Privacy Policy for Online Poker

PRIVACY POLICY

This Privacy Policy is effective from June 12, 2026

Current Version: 20260612 (Click here for document history)

GGPoker is concerned with protecting the privacy of any Personal Data that you may choose to provide to us (“Personal Data”). GGPoker will ensure that the Processing of your Personal Data is compliant with the United Kingdom General Data Protection Regulation, (“UK GDPR”). After the exit of the United Kingdom from the European Union from the GDPR regime, the UK has retained and adopted the GDPR into the domestic law which is now known as the United Kingdom General Data Protection Regulation (UK GDPR). Accordingly, GGPoker issues this Policy to inform you of our use of your Personal Data.

1. Introduction

1.1 This Privacy Policy sets out the way in which GGPoker (“we” or “us”), a company which is operated by NSUS Ltd., a company incorporated in Ireland with its registered office in NSUS Ltd., Suite C, Apex Business Centre, Blackthorn Road, Sandyford, Dublin 18, Republic of Ireland which in turn forms part of NSUS Group.

1.2 GGPoker collects, Processes and retains Personal Data and ensures that the below steps are taken by us to protect such Personal Data.

1.3 By utilising our services, you acknowledge that you have read the terms of this Privacy Policy. If you do not wish to provide your Personal Data on the basis set out in this Privacy Policy, you should not enter the relevant information on the Website or provide your Personal Data to us otherwise. However, if you do not provide your Personal Data, you may not be able to use all of the services.

1.4 Capitalised terms not defined in this Privacy Policy shall be as defined in the Terms & Conditions.

This Privacy Policy is incorporated into, and forms part of, the Terms & Conditions.

1.5 Definitions:

The following terms “Anonymisation”, “Controller”, “Processor”, “Data Subject”, “Data Portability” “Personal Data”, “Processed/Processing”, “Pseudonymisation”, “Cross-Border processing of Personal Data”, “Supervisory Authority” used in this document shall have the same meaning as in the UK GDPR:

“Group” means the NSUS group companies, namely NSUS Group Inc. (Canada), NSUS LAB Korea (South Korea).

“You” means the player, the ‘Data Subject’ who is using the services of GGPoker.

“Visitor” means an individual other than a user, who uses the public area, but has no access to the restricted areas of the Site or service.

1.6 Principles:

This Policy is based on the following UK GDPR principles:

The Processing of Personal Data shall take place in a lawful, fair and transparent way;
The collection, processing and retention of Personal Data shall only be performed for specified, explicit and legitimate purposes and no further processing will take place which is incompatible with those purposes;
The collecting and retaining of Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purpose for which they are Processed;
The Personal Data shall be accurate and where necessary, kept up to date;
Every reasonable step shall be taken to ensure that Personal Data that is inaccurate having regard to the purposes for which they are Processed, are erased or rectified without delay;
Personal Data shall be kept in a form which permits identification of the Data Subject for no longer than it is necessary for the purpose for which the Personal Data is procured
All Personal Data shall be kept confidential and stored in a manner that ensures appropriate security;
Personal Data shall not be shared with third parties except when necessary in order for them to provide services upon agreement in which case the Data Subject;
Data Subjects shall have the right to request access to and rectification or erasure of Personal Data, or restriction of Processing, or to object to Processing as well as the right of Data Portability.

2. The Information we collect:

2.1 As part of providing you with the services, we collect your Personal Data on registering an account. We collect, use, store and transfer the following kinds of Personal Data about you:

first name
surname
email address
mobile number
date of birth,
government ID information
electronic location information and electronic device information – this covers passport/license, MAC address and IP address.
occupation
proof of source of income and source of wealth if the player meets the threshold for an enhanced due diligence
information of income in order to verify affordability levels of the player, if the player meets such thresholds which require the Company to conduct an affordability check for the player

2.2 As part of providing you with the services, we also collect information about the transactions you undertake, including details of payment cards used, details of the games you played and underlying gaming transactions.

