burger icon
Casa Pariurilor United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how personal data is collected and used in connection with the Casa Pariurilor pages on cesapariurilor.com. It applies to visitors to the website and to individuals who interact with our online casino-related services (such as creating an account, subscribing to marketing, or using support channels), but it does not authorise or legitimise the provision of gambling services in the United Kingdom. This Privacy Policy is effective from 6 November 2025 and is intended to comply with applicable UK data protection law (UK GDPR and the Data Protection Act 2018), as well as comparable international standards, including Mexican data protection regulations where relevant.

Who We Are

The Casa Pariurilor pages on cesapariurilor.com relate to the Casa Pariurilor brand, which is operated at group level by:

  • Hattrick PSK d.o.o., a company incorporated in Croatia and identified in public sources as the operating company behind the Casa Pariurilor brand, headquartered in Zagreb, Croatia (exact registered office details and registration number as recorded in the Croatian commercial register).
  • Hattrick PSK d.o.o. is part of the Fortuna Entertainment Group, a major Central and Eastern European betting operator.
  • The ultimate parent company of Fortuna Entertainment Group is Entain plc (formerly GVC Holdings), a FTSE 100 sports betting and gaming group headquartered in London, United Kingdom.

For the purposes of UK data protection law, the primary data controller for personal data collected via the Casa Pariurilor pages on cesapariurilor.com will be Hattrick PSK d.o.o., acting within the Fortuna Entertainment Group. Depending on the specific service used and your location, other group entities (including entities within Entain plc) may act as joint controllers or processors.

Regulatory context. The Casa Pariurilor online gambling operations are lawfully licensed by the Romanian National Gambling Office (ONJN) under licence number L1160652W000306, which authorises online fixed-odds betting, casino games and poker exclusively within Romania and is currently valid until 31 December 2026. This licence has no legal effect in the United Kingdom. Searches of the UK Gambling Commission (UKGC) public register for "Hattrick PSK d.o.o." and "Casa Pariurilor" show no UK licence, and any operation directed at UK players without a UKGC licence would be illegal. Nothing in this Privacy Policy should be interpreted as stating or implying that Casa Pariurilor on cesapariurilor.com is licensed by the UKGC.

Data protection contact. A dedicated data protection contact point (data protection officer or equivalent function) is available via the contact channels published on cesapariurilor.com. When you contact us, please clearly state that your query relates to the Casa Pariurilor pages so it can be routed to the appropriate privacy team. We will handle all privacy-related communications in accordance with UK GDPR, the Data Protection Act 2018 and, where applicable, Mexican data protection law.

What Personal Data We Collect

When you use the Casa Pariurilor sections of cesapariurilor.com, we may collect and process the following categories of personal data, depending on how you interact with us and which features you use:

Identification and contact data

  • Profile data: full name, username, date of birth, gender and similar identifiers you provide when creating or managing an account.
  • Contact details: email address, mobile and landline phone numbers, postal address, preferred language and communication preferences.
  • Verification data: copies or details of identity documents, proof of address, and other Know Your Customer (KYC) information required for age verification, anti-money-laundering (AML) and responsible gambling checks.

Technical and device data

  • Log data: IP address, device identifiers, browser type and version, operating system, referral URLs, time zone settings, and timestamps of site visits, logins and logouts.
  • Device information: information about the device you use to access the site (such as model, operating system, language settings, screen resolution and other technical attributes).
  • Usage data: pages viewed, clicks, time spent on pages, interaction with features, error reports and performance diagnostics.

Payment and transactional data

  • Payment details: masked card information (e.g. last four digits), payment method type, bank account identifiers, e-wallet details and transaction tokens, as provided to or returned by our payment processors.
  • Transaction history: records of deposits, withdrawals, bonuses, refunds and chargebacks, including time, amount, currency and method of payment.

Behavioural and gambling-related data

  • Betting and gaming history: wagers placed, games played, stakes, outcomes, wins and losses, session duration and frequency, and related game or bet metadata.
  • Responsible gambling data: self-exclusion status, limits (deposit, loss, stake or time), cooling-off periods and any interactions relating to your gambling behaviour.
  • Interaction data: clickstream analysis, navigation patterns, and responses to on-site messages, pop-ups or responsible gambling prompts.

