Privacy at FatPirate casino — Your Data in Plain English

Who’s in Charge of Your Data

The casino itself — FatPirate casino, run by GMBL Tech N.V. under the Costa Rica framework — is the controller of your account data. The FatPirate Casino is an independent editorial site and doesn’t handle your account-level records: as soon as you click through an affiliate link and land on the FatPirate cashier, the controller relationship is with the casino and its own privacy notice kicks in. What follows is a plain-English read of what FatPirate publishes for British players, decoded the way we’d want it explained ourselves.

What You Give Us

Here’s how you handle your data when you open an account at FatPirate — you hand the brand four buckets of information, and each one has a clear purpose. First, your account details: name, date of birth, UK residential address, email, password. That’s your anchor identity — nothing works without it. Second, your KYC documents: passport or driving licence plus a utility bill as proof of address, asked for at the latest before your first withdrawal. Third, your transaction data: every deposit and withdrawal, your card tokens, MiFinity references and crypto wallet addresses. Fourth, your behavioural data: what you play, how long, how much, from which device.

If you’re wondering why all this gets stored — there are three very different reasons, and it pays to keep them apart. Compliance: the biggest block. KYC, age verification and sanctions-list screening aren’t a matter of taste, they’re UK Money Laundering Regulations duty. FatPirate casino couldn’t open you an account without verifying who you are. Fraud protection: the second-biggest. The brand checks whether someone’s claiming the same welcome bonus across two accounts — device fingerprinting and wallet cross-checks are the usual tools. Marketing and player protection: the third pillar. Reload codes, cashback calculation and the responsible-gambling triggers that notice when your stake suddenly jumps out of pattern. That third pillar only fires if you say yes in the cookie banner — and you can pull consent back any time.

How long does the lot stick around? This is where players get caught out: KYC documents and transaction records sit in the archive for five to ten years after you close the account, which is industry-standard. That isn’t FatPirate being clingy — that’s the Money Laundering Regulations, and every regulated brand handles it the same way. Behavioural and marketing data without an AML hook drops off much sooner; the exact periods live in the full privacy notice inside your dashboard. So if you close your FatPirate casino account expecting everything to vanish — almost everything goes, but the KYC trail stays frozen until the mandatory window expires. With a 13,500-strong slot library running through the cashier, the transaction log alone is a thick file by the time you leave.

Why We Hold It

UK GDPR asks every controller to point at a legal reason for each thing they process, and FatPirate’s answers fall into four neat boxes. Running your account, taking your deposits and paying out your withdrawals is contractual necessity (Art. 6(1)(b)). KYC, age verification and AML monitoring are legal obligation (Art. 6(1)(c)). Fraud screening and aggregated stats are legitimate interest (Art. 6(1)(f)). Marketing emails, non-essential cookies and profiling beyond the basics are consent (Art. 6(1)(a)), which means you can switch them on and off and FatPirate has to honour that choice immediately.

Cookies & Analytics

Three kinds of cookies hit you when you open FatPirate, and it’s worth telling them apart. Strictly necessary cookies are the ones without which nothing works: your session, your login state, your cashier in-flight state. You can’t switch them off, but you wouldn’t want to — you wouldn’t even load a single slot without them. Analytics cookies measure which games are popular, how fast pages load and where lobby visitors stall. Aggregate numbers, no personal profiles. Marketing cookies are the ones that can follow you around: affiliate attribution, personalised reload codes, retargeting on partner networks.

The last two only run if you say yes. On first visit you see the cookie banner — what you click decides what happens. You can pick categories one by one, you can decline the lot, and you can change your mind whenever you like. Nothing is pre-ticked at FatPirate — that would be unlawful under UK GDPR and PECR anyway. Analytics cookies usually last twelve months, marketing cookies up to thirteen, then the banner asks you again.

Who Else Sees It

If you’re asking who else apart from FatPirate ever gets to see your data — here’s the honest list. Regulators get KYC and transaction extracts on a lawful request: the Costa Rica framework in routine operation, the ICO and UK authorities on order. Payment processors get exactly what they need to move the money: Visa and Mastercard acquirers your card number in token form, MiFinity and Revolut your wallet reference, SEPA-rail banks your IBAN, blockchain nodes your crypto address. KYC vendors machine-check your ID against your address — that’s a service provider too, not a FatPirate staffer personally squinting at your passport. Responsible-gambling monitoring watches your stake pattern against pre-set thresholds without seeing your name in clear text.

