burger icon
Casino Stugan United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how personal data is collected, used, stored, shared, and protected when you visit and use the services made available via cazinostugan.bet in connection with the localized project "Casino Stugan". It applies to all website visitors, prospective players, and, where gambling services are legally accessible, registered account holders. Effective date: 6 November 2025 (Last updated: 6 November 2025).

In line with the Language-of-Thoughts approach, we OBSERVE what personal data we handle, EXPAND this into clear explanations of how and why we use it, and REFLECT these observations in specific legal commitments that comply with UK data protection law and applicable international standards.

Please note that Co-Gaming Limited has surrendered its former UK Gambling Commission licence and does not legally offer gambling services to residents of Great Britain. This Privacy Policy nevertheless explains how personal data of UK-based visitors to cazinostugan.bet is processed for informational, compliance, and support purposes.

Who We Are

In this section we OBSERVE who is responsible for your data, EXPAND on the corporate and regulatory context of our operations, and REFLECT this in clear contact points for your privacy-related queries.

The controller responsible for processing your personal data in connection with cazinostugan.bet and the "Casino Stugan" project is:

  • Company name: Co-Gaming Limited
  • Trading brand: Casino Stugan (including the localized project "Casino Stugan" on cazinostugan.bet)
  • Registered legal address: 3rd Floor, Spinola Park, Triq Mikiel Ang Borg, St. Julians, SPK1000, Malta
  • Licensing: Co-Gaming Limited is licensed by the Malta Gaming Authority under licence number MGA/CRP/178/2009 and holds a licence from the Swedish Gambling Authority (Spelinspektionen) for operations in Sweden.
  • Historical UK licence: Co-Gaming Limited previously held UK Gambling Commission licence number 039225-R-319317-020, which was voluntarily surrendered with effect from 28 February 2020. Since that date, Co-Gaming Limited does not hold a licence to provide gambling services to residents of Great Britain.

For data protection matters, including requests to exercise your rights, you can contact our data protection function (DPO or equivalent team) using the following details:

  • E-mail: privacy@cazinostugan.bet (primary contact channel for privacy matters)
  • Postal address for privacy correspondence: Data Protection Officer, Co-Gaming Limited, 3rd Floor, Spinola Park, Triq Mikiel Ang Borg, St. Julians, SPK1000, Malta

We currently do not operate a dedicated telephone hotline for data protection queries; written communication ensures that we can document, OBSERVE, and REFLECT on your request accurately and respond within the legally required timeframes.

What Personal Data We Collect

Here we OBSERVE the different categories of data we process, EXPAND them into practical examples relevant to your interactions with cazinostugan.bet and Casino Stugan, and REFLECT this by clearly explaining what is optional, what is necessary, and why.

Identification and Contact Data

  • Basic identification data: full name, username, date of birth, and, where required, national identification number or similar government-issued identifiers (subject to local law).
  • Contact data: e-mail address, residential address, country of residence, and, where you choose to provide it, mobile phone number or other contact numbers.

KYC / Verification and Compliance Data

  • Verification documents: copies of passports, identity cards, driving licences, residency documents, and other official records used to verify your identity and age.
  • Proof of address: utility bills, bank statements, or official letters showing your address.
  • Source-of-funds / source-of-wealth information: employment details, bank account ownership evidence, payslips, tax documents, or similar documents requested to comply with KYC/AML obligations.

Technical and Device Data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, language settings, and approximate location derived from your IP.
  • Usage logs: pages visited, links clicked, login timestamps, session duration, referral URLs, and technical error logs generated when you interact with cazinostugan.bet.

Account, Gameplay, and Behavioural Data

  • Account data: account registration details, account status, verification status, and responsible gambling settings (e.g. limits, self-exclusion history where available).
  • Gameplay and betting data: game sessions, stakes, wins and losses, bonuses used, wagering contributions, gaming time, and patterns of play used to support responsible gambling and fraud detection.
  • Behavioural data: clicks, navigation paths, device/browser interaction, and responses to promotions or content (where permitted under cookie and tracking laws).

Payment and Financial Data

  • Payment details: partial payment card details (masked), e-wallet identifiers, bank account information (where required for withdrawals), and payment provider transaction IDs.
  • Transaction records: deposits, withdrawals, chargebacks, refunds, and related correspondence with payment service providers and banks.

Communication and Marketing Data

  • Communications: records of e-mails, secure messages, chat logs, complaints, and support interactions.
  • Preferences: marketing consents and preferences (e-mail, SMS, push notifications, in-account messages), opt-out records, and subscription history.

