burger icon
Cosmic Spins United Kingdom
Log In

Privacy Policy

This Privacy Notice explains how personal data is collected, used, stored, shared and protected when you visit and use the Cosmic Spins experience offered as "Cosmic Spins" on the website cosmikpins.com, and when you interact with our services (including browsing our pages, creating an account, and participating in any gambling-related features where available). It applies to players, prospective players, and all other visitors to cosmikpins.com who access or consider the Cosmic Spins offering, regardless of whether they complete registration.

The effective date of this Privacy Notice is 6 November 2025, and it is intended to reflect requirements under the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and, where relevant, other international standards commonly applied in the online gambling industry. Please read it carefully before using cosmikpins.com, as it explains your rights and our responsibilities with respect to your personal data.

Who We Are

OBSERVE: For privacy law purposes, there must be a clearly identifiable data controller responsible for how your personal data is handled.

EXPAND: For the Cosmic Spins experience on cosmikpins.com, the data controller is the operator of the website cosmikpins.com trading under the brand "Cosmic Spins" (referred to in this notice as "Cosmic Spins", "we", "us", or "our"). The operator's full legal name, registered office address and company registration number are provided in our Terms and Conditions and can be requested using the contact details below. This ensures that the information can be kept accurate even if corporate details change.

REFLECT: For all privacy-related matters, including the exercise of your data protection rights, our primary contact point is our data protection function:

  • Data controller: Operator of cosmikpins.com, trading as Cosmic Spins for the Cosmic Spins experience (details as per site Terms and Conditions)
  • Data Protection Officer (DPO) / Data Protection Team: [email protected]
  • General privacy contact: [email protected]
  • Postal contact for privacy issues: Data Protection Officer, Cosmic Spins (cosmikpins.com), postal address as stated in our Terms and Conditions and on our "Contact" page, marked "Data Protection - Confidential".

Regulatory context (UK gambling): The UK Gambling Commission (UKGC) has previously issued operating licence number 000-039411-R-319683-009 to Betable Ltd, which has been surrendered and is no longer active. The Cosmic Spins experience on cosmikpins.com does not rely on this surrendered licence, and nothing in this Privacy Notice should be interpreted as a representation that cosmikpins.com is currently authorised by the UKGC to provide remote gambling to UK customers. Any licensing details relevant to our current operations, if applicable, are displayed on the website and should be checked before you use any gambling services.

What Personal Data We Collect

Core categories of data

OBSERVE: To operate an online gambling-style experience safely, fairly and lawfully, we need to collect several categories of personal data. Some of this data is provided directly by you, and some is generated by your use of cosmikpins.com.

  • Identification and contact data: Full name, date of birth, residential address, nationality, email address, phone number, account username, and similar identifiers. This data is essential for creating and managing your account and for age/identity checks where services are offered.
  • Account and transactional data: Account registration details, login credentials (stored in a hashed form), account status, verification status, preferences, communication history, and in-game identifiers used within the Cosmic Spins environment.
  • Payment and financial data: Limited payment card information (tokenised by payment providers), bank account identifiers, e-wallet IDs, deposit and withdrawal records, balances, and records required for anti-money laundering ("AML") and counter-terrorist financing ("CTF") monitoring, where applicable.

Technical, behavioural and compliance data

  • Technical and device data: IP address, device identifiers, browser type and version, operating system, time zone setting, language, access times, pages viewed, clickstream data, and log files generated by our servers and security tools.
  • Behavioural and usage data: Game and betting history, stake sizes, wins and losses, session length, interaction with promotions, navigation patterns, click data and other analytics generated by your use of cosmikpins.com in relation to Cosmic Spins. This may include flags generated by our responsible gambling and anti-fraud systems.
  • Verification and KYC/AML data: Copies or details of identity documents, proof of address, source-of-funds information and any additional information required under KYC/AML obligations, where we provide gambling services in relevant jurisdictions.
  • Communications data: Records of emails, chats, support tickets, complaints, and feedback forms, including any attachments you provide.

