burger icon
Casino Heroes United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Casino Heroes at heroecas.com ("Casino Heroes", "we", "us", "our") collects, uses, discloses and protects your personal data when you visit our website, create an account, play our games or otherwise interact with our services. It applies to players, website visitors and any other individual whose data we process in connection with our online casino services. This Privacy Policy is effective from 1 January 2025.

Who We Are

The online casino product Casino Heroes available at heroecas.com is operated by Hero Gaming Limited ("Hero Gaming").

Operator Details

  • Legal entity name: Hero Gaming Limited
  • Legal form: Limited company incorporated in Malta
  • Registered office / legal address: Level 0, Spinola Park, Triq Mikiel Ang Borg, St Julians, SPK 1000, Malta
  • Company registration number: C 61794 (Malta Business Registry)
  • Gaming licence: Malta Gaming Authority (MGA) licence number MGA/CRP/253/2013 (status: active as of Q2 2025)

Contact Details

  • General and player support email: [email protected]
  • Website: https://heroecas.com
  • Postal contact for privacy matters: Data Protection, Hero Gaming Limited, Level 0, Spinola Park, Triq Mikiel Ang Borg, St Julians, SPK 1000, Malta

For all questions, requests or complaints related to privacy or data protection, please contact our data protection team using [email protected] and include "Data Protection" in the subject line. We will ensure your request is handled by an appropriately responsible person.

What Personal Data We Collect

We collect only the personal data that is necessary for operating Casino Heroes at heroecas.com in a secure, compliant and responsible manner. The categories of data we process include:

Identification and Contact Data

  • Account and profile data: full name, date of birth, username, password, security questions, language and currency preferences.
  • Contact details: email address (such as the address you use to register and to communicate with [email protected]), residential address, country of residence, and (where you choose to provide it) telephone number.
  • Verification and KYC data: copies or details of identity documents (e.g. passport, ID card, driving licence), proof of address, proof of source of funds/wealth, and any additional verification information required under KYC/AML rules.

Technical and Usage Data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, time zone settings, language settings.
  • Usage information: login dates and times, page views, click-stream data, game sessions, session duration, response times and technical logs generated by our systems.
  • Security and integrity data: login attempts, failed login logs, suspected fraudulent behaviour indicators, risk scoring data and security alerts.

Payment and Financial Data

  • Transaction data: deposits, wagers, wins, losses, withdrawals, applied bonuses, cashback and promotional credits linked to your account.
  • Payment method data: limited payment card or account details (tokenised where possible), payment provider identifiers and transaction reference numbers. Sensitive card details are processed and stored primarily by our authorised payment service providers.
  • Anti-fraud and AML data: data derived from checks against sanctions lists, politically exposed person (PEP) lists, adverse media checks and other risk screening tools, to the extent permitted by law.

Behavioural and Profile Data

  • Gameplay data: betting history, games played, stakes, frequency and duration of play, game preferences and bonus usage patterns.
  • Behavioural insights: information derived from your interactions with our services, including navigation paths, buttons clicked and interactions with on-site messages or campaigns.
  • Responsible gambling data: self-exclusion status, limits set (deposit, loss, wager or session limits), time-outs, reality checks and interactions with our responsible gaming team.

Communications and Support Data

  • Support communications: content of emails sent to [email protected], chat logs and other contacts with our customer support team.
  • Complaint data: information related to complaints, disputes, and their resolution, including correspondence with regulators or alternative dispute resolution bodies.

Cookies and Similar Technologies

  • Cookies: small data files placed on your device to support site functionality, security, analytics and marketing.
  • Similar technologies: web beacons, tags, pixels, software development kits (SDKs) and local storage that help us understand usage patterns and deliver relevant content.

Further details about cookies and similar technologies used on heroecas.com are provided in the "Cookies & Tracking Technologies" section below.

Legal Basis for Processing

Under UK data protection law (UK GDPR and the Data Protection Act 2018) and, where applicable, the EU GDPR and relevant local laws, we must have a lawful basis to process your personal data. Depending on the context, we rely on the following legal grounds:

Contractual Necessity

  • Account creation and management: to register and verify your account, provide access to Casino Heroes at heroecas.com, manage your profile and maintain your account status.
  • Provision of gaming services: to enable you to deposit funds, place bets, participate in games, receive winnings and benefit from promotions and loyalty schemes.
  • Customer support: to respond to your queries, handle complaints and provide technical assistance.

