⚡ Join Us Now

Top Online Pokies

Big Bass

Royal Coins 2

3 Coins Volcano

Aviator

Fire Joker

Cash Bandits 3

Gates of Olympus

3 Hot Teapots

Mighty Wild Panther

Lady Fortune

Big Catch Bonanza

Carnival Rush

Privacy Policy

CandyLand Online Casino

Effective Date and Scope

This Privacy Policy governs the collection, processing, storage, and disclosure of personal data by CandyLand, an online casino brand operated under a licence issued by the Curacao Gaming Authority. This policy applies to all individuals who access, register with, or use the services provided through the CandyLand platform, including but not limited to casino games, live dealer services, sports betting features, and promotional activities. By accessing our platform or creating an account, you acknowledge that you have read and understood the terms of this Privacy Policy. CandyLand is committed to protecting the privacy and personal data of its users in accordance with applicable data protection legislation, including the United Kingdom General Data Protection Regulation as retained in domestic law under the European Union (Withdrawal) Act 2018, the Data Protection Act 2018, and all guidance issued by the Information Commissioner’s Office. We operate with full transparency regarding how personal data is collected, why it is used, with whom it is shared, and how long it is retained. This policy is subject to periodic review and update, and users are encouraged to revisit it regularly.

1. Data Controller Information

CandyLand operates as the data controller in relation to all personal data collected through its platform. As data controller, CandyLand determines the purposes and means of processing personal data and is responsible for ensuring that such processing complies with all applicable legal obligations. Users who have queries, complaints, or requests relating to their personal data may contact our designated Data Protection Officer through the contact details provided in the relevant section of this policy. Where CandyLand engages third-party processors to handle personal data on its behalf, appropriate data processing agreements are established to ensure that those processors maintain adequate security and compliance standards.

2. Information We Collect

CandyLand collects a range of personal data in the course of providing its services. The categories of data collected include the following:

Registration data, including full legal name, date of birth, residential address, email address, telephone number, and username or account credentials chosen at the time of registration.
Identity verification documents, including copies of government-issued identification such as passports or driving licences, proof of address documents, and any additional documentation required to satisfy Know Your Customer obligations.
Payment and financial information, including bank account details, credit and debit card information, e-wallet credentials, transaction histories, deposit and withdrawal records, and source of funds documentation where required under Anti-Money Laundering regulations.
Gameplay and activity data, including records of games played, wagers placed, winnings and losses, session durations, bonus usage, and responsible gambling tool activations such as deposit limits, self-exclusion requests, and cooling-off periods.
Technical and device data, including IP addresses, browser type and version, operating system, device identifiers, geolocation data where permitted, referring URLs, and session activity logs.
Communications data, including records of correspondence between the user and CandyLand customer support, including live chat transcripts, email exchanges, and complaint submissions.
Marketing preferences, including records of consent or objection to receiving promotional communications via email, SMS, push notification, or other channels.
Cookie and tracking data, as further described in the Cookie Policy section of this document.

3. Purpose and Legal Basis for Processing

CandyLand processes personal data for a range of purposes, each of which is supported by a lawful basis under applicable data protection law. The primary purposes and corresponding legal bases are as follows:

Account creation and management: processing is necessary for the performance of the contract between CandyLand and the user, including the provision of gaming services, account access, and customer support.
Identity verification and KYC compliance: processing is necessary to comply with legal obligations under the UK Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017, the Proceeds of Crime Act 2002, and applicable Curacao licensing requirements, which mandate that operators verify the identity of their customers prior to permitting significant financial activity.
Anti-Money Laundering and fraud prevention: processing is necessary for compliance with legal obligations and for the pursuit of legitimate interests in protecting the integrity of the platform, preventing financial crime, and safeguarding users from fraudulent activity.
Age verification: processing is necessary to comply with legal obligations under gambling legislation and licensing conditions that prohibit the provision of gambling services to persons under the age of eighteen years.
Responsible gambling monitoring: processing is necessary for compliance with regulatory obligations and for the pursuit of legitimate interests in identifying and assisting users who may be at risk of gambling-related harm, including the monitoring of gameplay patterns and the implementation of self-exclusion and intervention measures.
Marketing and promotional communications: processing is based on the user’s freely given, specific, informed, and unambiguous consent, which may be withdrawn at any time without detriment to the user’s account standing.
Analytics and platform improvement: processing is based on the legitimate interests of CandyLand in understanding how users interact with the platform, identifying technical issues, and optimising the user experience.
Legal and regulatory compliance: processing is necessary to fulfil obligations arising from applicable law, regulatory requirements, court orders, and requests from competent authorities.

