burger icon
Kraken Casino United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Kraken Casino, as operated for the Kraken Casino version of our service via crakeng.com, collects, uses, stores, shares and protects your personal data. It applies to visitors to our websites (including historical or mirror domains that redirect to or frame crakeng.com), registered players, affiliate partners and any other individuals whose data we process in connection with our online gambling services.

This notice is designed to meet the requirements of the UK General Data Protection Regulation ("UK GDPR"), the UK Data Protection Act 2018, and - where applicable - other data protection laws such as the EU GDPR and the Mexican Federal Law on Protection of Personal Data Held by Private Parties. It should be read together with our Terms and Conditions and any game- or promotion-specific rules published on crakeng.com.

By using crakeng.com or creating an account on the Kraken Casino version of our service, you acknowledge that you have read this Privacy Policy. You can withdraw consent for non-essential processing (such as direct marketing or certain cookies) at any time as described below. This Privacy Policy is effective from 1 January 2026.

Who We Are

Data controller. The primary controller of your personal data for the Kraken Casino version of Kraken Casino accessed via crakeng.com is:

  • Kraken N.V., an offshore online casino operating company incorporated under the laws of Curaçao, licensed under Master License 365/JAZ (sub-license GLH-OCCHKTW0703052021) issued by Gaming Curaçao.
  • Kraken N.V. operates the Kraken Casino brand for UK-facing users via crakeng.com and historically related domains such as krakencasino.com, krakencasino.bet and numbered mirror domains (e.g. kraken-77.com), which may be used to bypass ISP blocks.

Please note that Kraken N.V. does not hold a United Kingdom Gambling Commission (UKGC) licence. As a result, while your data protection rights under privacy law still apply, you do not benefit from UKGC, GamStop or IBAS protections in relation to gambling regulation or dispute resolution.

Payment and processing partners. For certain payment and processing activities, Kraken N.V. may act together with, or appoint as processors, related entities such as a Cyprus-based payment processing subsidiary (for example, an entity similar to "K-Services Ltd") or other third-party processors. These entities assist with credit card and other payment processing for the Kraken Casino service on crakeng.com.

Data Protection Officer / privacy contact. We have appointed an internal function responsible for overseeing questions in relation to this Privacy Policy and our data protection practices. You can contact our privacy team or Data Protection Officer ("DPO") at:

  • Email: privacy@crakeng.com (preferred channel for all privacy and data subject requests)
  • Website: contact or support forms available via https://crakeng.com (where implemented)
  • Postal contact: marked "Data Protection Officer - Kraken Casino" at the registered office details of Kraken N.V. as set out in our Terms and Conditions on crakeng.com.

What Personal Data We Collect

Identification and contact data

  • Basic identification: full name, date of birth, gender, nationality, place of residence and other information required to verify that you are at least 18 years old and legally allowed to gamble.
  • Contact details: email address, telephone number(s), postal address, preferred language and communication preferences.
  • KYC/AML documentation: copies of identity documents (passport, national ID, driving licence), proof of address (utility bill, bank statement), proof of funds and any additional documentation you provide during verification checks.

Account, gaming and behavioural data

  • Account data: username, password (stored in hashed form), security questions, account status, self-exclusion and cooling-off settings, responsible gambling limits and notes related to your account.
  • Gaming activity: betting and wagering history, game sessions, wins and losses, bonuses used, bonus wagering progress, tournaments or campaigns you participate in and in-game behaviour (e.g. bet sizes, frequency, game preferences).
  • Behavioural and interaction data: clicks, page views, navigation paths, time spent on pages, marketing campaign source, interactions with banners and notifications, and communication history with customer support (including live chat logs, emails and call notes where applicable).

Payment and financial data

  • Transaction data: deposits, withdrawals, chargebacks, refunds, payment method used, currency, amount, timestamps and related metadata.
  • Payment instruments: limited card details (e.g. masked card number, card type, expiry date), IBAN or bank details, crypto wallet address, and other payment identifiers processed via our payment service providers.
  • Billing descriptors and miscoding notes: information on how transactions appear on your bank statement (for example, generic merchant descriptions unrelated to gambling) and related risk flags (e.g. miscoding patterns used by offshore processors).

Technical and device data

  • Technical identifiers: IP address, device ID, operating system, browser type and version, screen resolution, language settings and mobile network information.
  • Log data: access logs, login timestamps, failed login attempts, account changes, security events and approximate geolocation derived from your IP address.
  • Device fingerprinting data: combinations of technical attributes used to identify suspicious or fraudulent activity, where permitted by law.