Compliance with Legal Obligations

  • KYC and AML requirements: to carry out customer due diligence, affordability assessments and ongoing monitoring, as required by anti-money laundering, counter-terrorist financing and other applicable gambling regulations.
  • Responsible gambling obligations: to identify problem gambling behaviours, apply restrictions and support safer gambling measures mandated by law or regulators.
  • Statutory record keeping and reporting: to retain transaction and verification data for legally required periods and to respond to lawful requests from courts, law enforcement or regulatory authorities.

Legitimate Interests

  • Security and fraud prevention: to protect the integrity of our platform, detect and prevent fraud, abuse, money laundering and other harmful activities.
  • Service improvement and analytics: to analyse usage patterns, game performance and technical trends so we can improve our services, user experience and product offerings.
  • Internal governance: to conduct audits, quality checks, risk management and corporate reporting within the Hero Gaming group, including sister brands such as Boom Casino, Simple Casino, Speedy Casino and Speedy Bet.

Consent

  • Marketing communications: sending you promotional emails, SMS or push notifications about our products and services where you have opted in, and allowing you to manage your preferences at any time.
  • Non-essential cookies and tracking: using analytics, personalisation and advertising cookies where required under the UK Privacy and Electronic Communications Regulations (PECR) and similar rules.
  • Specific optional features: processing certain additional data only when you explicitly agree (for example, participating in specific surveys or beta features).

Where we rely on consent, you may withdraw it at any time using the tools provided (for example, in your account settings or through unsubscribe links) or by contacting us. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Purpose of Processing

We process personal data for clearly defined purposes linked to the operation of Casino Heroes at heroecas.com and our regulatory obligations.

Provision and Operation of Casino Services

  • Account lifecycle management: creating, verifying, maintaining and, where applicable, closing your player account.
  • Game delivery: enabling access to games, recording gameplay, tracking balances and executing bets and payouts.
  • Payment processing: handling deposits, withdrawals, currency conversions, anti-fraud checks and chargeback handling through our payment partners.

Compliance and Risk Management

  • Regulatory compliance: fulfilling obligations under gambling, AML/KYC, tax, accounting and consumer protection laws, including record keeping and reporting.
  • Responsible gambling: monitoring play patterns, applying limits and interventions, and documenting interactions for safer gambling purposes.
  • Fraud and security: preventing unauthorised access, account misuse, bonus abuse, collusion and other prohibited activities.

Service Improvement and Analytics

  • Performance and usability: analysing technical performance, game popularity, navigation paths and error logs to optimise the stability and usability of heroecas.com.
  • Product development: using aggregated and pseudonymised data to develop new features, games and promotional concepts aligned with player preferences.
  • Statistics and reporting: producing internal analytics and business reports to support strategic decisions within Hero Gaming Limited.

Marketing and Personalisation

  • Direct marketing: sending promotional materials about Casino Heroes offers and campaigns, subject to your marketing preferences and applicable law.
  • Personalised content: tailoring on-site messages, bonuses and recommendations based on your previous gameplay and interactions, where permitted by law and your settings.
  • Advertising effectiveness: measuring and improving the performance of our marketing campaigns, including through third-party advertising networks where consent is obtained.

Disclosure & Sharing

We treat your personal data as confidential and only share it when necessary for the purposes described in this Privacy Policy, when required by law or when you have given your consent.

Service Providers and Business Partners

  • Payment and banking partners: providers that process deposits and withdrawals, verify payment methods, and help detect fraud and chargebacks.
  • Game and platform providers: software suppliers that deliver games and gaming platforms used to operate Casino Heroes at heroecas.com.
  • KYC and verification providers: identity verification, AML and risk screening services that support our regulatory obligations.
  • IT, hosting and security providers: companies that provide hosting, cloud infrastructure, security monitoring, logging, backup and technical support.
  • Analytics and marketing partners: analytics tools and, where applicable, advertising networks that help us understand usage and manage campaigns, subject to consent where required.

