Lizaro Privacy Policy

Last updated: May 20, 2026

This Privacy Policy describes how Lizaro collects, uses, stores and protects personal information provided by users who visit the platform. The policy applies to all data processing activities carried out by Sligo Limited in connection with the operation of the casino, live dealer tables, sportsbook and related services. Understanding how personal data is handled helps players make informed decisions about account registration, gameplay and communication with the operator.

The policy covers data collected during account creation, deposits, withdrawals, bonus claims, game sessions, identity verification and customer support interactions. It also explains the legal basis for processing, data-sharing practices, user rights, security measures, cookie usage and retention periods. Players are encouraged to read the full document before submitting any personal information to the platform.

Definitions and Interpretation

This section clarifies the meaning of terms used throughout the Privacy Policy. Consistent terminology ensures that users understand their relationship with the platform and the scope of data processing activities.

Key Terms

Personal data refers to any information that can identify a natural person, including name, email address, date of birth, residential address, phone number, payment details, device identifiers and IP address. The operator processes personal data in accordance with applicable legislation and operational requirements. Data subjects are individuals who provide personal data to Lizaro, including registered players, prospective users and individuals who contact support or browse the website.

Service and Account Context

The service includes the Lizaro casino, live dealer platform, sportsbook, mobile access, cashier infrastructure, bonus system and VIP programme. An account is a user profile created during registration that stores identity information, transaction history, preferences and gameplay records. Device refers to any computer, smartphone, tablet or connected hardware used to access the platform. Processing means any operation performed on personal data, including collection, storage, retrieval, use, disclosure, transfer and deletion.

Personal Data Collection

The operator collects personal data directly from users during account registration, deposits and support requests, as well as automatically through technical systems that track device activity and session behaviour. Data collection is necessary to provide services, verify identity, process payments and comply with regulatory obligations.

Identity and Contact Information

During registration, users provide their full legal name, date of birth, residential address, email address, phone number, country of residence and selected currency. This information is used to create the account, verify age eligibility, deliver service communications and fulfil KYC requirements. Users must ensure that identity and contact details match official documents used for verification. Any change to personal information should be reported through account settings or customer support to maintain accurate records.

Financial and Transaction Data

Payment data includes card numbers, account details, e-wallet identifiers, crypto wallet addresses and transaction records associated with deposits, withdrawals, bonus claims and wagering activity. Financial data is collected during cashier interactions and stored securely to enable payouts, detect fraud and comply with AML screening obligations. The operator does not store full card numbers or CVV codes; payment processors handle sensitive card data under PCI DSS standards. Transaction history is maintained to support account reconciliation, dispute resolution and regulatory reporting.

Technical and Usage Data

Technical data is collected automatically when users visit the platform or use mobile access. This includes IP address, device type, operating system, browser version, screen resolution, language preference, session duration, page views, game selections, bet history and error logs. Usage data helps the operator monitor system performance, detect unauthorised access patterns, optimise the user interface and analyse player behaviour for product improvement. Cookies and tracking technologies play a central role in technical data collection and are explained in the Cookies section of this policy.

Purpose of Data Processing

Personal data is processed to deliver the services requested by users, maintain account security, ensure regulatory compliance and improve the platform. Each processing purpose is tied to specific user actions or operational requirements.

Service Provision and Account Management

Data is used to register accounts, authenticate login attempts, enable deposits and withdrawals, credit bonuses, track wagering progress, record game outcomes and manage VIP status. Without processing identity, financial and usage data, the operator cannot deliver casino games, live dealer sessions, sportsbook markets or promotional rewards. Account management also includes responding to support requests, updating user preferences and enforcing platform rules such as the one-account policy and age restrictions.

Verification and Compliance

Identity data is processed to verify that users are over 18, reside in permitted jurisdictions and are not using VPN, proxy or anonymiser services to bypass geographic restrictions. KYC procedures require document review, address confirmation and payment-method ownership checks before the first withdrawal or after risk triggers such as large deposits, profile changes or AML alerts. Compliance processing also includes sanctions screening, source-of-funds assessment and reporting obligations under remote bookmaker licensing and anti-money-laundering legislation.

