burger icon
Pub Casino United Kingdom
Log In

Privacy Policy

Effective date: 6 November 2025 (Last updated).

This Privacy Policy explains how Pub Casino on pybcasino.com collects, uses, shares, and protects personal data. A privacy policy is required to meet transparency obligations under the UK GDPR and the Data Protection Act 2018, and to help you understand what happens to your information when you visit our website or use our gambling services.

This Privacy Policy applies to (i) website visitors, (ii) registered players, and (iii) any person who communicates with us about pybcasino.com (for example, customer support queries). Where our processing is connected to regulated gambling activities, we also align our practices with expectations relevant to UK Gambling Commission (UKGC) licensees.

Who We Are

OBSERVE: The brand operating on pybcasino.com is Pub Casino, referenced in the provided data as operated by L&L Europe Ltd, with UK operations governed by a UKGC remote gambling licence.

EXPAND: Under the UK GDPR, we must identify the data controller and provide contact routes for data protection queries. The source data does not include a full registered address, company registration number, or dedicated DPO contact details; therefore, we provide verified regulatory references and a structured method for obtaining or updating missing statutory information.

REFLECT: For UK players using Pub Casino on pybcasino.com:

  • Data Controller / Operator (legal entity): L&L Europe Ltd (operator of the Pub Casino brand, as stated in the provided profile data).
  • UK regulatory record: UK Gambling Commission public register entry: https://gamblingcommission.gov.uk/public-register/business/detail/38758 (Licence number 38758).
  • Legal/registered address: Not specified in the provided source data. (The profile indicates the operator is based in Malta, but does not provide a full postal address.)
  • Company registration number: Not specified in the provided source data.

Data Protection Contact (DPO / Data Protection Department):

  • Email: Not specified in the provided source data.
  • Phone: Not specified in the provided source data.
  • Website: https://pybcasino.com
  • How to reach the correct team if details are missing: Send a written request via the support route available within your pybcasino.com account area (or via any published support channel on the site) and mark it "Data Protection / UK GDPR Request". We will route it internally to the responsible person.

What Personal Data We Collect

OBSERVE: Operating an online casino for UK players requires account creation, identity verification (KYC), anti-money laundering (AML) checks, payments processing, and responsible gambling controls-all of which involve personal data.

EXPAND: UKGC expectations and UK GDPR principles (data minimisation, purpose limitation) require that we collect only what is needed, explain categories clearly, and distinguish between data you provide, data generated by your use, and data received from third parties (e.g., verification providers).

REFLECT: We may collect and process the following categories of personal data in connection with Pub Casino on pybcasino.com:

Data you provide directly

  • Identity data: full name, date of birth, nationality (where required), and other identifiers needed to create/maintain an account and comply with KYC/AML.
  • Contact data: email address, telephone number, postal address (if required for verification, payments, or regulatory obligations).
  • Account credentials: username, password (stored using cryptographic hashing), and security questions/verification factors where enabled.

Verification, compliance, and responsible gambling data

  • KYC/AML data: identification document details, proof-of-address data, age/identity verification results, sanctions/PEP screening results where required by law, and records of checks performed.
  • Affordability/source-of-funds data (where applicable): documents or information you provide to meet regulatory expectations and risk controls.
  • Responsible gambling interactions: self-exclusion status, limit settings, reality check preferences, and contacts related to safer gambling.

Payment and financial data

  • Transaction data: deposits, withdrawals, chargebacks, timestamps, amounts, payment method identifiers, and payment status.
  • Payment instrument data: limited details necessary to process payments and prevent fraud (full card numbers are typically processed by payment providers, not stored by us, depending on the method used).

Technical and usage data

  • Technical data: IP address, device identifiers, operating system, browser type/version, language, and network information.
  • Log data: login events, session data, error reports, security logs, and audit trails.
  • Behavioural data: betting and gaming history, gameplay patterns, clickstream and navigation events, feature usage, and interactions with offers (to provide services, detect fraud, and support responsible gambling).

Cookies and similar technologies

  • Cookie data: identifiers and preferences stored on your device, plus related analytics/advertising identifiers where you consent.
  • Similar technologies: pixels/SDKs or comparable tracking tools, subject to applicable consent requirements under UK PECR.

