Bizzo Casino
Bizzo Casino
EN PL DE
FR NO EN EL
EN PL DE
FR NO EN EL

Scope and regulatory position

This Privacy Policy sets out the standards under which Bizzo Casino processes personal data in connection with the website located at bizzo-casin.com and related services. It is drafted for a global audience and is intended to reflect generally applicable data protection principles, including lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability. Where the General Data Protection Regulation applies, references to data subject rights and controller obligations are intended to align with GDPR requirements. Where local laws impose different or additional obligations, those local rules shall prevail to the extent of any conflict. This document applies to processing carried out through web, mobile, and customer support channels, as well as to processing connected to responsible gambling, security, and legal compliance functions.

The controller for the processing described in this document is Bizzo Casino, acting through the entity operating the domain and determining the purposes and means of processing. The controller may use processors that process personal data only on documented instructions and under contractual confidentiality and security obligations. This Privacy Policy does not apply to third party websites or services that may be accessible through links, integrations, or payment routing, even where such services are used for operational purposes. Where a third party acts as an independent controller, that third party’s own privacy policy governs its processing activities. Any interpretation of this document shall be guided by the requirement to protect personal data while enabling lawful operation of regulated iGaming services.

Definitions and roles

For the purposes of this document, personal data means any information relating to an identified or identifiable natural person, including identifiers such as account details, device identifiers, and transaction references. Processing means any operation performed on personal data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, restriction, erasure, or destruction. Controller means the party that determines the purposes and means of processing, while processor means a party that processes personal data on behalf of the controller. Where joint decision making occurs in limited contexts, the arrangement is handled through documented responsibilities and allocation of duties. These definitions shall be applied in a technology neutral manner across systems, logs, and support environments.

The term account data refers to information submitted to create and manage a player profile, including authentication and preference data. The term verification data refers to information used for identity, age, and payment verification, including documentation evidence and results derived from checks. The term usage data refers to information generated through interaction with the website, including events, timestamps, session identifiers, and security signals. The term special category data is processed only where strictly required by law, for example where a document may incidentally reveal health related information, and is otherwise avoided through minimisation practices. Any conflicts between definitions under local law and this document shall be resolved in favour of the stricter protective standard.

Categories of personal data processed

Bizzo Casino processes identification and contact data such as name, date of birth, email address, telephone number, and country of residence, where submitted during registration or verification. Account and authentication data may include username, password hash, security questions, multi factor authentication status, and access control records. Financial and transaction data may include payment method identifiers, deposit and withdrawal amounts, timestamps, partial card or account references, and fraud screening results obtained from payment partners. Compliance data may include know your customer results, age verification outcomes, sanctions screening outcomes, and responsible gambling flags. Communication data may include records of support interactions, complaint submissions, and dispute correspondence.

Technical and usage data may include IP address, device type, operating system, browser type, language settings, time zone, referral information, and event logs associated with gameplay or account activity. Security and integrity data may include login attempts, failed authentication logs, session tokens, anomaly detection indicators, and records of administrative actions. Where permitted by applicable law, limited geolocation data may be inferred from IP address to meet licensing, taxation, or fraud prevention requirements. Bizzo Casino aims to avoid collecting unnecessary data and limits processing to what is relevant for stated purposes. The processing of children’s data is not intended and is restricted through age gating and verification measures.

Collection methods and operational sources

Personal data is collected through direct submission when an account is created, when verification information is provided, and when support is contacted. Operationally, certain data is generated automatically when the website is accessed, including log data, device information, and identifiers necessary for session management and security monitoring. Information may be collected during deposits and withdrawals through payment workflows, including confirmations, chargeback notifications, and transaction status messages. Responsible gambling features may result in the collection of limits, self exclusion statuses, and related account controls. Each collection channel is designed to support traceability and accountability consistent with audit requirements.

Data may also be obtained from third party sources where necessary to meet legal obligations or to protect the integrity of services. Verification and screening providers may confirm identity, age, address, or sanctions exposure, returning results and risk indicators rather than raw documentation where feasible. Payment service providers, banks, and e wallet operators may transmit transaction confirmations, anti fraud signals, and dispute information. Public authorities may provide notices, orders, or lawful requests that require data review or disclosure. Where third party data is obtained, it is assessed for relevance, recorded with source context, and handled according to the same security and retention standards.