Marketing and Communication

Contact data is used to send promotional emails, SMS messages and push notifications about welcome offers, reload bonuses, cashback campaigns, tournaments and VIP rewards. Users who provide marketing consent during registration or through account settings receive targeted communications based on gameplay preferences and deposit behaviour. Consent can be withdrawn at any time through the unsubscribe link in promotional emails or by updating communication preferences in the account dashboard. The operator may also send transactional messages related to deposits, withdrawals, KYC requests and account security without requiring marketing consent.

Analytics and Platform Improvement

Usage data is analysed to understand player behaviour, identify popular games, detect technical issues, optimise mobile performance and improve bonus mechanics. Aggregated and anonymised data may be used for internal reporting, statistical analysis and service development. Analytics processing does not involve the sale of personal data to third parties and is conducted to enhance the user experience, system reliability and product offering.

Legal Basis for Processing

The operator processes personal data based on one or more legal grounds recognised under data protection legislation. The legal basis determines the scope and limitations of processing activities.

Consent

Consent is obtained when users tick the terms and conditions box during registration, activate marketing preferences or agree to cookie usage through the banner displayed on the first visit. Consent-based processing covers promotional communications, personalised offers and non-essential cookies. Users can withdraw consent at any time without affecting their ability to use the core service, although some features such as bonus personalisation or targeted campaigns may become unavailable.

Contractual Necessity

Processing is necessary to perform the contract between the user and the operator when data is used for account creation, authentication, deposit processing, game delivery, withdrawal handling, bonus crediting and customer support. Without contractual processing, the operator cannot fulfil service obligations or enable real-money gameplay. This legal basis applies to identity, financial, technical and usage data collected during normal platform interaction.

Legal Obligation

The operator processes personal data to comply with legal obligations under remote bookmaker licensing, AML regulations, sanctions frameworks and tax reporting requirements. Legal obligation processing includes KYC verification, transaction monitoring, document retention, regulator reporting and law enforcement cooperation. Users cannot opt out of processing carried out to meet legal obligations, as non-compliance would prevent the operator from offering services in regulated markets.

Legitimate Interests

The operator may process data based on legitimate interests such as fraud prevention, system security, payment dispute resolution, account abuse detection and internal analytics. Legitimate interest processing is conducted only when it does not override user privacy rights and is necessary to protect the integrity of the platform. Examples include blocking multi-account abusers, detecting irregular betting patterns and preventing payment fraud through transaction monitoring.

Data Sharing and Disclosure

Personal data is shared with third parties only when necessary to deliver services, comply with legal obligations or protect the operator's legitimate interests. The operator does not sell personal data to advertisers or unrelated commercial entities.

Service Providers

Data is shared with GMBL Tech, the platform services provider responsible for account infrastructure, casino game integration, sportsbook operation and cashier processing. Payment processors such as Visa, Mastercard, Skrill, Neteller, MiFinity, Paysafecard and crypto gateway operators receive financial data to execute deposits and withdrawals. Game providers including Evolution, Pragmatic Play, Play'n GO, NetEnt, Nolimit City and Hacksaw Gaming access session data to deliver game outcomes and record wagers. Hosting, analytics and support tool providers process technical and usage data to maintain platform performance.

All service providers are contractually obligated to protect personal data, use it only for specified purposes and comply with applicable data protection standards. Third-party processors are selected based on their security practices, regulatory compliance and operational reliability.

Regulators and Law Enforcement

Personal data may be disclosed to the National Excise Licence Office, Irish Revenue Commissioners or other regulatory authorities as required under remote bookmaker licensing and anti-money-laundering obligations. Law enforcement agencies may request data in connection with criminal investigations, fraud prevention or sanctions enforcement. The operator responds to legal requests only when supported by proper authority and documentation, and disclosure is limited to the minimum data necessary to comply with the request.

