Privacy Policy

This Privacy Policy explains how the online gambling service profile "Vavada", as presented on the website vovada-uk.com (the "Website"), collects, uses, stores and shares your personal data. It applies to visitors to the Website, registered players, and any person who contacts us through our support channels, regardless of whether they complete registration or place bets. This Privacy Policy is effective from 6 November 2025 and was last substantively reviewed and updated in January 2026. By using the Website or creating an account, you acknowledge that your personal data will be processed as described here, subject to applicable data protection laws, including the UK GDPR and related regulations.

Who We Are

OBSERVE: For the Vavada profile on vovada-uk.com, the gambling service is operated offshore and is not licensed by the UK Gambling Commission (UKGC).

EXPAND: From a data protection perspective, the main entities involved in processing your personal data are:

Data controller: Vavada B.V., a private limited company (B.V.) incorporated in Curaçao, operating the Vavada brand under sub-license number 8048/JAZ2017-035 issued by Antillephone N.V. (Curaçao). The registered office and registration number are held in the Curaçao commercial register and may be updated from time to time; up-to-date information is available via the official license validator link referenced on vovada-uk.com.
Payment processor and certain service provider: Morcodia Ltd, a limited company (Ltd) incorporated in Cyprus that provides payment processing and related services on behalf of Vavada B.V.

REFLECT: For users in the UK and other regions, Vavada B.V. determines the purposes and means of processing personal data related to the Vavada profile and therefore acts as the data controller. Morcodia Ltd and other technical and payment partners generally act as data processors or joint controllers for specific operations.

Contact For Privacy Matters (DPO / Data Protection Team)

Primary contact channel: Please contact us through the support tools on vovada-uk.com (for example, the 24/7 Live Chat or the available contact/feedback forms) clearly stating that your message concerns a "privacy" or "data protection" request.
Data Protection Officer / Data Protection Team: Your message will be routed to our designated Data Protection Officer (DPO) or data protection team at Vavada B.V. using these channels.
Email / phone: A specific DPO email address or phone number is not publicly specified in the current corporate data. When such details are officially published, they will be added to this section and to the Website.
Regulator-related information: For gambling-licence matters, our Curaçao license status may be checked via the Antillephone N.V. validator (for example, via a link such as validator.antillephone.com). However, this is not a data protection authority and does not replace your rights to contact privacy regulators described below.

Regional compliance note: The Website targets users, including those located in the UK, but the service is offered under an offshore Curaçao licence that the UKGC does not recognise. UK players therefore use the service as customers of an offshore operator, and local UK gambling protections do not apply, although UK data protection rules (UK GDPR, Data Protection Act 2018) remain relevant to our handling of personal data.

What Personal Data We Collect

OBSERVE: We collect personal, technical, financial, behavioural and communication data that you provide or that we generate when you interact with Vavada on vovada-uk.com.

Identification And Contact Data

Account and profile data: Full name, date of birth, country of residence, address, username, password, preferred language, and other account settings.
Contact details: E-mail address, phone number, and other contact channels you choose to share (for example, Skype details) for support and verification.
KYC/AML documents: Copies or images of identity documents (e.g. passport, ID card, driving licence), proof of address, payment ownership documents and any other verification materials required to comply with anti-money laundering (AML) and "know your customer" (KYC) obligations.

Technical And Usage Data

Technical identifiers: IP address, device identifiers, browser type and version, operating system, time zone, approximate location derived from IP, and similar technical data.
Log and security data: Login times, failed login attempts, session timestamps, changes to security settings, and technical data generated by our security and anti-fraud systems.

Payment And Transaction Data

Payment data: Limited card or account data as permitted (for instance, masked card numbers), payment method type, payment provider, transaction identifiers and status.
Financial history: Deposits, withdrawals, chargebacks, bonuses credited or forfeited, and other financial interactions with your account. Sensitive payment data is typically processed by Morcodia Ltd and/or other authorised payment processors.

Behavioural, Preference And Communication Data

Gaming and betting data: Game sessions, bets placed, wins and losses, bonus usage, game preferences, bet limits, self-exclusion or cooling-off choices, and responsible gambling settings.
Interaction data: Clickstream data, navigation paths, response to in-game and on-site messages, marketing interactions and campaign performance.
Communication records: Content of live chat, email and other support conversations, including any information you choose to disclose about your circumstances (for example, reasons for self-exclusion or complaints).

