This Privacy Policy explains how Rainbow Riches handles personal data collected from individuals who interact with the brand through its services, including the website and software platforms. The policy is maintained to ensure transparency regarding data processing practices. It describes the types of information obtained, the legal bases for processing, and the obligations the brand holds under the United Kingdom General Data Protection Regulation and the Data Protection Act 2018. This document also addresses account management procedures, data security protocols, and the rights available to players. The information provided is factual and administrative, serving as a reference for compliance with data protection law. All handling of personal data is conducted lawfully, with appropriate safeguards to prevent unauthorised access or misuse.
Categories of Personal Data Collected and Sources
Rainbow Riches collects personal data directly from players during account registration, gameplay, and interactions with support functions. The types of information processed fall into several categories. Registration details include full name, date of birth, residential address, email address, and telephone number. Identification data comprises copies of government-issued identification documents, such as a passport or driving licence, as well as proof of address, such as a utility bill or bank statement. Transactional information covers deposit and withdrawal records, payment method details, transaction amounts, and timestamps. Technical data includes IP addresses, device identifiers, browser type, operating system, and log data generated during use of the rainbow riches app or website. Compliance-related records include self-exclusion history, problem gambling assessments, and correspondence with regulatory authorities. Additionally, data may be collected when players use the rainbow riches megaways free play feature, which records gameplay metrics for auditing purposes. All data is obtained through voluntary submission, automated collection via cookies and similar technologies, or mandatory provision under legal or contractual obligations.
Legal Bases for Processing and Data Usage
Rainbow Riches processes personal data under specific lawful bases as defined by the United Kingdom data protection framework. The primary legal basis is contractual necessity, whereby data is required to create and maintain player accounts, process transactions, and deliver services. Where a player uses the rainbow riches jackpot o luck feature, personal data is processed to facilitate the functionality of that game and ensure accurate payout calculations. Consent is relied upon for certain marketing communications and optional data collection, such as participation in promotional offers. Legal obligation serves as a basis for processing data to comply with anti-money laundering regulations, know your customer requirements, and licensing conditions imposed by the Gambling Commission. Legitimate interest is used to detect and prevent fraud, maintain network security, and improve service performance. Data usage extends to identity verification, age verification, risk assessment, transaction monitoring, account suspension or closure, and regulatory reporting. Processing for the rainbow riches app involves analysing technical data to ensure compatibility and troubleshoot errors. No data is used for automated decision-making that produces legal effects without separate review.
Data Storage, Security Measures, and Retention Schedules
Personal data held by Rainbow Riches is stored on secure servers located within the European Economic Area or in jurisdictions deemed adequate under United Kingdom data protection law. Security measures include encryption of data in transit using Transport Layer Security, encryption of data at rest using Advanced Encryption Standard, and access controls based on role-based permissions. Physical and logical access to servers is restricted to authorised personnel only. Retention periods are determined by regulatory requirements and operational necessity. Account data is retained for the duration of the account’s active status and for a period of six years after closure to satisfy legal obligations related to financial records and anti-money laundering compliance. Technical logs are retained for up to twelve months. Data collected during use of the rainbow riches megaways nyx feature is retained for auditing purposes for a minimum of five years. When retention periods expire, data is securely deleted or anonymised. Archival procedures involve transferring inactive data to separate storage with restricted access. Regular audits are conducted to verify compliance with internal security policies and legal standards.
Player Rights and Procedures for Data Access
Under the United Kingdom data protection legislation, players have specific rights regarding their personal data. The right of access allows individuals to obtain a copy of the data Rainbow Riches holds about them, along with details of processing purposes and categories. The right to rectification permits correction of inaccurate or incomplete information. The right to erasure, also known as the right to be forgotten, applies where data is no longer necessary for the original purpose, consent is withdrawn, or processing is unlawful. The right to restrict processing enables players to limit how their data is used while a complaint is investigated. The right to object applies to processing based on legitimate interest, including direct marketing. The right to data portability allows transfer of data to another service provider in a structured, machine-readable format. To exercise any of these rights, players must submit a verifiable request. Identity verification is required before processing any request. This may involve providing a copy of a valid identification document and proof of address. Requests are responded to within one month, extendable by two months for complex or multiple requests. No fee is charged unless requests are manifestly unfounded or excessive. Players may lodge a complaint with the Information Commissioner’s Office if they believe their rights have not been upheld.