Cookies and similar technologies

  • Cookies: session cookies, persistent cookies and third-party cookies used for functionality, analytics, advertising and security.
  • Similar technologies: web beacons, pixels, local storage, SDKs and tags used to measure performance, prevent fraud and deliver tailored content.

Special categories and sensitive information

  • Responsible gambling data: information on problem-gambling behaviour, self-exclusion history (including external tools where relevant), communications about gambling harm and internal risk assessments.
  • We do not intentionally collect sensitive categories such as health data or religious beliefs, except where you voluntarily provide such information (for example, when explaining a request for self-exclusion) and only to the extent necessary to fulfil our legal and responsible gambling obligations.

Our services are strictly for users aged 18 or over. We do not knowingly collect personal data relating to children. If we discover that a minor has created an account, we will close the account and delete or anonymise personal data where we are not legally required to keep it.

Legal Basis for Processing

We process personal data in accordance with the UK GDPR and the UK Data Protection Act 2018. Where relevant, we also take into account the EU GDPR and Mexican data protection law for users located in those jurisdictions. Depending on the situation, we rely on one or more of the following legal bases:

  • Performance of a contract: We need to process your data to enter into and fulfil the contract for providing online gambling services on crakeng.com, including:
    • creating and managing your Kraken Casino account;
    • verifying your identity and age;
    • processing deposits, wagers, bonuses and withdrawals;
    • providing customer support and resolving operational issues.
  • Compliance with legal obligations: We must process certain data to comply with laws and regulatory requirements, including:
    • anti-money laundering ("AML") and counter-terrorist financing ("CTF") rules and know-your-customer ("KYC") checks;
    • record-keeping obligations, tax and accounting requirements;
    • responsible gambling and safer gambling obligations under applicable regulations and licensing conditions in Curaçao and other jurisdictions;
    • responding to lawful requests from regulators, courts and law enforcement authorities.
  • Legitimate interests: We process certain data where it is necessary for our legitimate interests and where these interests are not overridden by your rights, including:
    • maintaining the security and integrity of our platforms, detecting and preventing fraud, bonus abuse, account takeover and payment miscoding risks;
    • improving our products, services and user experience by analysing how players use crakeng.com;
    • defending and exercising legal claims, managing disputes and enforcing our Terms and Conditions;
    • carrying out limited profiling to detect suspicious behaviour and to segment users for non-intrusive service communications;
    • marketing similar products and services to existing customers, in line with applicable marketing laws.
  • Consent: In some situations we rely on your consent, for example:
    • sending electronic direct marketing communications where the law requires consent;
    • using non-essential cookies and similar technologies for analytics or advertising;
    • sharing data with specific third-party advertising networks or affiliates for targeted campaigns.
    You can withdraw your consent at any time through your account settings (where available), via cookie management tools, or by contacting us using the details above.
  • Vital interests and public interest (rare): In exceptional cases, we may process or disclose data where necessary to protect your vital interests or those of another person (for example, where we believe there is a serious and immediate risk of self-harm) or to comply with important public interest requirements, subject to applicable law.

Purpose of Processing

We use personal data for clearly defined purposes. The main purposes are:

  • Providing and managing our casino services: to register and manage your Kraken Casino account, verify your identity and age, enable gameplay, process bets and payouts, handle bonuses and promotions and provide customer support on crakeng.com.
  • Payment processing and financial management: to process deposits and withdrawals via cards, bank transfers, crypto and other methods; to manage currency conversion, fees and spreads; to keep accurate transaction records; and to cooperate with our payment processors, banks and card schemes.
  • Compliance, KYC and responsible gambling: to perform due diligence checks, monitor transactions for AML/CTF purposes, prevent fraud and bonus abuse, identify possible gambling problems, apply self-exclusion or limits and comply with our licensing and reporting obligations.
  • Service improvement and analytics: to analyse usage patterns, game performance and technical issues so we can improve the stability, performance, usability and features of crakeng.com, including testing new functionality and optimising the player experience.
  • Marketing and personalisation: to send you offers, bonuses and promotions (where permitted), to tailor content and bonuses to your profile and to evaluate the effectiveness of marketing campaigns, including those run with affiliates and advertising partners.
  • Security and fraud prevention: to protect our systems, players and business from fraud, abuse, hacking and other security risks; to monitor suspicious behaviour; and to implement technical and organisational security measures.
  • Legal, regulatory and business purposes: to manage risks, handle complaints and disputes, respond to regulators and public authorities, conduct internal audits, comply with accounting and tax obligations and support corporate transactions involving our business.

