Cosmobet logo - online betting and casino blog

    Privacy Policy

    At Cosmobet, we understand that privacy is fundamentally important to our players. When you trust us with your personal information, you expect us to protect it carefully and to use it responsibly. This Privacy Policy explains in detail how we collect, use, store, and share your personal data when you use our website, mobile applications, and services. We encourage you to read this policy carefully so that you understand our practices and your rights.

    This Privacy Policy applies to all personal information collected through our Platform, including our website at www.cosmobet.com, our mobile applications for iOS and Android, our customer support interactions, and any other services we provide. By creating an account, using our services, or otherwise providing us with your personal information, you acknowledge that you have read and understood this policy and consent to the data practices described herein. If you do not agree with our practices, please do not use our services.

    Who We Are

    Cosmobet is operated by Santeda International B.V., a company registered in Curaçao under company registration number 151296. Our registered office is located in Willemstad, Curaçao. We are licensed and regulated by the Curaçao Gaming Control Board under licence number OGL/2025/4887/5353. For the purposes of data protection law, including the General Data Protection Regulation (GDPR) where applicable, we are the data controller responsible for your personal information. This means we determine how and why your data is processed and are accountable for ensuring that processing complies with applicable laws.

    Our commitment to privacy extends throughout our organization. We have appointed a Data Protection Officer who oversees our compliance with data protection laws and serves as a point of contact for privacy-related inquiries. Our staff receive regular training on data protection principles and practices, and we maintain comprehensive policies and procedures to safeguard personal information.

    If you have questions about this Privacy Policy or our data practices, or if you wish to exercise any of your privacy rights, you may contact our Data Protection Officer by email at privacy@cosmobet.com or by post at the address provided above.

    Information We Collect

    We collect personal information in several ways and from various sources throughout your relationship with us. Understanding what information we collect and how we obtain it is the first step to understanding how we use and protect your data.

    When you register for an account with Cosmobet, you provide us with essential information including your full legal name, date of birth, residential address, email address, telephone number, and the username and password you choose for your account. You also select your preferred currency and may provide additional optional information such as your gender and preferences. This information is necessary for us to create your account, verify your identity, and comply with legal requirements that apply to gambling operators. Without this information, we cannot provide you with our services.

    As part of our regulatory obligations under anti-money laundering laws and our Curaçao Gaming Control Board licence, we are required to verify the identity of all players through Know Your Customer procedures. During this process, you may be asked to provide copies of identification documents such as a passport, driver's license, or national identity card. You may also need to provide proof of your residential address through documents such as utility bills or bank statements dated within the past three months. In some cases, we may request verification of your payment methods or source of funds. These documents are used solely for verification purposes and are stored securely with access restricted to authorized compliance personnel.

    When you fund your account or request withdrawals, we collect financial information necessary to process these transactions. Depending on the payment method you choose, this may include credit or debit card numbers, bank account details such as IBAN and BIC codes, electronic wallet account information from providers like Skrill or Neteller, or cryptocurrency wallet addresses. We work with trusted payment processors including Visa, Mastercard, Skrill, Neteller, and various banking partners who handle the technical aspects of payment processing, and we share only the information necessary to complete your transactions.

    As you use our Platform, we automatically collect certain information about your device and how you interact with our services. This includes your IP address, which tells us your approximate geographic location; information about your device such as the device type, model, operating system, and browser version; unique device identifiers; and usage data such as the pages you visit, games you play, bets you place, the duration of your sessions, and the times you access our Platform. We collect this information through cookies, log files, and similar technologies as described later in this policy.

    We may receive information about you from third-party sources, which we use to verify information you have provided, to enhance our understanding of our players, and to improve our services. These sources include identity verification services such as GBG and Jumio that confirm your identity and age, credit reference agencies that help us assess financial risk, fraud prevention services such as SEON and Iovation that help us identify and prevent fraudulent activity, and marketing partners who help us reach potential new players through affiliate programs and advertising networks.

    How We Use Your Information

    The personal information we collect serves multiple purposes, all of which are necessary either for providing our services, complying with legal obligations, protecting legitimate interests, or as otherwise consented to by you. We are committed to using your information only for purposes that are compatible with those described in this policy.

