Personal Data Protection and Privacy Policy

Identity and contact data

In order to provide our services and ensure legal compliance, we collect information such as name, surname, email address, phone number, and date of birth. Age verification is a mandatory step: access is granted exclusively to individuals who are 18 years of age or older. This data is essential for creating the user profile and for communicating operational or promotional information, subject to prior consent.

Technical and navigation data

We automatically collect data related to the device used to access the platform, such as IP address, browser type, operating system, language settings, and general geographical location data. Additionally, we monitor interaction methods with the site (pages visited, time spent, click paths) for statistical analysis and technical optimization purposes.

Transaction and communication data

If the user performs financial operations or technical transactions, we will retain the details related to the operation (date, amount, payment method used), excluding sensitive credit card data, which is managed directly by certified gateways. Furthermore, we archive records of interactions with our customer support service to ensure support quality and the resolution of any disputes.

The processing of personal data is based on several legal grounds:

• Contract performance: Necessary to provide the services requested by the user and manage the contractual relationship.
• Legal obligation: Necessary to comply with current regulations regarding identity verification and the prevention of illegal activities.
• Legitimate interest: Necessary to ensure site security, prevent fraud, and constantly improve the technical offering.
• Explicit consent: Used for direct marketing purposes and user experience personalization.

We use the collected information for the following purposes:

• User account management and administration.
• Provision of technical assistance and customer support.
• Secure processing of transactions and payments (where applicable).
• Security monitoring and prevention of unauthorized access.
• Analysis of platform performance for technical development purposes.
• Communication of regulatory updates or changes to the terms of service.

Personal data is retained only for the time strictly necessary to achieve the purposes for which it was collected, or for the period required by applicable legal obligations in Italy (e.g., tax or public security regulations). Once the processing purposes are met and the legal retention periods have expired, the data is securely deleted or irreversibly anonymized, preventing any future association with the data subject.

Partners and service providers

Nine Casino does not sell or rent users' personal data to third parties for commercial purposes. We may share information with reliable technology partners (such as hosting providers, payment processors, or data analysts) who act as data processors on our behalf. Such entities are bound by strict contractual agreements that require compliance with confidentiality and the adoption of adequate security measures.

Extra-EU transfers

Should it be necessary to transfer personal data to countries outside the European Economic Area, we ensure that adequate safeguards are in place (such as standard contractual clauses approved by the European Commission) to ensure a level of protection equivalent to that guaranteed within the European Union.

We adopt strict technical and organizational security measures to protect personal data from loss, theft, unauthorized access, alteration, or disclosure. These measures include the use of encryption protocols (SSL/TLS), latest generation firewalls, granular access controls, and constant system monitoring. However, please remember that no transmission over the internet can be guaranteed as 100% secure, so we invite users to adequately protect their access credentials.

In accordance with GDPR, the user has the right to:

• Request access to their personal data.
• Request rectification of inaccurate or incomplete data.
• Request the erasure of their data (right to be forgotten).
• Object to processing for legitimate reasons.
• Request restriction of processing.
• Request data portability in a structured format.

To exercise their rights or for any questions related to privacy management, the user can contact our data protection officer at the official email address: [email protected].

We reserve the right to periodically update this policy to reflect changes in our operational practices or regulatory requirements. The most recent version will always be available on the website with the update date indicated.