Communication and support data

  • Customer support interactions: records of emails, messages sent through forms, and other communications with our support or compliance teams.
  • Call and chat records: where permitted by law and clearly notified, recordings or transcripts of telephone calls and live chats, including data you disclose during those interactions.

Cookies and similar technologies

  • Cookies: small text files stored on your device to recognise your browser, maintain your session, remember your preferences and analyse site usage.
  • Tracking technologies: web beacons, pixels, SDKs and similar technologies used to measure performance, enable functionality, support security and, where you consent, deliver targeted advertising.

Some of the information described above is mandatory for regulatory, contractual or security reasons (for example, KYC data for age and identity verification). If you choose not to provide such data, we may be unable to provide certain services or allow you to maintain an account.

Legal Basis for Processing

We process personal data in connection with Casa Pariurilor on cesapariurilor.com only where we have a valid legal basis under UK GDPR, the Data Protection Act 2018 and, where relevant, comparable international standards (including Mexican data protection law). The main legal bases are:

  • Performance of a contract: We process personal data to enter into and perform our contract with you (or to take steps at your request prior to entering into a contract). This includes creating and managing your account, enabling you to access games and betting services where lawfully available, processing deposits and withdrawals, providing customer support and managing promotions to which you have agreed.
  • Compliance with legal obligations: We are subject to extensive regulatory duties, including anti-money-laundering (AML), counter-terrorist financing (CTF), fraud prevention, age and identity verification, responsible gambling obligations and financial reporting. To comply with these obligations under UK, EU/EEA, Romanian and other applicable laws, we must process identification, transactional and behavioural data, and retain it for specific statutory periods.
  • Legitimate interests: We process data where necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests include securing our systems, preventing and detecting fraud, ensuring the integrity of games, conducting analytics to understand and improve site performance, defending legal claims, ensuring business continuity and maintaining accurate internal records.
  • Consent: In some cases, we rely on your consent, which you may withdraw at any time. Typical examples include non-essential cookies and similar technologies (for analytics and advertising), direct electronic marketing (such as newsletters, SMS or push notifications) where required by law, and the use of certain optional features that are not strictly necessary for service delivery. Where we rely on consent, we will clearly present you with a choice and explain how to withdraw it.
  • Vital interests and public interest: In rare cases, we may process data to protect your vital interests or those of others (for example, sharing information with emergency services) or as required for a task carried out in the public interest or in the exercise of official authority, where permitted by law.

Where Mexican data protection law applies to you as a data subject located in Mexico, we also ensure that processing is justified under the legal bases recognised by that framework, including consent and legitimate purposes consistent with the principles of legality, consent, information, quality, purpose, loyalty, proportionality and responsibility.

Purpose of Processing

We use the personal data described above strictly for specified, explicit and legitimate purposes related to the operation and optimisation of Casa Pariurilor on cesapariurilor.com. These purposes include:

  • Provision of services: Creating and administering user accounts; enabling access to betting and gaming services where legally permitted; processing deposits, withdrawals and bonuses; settling bets; and providing customer support.
  • Regulatory compliance and risk management: Conducting KYC checks, age and identity verification, AML/CTF screening, sanctions list screening and ongoing monitoring of transactions and behaviour to detect suspicious activity, in line with applicable UK, EU/EEA, Romanian and other regulatory requirements.
  • Responsible gambling and player protection: Monitoring gambling behaviour to identify signs of problem gambling; applying limits, cooling-off or self-exclusion measures requested by you or required under our policies; and signposting independent support services such as GAMSTOP and BeGambleAware. Please note: 0808 8020 133 is the BeGambleAware helpline for UK players and is not a Casa Pariurilor corporate contact number.
  • Service improvement and analytics: Analysing site usage, performance and trends to improve usability, fix bugs, optimise game offerings, enhance security and develop new features. Where possible, we use aggregated or pseudonymised data for analytics.
  • Marketing and personalisation: With your consent where required, sending marketing communications, newsletters, offers and promotions related to Casa Pariurilor on cesapariurilor.com; tailoring content, recommendations and promotions based on your profile and behaviour; and measuring the effectiveness of campaigns.
  • Security and fraud prevention: Monitoring logins, transactions and behavioural signals to detect and prevent fraud, abuse, unauthorised access, bonus misuse, collusion and other security incidents; enforcing terms and conditions; and protecting the integrity of our systems and other players.
  • Legal and business purposes: Handling complaints and disputes; responding to requests from regulators (including ONJN and, where relevant, other supervisory authorities), law enforcement or courts; defending and exercising legal claims; maintaining business continuity; and supporting audits, due diligence or corporate restructuring within the Fortuna Entertainment Group and Entain plc.

