the use of personal data strictly in line with clearly defined purposes. For each purpose we apply the principles of data minimisation and proportionality.

  • Providing and managing our services: to create and operate your Get Lucky Casino account, enable gameplay, process transactions, provide customer support, and deliver the website and mobile experiences through getlucku.casino.
  • Compliance and risk management: to perform identity verification, age verification, AML/CTF checks, affordability and risk assessments, responsible gambling monitoring, and to comply with record-keeping, reporting, and other legal obligations.
  • Service improvement and analytics: to understand how users interact with getlucku.casino, diagnose technical issues, optimise performance, design new features, and improve game offerings, using aggregated and pseudonymised analytics where possible.
  • Marketing and personalisation: to send you offers, bonuses, newsletters, and promotions related to Get Lucky Casino (where permitted), to personalise content and recommendations, and to tailor communications to your interests and playing profile.
  • Fraud prevention and security: to detect and prevent fraud, money laundering, cheating, abuse of promotions, unauthorised account access, and other security threats, as well as to enforce our terms and conditions.
  • Customer communication and relationship management: to respond to your questions or complaints, manage loyalty or VIP programmes, conduct surveys, and inform you about changes to our terms, policies, or services.
  • Legal claims and business operations: to establish, exercise or defend legal claims, to manage internal audits and compliance, and to support corporate transactions (such as restructuring or transfer of business) in a manner that respects your privacy.

Disclosure & Sharing

We take a REFLECTIVE approach to who can access your data. We share personal data only where necessary, lawful, and subject to appropriate safeguards. Depending on your interactions with Get Lucky Casino, we may disclose your data to:

  • Group and affiliated entities: companies within the ComeOn Group or other related entities involved in operating or supporting getlucku.casino, strictly for purposes consistent with this Privacy Policy.
  • Payment service providers and banks: financial institutions, card payment processors, wallet providers, and other payment partners that process deposits, withdrawals, refunds, and chargebacks.
  • Technical and service providers: IT hosting providers, platform suppliers, game providers, analytics services, customer support tools, identity verification and KYC providers, marketing agencies, and other vendors that act as processors on our behalf under data processing agreements.
  • Regulators and public authorities: gambling authorities, financial intelligence units, data protection authorities, tax authorities, courts, law enforcement bodies, and other public authorities where required or permitted by law, or to protect our legal rights.
  • Business partners and affiliates: affiliates, media partners, and advertising networks that promote Get Lucky Casino, but only to the extent necessary to track performance, prevent abuse, and manage our relationships, and in accordance with applicable consent requirements.
  • Professional advisers: lawyers, auditors, consultants, and insurers who provide professional services and are subject to legal or contractual confidentiality obligations.
  • Corporate transactions: potential or actual buyers, investors, or counterparties in connection with any merger, acquisition, asset sale, or corporate restructuring, under strict confidentiality and only where relevant to the transaction.

We do not sell your personal data for monetary consideration. Any marketing-related sharing (for example, with advertising networks) is conducted in line with consent and transparency requirements, and you may withdraw your consent at any time where such consent is the legal basis.

International Transfers

As a Maltese-based operator providing online services that may be accessed from the UK and other countries, we sometimes transfer personal data across borders. We OBSERVE the origin and destination of such transfers, EXPAND protective measures, and REFLECT the safeguards required by law.

  • Within the UK and EEA: Your data may be processed in the United Kingdom, Malta, and other European Economic Area (EEA) countries where our group entities, platform providers, or service partners are located. These locations are subject to UK GDPR / EU GDPR-equivalent protections.
  • Transfers outside the UK/EEA: Some providers may be located in, or may store data in, countries outside the UK/EEA that may have different data protection standards (for example, cloud or technology providers). In these cases, we implement:
    • UK-approved Standard Contractual Clauses (SCCs) and/or the UK International Data Transfer Agreement (IDTA);
    • technical and organisational measures (such as encryption and access controls);
    • transfer risk assessments to evaluate and mitigate privacy risks.
  • Adequacy decisions: Where the UK government recognises a country as providing an adequate level of protection, we may rely on that adequacy decision as the legal basis for transfer.

Details of the specific safeguards for a particular transfer can be requested via our data protection contact. We will provide a copy or summary of the relevant contractual protections where legally permitted.

