burger icon
Queen Play United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Queen Play at https://queenplay.bet collects, uses, shares, and protects personal data so that players and website visitors understand their rights and our obligations under applicable data protection laws. It applies to (i) visitors to queenplay.bet, (ii) individuals who register for an account, and (iii) customers who use our casino services. Effective date: 6 November 2025.

Who We Are

OBSERVE: For UK-facing operations of Queen Play, the relevant UK-licensed operator is identified in the UK Gambling Commission public register as AG Communications Limited (UKGC licence 39483, status Active as verified January 2025).

EXPAND: Because we process personal data for regulated gambling (including KYC/AML and safer gambling obligations), we act as a data controller for most processing on queenplay.bet. Some suppliers (e.g., hosting, analytics, verification providers) act as processors on our instructions, and certain partners (e.g., payment institutions) may act as independent controllers for their own compliance obligations.

REFLECT: The operator and contact points below are provided so you can identify who is responsible for your data and how to contact our data protection function.

  • Operator (UK licence holder): AG Communications Limited
  • Registered / operational address (as provided): 135 High Street, Sliema SLM 1548, Malta
  • UK Gambling Commission register: https://gamblingcommission.gov.uk/public-register/business/detail/39483
  • Brand ownership context (for transparency): Queen Play is described as a brand owned by Marketplay Ltd, operated in the UK by AG Communications Limited on the Aspire Global platform.

Data Protection Contact (DPO / Data Protection Department): As specific email/phone details were not provided in the available profile data, you should use the contact channel(s) made available within your queenplay.bet account area or the website contact options. We will route such requests to the responsible data protection function.

What Personal Data We Collect

OBSERVE: Queen Play at queenplay.bet collects data directly from you (e.g., registration), automatically (e.g., device data), and from third parties (e.g., verification and payment partners).

EXPAND: As a UK-regulated gambling operator, we must collect sufficient information to (i) create and administer accounts, (ii) verify identity and age before gambling, (iii) meet AML/KYC and safer gambling duties, and (iv) secure transactions and prevent fraud.

REFLECT: The categories below describe what we may collect; the exact fields depend on your actions, verification outcomes, and chosen payment method.

  • Account & identity data: full name, date of birth, username, password (stored in hashed form), email address, telephone number, home address, country of residence, and account status information.
  • Verification (KYC/AML) data: age/identity verification results (including electronic verification checks via credit reference agencies), document data from passport/driving licence uploads where required, proof of address, and-where legally necessary-source of funds/wealth information and related supporting evidence.
  • Payment & transaction data: deposit/withdrawal records, payment method identifiers and tokens (e.g., for Visa Debit, Mastercard Debit, PayPal, Trustly, Paysafecard, Instant Banking), limited card details where applicable (we do not intend to store full card numbers), payment status, chargeback and fraud signals, and bank references.
  • Gameplay & behavioural data: betting and gaming history, session duration, responsible gambling interactions, bonus usage, clickstream, navigation paths, and service usage metrics.
  • Technical & log data: IP address, device type, OS/browser, unique device identifiers, timestamped access logs, security logs, approximate location derived from IP, and geo-fencing/blocked-jurisdiction signals (e.g., where access is restricted and blocked at IP level).
  • Customer support data: messages to support, complaint records, call/chat transcripts where enabled, and associated metadata.
  • Cookies and similar technologies: identifiers stored on your browser/device for essential functionality, preferences, analytics, and (where permitted) advertising/affiliate attribution.

Legal Basis for Processing

OBSERVE: UK GDPR requires a valid lawful basis for each processing activity. For gambling services, multiple bases may apply at the same time depending on the purpose.

EXPAND: In a regulated environment, legal obligations (e.g., identity verification, AML, record-keeping) can override preferences, while marketing typically requires consent or a compliant "soft opt-in" approach where applicable. We also balance legitimate interests against your rights, particularly for fraud prevention and security.

REFLECT: We rely on the following lawful bases under UK GDPR (and, where relevant, the Data Protection Act 2018):

  • Contract performance: to create and operate your account, process deposits/withdrawals, provide games and related features, apply bonus rules, and deliver customer support.
  • Legal obligation: to meet KYC/AML, age verification, safer gambling, record-keeping, tax/accounting, and regulatory reporting obligations tied to our UK Gambling Commission licence (39483).
  • Consent: for certain cookies and similar technologies (especially advertising/attribution), and for direct marketing where required. You can withdraw consent at any time (withdrawal does not affect prior lawful processing).
  • Legitimate interests: to prevent fraud, protect platform integrity, conduct security monitoring, improve services, perform limited analytics, and defend legal claims-provided our interests are not overridden by your rights and freedoms.
  • Vital interests / public interest (rare): may apply in exceptional cases (e.g., where needed to protect someone's life, or for cooperation with competent authorities in line with law).

