burger icon
Spin Rio United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you visit or use the Spin Rio version of the Spin Rio online casino at https://spinrio.bet. It applies to players, registered account holders, and other visitors from the United Kingdom who interact with our website and related services in 2025. This Privacy Policy is effective from 6 November 2025 and forms part of the terms that govern your use of our services.

By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, you should not use the Spin Rio services provided through spinrio.bet.

Who We Are

For players located in the United Kingdom, the data controller responsible for your personal data in connection with the Spin Rio services provided via spinrio.bet is:

AG Communications Ltd
135, High Street, Sliema SLM 1548, Malta
("AG Communications", "we", "us", "our")

AG Communications Ltd is licensed and regulated by the United Kingdom Gambling Commission (Account Number 39483) to provide Remote Casino and Real Event Betting services to UK customers. For some back-end platform, payment, and operational activities, we may work with entities within the Aspire Global / NeoGames group, including entities licensed by the Malta Gaming Authority and other regulators, but AG Communications Ltd remains the primary data controller for UK-facing operations in 2025.

Registration Details

AG Communications Ltd is a limited liability company incorporated under the laws of Malta with its registered office at the address above. Further corporate and licensing details can be found on the UK Gambling Commission public register (Account Number 39483). Additional group licences (such as MGA/CRP/148/2007 and Irish Remote Bookmaker's Licence 1014834) relate to non-UK operations and may be relevant for international data transfers and group-level processing.

Data Protection Contact (DPO)

We have appointed a Data Protection Officer ("DPO") responsible for overseeing questions in relation to this Privacy Policy and our data protection practices.

Data Protection Officer
AG Communications Ltd
135, High Street, Sliema SLM 1548, Malta
E-mail: [email protected]

When contacting us, please include your name, the e-mail address used for your account, and sufficient details of your request so that we can identify you and respond efficiently.

What Personal Data We Collect

When you use the Spin Rio services at spinrio.bet in 2025, we collect and process various categories of personal data. The exact data collected will depend on how you interact with our services and which features you use.

Identification and Contact Data

  • Account details: full name, username, password or authentication credentials.
  • Contact details: e-mail address, phone number, residential address, country of residence, date of birth.
  • Verification data (KYC/AML): copies of identification documents (such as passports, ID cards, driving licences), proof of address (utility bills, bank statements), and any additional documents required for enhanced due diligence.

Technical and Device Data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, language settings.
  • Usage logs: login time and duration, pages visited, clicks, navigation paths, timestamps, and interaction logs with our games and features.
  • Security event data: failed login attempts, suspected fraudulent activity indicators, and relevant log files.

Payment and Financial Data

  • Transaction information: deposit and withdrawal details, payment method used, transaction amounts, currencies, and timestamps.
  • Payment instrument details: partial card numbers or tokens, bank account identifiers, and related verification data as processed by our payment partners (we do not typically store full card numbers ourselves).
  • Financial profiling data: information required by law for affordability checks, source-of-funds and source-of-wealth assessments where applicable.

Behavioral and Gaming Data

  • Gameplay history: bets placed, wins and losses, game preferences, session length, responsible gambling tools used (limits, time-outs, self-exclusion), and interaction patterns.
  • Marketing and communication history: your preferences for receiving marketing, records of consents and opt-outs, interaction with marketing messages (opens, clicks).

Communications and Support Data

  • Customer support records: e-mails, live chat logs, internal notes on your enquiries, complaint details, and resolutions.
  • Recorded communications: where permitted by law and clearly notified, we may record calls or chats for quality assurance, training, and evidence of transactions.

Cookies and Similar Technologies

  • Cookies: small files placed on your device to support core functionality (e.g. login, session management), remember preferences, and perform analytics and advertising where permitted.
  • Similar technologies: tracking pixels, tags, and local storage objects used for analytics, security, and marketing optimisation.

More detailed information about cookies and how to manage them is provided in the "Cookies & Tracking Technologies" section and in any dedicated cookie management interface available on spinrio.bet.