Data Retention

We keep personal data only for as long as needed to fulfil the purposes for which it was collected, to meet our OBSERVE obligations, and to REFLECT legal and regulatory requirements. Retention periods may differ depending on the type of data and applicable laws:

  • Player account and identification data: normally retained for the duration of your relationship with Get Lucky Casino and for at least five (5) years and up to seven (7) years after account closure or final transaction, in line with AML/CTF and gambling-related record-keeping obligations.
  • Transaction and financial data: retained for five (5) to ten (10) years from the end of the relevant financial year, as required by accounting, tax, and anti-money laundering regulations.
  • Technical logs and security data: retained for periods typically ranging from six (6) months to five (5) years, depending on the nature of the logs and security needs, to detect and investigate fraud, abuse, or security incidents.
  • Marketing data: retained until you withdraw your consent or object to marketing, after which we will promptly stop processing for this purpose and keep a minimal record of your preference to ensure we honour it.
  • Complaint and dispute data: retained for as long as necessary to resolve the issue and for an additional period (typically up to six (6) years) to allow us to establish, exercise, or defend legal claims.

When data is no longer required, we will anonymise or securely delete it. In deciding retention periods, we consider statutory limitation periods, regulatory expectations, and our legitimate interests. Where possible, we use aggregated or pseudonymised data instead of identifiable data for long-term analytics.

Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have several rights regarding your personal data. If, in specific circumstances, Mexican privacy law (such as the Federal Law on Protection of Personal Data Held by Private Parties) were to apply, similar rights would also be recognised. We REFLECT your rights as follows:

  • Right of access: to obtain confirmation as to whether we process your personal data and to receive a copy of that data, along with information about how it is used.
  • Right to rectification: to have inaccurate or incomplete personal data corrected or updated.
  • Right to erasure ("right to be forgotten"): to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, you have withdrawn consent and there is no other legal ground, or you have validly objected to the processing, subject to legal retention obligations (for example, AML/CTF requirements).
  • Right to restriction of processing: to request that we limit processing in certain situations (for example, while we verify the accuracy of data or assess an objection).
  • Right to object: to object at any time to processing based on our legitimate interests, and to object separately to direct marketing (including profiling for marketing purposes). We will stop marketing when you object.
  • Right to data portability: to receive certain personal data in a structured, commonly used, machine-readable format and to request that we transmit it to another controller where technically feasible.
  • Right to withdraw consent: where processing is based on consent (for example, marketing communications or certain cookies), you may withdraw that consent at any time.

Where Mexican law applies to a particular user, similar ARCO rights (Access, Rectification, Cancellation, and Opposition) will be respected in line with applicable Mexican regulations, in addition to the protections afforded under UK/EU-inspired standards.

How to exercise your rights:

  1. Submit your request to our data protection contact at [email protected] or via any data protection form made available on getlucku.casino.
  2. Provide sufficient information to enable us to verify your identity (for example, your account username, registered e-mail address, and, where needed, additional verification checks).
  3. Clearly state which right you wish to exercise and what information your request relates to.

We will respond to your request without undue delay and in any event within one (1) month of receipt, extendable by up to two additional months where necessary due to complexity or volume of requests. If an extension is needed, we will inform you within the initial one-month period. Requests are normally handled free of charge; however, we may charge a reasonable fee or refuse to act on manifestly unfounded or excessive requests, as permitted by law.

Cookies & Tracking Technologies

When you visit getlucku.casino or use Get Lucky Casino services, we use cookies and similar technologies to OBSERVE how the site is used, EXPAND functionality, and REFLECT your preferences.

Types of Cookies

  • Strictly necessary cookies (session and persistent): essential for the operation of the website and for enabling basic functions such as secure login, session management, and payment processing. Without these cookies, services you request cannot be provided.
  • Functional cookies: used to remember your choices (such as language, region, or layout preferences) and to provide enhanced, more personalised features.
  • Analytics and performance cookies: help us understand how visitors use getlucku.casino (e.g. which pages are visited most, error messages, loading times). We use this information to improve site performance and user experience, typically in aggregated or pseudonymised form.
  • Advertising and targeting cookies: set by us or our advertising partners to build a profile of your interests and show relevant advertising related to Get Lucky Casino. These cookies may track your browsing across websites, subject to your consent and applicable law.
  • Third-party cookies: placed by third-party services integrated into our site (such as analytics tools or embedded content). These third parties may process your data in accordance with their own privacy policies, which we encourage you to review.

Managing Cookies

  • Cookie banner and preferences: When you first visit getlucku.casino, a cookie banner will invite you to accept, reject, or customise non-essential cookies. You can change your choices at any time via our cookie settings or preferences centre (where available).
  • Browser settings: Most web browsers allow you to control cookies (e.g. block, limit, or delete them). Please refer to your browser's help section for instructions. Blocking some cookies may affect functionality and your ability to use certain features.
  • Do Not Track and similar signals: We will honour legally recognised signals and settings where required by applicable law and technically feasible.

