Privacy principles at Fireball Casino
This privacy notice explains how Fireball Casino collects, processes, and protects your personal data. The platform operates in compliance with GDPR and the data protection standards set by the Curacao Gaming Authority. Every processing activity is documented transparently, and you can exercise your access, correction, and deletion rights at any time.
Data we collect
Registration captures the following data categories: full name, date of birth, email address, phone number, residential address, and nationality. Financial activity adds payment method identifiers (e.g., last 4 digits of the card, e-wallet ID). Gameplay logs record placed bets, session duration, and IP address for security purposes.
Data storage and encryption
All data is protected by 256-bit SSL/TLS encryption in transit and AES-256 at rest. Servers are hosted in EU data centers (Frankfurt and Amsterdam) certified to the ISO 27001 information security standard.
- Bank-grade encryption: all transfers run over HTTPS with 256-bit keys
- Two-factor protection: optional 2FA via Google Authenticator or SMS
- Account activity log: every login is recorded with IP and device metadata
- Firewall and DDoS protection: Cloudflare Enterprise layer in front of every request
- Regular penetration testing: independent quarterly security audits
Purpose of data use
Personal data is processed exclusively for the purposes listed below.
| Purpose | Data category | Legal basis |
|---|---|---|
| Account creation and management | Name, email, address | Contract performance |
| KYC verification | ID document, address proof | Legal obligation |
| Transaction processing | Card, e-wallet data | Contract performance |
| Fraud prevention | IP, device ID | Legitimate interest |
| Marketing communication | Email, name | Consent (opt-in) |
Cookies and trackers
The site uses three cookie categories. Essential cookies handle login and cart state (cannot be disabled), performance cookies gather anonymous statistics through Google Analytics 4, and marketing cookies store data needed for targeted ads (active only after consent). Cookie preferences can be adjusted anytime through the link in the footer.
Data retention periods
Retention is tied to purpose. While the account is active, all relevant data is kept. After closure, financial records are retained for 5 years and KYC documents for 6 years in line with EU and national legislation. Marketing data is deleted within 30 days of opt-out.
Your data protection rights
Under GDPR you hold the rights listed below. To exercise any of them, email [email protected]. Responses arrive within 30 days.
- Right of access: request a copy of the data we hold about you
- Right to rectification: request correction of inaccurate information
- Right to erasure (right to be forgotten): request deletion in qualifying cases
- Right to restriction: request a temporary halt to processing
- Right to data portability: receive your data in a machine-readable format
- Right to object: object to processing, particularly for marketing purposes
Third-party data sharing
We share data with external parties only in the following scenarios: regulatory bodies (Curacao Gaming Authority) on formal request, payment service providers to settle transactions, and KYC providers for identity verification. Data is never passed to third parties for marketing purposes. Complaints about data handling can be addressed to the Curacao Gaming Authority's data protection division or to the relevant supervisory authority in your country of residence.
Common privacy questions
How do I request deletion of my data?
Send an email to [email protected] from the registered address linked to the account. Requests are processed within 30 days. Note: certain data such as KYC and financial records must be retained for 5-6 years after closure due to legal requirements.
Are my payment details secure?
Yes. The platform meets PCI DSS Level 1 compliance, and card data never touches our own servers — it is forwarded directly to the payment processor. The full transfer is protected by 256-bit SSL/TLS, and the payment module undergoes an independent audit every year.
What is two-factor authentication?
2FA adds a security layer on top of your password by requiring a one-time code at login. It works through the Google Authenticator app or SMS. Enabling 2FA is strongly recommended and may become mandatory at higher balance thresholds.
Where can I file a privacy complaint?
First contact [email protected]. If no satisfactory response arrives within 30 days, you may escalate to the data protection authority in your country of residence or directly to the Curacao Gaming Authority's data protection division.
Play in a secure, GDPR-compliant environment
Fireball Casino uses bank-grade encryption and independent privacy audits. Sign up with confidence.
Proceed to registration