Cookies and Similar Technologies

  • Cookies: small text files stored on your device that may be session-based (deleted when you close your browser) or persistent (stored for a defined period).
  • Similar technologies: local storage, pixels, tags, SDKs, and other technologies used for analytics, fraud prevention, and, where permitted, personalised marketing.

Some of the above data is provided directly by you, some is generated automatically when you use our services, and some may be obtained from third parties (e.g. KYC providers, payment partners) to OBSERVE and confirm that use of cazinostugan.bet remains secure, lawful, and compliant.

Legal Basis for Processing

In this section we OBSERVE the applicable legal grounds, EXPAND them in relation to specific processing activities, and REFLECT these grounds in our internal records to demonstrate accountability under the UK GDPR and related laws.

Performance of a Contract

  • Why: When you register an account or otherwise use our services, we must process your data to perform our contractual obligations.
  • Examples: creating and managing your account, verifying your age and eligibility, processing deposits and withdrawals, providing access to games (where legally available), handling support requests, and honouring bonuses and promotions.

Compliance with Legal Obligations

  • Why: As an MGA- and nationally regulated gambling operator, Co-Gaming Limited must comply with anti-money laundering (AML), counter-terrorist financing (CTF), fraud prevention, and responsible gambling requirements, as well as tax and accounting obligations.
  • Examples: conducting KYC checks, monitoring transactions for suspicious activity, retaining transaction and verification records for statutory periods, reporting suspicious activity to competent authorities, and enforcing self-exclusion and affordability measures.

Legitimate Interests

  • Why: We process certain data where necessary for our legitimate interests, provided these interests are not overridden by your rights and freedoms.
  • Examples: preventing and detecting fraud or misuse, ensuring network and information security, improving our website and services, conducting limited analytics to understand site performance, defending legal claims, and tailoring non-intrusive content (such as basic site customisation).

Consent

  • Why: For certain activities, especially electronic marketing and non-essential cookies, we rely on your consent.
  • Examples: sending promotional e-mails or SMS messages, using cookies for targeted advertising, and, where required by local law, using precise location data or profiling data for personalised offers.
  • Your control: You may withdraw consent at any time via your account settings (where available), unsubscribe links, or by contacting us. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

Protection of Vital Interests and Legal Claims

  • Why: In rare cases we may need to process data to protect your vital interests or those of another person, or to establish, exercise, or defend legal claims.
  • Examples: cooperating with authorities where there is a risk of serious harm, or retaining certain records for litigation or regulatory investigations.

Where our processing is based on legitimate interests or consent, we EXPAND our internal assessments to include formal balancing tests and documentary evidence, REFLECTING our commitment to transparency and accountability.

Purpose of Processing

Here we OBSERVE how your data is used in practice, EXPAND these uses into clearly identified purposes, and REFLECT them in commitments that allow you to understand and, where appropriate, control our processing.

Provision and Management of Services

  • Service delivery: to register and manage accounts associated with Casino Stugan where legally available, provide access to games, process deposits and withdrawals, and operate bonuses and loyalty schemes.
  • Customer support: to respond to queries, investigate complaints, and provide assistance through secure messaging, e-mail, or other supported channels.

Regulatory Compliance and Responsible Gambling

  • KYC/AML/CTF: to verify identity, age, and residency, monitor transactions, detect suspicious patterns, and comply with obligations imposed by the Malta Gaming Authority, Swedish Gambling Authority, and other competent regulators.
  • Responsible gambling: to manage self-exclusion, limits, cooling-off periods, affordability checks, and behavioural monitoring aimed at reducing gambling-related harm.

Fraud Prevention, Security, and Integrity

  • Fraud and abuse prevention: to detect and prevent collusion, bonus abuse, account takeover, payment fraud, and other misuse of cazinostugan.bet.
  • Technical security: to safeguard our systems, investigate incidents, and ensure the availability, integrity, and confidentiality of services.

Analytics, Service Improvement, and Personalisation

  • Analytics: to conduct statistical and aggregated analyses of site usage, game performance, and technical performance, usually in pseudonymised or anonymised form.
  • Service optimisation: to improve site layout, game selection, and user experience based on observed usage patterns.
  • Limited personalisation: to show you relevant content, recommendations, and non-intrusive information based on your interactions and preferences, within the limits of applicable cookie and marketing rules.

Marketing and Communications

  • Direct marketing: with your consent or where otherwise permitted by law, to send promotional communications about Casino Stugan products and services relating to cazinostugan.bet, including bonuses, tournaments, and news.
  • Service messages: to send non-promotional messages such as changes to terms, privacy updates, security alerts, and account notifications.