Legal Basis for Processing

OBSERVE: UK GDPR requires that each processing activity has a lawful basis, and gambling operators have additional legal obligations (KYC/AML, record-keeping, regulatory reporting).

EXPAND: For pybcasino.com, multiple bases may apply simultaneously (e.g., contract for account operation; legal obligation for AML; legitimate interests for security). Consent is generally required for non-essential cookies and certain marketing activities.

REFLECT: We rely on one or more of the following lawful bases under the UK GDPR:

  • Performance of a contract: to register your account, provide casino services, process withdrawals, manage account security, and deliver features you request.
  • Legal obligation: to meet UKGC-related requirements and other applicable laws (including KYC/AML checks, safer gambling controls, prevention of underage gambling, record-keeping, and responding to lawful requests from authorities).
  • Legitimate interests: to protect Pub Casino on pybcasino.com, our players, and the integrity of our services (e.g., fraud detection, cybersecurity monitoring, service improvement, internal reporting), balanced against your rights and expectations.
  • Consent: where required, such as for non-essential cookies and certain direct marketing activities. You can withdraw consent at any time (without affecting processing that occurred before withdrawal).

Purpose of Processing

OBSERVE: The requested scope includes service delivery, improvement, marketing, analytics, and fraud prevention.

EXPAND: For regulated gambling, "service delivery" includes compliance components (verification, safer gambling) that are inseparable from operating an account for UK players.

REFLECT: We use personal data for the following purposes:

  • Providing casino services: account creation, login, gameplay, bonuses/offers administration (where applicable), payments, withdrawals, and customer support.
  • Regulatory and legal compliance: age/identity verification, KYC/AML checks, sanctions screening where required, responsible gambling tools, dispute handling, and regulatory reporting where applicable.
  • Security and fraud prevention: detecting and preventing fraud, account takeover, collusion, bonus abuse, and other prohibited activities; maintaining audit logs.
  • Service improvement and operations: troubleshooting, product development, performance monitoring, internal analytics, and quality assurance.
  • Marketing communications: sending marketing messages (email/SMS/in-account) where permitted by law and/or with your consent and preferences; frequency and content may be personalised where lawful.
  • Analytics: understanding how visitors use pybcasino.com, measuring campaign performance, and improving user experience, subject to cookie/PECR rules.

Disclosure & Sharing

OBSERVE: An online casino ecosystem commonly involves payment processors, KYC/AML vendors, hosting, analytics providers, marketing partners, and regulators.

EXPAND: UK GDPR requires transparency about recipients and categories of recipients, plus contractual controls for processors. For advertising networks and certain affiliate tracking, consent may be required under PECR/UK GDPR depending on the technology used.

REFLECT: We may disclose personal data related to Pub Casino on pybcasino.com to:

  • Payment partners: banks, payment processors, card schemes, and e-wallet providers to process deposits/withdrawals, handle chargebacks, and prevent fraud.
  • Verification and compliance providers: KYC/AML, age/identity verification, PEP/sanctions screening, and fraud-prevention service providers.
  • IT and security service providers: hosting, content delivery networks, identity and access management, security monitoring, and incident response support.
  • Analytics providers: to understand site performance and improve services (use may depend on cookie settings and lawful basis).
  • Affiliates and advertising networks: where you have provided consent (for example, for non-essential tracking) and where legally permitted; we aim to minimise shared data and use pseudonymised identifiers where feasible.
  • Regulators and authorities: including the UK Gambling Commission and other competent authorities where we are legally required to disclose information or where necessary to establish, exercise, or defend legal claims.
  • Professional advisers: auditors, legal counsel, and consultants under confidentiality obligations.

When we use service providers (processors), we require appropriate contractual safeguards (including confidentiality, security measures, and restrictions on further use of the data) consistent with the UK GDPR.

International Transfers

OBSERVE: The profile indicates the operator is Malta-based and also holds an MGA licence (MGA/B2C/211/2011) for non-UK play; UK-facing operations are under UKGC licence 38758. This implies that personal data may be accessed or processed outside the UK depending on corporate and vendor arrangements.