Affiliates and Business Transfers

Data may be shared with affiliated entities under common ownership or control for operational support, technical maintenance or service delivery. In the event of a merger, acquisition or asset sale, personal data may be transferred to the acquiring entity as part of the business transaction. Users will be notified of any ownership change that affects data processing responsibilities.

Data Retention

Personal data is retained for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations and resolve disputes. Retention periods vary depending on data type, user activity and regulatory requirements.

Active Account Data

Identity, contact, financial and usage data associated with active accounts is retained throughout the account lifecycle. Active accounts are those with recent login activity, deposits, gameplay or support interactions. Users who close their accounts may request data deletion, subject to legal retention obligations and pending transaction resolution. Closed accounts are archived, and personal data is anonymised or deleted after the retention period expires.

Regulatory and Legal Retention

KYC documents, transaction records and compliance data are retained for at least five years after the account is closed or the last transaction is processed, as required under AML legislation and licensing conditions. Longer retention may apply if data is needed for ongoing legal proceedings, regulatory investigations or dispute resolution. Once the retention period ends, data is securely deleted or anonymised to prevent identification.

Marketing and Analytics Data

Marketing consent records are retained until consent is withdrawn. Analytics data is typically anonymised within six months of collection. Session logs and technical data are deleted after 12 months unless required for security investigations or system audits. Users who withdraw marketing consent will no longer receive promotional communications, but transactional messages related to account activity will continue.

User Rights

Users have several rights over their personal data under applicable data protection legislation. These rights enable individuals to control how their information is processed and request corrections, deletions or restrictions.

Access and Rectification

Users can request a copy of their personal data held by the operator, including identity information, transaction history, gameplay records and communication logs. Access requests should be submitted through customer support or the account dashboard. The operator provides the requested data within 30 days, subject to identity verification. Users can also request corrections to inaccurate or incomplete personal data. Rectification requests are processed promptly, and updated information is reflected in account records and third-party systems where applicable.

Erasure and Restriction

Users may request deletion of their personal data when it is no longer necessary for the original purpose, consent has been withdrawn, processing was unlawful or legal obligations require erasure. The operator must balance erasure requests against legal retention requirements, ongoing transactions and dispute resolution needs. In cases where deletion is not possible, the operator restricts processing so that data is stored but not actively used. Restricted data remains in archive systems until the legal retention period expires.

Data Portability and Objection

Users can request a machine-readable copy of their personal data to transfer to another service provider. Portability applies to data processed based on consent or contractual necessity, such as account details, transaction history and preferences. Users can also object to processing based on legitimate interests, including marketing, profiling and analytics. Objections are reviewed on a case-by-case basis, and the operator ceases processing unless it can demonstrate compelling legal grounds or regulatory obligations.

Data Security

The operator implements technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration and destruction. Security measures are designed to reduce risks but cannot eliminate them entirely.

Encryption and Secure Storage

Personal data transmitted between users and the platform is encrypted using SSL/TLS protocols. Sensitive data such as passwords, payment details and document images are stored in encrypted databases with restricted access controls. Financial data processed by payment providers is handled under PCI DSS standards, and the operator does not store full card numbers or CVV codes on its systems. Crypto wallet addresses and blockchain transaction records are stored separately from identity data to reduce exposure in the event of a breach.

Access Control and Monitoring

Access to personal data is restricted to authorised personnel who require it to perform their job functions, such as customer support agents, KYC analysts and compliance officers. Role-based access controls ensure that employees can view only the data necessary for their tasks. The operator monitors data access logs, detects unusual activity and conducts regular security audits to identify vulnerabilities. Multi-factor authentication is required for administrative accounts, and password policies enforce complexity and regular rotation.

Fraud Prevention and Incident Response

The operator uses automated tools to detect fraudulent transactions, duplicate accounts, VPN usage, location mismatches and payment recycling patterns. Suspicious activity triggers manual review, additional verification requests or account suspension. In the event of a data breach, the operator notifies affected users and relevant regulators within the timeframe required by law. Incident response procedures include containment, investigation, remediation and documentation to prevent recurrence.