Disclosure & Sharing

We do not sell your personal data, but we do share it with trusted recipients when necessary for the purposes set out in this Privacy Policy. These recipients fall into the following categories:

  • Group and related entities: Kraken N.V. and associated service entities (for example, a Cyprus-based payment processing subsidiary supporting card payments for crakeng.com) for operational, risk management, customer support and compliance purposes.
  • Payment service providers and banks: card schemes (e.g. Visa, Mastercard), banks, crypto payment processors and other financial institutions that process your deposits, withdrawals and chargebacks. In some cases, your statements may display generic or non-gambling descriptors due to how offshore processors code transactions.
  • Identity verification, KYC and AML partners: third-party vendors that verify your identity, age, address and payment methods; screen transactions for AML/CTF and sanctions; and assist with fraud prevention, including device fingerprinting and risk scoring tools.
  • IT, hosting and security providers: cloud hosting companies, data centres, content delivery networks, email and SMS providers, customer support platforms and security vendors (e.g. DDoS protection, monitoring and logging services) that help us operate and secure crakeng.com.
  • Analytics and marketing partners: analytics platforms, affiliate networks, and advertising partners who help us understand how users interact with our site and deliver or measure marketing campaigns. Where required, we will only share your data with such partners based on your consent or in a pseudonymised form.
  • Regulators, authorities and dispute bodies: Gaming Curaçao and other gambling regulators, tax authorities, law enforcement agencies, courts and alternative dispute resolution bodies, to the extent required by law or necessary to protect our rights or the rights of others. Because we are not regulated by the UKGC, UK gambling complaints may not be handled by UKGC or IBAS, but you still retain rights before data protection authorities such as the UK ICO.
  • Professional advisers and auditors: lawyers, auditors, accountants, compliance consultants and similar professionals who require access to data in order to provide their services to us, under strict confidentiality obligations.
  • Corporate transactions: potential buyers, investors or merger partners (and their advisers) as part of a due diligence process, and any new owner of the business, subject to appropriate confidentiality and data protection safeguards.

Whenever we share data with processors acting on our behalf, we ensure there is a written agreement in place requiring them to use the data only according to our instructions, implement appropriate security measures and comply with applicable data protection laws.

International Transfers

Because Kraken N.V. operates from Curaçao and relies on international service providers, your personal data may be transferred to and processed in countries outside the United Kingdom and the European Economic Area ("EEA"). These may include, in particular:

  • Curaçao: where Kraken N.V. is incorporated and where core gaming and operational systems may be hosted or managed.
  • Cyprus or other EEA countries: where payment processing and certain back-office or support functions may be located or outsourced.
  • Other countries (including the United States): where some of our cloud hosting, analytics, security and communications providers are based or store data.

Where your personal data is transferred outside the UK or EEA to a country that is not subject to an adequacy decision by the UK Government or the European Commission, we implement appropriate safeguards, such as:

  • standard contractual clauses approved under the UK GDPR and/or EU GDPR, supplemented where necessary with additional technical and organisational measures;
  • data transfer agreements aligned with the UK International Data Transfer Addendum or equivalent instruments;
  • robust security measures including encryption, access controls and minimisation.

You can contact us using the details in the "Who We Are" section if you would like more information about the specific safeguards we use for international data transfers and, where applicable, how to obtain a copy of them.

Data Retention

We keep your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, regulatory and reporting requirements. Retention periods vary depending on the category of data and are determined by factors such as applicable AML laws, tax rules, limitation periods for legal claims and our operational needs.

  • Account and identification data: Typically stored for up to 5 years after your account is closed or after the last transaction or contact with you, whichever is later, to meet AML/CTF and regulatory obligations and to handle potential disputes.
  • KYC/AML documentation: Copies of ID documents, proof of address and proof of funds are usually retained for 5 years from the end of the business relationship or from the date of the last transaction, subject to any longer legally mandated period.
  • Transaction and payment data: Deposits, withdrawals and betting records are generally stored for 7 years to comply with tax, accounting and statutory record-keeping requirements.
  • Gaming and behavioural data: Detailed game logs and behavioural profiles are stored for as long as necessary for AML, fraud prevention and responsible gambling purposes, typically up to 5 years after account closure, after which they may be anonymised or aggregated.
  • Marketing data: Information about your marketing preferences is kept while you maintain an account and for a reasonable period (generally up to 2 years) after you last interact with our marketing, unless you withdraw consent or object earlier. We keep minimal records of opt-outs indefinitely to ensure we respect your choices.
  • Customer support and complaints: Support tickets, live chat logs and complaint files are usually kept for up to 6 years from final resolution, aligned with typical limitation periods for legal claims.
  • Technical data and logs: Security logs, IP logs and device data are kept for varying periods (usually from a few months up to 2 years), depending on their relevance for security, fraud investigation and regulatory purposes.
  • Cookies and similar technologies: Cookie lifetimes depend on their purpose and are disclosed in our cookie banner or cookie management tool; session cookies expire when you close your browser, whereas persistent cookies generally last from a few days up to 2 years.