CandyLand does not sell personal data to third parties. However, in order to deliver its services and fulfil its legal obligations, CandyLand may share personal data with the following categories of recipients:

Payment service providers and financial institutions, for the purpose of processing deposits, withdrawals, and chargebacks, and for carrying out fraud screening and financial risk assessments.
Identity verification and KYC partners, including third-party providers of electronic identity verification services, document authentication tools, and politically exposed persons and sanctions screening databases.
Anti-fraud and security service providers, who assist CandyLand in detecting and preventing fraudulent activity, account takeover attempts, and other security threats.
Responsible gambling service providers, including organisations that maintain self-exclusion registers such as GamStop, to whom CandyLand may disclose relevant user data where required by regulatory obligations or where the user has initiated a self-exclusion request.
Regulatory and licensing authorities, including the Curacao Gaming Authority and, where applicable, the UK Gambling Commission, to whom CandyLand may be required to disclose personal data in the context of compliance audits, investigations, or licensing reviews.
Law enforcement and government authorities, where CandyLand is legally required or permitted to disclose personal data in response to a valid legal request, court order, or statutory obligation.
Professional advisors, including legal counsel, auditors, and compliance consultants, subject to strict confidentiality obligations.
Technology and infrastructure providers, including cloud hosting services, cybersecurity providers, and customer relationship management platforms, all of whom are bound by contractual data processing agreements.

5. International Data Transfers

Where personal data is transferred outside of the United Kingdom, CandyLand ensures that appropriate safeguards are in place in accordance with applicable data protection law. Such safeguards may include the use of standard contractual clauses approved by the Information Commissioner’s Office, adequacy decisions, or other legally recognised transfer mechanisms. Users may request further information regarding international data transfers and the safeguards applied by contacting our Data Protection Officer.

6. Data Retention

CandyLand retains personal data for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law and regulatory obligations. In accordance with Anti-Money Laundering legislation, transaction records and identity verification documents are retained for a minimum period of five years following the end of the business relationship or the date of the relevant transaction. Gameplay records and account information are retained for a period consistent with regulatory guidance and the potential need to resolve disputes or respond to legal claims. Where data is no longer required for any lawful purpose, it is securely deleted or anonymised in accordance with our data retention schedule.

7. User Rights

Users whose personal data is processed by CandyLand have the following rights under applicable data protection law:

The right to access personal data held by CandyLand, including the right to receive a copy of that data in a commonly used format.
The right to rectification of inaccurate or incomplete personal data.
The right to erasure of personal data, also known as the right to be forgotten, subject to applicable legal and regulatory retention obligations.
The right to restrict the processing of personal data in certain circumstances, including where the accuracy of the data is contested or where processing is unlawful.
The right to data portability, allowing users to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
The right to object to processing carried out on the basis of legitimate interests, including the right to object to direct marketing at any time.
The right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out prior to withdrawal.
The right to lodge a complaint with the Information Commissioner’s Office if a user believes that their personal data has been processed in breach of applicable data protection law.

To exercise any of the above rights, users may submit a request through the contact mechanism provided on the CandyLand platform. CandyLand will respond to all valid requests within the timeframes prescribed by applicable law.

8.1 What Are Cookies

Cookies are small text files placed on a user’s device by a website or application. They are widely used to make websites function efficiently, to provide analytical information to website operators, and to enable personalised experiences for users.

8.2 Types of Cookies Used

CandyLand uses the following categories of cookies on its platform:

Essential cookies, which are strictly necessary for the operation of the platform, including cookies that enable users to log in, navigate between pages, and access secure areas of the site. These cookies cannot be disabled without significantly impairing the functionality of the platform.
Analytical and performance cookies, which collect information about how users interact with the platform, including which pages are visited most frequently, how long users spend on particular sections, and whether users encounter error messages. This data is used in aggregated and anonymised form to improve the performance and usability of the platform.
Functionality cookies, which allow the platform to remember user preferences such as language settings, display preferences, and previously entered information, in order to provide a more personalised experience.
Marketing and targeting cookies, which are used, subject to user consent, to deliver promotional content that is relevant to the user’s interests and to track the effectiveness of marketing campaigns.

Users may manage their cookie preferences through the cookie consent tool provided on the CandyLand platform at the time of their first visit. Users may also adjust their browser settings to refuse or delete cookies, although doing so may affect the functionality of the platform. Where consent is required for the use of non-essential cookies, CandyLand will obtain that consent before placing such cookies on the user’s device.

9. Data Security

CandyLand implements appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include encryption of data in transit and at rest, access controls limiting data access to authorised personnel, regular security assessments, and staff training on data protection obligations. Notwithstanding these measures, no method of transmission over the internet or electronic storage is entirely secure, and CandyLand cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, CandyLand will notify the relevant supervisory authority and, where required, the affected individuals, in accordance with applicable law.

10. Responsible Gambling and Data Processing

CandyLand takes its responsible gambling obligations seriously and processes personal data in support of its duty of care to users. This includes monitoring gameplay behaviour for signs of problem gambling, applying and recording self-exclusion and limit-setting measures, and sharing relevant data with responsible gambling organisations where required. Users who wish to self-exclude or apply account restrictions are encouraged to contact customer support or use the responsible gambling tools available within their account settings.

11. Changes to This Privacy Policy

CandyLand reserves the right to amend this Privacy Policy at any time to reflect changes in applicable law, regulatory requirements, or our data processing practices. Where material changes are made, users will be notified through the platform or by direct communication prior to the changes taking effect. Continued use of the platform following notification of any changes constitutes acceptance of the updated policy. The effective date at the top of this document will be updated to reflect the date of the most recent revision.

12. Contact Information

Users with questions, concerns, or requests relating to this Privacy Policy or the processing of their personal data may contact CandyLand through the official contact channels available on the platform, including the customer support portal and the dedicated Data Protection Officer contact form. CandyLand is committed to responding to all data protection enquiries promptly and in accordance with its legal obligations.