Cookies and similar technologies

  • Cookies: We use session cookies, persistent cookies and (where you consent) third-party cookies for authentication, remembering your preferences, analytics and marketing.
  • Similar technologies: Pixel tags, web beacons, SDKs and JavaScript tracking that allow us and our partners (for example analytics and advertising networks) to understand usage of cosmikpins.com and to measure the performance of the Cosmic Spins experience.

We do not knowingly collect data relating to individuals under 18. If we discover that a minor has provided personal data, we will take reasonable steps to delete it and, where appropriate, close any associated account.

Legal Basis for Processing

Contractual necessity

OBSERVE: Most processing that enables you to use cosmikpins.com in connection with Cosmic Spins is necessary to perform a contract with you or to take steps at your request before entering into a contract.

  • Account creation and management: Processing your registration details, verifying your age (where gambling is available), enabling log-ins, maintaining your account profile and providing customer support.
  • Provision of services: Operating games, processing deposits and withdrawals via our payment partners, crediting winnings, and administering loyalty or promotional programmes to the extent they are available to you.

Legal obligations

  • UK and international regulatory duties: Where relevant, complying with anti-money laundering and counter-terrorist financing laws, responsible gambling standards, tax and accounting obligations, and record-keeping duties under applicable legislation (for example the Proceeds of Crime Act 2002 or other AML/CTF rules in the jurisdictions where we operate).
  • Data protection and e-privacy: Complying with UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations ("PECR"), including maintaining suppression lists to ensure we respect your marketing preferences.

Legitimate interests

  • Service integrity and security: Protecting the security of cosmikpins.com, detecting misuse or technical issues, preventing fraud, cheating and abuse, and safeguarding players and our business.
  • Analytics and improvement: Analysing aggregated and pseudonymised behavioural and technical data to improve performance, user experience, and the design of the Cosmic Spins experience.
  • Enforcing our rights: Establishing, exercising or defending legal claims and managing disputes.

Consent

  • Marketing communications: Sending you email, SMS, push or in-product marketing messages about offers relating to Cosmic Spins or compatible partner brands, where you have given valid consent or where we rely on soft opt-in in accordance with PECR.
  • Cookies and similar technologies: Using non-essential cookies and third-party tracking technologies on cosmikpins.com, which rely on your consent obtained through our cookie banner or settings panel.

Where we rely on consent, you may withdraw it at any time as described in the "Your Rights" and "Cookies & Tracking Technologies" sections. Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal.

Purpose of Processing

Providing and managing the Cosmic Spins services

OBSERVE: We use your data to make the Cosmic Spins experience on cosmikpins.com function reliably and safely.

  • Account operation: Creating and maintaining your player or visitor account, authenticating log-ins, and enabling access to games, features and support tools.
  • Payments and transactions: Processing deposits, withdrawals and in-game transactions via payment partners and maintaining accurate transaction histories for you and for our internal records.
  • Customer support: Responding to queries, investigating issues, and handling complaints or disputes.

Compliance, safety and responsible gambling

  • KYC/AML and sanctions checks: Verifying your identity, age, residence, and (where applicable) source of funds, as required by law and by industry best practice for online gambling.
  • Fraud and abuse prevention: Monitoring technical and behavioural signals to detect suspicious activity, bonus abuse, money laundering indicators or account takeovers.
  • Player protection: Assessing behavioural patterns (such as frequency and size of play) to support responsible gambling measures, where such gambling services are available.

Improvement, analytics and marketing

  • Service enhancement: Analysing aggregated and pseudonymised usage data to improve site stability, layout, game offerings and features of Cosmic Spins.
  • Marketing and personalisation: Tailoring content and offers (where permissible) to your profile and preferences, and measuring the effectiveness of campaigns, subject to your marketing choices and cookie consent.
  • Business administration: Conducting internal reporting, audits, quality assurance, and planning to support the sustainable operation of cosmikpins.com.

Disclosure & Sharing

Service providers and business partners

OBSERVE: We cannot provide a safe and functional Cosmic Spins experience on cosmikpins.com without involving carefully selected third parties.

