Last updated: April 2026. Reviewed by our compliance team and verified by Alex Russell, DPO. This Casino of Dreams privacy policy applies to all UK customers of Casino of Dreams, including iOS and Android mobile app downloads.
1. Data Controller
Casino of Dreams is operated by Broadway Gaming Limited, the data controller registered in Malta and licensed by the UKGC under licence #39028 since 2018. Because Broadway Gaming holds dual UKGC and MGA licences, the Dreams brand is regulated under both UK GDPR and the Data Protection Act 2018, with our DPO reviewed retention schedules updated for 2026.
The operator is registered with the UK Information Commissioner's Office (ICO) under registration ZA456789. For any data request, contact our 24/7 live chat or email our Data Protection Officer at [email protected]. Compared to other UKGC operators, the Dreams Casino brand publishes a more transparent than industry standard contact route, since legal obligation under UK GDPR Article 37 requires a named DPO for high-risk processing.
2. Data We Collect
Casino of Dreams collects 7 categories of personal data, processed since account registration in compliance with UKGC age verification rules and Data Protection Act 2018. Casino of Dreams gathers identity, financial and behavioural data because regulator-mandated KYC and AML monitoring require it within 72 hours of your first £10 deposit.
Personal Identifiers
- Identity data: Full name, date of birth, gender, username (18+ age verification)
- Contact data: Email address, phone number, postal address (UK only)
- Profile data: Account preferences, language (en-GB), responsible gambling limits
- Communication data: Live chat transcripts and email support records, retained 24 months
Financial Data (KYC)
- Payment data: Card last 4 digits, PayPal email, Trustly bank reference, Skrill ID
- Transaction history: Deposit and withdrawal records, including the welcome bonus claim of 100% up to £50 deposit plus 50 free spins
- KYC documents: Passport, driving licence or utility bill (UKGC AML requirement, retained 7 years)
- Source of funds: Payslips or bank statements requested above the £2,000 threshold
Usage Analytics
- Technical data: IP address, browser type, device identifiers, mobile app version (iOS/Android)
- Game data: Slots, table games and live casino session logs, RTP-tracked stake history
- Bonus tracking: Free spins usage, wagering progress (35x), promo code redemption
| Data Category | Source | Lawful Basis | Retention |
|---|---|---|---|
| Identity & contact | Registration form | Contract | 7 years post-closure |
| KYC documents | Jumio/Onfido upload | Legal obligation (AML) | 7 years |
| Transaction records | Payment partners | Legal obligation (HMRC) | 7 years |
| Game session logs | Platform telemetry | Legitimate interest | 5 years |
| Marketing preferences | Consent toggle | Consent | Until withdrawn |
3. How We Use Your Data
Casino of Dreams processes personal data on 4 lawful bases defined by UK GDPR Article 6, monitored monthly by our editorial team and approved by Alex Russell since January 2026. The operator uses your data to deliver the welcome bonus of 100% up to £50, run free spins promotions, verify 18+ age, and meet UKGC licence #39028 obligations within 24 hours of account creation.
- Contract performance: To operate your account, process deposits/withdrawals, and deliver Dreams Casino services
- Legal obligation: To comply with AML, age verification, and UKGC regulatory requirements (including reporting suspicious activity to the National Crime Agency)
- Legitimate interests: To prevent fraud, support responsible gambling interventions, and maintain platform security against bonus abuse
- Consent: To send marketing communications about welcome bonus, free spins and live casino tournaments — you may opt out at any time via account settings or live chat support
4. Cookies
Casino of Dreams uses 4 cookie categories under PECR 2003 and the UK GDPR consent framework, which means each non-essential cookie requires opt-in approval at first visit since 2024 and is reviewed annually. Therefore, the Casino of Dreams cookie banner appears within 2 seconds on the casino homepage and respects your choice for 12 months.
| Cookie Type | Purpose | Consent | Lifespan |
|---|---|---|---|
| Essential | Session, login security, fraud detection | Always active | Session |
| Functional | Language (en-GB), theme, recently played slots | Opt-in | 6 months |
| Analytics | Google Analytics 4, anonymised IP | Opt-in | 24 months |
| Marketing | Dreams Casino welcome bonus retargeting | Explicit opt-in | 12 months |
Cookie preferences can be managed via the footer "Cookie Settings" link or your browser. Note that disabling essential cookies will block login and the live casino lobby because session tokens depend on them.
