Privacy Policy

This Privacy Policy explains how 888 Starz (operating via 888starse.com) collects, uses, shares, and protects personal data. A privacy policy is required to provide transparency, define lawful processing grounds, and explain your rights under applicable data protection laws. It applies to website visitors, registered players, and anyone who interacts with our services and communications. Effective date: 6 November 2025.

Who We Are

OBSERVE: 888 Starz is presented to UK users through 888starse.com. The available corporate data indicates an operator and a separate payment-processing entity, and a Curaçao gaming licence validated via a third-party tool.

EXPAND: UK users should understand that data may be handled by more than one group company (operator and payment processor) and potentially by vendors located outside the UK. Privacy compliance for UK users is governed primarily by the UK GDPR and the Data Protection Act 2018, regardless of the gambling licensing position described in the profile.

REFLECT: We provide the identified entities and contacts below and explain how to reach our data protection function.

Controller / Operator details (as provided)

Operator (gaming services): Bittech B.V. (entity type: B.V.; jurisdiction: Curaçao). Registered / legal address: not specified in the available profile data.
Payment processing entity (fiat payments): Azimutone Limited (entity type: Limited; jurisdiction: Cyprus). Registered / legal address: this information is not provided in the current profile data.
Company registration number / tax ID: not specified in the available profile data.

Gaming licence reference (context)

Licence number: 8048/JAZ2020-048
Issuing authority / jurisdiction: Antillephone N.V., Curaçao
Validator reference: https://validator.antillephone.com/validate?domain=888starz.bet (validator link provided in the profile data; our UK-facing domain is 888starse.com).

Data protection contact

Primary contact email (support & responsible gaming): support@888starse.com
DPO / Data Protection Department: not separately specified in the available profile data. Please use the email above and include "Data Protection Request" in the subject line.
Official website: https://888starse.com

What Personal Data We Collect

OBSERVE: Operating an online casino and crypto-first payment stack typically requires identity checks, account security controls, transaction monitoring, and service analytics. The profile notes crypto assets support and potential UK banking restrictions.

EXPAND: Under UK GDPR, we must disclose categories of personal data, including identifiers, technical data, behavioural data, and financial/transaction data. We should also address cookies and similar tracking, and explain that some payment data may be processed by third parties (including on-ramps/exchanges) depending on the user's chosen method.

REFLECT: We categorise data clearly below so UK users understand what is collected, from where, and why.

Identity & account data: full name, date of birth, username, password (stored in hashed form), nationality/residency information, and other registration information you provide.
Contact data: email address (including support@888starse.com communications), telephone number (if provided), and communication preferences.
Verification (KYC) data: copies of identity documents, selfies/liveness checks (where used), proof of address, source-of-funds/source-of-wealth information, and results of verification checks (including sanctions/PEP screening where legally required).
Payment & transaction data: deposits, withdrawals, wallet addresses (for crypto), transaction hashes, payment instrument metadata (where applicable), chargeback/returns history, and payment status logs. Note: we do not intentionally store full card details if a regulated payment provider tokenises them; however, payment processors may hold required records.
Gameplay & behavioural data: betting and game history, session duration, clicks and navigation events, bonus activation/usage, responsible gambling interactions (limits, self-exclusion requests), and fraud/abuse signals.
Technical & device data: IP address, device identifiers, operating system and browser data, referring URLs, timestamps, crash logs, and security logs.
Cookies and similar technologies: cookie identifiers, SDK identifiers (where applicable), and preference signals (consent choices). See "Cookies & Tracking Technologies".
Communications: support tickets, emails, chat transcripts (if enabled), and call records (if applicable; phone numbers are not specified in the provided data).

Legal Basis for Processing

OBSERVE: UK users are protected by UK GDPR and the Data Protection Act 2018. The service includes account creation, payments (including crypto), compliance checks, and marketing/analytics.

EXPAND: We must map processing to lawful bases: contract necessity, legal obligation (AML/KYC), legitimate interests (security/fraud prevention), and consent (cookies/marketing in many cases). We should also clarify that some processing is mandatory for service provision; refusing it may prevent account operation.