2.3 We also collect, use and share aggregated data such as statistical data for any purpose. Aggregated data could be derived from your personal data, but it is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate data relating to the use of the services by you and other customers. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

2.4 We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Category	Specific Data	Purpose(s)	Lawful Basis	Retention
Contact Information	First name, Surname, Address (physical & e-mail) Date of Birth In-game Nickname	Customer account creation, customer support/reply to any communications, and provision of services. We may need to share your Personal Data with the Group in order to provide you with our services	Legal Obligations under laws such as Gambling Legislation and Anti-Money Laundering (“AML”).	5 years from account termination unless otherwise mandated by competent authorities in which case the maximum amount will not exceed 10 years from account termination.
Contact Information	**First name & Surname In-game Nickname National Flag	**to publish your details publically on Our platforms if You win an event, or when such events are broadcasted.
Identification, Verification & Profession	Contact Information ID Correspondence Number and call recordings Gambling Patterns Place & Date of birth Nationality Occupation Expected level of activity PEP, Sanctions & adverse media screening Financial & Payment Information	Identity verification, fraud prevention, obligations under Anti-Money Laundering (“AML”), responsible gaming laws, and general regulatory compliance. We may need to share your Personal Data with the Group and Third Parties to honour our legal obligations; Generating internal customer-reports, to comply with the above laws	Legal Obligations under laws such as Gambling Legislation and AML	5 years from account termination unless otherwise mandated by competent authorities in which case the maximum amount will not exceed 10 years from account termination.
Electronic Identifiers & Technical Info	IP address, MAC address, Device ID, Geolocation Gameplay, patterns, & in-game identifiers (such as in-game ID)	Security monitoring, AML/KYC, fraud, anti-cheating detection, Responsible Gambling & access control & website functionality; Generating internal customer-reports to comply with the above laws	Legal Obligations under laws such as Gambling Legislation and AML	5 years from account termination unless otherwise mandated by competent authorities in which case the maximum amount will not exceed 10 years from account termination.
Marketing (including for retargeting)	Name Surname E-mail Mobile Chosen Social Media (such as Meta) account ID Performance Cookies	Relevant communications about marketing products and/or bonuses, reaching new, similar audiences and retargeting of current customers’ e-mail in furtherance of the above. This includes sharing Personal Data with the Group and different advertising providers (including Meta (Ireland)) The above depends on how the customer requests to be contacted (E-mail, SMS, or Social Media).	Consent	Until such consent is withdrawal. This can occur either when the customer withdraws their consent unilaterally, or when We contact the customer to validate whether their initial consent is still valid, whichever the sooner
Marketing (including for retargeting)	*In-game Activity Level	Personalisation services within the website *Promotional bonuses or other relevant incentives (unless the personalisation thereof is prohibited by law) may be granted, depending on customer activity
Financial & Payment Information	Income details Source of wealth/funds Payment method verification Bank Details Credit check	Affordability checks, AML compliance, payment processing; Generating internal customer-reports for AML/KYC, fraud, anti-cheating detection & Responsible Gambling	Legal Obligations under laws such as Gambling Legislation and AML	5 years from account termination unless otherwise mandated by competent authorities in which case the maximum amount will not exceed 10 years from account termination
Biometric Data	Fingerprints Facial recognition	Remote onboarding/KYC, including age & identity verification and ongoing AML/CFT controls, and industry-standard Information Security Standard.	Legal Obligations under PMLA/PMLFTR, FIAU Implementing Procedures, and MGA licensing framework (customer verification). Moreso, Processing is necessary for reasons of substantial public interest (prevention of money laundering and terrorist financing) based on FIAU Implementing Procedures Parts I and II	5 years from account termination unless otherwise mandated by competent authorities in which case the maximum amount will not exceed 10 years from account termination
AI Customer Support (AskGG)	Chat inputs and transcripts; Contact Information Identification,Verification, Profession Electronic Identifiers & Technical Info Financial & Payment Information	To provide real-time, contextual customer support via our AI assistant, and quality assurance of the AI service. PII-stripped data is used for prompt-tuning. Raw data is not used to train AI models.	Legitimate Interest in the provision of enhanced, automated customer support, service optimisation, and quality assurance. *Retention of correspondence relating to compliance, responsible gaming, or anti-money laundering is based on our Legal Obligations under laws such as Gambling Legislation and AML	General inquiries are retained for 6 months from the date of the correspondence. *Correspondence concerning general compliance, responsible gaming, or AML are retained for 5 years from account termination, unless otherwise mandated by competent authorities. In such cases, the maximum amount will not exceed 10 years from account termination.
Self-Exclusion	Contact Information; Electronic Identifiers; Identification, Verification & Profession: Financial & Payment Information Marketing (including for retargeting)	To prevent self-excluded customers from accessing their current account (and creating new accounts), which included sharing the Personal Data with the respective national self-exclusion register.	Legal Obligations under laws such as Gambling Legislation and Anti-Money AML	Duration of self-exclusion request

3. Disclosing your Personal Information

3.1 We may disclose your Personal Data to the following third parties:

Any company within our Group (including to its employees and subcontractors) which assists us in providing the services or which otherwise has a need to know such information;

Any third party which assists us in providing the services, including (but not limited to) payment processors and marketing service providers, including;