EXPAND: International transfers under UK GDPR require appropriate safeguards. The UK has its own adequacy regulations; where transfers are to non-adequate countries, tools such as the UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs are typically used, plus supplementary measures as needed. "Privacy Shield" is not a UK GDPR transfer mechanism and should not be relied on.

REFLECT: Personal data may be transferred to, stored in, or accessed from locations outside the United Kingdom, including:

  • EEA (including Malta): for operational administration and/or service provider support where applicable.
  • Other countries: where our vendors (e.g., hosting, security, analytics, customer tooling, payment processing) operate global infrastructure.

Where we transfer personal data internationally, we apply appropriate safeguards, which may include:

  • UK adequacy regulations: transfers to countries recognised by the UK as providing an adequate level of protection.
  • Contractual safeguards: the UK IDTA and/or the UK Addendum to the EU Standard Contractual Clauses, as appropriate for the parties and transfer route.
  • Supplementary measures: encryption in transit and at rest, access controls, and vendor due diligence to address transfer risks.

Data Retention

OBSERVE: Gambling and financial compliance obligations require retention of certain records beyond account closure, while UK GDPR requires keeping data no longer than necessary.

EXPAND: Retention should be purpose-based and defensible: KYC/AML, payments, fraud, and dispute records usually require multi-year retention. The prompt requests an example approach (e.g., no more than 5 years after account closure) and deletion criteria, while ensuring UK regulatory needs are met.

REFLECT: We retain personal data for as long as needed for the purposes described in this Privacy Policy, and to meet legal, regulatory, accounting, and reporting requirements. Typical retention periods are:

  • Account and core profile data: retained for the life of your account and typically up to 5 years after account closure, unless a longer period is required by law/regulation or needed to resolve disputes, enforce terms, or prevent fraud.
  • KYC/AML and verification records: typically up to 5 years after account closure (or longer where required by applicable AML/financial crime rules or regulatory directions).
  • Payments and transaction records: typically up to 6 years (to align with accounting/tax and limitation period considerations), or longer where legally required.
  • Responsible gambling and safety records: retained for as long as necessary to comply with safer gambling obligations and to protect customers, which may extend beyond account closure in certain circumstances (e.g., self-exclusion records).
  • Technical logs and security records: generally retained for shorter periods (e.g., 6-24 months), unless required for investigations or legal claims.
  • Marketing preferences and consent records: retained while marketing is active and for a reasonable period afterwards to evidence compliance (e.g., suppression lists to ensure opt-outs are respected).

Deletion / anonymisation criteria: We delete or irreversibly anonymise personal data when (i) the relevant retention period expires, (ii) the processing purpose no longer applies, and (iii) there is no overriding legal or regulatory reason to keep the data. Where you request erasure, we will assess the request against legal obligations (e.g., AML and regulatory record-keeping) and may retain only what is strictly necessary to comply with those obligations.

Your Rights

OBSERVE: UK GDPR provides a defined set of data subject rights and requires clear instructions, timelines (typically one month), and that rights are generally free of charge. The prompt also requests "Mexican privacy law alignment" and references to Mexican regulations, even though the service is UK-focused; this creates a cross-jurisdictional transparency need.

EXPAND: For UK users, the UK GDPR controls. For individuals in Mexico (if any access occurs), the relevant framework is Mexico's Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP) and its regulations, with ARCO rights. A compliant approach is to (i) fully explain UK GDPR rights, (ii) additionally recognise ARCO-style rights as an alignment commitment, and (iii) clarify that processing for UK gambling services may be restricted (e.g., IP blocking/KYC) but rights requests will still be handled.

REFLECT: Subject to applicable law and certain exemptions, you have the following rights:

UK GDPR rights (UK visitors and UK players)

  • Right of access: obtain confirmation of processing and a copy of your personal data.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure: request deletion of personal data where there is no lawful basis to continue processing (note: we may need to retain certain data for AML/UKGC and other legal obligations).
  • Right to restrict processing: request we limit processing in specific circumstances.
  • Right to object: object to processing based on legitimate interests and to direct marketing at any time.
  • Right to data portability: receive certain data in a structured, commonly used, machine-readable format and/or have it transmitted to another controller where technically feasible.
  • Right to withdraw consent: where processing is based on consent (e.g., certain cookies or marketing), you can withdraw it at any time.