Legal Basis for Processing

We process your personal data only when there is a lawful basis to do so under the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018, and where relevant, aligned with the EU GDPR and comparable frameworks such as Mexican privacy laws. Depending on the specific processing activity, we rely on one or more of the following legal bases:

Performance of a Contract

  • Account creation and management: we process your identification, contact, and account data to set up and maintain your Spin Rio account and to provide access to games and betting services.
  • Payments and withdrawals: we process payment and financial data to accept deposits, issue withdrawals, and manage your player balance.
  • Customer support: we process communications and support data to respond to your queries, handle complaints, and provide ongoing service.

Compliance with Legal Obligations

  • Gambling, KYC and AML obligations: we process identity, verification, transaction, and behavioral data to comply with UK gambling regulation (including UK Gambling Commission requirements), anti-money laundering and counter-terrorist financing laws, and affordability assessment rules.
  • Tax and accounting: we retain and process transaction records to comply with applicable tax, regulatory, and accounting obligations.
  • Regulatory reporting: we may be legally required to report certain activities to regulators or law enforcement agencies, including suspicious activity reports.

Legitimate Interests

  • Service improvement and analytics: we use technical, usage, and behavioral data to monitor site performance, troubleshoot issues, enhance user experience, and optimise our products.
  • Fraud and abuse prevention: we process device, technical, and behavioral data to detect and prevent fraud, bonus abuse, money laundering, account takeover, and other security threats.
  • Business operations: we process data to manage risk, maintain internal records, secure our systems, and ensure business continuity, balanced against your rights and freedoms.

Consent

  • Marketing communications: we send electronic marketing (e.g. e-mail, SMS, push notifications) about Spin Rio offers only where we have your valid consent or another lawful basis. You can withdraw your consent at any time.
  • Optional cookies and similar technologies: we rely on your consent for non-essential cookies (such as analytics and advertising cookies) where required by law, using our cookie banners or preference tools.

Protection of Vital Interests and Legal Claims

  • Vital interests: in rare cases, we may process data to protect your or another person's vital interests (for example, where there is a serious threat to life or safety connected to gambling harm).
  • Legal claims: we may process data where necessary for the establishment, exercise, or defence of legal claims in court or before regulatory authorities.

Purpose of Processing

We use personal data for clearly defined purposes that are compatible with the legal bases described above.

Provision of Casino and Betting Services

  • Operating your account: enabling registration, verification, login, and secure access to the Spin Rio services at spinrio.bet.
  • Game play and betting: processing your bets, displaying game outcomes, managing jackpots and tournaments, and crediting or debiting your balance.
  • Customer support: communicating with you regarding any issue, including refunds, complaints, and service announcements.

Regulatory Compliance and Responsible Gambling

  • KYC and AML checks: verifying your identity, age, location, and source of funds, and monitoring gambling patterns for compliance with UK regulations and group-level obligations in 2025.
  • Responsible gambling tools: implementing deposit limits, reality checks, time-outs, self-exclusion (including integration with GamStop where applicable to UK players), and proactive interventions.

Analytics, Service Improvement and Security

  • Analytics and performance: analysing technical and behavioral data to understand how our services are used, identify errors, and improve usability and game selection.
  • Security monitoring: monitoring for suspicious activity, preventing fraud, and protecting accounts against unauthorised access.

Marketing and Personalisation

  • Marketing communications: sending promotional messages about Spin Rio offers, bonuses, and tournaments where permitted by law and your preferences.
  • Personalised content: tailoring promotions and recommendations based on your profile and gameplay, subject to your consent and the right to object.

Disclosure & Sharing

We treat your personal data as confidential but may share it with carefully selected third parties where necessary for the purposes described in this Privacy Policy and in accordance with UK GDPR and equivalent protections.

Payment Partners and Financial Institutions

  • Payment processors: banks, card schemes, e-wallet providers, and other payment service providers that process deposits and withdrawals, perform anti-fraud checks, and fulfil regulatory obligations.
  • Chargeback and risk management providers: entities that assist in managing disputes, chargebacks, and financial risk.

