Privacy Policy

Last updated: 13.06.2025

1. Who We Are

This website of SpinAura Casino (the “Site”), is operated by TRONABRIZ LIMITADA, a company lawfully incorporated under the jurisdiction of Costa Rica.

As the data controller for this platform, we are responsible for determining the purposes and means of processing your personal data in accordance with relevant data protection legislation, including the General Data Protection Regulation (GDPR) and PIPEDA (Personal Information Protection and Electronic Documents Act).

We have appointed a Data Protection Officer (DPO) to oversee privacy compliance. You can contact the DPO at [email protected] for inquiries regarding your data rights or this Policy.

You can also contact us via Customer Support email – [email protected] – or reach us via chat service on our website.

2. Scope and Applicability

This Privacy Policy describes how we collect, use, disclose, and protect your personal data when you interact with our Site or use our services.

This Privacy Policy may be amended from time to time to reflect legal, technical, or business changes. All updates will be posted on this page with a revised effective date. We recommend reviewing this Policy regularly to stay informed.

3. Age Limitations

Our services are intended exclusively for users aged 18 and over. We do not knowingly process data of minors. If we discover data belonging to someone under this age, we will act promptly to remove it in line with applicable regulations.

4. What Personal Data We Collect and Why

We process different types of personal data depending on your interaction with our platform. Below is an overview of the categories of personal information collected, processing purposes, legal grounds, and data sources:

Categories of Data:

  • Identity & Contact Information – full name, birthdate, ID/passport details, address, email, phone number.
  • Financial & Transactional Data – payment card or bank details, deposit and withdrawal history.
  • Gaming Activity – game participation, bonuses claimed, responsible gaming actions.
  • Technical & Device Data – IP address, location, device identifiers, browser type, OS, and system logs.
  • Communication Preferences – marketing opt-ins and correspondence records.
  • Documents for Verification – proof of address or income, as required by compliance regulations.

Purpose & Legal Basis:

  • 1. Purpose: Account registration & service delivery
  • Legal Basis: Contractual necessity
  • 2. Purpose: Compliance with AML/KYC obligations
  • Legal basis: Legal obligation
  • 3. Purpose: Detecting fraud & abuse
  • Legal Basis: Legitimate interest
  • 4. Purpose: Personalized marketing
  • Legal Basis: Consent or legitimate interest (as applicable)
  • 5. Purpose: Security monitoring
  • Legal Basis: Legal obligation and legitimate interest
  • 6. Site Analytics: Analytics and UX improvement
  • Legal Basis: Legitimate interest

Sources of Data:

  • Directly from you (via forms, uploads, or communication)
  • Verification services
  • Financial institutions
  • Public databases (AML, PEP)
  • Regulatory bodies
  • Affiliated marketing/advertising networks

5. How We Share Your Information

We may share your personal data with the following entities to fulfill service, legal, or business obligations:

  • Group Members: We may share your data within our group for fraud prevention, bonus abuse, AML, and Responsible Gaming purposes. If you consent, we may also share your data for direct marketing about other products within the group.
  • Game providers, for game facilitation (e.g., username, IP).
  • Payment processors, to execute your financial transactions securely.
  • Marketing vendors, when you’ve opted in to receive promotions.
  • Regulators and authorities, where disclosure is legally required.
  • Verification platforms, including AML and age verification tools.
  • Professional advisors, such as legal or financial consultants.
  • Communication tools, to manage customer support (live chat, email).
  • Third parties in business restructuring, such as mergers or asset transfers.

All third-party recipients are bound by data protection agreements and may process your data only under our direction.

6. Data Transfers

In some instances, we may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure:

  • The destination country offers an adequate level of data protection, as determined by the European Commission; or
  • We implement Standard Contractual Clauses (SCCs).

7. Data Retention

We retain your personal data only as long as necessary for the purposes it was collected, including:

  • Legal compliance with AML regulations (minimum 5 years post account closure).
  • Contractual and business obligations.
  • Retention of anonymized data for analytics and service enhancement.

Please note that requests for erasure cannot be fulfilled before the legally mandated retention period expires.

8. Your Privacy Rights

Subject to GDPR and PIPEDA, you have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Request erasure, subject to legal exceptions.
  • Restrict processing or object to certain data uses.
  • Withdraw consent at any time.
  • Port your data to another service provider.
  • Lodge complaints with a supervisory authority

To exercise any of these rights, contact our DPO at [email protected].

9. Security Measures

  • Physical Access Controls: We strictly restrict unauthorized entry to any facilities, rooms, or buildings where systems that handle personal data are located. Our infrastructure is housed in secure data centers that adhere to recognized standards for both physical and cybersecurity. Only personnel with proper authorization can access personal data.
  • System Access Management: All systems that handle personal data are protected through robust password policies and authentication protocols. Each user is provided with a unique identifier to ensure secure access and traceability.
  • Data Access Restrictions: Access to information and software is governed by a strict need-to-know basis. We enforce policies that prohibit the unauthorized installation or use of hardware and software. Additionally, we’ve established procedures for the secure and irreversible deletion of data that is no longer needed for processing
  • Organizational Safeguards: To prevent the unintended commingling of personal data, we’ve implemented both technical and procedural controls. These include appointing a dedicated Data Protection Officer (DPO) and conducting regular training for employees on privacy and data protection practices.

10. Automated Decision-Making

We do not rely solely on automated decision-making processes, including profiling, to make decisions that could significantly affect you.

While we may use automated tools to assist with certain functions – such as fraud detection, risk assessment, and responsible gaming monitoring – all such processes involve human oversight and intervention.

Providers