Mexican privacy law alignment (ARCO rights reference)

  • ARCO rights: where applicable, individuals may request Access, Rectification, Cancellation (deletion), and Opposition under Mexico's LFPDPPP and its regulations.
  • How we align: Even though Pub Casino on pybcasino.com is UK-focused and may restrict non-UK access, we aim to handle rights requests using equivalent safeguards and timeframes, subject to legal constraints.

How to exercise your rights (procedure, timeframes, cost)

  1. Submit a request: use the support route available on pybcasino.com and clearly state "Data Protection Request". Include: your username, the email used for your account, the right you want to exercise, and details to help us locate the data.
  2. Verify your identity: to protect your account, we may request additional information before acting on the request.
  3. Response timeframe: we aim to respond within 30 days (one month). If a request is complex or numerous, we may extend the timeframe as permitted by law and will explain why.
  4. Fees: requests are generally handled free of charge. We may charge a reasonable fee or refuse requests that are manifestly unfounded or excessive, as allowed by law.
  5. Marketing opt-out: you can opt out of direct marketing at any time via unsubscribe links (where provided) and/or your account settings (where available). Opt-out is not the same as account closure.

Cookies & Tracking Technologies

OBSERVE: Cookies are used for essential site functionality, security, performance analytics, and potentially advertising/affiliate attribution. In the UK, non-essential cookies typically require consent under PECR alongside UK GDPR standards.

EXPAND: A compliant policy must describe cookie categories, whether first/third party, duration (session/persistent), and control mechanisms (banner/preferences, browser settings). It should also explain that disabling some cookies can affect site functionality (e.g., login, fraud protection).

REFLECT: pybcasino.com may use cookies and similar technologies as follows:

Types of cookies we use

  • Session cookies: temporary cookies that expire when you close your browser; used for navigation, session management, and security.
  • Persistent cookies: remain on your device for a set period; used for preferences and remembering settings.
  • First-party cookies: set by pybcasino.com.
  • Third-party cookies: set by service providers (e.g., analytics, performance, advertising/affiliate partners) where enabled.

Cookie purposes

  • Strictly necessary / functional: enable core site features such as authentication, account security, load balancing, and fraud prevention.
  • Preferences: remember choices (e.g., language, region) where applicable.
  • Analytics / performance: measure site usage and performance to improve services (generally requires consent where analytics cookies are non-essential).
  • Advertising / affiliate attribution: measure marketing effectiveness and attribute referrals; used only where legally permitted and, where required, with your consent.

How to manage cookies

  • Cookie banner / preferences tool: if available on pybcasino.com, you can accept, reject, or customise non-essential cookies.
  • Browser controls: you can block or delete cookies using your browser settings. Note that blocking strictly necessary cookies may prevent login or disrupt core functionality.
  • Device controls: where tracking occurs via device-level identifiers (e.g., mobile), you may be able to control this in your device settings, depending on the platform.

Data Security

OBSERVE: The service processes high-risk data categories in context (financial transactions, identity verification, behavioural gambling data). UK GDPR requires "appropriate technical and organisational measures," and UKGC expectations heighten the need for strong security governance.

EXPAND: A defensible policy should specify baseline controls: encryption, access control, MFA, audit trails, vendor governance, staff training, and incident response. References to standards (ISO 27001, SOC 2) should be framed "where applicable" to avoid implying certification that is not provided in the source data.

REFLECT: We implement technical and organisational safeguards designed to protect personal data processed for Pub Casino on pybcasino.com, including:

  • Encryption in transit: use of TLS 1.2+ for data transmitted between your device and our services.
  • Encryption at rest: appropriate encryption and key management for stored data where feasible and proportionate to risk.
  • Access controls: role-based access, least-privilege principles, and logging/monitoring of administrative access.
  • Account protection: support for multi-factor authentication (MFA) where available, plus controls to detect suspicious logins and prevent account takeover.
  • Security testing and audits: regular vulnerability management, patching, and security reviews; where applicable, we align controls with recognised security frameworks (e.g., ISO/IEC 27001 or SOC 2-type control domains) without implying formal certification unless explicitly stated.
  • Staff training: security and privacy awareness training for personnel with access to personal data.
  • Incident response: documented procedures for detecting, responding to, and recovering from security incidents; where required, we notify relevant authorities and affected individuals in line with UK GDPR requirements.