Purpose of Processing

OBSERVE: We use personal data only for specified, explicit purposes and do not use it in a way that is incompatible with those purposes.

EXPAND: Because Queen Play provides real-money gambling, we must combine service delivery with strong compliance controls (KYC/AML, fraud checks, safer gambling monitoring) and technical security measures (including geo-fencing in restricted jurisdictions).

REFLECT: The main purposes of processing on queenplay.bet include:

  • Providing casino services: account registration and management, login authentication, game provision, bonus administration, deposits and withdrawals, and customer support.
  • Regulatory compliance: age/identity verification prior to gambling where required, AML/KYC checks, record-keeping, responding to UKGC and other lawful requests, and enforcing responsible gambling measures.
  • Security and fraud prevention: detecting suspicious activity, preventing account takeover, monitoring transaction anomalies, and enforcing geo-fencing / restricted-jurisdiction blocks.
  • Service improvement and analytics: diagnosing technical issues (including device/browser compatibility), measuring performance, and improving user experience.
  • Marketing communications: sending promotional emails or messages where legally permitted, managing your preferences, and measuring campaign effectiveness.

Disclosure & Sharing

OBSERVE: We may share personal data with third parties where necessary for service delivery, compliance, security, or where you have consented.

EXPAND: In gambling, disclosures often include payment processing, identity verification, hosting/security services, and lawful disclosures to regulators and authorities. We aim to apply data minimisation and require appropriate contractual safeguards for processors.

REFLECT: Personal data may be disclosed in the following circumstances:

  • Payment partners: to process deposits/withdrawals and manage fraud/chargebacks (e.g., card payment networks, e-wallet and banking method providers such as PayPal, Trustly, Paysafecard, Instant Banking).
  • Verification and compliance providers: including electronic verification via credit reference agencies and document verification services where required for KYC/AML and age verification.
  • Technology and security vendors: hosting, content delivery, DDoS protection, geo-fencing, logging/monitoring, and incident response suppliers (e.g., services used to block restricted jurisdictions at IP level).
  • Analytics providers: to understand site performance and user interactions, using cookie consent mechanisms where required.
  • Affiliates and advertising networks: only where appropriate and, for non-essential tracking, generally subject to your cookie/marketing preferences and consent.
  • Regulators and authorities: the UK Gambling Commission and other competent authorities where we are legally required to disclose, or where disclosure is necessary to establish, exercise, or defend legal claims.
  • Corporate group / platform context: where operationally necessary, data may be accessed by teams supporting the platform (e.g., Aspire Global operational functions) under appropriate access controls and contractual safeguards.

Regional Compliance Note (UK): We do not sell personal data in the ordinary sense. Where we share data, we aim to provide only what is necessary for the stated purpose and to maintain auditable records of disclosures required for regulated operations.

International Transfers

OBSERVE: The corporate and operational footprint described includes Malta-based operations and Israel-based technology support, while services are offered to UK customers via queenplay.bet.

EXPAND: This means personal data may be transferred outside the UK. Under UK GDPR, transfers require appropriate safeguards, such as UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), or UK Addendum to EU Standard Contractual Clauses (SCCs), alongside risk assessments and supplementary measures where needed.

REFLECT: International transfers may occur to the following regions depending on vendors and operational support:

  • Malta: for operational/administrative functions associated with the operator address provided.
  • Israel: for technology-related support where applicable to the platform (as described in the corporate structure notes).
  • Other locations: where our processors/sub-processors operate data centres or support teams, subject to contractual and technical safeguards.
  • Transfer safeguards: UK IDTA and/or UK Addendum to EU SCCs; vendor due diligence; data minimisation; encryption in transit; and access controls.
  • Important clarification: References sometimes seen in templates (e.g., "Privacy Shield") are generally not relied upon for UK GDPR transfers. We use current UK-recognised transfer mechanisms in 2025.

Data Retention

OBSERVE: We retain personal data only for as long as necessary for the purposes described, including to meet legal and regulatory obligations linked to gambling operations.

EXPAND: UK gambling compliance (including AML/KYC and audit trails) typically requires retaining certain records after account closure. Retention must balance legal obligations with storage limitation and data minimisation principles.