REFLECT: We set out lawful bases by use case and explain when consent can be withdrawn without affecting other lawful processing.

Performance of a contract: to create and manage your account, provide gameplay services, process deposits/withdrawals, apply bonuses (where eligible), and provide customer support.
Legal obligations: to comply with applicable AML/CTF, fraud reporting, tax/reporting obligations (where applicable), and to respond to lawful requests from competent authorities. This includes KYC verification and transaction monitoring.
Legitimate interests: to secure 888starse.com, prevent and detect fraud, account takeover, bonus abuse, and other misuse; to maintain service integrity; to conduct internal analytics and improve performance; and to establish, exercise, or defend legal claims. We balance these interests against your rights and expectations.
Consent: to place non-essential cookies/trackers; and, where required, to send direct marketing communications. You may withdraw consent at any time (see "Your Rights").
Vital interests (rare): if processing is necessary to protect someone's life (e.g., an emergency safety incident), where applicable.

Regional compliance note (UK): For UK users, references to "GDPR" in this policy mean the UK GDPR, as supplemented by the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR) for cookies and electronic marketing.

Purpose of Processing

OBSERVE: The platform needs data to operate accounts, process payments, provide games, and run security and responsible gaming functions.

EXPAND: UK transparency requires we list purposes in plain language, including marketing (where applicable) and anti-fraud. The profile indicates responsible gaming contact via support email and crypto-first operations, which also implies transaction-risk controls.

REFLECT: We group purposes so you can see what is essential vs optional.

Provide casino services: registration, authentication, gameplay delivery, customer support, and account administration for 888 Starz on 888starse.com.
Payments and withdrawals: processing deposits/withdrawals, confirming transactions (including crypto), managing payment risk, handling chargebacks/returns where applicable.
Compliance and player safety: KYC/AML checks, sanctions screening where required, responsible gambling controls (limits, self-exclusion handling), and record-keeping.
Security and fraud prevention: monitoring for suspicious activity, preventing account takeover, bot detection, and investigating suspected abuse.
Service improvement and analytics: performance monitoring, troubleshooting, product optimisation, and aggregated reporting.
Marketing (where permitted): sending promotional communications and offers, operating loyalty and bonus communications, and measuring campaign effectiveness (subject to consent/opt-out requirements).

Disclosure & Sharing

OBSERVE: The profile identifies a payment-processing entity (Azimutone Limited) and a licensing validator link, suggesting third-party relationships. Online gambling operations also typically rely on hosting, analytics, KYC vendors, and game providers.

EXPAND: UK GDPR requires transparency about recipients and categories of recipients, and safeguards for processors. We should also highlight that advertising/affiliate sharing (if any) is constrained by consent and contractual controls, and that regulators/law enforcement may receive data where legally required.

REFLECT: We disclose recipient categories and the conditions for sharing, using data minimisation and contractual protections.

Group entities: we may share data between entities involved in operating 888 Starz on 888starse.com, including Bittech B.V. (operator) and Azimutone Limited (payment processing), to deliver services, manage risk, and meet compliance obligations.
Payment partners and financial service providers: payment gateways, banks, crypto payment facilitators, on-ramp/off-ramp providers, and wallet services where you choose to use them, for deposit/withdrawal execution and fraud prevention.
Verification, AML and fraud-prevention providers: identity verification services, screening databases, device intelligence services, and transaction monitoring vendors.
IT and operational service providers: hosting, cloud infrastructure, customer support tools, email delivery services, security monitoring, and analytics providers acting as processors under contract.
Game and platform suppliers: where necessary to provide game functionality, troubleshoot errors, or certify outcomes (shared in a limited, need-to-know form).
Affiliates and advertising networks: only where you have provided appropriate consent for marketing cookies/trackers and/or where lawful under PECR/UK GDPR. You can withdraw consent at any time.
Authorities and legal recipients: regulators, law enforcement, courts, and competent authorities where disclosure is required by law or necessary to protect rights, safety, and prevent fraud.

International Transfers

OBSERVE: The operator is linked to Curaçao and payment processing to Cyprus, and vendors may be globally distributed. UK users' data may therefore be transferred outside the UK.

