Fireball Casino Privacy Policy — GDPR overview

Q: How can I exercise my GDPR rights?

Through support email (support@fireball.casino), with a 30-day response time. Operations are free and can be requested at any time.

The operator's privacy policy follows GDPR (EU General Data Protection Regulation), which is the strictest legal framework in player data handling. Below we summarize the core data processing principles relevant to Hungarian players.

Personal data is processed only for the purposes required by the gambling license: identification (KYC), age verification, anti-money laundering and player safety.

Open Account Learn More

Fireball Casino GDPR privacy policy and data protection elements

What data is collected?

The data set is split into three categories. Each category has its own legal basis and retention period. Personal data is never sold to third parties — the only sharing is with regulators and payment processors as required by law.

Identification data: name, date of birth, address, ID number (KYC requirement).
Financial data: payment method, transaction history (AML compliance).
Behavioral data: game history, login times (responsible gambling and security).

How long is data stored?

Under MGA license rules and EU AML standards the operator must retain account-related data for a defined period. After this period the data is anonymized or destroyed, depending on category.

KYC data: 5 years from account closure (MGA / AML requirement).
Transaction data: 7 years (financial compliance).
Marketing data: until consent withdrawal.
Cookie data: 12 months or until clearance.

Cookies and tracking

The site uses three cookie categories. The strictly necessary cookies are mandatory for site operation; the others are configurable. The cookie consent banner appears at the first visit and the choice is stored for 12 months.

Cookie categories:
1. Strictly necessary — site operation (login, session).
2. Analytics — usage statistics (Google Analytics).
3. Marketing — personalized advertising (consent required).

Your rights under GDPR

Every player has the right to access their personal data, demand correction, request deletion (within legal boundaries) or restrict processing. These rights can be exercised via support email; the operator responds within 30 days.

Right to access: copy of personal data.
Right to rectification: incorrect data correction.
Right to erasure: data deletion within legal limits.
Data portability: data export in machine-readable format.
Right to object: opt-out of marketing communications.

Data breach — the mandatory notification

Under GDPR, in the event of a data breach the operator must notify the supervisory authority within 72 hours and, in cases of serious risk, the affected user directly. This obligation is not optional — the Malta Data Protection Authority imposes fines for late or incomplete notification.

Frequently Asked Questions

Is my personal data shared with third parties?

No, personal data is not sold. Only regulators (MGA), payment processors and KYC providers receive data as required by law.

How long is KYC data retained?

5 years from account closure, per MGA and EU AML requirements. After that the data is anonymized.

Can I request my data be deleted?

Yes, but only within legal boundaries. KYC and transactional data must be retained for the required period; marketing data is deletable at any time.

How can I exercise my GDPR rights?

Through support email ([email protected]), with a 30-day response time. Operations are free and can be requested at any time.

Register with full GDPR compliance

Through registration you accept the privacy policy. The operator operates under MGA jurisdiction and GDPR rules — your data is handled accordingly.

Play Now