No method of transmission or storage is 100% secure. You are responsible for keeping your login credentials confidential and for using a secure device/network when accessing pybcasino.com.

Complaints & Contacts

OBSERVE: Users must have accessible complaint channels and escalation to supervisory authorities. The prompt requires DPO contact details (email/phone), online forms, postal address, and escalation contacts for Mexican, EU, and other authorities. However, source data does not provide direct DPO email/phone, a postal address, or a contact form URL.

EXPAND: To remain accurate and non-misleading, we must: (i) provide the channels we can substantiate (website and regulatory register), (ii) provide a clear internal complaint procedure with timelines, and (iii) provide supervisory authority escalation options with direct contact information that is generally applicable (UK ICO) and, as requested, Mexico's INAI and EU authority guidance via the EDPB list, noting jurisdiction applicability.

REFLECT: If you have questions, concerns, or complaints about this Privacy Policy or our processing of your personal data for Pub Casino on pybcasino.com, you can use the following channels:

Contact channels

  • Data Protection / DPO email: Not specified in the provided source data.
  • Data Protection phone: Not specified in the provided source data.
  • Online contact route: pybcasino.com account area/support route (exact URL not specified in the source data).
  • Postal address: Not specified in the provided source data. (See UKGC register entry for regulatory record reference: UKGC business register.)

Complaint handling procedure (our steps and timeframes)

  1. Step 1 - Submit your complaint: contact us via the available support route on pybcasino.com and label the message "Privacy Complaint". Include your account identifier and a clear description of the issue.
  2. Step 2 - Acknowledgement: we aim to acknowledge receipt within 7 days.
  3. Step 3 - Investigation: we review relevant logs, account records, vendor records (where applicable), and compliance obligations.
  4. Step 4 - Response: we aim to provide a substantive response within 30 days. If more time is needed due to complexity, we will explain the reasons and expected timeframe.
  5. Step 5 - Escalation: if you remain dissatisfied, you may escalate to the applicable supervisory authority (details below).

Escalation to supervisory authorities

  • United Kingdom (ICO): Information Commissioner's Office
    Website: https://ico.org.uk/make-a-complaint/
    Phone: +44 (0)303 123 1113
    Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK
  • Mexico (INAI): Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales
    Website: https://www.inai.org.mx/
  • EU/EEA supervisory authorities (where applicable): you may contact your local authority. A list is available via the European Data Protection Board (EDPB):
    Website: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Updates

OBSERVE: The policy must explain how users are notified of changes, include version timing ("Last updated: "), a changelog of material changes, a minimum 30-day advance notice for significant changes, and user options to object or close accounts.

EXPAND: For regulated gambling, material privacy changes can affect consent, marketing preferences, and data sharing with vendors; clear notice and record-keeping are important. Where direct email addresses are not specified, we can still commit to in-account and website notices, plus email where we have the user's registered email.

REFLECT:

Last updated: November 2025

How we will notify you

  • Email notice: where we have your registered email address on file, we may notify you of material privacy changes by email.
  • Website notice: we may display a banner or prominent notice on pybcasino.com.
  • Account dashboard notice: for registered players, we may show an in-account message or alert.

Advance notice and your options

  • Significant changes: for material updates that reduce your privacy protections or introduce new high-impact processing, we will aim to provide at least 30 days' advance notice before the change takes effect, unless a faster change is required to meet a legal or security requirement.
  • Your options: you may (i) adjust cookie/marketing preferences where available, (ii) object to certain processing where the right applies, and/or (iii) close your account where you do not agree with the updated terms, subject to any legal/regulatory retention obligations explained above.

Changelog of material changes

  • November 2025: Initial publication for Pub Casino on pybcasino.com; added detailed transfer safeguards (UK IDTA/UK Addendum), expanded security measures overview, and included supervisory authority escalation contacts (UK ICO and Mexico INAI) as cross-jurisdictional reference.