burger icon
Rich Prize United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Rich Prize, operated via the website richprizer.com, collects, uses, discloses and protects personal data of players and website visitors from the United Kingdom and other countries. It applies to anyone who visits or uses our website, opens an account, participates in games, promotions or communications, or otherwise interacts with our services. By using our services, you acknowledge that you have read this Privacy Policy, which is effective from 1 January 2026 and may be updated from time to time as described below.

Who We Are

OBSERVE: This section identifies the legal entity responsible for your personal data (the "controller") and how you can contact us for privacy matters.

EXPAND: We provide our corporate registration, licensing and contact information so that you can exercise your rights and understand the regulatory context in which we operate.

REFLECT: Knowing who controls your data and where it is based is essential for assessing your rights and protections under applicable data protection laws.

Operator and Data Controller

The online casino brand Rich Prize, including the regional variant Rich Prize available via richprizer.com, is owned and operated by:

J.P. B.V.
Kaya W.F.G. (Jombi) Mensing 24 Unit A
Curaçao
Company registration number: 154189

J.P. B.V. operates Rich Prize under a sub-license issued by Gaming Curaçao under master license number 365/JAZ. The platform is an offshore online casino and is not licensed by the UK Gambling Commission (UKGC). For United Kingdom players, this license does not provide UKGC-level consumer protections and the brand is not part of GamStop; the UKGC cannot intervene in disputes.

Data Protection Responsibility

For the purposes of the UK General Data Protection Regulation ("UK GDPR") and other applicable data protection laws, J.P. B.V. is the data controller for personal data processed in connection with Rich Prize and richprizer.com.

Contact Details

  • General and privacy enquiries: support@richprizer.com (used for support, responsible gambling and data protection requests)
  • Website: https://richprizer.com
  • Postal contact for privacy matters: Data Protection Team, J.P. B.V., Kaya W.F.G. (Jombi) Mensing 24 Unit A, Curaçao

We may designate a dedicated Data Protection Officer or Data Protection Team. You can reach them using the contact details above and they will coordinate responses to privacy-related requests.

What Personal Data We Collect

OBSERVE: We collect personal, technical, financial and behavioural data when you use rich-prizer-united-kingdom at richprizer.com.

EXPAND: These data categories support account creation, KYC/AML checks, payment processing, responsible gambling, fraud prevention and service improvement.

REFLECT: Understanding what data we collect helps you make informed choices about your use of our services and exercise your rights.

Identity and Contact Data

  • Personal identification data: full name, date of birth, gender, nationality, place of residence.
  • Contact details: email address (e.g. the address used to register), telephone number, postal address, country of residence.
  • Verification data: copies or data from identity documents (passport, ID card, driving licence), proof of address (utility bill, bank statement), and any information provided during KYC ("Know Your Customer") checks as described in our KYC Policy.

Account, Usage and Behavioural Data

  • Account data: username, internal player ID, account status, language and currency settings (including GBP for UK players), bonus balances, loyalty or VIP status.
  • Gaming and betting history: game sessions, bets placed, wins and losses, game preferences, frequency and duration of play, bonus usage, participation in tournaments and promotions.
  • Interaction data: records of communications with our support team (including via support@richprizer.com), complaints, responsible gambling requests (such as self-exclusion), and notes relating to your interactions with us.
  • Behavioural and analytics data: clicks, page views, navigation paths, referral sources (e.g. affiliate sites), device interaction patterns and engagement with marketing communications.

Technical and Log Data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system and platform, language and time-zone settings.
  • Log information: login and logout times, authentication logs, security events (failed login attempts, password changes), session duration, and other system logs necessary to operate and secure the platform.

Payment and Financial Data

  • Payment details: partially masked card details (card type and last digits), cardholder name, billing address, payment method type (e.g. card, e-wallet, bank transfer, cryptocurrency), transaction identifiers.
  • Transaction history: deposits, withdrawals, chargebacks, refunds, bonuses credited or debited, and related timestamps.
  • AML/KYC financial data: information about source of funds or wealth where required by our AML (Anti-Money Laundering) obligations, including employer, occupation or other financial information provided to us.

Cookies and Similar Technologies

  • Cookie identifiers: unique identifiers stored on your device to recognise your browser or device.
  • Tracking technologies: pixels, tags, local storage, SDKs and similar tools used for analytics, security, fraud prevention, personalisation and marketing.

For further information, see the section "Cookies & Tracking Technologies" below.

Legal Basis for Processing

OBSERVE: We process personal data only when there is a lawful basis to do so.