REFLECT: Unless a longer period is required by law, regulation, or to resolve disputes, we apply the following retention approach (guidance-level timeframes):

  • Account profile data (registration details): retained while the account is open; then generally up to 5 years after account closure for compliance, audit, and dispute handling.
  • KYC/AML and verification records: generally up to 5 years after the end of the customer relationship, unless extended where required by a lawful request, ongoing investigations, or applicable AML rules.
  • Transaction and payment records: generally up to 5-7 years to satisfy accounting, anti-fraud, and regulatory audit requirements.
  • Gameplay history and responsible gambling records: retained for the period necessary to evidence compliance and to protect customers, typically aligned with the account lifecycle and post-closure compliance needs.
  • Technical logs and security records: typically retained from 90 days to 12 months, depending on the log type and security needs, unless required longer for investigations.
  • Marketing preferences: retained until you unsubscribe/withdraw consent plus a limited period to maintain a suppression list (to ensure we respect your opt-out).

Deletion criteria: We delete, anonymise, or securely archive data when (i) it is no longer necessary for the purposes collected, (ii) retention periods expire, and/or (iii) a valid deletion request applies and no legal exemption requires continued retention.

Your Rights

OBSERVE: As a data subject, you have rights under UK GDPR. The exercise of certain rights may be limited where we must keep data to comply with legal obligations (e.g., AML record-keeping) or to establish/defend legal claims.

EXPAND: The section request also asks for "Mexican privacy law alignment" references. Queen Play is UK-focused, but we can provide an informative alignment note for individuals who may be protected by Mexico's data protection framework (e.g., if you are located in Mexico and interact with our services, noting that access may be geo-fenced). Such references are informational and do not replace UK GDPR, which governs our UK offering.

REFLECT: Subject to applicable conditions, you can request:

  • Right of access: obtain confirmation whether we process your data and receive a copy, along with required explanatory information.
  • Right to rectification: correct inaccurate personal data and complete incomplete data.
  • Right to erasure ("right to be forgotten"): request deletion where processing is no longer necessary or where consent is withdrawn and no other lawful basis applies. Note: we may need to retain certain records to meet UKGC/AML obligations.
  • Right to restriction: request that processing is limited in certain circumstances (e.g., contesting accuracy).
  • Right to object: object to processing based on legitimate interests; and object to direct marketing at any time.
  • Right to data portability: receive certain data in a structured, commonly used, machine-readable format and/or have it transmitted to another controller where technically feasible.
  • Right to withdraw consent: where we rely on consent (e.g., certain cookies/marketing), you can withdraw it at any time.

How to Exercise Your Rights (Procedure)

  1. Submit your request: Use the privacy/contact channels available on queenplay.bet or within your account area (as specific DPO email/phone was not provided in the source profile). Clearly state the right you want to exercise.
  2. Verify identity: We may request additional information to confirm your identity (this protects you from unauthorised access). Where possible, we will use existing verification data to reduce friction.
  3. Response timelines: We aim to respond within 30 days (one month). For complex requests, we may lawfully extend this timeframe and will inform you of the reason and expected timing.
  4. Fees: Requests are generally handled free of charge. We may charge a reasonable fee or refuse only where a request is manifestly unfounded or excessive, as permitted by law.

Mexico alignment (informational): If you are covered by Mexico's data protection framework, similar rights are generally recognised under the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP) and its Regulations, including ARCO rights (Access, Rectification, Cancellation, Opposition) and consent withdrawal. Requests should still be submitted via the queenplay.bet channels above, and we will process them under the applicable legal framework for the circumstances.

Cookies & Tracking Technologies

OBSERVE: Queen Play uses cookies and similar technologies on queenplay.bet to provide essential site functions, to remember preferences, and to measure and improve performance.

EXPAND: Under UK rules (including the UK GDPR and the Privacy and Electronic Communications Regulations), non-essential cookies (e.g., analytics/advertising) generally require consent. You should have the ability to manage choices via a cookie banner/manager where deployed.

REFLECT: We may use the following types of cookies:

  • Strictly necessary (functional) cookies: required for core site operation, security, authentication, and account access (typically session-based).
  • Preference cookies: remember settings such as language, region, or UI preferences (often persistent).
  • Analytics cookies: help us understand usage patterns and improve queenplay.bet (often persistent; typically set only with consent where required).
  • Advertising / affiliate attribution cookies: used to measure marketing effectiveness and attribute referrals (often third-party; generally requires consent).
  • Third-party cookies: set by service providers (e.g., analytics or payment-related widgets where applicable) subject to their own policies and your settings.

How to Manage Cookies

  • Cookie settings tool: Use the cookie banner/consent manager on queenplay.bet (where available) to accept, reject, or customise non-essential cookies.
  • Browser controls: You can block or delete cookies via your browser settings. Note that blocking strictly necessary cookies may prevent login, deposits/withdrawals, or other essential functions.
  • Device-level controls: On some devices, you can limit ad tracking through operating system settings.