Group Companies and Corporate Structure

  • Hero Gaming group entities: we may share data with other entities operated by Hero Gaming Limited (such as Boom Casino, Simple Casino, Speedy Casino and Speedy Bet) for internal administrative purposes, consistent governance, compliance, risk management and, where permitted, cross-brand analytics.
  • Corporate transactions: in the context of a merger, acquisition, restructuring or sale of assets, your data may be shared with prospective or actual buyers, advisers and related parties, subject to appropriate confidentiality safeguards.

Regulators, Authorities and Dispute Resolution Bodies

  • Regulatory authorities: the Malta Gaming Authority (MGA) and any other competent gambling or supervisory authority, as required by our licence conditions and applicable law.
  • Law enforcement and courts: police, courts and other public authorities where we are legally obliged to disclose information or where disclosure is necessary to protect our rights, players or the public.
  • Alternative dispute resolution (ADR): recognised ADR bodies or ombudsman schemes handling disputes between you and us, including through channels indicated by the MGA at https://mga.org.mt/support/online-gaming-support/.

With Your Consent or at Your Direction

  • Marketing and advertising: sharing limited data with advertising networks or partners for targeted marketing where you have consented.
  • Other disclosures: any additional sharing that you explicitly request or consent to in a specific context.

International Transfers

Hero Gaming Limited is established in Malta and works with service providers located in various jurisdictions. This may involve transfers of your personal data outside the UK and the European Economic Area (EEA).

Transfers Within the EEA and Adequate Jurisdictions

  • Malta and EEA: Malta is an EU Member State and therefore benefits from the EU's free movement of data. Transfers between the UK and EEA (including Malta) are carried out under the UK's adequacy regulations or equivalent safeguards in force as of 2025.
  • Other adequate countries: where we transfer data to countries recognised as providing an adequate level of protection by the UK Government or European Commission, such transfers are justified on this basis.

Transfers to Non-Adequate Countries

  • Standard contractual clauses and IDTAs: for transfers to countries that are not subject to an adequacy decision, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses and/or UK International Data Transfer Agreements or Addenda, as applicable.
  • Additional safeguards: we assess the legal environment of the destination country and, where necessary, implement technical and organisational measures (for example, encryption and access controls) to ensure that your data remains protected.
  • US transfers: where data is transferred to the United States, we may rely on recognised transfer mechanisms, such as appropriate contractual safeguards and any applicable data transfer frameworks that are valid under EU and UK law as of 2025.

You may contact us for further information about the specific safeguards that apply to international transfers of your personal data.

Data Retention

We keep your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy and to comply with applicable legal, regulatory, tax and accounting requirements.

Retention Periods

  • Account and identification data: generally retained for the lifetime of your account and then typically for at least five (5) years after account closure, to comply with KYC/AML and gambling regulations and to defend against legal claims.
  • Transaction and financial data: retained for periods required by tax, accounting and anti-money laundering laws, usually between five (5) and seven (7) years from the relevant transaction or account closure, depending on applicable rules.
  • Responsible gambling and compliance records: retained as long as necessary to comply with safer gambling obligations and regulatory requirements, which may extend beyond account closure in some cases.
  • Marketing data: retained until you withdraw your consent or object to processing, after which we will stop using your data for marketing and keep a minimal record of your preference.
  • Technical logs and security data: retained for shorter periods necessary to ensure security, investigate incidents and maintain system integrity, unless a longer period is required in connection with specific security investigations or legal proceedings.

Deletion and Anonymisation

  • Deletion criteria: when data is no longer required for the purposes for which it was collected, and no legal obligation or legitimate interest justifies further retention, we securely delete or anonymise it.
  • Anonymised data: we may retain anonymised or aggregated information (which cannot be used to identify you) indefinitely for statistical, research or analytical purposes.

Where you exercise your rights (for example, to erasure), we will consider our legal and regulatory obligations and inform you if any data must be retained despite your request.

Your Rights

Depending on your place of residence and the laws that apply (including UK GDPR, EU GDPR and, where relevant, Mexican privacy law), you have a number of rights in relation to your personal data. We respect these rights and provide mechanisms to exercise them free of charge.