EXPAND: Our main legal bases arise under the UK GDPR and, where applicable, other data protection laws, including Mexican regulations for users located in Mexico.

REFLECT: Identifying the legal basis for each processing activity helps ensure fairness, transparency and accountability.

Contractual Necessity

  • Purpose: To register and manage your account, provide access to games and betting services, process deposits and withdrawals, and provide customer support.
  • Legal basis: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract (UK GDPR Article 6(1)(b)).
  • Examples: Creating and maintaining your player account, executing game outcomes, crediting winnings, handling your support queries.

Compliance with Legal Obligations

  • Purpose: To comply with statutory obligations, particularly in relation to KYC, AML, counter-terrorist financing, sanctions screening, fraud prevention, accounting and tax.
  • Legal basis: Processing is necessary for compliance with legal obligations to which we are subject (UK GDPR Article 6(1)(c)), as well as applicable AML, gambling and financial regulations in Curaçao and other relevant jurisdictions.
  • Examples: Verifying your identity and age, maintaining transaction records for required periods, responding to lawful requests from regulators or law enforcement.

Legitimate Interests

  • Purpose: To operate and improve Rich Prize at richprizer.com, ensure network and information security, prevent abuse, personalise content, and conduct analytics.
  • Legal basis: Processing is necessary for our legitimate interests or those of a third party (UK GDPR Article 6(1)(f)), except where such interests are overridden by your rights and interests.
  • Examples: Monitoring for fraud and collusion; safeguarding responsible gambling; analysing performance of games and promotions; maintaining logs to detect security incidents.

Consent

  • Purpose: To send you direct marketing communications, to use certain cookies and similar technologies, and to process certain data categories where consent is the appropriate legal basis.
  • Legal basis: Your consent (UK GDPR Article 6(1)(a)), and where applicable consent requirements under Mexican Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) for users in Mexico.
  • Examples: Email newsletters, SMS offers, personalised marketing campaigns, non-essential analytics or advertising cookies.

You may withdraw your consent at any time, as explained in the "Your Rights" section, without affecting the lawfulness of processing based on consent before its withdrawal.

Protection of Vital Interests and Legal Claims

  • Purpose: To protect the vital interests of individuals or to establish, exercise or defend legal claims.
  • Legal basis: Processing may be necessary to protect vital interests (UK GDPR Article 6(1)(d)) or for the establishment, exercise or defence of legal claims (UK GDPR Article 6(1)(f)).
  • Examples: Sharing information with authorities where there is a risk of serious harm, or retaining records necessary in the context of disputes.

Purpose of Processing

OBSERVE: We use personal data for clearly defined purposes connected with providing and improving our services.

EXPAND: Each processing activity is linked to one or more specific purposes and corresponding lawful bases.

REFLECT: Transparency about purposes allows you to understand how your data supports our operations and your gaming experience.

Service Provision and Account Management

  • Operating the casino: Providing access to games, managing bets and wagers, determining outcomes, crediting winnings and applying bonuses.
  • Account administration: Creating and maintaining your account, managing settings and preferences, handling deposits and withdrawals, and providing customer support.
  • Responsible gambling: Implementing self-exclusion and limits as requested via support@richprizer.com, and monitoring for harmful play patterns.

Legal, Regulatory and Compliance

  • KYC/AML checks: Verifying your identity, age and eligibility to use our services, and assessing risk for anti-money laundering purposes.
  • Regulatory reporting: Complying with obligations to Gaming Curaçao or other competent authorities, and responding to lawful requests from law enforcement or courts.
  • Record keeping: Maintaining accurate records for accounting, tax and regulatory audits.

Security, Fraud Prevention and Risk Management

  • Platform security: Detecting and preventing unauthorised access, DDoS attacks, and other security incidents.
  • Fraud and abuse prevention: Identifying suspicious behaviour including collusion, bonus abuse, chargeback fraud, or breach of our Terms & Conditions.
  • Risk management: Managing operational and financial risks, and improving reliability of payment processing.

Analytics, Personalisation and Improvement

  • Service analytics: Analysing how players use games and features to improve user experience, balance game portfolios and optimise performance.
  • Personalisation: Tailoring content, promotions and recommendations based on your preferences and behaviour, where permitted by law.
  • Product development: Testing new features, games and interfaces and assessing their impact on user engagement and safety.

