This policy applies to everyone who visits maximalbet.net, registers an account or interacts with our support team. It describes the categories of personal data we handle, the lawful basis for processing under UK GDPR, the parties we share data with, how long we keep records and the rights you have over your own data. We update this policy from time to time and will tell you when significant changes happen.
What personal data does MaximalBet collect?
When you register, we collect your name, date of birth, email address, country of residence and chosen username. To verify your identity at the first withdrawal we collect a government issued ID document and a proof of address such as a recent utility bill or bank statement. To process payments we collect the details required by your chosen payment method, although we do not store full card numbers ourselves; those are handled by our PCI compliant payment processor.
During your use of the site we also log technical data including your IP address, device type, browser, language preference and the actions you take inside the account. This data is used to operate the service securely, prevent fraud and improve the product. Analytics cookies, when enabled, attribute usage to anonymous identifiers.
How do we use your personal data?
We use your data to deliver the service you signed up for, including operating your account, processing deposits and withdrawals, paying out winnings, providing customer support and complying with our anti money laundering and responsible gambling duties. We also use it for limited service communications such as transactional emails about your account.
If you opt in, we use a smaller subset of your data for marketing communications about new games, promotions and tournaments. You can withdraw marketing consent at any time from your account preferences or by clicking unsubscribe in any marketing email. Withdrawing marketing consent does not stop transactional and service communications.
Who does MaximalBet share data with?
We share data with a defined list of processors who help us operate the service. These include payment providers, identity verification services, cloud hosting providers, customer support tools and analytics providers. Each processor is bound by a data processing agreement that limits what they can do with the data and requires them to apply equivalent security measures to ours.
We may share data with regulators, law enforcement and other authorities where we are legally required to do so, for example to support an anti money laundering investigation or to comply with a court order. We do not sell your data to third parties for their own marketing purposes.
What are my data rights under UK GDPR?
You have the right to access the personal data we hold about you, to correct it if it is inaccurate, to request deletion in certain circumstances, to restrict or object to processing, to receive a copy of your data in a portable format and to withdraw consent where processing is based on consent. You can exercise these rights by contacting our data protection team through the help section of the site.
We respond to data rights requests inside one calendar month. If your request is complex we may extend that window by up to two further months and will tell you about the extension. If you believe we have not handled your request properly you can complain to the UK Information Commissioner's Office at ico.org.uk.
How long does MaximalBet keep my data?
Retention periods vary by data type. Identity verification documents are kept for the duration of your account and for a regulatory retention window after closure, typically five to seven years depending on the licensing jurisdiction. Financial transaction records follow the same retention rule. Marketing preferences are deleted within 30 days of unsubscribing. Support chat transcripts are kept for two years for service quality and dispute resolution. Specific retention details for each category are listed in the operator's data retention policy, available on request from the privacy team.
After the retention window expires, personal data is either deleted or anonymised so it can no longer be linked back to you. Anonymised data may be kept indefinitely for statistical and research purposes, but it cannot be used to re-identify you and is not shared in a personally identifiable form.
Your rights under UK GDPR are extensive and the casino is required to honour them within strict timelines. You have the right of access, which means you can request a copy of all personal data the casino holds about you, free of charge, within one month of your request. The right of rectification lets you correct inaccurate data. The right of erasure, sometimes called the right to be forgotten, lets you request deletion of your data subject to the retention exceptions described above. The right of restriction lets you limit how your data is processed while a dispute is resolved. The right of portability lets you receive your data in a machine readable format. The right to object lets you opt out of specific processing activities such as marketing or profiling.
Exercising any of these rights is a single step. Email the privacy team at the address listed on the contact page with your request, including enough information to verify your identity. The casino will respond within one month, or sooner where possible, and will tell you immediately if a request cannot be fulfilled and explain why. If you are not satisfied with the response, you can escalate to the Information Commissioner's Office, which is the UK's independent data protection regulator.
Data sharing with third parties is limited to specific categories. Payment processors receive the minimum data needed to process your deposits and withdrawals. Identity verification services receive your ID documents to confirm your identity at registration and at first withdrawal. Game studios receive anonymised session data for game performance analysis. Marketing partners receive aggregated, non identifying data unless you have specifically consented to personalised marketing. The full list of data sharing partners and the purpose of each is available in the operator's data sharing addendum.
International data transfers happen because the operator and its service providers are located in different jurisdictions. Transfers outside the UK and EEA are protected by Standard Contractual Clauses approved by the European Commission, which require the receiving party to apply equivalent data protection standards. This means your data is protected by the same legal framework regardless of where it is physically processed.
Security measures protecting your data include encryption in transit using TLS 1.3, encryption at rest using AES 256, role based access controls limiting which staff can view which data, regular penetration testing by independent security firms, and a 24/7 monitoring team watching for unusual access patterns. No security is absolute but these measures meet or exceed industry standard expectations. For questions about cookies specifically, see the MaximalBet cookie policy.