Cookies And Similar Technologies

Cookies: Small text files placed on your device to remember your preferences, keep you logged in and understand how you use the Website.
Similar technologies: Web beacons, pixels, SDKs, affiliate tracking IDs and server-side tracking tools used for analytics, fraud prevention, technical diagnostics, and marketing where permitted by law.

REFLECT: We seek to minimise data collection to what is necessary for offering and securing the Vavada service on vovada-uk.com, while meeting our legal obligations and improving user experience.

Legal Basis For Processing

OBSERVE: Because we serve users located in the UK and other jurisdictions, we rely on several legal grounds under the UK GDPR/EU GDPR and comparable frameworks (including Mexican privacy law where applicable).

Contractual Necessity

Account creation and operation: We process your identification, contact, technical and behavioural data to create and manage your account, allow you to play games, apply promotions, and record your bets and winnings.
Payments and payouts: We process payment and transaction data to handle deposits, withdrawals and refunds via Morcodia Ltd and other payment partners.

Compliance With Legal Obligations

KYC/AML and responsible gambling: We process identification, transaction and behavioural data to comply with AML, counter-terrorist financing, fraud prevention and responsible gambling rules under Curaçao, EU/UK and other applicable laws.
Accounting and tax: We retain transaction and financial records to comply with tax, accounting and reporting obligations.

Legitimate Interests

Service security and integrity: We use technical, usage and behavioural data to prevent fraud, abuse and security breaches, to detect multiple or fake accounts, and to protect both players and our systems.
Service optimisation: We perform analytics and statistics, test new features, and personalise content to improve the Website and the Vavada experience, while applying privacy safeguards.
Defence of legal claims: We may process relevant data where necessary to establish, exercise or defend legal claims in any jurisdiction.

Consent

Marketing communications: We send email or other direct marketing only where you have given consent or where local law permits soft opt-in. You may withdraw your consent at any time.
Non-essential cookies and tracking: We place analytics, advertising or personalisation cookies on your device only with your consent through our cookie banner or settings, except where strictly necessary for the service.
Special categories of data: If, in rare cases, we process information that could reveal sensitive data (for example, information you share with support about health or gambling harm), we rely on your explicit consent or another applicable legal ground, combined with strong safeguards.

Mexican privacy law alignment: When we process personal data of individuals located in Mexico, we apply principles and legal bases consistent with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), including legality, consent, information, proportionality and responsibility.

Purpose Of Processing

OBSERVE: We use personal data to operate, secure and improve Vavada on vovada-uk.com, and to meet our regulatory duties.

Provision Of Gambling Services

Account management: Opening, maintaining and closing accounts; applying account settings; handling identity verification and eligibility checks.
Games and bets: Enabling you to deposit funds, place bets, join tournaments, receive bonuses, track game history and view account statements.
Customer support: Providing assistance via live chat, email, Skype or other channels, resolving technical issues and explaining game rules or terms.

Regulatory, Security And Anti-Fraud Purposes

KYC/AML monitoring: Analysing transactions, device data and behavioural patterns to detect suspicious activity and to comply with legal reporting requirements in Curaçao and other relevant jurisdictions.
Responsible gambling: Using behavioural data (such as session length, bet size trends, self-exclusion requests) to evaluate potential gambling harm and implement tools like deposit limits, cool-offs and exclusions.
Security and abuse prevention: Protecting accounts from unauthorised access, preventing bonus abuse and payment fraud, and maintaining platform integrity.

Service Improvement, Analytics And Marketing

Analytics: Aggregating and anonymising usage data to understand how features are used, which games are popular, and how to improve performance and usability.
Personalisation: Customising content, recommendations and promotional offers based on your activities and preferences, subject to your marketing and cookie settings.
Marketing and affiliates: Measuring the effectiveness of campaigns and affiliate links, and sending you relevant offers where allowed by your consent and local law.

REFLECT: We aim to ensure that each purpose is transparent, compatible with your reasonable expectations and supported by an appropriate legal basis. Where purposes change, we will inform you and, where required, seek renewed consent.

Disclosure & Sharing

OBSERVE: We share personal data only where necessary for the purposes described above, subject to contractual and legal safeguards.