When data is no longer needed for the purposes for which it was collected and we are not legally required to keep it, we will delete it or irreversibly anonymise it. Where immediate deletion is not possible (for example, in backup archives), we will securely store the data and isolate it from any further processing until deletion is feasible.

Your Rights

Depending on your location and the applicable law, you have a range of rights in relation to your personal data. These include rights under the UK GDPR and EU GDPR, as well as the ARCO rights (Access, Rectification, Cancellation, Opposition) under Mexican privacy law (LFPDPPP) where relevant. We will respect and facilitate your rights regardless of our gaming regulatory status.

  • Right of access: You can request confirmation as to whether we process your personal data and obtain a copy of the data, along with information about how we process it.
  • Right to rectification/correction: You can ask us to correct inaccurate or incomplete personal data. In many cases, you can update key details directly in your account profile on crakeng.com.
  • Right to erasure ("right to be forgotten" / cancellation): You can request deletion of your personal data where there is no compelling reason for us to keep it - for example, where the data is no longer necessary for the purposes for which it was collected, you withdraw consent and there is no other legal basis, or we have processed it unlawfully. We may need to retain certain data despite your request where we are legally required to do so (for example, AML and tax records).
  • Right to restriction of processing: You can ask us to restrict processing of your data in certain situations, for example while we verify its accuracy or assess an objection you have raised.
  • Right to object / opposition: You can object to processing based on our legitimate interests, including profiling. We will stop processing unless we can demonstrate compelling legitimate grounds overriding your interests, rights and freedoms, or the processing is necessary for legal claims. You can also object at any time to processing for direct marketing, in which case we will stop marketing activities for your account.
  • Right to data portability: Where processing is based on your consent or on a contract and carried out by automated means, you can request to receive the personal data you provided to us in a structured, commonly used and machine-readable format, and you may ask us to transmit it to another controller where technically feasible.
  • Right to withdraw consent: Where processing relies on consent (for example, for certain marketing or cookie uses), you can withdraw your consent at any time. This will not affect the lawfulness of processing carried out before withdrawal.
  • Rights related to automated decision-making: If we use automated decision-making, including profiling, that produces legal effects or similarly significantly affects you (for example, automated risk or fraud decisions), you may have the right to request human review, express your point of view and contest the decision.

How to exercise your rights. You can submit a request by contacting us at privacy@crakeng.com or via any privacy-specific form provided on crakeng.com. To protect your account and prevent fraud, we may ask you for additional information to verify your identity before acting on your request. When you contact us from Mexico, please indicate "ARCO request" in the subject line so that we can apply the specific procedures required under Mexican law.

Timeframes and cost. We aim to respond to all valid requests within one month (30 days) of receipt and verification of your identity. For complex or numerous requests, this period may be extended by up to a further two months; if so, we will inform you of the extension and reasons. We will handle your request free of charge, unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act, as permitted by law.

Cookies & Tracking Technologies

We use cookies and similar technologies on crakeng.com to provide, secure and improve our services and to deliver personalised content and marketing. Cookies are small text files stored on your device when you visit our site.

Types of cookies we use

  • Strictly necessary / functional cookies: These cookies are essential for the operation of the site and to enable basic functions such as logging in, maintaining sessions, processing payments and remembering your privacy preferences. Without them, the Kraken Casino service on crakeng.com cannot function correctly.
  • Preference cookies: These cookies remember your choices, such as language, region, game settings and display preferences, so that we can provide a more personalised experience.
  • Analytics / performance cookies: These cookies help us understand how visitors use crakeng.com, which pages are popular and whether there are errors, so we can improve performance and usability. They may be set by us or by third-party analytics providers.
  • Advertising and tracking cookies: These cookies are used to deliver relevant advertising and measure the effectiveness of marketing campaigns, including those run through affiliate and advertising networks. They may track your browsing across different websites and devices, in accordance with applicable law.