Disclosure & Sharing

We do not sell your personal data. We share personal data only where necessary, on a need-to-know basis, subject to appropriate safeguards and in accordance with applicable law. Categories of recipients include:

  • Group companies: Other entities within Hattrick PSK d.o.o., the Fortuna Entertainment Group and Entain plc that support the operation of Casa Pariurilor on cesapariurilor.com, such as technology, compliance, risk, finance, customer support and marketing teams. These entities may act as processors or joint controllers, subject to intra-group agreements and data protection safeguards.
  • Payment service providers and financial institutions: Banks, card schemes, payment gateways, e-wallets and other financial intermediaries used to process deposits, withdrawals and refunds, and to perform AML/CTF checks and fraud prevention activities.
  • Technical and operational service providers: Hosting providers, cloud infrastructure services, security and monitoring providers, analytics providers, email and SMS platforms, customer support and ticketing solutions, identity verification services and other vendors who process data on our behalf under strict contractual terms (including data protection provisions).
  • Regulators, authorities and law enforcement: Government bodies, gambling regulators, tax authorities, financial intelligence units and law enforcement agencies where we are legally required or permitted to do so, for example to comply with AML/CTF obligations or to respond to lawful requests. This may include the Romanian National Gambling Office (ONJN) and, where applicable, UK and EU/EEA authorities. Sharing data with authorities does not imply that Casa Pariurilor is licensed to offer gambling services in the UK.
  • Professional advisers: Lawyers, auditors, consultants and other professional advisers who require access to data in the course of providing services to us, subject to confidentiality obligations.
  • Business partners and affiliates: Selected partners who promote Casa Pariurilor on cesapariurilor.com or provide co-branded services, where necessary for tracking referrals, attributing commissions or delivering joint promotions. Any marketing or advertising network access to your data will be subject to your consent where required by law.
  • Advertising and analytics networks: Third-party advertising networks and analytics providers that deploy cookies or similar technologies on our site. These third parties process data as independent controllers or processors depending on the arrangement. Non-essential cookies and targeted advertising are implemented only where you have provided consent through our cookie tools.
  • Corporate transactions: Potential buyers, investors or other parties involved in mergers, acquisitions, asset sales, restructurings or similar transactions involving the Fortuna Entertainment Group or Entain plc, subject to confidentiality and data protection safeguards.

Where we engage third parties as processors, we put in place written agreements requiring them to process personal data only on our instructions, to implement appropriate security measures and to assist us in meeting our data protection obligations.

International Transfers

Given the cross-border structure of Hattrick PSK d.o.o., the Fortuna Entertainment Group and Entain plc, as well as the global nature of modern technology services, your personal data may be transferred to, and processed in, countries other than the one in which you are located. This may include:

  • Transfers within the EEA, UK and Romania: Your data may be processed in Romania (where Casa Pariurilor is licensed by ONJN), other EU/EEA countries, and the United Kingdom (where Entain plc is headquartered). The UK currently benefits from an adequacy decision under EU law, and the UK recognises EU/EEA data protection frameworks as providing adequate protection.
  • Transfers to Croatia and other group locations: As Hattrick PSK d.o.o. is headquartered in Zagreb, Croatia (an EU Member State), personal data processed by that entity is subject to the EU GDPR. Data may also flow to other jurisdictions where group entities operate, subject to equivalent or appropriate safeguards.
  • Transfers outside the EEA/UK: Some of our service providers, technology partners or support teams may be located in countries that have different data protection standards and are not recognised as providing an adequate level of protection.