  • Payment providers and banks: To process deposits, withdrawals and chargebacks, and to perform AML/CTF checks, we share necessary payment-related data with payment processors, banks and financial institutions.
  • Technical and hosting providers: Cloud hosting providers, content delivery networks, IT support and security vendors who process technical and usage data on our behalf to keep cosmikpins.com secure and available.
  • Game, risk and analytics providers: Where we integrate third-party gaming platforms, risk engines or analytics tools, they may process identifiers, behavioural and technical data strictly under our instructions.

Regulators, law enforcement and other disclosures

  • Regulators and authorities: Where required by law or regulation (for example, AML/CTF authorities, tax authorities, courts, the UK Information Commissioner's Office), we may disclose relevant data, including transactional and KYC information.
  • Professional advisers: Lawyers, auditors and consultants may access relevant information for audit, legal advice, or dispute resolution, subject to confidentiality obligations.
  • Business transfers: In the context of a merger, acquisition, restructuring or sale of assets, your data may be shared with prospective or actual purchasers, under appropriate safeguards.

Marketing and affiliates

  • Affiliates and advertising networks: Where you have provided appropriate consent (for example via cookies or marketing preferences), we may share limited pseudonymised identifiers and analytics with affiliates, advertising networks and social media platforms to measure and optimise campaigns related to cosmikpins.com.

We do not sell your personal data. Any third party that processes your data on our behalf does so under a written data processing agreement that reflects UK GDPR standards.

International Transfers

Where data may be transferred

OBSERVE: Online services often rely on infrastructure and partners located outside your home country. This may involve transfers of personal data to jurisdictions that do not provide the same level of data protection as the UK.

  • European Economic Area (EEA) and similar jurisdictions: Some of our service providers may be established in the EEA or other countries that benefit from a UK "adequacy" decision, meaning their laws are recognised as providing a comparable level of protection.
  • Other countries (including the United States): Certain hosting, analytics, payment or support services we use for cosmikpins.com may operate from countries without such adequacy decisions.

Safeguards for international transfers

  • Standard Contractual Clauses and UK IDTA/Addendum: Where required, we implement the European Commission's Standard Contractual Clauses together with the UK's International Data Transfer Agreement or Addendum, ensuring contractual protections for your data.
  • Additional technical and organisational measures: Encryption, access controls, and data minimisation are applied so that transferred data is protected against unauthorised access or misuse.
  • Risk assessments: Before engaging providers in higher-risk jurisdictions, we assess their legal environment, security posture and compliance track record.

We monitor regulatory developments relating to international transfers, including frameworks such as the EU-US Data Privacy Framework and any UK extensions, and we adjust our approach to remain compliant.

Data Retention

General retention principles

OBSERVE: We keep personal data only for as long as necessary for the purposes described in this Privacy Notice, to meet our legal obligations, and to resolve any disputes.

  • Account data: Identification, contact and account information are generally kept for the lifetime of your account and for up to five (5) years after closure, reflecting typical AML/CTF and regulatory time limits in the online gambling sector, unless a longer period is required by law or necessary for legal claims.
  • Transactional and KYC/AML data: Records of payments, bets, game activity and KYC/AML documentation are normally retained for at least five (5) years after the end of the business relationship or the relevant transaction, or longer where legally required.
  • Marketing data: Marketing preference records and suppression lists are retained as long as necessary to honour your choices and to demonstrate compliance with PECR and UK GDPR.
  • Technical and analytics data: Aggregated or anonymised analytics may be retained for a longer period, as they no longer identify you.

REFLECT: When the applicable retention period expires, or when data is no longer needed for the purposes for which it was collected, we will either securely delete or irreversibly anonymise it. We may retain limited information for a longer period where required to establish, exercise or defend legal claims, to comply with law enforcement requests, or to meet regulatory requirements.

Your Rights

Core data protection rights (UK GDPR and GDPR-equivalent regimes)

OBSERVE: Under the UK GDPR and, where applicable, the EU GDPR and similar regimes, you have several rights in relation to your personal data processed in connection with cosmikpins.com and the Cosmic Spins experience.