Further details about specific cookies used on getlucku.casino, including their purpose and lifespan, may be provided in a separate cookie notice or within our cookie settings interface.

Data Security

We implement technical and organisational measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Our approach is to OBSERVE potential threats, EXPAND layered controls, and REFLECT on emerging security standards.

  • Encryption: data transmitted between your browser and our servers is protected using TLS (Transport Layer Security) version 1.2 or higher. Where appropriate, we use encryption and pseudonymisation to protect data at rest.
  • Access controls: access to personal data is restricted to authorised personnel and service providers who need it for legitimate business purposes and are bound by confidentiality obligations and data processing agreements.
  • Authentication and account security: we employ robust authentication mechanisms, password hashing, and may support multi-factor authentication where appropriate, to reduce the risk of unauthorised access to your Get Lucky Casino account.
  • Network and infrastructure security: we use firewalls, intrusion detection/prevention systems, monitoring, and logging to detect and respond to suspicious activity and potential attacks.
  • Security governance and training: we maintain internal policies, procedures, and training programmes to ensure staff understand their data protection responsibilities and follow good security practices.
  • Vendor due diligence: third-party service providers that process personal data for Get Lucky Casino are assessed and required to implement appropriate security measures, often aligned with internationally recognised standards such as ISO 27001 or SOC 2 where applicable.
  • Incident response: we maintain incident response plans to identify, investigate, mitigate, and report data breaches. Where a breach poses a risk to your rights and freedoms, we will notify the relevant supervisory authority and, when required by law, you as the affected individual.

While we strive to use commercially reasonable safeguards, no system can be guaranteed as completely secure. You also play an important role in protecting your data by keeping your login credentials confidential and notifying us promptly if you suspect unauthorised use of your account.

Complaints & Contacts

If you have concerns about how we process your personal data, or if you wish to exercise any of your rights, we encourage you to contact us first so we can OBSERVE your issue, EXPAND our investigation, and REFLECT an appropriate solution.

Contacting Us

  • E-mail (preferred): [email protected]
  • Postal address: Data Protection Officer, Co-Gaming Limited, 3rd Floor, Spinola Park, Triq Mikiel Ang Borg, St. Julians, SPK1000, Malta
  • Website: contact or privacy forms available at https://getlucku.casino (where provided)

Internal Complaint Procedure

  1. Submit your complaint: Provide a clear description of your concern related to privacy, data protection, or how Get Lucky Casino has handled your personal data.
  2. Verification: We may ask for information to confirm your identity and to locate relevant records (for example, account details or transaction references).
  3. Investigation: Our data protection team will investigate your complaint, consulting internal logs, systems, and relevant staff where necessary.
  4. Response: We aim to respond to complaints within 30 days. If we require more time due to complexity, we will inform you of the extension and the reasons for it.
  5. Resolution: We will explain our findings and any actions taken, including measures to correct or improve our handling of your data where appropriate.

Supervisory Authorities

If you are not satisfied with our response, or if you prefer not to contact us first, you have the right to lodge a complaint with a data protection authority:

  • United Kingdom: Information Commissioner's Office (ICO)
    Website: https://www.ico.org.uk
    Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
  • European Economic Area: If you reside in an EEA country, you may also contact your local data protection authority. Details can usually be found on your national regulator's website.
  • Mexico (where Mexican law applies): National Institute for Transparency, Access to Information and Personal Data Protection (INAI). More information is available at https://www.inai.org.mx.

We will cooperate fully with competent supervisory authorities and follow their guidance where applicable.

Updates

We may update this Privacy Policy from time to time to OBSERVE legal developments, EXPAND coverage to new services or features, and REFLECT changes in our processing activities or organisational structure.

  • Notification of changes: Material changes will be notified through one or more of the following:
    • e-mail to the address associated with your Get Lucky Casino account;
    • prominent banners or notices on getlucku.casino;
    • alerts within your account dashboard (where available).
  • Advance notice: Where feasible and required, we will provide at least 30 days' advance notice before material changes take effect, especially where changes affect how we use your data or your rights.
  • Version control: Each version of this Privacy Policy will include a "Last updated" date. This version is Last updated: November 2025.
  • Changelog of material changes: For significant updates, we may provide a summary of key changes (for example, new categories of data collected, new purposes, or new recipient types) so you can quickly understand their impact.
  • Your options: If you do not agree with an updated version of the Privacy Policy, you may choose to stop using Get Lucky Casino services and, where applicable, close your account. Continued use of the services after changes take effect will normally signify your acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data in connection with Get Lucky Casino and getlucku.casino.