Privacy Policy | WinCraft

This notice explains how WinCraft (hereinafter: Provider) collects, uses, transfers, and protects the personal data of users of the win-craftlogin.net website in accordance with GDPR and applicable laws. By using the Website, you agree to the provisions of this policy.

1. Data Controller Information

• Data Controller: WinCraft
  
• Website: win-craftlogin.net
  
• Contact: [email protected]
  
• Registered office and Data Protection Officer: published separately if designated
  

2. Purpose and Legal Basis of Processing

Data is processed for the following purposes:

• Account creation and operation – GDPR Art. 6(1)(b)
  
• Processing deposits and withdrawals – GDPR Art. 6(1)(c)
  
• Handling customer support requests – GDPR Art. 6(1)(b) or (1)(f)
  
• Legal identification (KYC) and fraud prevention – GDPR Art. 6(1)(c) and (1)(f)
  
• Marketing communication (with explicit consent) – GDPR Art. 6(1)(a)
  

3. Categories of Personal Data Processed

• Identification and contact data (name, username, email, encrypted password, date of birth, address, nationality)
  
• Technical and log data (IP address, device and browser information, login timestamps)
  
• Payment and transaction metadata in tokenized form
  
• Records of gaming activity and bonus usage
  
• Copies of KYC documents (ID, proof of address)
  
• Customer support communications
  

4. Cookies and Online Identifiers

The Website uses essential session cookies for operation and, with consent, analytical and marketing cookies (e.g., Google Analytics/Matomo, Facebook Pixel/Google Ads). Cookie preferences can be adjusted at any time in your browser or through the on-site cookie management panel.

5. Data Storage and Retention

• Account data: up to 5 years after account closure
  
• Transaction/accounting data: 8 years
  
• IP and log data: up to 12 months
  
• Marketing consent: until withdrawn
  

6. Data Transfers and Processors

Data is shared only to the extent necessary to provide services:

• Payment providers
  
• Hosting and IT service providers
  
• Customer support and email systems
  
• Marketing platforms (only with consent)
  
• Authorities, where legally required
  

All partners operate under GDPR-compliant data processing agreements.

7. Data Subject Rights

Under GDPR, you have the following rights:

• Right of access and copy
  
• Right to rectification
  
• Right to erasure (“right to be forgotten”)
  
• Right to restriction of processing
  
• Right to object to processing based on legitimate interests
  
• Right to data portability
  
• Right to withdraw consent
  

Contact for exercising rights: [email protected]

8. Automated Decision-Making and Profiling

Automated assessments may be applied for fraud prevention and integrity protection, e.g., analysis of bonus usage patterns, unusual logins, or risky transactions. You may request human review, contest a decision, or submit comments.

9. Complaints and Supervisory Authority

First point of contact: the Provider’s customer support.
Supervisory authority: Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
1055 Budapest, Falk Miksa utca 9–11 • Website: naih.hu • Email: [email protected]

10. Protection of Minors

The Service is not available to persons under 18. Age checks are carried out at registration and before withdrawals. Recommended parental controls: Net Nanny, Qustodio, Kaspersky Safe Kids.

11. International Data Transfers

For transfers outside the EEA, we use either adequacy decisions of the European Commission or the EU Standard Contractual Clauses (SCC), with encrypted data transfer.

12. Security Measures

• HTTPS/SSL encryption and logging
  
• Multi-factor access control and role-based permissions
  
• Regular backups and vulnerability testing
  
• Audited gaming software and operational checks
  

13. Marketing and Unsubscribing

Marketing communications are sent only with prior consent. Every message includes an unsubscribe option; withdrawal is registered automatically.

14. Third-Party Links

The Website may contain external links. The Provider is not responsible for the privacy practices of those sites. Users are advised to review third-party privacy notices.

15. Data Deletion and Retention Exceptions

Users may request deletion of their account and personal data. Execution may be restricted or delayed if legal retention obligations apply. Confirmation of deletion is sent by email.

16. Remedies

• File a complaint directly with the Provider
  
• Submit a complaint to NAIH
  
• Seek judicial remedy
  

17. Cookie Settings

Cookies can be enabled or disabled by category. Consent can be withdrawn at any time in the cookie panel or via browser settings.

18. Governing Law

Data processing is governed by GDPR (EU 2016/679), Act CXII of 2011 (Infotv.), and applicable electronic communications laws.

19. Related Documents

• General Terms and Conditions
  
• Cookie Policy
  
• Responsible Gambling Guidelines
  
• Bonus and Promotion Rules
  

20. Final Provisions

This Privacy Policy is effective from the date of publication. The Provider reserves the right to amend it; changes take effect upon publication on the Website. Continued use of the Website constitutes acceptance of the current version.