Where we transfer personal data from the UK or EEA to countries that do not provide an adequate level of protection, we implement appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission and, where required, the UK International Data Transfer Agreement (IDTA) or UK Addendum;
  • Robust intra-group data transfer agreements and governance policies;
  • Technical and organisational measures such as encryption, pseudonymisation and strict access controls; and
  • Due diligence and risk assessments of recipients' data protection practices.

In some limited cases, we may rely on specific derogations permitted by law (for example, where the transfer is necessary for the performance of a contract with you, for the establishment, exercise or defence of legal claims, or where you have explicitly consented after being informed of the risks).

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal and regulatory obligations, to resolve disputes and to enforce our rights. Retention periods may vary depending on the type of data, the services provided and the applicable legal requirements. As a general guide:

  • Account and identification data: Core account information (such as name, contact details, KYC documentation and identity verification records) is typically retained for the duration of the business relationship and for at least five (5) years after account closure, in line with AML and regulatory obligations. In some cases, this period may be extended where required by law or necessary for legal claims.
  • Transactional and financial data: Records of deposits, withdrawals, bets, wins, losses and related financial information are generally kept for seven (7) years from the end of the relevant financial year, to meet accounting, tax and AML/CTF requirements.
  • Behavioural and responsible gambling data: Gambling behaviour metrics and responsible gambling-related records (such as self-exclusion, limits and interventions) are retained for as long as necessary to support our responsible gambling duties and legal obligations, and for a minimum of five (5) years from the last relevant interaction.
  • Customer support and complaint records: Correspondence with customer support, including complaints and dispute documentation, is usually retained for five (5) years from the date of resolution, or longer where necessary to establish, exercise or defend legal claims.
  • Marketing data: Data used for direct marketing is kept until you withdraw your consent or object to such processing, after which we will promptly stop marketing communications and retain only minimal information necessary to record and respect your preference.
  • Cookies and analytics data: Cookie lifetimes depend on the type of cookie. Session cookies are deleted when you close your browser. Persistent cookies are retained for a period proportionate to their purpose (typically from a few days up to 24 months), unless you delete them earlier through your browser settings or our cookie management tools.

When data is no longer required, we will delete it or anonymise it so that it can no longer be linked to you. Where immediate deletion is not possible (for example, because data is stored in backup archives), we will securely store it and isolate it from any further active processing until deletion is possible.

Your Rights

Under UK GDPR, the Data Protection Act 2018 and, where applicable, Mexican data protection law, you have several rights in relation to your personal data processed in connection with Casa Pariurilor on cesapariurilor.com. These rights may be subject to limitations or conditions under applicable law, particularly where data must be retained for regulatory or legal reasons (such as AML/CTF obligations). Key rights include:

  • Right of access: You can request confirmation as to whether we process your personal data and obtain a copy of the data, along with information about how we use it.
  • Right to rectification: You can request that we correct inaccurate or incomplete personal data about you.
  • Right to erasure: You can request deletion of your personal data in certain circumstances, for example where it is no longer necessary for the purposes for which it was collected or where you withdraw consent and there is no other legal basis. We may need to retain some data where required by law (for example, AML/CTF and regulatory retention duties).
  • Right to restriction of processing: You can request that we restrict the processing of your data in specific situations, for example while we verify its accuracy or where you have objected to processing.
  • Right to object: You can object at any time to processing based on our legitimate interests, including profiling. We will stop processing unless we have compelling legitimate grounds that override your interests, rights and freedoms, or where processing is necessary for the establishment, exercise or defence of legal claims. You always have the right to object to direct marketing.
  • Right to data portability: For certain data you have provided, where processing is based on consent or contract and carried out by automated means, you can request a copy in a structured, commonly used and machine-readable format and, where technically feasible, request that we transmit it to another controller.
  • Right to withdraw consent: Where processing is based on your consent (for example, certain marketing or analytics cookies), you may withdraw that consent at any time. This will not affect the lawfulness of processing carried out before withdrawal.
  • Rights under Mexican law (ARCO rights): If Mexican data protection law applies to you, you may exercise your rights of Access, Rectification, Cancellation and Opposition (ARCO), as well as revoke consent, in accordance with the Federal Law on Protection of Personal Data Held by Private Parties and its regulations.