Service Providers And Business Partners

Payment processors: Morcodia Ltd and other payment service providers that process deposits, withdrawals and fraud checks on our behalf. These partners receive payment and transaction data and may see limited identification data as required for KYC/AML.
IT and hosting providers: Companies that host our servers, provide cloud infrastructure, security monitoring, email delivery and similar technical services.
Gaming and platform providers: Game studios and platform vendors that provide casino content and may receive pseudonymised identifiers and game activity to enable game sessions and resolve technical issues.

Analytics, Advertising And Affiliates

Analytics providers: Third-party analytics tools may receive cookie identifiers, device data and aggregated usage information to help us understand performance and user behaviour.
Advertising networks and affiliates: Where you consent to marketing cookies, we may share limited pseudonymised data with advertising partners and affiliate networks to attribute visits, optimise campaigns and avoid showing irrelevant ads.

Regulators, Authorities And Dispute Bodies

Gambling regulators and related bodies: We may share necessary information with Antillephone N.V. (our Curaçao licensing authority) or its appointed dispute channels, such as the complaints portal at certria.com/complaints, when handling regulatory investigations or disputes.
Law enforcement and authorities: Personal data may be disclosed where required by law or strictly necessary to protect our rights, your safety or the rights of others.
Data protection regulators: In the context of privacy complaints, we may correspond with and share relevant information with data protection authorities, such as the UK Information Commissioner's Office (ICO) or other competent regulators.

Corporate Transactions And Other Disclosures

Corporate restructuring: In the event of a merger, acquisition, reorganisation or asset transfer involving Vavada B.V. or Morcodia Ltd, your personal data may be transferred to the relevant third party subject to confidentiality and data protection safeguards.
Aggregated and anonymised data: We may share statistical or anonymised data that does not identify you, for example to describe market trends or game performance.

REFLECT: We require recipients that process personal data on our behalf to follow written data protection agreements and to implement security measures that are at least equivalent to those we apply.

International Transfers

OBSERVE: Vavada on vovada-uk.com is operated by entities located outside the UK and European Economic Area (EEA), which means your data may be transferred internationally.

Where Your Data May Be Processed

Curaçao: Core gambling operations and certain back-office activities are managed by Vavada B.V. in Curaçao.
Cyprus: Payment processing and related services are provided by Morcodia Ltd in Cyprus.
Other locations: Some technical or support providers may operate from or store data in other countries, including outside the UK/EEA, depending on their infrastructure.

Safeguards For International Transfers

Legal mechanisms: For transfers from the UK/EEA to countries without an adequacy decision, we seek to rely on appropriate safeguards such as the UK/EU Standard Contractual Clauses (SCCs) and comparable contractual protections.
Additional measures: We apply technical and organisational measures (encryption, access controls, minimisation) to reduce risks associated with cross-border transfers.
Contractual obligations: Service providers must process data only on documented instructions and must not use it for their own unrelated purposes.

REFLECT: While we take reasonable steps to protect your personal data when it is transferred internationally, some jurisdictions may provide different levels of data protection than the UK or EU. By using the service, you understand that your data will be processed in these locations under the safeguards described.

Data Retention

OBSERVE: We keep your personal data only for as long as necessary to fulfil the purposes set out in this Privacy Policy, and to comply with legal, accounting and regulatory requirements.

Typical Retention Periods

Account and identification data: Generally retained for the duration of your active account and for up to 5 years after account closure, to meet KYC/AML and regulatory record-keeping obligations.
Transaction and financial records: Retained for up to 7 years after the end of the relevant financial year, to comply with accounting and tax requirements.
Game and betting history: Maintained for the life of the account and normally up to 5 years after closure, for regulatory audit and dispute resolution.
Customer support communications: Stored for up to 3 years after the last interaction, unless a longer period is needed in connection with a dispute or legal requirement.
Marketing data: Kept while you remain subscribed and for up to 2 years after you last interact with our marketing, or until you withdraw consent or object.
Technical logs: Security and system logs are generally retained for 12 - 24 months, unless a longer period is needed for security investigations.

Deletion And Anonymisation Criteria

End of purpose: When data is no longer required for the purpose for which it was collected, and no legal retention obligation applies, we delete or irreversibly anonymise it.
User request: Where you exercise your rights to erasure or cancellation (subject to legal exemptions), we remove or anonymise your data as far as legally possible.
Ongoing disputes: If there is an ongoing dispute, investigation or legal claim, relevant data may be retained until the matter is resolved and applicable limitation periods expire.