Managing cookies

  • You can manage your cookie preferences through our cookie banner or internal cookie settings panel (where available) when you first visit crakeng.com or at any time thereafter.
  • Most web browsers also allow you to control cookies through their settings, including blocking or deleting cookies. The method varies by browser; please refer to your browser's help section for instructions.
  • If you choose to disable some cookies, certain features or functions of crakeng.com may not work properly or may become unavailable (for example, reliable session management or personalised game recommendations).

Data Security

We take the security of your personal data very seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, misuse, alteration or destruction. These measures include, among others:

  • Encryption: We use TLS (Transport Layer Security) version 1.2 or higher to encrypt data in transit between your browser and our servers. Where feasible and appropriate, we also encrypt sensitive data at rest (for example, certain payment-related data and security credentials).
  • Access controls and authentication: Access to personal data is strictly limited to authorised personnel who need it for their job functions and who are bound by confidentiality obligations. We use role-based access control, robust authentication mechanisms and, for administrative access, multi-factor authentication where feasible.
  • Network and infrastructure security: Our systems are protected by firewalls, intrusion detection and prevention systems, anti-malware solutions and continuous monitoring. We segregate environments and apply the principle of least privilege to minimise risk.
  • Security testing and audits: We perform regular security assessments, including vulnerability scanning and, where appropriate, independent penetration testing. Our control environment is designed to align with recognised industry standards such as ISO 27001 and SOC 2, even if we are not formally certified.
  • Staff training and awareness: Employees with access to personal data receive training on data protection, information security and responsible gambling obligations, and are required to comply with relevant policies and procedures.
  • Incident response: We maintain incident response procedures to identify, investigate and mitigate suspected data breaches or security incidents. Where a data breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, inform you without undue delay.

While we strive to protect your personal data, no system can be completely secure. You are responsible for keeping your account credentials confidential, using strong and unique passwords and securing the devices you use to access crakeng.com. If you suspect any unauthorised access to your account, please contact us immediately.

Complaints & Contacts

If you have questions, concerns or complaints about how we handle your personal data, or if you wish to exercise your data protection rights, you can contact us using the following channels:

  • Privacy email (primary channel): privacy@crakeng.com
  • Support / contact form: where available via https://crakeng.com (for general enquiries and to forward privacy-related requests to the DPO).
  • Postal contact: addressed to "Data Protection Officer - Kraken Casino (Kraken Casino)" using the registered office details for Kraken N.V. as provided on crakeng.com.

Internal complaints procedure. We will acknowledge receipt of your complaint or request as soon as reasonably possible, typically within 7 days. We aim to investigate and respond substantively within 30 days. For complex issues, we may need more time; if so, we will inform you of the delay and provide an updated timeline.

Supervisory authorities. You also have the right to lodge a complaint with a data protection authority if you are not satisfied with our response or believe that your data protection rights have been violated:

  • United Kingdom - Information Commissioner's Office (ICO):
    • Website: https://ico.org.uk
    • Telephone (UK): 0303 123 1113
  • European Union: If you are located in the EU/EEA, you may lodge a complaint with the data protection authority in your country of residence, place of work or place of the alleged infringement. Contact details are available on the European Data Protection Board website.
  • Mexico - INAI (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales):
    • Website: https://home.inai.org.mx
    Mexican residents may exercise their ARCO rights directly with us and, if unsatisfied, may bring a claim before INAI in accordance with LFPDPPP and its regulations.

Using one complaint channel does not prevent you from using another. However, we encourage you to contact us first so we can attempt to resolve your concern directly and efficiently.

Updates

We may update this Privacy Policy from time to time to reflect changes in our services, technology, legal or regulatory requirements, or our internal practices. When we make material changes, we will take appropriate steps to inform you in advance and to give you the opportunity to review the revised policy.

  • Notification methods: For significant changes, we will notify you by one or more of the following:
    • email sent to the address registered on your Kraken Casino account;
    • prominent notices or banners on crakeng.com;
    • alerts or messages within your account dashboard.
  • Advance notice: Where the changes materially affect your rights or the way we process your data, we will provide notice at least 30 days before the new policy takes effect, unless immediate changes are required by law or to address security or compliance risks.
  • Your options: If you do not agree with the updated Privacy Policy, you may object to certain processing where permitted by law, adjust your privacy settings, withdraw consent for marketing or request closure of your account. Continued use of crakeng.com after the effective date of the updated policy will be treated as acceptance of the changes, to the extent permitted by applicable law.
  • Version control: We keep track of the dates of our Privacy Policy versions. The current version is identified below. You may request a copy of previous versions from our DPO if needed.

Last updated: January 2026 (superseding the version dated 6 November 2025).