By explicitly mapping each purpose to its legal basis and data category, we REFLECT a clear and auditable record of why your data is processed in connection with Casino Stugan.

Disclosure & Sharing

In this section we OBSERVE who may receive your personal data, EXPAND the categories of recipients and circumstances of sharing, and REFLECT on the safeguards applied to protect your information when it is disclosed.

Group Companies and Corporate Structure

  • Group entities: your data may be shared with other entities within the Cherry AB / Co-Gaming Limited group where necessary for centralised operations, risk management, compliance, internal reporting, or group-level support functions.

Service Providers and Business Partners

  • Payment providers and banks: to process deposits, withdrawals, refunds, chargebacks, and to OBSERVE and mitigate fraud or money laundering risks.
  • KYC/AML service providers: to verify identity, addresses, and source-of-funds, and to screen against sanctions or politically exposed person (PEP) lists.
  • IT and cloud service providers: to host systems, store data securely, send e-mails, maintain customer support tools, and provide technical infrastructure.
  • Analytics and anti-fraud tools: to monitor site performance, detect suspicious behaviour, and assess security events.
  • Marketing and advertising networks: with your consent where required, for campaign management, measurement, and, where allowed, personalised advertising.

Regulators, Authorities, and Dispute Bodies

  • Regulatory authorities: such as the Malta Gaming Authority, Swedish Gambling Authority, and, where relevant, historic cooperation with the UK Gambling Commission or other supervisory authorities.
  • Data protection authorities: such as the UK Information Commissioner's Office (ICO), Malta's Information and Data Protection Commissioner (IDPC), Sweden's Authority for Privacy Protection (IMY), or Mexico's data protection authority where applicable.
  • Law enforcement and courts: where necessary to comply with legal obligations, court orders, or to establish, exercise, or defend legal claims.

Corporate Transactions

  • Business transfers: in the event of a merger, acquisition, restructuring, sale of assets, or similar transaction, your data may be disclosed to prospective or actual purchasers under appropriate confidentiality safeguards.

Your Choices and Safeguards

  • No unauthorised selling: we do not sell your personal data in the sense of transferring it to third parties for their independent marketing purposes without an appropriate legal basis.
  • Contractual protections: where we share personal data with service providers, we REFLECT our obligations through contracts requiring confidentiality, data security, and compliance with applicable data protection laws.

International Transfers

Here we OBSERVE where your data may be transferred geographically, EXPAND on the mechanisms that protect it when it leaves your home jurisdiction, and REFLECT these protections in formal data transfer agreements and internal policies.

Transfers within the UK, EU/EEA, and Malta

  • Operational locations: your data may be processed in Malta, Sweden, the European Economic Area (EEA), and the United Kingdom, depending on your location and the services you use.
  • Legal framework: transfers between the UK and EEA are conducted under UK adequacy regulations or comparable safeguards, and transfers within the EEA (including Malta and Sweden) occur under the EU GDPR framework.

Transfers to Third Countries

  • Service providers outside the UK/EEA: some IT, cloud hosting, analytics, or anti-fraud providers may be located in, or process data from, countries outside the UK/EEA, including potentially the United States or other jurisdictions.
  • Transfer safeguards: where such transfers occur, we implement appropriate safeguards such as:
    • Standard Contractual Clauses (SCCs) adopted by the European Commission, with any necessary UK addendum (including the UK International Data Transfer Agreement or Addendum);
    • other mechanisms recognised under UK law and, where relevant, EU law, including participation in valid data transfer frameworks;
    • supplementary technical and organisational measures based on a transfer risk assessment.

Transparency and Copies of Safeguards

  • Information on safeguards: you may contact us to obtain more information about the specific safeguards used for international transfers relating to Casino Stugan.

We routinely EXPAND our assessments of third-country protections and REFLECT these in our contracts and risk-management processes to keep your data protected across borders.

Data Retention

In this section we OBSERVE how long different categories of data are kept, EXPAND on the criteria that determine retention periods, and REFLECT these decisions in policies designed to avoid keeping data longer than necessary.

General Principles

  • Necessity: we retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law.
  • Legal obligations: certain data must be retained for specific periods under AML, CTF, tax, and gambling regulations, particularly in Malta and other regulated jurisdictions.