EXPAND: UK GDPR requires a transfer mechanism for restricted transfers (e.g., UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs), plus risk assessments and supplementary measures where needed. "Privacy Shield" is not a UK-valid mechanism; we should avoid relying on it and instead reference UK IDTA/UK Addendum and adequacy regulations where applicable.

REFLECT: We describe likely transfer regions and the safeguards we apply for UK users.

Where data may be transferred: the UK, European Economic Area (EEA) (including Cyprus for payment processing), and potentially other jurisdictions where our operator group, suppliers, or fraud-prevention partners are located, including Curaçao (operator jurisdiction) and other countries where technical infrastructure or support teams operate.
Transfer safeguards: we use one or more of the following, as applicable:
- Adequacy decisions/regulations: where the UK has recognised a jurisdiction as providing adequate protection.
- UK IDTA or UK Addendum to EU SCCs: contractual safeguards for transfers to non-adequate jurisdictions.
- Supplementary measures: encryption in transit/at rest, access controls, and minimisation to reduce transfer risk.
Transparency: you may request information about relevant transfer mechanisms by contacting support@888starse.com.

Data Retention

OBSERVE: Gambling-style services require retention for account management, payment reconciliation, security investigations, and compliance (KYC/AML). The profile does not specify exact statutory retention periods for this operator.

EXPAND: UK GDPR requires that retention is not longer than necessary. For gambling/financial compliance, a common benchmark is 5 years after account closure or the end of the relationship, but some records may require longer to meet legal claims limitation periods or regulatory requests. We must define deletion/anonymisation criteria and handle exceptions (fraud, disputes).

REFLECT: We provide a practical retention schedule, with clear triggers and exceptions.

Account profile data (identity/contact): kept for the life of the account and generally up to 5 years after account closure, unless a longer period is required to comply with legal obligations or to handle disputes, fraud investigations, or legal claims.
KYC/AML and due diligence records: generally retained up to 5 years after account closure (or longer where required by applicable AML/CTF obligations or lawful authority requests).
Transaction and payment records (fiat/crypto): generally retained up to 5 years after account closure, and longer where needed for financial reconciliation, audit trails, chargebacks, fraud prevention, or legal claims.
Gameplay and behavioural logs: retained for operational integrity, responsible gambling controls, and dispute handling; typically up to 24 months for detailed logs, with aggregated/anonymised analytics retained longer where feasible.
Security logs and device/technical data: typically retained from 90 days to 24 months depending on risk level and investigation needs.
Marketing preferences and consent logs: retained while marketing is active and for a reasonable period thereafter to evidence compliance (e.g., up to 2 years), unless you request earlier deletion where applicable.

Deletion/anonymisation triggers: We delete, anonymise, or securely archive personal data when (a) it is no longer necessary for the purposes collected, (b) you validly exercise a deletion right and no exception applies, or (c) retention periods expire. Exceptions apply where continued retention is necessary for legal obligations, fraud prevention, or establishment/defence of legal claims.

Your Rights

OBSERVE: UK users have UK GDPR rights, and the brief requires alignment with Mexican privacy law. The profile indicates UK as a grey market from a gambling licensing perspective, but privacy rights still apply to processing of UK users' data.

EXPAND: We should present (1) UK GDPR rights with clear procedures and timelines (generally one month/30 days), (2) PECR marketing opt-outs, and (3) Mexican framework references: Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP) and ARCO rights (Acceso, Rectificación, Cancelación, Oposición) plus withdrawal of consent. We must avoid overstating applicability; we can state these principles may apply where Mexican law is relevant (e.g., if you are in Mexico or your data is processed there).

REFLECT: We provide a unified rights section: UK GDPR rights for UK users, and ARCO alignment where relevant, with a simple request workflow and clear response commitments.

