bizzo casino logo
EN DE EN DE PL HU IT ES EN

Scope, regulatory context, and controller identification

This Privacy Policy sets out how Bizzo Casino processes personal data in connection with access to eastparaderooftop.com and the associated services, including account, gameplay, and support functions. It is designed for a global audience and is drafted to reflect widely accepted personal data protection standards, including principles aligned with the GDPR where they are relevant to the circumstances of processing. For the purposes of this document, the data controller is the entity responsible for determining the means and purposes of data processing carried out through the Domain, unless a specific service feature clearly identifies a different controller. This Policy applies to privacy, users, and data security considerations across web, mobile, and support channels, and it covers both automated and non automated processing. It does not govern third party services that are not controlled by the controller, even if they are accessed through links or integrations on the Domain.

Definitions and interpretation

Personal data means any information relating to an identified or identifiable natural person, including identification data, registration data, and online identifiers associated with account access. Data processing means any operation performed on personal data, such as collection, recording, organization, storage, consultation, disclosure, or erasure, whether carried out by automated means or otherwise. Financial data refers to payment related details necessary to process deposits, withdrawals, chargebacks, and fraud prevention controls, and it may include limited transaction metadata and tokenized payment references. Login details include credentials and security elements used to authenticate access, such as hashed passwords and multifactor artifacts, and they are treated as sensitive from a security perspective even where they are not classified as special category data. Files, including system logs and device generated records, are processed where required to maintain service integrity, document actions, and support accountability.

Categories of personal data processed by Bizzo Casino

From a regulatory standpoint, Bizzo Casino limits the categories of personal data to what is necessary for defined and legitimate purposes, and it applies data minimization to reduce exposure. The controller may process identification data such as name, date of birth, nationality, and verification attributes needed for compliance checks, and it may also process registration data such as email address, phone number, and account preferences. Technical data may be processed to secure the service, including IP address, device identifiers, session attributes, and records derived from cookies that support authentication and fraud detection. Where payments are used, the controller may process financial data required to execute transactions, apply anti fraud controls, and maintain accounting records, while seeking to avoid storage of full card numbers when tokenization is available. Support interactions may generate records that contain personal data, including correspondence, complaint details, and evidence files submitted for verification or dispute handling.

The controller may process verification records to satisfy legal obligations and manage integrity risks, which can include copies or extracts of identification documents and results of screening checks. Such records are handled under restricted access rules and are retained only for as long as required by applicable legal duties and defensible limitation periods. Where risk scoring is applied for fraud prevention, it is based on transactional and technical indicators rather than unrelated profiling, and it is subject to periodic review to reduce false positives. The processing of such records is documented to support accountability and demonstrate compliance.

How personal data is collected and generated

Operationally, personal data is obtained when an account is created, when profile fields are completed, and when communications are submitted to support channels, including through structured forms on the Domain. Personal data is also generated through normal use of the service, such as when gameplay events are logged for integrity purposes or when security systems create audit entries. The controller may receive personal data from payment providers, identity verification vendors, and fraud prevention partners to the extent necessary to confirm transactions, verify identity, and prevent misuse. Certain technical attributes are collected through cookies and similar technologies that place or read identifiers on a device, subject to applicable consent rules and configuration options. Where permitted by law, the controller may also obtain publicly available data or sanctioned lists to meet compliance duties, while ensuring that collection remains relevant and proportionate.

Data accuracy expectations and limitation

The controller takes reasonable steps to keep personal data accurate and up to date, including allowing account holders to update contact information and preferences. Where inaccuracies are identified through verification checks or support interactions, corrective actions may be requested and recorded with appropriate evidence. The controller does not attempt to infer identity attributes from unrelated activity, and it does not require personal data that is not necessary for the stated purposes. If certain data is not provided, the service may be unable to complete particular actions, such as withdrawals or regulatory checks, and such limitations are communicated at the point of collection.

The processing of personal data is carried out on lawful grounds that are recognized across major data protection frameworks, including bases aligned with GDPR concepts where relevant. Contract necessity applies where data processing is required to provide the requested services, including account administration, gameplay participation, and payment execution. Legal obligation applies where the controller must perform identity verification, anti money laundering controls, or record keeping duties, and it may require the collection of specific identification data and transaction evidence. Legitimate interests may apply to security monitoring, fraud prevention, and service integrity, provided that such interests are balanced against the rights and freedoms of individuals and accompanied by appropriate safeguards. Consent is used where required, particularly for certain cookies and optional communications, and consent may be withdrawn at any time with effect for future processing.