    The primary purpose for which we collect your personal information is to provide our gaming services to you. This includes creating and managing your account, processing deposits and withdrawals through our cashier system, enabling you to place bets and play casino games, settling bets and crediting winnings to your account, providing customer support through our live chat, email, and telephone channels, and administering bonuses and promotions. Without processing your personal information for these purposes, we simply could not offer our services to you.

    As a licensed gambling operator regulated by the Curaçao Gaming Control Board, we are subject to extensive legal and regulatory requirements that necessitate the collection and processing of personal information. We must verify the identity and age of all players to prevent underage gambling, which is why we require documentation during our KYC process. We must monitor transactions and playing patterns to detect and report suspicious activity that could indicate money laundering or terrorist financing, reporting to the relevant Curaçao financial intelligence authorities where required. We must maintain detailed records of player activity for a minimum of six years and make them available to regulators upon request. We must implement responsible gambling measures including deposit limits, self-exclusion, and reality checks to protect vulnerable players. These obligations are not optional, and failure to comply could result in loss of our licence and criminal penalties.

    We use personal information to protect the security and integrity of our Platform and to prevent fraud, collusion, and other forms of abuse. This includes monitoring account activity for signs of unauthorized access such as logins from unusual locations or devices, detecting and preventing the use of stolen payment methods through velocity checks and pattern analysis, identifying players who attempt to create multiple accounts to abuse bonuses through device fingerprinting and behavioral analysis, and investigating suspected cheating or manipulation of games or betting markets. These activities protect not only our business but also our legitimate players who deserve a fair and secure gaming environment.

    We analyze the personal information we collect to understand how players use our services and to identify opportunities for improvement. This analysis helps us optimize the user experience of our Platform by identifying areas of friction or confusion, develop new features and services that meet player needs based on usage patterns, personalize your experience by recommending games and offers that may interest you based on your playing history, and measure the effectiveness of our marketing efforts to ensure efficient allocation of resources. Where possible, we perform these analyses using aggregated or anonymized data that does not identify individual players.

    Subject to your preferences and applicable law, we may use your personal information to send you marketing communications about our products, services, and promotions via email, SMS, push notifications, and other channels. We may also use your information to display targeted advertising on our Platform and through third-party advertising networks such as Google Ads and Facebook. You can control your marketing preferences through your account settings at any time, and you can opt out of marketing communications by following the unsubscribe instructions in our emails, replying STOP to SMS messages, or by contacting customer support.

    Legal Basis for Processing

    Data protection law, particularly the GDPR, requires us to have a valid legal basis for processing personal information. The legal basis we rely upon depends on the specific purpose for which we are processing your data.

    Much of our processing is necessary to perform the contract between you and Cosmobet that is established when you accept our Terms and Conditions. This includes processing necessary to create your account, enable you to use our services, process transactions, settle bets, provide customer support, and administer your participation in our VIP club. Without this processing, we could not fulfill our obligations to you under the contract.

    Certain processing is required to comply with legal obligations to which we are subject. This includes processing necessary for identity verification under applicable anti-money laundering law, anti-money laundering compliance under international standards (FATF), responsible gambling implementation under our Curaçao Gaming Control Board licence conditions, tax reporting to relevant authorities, and responding to lawful requests from regulatory and law enforcement authorities. We have no choice but to process your information for these purposes if we wish to continue operating as a licensed gambling operator.

    Some processing is based on our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include protecting our Platform against fraud and abuse, analyzing usage patterns to improve our services, ensuring network and information security, and marketing our services to existing customers who have not opted out. When we rely on legitimate interests, we carefully balance our interests against the potential impact on your privacy and document this assessment.

    Where required by law, we obtain your consent before processing your personal information for specific purposes. This includes consent for marketing communications where you have not previously been our customer, consent for the use of non-essential cookies and tracking technologies through our cookie consent mechanism, and consent for any processing that goes beyond what is necessary for the purposes described above. Where we rely on consent, you have the right to withdraw that consent at any time through your account settings or by contacting us.

    Information Sharing and Disclosure

    We understand that the sharing of personal information is a significant concern for many people. We want to assure you that we do not sell your personal information to third parties and that we share information only in the limited circumstances described below.