Type of Service	Location
Game Providers	Malta, Cyprus, Romania, UK
Hosting Services Providers	Malta, USA
ID Verification	Malta, Netherlands, Germany, Sweden, Romania, USA, UK
Internal Tools	Malta, USA, Canada
Marketing	USA
Payment Services Providers	Malta, Luxembourg, Netherlands, Cyprus, Ireland, Sweden, Canada, Isle of Man, UK
Vault Service Providers	France
Communication Tools & Customer Support	Malta, USA, Philippines,
AI Infrastructure ProviderAI Infrastructure Provider	Malta, USA

Any third party which can assist us in verifying the accuracy of your Personal Data, including financial institutions and credit reference agencies (a record of the search may be retained by such third party. Security use/plan to use will fall under this category for ID and Document checks
Any third party who assists us in monitoring use of the services, including the detection of money laundering or the financing of terrorism, the detection and prevention of fraud and collusion and in respect of safer gambling obligations;
Any contractors or other advisers auditing any of our business Processes or who have the need to access such information for the purpose of advising us;
Any law enforcement body which may have any reasonable requirement to access your Personal Data;
Other online gaming sites, banks, credit card companies, and appropriate agencies, where you are found to have cheated or attempted to defraud us or any other user of our services;
Any regulatory body or authorised entity which may have any reasonable requirement to access your Personal Data; and
Any potential purchaser of GGPoker or any investors in it or in any company within our Group (including in the event of insolvency).

3.2 We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with instructions.

3.3 The Company gives its customers the possibility to make use of “chat rooms” where players can communicate with each other. Whilst we will ensure that the players follow the terms as set in the House Rules, we will not be responsible for any data breaches that might arise from the use of our chat rooms. Therefore, you accept responsibility and under no circumstance shall we be held responsible for any damages that might arise from any breach of data.

3.4 AI Infrastructure: Where we utilise enterprise AI infrastructure (such as Microsoft Azure) to power our automated support, your data remains strictly within our secure enterprise boundary. Customer data is expressly prohibited from being used to train the third-party provider's foundational models.

4. International Transfers

4.1 Companies within our Group and some of our external third parties are based outside the United Kingdom (UK) so their processing of your Personal Data will involve a transfer of data outside the UK.

4.2 Whenever we transfer your Personal Data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data under UK adequacy regulations (often referred to by the UK Government as "data bridges"); or
We will use specific contracts approved by the Information Commissioner’s Office (ICO) or the UK Government (such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses), which give Personal Data a level of protection which is essentially equivalent to that it has in the UK.

4.3. In accordance with Article 45 of the UK GDPR, we provide your Personal Data to our inter-company recipients, other third parties and suppliers in the following countries, based on UK adequacy regulations (data bridges):

The European Economic Area (EEA), based on the UK's adequacy regulations for the EEA;
Canada, based on transitioned UK adequacy regulations (specifically for data subject to Canada's Personal Information Protection and Electronic Documents Act);
South Korea, based on the UK’s adequacy regulation (data bridge) which came into effect on 19 December 2022;
Switzerland, based on transitioned UK adequacy regulations;
Isle of Man, based on transitioned UK adequacy regulations.

In accordance with Article 46(2) of the UK GDPR, we may provide your Personal Data to our identity verification and mailing system services suppliers, Affiliates/partners in prevention of fraud/cheating, and to the Chatroom provider, in the following countries based on appropriate safeguards, namely the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (issued by the ICO under Section 119A(1) of the Data Protection Act 2018):

5. Data Subject Rights

5.1 We respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided through your use of the services. Under certain circumstances, you have rights under data protection laws in relation to your Personal Data.

Your principal rights under the UK GDPR are:

the right to access your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
the right to rectification of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
the right to erasure of your Personal Data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
the right to restrict processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- if you want us to establish the data’s accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims;
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
the right to object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
the right to data portability of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

5.2 If you wish to exercise any of the rights set out above, you may contact us by email: data-protection@ggpoker.co.uk . We will retain your information for as long as your account is active, as needed to provide you services, or to comply with our legal obligations, resolve disputes and enforce our agreements as described in section 11.

5.3 You may also update, correct, or delete your Account information and preferences at any time by accessing your Account settings page on the ‘My Account’ tab in the Cashier. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. Where appropriate and possible, we shall apply Anonymisation or Pseudonymisation to Personal Data to reduce the risks to the Data Subjects.

5.4 You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

5.5 We may need to request specific information from you to help us confirm your identity and ensure your rights to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.

5.6 Should we fail in abiding with the required data protection obligations, you shall have the right to complaint to the Information Commissioner’s Office (ICO).