Indicative Retention Periods

  • Account and identification data: kept for the lifetime of your account and generally for up to 5 years after account closure, unless a longer period is required for legal claims or regulatory obligations.
  • KYC and verification documents: typically retained for up to 5 years after the end of the business relationship or from the date of the last transaction, in line with AML/CTF requirements.
  • Transaction and gameplay records: generally retained for 5 to 7 years after the relevant transaction to comply with accounting, tax, AML, and gambling regulatory obligations.
  • Technical logs and security data: retained for approximately 6 to 24 months, depending on the nature of the log and security requirements.
  • Marketing data and preferences: kept for as long as you remain opted in and for a short period afterwards (typically up to 3 years of inactivity) to demonstrate compliance with consent and opt-out requirements.
  • Complaints and support communications: usually retained for up to 5 years after resolution, or longer where necessary in connection with legal claims.

Deletion and Anonymisation

  • Deletion: when data is no longer needed, we delete it or securely anonymise it so that you are no longer identifiable.
  • Criteria: we EXPAND our retention rules based on legal requirements, contractual needs, and risk considerations, and REFLECT them in internal schedules that are reviewed periodically.

Your Rights

Here we OBSERVE your rights under the UK GDPR, EU GDPR where applicable, and comparable frameworks such as Mexican privacy law; we EXPAND these rights into practical steps you can take; and we REFLECT our obligations by defining clear procedures and deadlines for responding.

Data Protection Rights (UK/EU)

  • Right of access: to obtain confirmation whether we process your data and to receive a copy of your personal data, along with information about how it is used.
  • Right to rectification: to request correction of inaccurate or incomplete personal data.
  • Right to erasure: to request deletion of your personal data where there is no compelling reason for us to continue processing (subject to legal retention obligations).
  • Right to restriction: to request that we limit the processing of your data in certain circumstances (for example, while a dispute about accuracy is being resolved).
  • Right to data portability: to receive certain data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.
  • Right to object: to object at any time to processing based on legitimate interests, including profiling, and to object to processing for direct marketing.
  • Right to withdraw consent: where processing is based on your consent (for example, marketing or certain cookies), you can withdraw consent at any time without affecting prior lawful processing.

Alignment with Mexican Privacy Law (ARCO Rights)

  • ARCO rights: for users whose data is subject to Mexican privacy law, we aim to align with the principles of Access, Rectification, Cancellation, and Opposition (ARCO) under the Federal Law on Protection of Personal Data Held by Private Parties and related regulations.
  • Consistency: in practice, these ARCO rights correspond closely to the GDPR/UK GDPR rights described above, and we OBSERVE and REFLECT them in a harmonised internal process.

How to Exercise Your Rights

  • Submission: you can exercise your rights by contacting us at privacy@cazinostugan.bet and clearly indicating that your request concerns your data protection rights in relation to cazinostugan.bet or Casino Stugan.
  • Verification: we may request additional information to verify your identity before acting on your request, particularly where sensitive or financial data is involved.
  • Timeframe: we aim to respond within 30 days of receiving a valid and complete request. In complex cases, this period may be extended by a further two months, in which case we will notify you of the extension and reasons.
  • Charges: requests are handled free of charge, unless they are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act, as permitted by law.

By formalising internal procedures that track, EXPAND upon, and REFLECT the full lifecycle of each rights request, we seek to ensure consistent, lawful, and transparent handling of your personal data rights in 2025 and beyond.

Cookies & Tracking Technologies

In this section we OBSERVE how cookies and similar technologies operate on cazinostugan.bet, EXPAND these into specific purposes and cookie types, and REFLECT your ability to control them, in line with UK rules such as the Privacy and Electronic Communications Regulations (PECR).

Types of Cookies We Use

  • Strictly necessary cookies: essential session and security cookies that enable core functions such as logging in, navigating secure areas, remembering your privacy preferences, and preventing fraud. These cannot be switched off via cookie banners as they are necessary for the service.
  • Functional cookies: cookies that remember your choices (such as language, region, and display preferences) and improve your experience.
  • Analytics and performance cookies: cookies that help us understand how visitors use cazinostugan.bet, for example which pages are most frequently visited or where technical errors occur, usually in aggregated or pseudonymised form.
  • Advertising and targeting cookies: cookies and similar technologies used, where permitted by law and with your consent, to deliver relevant advertising and measure the effectiveness of campaigns across our own channels and, in some cases, through trusted partners.

Similar Technologies

  • Pixels and tags: small code fragments that allow us to OBSERVE whether certain actions (such as registration or deposit) have occurred following a marketing communication.
  • Local storage and SDKs: technologies used in certain browsers or mobile environments to store settings and support secure sessions.

Managing Cookies

  • Browser settings: you can configure your browser to block or delete cookies. However, blocking strictly necessary cookies may impact the functionality of cazinostugan.bet.
  • On-site controls: where available, our cookie banner or preference centre allows you to accept or reject non-essential cookies (such as analytics or advertising cookies) and to change your choices at any time.
  • Third-party opt-outs: some third-party providers offer separate opt-out mechanisms for their own cookies or advertising practices; we REFLECT links to these where required in our detailed cookie information.