Marketing and Communications

  • Direct marketing: Sending offers, bonuses, newsletters and promotions by email, SMS or other channels, where you have not opted out and, where required, have given consent.
  • Service communications: Sending transactional or service messages, such as changes to terms, policy updates, security alerts or account notifications (these are not dependent on marketing consent).
  • Affiliate and advertising optimisation: Measuring the effectiveness of our marketing and affiliate campaigns, subject to applicable cookie and consent rules.

Disclosure & Sharing

OBSERVE: We share personal data with carefully selected third parties where necessary and lawful.

EXPAND: These recipients help us provide services, meet legal obligations and protect our legitimate interests.

REFLECT: We limit sharing to what is required, apply appropriate safeguards and do not sell your personal data.

Service Providers and Business Partners

  • Payment processors: Banks, card schemes (such as Visa and Mastercard), payment service providers, e-wallets and cryptocurrency processors that handle deposits and withdrawals and may be located in Europe (including Cyprus) or other regions.
  • Gaming and platform providers: Software suppliers who provide games and backend systems, and who may process technical and usage data to ensure game integrity and performance.
  • IT and security vendors: Hosting providers, content delivery networks, security monitoring and anti-fraud services, and analytics tools.
  • Marketing and affiliate networks: Agencies, affiliates and advertising networks that assist with campaigns, subject to your marketing and cookie preferences.

Regulators, Authorities and Dispute Bodies

  • Gaming Curaçao and related bodies: For licensing, reporting and dispute resolution, including the complaint contact complaints@gaming-curacao.com.
  • Law enforcement and courts: Where required by applicable law, court order or official request.
  • Supervisory data protection authorities: Where necessary in connection with complaints or investigations (for example, the UK Information Commissioner's Office or, where applicable, the Mexican data protection authority INAI).

Corporate Transactions

  • Business transfers: In the event of a merger, acquisition, reorganisation, asset sale or similar transaction involving J.P. B.V. or the Rich Prize brand, personal data may be transferred as part of the transaction, subject to appropriate safeguards and continued protection.

Affiliates and Group Companies

  • Intragroup sharing: If we establish group entities or subsidiaries (for example, to handle payment processing in Europe), we may share data within the group for centralised management, security and compliance, under strict access controls and data protection agreements.

International Transfers

OBSERVE: Our operations are offshore and involve international transfers of personal data.

EXPAND: Data may be stored and processed in countries outside the UK, including Curaçao, EU/EEA states and other locations of our service providers.

REFLECT: We apply safeguards to ensure that such transfers provide an appropriate level of data protection.

Locations of Processing

  • Curaçao: Our main corporate operations and certain technical systems are based in Curaçao.
  • European Economic Area (EEA) and United Kingdom: Many of our payment and technology partners operate from or use infrastructure located in the EU/EEA and the UK.
  • Other countries: Some service providers may be located in other jurisdictions, such as the United States or other international locations, depending on technical and business needs.

Safeguards for International Transfers

  • Adequacy decisions: Where we transfer data from the UK to countries recognised as providing an adequate level of protection, we rely on such adequacy regulations.
  • Standard contractual clauses: For other transfers, we use appropriate contractual safeguards, such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to EU Standard Contractual Clauses, or equivalent instruments, as required.
  • Additional measures: We assess the necessity of technical and organisational measures (for example, encryption and access controls) to support these transfers.

We do not rely on the former EU - US Privacy Shield framework, which has been invalidated, and any reference to it is for historical context only.

Data Retention

OBSERVE: We retain personal data only for as long as necessary for the purposes described in this Privacy Policy.

EXPAND: Retention periods depend on legal, regulatory, operational and security requirements.

REFLECT: After these periods, data is securely deleted or anonymised.

General Retention Principles

  • Contractual and service data: Retained while your account is active and for a period thereafter to handle queries, disputes and legal obligations.
  • Legal and AML data: Retained for periods required by applicable law (often between 5 and 10 years from the end of the relationship or transaction, depending on jurisdictional rules).
  • Marketing data: Retained until you withdraw consent or object to marketing, after which we will stop processing for this purpose and keep minimal data to record your preference.

Illustrative Retention Periods

  • Account records and transaction history: Generally retained for at least 5 years after account closure, or longer if required by AML, tax or regulatory law.
  • KYC documentation: Retained for the duration of the business relationship and for at least 5 years after its termination, subject to local legal requirements.
  • Technical logs and security data: Retained for shorter periods (typically from several months up to 2 years), unless needed for investigations or legal proceedings.
  • Support tickets and complaints: Retained for the duration necessary to investigate and resolve the matter and for a reasonable limitation period thereafter.