Rights Under UK/EU Data Protection Law

  • Right of access: to obtain confirmation about whether we process your personal data and to receive a copy of that data, along with information about how we use it.
  • Right to rectification: to have inaccurate or incomplete personal data corrected or completed. You can update many details directly in your account settings.
  • Right to erasure ("right to be forgotten"): to request deletion of your personal data where there is no valid reason for us to continue processing it, subject to legal and regulatory retention duties.
  • Right to restriction of processing: to request that we temporarily limit how we use your data in specific circumstances (for example, while a dispute about accuracy or lawfulness is being resolved).
  • Right to data portability: to receive certain personal data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transmitted to another controller.
  • Right to object: to object at any time to processing based on our legitimate interests, including profiling, and to object to direct marketing (including profiling for such purposes).
  • Rights related to automated decision-making: where we use automated decisions that produce legal or similarly significant effects (for example, some risk assessments), you may request human review, express your point of view and contest the decision, as permitted by law.

Marketing and Cookie Preferences

  • Marketing consent: you can withdraw your consent to receive marketing communications at any time by using the unsubscribe link in our emails, adjusting your account settings (where available) or contacting us.
  • Cookie controls: you can manage your cookie preferences through the tools provided on heroecas.com (where implemented) and/or through your browser settings, as explained in the "Cookies & Tracking Technologies" section.

Alignment with Mexican Privacy Law (ARCO Rights)

For users who are residents of Mexico, we also recognise rights consistent with the Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP), including the ARCO rights:

  • Access: to know what personal data we hold about you and how we use it.
  • Rectification: to request correction of inaccurate or incomplete data.
  • Cancellation: to request that we stop processing and, where appropriate, delete your data when it is no longer necessary or being processed unlawfully, subject to applicable retention obligations.
  • Opposition: to object to certain processing activities, including for marketing or profiling purposes, on legitimate grounds.

How to Exercise Your Rights

  1. Submit your request: contact us at [email protected] with the subject line "Data Protection Request" and clearly state which right you wish to exercise.
  2. Verify your identity: we may ask for additional information or documentation to confirm your identity and ensure that we do not disclose data to the wrong person.
  3. Our response time: we aim to respond to all valid requests within one (1) month (30 days) of receipt. In complex cases or when we receive multiple requests, this period may be extended in accordance with applicable law, and we will inform you of any extension.
  4. Cost: we handle rights requests free of charge. However, where requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request, as permitted by law.

If we are unable to fully comply with your request, we will explain the reasons, including any applicable legal exemptions.

Cookies & Tracking Technologies

heroecas.com uses cookies and similar technologies to operate the website, enhance your experience, analyse usage and, where permitted, provide personalised content and marketing. Some cookies are essential for the site to function, while others are optional.

Types of Cookies We Use

  • Session cookies: temporary cookies that are stored on your device only during your active session and are deleted when you close your browser. They help maintain your login state and keep your session secure.
  • Persistent cookies: cookies that remain on your device for a defined period or until you delete them, allowing us to remember your preferences and recognise you on return visits.
  • First-party cookies: cookies set directly by heroecas.com to support site functionality, security and preferences.
  • Third-party cookies: cookies set by external providers (such as analytics or advertising partners) to help us measure performance, understand how the site is used and, where applicable, deliver targeted advertising, subject to your consent where required.

Purposes of Cookies

  • Strictly necessary / functional: enabling core features such as secure login, account management, navigation and the processing of payment-related actions.
  • Performance and analytics: collecting anonymised or pseudonymised data about how visitors use heroecas.com, helping us improve performance, diagnose issues and refine the user experience.
  • Personalisation and advertising: remembering your preferences and, where permitted, tailoring on-site content and marketing, and measuring the effectiveness of our campaigns.

Managing Cookies and Tracking

  • Browser settings: most browsers allow you to block or delete cookies, or to receive a warning before a cookie is stored. Please refer to your browser's help section for detailed instructions.
  • Site-specific controls: where available, you may use cookie banners or preference centres on heroecas.com to manage optional cookies (such as analytics and advertising cookies).
  • Effect of disabling cookies: if you block or delete certain cookies, some features of Casino Heroes at heroecas.com may not function properly, and your user experience may be affected.

Data Security

We implement robust technical and organisational measures designed to protect your personal data against unauthorised access, loss, alteration or disclosure. While no system can be guaranteed as completely secure, we continually work to maintain a high level of security appropriate to the risks associated with online gambling services.