Processing is conducted on lawful bases that vary according to context, including performance of a contract, compliance with legal obligations, legitimate interests, and, where applicable, consent. Contractual necessity applies to account creation, gameplay functionality, transaction processing, and service administration. Legal obligations apply to identity verification, age checks, anti money laundering controls, fraud monitoring, record keeping, and responses to lawful authority requests. Legitimate interests may apply to securing the platform, preventing misuse, improving service reliability, and managing disputes, subject to balancing against fundamental rights and freedoms. Consent may apply to certain cookies, non essential tracking technologies, and optional marketing communications where such communications are permitted and offered.

This Privacy Policy is intended to reflect GDPR principles where relevant, including the requirement to maintain records of processing activities and to implement data protection by design and by default. Where consent is used, the controller applies mechanisms to record consent status and to facilitate withdrawal without detriment to core service provision where the processing is not necessary. Where legitimate interests are relied upon, the controller documents interest assessments and applies safeguards such as minimisation, access controls, and limited retention. Processing for compliance purposes may continue despite objection where the controller is legally obliged to retain or provide information. Any legal basis selection is reviewed periodically and adjusted in response to regulatory developments or operational changes.

Purposes of processing and service administration

The processing of personal data is carried out for specified, explicit, and legitimate purposes connected to the operation of iGaming services and the administration of user accounts. Purposes include registration, authentication, account management, deposit and withdrawal handling, payment reconciliation, and the provision of customer support. Processing is also conducted to detect and prevent fraud, account takeover, bonus abuse, and other prohibited activities, including through security monitoring and risk scoring. Compliance related purposes include know your customer checks, anti money laundering monitoring, age verification, sanctions screening, and responsible gambling enforcement measures. Operational logs are used to ensure system integrity, diagnose errors, and maintain service continuity during incidents.

Where communications are sent, they are sent for service related reasons such as verification requests, security alerts, transactional confirmations, and changes to terms or policies. If casino Bizzo offers optional informational messages about account status, regulatory notices, or product updates, such messages are managed under applicable consent and opt out rules. Data may be processed to manage complaints and disputes, including chargeback handling and evidence compilation for payment networks. Analytics may be used to measure platform performance and detect anomalous behaviour, using aggregation where feasible. Personal data is not processed for purposes that are incompatible with the above without an applicable legal basis and appropriate transparency measures.

Cookies, device identifiers, and tracking technologies

This section describes the use of cookies and similar technologies within the Privacy policy context applicable to web based access. Certain cookies are strictly necessary to enable core functions such as session management, security controls, and navigation, and these are used on the basis of legitimate interests and contractual necessity. Preference cookies may store language, region, or interface settings to provide consistent user experience. Analytics cookies and similar technologies may be used to understand service usage patterns and to improve performance, subject to applicable consent requirements in relevant jurisdictions. Where consent is required, a consent mechanism is used to record choices and enable changes at a later time.

Device identifiers and network information may be processed to prevent fraud and to secure accounts, including through recognition of unusual access patterns and risk based authentication. Tracking technologies may also support the detection of automated traffic, credential stuffing, and other forms of abuse that present material risk to integrity. If third party analytics tools are used, data access is restricted through contractual controls, configuration limitations, and retention settings aligned to the controller’s standards. Where the technology permits, IP addresses may be truncated or pseudonymised to reduce risk, while maintaining utility for security and compliance. Cookies may be deleted through browser settings, but deleting strictly necessary cookies may affect the ability to access authenticated areas.

Retention periods and storage limitation

Personal data is retained only for as long as necessary to achieve the stated purposes, to comply with legal obligations, and to establish, exercise, or defend legal claims. Account related data is generally retained for the duration of the account relationship and for an additional period after account closure to meet compliance and dispute resolution requirements. Transaction and financial records are commonly retained for 5 years where anti money laundering or accounting rules require such retention, although local requirements may mandate longer periods. Verification records may be retained for 2 years after completion of checks where this supports auditability, unless longer retention is required by law or justified by legal claims. Security logs may be retained for 180 days to support investigations and incident response, subject to adjustment based on risk assessments and regulatory expectations.