6. Contacting us

6.1 For full details about GGPoker Group members and where they operate please contact us at data-protection@ggpoker.co.uk.

6.2 If at any time you believe that we have not adhered to this Privacy Policy, please contact us at data-protection@ggpoker.co.uk and we will seek to promptly determine and correct the problem.

7. Cookies

7.1 You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see https://ggpoker.co.uk/cookie-policy/.

8. Minors and Children’s Privacy

8.1 Protecting the privacy of minors is especially important. Our service is not directed to children under the age of 18, and we do not knowingly collect Personal Data from children under the age of 18. If you are under 18 years of age, then please do not use or access the service at any time or in any manner. If we learn that Personal Data has been collected on the service from persons under 18 years of age, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has obtained an Account on the service, then you may alert us at data-protection@ggpoker.co.uk and request that we delete your child’s Personal Data from our systems.

9. Security

9.1 We take appropriate security measures to protect against loss, misuse and unauthorized access, alteration, disclosure, or destruction of your information. GGPoker has taken steps to ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services Processing Personal Data, and will restore the availability and access to information in a timely manner in the event of a physical or technical incident.

9.2 Your winnings and cash-outs are kept strictly confidential, and winnings information is stored in secure operating environments. We do not provide winnings information to any third party unless such information is required to be disclosed by law, regulation or a similar governmental authority.

9.3 No method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the service, however, we shall ensure that adequate security mechanisms designed to protect Personal Data will be used to prevent Personal Data from being stolen, misused or abused, and to prevent Personal Data breaches. If you believe your Personal Data has been compromised, please contact us at data-protection@ggpoker.co.uk

9.4 Although we may allow you to adjust your privacy settings to limit access to certain Personal Data, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users with whom you may choose to share your information. We cannot and do not guarantee that information you post on or transmit to the service will not be viewed by unauthorized persons. We have taken the necessary steps to protect as much as possible your Personal Data in transit by utilising HTTPS on our Website and TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_256_GCM (a strong cipher).

10. Data Retention

10.1 Personal Data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

10.2 To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

11. Data Protection Officer/Representative

11.1 Our data protection representative who is responsible for matters relating to privacy and data protection at GGPoker can be reached at: data-protection@ggpoker.co.uk

11.2 In accordance with the applicable legal regulations governing the protection of Personal Data, each request/inquiry will be resolved without undue delay and at the latest within 30 days of receipt.

11.3 When contacting and posting such requests, we will invest reasonable efforts to confirm your identity and to prevent unauthorized Personal Data processing.

12. Changes to this Privacy Policy

12.1 As the Company evolves, there may be the need to update this Policy to keep pace with changes to the website, software, services, business and Applicable Laws. We will however, always maintain our commitment to respect the Data Subject’s privacy. We will ensure that we will notify the Data Subjects with any material changes under this Policy by email (the most recent email provided by the Data Subject) or post any other revisions to this Policy along with their effective date, in an easy-to-find area of the website.

13. GGPass Service

13.1 GGPass is a service offered to provide You with a Single Sign-On (SSO) for enhanced onboarding and account management across other platforms within the GGNetwork.

13.2 By utilising GGPass to facilitate access to other platforms within the GGNetwork, You agree to the transferring of your data to a third party. The legal basis for the transferring of that data is your Consent. However, the third party acts as a separate Data Controller, and any data processing performed by it, is done independently of Us. If You use GGPass to facilitate the onboarding and account management with a third party, that third party becomes a Data Controller of your Personal Data.

13.3 User information that will be transferred through the GGPass service includes the following (where available):

first name
surname
email address
gender
address
nationality
place of birth
mobile number
date of birth
account status
player notes
Proof of Identity documents (Government ID, Passport)
Proof of Address documents (Utility Bills, Bank Statement and Government correspondence)

13.4 By utilizing GGPass, you expressly consent to the processing of your personal data as described herein, authorizing and ratifying the transfer of such data to Group entities for the provision of GGPass services, or to third parties, as chosen by You.

14. Validity

This document was updated on June 12, 2026 and is effective from that date.

Contact: Data Protection Officer
Email: data-protection@ggpoker.co.uk
Company Address: NSUS Ltd., Suite C, Apex Business Centre, Blackthorn Road, Sandyford, Dublin 18, Republic of Ireland

Information of our UK GDPR Representative

Contact: Ametros Group Ltd
Company Address: Lakeside Offices, Thorn Business Park, Rotherwas Industrial Estate
Hereford, Herefordshire, England HR2 6JT
Email: gdpr@ametrosgroup.com
Website: www.ametrosgroup.com

GGPOKER