Data Security

OBSERVE: Queen Play applies technical and organisational measures intended to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

EXPAND: Because queenplay.bet processes identity verification and payment-related data in a regulated setting, security controls must cover transmission, storage, access governance, monitoring, and incident response. We also consider supplier risk and staff awareness as part of security-by-design.

REFLECT: Our security programme may include:

  • Encryption in transit: TLS 1.2+ (or higher where supported) for data transmitted between your device and our servers.
  • Encryption at rest: appropriate encryption and key management for sensitive data stored in our systems and backups.
  • Access controls: role-based access, least-privilege principles, and logging of privileged access; separation of duties for sensitive operations.
  • Account protection: secure authentication measures; where available, multi-factor authentication for administrative access and risk-based checks for customer logins.
  • Monitoring and auditing: security logging, anomaly detection, and periodic reviews; vulnerability management and patching practices.
  • Staff training: security and privacy training for relevant staff, including phishing awareness and secure handling of KYC materials.
  • Incident response: documented procedures for detecting, responding to, and recovering from security incidents, including assessment of notification duties under UK GDPR.
  • Standards and assurance (where applicable): we may align controls to recognised frameworks such as ISO/IEC 27001 and/or SOC 2 principles where used by our organisation or key service providers.

Important limitation: No method of transmission or storage is 100% secure. You should protect your account credentials, use a strong password, and avoid sharing login details.

Complaints & Contacts

OBSERVE: You can raise privacy questions, exercise rights, or lodge complaints relating to how Queen Play handles personal data on queenplay.bet.

EXPAND: UK users should be able to escalate unresolved issues to the UK supervisory authority (ICO). The prompt also requests Mexican authority details; we provide that escalation path for informational completeness where Mexican law may apply to an individual's circumstances.

REFLECT: Contact and complaint routes are as follows:

Contact Us About Data Protection

  • Operator address (postal): AG Communications Limited, 135 High Street, Sliema SLM 1548, Malta
  • Online contact: Use the support/contact options made available on https://queenplay.bet or within your account area (specific email/phone were not provided in the supplied data).

Complaint Procedure (Step-by-step)

  1. Step 1 - Submit a complaint: Provide details of your concern, relevant dates, account identifier (if applicable), and what outcome you seek.
  2. Step 2 - Identity and clarification: We may request clarification or identity verification to protect your data.
  3. Step 3 - Investigation: We review system logs, vendor involvement, and compliance requirements (including UKGC-related constraints where relevant).
  4. Step 4 - Response time: We aim to respond within 30 days. If more time is required due to complexity, we will inform you and provide an updated target date.
  5. Step 5 - Resolution and escalation: If you are dissatisfied, you may escalate to the relevant supervisory authority listed below.

Escalation to Supervisory Authorities

  • United Kingdom (ICO): Information Commissioner's Office
    Website: https://ico.org.uk/
    Contact: https://ico.org.uk/make-a-complaint/
    Postal: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
  • Mexico (INAI) (informational): Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales
    Website: https://home.inai.org.mx/
  • EU/EEA authorities (where applicable): If your issue relates to EU/EEA data protection, you may also contact your local supervisory authority (directory):
    https://edpb.europa.eu/about-edpb/about-edpb/members_en

Note: For gambling-related disputes (not privacy issues), UK players may also have access to an ADR entity (IBAS): https://ibas-uk.com/.

Updates

OBSERVE: We may update this Privacy Policy to reflect changes in law, regulatory guidance, technology, operational practices (including platform/vendor changes), or risk controls (e.g., KYC/AML processes).

EXPAND: Material changes-especially those affecting lawful bases, sharing, international transfers, or user rights-should be communicated proactively. UK users should receive clear notice and an opportunity to review changes before they take effect where feasible.

REFLECT:

  • Last updated: November 2025
  • How we notify you:
    • Email notice: sent to your registered email address for material changes where we have your email and it is appropriate to do so.
    • Website banner: a prominent notice on queenplay.bet for significant updates.
    • Account dashboard alert: notification within your logged-in account area where available.
  • Advance notice for significant changes: where reasonably possible, we provide at least 30 days' notice before material changes take effect.
  • Your options: If you object to a material change, you may stop using the services and request account closure, subject to any legal obligations requiring retention of certain records.
  • Changelog (material changes):
    • November 2025: Policy refreshed for UK GDPR clarity; expanded international transfer safeguards wording; added clearer retention ranges and complaint escalation links (ICO/INAI/EDPB directory).