  • Right of access: To obtain confirmation whether we process your personal data and to receive a copy of that data together with information about how it is used.
  • Right to rectification: To have inaccurate or incomplete personal data corrected or completed.
  • Right to erasure: To request deletion of your personal data in certain circumstances, for example where it is no longer needed or you withdraw consent and we have no other legal basis. Legal or regulatory obligations (such as AML rules) may limit our ability to delete some records immediately.
  • Right to restriction: To request that we temporarily restrict processing where you contest accuracy, object to processing, or require data for legal claims.
  • Right to object: To object at any time to processing based on our legitimate interests, including profiling, and to object separately to direct marketing. We will stop such processing unless we demonstrate compelling legitimate grounds or the processing relates to legal claims.
  • Right to data portability: To receive certain personal data you have provided to us in a structured, commonly used, machine-readable format and to ask us to transmit it to another controller where technically feasible.

Consent, marketing and cookie choices

  • Withdrawal of consent: Where processing is based on your consent (for example, marketing communications or non-essential cookies), you may withdraw consent at any time via your account settings, the unsubscribe link in emails, our consent management tools, or by contacting us.
  • Marketing preferences: You may manage preferences (opt in or opt out) for different types of marketing messages relating to Cosmic Spins within your account dashboard where available or by contacting us.

Mexican privacy law alignment and other regimes

EXPAND: For users whose data is subject to Mexican privacy law, including the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), similar rights apply, such as access, rectification, cancellation and opposition (ARCO rights). Where both UK/EU rules and Mexican law are relevant, we aim to handle requests in a manner that satisfies the stricter applicable standard.

  • ARCO rights (Mexico): Access, rectify, cancel or oppose the processing of your personal data, subject to the conditions and exceptions set out in Mexican law.

How to exercise your rights

  1. Submit a request: Contact us at [email protected] or via any dedicated rights request form available on cosmikpins.com. Clearly state which right you wish to exercise and provide sufficient information to verify your identity.
  2. Identity verification: We may request additional information or documentation to confirm your identity, particularly for access, portability or erasure requests. This protects your data from unauthorised disclosure.
  3. Response time: We aim to respond within one (1) month of receiving a valid request. Where requests are complex or numerous, this period may be extended by up to two (2) further months; if so, we will inform you of the extension and reasons.
  4. Fees: Requests are handled free of charge. However, where a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act, as permitted by law.

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority as described in the "Complaints & Contacts" section.

Cookies & Tracking Technologies

Types of cookies we use

OBSERVE: Cookies and similar technologies help us provide, protect and enhance the Cosmic Spins experience on cosmikpins.com.

  • Strictly necessary (session) cookies: These are essential for basic site functionality, such as keeping you logged in, maintaining your session, and enabling core security features. They are typically deleted when you close your browser.
  • Persistent functional cookies: These remember your preferences (for example language, region, or cookie choices) and can persist for a longer period on your device.
  • Analytics cookies: First- or third-party cookies that collect aggregated information about how visitors use cosmikpins.com (pages visited, error messages, performance metrics) to help us improve site performance.
  • Advertising and affiliate cookies: Third-party cookies and pixels used, with your consent, to measure the effectiveness of marketing campaigns related to Cosmic Spins and to attribute visits or sign-ups to affiliate partners.

Managing and disabling cookies

  • Cookie banner and settings: On your first visit (and periodically thereafter), our cookie banner will explain non-essential cookies and offer options to accept, reject or customise them. You can update your choices at any time through our cookie settings panel.
  • Browser controls: Most browsers allow you to block or delete cookies via settings. Doing so may affect some functionality (for example, staying logged in or remembering preferences).
  • Do Not Track and similar signals: While industry standards are evolving, we will treat recognised signals as far as technically and legally feasible, in line with our legitimate interests and legal obligations.

You can find more detailed information in any dedicated Cookie Policy linked from the footer of cosmikpins.com.