Purposes of processing and functional uses

Bizzo Casino processes personal data for clearly defined purposes, and each purpose is tied to a necessity assessment and a retention rule. Core purposes include creating and managing accounts, authenticating access using login details, and enabling participation in games and related service features. Compliance purposes include verifying identity, applying responsible gaming safeguards where required, conducting transaction monitoring, and responding to lawful requests from competent authorities. Security purposes include detecting suspicious activity, preventing account takeover, maintaining audit trails, and testing protections to reduce unauthorized access. Service management purposes include troubleshooting, customer support operations, and internal reporting that uses aggregated or de identified outputs where feasible. Where the controller uses automated tools to flag risk patterns, it applies human oversight for consequential decisions that materially affect access to funds or account status.

Restricted use and purpose limitation

Personal data collected for verification is not repurposed for unrelated objectives, and access is limited to trained personnel under documented procedures. Technical and log files are used to ensure availability, diagnose incidents, and support investigations of potential breaches, and they are not used to infer unrelated personal characteristics. Where communication preferences exist, they are implemented to ensure that optional messages are sent only when an appropriate legal basis exists. The controller does not sell personal data, and it does not disclose personal data to third parties for independent marketing use.

Data retention and deletion standards

A defined retention policy applies to personal data to ensure storage limitation and to support auditability and regulatory compliance. Account related registration data is generally retained while the account remains active and for a further period of 12 months after closure to address disputes, enforce terms, and maintain security records, unless a longer period is mandated by law. Verification and compliance records may be retained for 5 years from the completion of the relevant checks or the end of the business relationship, reflecting common regulatory requirements in multiple jurisdictions. Transaction and financial data may be retained for 7 years to satisfy accounting and tax related duties, subject to local law variations and proportionality controls. Security logs and related files are retained for durations calibrated to risk, typically between 30 days and 180 days, unless incident handling requires extended preservation. Where deletion is technically constrained, the controller applies irreversible anonymization or strong access restriction to ensure that the data is no longer used for active purposes.

Disclosure, sharing, and onward processing

Regulatory compliance requires controlled disclosure arrangements, and the controller shares personal data only to the extent necessary for the stated purposes. Personal data may be shared with payment processors, identity verification providers, and fraud prevention services acting as processors under written agreements that impose confidentiality and data security obligations. Service providers hosting infrastructure, analytics, and customer support systems may receive limited personal data where required to perform contracted services, and they are bound by documented instructions and audit rights. Personal data may be disclosed to competent authorities, courts, or regulators where a lawful request is made, and the controller assesses scope and validity before responding. Where corporate restructuring occurs, such as a merger or asset transfer, personal data may be transferred subject to continued protection and notices as required by applicable law.

Constraints on access and vendor governance

Vendor selection includes due diligence focused on technical and organizational measures, and contracts require appropriate safeguards, incident notification duties, and restrictions on sub processing. Access within the controller organization follows least privilege principles, and role based permissions are reviewed at least every 6 months to reduce unnecessary exposure. Where external support is provided, access is time limited and logged to support traceability. The controller maintains records of processing to evidence compliance and to support requests relating to personal data.

International transfers and cross border access

Where personal data is processed across borders, the controller implements measures intended to preserve an essentially equivalent level of protection, consistent with global data protection expectations. Transfers may occur when infrastructure or support operations are located in another jurisdiction, or when vendors process data in locations outside the place of residence of the individual. Where GDPR aligned requirements are applicable, the controller relies on recognized transfer mechanisms such as standard contractual clauses, supplemented by risk assessments and additional controls when warranted. Encryption in transit and at rest is used to reduce exposure during transmission and storage, and access is restricted to authorized personnel subject to confidentiality obligations. If a destination jurisdiction presents heightened risk, processing is adjusted to limit the categories of personal data transferred and to implement additional safeguards.

Technical and organizational security measures

The controller applies a layered data security framework designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Measures include encryption, secure key management, network segmentation, and continuous monitoring designed to identify abnormal patterns and reduce compromise likelihood. Authentication protections are implemented for accounts and administrative access, and password storage uses hashing mechanisms suitable for modern threat models. Incident response processes are maintained to enable identification, containment, remediation, and post incident review, including notification obligations where required by law. Security effectiveness is assessed through periodic testing, and controls are updated in response to evolving threats, with an internal target of 99.5% service availability that is supported by redundancy and recovery planning. Where a personal data breach is likely to result in a risk to rights and freedoms, notifications are made to relevant authorities and affected individuals as required.

