burger icon
Luckia Casino United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how personal data is collected and used when you access or use the Luckia Casino services made available via luckyica.com from the United Kingdom. It applies to players, prospective players, and other visitors to our websites and digital services. OBSERVE: we set out who controls your data, what we collect, why and how we use it, and your rights. EXPAND: the policy also explains how we share data, transfer it internationally, keep it secure, and handle complaints. REFLECT: this Privacy Policy is effective from 1 January 2026 and supersedes prior versions (including the version last updated on 6 November 2025).

Who We Are

OBSERVE: For the purposes of UK data protection law, the primary data controller for Luckia Casino as presented on luckyica.com is part of the Luckia group of companies.

Operator / Controller:
Luckia Gaming Group S.A. (and/or its relevant operating subsidiaries for the Luckia Casino profile)
Registered office (group headquarters): A Coruña, Spain (exact street address and postal code may be provided in your account area or on our corporate website).

EXPAND: The Luckia Casino profile on luckyica.com is designed for users accessing our information from the UK. While luckia.es and luckia.com are corporate and Spain- or internationally oriented domains operated by the same group, your interaction with us for this page occurs via luckyica.com. As of January 2025, the group holds regulated gambling licences in Spain (DGOJ, general licence GA/2011/002), Colombia (Coljuegos, Contract C1472) and Portugal (SRIJ licences 014 and 015), and has had a historical presence in Malta (MGA). It does not hold a UK Gambling Commission licence and is classified for UK residents as a High-Risk / Unregulated Entity for gambling purposes; GamStop and UK statutory ADR do not apply. REFLECT: this does not limit your rights under UK data protection law.

Data Protection Contact / DPO:
Data Protection Officer, Luckia Gaming Group S.A.
E-mail: [email protected]
Postal contact: DPO, Luckia Gaming Group S.A., A Coruña, Spain (full address details available on request).
If you have any questions about this Privacy Policy or how we process your personal data, you can contact the DPO using the details above.

What Personal Data We Collect

OBSERVE: We collect different categories of personal data to provide, secure and improve the Luckia Casino services on luckyica.com. EXPAND: this includes information you give us directly, data we receive from your use of our services, and information we obtain from third parties such as payment providers or verification services. REFLECT: we collect only what is necessary for specified purposes, in line with the principles of lawfulness, fairness, transparency and data minimisation.

Identity and Contact Data

  • Examples: full name, date of birth, nationality, residential address, e-mail address, mobile/telephone number, username, account identifiers.
  • Verification data: copies or details of identity documents (e.g. DNI/NIE under Spanish KYC rules, passport, national ID), proof of address documents, and information used to verify age (18+) and identity.

Account and Gaming Data

  • Account data: registration details, account status, language and communication preferences, self-exclusion or safer-gambling settings where applicable.
  • Behavioural and usage data: betting and gaming history, game sessions, stake sizes, wins and losses, login/logout timestamps, interaction with promotions, clicks and navigation patterns on luckyica.com.

Financial and Transaction Data

  • Payment data: partial card details (masked), bank account identifiers, e-wallet or payment service identifiers, deposit and withdrawal records, applied limits, chargebacks and failed transactions.
  • Anti-fraud and AML data: transaction monitoring results, risk scores, alerts, internal notes on suspicious activity, and sanctions/PEP screening results where required by law.

Technical and Log Data

  • Technical data: IP address, device identifiers, browser type and version, operating system, language settings, time zone, referral URLs.
  • Log data: access logs, security logs, error logs, authentication records, changes to account details, and logs relating to suspected misuse (including suspected VPN or geo-block evasion contrary to our Terms & Conditions).

Cookies and Similar Technologies

  • Cookies: session and persistent cookies set by luckyica.com or trusted third parties for functionality, analytics and advertising (see the "Cookies & Tracking Technologies" section).
  • Similar technologies: web beacons, pixels, tags, SDKs and local storage used to measure campaign performance and prevent fraud.

Communications and Support Data

  • Contact data: records of e-mails, live chat transcripts, support tickets, complaints, and any attachments or screenshots you submit.
  • Surveys and feedback: responses to satisfaction surveys, reviews, or research panels relating to Luckia Casino.

Special Categories and Sensitive Inferences

  • We do not intentionally collect special categories of personal data (such as health or religious beliefs) unless you explicitly choose to share such information with us (for example, when requesting responsible gambling assistance). Where we process such data, we do so only with your explicit consent or where otherwise permitted by law.

Legal Basis for Processing

OBSERVE: Under the UK GDPR and Data Protection Act 2018, we must identify a legal basis for each type of processing. EXPAND: our primary legal bases are performance of a contract, compliance with legal obligations, our legitimate interests and, where applicable, your consent. REFLECT: we balance your rights and interests against our business needs and regulatory duties, and we do not rely on legitimate interests for processing that overrides your fundamental rights.

Performance of a Contract

  • What this covers: creating and managing your account, verifying your identity and age, processing deposits and withdrawals, providing games and related services, and communicating with you about your account and transactions.
  • Why it is needed: without this processing we cannot provide the Luckia Casino services on luckyica.com, honour our obligations to you, or pay you any winnings.