    We work with various service providers who perform functions on our behalf that require access to personal information. These include payment processors such as Skrill, Neteller, and our banking partners who handle deposits and withdrawals; identity verification providers such as GBG and Jumio who confirm your identity; cloud hosting providers including Amazon Web Services where our data is stored; customer support platforms such as Zendesk that help us manage inquiries; fraud prevention services such as SEON that help identify suspicious activity; email service providers such as SendGrid that deliver our communications; and analytics providers such as Google Analytics that help us understand usage patterns. We require all service providers to enter into data processing agreements that obligate them to protect your information and to use it only for the specific purposes we authorize.

    We are required by law to share personal information with certain regulatory and governmental authorities. The Curaçao Gaming Control Board has broad powers to access player information as part of their oversight of our operations. The relevant Curaçao financial intelligence authorities receive reports of suspicious transactions. Tax authorities in Curaçao and potentially in your country of residence may require information for tax compliance purposes. Law enforcement agencies may request information in connection with criminal investigations. We will comply with lawful requests from these authorities, although we will resist requests that we believe are unlawful or overly broad and will notify you of requests relating to your data where legally permitted.

    In some cases, we may share your information with third parties to protect legitimate interests. For example, we may share information with fraud prevention services and industry databases to protect against fraudulent activity, with our legal advisors in connection with actual or potential legal proceedings, with auditors such as our external auditors who verify our financial statements and compliance, and with insurers in connection with claims or potential claims under our liability policies. We limit sharing to what is necessary for these purposes.

    If Cosmobet is involved in a merger, acquisition, sale of assets, or other corporate restructuring, your personal information may be transferred as part of that transaction. In such circumstances, we will provide notice before your information is transferred and becomes subject to a different privacy policy. We will take steps to ensure that the acquiring entity commits to protecting your information in accordance with this policy or to a standard that is at least as protective.

    International Data Transfers

    Cosmobet operates globally, and your personal information may be transferred to and processed in countries other than your country of residence. Our primary operations and data processing facilities are located in Curaçao. However, some of our service providers process data in other locations, including the European Union and the United States, which may have data protection laws that differ from the laws in your country.

    For transfers of personal data outside the European Economic Area, we rely on approved transfer mechanisms to ensure that appropriate safeguards are in place to protect your information. These include Standard Contractual Clauses approved by the European Commission for transfers to service providers in countries without adequacy decisions, adequacy decisions by the European Commission recognizing certain countries such as Canada and Japan as providing adequate protection, and binding corporate rules for transfers within corporate groups where applicable. These safeguards ensure that your data receives the same level of protection regardless of where it is processed.

    Our primary data hosting is provided by Amazon Web Services in their Dublin, Ireland facility, with disaster recovery capabilities in Frankfurt, Germany. Identity verification processing may occur in the United Kingdom and India through our verification partners. Customer support operations are based in Curaçao. Information about specific data processing locations for particular services is available upon request by contacting our Data Protection Officer.

    Data Security

    Protecting the security of your personal information is extremely important to us. We have implemented comprehensive technical and organizational measures designed to protect your data against unauthorized access, alteration, disclosure, or destruction.

    All data transmitted between your device and our servers is encrypted using TLS 1.3, the current industry standard for secure communications. This encryption ensures that your information cannot be intercepted and read by unauthorized parties while in transit. We use AES-256 encryption to protect sensitive data such as passwords and payment information when stored in our databases. Passwords are hashed using bcrypt with appropriate work factors, meaning that even we cannot see your actual password.

    Access to personal information within our organization is restricted to employees who need it to perform their job functions, following the principle of least privilege. All employees who have access to personal data are bound by confidentiality obligations in their employment contracts and receive regular training on data protection. We maintain detailed access logs and regularly review access privileges to ensure they remain appropriate. Access to sensitive systems requires multi-factor authentication.

    Our systems are protected by enterprise-grade firewalls, intrusion detection and prevention systems, and other security technologies designed to prevent unauthorized access. We conduct regular security assessments including annual penetration testing by qualified third-party firms and ongoing vulnerability scanning. We have incident response procedures in place to detect, investigate, and respond to potential security breaches quickly and effectively, with defined escalation paths and notification procedures.

    Despite our best efforts, no method of transmission over the internet and no method of electronic storage is completely secure. While we strive to protect your personal information using commercially reasonable measures, we cannot guarantee its absolute security. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at security@cosmobet.com.

    Data Retention

    We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, and to protect our legitimate interests. The specific retention period depends on the nature of the information and the purposes for which it is used.