How to exercise your rights. You can exercise your rights by contacting our data protection contact using the channels provided on cesapariurilor.com, clearly indicating that your request relates to the Casa Pariurilor pages. To protect your privacy, we may need to verify your identity before acting on your request. We aim to respond to all valid requests within one (1) month (30 days) of receipt, and we will provide our response free of charge unless requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act in accordance with applicable law.

Cookies & Tracking Technologies

The Casa Pariurilor sections of cesapariurilor.com use cookies and similar technologies in line with UK privacy and electronic communications regulations. These technologies help us provide secure, reliable and personalised services. We categorise them as follows:

Types of cookies we use

  • Strictly necessary (functional) cookies: These cookies are essential for the operation of the site and for providing services you explicitly request, such as logging in, maintaining your session, remembering security settings and processing transactions. They cannot be switched off in our systems.
  • Performance and analytics cookies: These cookies collect information about how visitors use the site, such as which pages are visited most often, how users navigate between pages and whether they encounter errors. We use this information to improve performance and usability. Where required by law, we deploy these cookies only with your consent.
  • Preference cookies: These cookies remember your choices, such as language settings, region, layout and other customisation options, to provide a more personalised experience.
  • Advertising and targeting cookies: These cookies may be set by us or by third-party advertising networks to deliver adverts more relevant to you, to limit the number of times you see an advert and to measure the effectiveness of marketing campaigns. They may track your browsing across websites and build a profile of your interests. These cookies are used only where you have provided consent.
  • Security and fraud-prevention cookies: Some cookies are used to enhance security, detect suspicious activity, prevent unauthorised access and protect against fraudulent behaviour.

Managing cookies

  • You can manage your cookie preferences at any time via our on-site cookie banner or preference centre, where available. This allows you to accept or reject non-essential cookies by category.
  • Most browsers allow you to delete or block cookies via their settings. However, if you block all cookies (including strictly necessary ones), some features of the Casa Pariurilor pages on cesapariurilor.com may not function properly or may become unavailable.
  • For more detailed information about specific cookies we use, their purposes and lifetimes, please consult the cookie information linked from our cookie banner or settings tool.

Data Security

We take the security of your personal data very seriously and implement technical and organisational measures designed to protect it against unauthorised access, accidental loss, destruction or damage. While no system can be guaranteed as perfectly secure, we strive to maintain security practices consistent with recognised industry standards. Our measures include:

  • Encryption: Data transmitted between your browser and the Casa Pariurilor sections of cesapariurilor.com is protected using Transport Layer Security (TLS) version 1.2 or higher. Where appropriate, sensitive data is encrypted at rest using strong cryptographic algorithms.
  • Access controls: Access to personal data is restricted to authorised personnel and service providers who need it to perform their duties, based on role-based and least-privilege principles. Access rights are reviewed regularly.
  • Authentication and account security: We implement measures such as secure password requirements, session management controls and, where made available and enabled by you, multi-factor authentication to reduce the risk of unauthorised access.
  • Network and infrastructure security: Use of firewalls, intrusion detection and prevention systems, endpoint protection, vulnerability management and secure configuration baselines for servers and applications.
  • Development and testing practices: Adoption of secure development practices, including code reviews and security testing, to minimise vulnerabilities in software that supports Casa Pariurilor on cesapariurilor.com.
  • Monitoring and incident response: Logging and monitoring of systems for suspicious activity, combined with incident response procedures designed to detect, investigate and respond to potential data breaches. Where required by law, we will notify you and relevant supervisory authorities of qualifying personal data breaches without undue delay.
  • Training and awareness: Regular training and awareness programmes for staff on data protection, confidentiality, phishing risks and security best practices.
  • Third-party risk management: Due diligence and ongoing oversight of third-party processors and service providers, including contractual obligations to maintain appropriate security standards. Where relevant, we expect key partners to align with internationally recognised frameworks such as ISO 27001 or SOC 2, without this necessarily implying formal certification for all entities.