What doesn’t happen: your data is not sold to ad networks, data brokers or other online casinos. Affiliate partners and ad networks get anonymous click and conversion signals, nothing more. If your data has to cross into a country outside the UK or EEA (a hosting node, an international payment processor), FatPirate uses Standard Contractual Clauses with the UK Addendum plus technical safeguards — that’s UK requirement and applies even though the casino itself sits on a Costa Rica licence, as long as it serves British players.

Your UK GDPR Rights

UK GDPR hands you eight real tools against anyone processing your data — and yes, that includes FatPirate casino, even though it runs offshore, because you’re accessing it from the UK. Here’s how you use them:

• Access (Art. 15): you ask, FatPirate answers — a list of every record on file plus purposes and recipients. Free of charge. Response within thirty days.
• Rectification (Art. 16): wrong address? Typo in your name? Fix it in the dashboard, with a fresh KYC proof if you’ve moved.
• Erasure (Art. 17): kicks in once the AML window has run. Before that, your file is restricted, not deleted — wiped once the law allows.
• Restriction (Art. 18): tell FatPirate to freeze processing, and it’ll keep storage but stop the rest. Handy during an open bonus or KYC dispute.
• Portability (Art. 20): you want to take your data with you? FatPirate hands it over machine-readable (JSON or CSV) — everything you uploaded or typed in.
• Object (Art. 21): done with reload emails and personalised ads? One click, effective immediately, your account keeps working.
• Withdraw consent (Art. 7(3)): said yes to cookies or marketing and now thinking «actually, no»? Banner footer, done.
• Complain (Art. 77): you can take a complaint straight to the ICO without contacting FatPirate first.
• No solo-bot decisions (Art. 22): if an automated system flags something significant on your account, a human signs off before the decision lands.

Practical tip: always write from the email address you registered — FatPirate has to verify it’s really you before anything goes out, and matching your account email is the fastest way through that check.

Cookie Consent & Opt-out

You’ve got three equally good switches when you want to change your cookie position. First: at the bottom of every page there’s a permanent «Cookie preferences» link — it reopens the banner and you flip each category individually. Second: your browser. Chrome, Safari, Firefox, Edge — all of them let you block cookies globally or per domain. Third: every FatPirate marketing email carries an unsubscribe link at the bottom that takes you off the list with no questions asked, as the Privacy and Electronic Communications Regulations require.

Important point for you: turning off analytics and marketing cookies doesn’t break FatPirate — all 13,500 slots, the cashier, live chat, the lot stays reachable. You just lose the personalised reload suggestions.

Security & Retention

Behind the scenes, FatPirate runs HTTPS with HSTS and a strict content security policy, which is the table-stakes part. Payment details are tokenised at the acquirer rather than stored in clear at the casino, KYC documents sit in encrypted storage with tight access, and server logs roll off within thirty days. The five-to-ten-year AML window applies to your KYC and transaction layers; behavioural data drops off faster; consent records hang around as evidence as long as the law expects them to. None of this is unique to FatPirate — it’s the standard shape of a regulated iGaming back office — but it’s worth knowing the gist.

Contact & ICO Complaints

Here’s how you reach out when you want to know, change or remove something on your data: write to the FatPirate casino Data Protection Officer at [email protected]. Pack «UK GDPR request» into the subject line plus a keyword like «access», «erasure» or «objection» — that helps the team route your message quickly. Send from the email you registered, and the identity check won’t need to drag you through KYC twice. Response time: up to thirty days by statute, usually noticeably faster in practice at FatPirate.

If you’re unhappy with what comes back, you can complain straight to the UK’s privacy authority — the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, online at ico.org.uk, helpline 0303 123 1113. You don’t have to clear anything with FatPirate first; the ICO takes complaints directly and at no cost. This FatPirate Casino page is a short-form, not a replacement for the official document. The full privacy notice for FatPirate casino lives in your account and is the legally binding source — if anything here sounds simplified, that’s because it is. For every detail, that’s where you look.