Your rights under UK GDPR (UK users)

Right of access: obtain confirmation of processing and a copy of your personal data.
Right to rectification: correct inaccurate or incomplete data.
Right to erasure: request deletion where applicable (e.g., data no longer needed, unlawful processing). This is not absolute; we may retain data required for AML/KYC, fraud prevention, or legal claims.
Right to restrict processing: ask us to suspend processing in certain circumstances (e.g., while accuracy is contested).
Right to object: object to processing based on legitimate interests, and object at any time to direct marketing.
Right to data portability: receive certain data you provided to us in a structured, commonly used format and transmit it to another controller, where applicable.
Right to withdraw consent: where processing is based on consent (e.g., certain cookies/marketing), you may withdraw at any time without affecting the lawfulness of prior processing.

ARCO rights alignment (Mexico) where relevant

ARCO rights: Acceso, Rectificación, Cancelación y Oposición broadly correspond to access, correction, deletion/cancellation, and objection.
Consent withdrawal: where processing relies on consent, you may withdraw it, subject to legal/contractual limits.
Legal reference: these rights are recognised under Mexico's LFPDPPP and related regulations, and we aim to honour equivalent requests where legally applicable to the processing context.

How to exercise your rights (procedure, timelines, cost)

Submit a request: email support@888starse.com with the subject "Data Protection Request - 888 Starz".
Identify yourself: provide sufficient information to verify your identity. We may request additional verification to protect you from unauthorised disclosure (especially for account, payment, and KYC data).
Specify the right and scope: tell us what you want (access, deletion, objection, etc.) and which account/email it relates to.
Response time: we aim to respond within 30 days (one month) of verifying your identity. If a request is complex, we may extend the period as permitted by law and will inform you with reasons.
Fees: requests are handled free of charge unless they are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request as permitted by law.

Cookies & Tracking Technologies

OBSERVE: The site uses cookies and similar technologies to operate accounts, remember settings, measure performance, and (where permitted) support advertising/affiliate attribution.

EXPAND: In the UK, PECR requires consent for non-essential cookies. We must distinguish strictly necessary cookies from analytics/advertising cookies and explain controls, including browser settings and any on-site consent manager.

REFLECT: We list cookie types, purposes, and opt-out methods so users can make informed choices.

Strictly necessary (functional) cookies: required for core site functions (login sessions, security, load balancing, fraud prevention). These cannot generally be disabled via a consent banner without impacting service.
Preference cookies: remember language, region, and interface settings.
Analytics cookies: help us understand usage of 888starse.com (pages visited, performance, error rates) to improve services. These are set only with consent where required.
Advertising / affiliate cookies: measure campaign effectiveness, prevent attribution fraud, and (where enabled) personalise ads. We only place these cookies when we have your consent in locations where that is required.
Session vs persistent cookies: session cookies expire when you close your browser; persistent cookies remain for a set period or until deleted.
Third-party cookies: may be set by service providers (analytics, fraud prevention, advertising/affiliate platforms) subject to your consent choices and their privacy terms.

How to manage cookies

Cookie banner / consent settings: use the on-site cookie settings (where available) to accept or reject non-essential cookies and change choices later.
Browser controls: you can delete or block cookies via your browser settings. Blocking strictly necessary cookies may prevent login, gameplay, or withdrawals.
Device-level controls (where applicable): for mobile devices, you may control advertising identifiers and app permissions in device settings.

Data Security

OBSERVE: The service involves account access, payments (including crypto), and sensitive verification data, requiring robust security. The brief requires encryption, MFA, access controls, audits, training, and incident response, with references to ISO 27001/SOC 2 "where applicable".

EXPAND: Under UK GDPR, we must implement appropriate technical and organisational measures considering risk. For a gambling platform, likely measures include TLS, encryption at rest, least privilege, monitoring, secure SDLC, vendor due diligence, and breach management with regulatory notification timelines where applicable.

REFLECT: We describe layered security controls and clarify that no system is risk-free while committing to proportionate protections.