When data is no longer required, we will either delete it securely, anonymise it so that it can no longer be linked to you, or, where deletion is not possible (for example, in backup archives), we will isolate and securely store it until deletion is feasible.

Your Rights

OBSERVE: You have rights regarding your personal data under the UK GDPR and, for users in Mexico, under Mexican data protection law.

EXPAND: These rights include access, rectification, erasure, restriction, objection, data portability and withdrawal of consent, as well as ARCO rights (Access, Rectification, Cancellation/Erasure and Opposition) under Mexican law.

REFLECT: Exercising your rights is free of charge and we will respond within legally required timeframes, typically within 30 days.

Key Data Protection Rights

  • Right of access: You can request confirmation of whether we process your personal data and obtain a copy of that data, together with information about how we use it.
  • Right to rectification: You can request correction of inaccurate or incomplete personal data (for example, updating your address or contact details).
  • Right to erasure ("right to be forgotten" / cancellation): You can request deletion of your personal data in certain circumstances, such as where it is no longer needed or you withdraw consent, subject to our legal and regulatory obligations (particularly AML and gambling regulations).
  • Right to restriction of processing: You can request that we temporarily restrict processing of your data where you contest its accuracy, object to processing, or where we no longer need the data but you require it for legal claims.
  • Right to object: You can object to processing based on legitimate interests and to direct marketing at any time. We will stop such processing unless we demonstrate compelling legitimate grounds or need the data for legal claims.
  • Right to data portability: You can request to receive certain personal data in a structured, commonly used and machine-readable format and have it transmitted to another controller where technically feasible.
  • Rights related to consent: Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect previous lawful processing and may limit certain functionalities (such as receiving marketing offers).

Mexican ARCO Rights (Where Applicable)

For users located in Mexico, we aim to align our practices with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), including:

  • Access: The right to know what personal data we hold about you and how it is processed.
  • Rectification: The right to request corrections of inaccurate or incomplete data.
  • Cancellation (Erasure): The right to request deletion of data when appropriate under Mexican law.
  • Opposition: The right to oppose certain processing activities, particularly for marketing or profiling.

How to Exercise Your Rights

  1. Submit your request: Contact us at support@richprizer.com with the subject "Data Protection Request" and clearly state which right you wish to exercise. You may also write to our postal address.
  2. Identity verification: For your security, we may ask for additional information or documentation to verify your identity before fulfilling the request.
  3. Response timeframe: We aim to respond without undue delay and in any event within 30 days of receiving a complete request. In complex cases, this may be extended by a further 30 days, and we will inform you of any extension and reasons.
  4. Cost: We do not charge a fee for handling rights requests, unless they are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act.

If you are dissatisfied with our response, you have the right to lodge a complaint with a competent data protection authority, as described in the "Complaints & Contacts" section.

Cookies & Tracking Technologies

OBSERVE: We use cookies and similar technologies to operate and improve rich-prizer-united-kingdom at richprizer.com.

EXPAND: These technologies support core functionality, security, analytics and marketing, subject to your choices.

REFLECT: You can manage your cookie preferences through browser settings and, where available, our internal preference tools.

Types of Cookies We Use

  • Strictly necessary (session) cookies: Essential for operating the website, enabling functions such as login, account management, secure payment processing and keeping your session active while you navigate pages.
  • Functional (persistent) cookies: Remember your preferences (such as language, currency, and display settings) to enhance your experience across visits.
  • Analytics/performance cookies: Help us understand how visitors use our site, which pages are popular, and how games perform, allowing us to improve usability and content.
  • Advertising and affiliate (third-party) cookies: Used by us or our partners to measure the performance of campaigns, track affiliate referrals and, where permitted, tailor marketing content.

Managing Cookies

  • Browser settings: Most browsers allow you to view, delete or block cookies, or to receive alerts before a cookie is stored. Please refer to your browser's help section for instructions.
  • Internal tools: Where available, we provide on-site controls (such as a cookie banner or preference centre) that allow you to manage non-essential cookies.
  • Consequences of disabling cookies: Disabling certain cookies may affect website functionality, including your ability to log in, place bets or access some features.

Data Security

OBSERVE: We implement technical and organisational measures to protect your personal data against unauthorised access, loss, misuse or alteration.

EXPAND: Our security controls cover encryption, access management, monitoring, staff training and incident response.

REFLECT: While no system is entirely risk-free, we aim to align with recognised security standards and continuously improve our defences.