    Account information and transaction records are retained for the duration of your account relationship with us and for a minimum of six years after your account is closed. This extended retention period is required by the Curaçao Gaming Control Board licence conditions and anti-money laundering laws, which mandate that we maintain records that could be relevant to regulatory inquiries or investigations. Specifically, applicable AML rules require retention of customer identification and transaction records for at least five years after the end of the business relationship, with a potential extension if requested by authorities.

    Identity verification documents are retained for the same period as account records to demonstrate our compliance with Know Your Customer requirements. These documents are stored securely with restricted access limited to compliance personnel, encrypted both in transit and at rest, and deleted securely when no longer required for compliance purposes using certified data destruction methods.

    Marketing preferences and consent records are retained for as long as your account is active and for three years thereafter to demonstrate our compliance with marketing laws including GDPR and the Privacy and Electronic Communications Regulations. If you unsubscribe from marketing communications, we will retain a record of your unsubscribe request indefinitely to ensure we honor your preferences.

    Technical data such as server logs, access logs, and security logs are retained for periods between 90 days and two years depending on their purpose, as this data is primarily useful for operational and security purposes. Web analytics data is retained for 26 months, consistent with Google Analytics default retention. Aggregated or anonymized data derived from your usage may be retained indefinitely for analytical and statistical purposes, as this data no longer identifies you.

    Your Privacy Rights

    Under the GDPR and other applicable data protection laws, you have certain rights regarding your personal information. We are committed to respecting these rights and to facilitating their exercise in accordance with applicable law.

    You have the right of access to the personal information we hold about you and to receive a copy of that information upon request. We will provide the information in a commonly used electronic format such as PDF or CSV and will explain how the information is being used, the categories of data involved, and the recipients or categories of recipients. There is generally no charge for access requests, although we may charge a reasonable fee of €20 for manifestly unfounded, repetitive, or excessive requests.

    If the personal information we hold about you is inaccurate or incomplete, you have the right to rectification. We encourage you to keep your account information up to date by logging into your account and updating your profile through the account settings section. For corrections that cannot be made through your account, such as changes to your name due to marriage, please contact customer support with appropriate supporting documentation.

    In certain circumstances, you have the right to erasure of your personal information, sometimes called the right to be forgotten. This right applies when the data is no longer necessary for the purposes for which it was collected, when you withdraw consent and there is no other legal ground for processing, when you object to processing and there are no overriding legitimate grounds, or when the data has been unlawfully processed. However, this right is not absolute and is subject to our legal obligations to retain certain records under anti-money laundering laws and our Curaçao gaming licence. Where erasure is not possible due to legal requirements, we will inform you of the specific reasons and the expected retention period.

    You have the right to object to processing of your personal information where we are relying on legitimate interests as the legal basis for processing. This includes processing for direct marketing purposes, where your objection is absolute, and processing for other purposes, where we will cease processing unless we can demonstrate compelling legitimate grounds that override your rights. To exercise this right, contact our Data Protection Officer with details of the processing you object to.

    Where we process personal information based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal. To withdraw consent for marketing communications, you can use the unsubscribe link in our emails, reply STOP to SMS messages, or update your preferences in your account settings under the communications preferences section.

    You have the right to request restriction of processing of your personal information in certain circumstances, such as while we are verifying the accuracy of information you have contested, where processing is unlawful but you oppose erasure, where we no longer need the data but you need it for legal claims, or while we are considering an objection you have raised under the right to object.

    You have the right to data portability, meaning the right to receive the personal information you have provided to us in a structured, commonly used, machine-readable format such as JSON or CSV and to transmit that data to another controller where technically feasible. This right applies to data processed by automated means based on consent or contract.

    To exercise any of these rights, please contact our Data Protection Officer at privacy@cosmobet.com or by post at our registered address. Please include your account username and sufficient information for us to verify your identity. We will respond to your request within one month, as required by the GDPR. If your request is complex or we receive a high volume of requests, we may extend this period by up to two additional months, in which case we will notify you of the extension and the reasons.

    Cookies and Tracking Technologies

    Our Platform uses cookies and similar tracking technologies to enhance your experience, analyze usage, and support our marketing efforts. This section explains what these technologies are and how we use them.