Group Companies and Service Providers

  • Group entities: related companies within the Aspire Global / NeoGames group (including Malta- and Ireland-based entities) that provide platform, technology, risk, or customer services, acting as processors or joint controllers where appropriate.
  • IT and hosting providers: cloud hosting, data storage, cybersecurity, and technical support providers.
  • Analytics and marketing providers: tools and agencies that support analytics, campaign management, and customer relationship management, subject to your preferences and consent.

Regulators, Authorities and ADR Bodies

  • Regulators: the United Kingdom Gambling Commission and other competent authorities, where required for licensing, compliance audits, or investigations.
  • Law enforcement and supervisory authorities: police, tax authorities, data protection regulators (such as the UK Information Commissioner's Office), and similar bodies, where required or permitted by law.
  • ADR providers: where a dispute is referred to an approved alternative dispute resolution body, relevant information about your account and transactions may be shared as necessary to handle the case.

Affiliates and Advertising Networks

  • Affiliates: marketing partners who refer players to us may receive limited information (for example, confirmation of registration or aggregated performance metrics) to calculate commissions.
  • Advertising networks and social media: where you consent to marketing cookies or similar technologies, pseudonymised identifiers may be shared with advertising networks to measure performance and deliver relevant ads.

Corporate Transactions

  • Business transfers: if we undergo a corporate transaction such as a merger, acquisition, restructuring, or sale of assets, personal data may be shared with prospective or actual buyers and their advisers, subject to appropriate confidentiality and data protection safeguards.

International Transfers

Because AG Communications Ltd and its group operate internationally, your personal data may be transferred to and processed in countries outside the United Kingdom, including within the European Economic Area ("EEA") and in other jurisdictions where some of our service providers are located.

Transfers within the Group and to Processors

  • EEA and Malta: data may be transferred to Malta and other EEA states where group entities or service providers host systems or deliver services. These transfers benefit from the UK's adequacy regulations or equivalent EU adequacy decisions where applicable.
  • Other countries: in limited cases, service providers may be located in countries that do not provide a level of data protection equivalent to the UK or EEA (for example, certain technology or security vendors).

Safeguards for International Transfers

  • Standard contractual clauses and IDTA: where required, we implement the UK International Data Transfer Agreement and/or EU Standard Contractual Clauses (with any UK Addendum) with recipients to ensure appropriate safeguards.
  • Additional measures: we carry out transfer risk assessments, apply technical measures (such as encryption and pseudonymisation), and restrict access on a need-to-know basis.
  • Transparency: you can contact our DPO at [email protected] for more details about specific safeguards applicable to transfers relevant to your data in 2025.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements, and then securely delete or anonymise it.

General Retention Principles

  • Account-related data: core account and identification data are typically retained for the duration of your active account and for at least five (5) years after account closure, to comply with gambling and AML laws, and to handle any legal claims or regulatory enquiries.
  • Financial and transaction records: transaction data are retained for the periods required by tax and anti-money laundering legislation, which may be up to five (5) to seven (7) years from the end of the relevant business relationship or transaction.
  • Customer support and complaint records: communications and complaint files are usually retained for up to five (5) years after resolution, or longer where necessary for regulatory or legal reasons.
  • Marketing data: we retain marketing preference data until you opt out, plus a short period to record and respect your opt-out decision.

Deletion and Anonymisation

  • Deletion criteria: when data are no longer needed for the purposes for which they were collected and no longer required by law, we either delete or irreversibly anonymise them.
  • User requests: subject to legal and regulatory obligations, we will also consider your requests for deletion or restriction of processing as set out in the "Your Rights" section.

Your Rights

Under the UK GDPR and the Data Protection Act 2018, and in alignment with the EU GDPR and comparable frameworks such as the Mexican Federal Law on Protection of Personal Data Held by Private Parties, you have several rights in relation to your personal data. These rights apply subject to conditions and legal exemptions.