Technical Measures

  • Encryption in transit: Data transmitted between your browser and our servers is protected using transport layer security (TLS) protocols (TLS 1.2 or higher), where supported by your device and browser.
  • Encryption at rest: Sensitive data is stored using appropriate encryption or pseudonymisation techniques where feasible and proportionate to risk.
  • Network protection: Firewalls, intrusion detection and prevention systems, rate limiting and other safeguards help protect our infrastructure.
  • Access controls: Access to personal data is restricted to authorised personnel and service providers on a need-to-know basis, using authentication mechanisms and role-based permissions.

Organisational Measures

  • Policies and training: Staff with access to personal data receive training on data protection, confidentiality and security best practices, and are bound by appropriate confidentiality obligations.
  • Vendor due diligence: We assess key service providers for their security and data protection practices and include appropriate contractual safeguards.
  • Monitoring and audits: We monitor system performance and security logs, and may conduct or commission security reviews and audits to assess and improve our controls.

Incident Response

  • Detection and containment: We maintain procedures to identify and respond to potential data breaches or security incidents, including isolating affected systems where necessary.
  • Notification: If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, when required, inform you without undue delay, in accordance with applicable law.
  • Continuous improvement: After incidents or near-misses, we review root causes and implement corrective measures.

We seek to align our security practices with international standards such as ISO/IEC 27001 and SOC 2 where appropriate, although we may not hold formal certifications in all areas.

Complaints & Contacts

OBSERVE: You can contact us or raise complaints regarding how we handle your personal data.

EXPAND: We provide internal complaint channels and information about supervisory authorities in relevant jurisdictions.

REFLECT: Using these avenues helps ensure your concerns are properly investigated and addressed.

Contacting Us First

  1. Internal complaint submission: If you have questions or concerns about this Privacy Policy or our data practices, contact us at support@richprizer.com with a clear description of your issue. You can also reach us by sending a letter to our mailing address.
  2. Acknowledgement: We aim to acknowledge receipt of your complaint within 7 business days.
  3. Investigation and response: We will investigate your complaint and provide a substantive response within 30 days, or explain if more time is needed in complex cases.

Gaming Curaçao and Alternative Dispute Resolution

  • Regulatory complaints regarding gambling operations: You may raise disputes related to our gaming services with the master license holder or Gaming Curaçao using complaints@gaming-curacao.com.
  • Limitations: This offshore dispute channel has historically been described as limited and may not offer the same level of consumer protection as UK-based alternative dispute resolution schemes.

Data Protection Supervisory Authorities

If you are not satisfied with our handling of your personal data, you have the right to lodge a complaint with a supervisory authority.

United Kingdom - Information Commissioner's Office (ICO)

  • Website: https://ico.org.uk
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
  • Telephone: +44 303 123 1113

Mexico - INAI (Where Applicable)

For users located in Mexico, you may have the right to lodge complaints with the Mexican data protection authority:

  • Authority: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI)
  • Website: https://www.inai.org.mx
  • Address: Av. Insurgentes Sur 3211, Insurgentes Cuicuilco, Coyoacán, 04530 Ciudad de México, CDMX, México
  • Telephone: +52 55 5004 2400

EU/EEA Authorities (Where Applicable)

For users in the EU/EEA, you may lodge a complaint with your local data protection authority. Contact details can be found on the European Data Protection Board (EDPB) website.

Updates

OBSERVE: We may update this Privacy Policy from time to time.

EXPAND: Changes can result from legal requirements, technical developments or adjustments to our services and practices.

REFLECT: Staying informed about updates ensures you understand how your data is currently processed.

How We Inform You About Changes

  • Website publication: The current version of this Privacy Policy is always available on richprizer.com.
  • Notifications: For material changes, we may use email notifications, website banners or account dashboard alerts to draw your attention to the updates.
  • Advance notice: Where changes significantly affect your rights or the way we process your data, we will, where feasible, provide at least 30 days' advance notice before the new terms take effect.

Version Control and Changelog

Last updated: January 2026

This version supersedes previous versions (including the version last updated in November 2025). Material changes in recent updates may include, for example:

  • Clarified international transfer mechanisms and safeguards, including additional detail on contractual protections.
  • Expanded description of user rights, including alignment with Mexican ARCO rights where applicable.
  • Updated information for UK users regarding the offshore licensing context and available complaint channels.

Your Options in Case of Changes

  • Continued use: If you continue to use Rich Prize at richprizer.com after changes take effect, you are deemed to have acknowledged the updated Privacy Policy.
  • Objection and account closure: If you do not agree with the updated Privacy Policy, you may object to certain processing activities as described in "Your Rights" or request closure of your account and, where allowed by law, deletion or restriction of your data.