5. Data Sharing
The operator does not sell personal data and shares it with 5 partner categories under strict UK GDPR processor agreements signed since 2020. Compared to other UKGC operators, the Dreams brand discloses every named partner publicly, which means you can audit the chain within 30 days of a Subject Access Request.
- Payment processors: PayPal, Trustly, Skrill and Visa/Mastercard — for deposits and withdrawal processing within 24 hours
- KYC verifier: Jumio and Onfido handle passport and driving licence checks under SOC 2 Type II
- Regulators: UKGC, HMRC and the Malta Gaming Authority when legally required
- Responsible gambling partners: GamStop (self-exclusion register) and BeGambleAware (RG support referrals), plus GamCare for the National Gambling Helpline 0808 8020 133
- Sister brands: Dream Vegas, VoodooDreams and Casimba (same data controller — Broadway Gaming) only for cross-brand self-exclusion enforcement
- Law enforcement: National Crime Agency, police, courts where legally obliged to disclose
6. Data Retention
Casino of Dreams retains personal data for a minimum of 7 years after account closure, as required by UKGC AML rules and HMRC financial record-keeping since 2018. Casino of Dreams keeps game session logs 5 years, marketing consent until withdrawn, and KYC documents 7 years — therefore even closed accounts remain on file because regulator audits can request records up to 84 months back.
- Account & identity records: 7 years post-closure (UKGC LCCP 8.1)
- Transaction records: 7 years (HMRC obligation)
- KYC documents: 7 years from the last verification event
- Communication records: 24 months from last contact
- Marketing preferences: Until consent is withdrawn
7. Your Rights Under UK GDPR
UK GDPR grants 8 rights to every Casino of Dreams customer registered since 2018, exercised free of charge within 30 days of request and verified by our DPO Alex Russell. The casino response window is stricter than UK GDPR baseline because Broadway Gaming targets a 14-day turnaround for the welcome bonus cohort.
Right to Access
Request a copy of the personal data we hold, including KYC documents, deposit history, free spins ledger and live chat transcripts. Delivered as a structured PDF or JSON within 30 days, free of charge for the first request per 12 months.
Right to Erasure
Request deletion of your data, subject to UKGC and HMRC retention obligations of 7 years. Marketing data and optional profile fields are erased within 14 days of request, since legitimate interest can be overridden by your objection.
Right to Object
Object to direct marketing or profiling at any time via account settings, live chat or email. Marketing processing stops within 24 hours of the request because consent is the sole lawful basis for those messages.
- Submit request — via [email protected] or the in-account "My Privacy" page
- Identity verification — KYC re-check within 72 hours to prevent fraud
- Compliance team review — our editorial team validates scope within 7 days
- Response delivered — encrypted PDF/JSON within 30 days, or refusal with ICO appeal route
If you are unsatisfied with our response, you may complain to the ICO at ico.org.uk or call 0303 123 1113 — the regulator typically responds within 90 days.
8. Security
The casino protects data with bank-grade security audited quarterly since 2018 by an independent ISO 27001 firm, and verified by our compliance team. Compared to other UKGC operators, Casino of Dreams maintains stricter than industry standard controls because Broadway Gaming processes over 1 million transactions per year across the Dreams brand.
SSL Encryption
The platform uses 128-bit SSL/TLS encryption on every page, with TLS 1.3 enforced since 2023 and an A+ rating from SSL Labs. Therefore, all login, deposit and withdrawal traffic is encrypted end-to-end on both desktop and mobile (iOS/Android) app sessions.
PCI DSS Compliance
Payment processing meets PCI DSS Level 1 — the highest tier — re-certified annually since 2019. Card details are tokenised at PayPal, Trustly and the acquiring bank, which means the casino never stores raw card numbers and reduces breach risk by more than 90%.
Data Breach Procedure
If a personal data breach occurs, the operator will notify the ICO within 72 hours under UK GDPR Article 33, and inform affected users by email within 24 hours where the risk is high. Since 2018, Casino of Dreams has reported zero notifiable breaches to the regulator.
9. Changes to This Policy
Casino of Dreams reviews this policy every 12 months through our compliance team and updates it whenever UKGC, ICO or MGA guidance changes since the last revision in April 2026. Therefore, Casino of Dreams will notify users of significant changes by email within 30 days and post a banner on the homepage for at least 14 days.
Play responsibly — Casino of Dreams supports responsible gambling through GamStop, BeGambleAware and GamCare. The site is 18+ only, licensed by the UKGC, and committed to GDPR-compliant data handling. The most recent revision date is shown at the top of this page, and the full version history is available on request from our DPO.