Cookies and Tracking Technologies

The platform uses cookies and similar technologies to enable functionality, track user behaviour and deliver personalised content. Cookies are small text files stored on the user's device that help the operator recognise returning visitors and maintain session state.

Types of Cookies

Essential cookies are necessary to operate the website and enable account login, game sessions, payment processing and security features. These cookies cannot be disabled without affecting core functionality. Analytical cookies track page views, session duration, game popularity and error rates to help the operator understand user behaviour and improve platform performance. Marketing cookies are used to deliver targeted promotions, personalised offers and retargeting campaigns based on browsing and gameplay activity. Social media cookies enable content sharing and social login features when users connect their accounts to external platforms.

Cookie Management

Users can control cookie preferences through their browser settings or the cookie banner displayed on the first visit. Disabling non-essential cookies may limit access to certain features such as bonus personalisation, saved preferences or targeted promotions. Essential cookies remain active to ensure account security and transaction integrity. The operator respects Do Not Track signals where supported by browser technology. Mobile users can manage cookies through their device settings or by clearing app data.

Third-Party Tracking

Game providers, analytics tools and payment processors may place their own cookies on the user's device to deliver content, measure performance or process transactions. Third-party cookies are subject to the privacy policies of their respective operators. The operator does not control external cookies and recommends that users review third-party policies before interacting with embedded content or external links.

Third-Party Links

The platform may contain links to external websites operated by game providers, payment processors, affiliates or other third parties. The operator is not responsible for the privacy practices or content of external sites.

Users who follow external links leave the platform and are subject to the privacy policies of the destination website. The operator does not control data collection, storage or sharing practices of third-party sites and cannot guarantee the security or accuracy of external content. Users are encouraged to review the privacy policies of external websites before submitting personal information or creating accounts on third-party platforms.

Payment processors such as Skrill, Neteller, Paysafecard and crypto wallet providers operate under their own privacy frameworks and may collect additional data during transaction processing. Social media platforms, analytics services and game studios accessed through embedded content or shared links also collect data independently of the operator.

Children and Minors Policy

The platform is intended exclusively for users aged 18 and over. The operator does not knowingly collect personal data from individuals under the legal gambling age.

Account registration requires date-of-birth confirmation, and users who provide false age information may have their accounts closed, balances confiscated and documents reported to relevant authorities. KYC verification processes include age checks using official identity documents such as passports, photocard driving licences and national ID cards. Users who cannot prove they are 18 or older are prohibited from depositing, claiming bonuses or playing real-money games.

If the operator becomes aware that personal data has been collected from a minor, the data will be deleted immediately, the account will be closed and any deposits will be returned. Parents or guardians who believe their child has provided personal information to the platform should contact customer support to request account closure and data removal.

Policy Updates

The operator may update this Privacy Policy to reflect changes in legal requirements, service features, data processing practices or regulatory guidance. Updates are published on the website with a revised effective date.

Users are encouraged to review the Privacy Policy periodically to stay informed about how personal data is collected, used and protected. Significant changes that affect user rights or data processing scope may be communicated through email, account notifications or prominent website notices. Continued use of the platform after a policy update constitutes acceptance of the revised terms.

The operator maintains a record of policy versions and can provide previous versions upon request. Users who do not agree with updated terms may close their accounts, subject to pending transaction resolution and legal retention obligations.

Contact Information

Users who have questions about this Privacy Policy, wish to exercise their data protection rights or need assistance with account privacy settings can contact the operator through the following channels.

Customer support is available 24/7 via live chat and account ticketing. Privacy-related inquiries should be clearly marked as data protection requests to ensure proper routing and response. Users requesting access, rectification, erasure or portability should provide sufficient identity verification to confirm account ownership and prevent unauthorised data disclosure.

Complaints about data processing practices can be submitted through customer support or directed to the relevant data protection authority in the user's country of residence. The operator cooperates with regulators and responds to formal inquiries within the timeframe required by law.