Key Data Protection Rights

  • Right of access: you can obtain confirmation of whether we process your personal data and request a copy of the data, together with information about how we use it.
  • Right to rectification: you can request that inaccurate or incomplete personal data be corrected or updated. In many cases, you can update certain details directly through your Spin Rio account at spinrio.bet.
  • Right to erasure ("right to be forgotten"): you can request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent (if consent was the legal basis), or where processing is unlawful. This right may be limited where we must retain data to comply with legal or regulatory obligations.
  • Right to restriction of processing: you can request that we restrict processing in certain circumstances (for example, while we verify the accuracy of data or assess an objection).
  • Right to object: you can object at any time to processing based on our legitimate interests, including profiling for responsible gambling or marketing purposes, and we will cease processing unless we demonstrate compelling legitimate grounds or the processing is necessary for legal claims.
  • Right to data portability: where processing is based on consent or a contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format and ask that it be transmitted to another controller where technically feasible.
  • Right to withdraw consent: where we rely on your consent (for example, for marketing communications or certain cookies), you may withdraw that consent at any time, without affecting the lawfulness of processing before withdrawal.

Alignment with Mexican "ARCO" Rights

Although the Spin Rio services are focused on the UK and governed primarily by UK law, our practices are designed to align with the core rights recognised in Mexican privacy legislation (ARCO rights: Access, Rectification, Cancellation, and Opposition) where those laws may apply to relevant users. In practice, these rights correspond closely to the UK/EU rights of access, rectification, erasure, and objection described above.

How to Exercise Your Rights

  • Submitting a request: you can exercise your rights by contacting our DPO at [email protected] or using any dedicated privacy request tools made available on spinrio.bet.
  • Information required: we may ask you to provide information to verify your identity (for example, confirming account details or providing a copy of identification) before fulfilling your request.
  • Response times: we aim to respond to all valid requests within one (1) month (30 days) of receipt in 2025. This period may be extended by up to a further two (2) months for complex or numerous requests, in which case we will inform you of the extension and reasons.
  • Fees: requests are generally handled free of charge. We may charge a reasonable fee or refuse to act on clearly unfounded or excessive requests, in accordance with UK GDPR.

Cookies & Tracking Technologies

We use cookies and similar technologies on spinrio.bet to support the operation of the Spin Rio services, improve performance, and enhance your experience. Some cookies are essential for the website to function, while others are optional and used only with your consent where required.

Types of Cookies We Use

  • Strictly necessary cookies (session cookies): required for basic site functionality, such as keeping you logged in, processing transactions, and ensuring security. These are usually session-based and are deleted when you close your browser.
  • Functional cookies (persistent or session): used to remember your preferences, such as language, region, and display settings, to make your experience more convenient.
  • Analytics and performance cookies: help us understand how visitors use the site (for example, which pages are viewed, time spent, and error messages) so that we can improve performance and usability.
  • Advertising and targeting cookies: used to deliver relevant advertising and measure the effectiveness of our campaigns, sometimes in cooperation with advertising networks or affiliates, subject to your consent.

Managing Cookies

  • Browser settings: most web browsers allow you to control cookies through their settings, including blocking or deleting cookies. However, blocking essential cookies may affect your ability to use key functions of the Spin Rio services.
  • On-site tools: where available, you can manage your cookie preferences via the cookie banner or cookie settings panel on spinrio.bet, enabling or disabling non-essential cookies.
  • Further information: for more details about specific cookies used in 2025, their duration, and providers, please refer to any dedicated cookie policy or cookie table accessible through our website.

Data Security

We take the security of your personal data very seriously and implement technical and organisational measures designed to protect it against unauthorised access, loss, alteration, or disclosure, consistent with industry standards and regulatory expectations for UK-licensed gambling operators.

Technical Security Measures

  • Encryption in transit and at rest: data transmitted between your browser and our servers is protected using Transport Layer Security (TLS) version 1.2 or higher, and sensitive data is encrypted at rest where appropriate.
  • Access controls and authentication: we apply strict access controls so that only authorised personnel and service providers can access personal data, using strong authentication mechanisms and role-based permissions.
  • Network and system security: we maintain firewalls, intrusion detection and prevention systems, anti-malware solutions, and regular vulnerability management practices.