Data Security

Here we OBSERVE the risks associated with processing personal data in online gambling, EXPAND on the technical and organisational measures in place to mitigate those risks, and REFLECT a security culture that is regularly reviewed and updated.

Technical Measures

  • Encryption in transit: data transmitted between your browser and cazinostugan.bet is protected using TLS 1.2 or higher, reducing the risk of interception.
  • Encryption at rest: sensitive data, including certain financial and authentication data, is encrypted or otherwise protected when stored.
  • Access controls: strict authentication and authorisation mechanisms limit access to personal data to personnel and systems with a genuine business need, supported by multi-factor authentication where appropriate.
  • Network and application security: firewalls, intrusion detection and prevention systems, secure development practices, and regular vulnerability scanning and patching are used to protect our infrastructure.

Organisational Measures

  • Policies and training: staff receive training on data protection, information security, and responsible gambling; internal policies REFLECT clear expectations about confidentiality and acceptable use.
  • Vendor management: we perform due diligence on key service providers and require appropriate security and confidentiality commitments in our contracts.
  • Incident response: documented procedures exist for identifying, assessing, and responding to potential data breaches, including notifying regulators and affected individuals when required by law.

Standards and Continuous Improvement

  • Alignment with standards: we strive to align our information security management practices with recognised international standards such as ISO/IEC 27001 and SOC 2 where applicable.
  • Regular review: we OBSERVE emerging threats, EXPAND security controls to address them, and REFLECT improvements in updated policies, technical controls, and staff training throughout 2025 and beyond.

Complaints & Contacts

In this section we OBSERVE how you can raise questions or concerns, EXPAND on the internal and external complaint routes available, and REFLECT our commitment to resolving issues fairly and transparently.

Contacting Us First

  • Initial contact: if you have any questions, concerns, or complaints about this Privacy Policy or our handling of your data in relation to Casino Stugan, please contact our data protection function at privacy@cazinostugan.bet.
  • Information to include: provide your name, relevant account details (if any), country of residence, a clear description of your concern, and any supporting evidence, so that we can OBSERVE and assess your complaint efficiently.
  • Response time: we aim to acknowledge your complaint promptly and provide a substantive response within 30 days. If your complaint is complex, we may need more time, but we will keep you informed.

Escalation to Supervisory Authorities

  • United Kingdom - Information Commissioner's Office (ICO): if you are in the UK and believe that your data has been processed unlawfully, you can lodge a complaint with:
    • Information Commissioner's Office (ICO)
    • Website: https://ico.org.uk/
    • Telephone: +44 303 123 1113
  • European Union / EEA authorities: you may also complain to your local data protection authority, for example:
    • Malta - Information and Data Protection Commissioner (IDPC) - https://idpc.org.mt/
    • Sweden - Integritetsskyddsmyndigheten (IMY) - https://imy.se/
  • Mexico - Data Protection Authority: where Mexican data protection regulations apply, you may contact the National Institute for Transparency, Access to Information and Personal Data Protection (INAI):
    • Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI)
    • Website: https://home.inai.org.mx/

We encourage you to contact us first so that we can EXPAND on any misunderstandings and REFLECT appropriate remedies, but you may contact a supervisory authority at any time.

Updates

Here we OBSERVE that privacy and regulatory requirements evolve over time, EXPAND on how we will keep you informed of changes, and REFLECT this in versioning, notice periods, and your options.

Changes to This Privacy Policy

  • Ongoing review: we may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, or technical developments affecting cazinostugan.bet and Casino Stugan.
  • Version control: each version will be identified by an effective date and, where relevant, a version number. This version is effective as of 6 November 2025.

Notification Methods

  • E-mail notifications: where you hold an account and the changes are material, we will use reasonable efforts to notify you by e-mail.
  • On-site notices: we may display banners, pop-ups, or notices in your account dashboard or on the relevant pages of cazinostugan.bet.

Advance Notice and Your Choices

  • Advance notice: for significant changes that materially affect your rights or the way we process your data, we will, where practicable, provide at least 30 days' notice before the changes take effect.
  • Your options: if you do not agree with the updated terms, you may choose to stop using our services and, where applicable, request account closure and exercise your data protection rights.

By systematically OBSERVING regulatory developments, EXPANDING our internal policies, and REFLECTING those changes in this Privacy Policy, we aim to maintain transparent and up-to-date privacy information for all users interacting with cazinostugan.bet in 2025.