Privacy Policy | WinCraft

This policy explains how WinCraft (hereinafter: Provider) collects, uses, transfers, and protects the personal data of users during the services provided through win-craftlogin.com. By using the Website, you accept the provisions of this policy.

1. Data Controller Information

• Name: WinCraft
  
• Website: win-craftlogin.com
  
• Contact: [email protected]
  
• Registered Office: [legal address, if applicable]
  
• Data Protection Officer: published separately if appointed

2. Legal Basis and Purpose of Processing

• Account creation and operation – GDPR Art. 6(1)(b)
  
• Processing of payment transactions – GDPR Art. 6(1)(c)
  
• Marketing communication, promotions – GDPR Art. 6(1)(a)
  
• Customer support and complaint handling – GDPR Art. 6(1)(b) or (1)(f)
  
• Fraud prevention and IT security – GDPR Art. 6(1)(f)

3. Categories of Personal Data Processed

• Name, email address, password
  
• Date of birth, address, phone number
  
• IP address, device identifiers, login timestamps
  
• Payment and transaction data (tokenized)
  
• Copies of identification documents (e.g., ID card, proof of address)
  
• Gaming activity, bonus usage, customer support communications

4. Cookies and Tracking

The Website uses cookies to ensure functionality, analysis, and — with consent — marketing purposes.

• Session cookies
  
• Statistical cookies (e.g., Google Analytics, Matomo)
  
• Marketing/remarketing cookies (e.g., Facebook Pixel, Google Ads)
  
• Functional and personalization cookies

5. Data Retention

• Registration data: 5 years after account closure
  
• Payment history: 8 years (per accounting law)
  
• Marketing consent: until withdrawn
  
• IP addresses and log files: 12 months

6. Data Transfers to Third Parties

Data is only transferred to the extent necessary to provide the service.

• Payment providers (e.g., Revolut, Skrill, banking partners)
  
• Data processors (hosting, email and messaging systems, customer support tools)
  
• Marketing platforms (with consent only)
  
• Authorities, where legally require

7. Data Subject Rights

• Right of access
  
• Right to rectification
  
• Right to erasure (“right to be forgotten”)
  
• Right to restriction of processing
  
• Right to object
  
• Right to data portability
  
• Right to withdraw consent

8. Automated Decision-Making

Some processes are based on automated assessments (e.g., bonus usage patterns, excessive activity, suspicious transactions).

• Request human intervention
  
• Contest the decision
  
• Submit comments

9. Complaints and Supervisory Authority

Hungarian National Authority for Data Protection and Freedom of Information (NAIH)

• Address: 1055 Budapest, Falk Miksa utca 9–11
  
• Website: naih.hu
  
• Email: [email protected]

10. Protection of Minors

The Service is not available to persons under 18.

• Age verification at registration
  
• Immediate deletion of accounts and data if minors are identified
  
• Recommended parental controls: Qustodio, Kaspersky Safe Kids, Net Nanny

11. International Data Transfers

Data transfers outside the EEA are only carried out with appropriate safeguards:

• European Commission adequacy decision
  
• EU Standard Contractual Clauses (SCC)
  
• Encrypted, verified data transfer

12. Technical and Organizational Data Security

• SSL/TLS encryption
  
• Password and IP-based access protection
  
• Regular vulnerability scans and logging
  
• Audited gaming software
  
• Backups and access control management

13. Cookie Settings

• Cookie preferences can be customized via the cookie management interface
  
• Consent may be withdrawn at any time
  
• Browser-level tracking blocking available

14. Third-Party Links

The Website may contain external links; the Provider is not responsible for the data practices of such sites. Users are advised to review each third party’s privacy policy.

15. Direct Marketing and Unsubscribing

• Direct marketing is only sent with prior consent
  
• Every message includes an unsubscribe option
  
• Unsubscribing does not affect transactional notifications

16. List of Data Processors

The list of current data processors is available upon request, including the purpose of data transfer and applied safeguards.

17. Data Deletion Requests

• Requests for account and personal data deletion can be sent by email
  
• Processed within 5 business days unless legal retention applies
  
• Confirmation of deletion sent by email

18. Remedies

• File a complaint with NAIH
  
• Seek judicial remedy
  
• Contact the Provider directly: [email protected]

19. Related Documents

• General Terms and Conditions
  
• Cookie Policy
  
• Bonus Policy
  
• Responsible Gambling Guidelines

20. Final Provisions

This Privacy Policy is effective from the date of publication. The Provider reserves the right to amend the document; changes take effect upon publication on the Website. Continued use of the Website constitutes acceptance of the updated terms.

Contact for exercising data subject rights: [email protected]