REFLECT: Retention periods may vary according to jurisdiction and regulatory expectations. We periodically review the data we hold and apply our internal retention schedules to reduce unnecessary storage.

Your Rights

OBSERVE: As a user of Vavada on vovada-uk.com, you benefit from data protection rights under the UK GDPR or EU GDPR (where applicable), and we align our practices with Mexican privacy law standards for relevant users.

Rights Under UK/EU Data Protection Law

Right of access: You can request confirmation whether we process your personal data and obtain a copy of that data, together with information about how we use it.
Right to rectification: You can ask us to correct inaccurate or incomplete personal data, for example by updating your contact details or address.
Right to erasure: You may request deletion of your personal data where it is no longer necessary, you withdraw consent (where processing is based on consent), or you object and there is no overriding legitimate interest. We may retain data where required by law (e.g. AML obligations).
Right to restriction: You may ask us to restrict processing (for example, while we verify accuracy or assess an objection), during which time we will store but not otherwise use your data except for limited reasons.
Right to object: You can object at any time to processing based on legitimate interests, including profiling for security or marketing, and we will stop unless we have compelling legitimate grounds or need the data for legal claims. You can always object to direct marketing.
Right to data portability: For certain data you provided to us, and which we process by automated means based on consent or contract, you may request it in a structured, commonly used, machine-readable format and ask us to transfer it to another provider where technically feasible.
Rights related to automated decisions: If we make decisions based solely on automated processing that produce legal or similarly significant effects (for example, certain fraud or risk decisions), you have the right to obtain human review, express your point of view and contest the decision.

Alignment With Mexican Privacy Law (LFPDPPP)

ARCO rights: For individuals within Mexico, we aim to respect ARCO rights (Access, Rectification, Cancellation, Opposition). These correspond closely to the access, rectification, erasure/cancellation and objection rights described above.
Consent and revocation: Where Mexican law requires consent for processing, you may revoke your consent through the same channels used to exercise your rights, subject to legal or contractual limitations.

How To Exercise Your Rights

Submit a request: Contact us through the support channels on vovada-uk.com (such as Live Chat or the available contact form) and clearly indicate that your request concerns privacy or data protection (for example, "GDPR access request" or "ARCO rectification request").
Verify your identity: For your security, we may ask you to confirm certain account or identity details before acting on your request.
Response timeframe: We aim to respond to your request within 30 days of receipt. In complex cases or where legally allowed, this period may be extended, and we will inform you of any extension and reasons.
Cost: We generally handle requests free of charge. If requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act, as permitted by law.

REFLECT: Some rights are subject to legal restrictions (for example, AML retention duties). Where we cannot fully comply with your request, we will explain the reasons and inform you of your options, including the right to lodge a complaint with a supervisory authority.

Cookies & Tracking Technologies

OBSERVE: We use cookies and similar technologies to provide, secure and improve the Vavada experience on vovada-uk.com.

Types Of Cookies

Strictly necessary (session) cookies: Essential for the Website to function, for example to keep you logged in, process bets and maintain security. These are usually session-based and are deleted when you close your browser.
Functional (persistent) cookies: Remember your preferences (language, region, saved settings) and may remain on your device for a defined period.
Analytics cookies: Help us understand how visitors use the Website, which pages are most popular and where errors occur, so we can improve performance and usability.
Advertising and affiliate cookies: Used (where permitted) to track the effectiveness of marketing campaigns and affiliate links, and to avoid showing you irrelevant or repetitive advertisements.

Managing Cookies

Consent management: On your first visit, and periodically thereafter, we present cookie information and ask you to choose which non-essential cookies you accept.
Browser settings: Most browsers allow you to block or delete cookies. Doing so may impact certain functionalities, including login persistence and game performance.
Opt-out: You can change your cookie preferences at any time via the options provided on vovada-uk.com or through your browser settings.

REFLECT: Non-essential cookies are used only where legally permitted and in accordance with your choices. We periodically review our use of third-party cookies, trackers and SDKs to ensure proportionality and compliance.

Data Security

OBSERVE: We implement technical and organisational measures to protect personal data processed through Vavada on vovada-uk.com against unauthorised access, loss, misuse or alteration.