Organisational Measures

  • Policies and training: staff with access to personal data receive regular training on data protection, information security, and responsible gambling obligations, and are bound by confidentiality commitments.
  • Security audits and monitoring: we conduct internal and, where appropriate, external audits and assessments of our security controls, and continuously monitor systems for suspicious activity.
  • Vendor due diligence: we assess service providers' security and privacy practices and include data protection and security obligations in our contracts.

Incident Response

  • Breach management: we maintain incident response procedures to identify, assess, and respond to data security incidents promptly.
  • Notification: where a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required by law, inform you without undue delay, providing information and guidance on protective steps.

We aim to align our security posture with recognised international standards and frameworks (such as ISO 27001 and SOC 2) where appropriate for our operations and those of our key service providers, while meeting or exceeding UK Gambling Commission expectations for remote gambling operators in 2025.

Complaints & Contacts

If you have any questions, concerns, or complaints about how we handle your personal data in connection with the Spin Rio services, you should contact us first so that we can try to resolve the issue.

Contacting Us

  • Data Protection Officer (primary contact):
    E-mail: [email protected]
    Postal address: Data Protection Officer, AG Communications Ltd, 135, High Street, Sliema SLM 1548, Malta
  • Online contact: where available, you may also use any dedicated privacy or contact forms accessible through spinrio.bet.

Complaint Handling Procedure

  1. Submit your complaint: provide a clear description of your concern, including your name, registered e-mail address, and any relevant account or reference numbers.
  2. Acknowledgement: we will acknowledge receipt of your complaint and assign a reference where applicable.
  3. Investigation: our team, with the involvement of the DPO where necessary, will review the matter, gather relevant information, and assess our compliance with applicable data protection laws.
  4. Response: we aim to provide a substantive response within one (1) month (30 days) of receiving your complaint. For complex matters, this period may be extended by up to two (2) additional months, and we will inform you of any extension and reasons.
  5. Further steps: if you remain dissatisfied, you may escalate your complaint to the relevant supervisory authority as described below.

Supervisory Authorities

  • United Kingdom - Information Commissioner's Office (ICO):
    Website: https://ico.org.uk
    Telephone (UK): +44 303 123 1113
    Postal: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
  • European Union / EEA: if you interact with our services from within the EEA under EU GDPR, you may also have the right to lodge a complaint with your local data protection authority or, where applicable, with the data protection authority responsible for any relevant EU-based group entity.
  • Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI):
    Website: https://home.inai.org.mx
    Where Mexican data protection law applies, you may lodge a complaint with INAI in accordance with local procedures, in addition to contacting us directly.

Lodging a complaint with a supervisory authority does not affect any other administrative or judicial remedies you may have.

Updates

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data protection practices. The version posted on spinrio.bet at any given time applies to the use of your data at that time.

Notification of Changes

  • Advance notice for significant changes: where we make material changes that significantly affect how we process your data, we will provide notice at least thirty (30) days in advance where practicable, for example by e-mail, in-account messages, or prominent banners on spinrio.bet.
  • Ongoing information: for less significant updates (for example, editorial changes or clarifications), we will update the Privacy Policy and adjust the "Last updated" date without necessarily providing individual notice.

Version Control and Last Updated Date

Last updated: November 2025.

We keep internal records of previous versions of this Privacy Policy. You may request a copy of earlier versions from our DPO if you need to understand how your data was processed at a particular point in 2025.

Your Options When Changes Occur

  • Continued use: if you continue to use the Spin Rio services at spinrio.bet after a revised Privacy Policy takes effect, your use will be subject to the updated policy.
  • Right to object or close your account: if you do not agree to a material change, you may object to certain processing activities where permitted by law or close your account. We will continue to process your data only to the extent necessary to comply with legal obligations and to retain records for the retention periods described above.