Retention rules are applied with differentiation by data category, risk level, and legal requirement, and are enforced through access controls and deletion or anonymisation workflows. Where anonymisation is performed, it is applied in a manner intended to prevent re identification, with consideration of available means reasonably likely to be used. Where deletion is restricted due to legal holds, ongoing disputes, or authority instructions, processing is limited to what is necessary for those purposes. The controller reviews retention configurations at least every 12 months to ensure alignment with legal and operational requirements. Any extended retention is documented with reasons, legal basis, and protective measures.

Data sharing, disclosures, and third party recipients

Personal data may be disclosed to processors and service providers that support the operation of the platform, including hosting providers, identity verification vendors, payment service providers, fraud prevention partners, customer support tooling providers, and security monitoring vendors. Such recipients are subject to contractual commitments that include confidentiality obligations, security requirements, and restrictions on further processing. Where processors are used, the controller requires documented instructions and implements oversight measures, including audits or compliance attestations where appropriate. Personal data may also be shared within a corporate group where necessary for centralised security, compliance, finance, or customer support operations, subject to appropriate safeguards. The scope of disclosures is limited to what is necessary for the relevant service function.

Disclosures may occur to competent authorities, regulators, law enforcement, and dispute resolution bodies where required by applicable law or where necessary to protect legal rights. Where casino Bizzo receives a legally binding request, it assesses validity, scope, and proportionality, and seeks to limit disclosure to the minimum necessary information. Data may be shared with payment networks and banks in the context of chargebacks, fraud investigations, and transaction reversals, including provision of evidence such as login logs and transaction confirmations. Where permitted, aggregated or pseudonymised information may be used for reporting and operational insights with reduced identifiability. Bizzo Casino does not sell personal data as a commercial activity, and any sharing is conducted for operational or compliance purposes.

International transfers and cross border processing

Given the global audience and the distributed nature of technology providers, personal data may be processed in jurisdictions outside the country of residence of the individual. Where the GDPR applies and data is transferred outside the European Economic Area, transfers are conducted using recognised safeguards such as Standard Contractual Clauses, and supplementary measures are applied where risk assessments indicate a need. Where adequacy decisions exist for a destination jurisdiction, the controller may rely on them as a transfer mechanism. Cross border processing may also occur when support teams, compliance teams, or security teams operate from different locations, and access is controlled through role based permissions. Transfer impact assessments are conducted where required, considering the nature of data, purposes of processing, and the legal environment of the destination.

The controller implements measures to limit unnecessary cross border exposure, including data localisation choices where feasible, regional hosting options, and restricted remote access. Encryption in transit is used to protect confidentiality during transfers, and access is logged for audit and investigation purposes. Where a processor subcontracts further processing, it is required to obtain authorisation and to ensure equivalent safeguards. If a transfer mechanism becomes invalid or materially challenged by legal developments, the controller will implement alternative safeguards or cease the affected transfers where necessary. The Privacy Policy framework is applied consistently across regions, subject to mandatory local deviations.

Information security and confidentiality controls

Bizzo Casino implements technical and organisational measures intended to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, and unauthorised access. Security controls commonly include encryption in transit using modern protocols, access control with least privilege principles, logging and monitoring, secure software development practices, and vulnerability management. Passwords are stored using cryptographic hashing and appropriate salting, and administrative access is restricted through multi factor authentication where available. Data at rest encryption may be applied for high risk datasets, including verification records and sensitive transaction metadata, depending on system architecture. Incident response procedures are maintained to identify, contain, investigate, and remediate security events.

Risk based security reviews are conducted to address threats such as fraud, credential theft, and account takeover, and controls are adapted based on observed patterns. Organisational measures include confidentiality obligations for personnel, access approvals, segregation of duties, and periodic training aligned with compliance responsibilities. Where appropriate, the controller targets a minimum 99.5% availability objective for critical systems, while recognising that security considerations may require temporary restrictions to protect integrity. Security testing may include penetration testing and code review cycles, and findings are tracked to remediation. While no system can guarantee absolute security, the controller applies proportional measures consistent with regulatory expectations and the sensitivity of processed data.