    Cookies are small text files that are stored on your device when you visit our website. They allow us to recognize your device on subsequent visits and remember certain information about your visit, such as your preferences and settings. Some cookies are essential for our Platform to function properly, while others help us understand how visitors use our site or enable us to provide personalized content and advertising.

    Essential cookies are necessary for the basic functionality of our Platform. They enable core features such as security, account access, session management, and load balancing. These cookies do not collect personal information for marketing purposes and cannot be disabled without impairing your use of our services. Examples include our session cookie that keeps you logged in and our CSRF token cookie that protects against cross-site request forgery.

    Performance cookies help us understand how visitors interact with our Platform by collecting information about pages visited, time spent on the site, and any error messages encountered. This information is used to improve our Platform and identify technical issues. We use Google Analytics for this purpose, which sets cookies such as _ga and _gid. This information is typically aggregated and anonymous.

    Functional cookies remember choices you make such as language preference, display settings, and recently played games. They provide enhanced, personalized features and help us remember your preferences when you return to our site. For example, we use functional cookies to remember your preferred currency and to show you relevant game recommendations.

    Marketing cookies track your browsing activity to help us deliver advertisements relevant to you. They may be set by us or by third-party advertising partners such as Google Ads and Facebook, and are used to build a profile of your interests and show you relevant ads on other sites. These cookies require your consent in accordance with GDPR and the ePrivacy Directive.

    When you first visit our Platform, you will be presented with a cookie consent banner that allows you to accept all cookies, reject non-essential cookies, or customize your preferences by category. You can change your cookie preferences at any time through the cookie settings link available in the footer of our website. You can also control cookies through your browser settings, although disabling certain cookies may affect the functionality of our Platform, such as keeping you logged in or remembering your preferences.

    Children's Privacy

    Our services are intended exclusively for adults of legal gambling age, which is 18 years old in most jurisdictions. We do not knowingly collect personal information from children or minors. The registration process requires users to confirm they are of legal gambling age, and we verify age through our identity verification procedures.

    If we discover that we have inadvertently collected personal information from a person under 18 years of age, we will delete that information as quickly as possible and close any associated account. If you believe that we may have collected information from a minor, please contact us immediately at privacy@cosmobet.com so that we can investigate and take appropriate action.

    We encourage parents and guardians to monitor their children's internet use and to help enforce this policy by instructing children never to provide personal information on gambling websites. Parents who believe their child may have provided information to us should contact us to request deletion.

    Third-Party Links and Services

    Our Platform may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy applies only to our Platform and does not cover third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

    When you click on a link to a third-party site, you are leaving our Platform and are subject to the privacy practices of that site. We are not responsible for the privacy practices, content, or security of third-party sites. The presence of a link on our Platform does not imply endorsement of the linked site.

    Some features of our Platform may integrate with third-party services such as social media platforms including Facebook and Twitter. When you use these features, you may share information with the third-party service and be subject to their privacy policies. For example, if you use the Facebook login option, Facebook will receive information about your login. We encourage you to review the privacy settings and policies of any third-party services you connect with.

    Changes to This Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will update the "Last Updated" date at the top of this policy. For significant changes that materially affect your rights or how we use your data, we will provide more prominent notice by sending an email to the address associated with your account and by posting a banner notice on our Platform before the changes take effect.

    We encourage you to review this policy periodically to stay informed about how we protect your information. Significant changes will be notified at least 30 days before they take effect to give you time to review and, if necessary, exercise your rights.

    Your continued use of our services after any changes to this policy constitutes acceptance of the revised policy. If you do not agree with changes to the policy, you should discontinue using our services before the changes take effect.

    How to Contact Us

    If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, we encourage you to contact us. We take privacy inquiries seriously and will respond to your communication as promptly as possible.

    For privacy-related inquiries, please contact our Data Protection Officer:

    Email: privacy@cosmobet.com

    Postal Address:
    Data Protection Officer
    Santeda International B.V.
    Registration No. 151296
    Willemstad, Curaçao

    We aim to respond to all privacy inquiries within 5 business days and to resolve substantive requests within the one-month timeframe required by GDPR.

    If you believe that we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with the relevant data protection or gaming supervisory authority in your jurisdiction. You may also escalate concerns directly to the Curaçao Gaming Control Board, our primary regulator.

    Your privacy matters to us. Thank you for trusting Cosmobet with your personal information.