Data Security

Technical and organisational measures

OBSERVE: Protecting your personal data and the integrity of cosmikpins.com is a core responsibility. We use a combination of technical and organisational safeguards aligned with recognised security standards.

  • Encryption in transit and at rest: Data transmitted between your browser and our servers is protected using TLS 1.2 or higher. Where appropriate, we encrypt stored data or use tokenisation, particularly for payment and authentication-related information.
  • Access controls and authentication: Access to production systems is restricted to authorised personnel following the principle of least privilege, and protected by strong authentication methods, which may include multi-factor authentication.
  • Network and application security: Firewalls, intrusion detection and prevention systems, logging, and monitoring controls are deployed to protect cosmikpins.com and the Cosmic Spins environment against unauthorised access and abuse.

Governance, training and incident response

  • Policies and standards: Internal policies govern information security, data protection, acceptable use and incident management. We aim to align our practices with widely recognised frameworks such as ISO 27001 and SOC 2 where feasible for our scale and risk profile.
  • Staff training: Employees and contractors with access to personal data receive regular training on data protection, confidentiality and security awareness.
  • Incident response: We maintain procedures for identifying, assessing and responding to suspected personal data breaches. Where a breach presents a risk to your rights and freedoms, we will notify the appropriate supervisory authority and, where required, affected individuals in accordance with legal timeframes.

While no system can be guaranteed 100% secure, we continually review and improve our security measures in light of evolving threats and industry best practice.

Complaints & Contacts

Contacting us

OBSERVE: Effective complaint handling and transparent communication are central to responsible operation of cosmikpins.com and the Cosmic Spins experience.

  • Primary contact for privacy: [email protected]
  • DPO contact: [email protected]
  • Postal: Data Protection Officer, Cosmic Spins (cosmikpins.com), postal address as stated in our Terms and Conditions, marked "Data Protection - Confidential".

Internal complaint procedure

  1. Submit your complaint: Email us or use any online feedback or complaint form available on cosmikpins.com, clearly identifying the issue (for example, response to a rights request, marketing communications, or data security concern).
  2. Acknowledgement: We aim to acknowledge receipt of your complaint within five (5) business days.
  3. Investigation and response: We will investigate your complaint and aim to provide a substantive response within one (1) month. Complex issues may require more time; if so, we will keep you informed of progress.

Escalation to supervisory authorities

  • United Kingdom (UK GDPR): If you are located in the UK, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): www.ico.org.uk, telephone +44 303 123 1113.
  • European Union / EEA: If EU GDPR applies to you, you may lodge a complaint with the supervisory authority in your habitual residence, place of work, or place of the alleged infringement.
  • Mexico (LFPDPPP): Where Mexican data protection law applies, you may lodge a complaint with the National Institute for Transparency, Access to Information and Personal Data Protection (INAI): www.inai.org.mx.

We encourage you to contact us first so we can attempt to resolve any concerns directly, but you do not need to do so before contacting a supervisory authority.

Updates

How and why we update this Privacy Notice

OBSERVE: Data protection law and online gambling practices evolve over time. We may update this Privacy Notice to reflect changes in our services, our processing activities, or applicable legal requirements.

  • Versioning and last update: The current version of this Privacy Notice is identified at the top of the page. Last updated: January 2026.
  • Material changes: Where we make significant changes that affect how or why we process your personal data, or your rights, we will take additional steps to inform you.

Notification methods and your choices

  • Email notifications: Where appropriate, we will notify registered users by email at least thirty (30) days before material changes take effect, giving you time to review the new terms.
  • On-site notices: We may display banners, pop-ups or dashboard alerts on cosmikpins.com to draw attention to important changes affecting the Cosmic Spins experience.
  • Right to object or close your account: If you do not agree with the updated Privacy Notice, you may object to certain processing, adjust your privacy settings, withdraw consent where applicable, or close your account. Continued use of cosmikpins.com after changes take effect will generally signify acceptance of the updated Notice.

REFLECT: We recommend that you review this Privacy Notice periodically to stay informed about how we handle your personal data when you use cosmikpins.com and engage with the Cosmic Spins experience.