Rights of individuals and exercise mechanisms

Rights based safeguards apply to the processing of personal data, including rights commonly recognized under GDPR aligned frameworks. Individuals may have a right of access to personal data, a right to rectification of inaccurate information, and a right to erasure where the legal conditions are met and no overriding obligations require retention. The right to restriction of processing and the right to object may apply in circumstances involving legitimate interests, and such requests are assessed on a case by case basis with documented reasoning. Where consent is the legal basis, withdrawal is honored for future processing, while processing already carried out remains lawful prior to withdrawal. Requests are generally answered within 30 days, and where complexity justifies an extension, the response period may be extended by up to 60 days with an explanation. Where identity cannot be confirmed, additional verification may be required to protect against unauthorized disclosure, and the verification process is limited to what is necessary.

Complaints and supervisory engagement

Where applicable law provides a right to lodge a complaint with a supervisory authority, the controller facilitates access to information required to exercise that right. Complaints submitted to support channels are recorded and investigated under internal procedures intended to ensure timely and substantiated outcomes. If a request relates to casino Bizzo account integrity or suspected misuse, the controller may pause certain actions while verifying identity and securing the account. The controller documents outcomes to demonstrate compliance and to reduce recurrence of identified issues.

Cookies, similar technologies, and preference management

This section explains how casino Bizzo uses cookies and similar technologies to support authentication, security controls, and service functionality. Cookies may be used to maintain sessions, prevent fraudulent activity, and remember selected settings, and certain cookies are necessary for core operation. Where analytics cookies are used, the controller seeks to limit collection to what is necessary to understand performance and detect errors, and it uses aggregation where feasible. Consent is obtained where required by applicable law, and consent choices can be adjusted through available preference settings or browser controls, recognizing that disabling certain cookies may affect functionality. Cookie identifiers may be linked to account related data where required for security, and such linkage is restricted to justified purposes and controlled access. Retention for cookie derived identifiers varies by type, with typical lifetimes ranging from 1 day for session cookies to 13 months for certain preference or analytics cookies, subject to configuration and legal requirements.

Contact, requests, and verification of communications

Regulated handling of communications is necessary to protect privacy and prevent unauthorized disclosure of personal data. Requests concerning personal data protection, rights, identification data correction, or questions about data processing may be submitted through the contact channels made available on the Domain. The controller may request additional information to verify identity before providing access or executing a deletion request, particularly where financial data or withdrawal related records are involved. Responses are provided in a durable format where appropriate, and internal logs are maintained to document the request, the legal basis for the response, and the actions taken. For security reasons, the controller may refuse to act on requests that are manifestly unfounded or excessive, and it will provide reasons and available remedies where refusal is lawful.

Amendments, governance, and compliance commitment by Bizzo Casino

Bizzo Casino maintains this Privacy Policy as a controlled compliance document that is reviewed to reflect changes in law, guidance, operational processes, and risk posture. The controller applies governance measures intended to ensure that personal data is processed lawfully, fairly, and transparently, with accountability evidenced through records, vendor oversight, and periodic control testing. Where changes are material, a notice will be published on eastparaderooftop.com/privacy-policy, and the effective date of the updated version will be stated to support traceability and informed awareness. Amendments may be required when new processing activities are introduced, when cookies configurations change, or when security measures are updated in response to identified threats, and such amendments are implemented under documented change control procedures. For matters connected with casino Bizzo operations, including verification, retention, or disclosures to authorities, the controller commits to applying purpose limitation, storage limitation, and confidentiality safeguards consistent with this Policy and applicable legal standards. This Policy is intended to support compliance across jurisdictions, including GDPR principles where relevant, while recognizing that local laws may impose specific obligations or rights that apply in a given context. Where a conflict arises between this Policy and mandatory legal requirements, the controller will apply the mandatory requirements and will update the Policy to reflect the applicable position within a reasonable timeframe, typically within 45 days of confirming the need for revision. Any request for access, correction, deletion, restriction, or objection will be handled under the stated procedures and time frames, and Bizzo Casino will document outcomes to demonstrate continued adherence to personal data protection obligations.