logo

FAQ on data retention

  1. How long do we store your data?
  2. What happens when your account is terminated (closed)?

  3. For what purposes do we store data after the termination of your account?
  4. Can you have your data deleted via a data erasure request under Data Protection Law, namely, GDPR?
  5. Summary.


1. How long do we store your data?

We store your data for a period of six (6 years) after you have closed your account on our Website.



2. What happens when your account is terminated (closed)?

Starting from the date when you close your account, your account cannot be used by you, but will or can be used for the purposes described herein. Please note that your account cannot be deleted immediately, but only terminated (closed).


3. For what purposes do we store data after the termination of your account?

3.1. Compliance with the legal obligations under Anti-Money Laundering laws and regulations. We are obliged to follow the laws related to Anti-Money Laundering and Counter-Terrorist Financing.

These laws are:

a) The Prevention and Suppression of Money Laundering Activities Amending Law 188(Ι)/2007 of the Republic of Cyprus;

b) EU Directive 2015/849;

c) Curacao AML Legal Framework.


3.2. The establishment, exercise or defence of legal claims. We store your personal data for the protection of our legal interests under the so-called limitation period. The limitation period is a period within which legal action can be initiated. Thus, the companies are allowed to keep the data relating to the contact to be able to protect their legal interests. Please read more about this period via this link.

3.3. Prevention of the registration of additional/duplicate accounts. If your account is terminated for any reason, we also store your data in order to prevent re-registration/multiple registrations (which is against our Terms).


4. Can you have your data deleted via a data erasure request under Data Protection Law, namely, GDPR?

Regulation (EU) 2016/679 (the "General Data Protection Regulation", or, simply, "GDPR") indeed grants an individual (in legal terms, a data subject) the right to have his/her personal data removed.

This right is based on Article 17 of the GDPR which provides the following:

"Article 17

Right to erasure (‘right to be forgotten’)

1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;

(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);

(d) the personal data have been unlawfully processed;

(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1)."

But paragraph 3 of this Article also provides the following:

"3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:

(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(e) for the establishment, exercise or defence of legal claims."

From the provided quotations follows that we can (or, in some cases, even must) refuse to act on your request if the following applies:

i) Your personal data shall be stored for the purpose of compliance with a legal obligation to which Verde Casino is subject (in a plain language, if we are obliged to store your personal data under applicable law);

ii) We need your personal data for the purposes of the establishment, exercise and defence of legal claims (in plain language, we can store your data, for example, to protect our interest in a court etc.)

iii) The purposes for which we have collected or processed your data are not yet achieved (as provided by Article 17(1)(a) of the GDPR).

4.1. Under what legal obligation must we retain your personal data?

Verde Casino is obliged to follow The Prevention and Suppression of Money Laundering Activities Amending Law 188(Ι)/2007 of the Republic of Cyprus (Ο περί της Παρεμπόδισης και Καταπολέμησης της Νομιμοποίησης Εσόδων από Παράνομες Δραστηριότητες Νόμος του 2007 (Ν. 188(I)/2007). The Law is the implementation of EU Directive 2015/849. Our EU branch is incorporated in the Republic of Cyprus. Thus, we must follow this Law.

This Law provides the following:

" Obliged entities

2A. The provisions of this Law shall apply to the following entities:

(f) gaming service providers as provided for in the relevant laws of the Republic"

Interpretation: the provisions of the AML Law are applicable to Verde Casino.

"Ways of Exercising Due Diligence and Identification

61. (1) Client identification procedures and due diligence measures shall include the following:

(a) verifying and identifying the identity of the customer on the basis of documents, data or information issued or obtained from a reliable and independent source;"

Interpretation: We implement due diligence and identification measures in the following manner: i) via collecting your identification data when you register your account, and ii) via our Verification procedure.

"68.- (1) An obliged entity shall keep the following documents for a period of five (5) years after the end of the contract or business relationship with the customer or after the date of the occasional transaction:

(a) Copy of documents and information provided in order to comply with the customer due diligence requirements as defined in this Law;

(b) relevant evidence and records of the transactions that are necessary for identification of transactions;

(c) Relevant correspondence documents with customers and other persons;".

Explanation: We are under a legal obligation to retain the following data for a period of 5 (five) years starting from the date you cease to be our customer:

• Verification data (for users who've passed our verification);

• Your basic account data;


• Communication data - the history of your communications with Verde Casino;

• Transaction data - the history of transactions and all the data connected with the transactions;

• You betting and gaming activity data in order to prove the legality of transactions you've made for our Services (in plain language: to be able to prove that the payments you've made exactly relate to the Services provided by Verde Casino).

4.2. Retention of your personal data for the purposes of the establishment, exercise and defence of legal claims.

Limitation of Legal Proceedings act of the Republic of Cyprus (Law 66(Ι)/2012) (Ο Περί Παραγραφής Αγώγιμων Δικαιωμάτων Νόμος του 2012 (Ν. 66(I)/2012), namely, Article 7(1), provides that:

"7. (1) Subject to the provisions of subparagraphs (2) and (3), no action relating to a contract shall be instituted after six years have elapsed from the date on which the action was completed."

When registering your account on Verde Casino, you have agreed to the Terms and Conditions () of Verde Casino, which are the contract between you and Verde Casino. Thus, we can retain your data for a period of 6 (six) years starting from the date of termination of the contract between you and Verde Casino.

4.3. Other purposes of the processing which are not achieved.

As specified above, we store your data to ensure that you do not register additional/multiple accounts. This means that we store your personal data within the period when your account is terminated in order to achieve this purpose.


5. In summary: we will store your data for a period of 6 (six) years starting from the date of termination of your account.

For any additional questions, please, contact our Privacy Team via e-mail address [email protected].