Complaints & Contacts

If you have questions, concerns or complaints about how your personal data is processed in connection with Casa Pariurilor on cesapariurilor.com, you have several options for contact and escalation.

Contacting us

  • Initial contact: Please contact our data protection contact using the contact details provided on cesapariurilor.com, clearly stating that your query relates to Casa Pariurilor. You may also use any available online contact or feedback forms on the site.
  • Information to include: Provide your name, contact details, a clear description of your concern or request, and any relevant account or reference numbers. Please do not include unnecessary sensitive information in your initial message.
  • Response timeframe: We aim to acknowledge your query promptly and to provide a substantive response within one (1) month (30 days). Complex matters or a high volume of requests may require additional time, in which case we will inform you of the delay and the reasons.

Supervisory authorities and external escalation

If you are not satisfied with our response, or if you believe that your data protection rights have been infringed, you have the right to lodge a complaint with a data protection supervisory authority:

  • United Kingdom - Information Commissioner's Office (ICO): If you are in the UK or your complaint relates to processing subject to UK law, you can contact the ICO via https://ico.org.uk.
  • European Union / EEA: If you are located in an EU/EEA Member State, you may lodge a complaint with the data protection authority in your country of residence, place of work or where you believe the infringement occurred. Contact details for EU/EEA data protection authorities are available from official EU sources.
  • Mexico - INAI: If Mexican data protection law applies to you, you can lodge a complaint or consult guidance with the National Institute for Transparency, Access to Information and Personal Data Protection (INAI) via https://www.inai.org.mx.

Please note that the above authorities oversee data protection and privacy compliance and are distinct from gambling regulators or alternative dispute resolution (ADR) bodies. For example, the UK Gambling Commission's public register at https://gamblingcommission.gov.uk/public-register shows no UKGC licence for Hattrick PSK d.o.o. or Casa Pariurilor, and ADR bodies such as the Independent Betting Adjudication Service (IBAS) at https://ibas-uk.com/ typically handle gambling disputes only for UKGC-licensed operators. This Privacy Policy does not create or imply any such licensing or ADR coverage for Casa Pariurilor on cesapariurilor.com.

Updates

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements or technical and organisational measures. When we make material changes, we will take appropriate steps to inform you in advance, consistent with applicable law and industry standards.

  • Notification methods: We may notify you of updates by posting the revised Privacy Policy on the Casa Pariurilor pages of cesapariurilor.com, by displaying prominent banners or notices on the site, by updating information in your account dashboard (where applicable), and/or by sending you an email or other direct communication.
  • Advance notice for significant changes: Where a change materially affects your rights or the way we use your data, we will, where practicable, provide at least 30 days' advance notice before the change takes effect. Continued use of the Casa Pariurilor services on cesapariurilor.com after the effective date will constitute your acknowledgement of the updated terms.
  • Your options: If you do not agree with the updated Privacy Policy, you may stop using the relevant services, adjust your privacy or cookie settings, or request account closure where applicable. We will continue to process your data in accordance with the version of the Privacy Policy that applied at the time we collected it, to the extent required by law, and we will respect any ongoing rights you exercise (such as withdrawal of consent or objection to processing).

Version control. The current version of this Privacy Policy is identified as "Last updated: November 2025". Previous versions may be retained for record-keeping and regulatory purposes. For information about earlier versions or material changes, you may contact us using the channels described in the "Complaints & Contacts" section, specifying that your query relates to the privacy policy history for Casa Pariurilor on cesapariurilor.com.