Technical Measures

  • Encryption in transit: data transmitted between your device and heroecas.com is protected using modern encryption protocols such as TLS 1.2 or higher, helping to prevent interception or tampering.
  • Encryption at rest: where appropriate, personal and financial data is stored in encrypted form within secure environments, with encryption keys managed according to strict policies.
  • Access controls and authentication: access to production systems and data is restricted to authorised personnel based on the principle of least privilege, supported by strong authentication methods and, where feasible, multi-factor authentication.
  • Network and application security: firewalls, intrusion detection and prevention systems, logging and monitoring tools are used to identify and respond to suspicious activity.

Organisational Measures

  • Policies and procedures: we maintain internal policies on information security, data protection, access management and incident handling, which are regularly reviewed and updated.
  • Staff training: employees and relevant contractors receive appropriate training on data protection, security awareness and responsible handling of personal data.
  • Vendor due diligence: service providers who process personal data on our behalf are subject to contractual obligations on data protection and security, and we conduct due diligence on their practices.

Audits, Standards and Incident Response

  • Audits and assessments: we carry out regular internal reviews and, where appropriate, external assessments to evaluate the effectiveness of our security controls, taking into account recognised industry standards such as ISO 27001 and SOC 2.
  • Incident response: we maintain procedures to detect, investigate and respond to potential data breaches or security incidents. Where required by law, we will notify relevant supervisory authorities and affected individuals without undue delay.

Complaints & Contacts

We take privacy and data protection seriously. If you have questions, concerns or complaints about how we handle your personal data, we encourage you to contact us first so we can try to resolve the issue directly.

How to Contact Us

  • Primary contact for privacy and data protection: [email protected]
  • Postal address: Data Protection, Hero Gaming Limited, Level 0, Spinola Park, Triq Mikiel Ang Borg, St Julians, SPK 1000, Malta

Internal Complaint Procedure

  1. Step 1 - Contact support: send details of your concern or complaint to [email protected], including any relevant account information and supporting documentation.
  2. Step 2 - Review and investigation: we will acknowledge receipt of your complaint and investigate the matter, involving our data protection and compliance teams as appropriate.
  3. Step 3 - Response: we aim to provide a substantive response within one (1) month (30 days). For complex issues, we may need more time, in which case we will notify you of the extension and expected timeframe.

Escalation to Supervisory Authorities

  • UK Information Commissioner's Office (ICO): if you are located in the UK and you believe that we have not adequately addressed your concerns, you may lodge a complaint with the ICO. Further details are available at https://ico.org.uk.
  • EU data protection authorities: if EU GDPR applies to you, you may complain to your local data protection authority in the EU or to the authority in the Member State of your habitual residence, place of work or alleged infringement.
  • Mexican data protection authority: if you are a resident of Mexico, you may also have the right to lodge a complaint with the National Institute for Transparency, Access to Information and Personal Data Protection (INAI) or any successor authority under Mexican law.

Gambling-Related Disputes

  • Internal resolution: for disputes relating to gaming transactions or service quality, please first use our internal complaints process via [email protected].
  • Regulator and ADR: if a gambling dispute cannot be resolved, you may contact the Malta Gaming Authority using the channels provided at https://mga.org.mt/support/online-gaming-support/, or any ADR body indicated there, in accordance with the rules applicable to our licence and to your jurisdiction.

Updates

We may update this Privacy Policy from time to time, for example to reflect changes in our services, legal requirements or regulatory guidance. When we make material changes, we will take appropriate steps to inform you.

How We Inform You About Changes

  • Website publication: the latest version of this Privacy Policy will always be available at https://heroecas.com/en/privacy-policy/.
  • Email notifications: where appropriate, we may notify registered players by email about significant changes, using the address associated with their account.
  • On-site notices: we may display banners, pop-ups or account dashboard alerts on heroecas.com to highlight important updates.

Timing and Your Options

  • Advance notice: where a change materially affects your rights or how we use your personal data, we will provide, where reasonably possible, at least thirty (30) days' notice before the change takes effect.
  • Continued use: if you continue to use Casino Heroes at heroecas.com after the effective date of an updated Privacy Policy, we will treat this as your acknowledgement of the updated terms, to the extent permitted by law.
  • Your right to object or close your account: if you do not agree with a material change, you may object by contacting us and, if you choose, close your account. We will then stop using your data for the purposes you objected to, where legally possible, while still complying with our legal obligations (including retention requirements).

Last updated: 6 November 2025.