Encryption in transit: we use TLS 1.2+ to protect data transmitted between your device and our services.
Encryption at rest: sensitive datasets are protected using encryption and key-management controls appropriate to the risk profile.
Account security: password hashing, session controls, and support for multi-factor authentication (MFA) where available/implemented; detection of suspicious logins and automated abuse.
Access controls: role-based access, least-privilege permissions, segregation of duties, and logging/monitoring of administrative access.
Operational security: secure configuration management, vulnerability management, and regular patching of systems.
Security assurance: periodic internal reviews and third-party assessments where applicable; alignment with recognised security frameworks such as ISO/IEC 27001 and/or SOC 2 practices where adopted by us or our critical suppliers.
Staff training: confidentiality commitments and periodic security and privacy training for staff and relevant contractors.
Incident response: documented procedures for detecting, investigating, containing, and remediating security incidents, including assessment of whether notification to affected users and/or the UK ICO is required under UK GDPR.

Security limitation notice: While we apply appropriate safeguards, no website, app, or transmission method can be guaranteed 100% secure. You should also protect your account credentials and use unique passwords.

Complaints & Contacts

OBSERVE: The provided dataset includes a primary support email but no phone numbers, contact forms, or postal address. The brief requires complaint channels and escalation to supervisory authorities including Mexican authority and EU authorities where applicable.

EXPAND: For UK users, the primary supervisory authority is the UK Information Commissioner's Office (ICO). If EU GDPR applies in a given context (e.g., if processing relates to EU services), EU supervisory authorities may be relevant. For Mexico, the authority is INAI. We should provide direct contact information and a step-by-step complaint process with timelines.

REFLECT: We provide the channels we have, acknowledge missing channels, and provide clear escalation routes.

How to contact us about privacy

Email (privacy requests and complaints): support@888starse.com (please include "Privacy Complaint" or "Data Protection Request - 888 Starz").
Phone: not specified in the available profile data.
Online form: not specified in the available profile data.
Postal address: not specified in the available profile data. If you require postal service, contact us by email and we will provide the appropriate address where available.

Complaint procedure (expected timelines)

Step 1 - Submit: email your complaint to support@888starse.com with relevant details (account identifier, dates, screenshots where helpful).
Step 2 - Acknowledgement: we aim to acknowledge receipt within 7 days.
Step 3 - Investigation: we assess logs, account history, vendor records (where needed), and our legal basis for processing.
Step 4 - Resolution: we aim to provide a substantive response within 30 days of verifying your identity and understanding the complaint. If more time is needed, we will explain why and provide an updated timeframe.

Escalation to supervisory authorities

UK (ICO): Information Commissioner's Office
Website: https://ico.org.uk/make-a-complaint/
Phone: +44 (0)303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Mexico (INAI): Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales
Website: https://www.inai.org.mx/
Complaint guidance: https://www.inai.org.mx/ (navigate to personal data protection / complaints)
EU/EEA (where applicable): if EU GDPR applies to specific processing activities, you may contact your local EU/EEA supervisory authority. A list is available via the EDPB:
Website: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

Updates

OBSERVE: The profile includes a last_updated value (2025-11-06). The brief requires versioning, change logs, notice periods (minimum 30 days for significant changes), and user options to object or close accounts.

EXPAND: Under UK GDPR, material changes affecting processing or rights should be communicated clearly. For PECR/cookie changes, renewed consent may be needed. Users should be able to review changes before they take effect, especially where consent or legitimate interests are affected.

REFLECT: We implement a clear update process, provide a "Last updated" stamp and a changelog, and explain user choices.

Last updated: November 2025

How we notify you of changes

Email notice: where we have your email and the change is material, we may notify you via email linked to your 888 Starz account on 888starse.com.
Website banner: we may display a banner or pop-up on 888starse.com summarising key changes.
Account dashboard alert: we may post an in-account notification requiring acknowledgement for significant changes.

Advance notice and your options

Significant changes: for material updates (e.g., new purposes, new recipient categories, materially different transfer safeguards), we will provide at least 30 days' advance notice where practicable.
Your choices: if you object to changes, you may (a) adjust cookie/marketing preferences where applicable, (b) exercise your rights described above, and/or (c) close your account (subject to completion of any legally required verification and settlement of outstanding balances and compliance holds).

Changelog (material changes)

November 2025: Initial publication for 888 Starz on 888starse.com; added UK GDPR/PECR disclosures, international transfer safeguards (UK IDTA/UK Addendum), and rights/complaints workflows including ICO and INAI escalation references.