Technical Security Measures

Encryption in transit: Data exchanged between your browser and our systems is protected with TLS 1.2+ or equivalent encryption protocols, helping to prevent interception.
Encryption at rest: Where appropriate, we encrypt databases, backups and other storage media that contain personal or financial data.
Access controls: Access to production systems and personal data is restricted to authorised personnel based on role and necessity, using strong authentication, separate credentials and logging.
Network and application security: We employ firewalls, intrusion detection and prevention systems, segregation of environments and regular patching and hardening practices.

Organisational Measures And Standards

Staff training: Employees involved in handling personal data receive training on data protection, confidentiality and security procedures relevant to online gambling operations.
Vendor management: We select service providers that demonstrate appropriate security standards, and where feasible we prefer partners aligning with internationally recognised frameworks such as ISO 27001 or SOC 2, especially for hosting and payment processing.
Incident response: We maintain processes to detect, investigate and respond to potential security incidents. Where a data breach poses a risk to your rights and freedoms, we will notify relevant authorities and, when required, affected users, in accordance with applicable law.

REFLECT: No system can be completely secure, but we continuously review and enhance our security controls in light of evolving threats, regulatory expectations and industry best practices. You can help protect your account by using strong passwords, keeping credentials confidential and enabling any additional security features offered.

Complaints & Contacts

OBSERVE: You have the right to raise questions or complaints about how Vavada and vovada-uk.com handle your personal data.

Contacting Us First

Initial enquiry: Contact our support team via Live Chat or any contact/feedback forms available on vovada-uk.com, indicating that your issue concerns privacy or data protection.
Escalation to DPO: If your concern is not resolved at first level, request that your case be escalated to our Data Protection Officer or data protection team at Vavada B.V.
Timeframe: We aim to acknowledge receipt of privacy complaints within a reasonable time and to provide a substantive response within 30 days, subject to applicable law.

Supervisory Authorities

UK residents: If you are in the UK, you may lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been infringed. Information on how to contact the ICO (including online forms and helpline details) is available at www.ico.org.uk.
EU/EEA residents: You may contact your local data protection authority in the EU/EEA, for example via the contact details listed on the European Data Protection Board's website.
Mexican residents: Where Mexican privacy law applies, you may file a complaint with the National Institute for Transparency, Access to Information and Personal Data Protection (INAI) via the contact details and procedures published on its official website.

Gambling-Regulator Complaints (Licence Context)

Curaçao gambling licence: Vavada B.V. operates under Curaçao sub-license 8048/JAZ2017-035 issued by Antillephone N.V. Licence-related complaints can be submitted via the Antillephone complaints portal (for example, certria.com/complaints).
UK context notice: The UK Gambling Commission (UKGC) does not recognise this offshore licence, and disputes cannot generally be escalated to UK-approved ADR providers such as IBAS. For UK players, this means gambling-related dispute resolution and player protection follow the Curaçao framework, not UK regulation.

REFLECT: While you may use the Curaçao complaints portal for gambling disputes, data protection complaints should be directed to us and, where necessary, to the appropriate privacy regulator (such as the ICO). Using one channel does not prevent you from using the other.

Updates

OBSERVE: Our services, regulatory environment and internal practices may evolve over time. We therefore review this Privacy Policy periodically.

How We Will Notify You

Website updates: The latest version of this Privacy Policy will always be available on vovada-uk.com, with a "Last updated" date at the top.
Direct notifications: For material changes that significantly affect your rights or how we use your data, we will seek to notify you in advance by one or more of the following: in-account notifications, email (where available), or prominent banners on the Website.

Timing And Your Options

Advance notice: Where feasible and not prevented by law or urgent security needs, we will provide at least 30 days' notice before material changes take effect, so you can review them.
Your choices: If you do not agree with updated terms, you may choose to stop using the service and request account closure. Continued use of Vavada on vovada-uk.com after changes take effect will normally be treated as acceptance of the updated Privacy Policy.

Last updated: January 2026. Recent updates include clarifications on international data transfers, UK and Mexican regulatory references, and additional detail on retention and security for the Vavada profile.

REFLECT: We encourage you to review this Privacy Policy regularly so that you remain informed about how we protect and process your personal data when you use Vavada via vovada-uk.com.