Data subject rights and how requests are handled

Rights based protections apply to personal data processing, including rights of access, rectification, erasure, restriction, portability, and objection, subject to conditions and limitations under applicable law. Where the GDPR applies, a right exists not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects, unless an applicable exception applies and safeguards are implemented. Requests are assessed to confirm identity and to prevent unauthorised disclosure, which may require verification steps proportionate to the risk. The controller may refuse or limit a request where legally permitted, including where compliance obligations require retention or where disclosure would adversely affect the rights of others. The request handling process is designed to provide transparent outcomes and to document decision making.

Where a rights request is accepted, the controller aims to respond within 30 days of receipt, with extensions applied where requests are complex or numerous and where permitted by law. Where an extension is used, the controller will provide an explanation of the reason for delay and the expected timeframe, subject to legal constraints. If casino Bizzo processes data on the basis of consent for certain optional features, withdrawal of consent will take effect without undue delay, while processing required for compliance or contractual purposes may continue as necessary. Objection to processing based on legitimate interests will be assessed through a balancing review, and processing will cease where the objection prevails and no overriding grounds exist. A complaint may be lodged with a competent supervisory authority where applicable, and the controller will cooperate with lawful investigations.

Contact channels and data request procedures

Operationally, requests and inquiries concerning personal data are handled through designated contact channels associated with the domain, supported by internal workflows and ticketing controls. A request should include sufficient information to identify the account or the relevant processing context, while avoiding inclusion of unnecessary sensitive information in free text. Identity verification for requests may involve confirming account access, responding from a registered email address, or providing additional information where account compromise risk is present. The controller records the request date, request type, steps taken, and the outcome to support accountability and audit obligations. Where an authorised agent submits a request, evidence of authority may be required before data is disclosed or changed.

For security and compliance, certain changes, such as modifications to payment details or high risk account attributes, may require additional verification and may be subject to cooling off measures of 24 hours to mitigate fraud. Communications relating to disputes or chargebacks may require retention of the correspondence as part of legal claim management. Where the request concerns data processed by a processor, the controller coordinates with that processor to respond within required timeframes. If a request is manifestly unfounded or excessive, the controller may charge a reasonable fee or refuse to act where legally permitted, and reasons will be documented. These procedures are designed to ensure that personal data is handled consistently, securely, and in line with the Privacy policy principles reflected throughout this document.

Changes to this Privacy Policy and ongoing compliance

This Privacy Policy may be amended to reflect changes in legal requirements, regulatory guidance, industry standards, security practices, or operational processes of Bizzo Casino. Regulatory framing is central to the amendment approach, and any update is intended to preserve the principles of transparency, minimisation, and accountability while enabling lawful operation across a global audience. Where changes materially affect processing purposes, categories of personal data, or rights handling, an appropriate notice mechanism will be used, such as an on site notice or account message, subject to the context and legal requirements. The controller maintains version control and records of policy updates to support auditability and to demonstrate compliance measures. Where consent is required for certain processing activities, material changes will not be implemented without obtaining refreshed consent when mandated.

This final section confirms that the controller’s compliance programme includes periodic reviews, documented risk assessments, and internal governance designed to align processing with applicable data protection frameworks, including GDPR principles where relevant. The commitment extends to secure processing, restricted sharing, and retention limitation, supported by organisational controls and technical safeguards. Requests and complaints will be handled in accordance with the timelines described in this document, including the standard 30 days response objective where applicable, and records will be retained to evidence outcomes. Where legal obligations require extended retention or disclosure, processing will be limited to the required scope, and access will be restricted to authorised roles. Any subsequent amendment to this Privacy Policy will take effect upon publication at bizzo-casin.com/privacy-policy, and prior versions may be retained for 3 years for accountability purposes. The controller will continue to evaluate evolving legal requirements, cross border transfer safeguards, and security controls to maintain compliance and to protect the rights and freedoms associated with personal data processing.