Compliance with Legal Obligations

  • Regulatory compliance: meeting obligations under applicable gambling, anti-money laundering (AML), counter-terrorist financing (CTF), fraud prevention, accounting and tax laws in the jurisdictions where we operate (including Spain under DGOJ rules and other licensed markets).
  • Record-keeping and reporting: retaining transaction and identification records for legally mandated periods, responding to lawful requests from regulators, tax authorities and law enforcement (including UK authorities where applicable).

Legitimate Interests

  • Service improvement and analytics: analysing how users interact with luckyica.com to improve usability, game offering, performance and security.
  • Fraud and abuse prevention: detecting and preventing fraudulent transactions, bonus abuse, account takeover, underage gambling and use of VPNs or other tools to circumvent geo-blocking contrary to our Terms & Conditions.
  • Business management: maintaining internal records, conducting internal audits, and performing statistical and financial analysis in support of our operations.
  • Where we rely on legitimate interests, we conduct a balancing test and you may have the right to object (see "Your Rights").

Consent

  • Marketing communications: sending you e-mail, SMS or push marketing about promotions, bonuses and offers related to Luckia Casino, where you have opted in.
  • Non-essential cookies: using analytics, personalisation and advertising cookies or similar technologies on your device when required by UK law (PECR) and local regulations.
  • Special categories of data: processing any sensitive information you voluntarily provide (for example, in the context of responsible gambling) where explicit consent is required.
  • You may withdraw your consent at any time via your account settings, cookie tools or by contacting us, without affecting the lawfulness of processing before withdrawal.

Purpose of Processing

OBSERVE: We collect and use personal data for specific, explicit and legitimate purposes. EXPAND: these purposes relate to delivering and improving casino services, meeting legal requirements, and communicating effectively with you. REFLECT: we do not use your data in ways incompatible with these purposes.

Providing and Managing Casino Services

  • Opening, maintaining and closing your account for Luckia Casino on luckyica.com.
  • Verifying your age and identity, performing KYC and affordability checks as required in our licensed jurisdictions.
  • Enabling gameplay, processing deposits, wagers and withdrawals, and crediting winnings.
  • Providing customer support, including handling queries, technical issues and operational notices.

Legal, Regulatory and Risk Management

  • Complying with AML/CTF, fraud and gambling regulations applicable to our licensed operations in Spain, Colombia, Portugal and any other relevant jurisdiction.
  • Preventing misuse of our services, including bonus abuse, multi-accounting, and attempts to access regulated markets (such as the UK) via VPNs contrary to our Terms & Conditions.
  • Maintaining appropriate records to demonstrate compliance to regulators and auditors.

Service Improvement and Analytics

  • Monitoring performance and usage of luckyica.com to improve stability, speed and user experience.
  • Analysing aggregated betting and behaviour data to optimise game offerings, promotions and site layout.
  • Conducting statistical and business analysis to support responsible growth and product development.

Marketing and Personalisation

  • Sending you marketing messages about games, tournaments and promotions related to Luckia Casino, subject to your consent or applicable soft opt-in rules.
  • Customising content and offers based on your previous interactions, where permitted by law and your marketing preferences.
  • Measuring the effectiveness of campaigns through cookies, pixels and analytics tools.

Security and Fraud Prevention

  • Monitoring logins, transactions and gameplay to detect unusual or suspicious activity.
  • Maintaining logs and audit trails to investigate security incidents or disputes.
  • Protecting our systems, players and business from cyber threats, account compromises and other abuses.

Disclosure & Sharing

OBSERVE: We only share your personal data with third parties where necessary, lawful and subject to appropriate safeguards. EXPAND: recipients include service providers, payment partners, group companies, competent authorities and, with your consent, marketing and advertising partners. REFLECT: we do not sell your personal data in exchange for money; any sharing is carried out for defined purposes and under contractual controls.

Group Companies and Corporate Structure

  • We may share data within the Luckia Gaming Group S.A. corporate group (including Spain, Colombia, Portugal and any other relevant locations) for operational, compliance, risk management and internal reporting purposes.

Payment and Financial Partners

  • Banks, card schemes, payment processors, e-wallet providers and other financial institutions that process deposits, withdrawals and refunds.
  • Anti-fraud and credit reference agencies to verify identity, prevent fraud and meet AML obligations.

Technology and Service Providers

  • Hosting and infrastructure providers, content delivery networks, security and DDoS protection services.
  • Game suppliers, platform providers, CRM tools, customer support systems and analytics providers that help deliver and improve Luckia Casino services on luckyica.com.

Marketing and Advertising Partners

  • With your consent, we may share limited identifiers and device data with advertising networks, affiliates and campaign partners to deliver or measure targeted campaigns.
  • You may opt out of such marketing at any time; we then cease sharing data for those purposes, while still using data as required for core services and compliance.

Regulators, Authorities and Dispute Resolution

  • Regulatory and supervisory authorities in our licensed jurisdictions (such as DGOJ in Spain, Coljuegos in Colombia, SRIJ in Portugal) where required by law.
  • Law enforcement, courts, tax authorities and other public bodies when we are legally obliged to respond or when necessary to protect our rights or the rights of others.
  • Note: As of January 2025, there is no UK Gambling Commission licence or UK ADR body for Luckia Casino; this does not affect your right to complain to the UK Information Commissioner's Office (ICO) about data protection matters.

Corporate Transactions

  • In the event of a merger, acquisition, restructuring or sale of assets, your personal data may be transferred to the relevant third parties, subject to confidentiality and data protection obligations.

International Transfers

OBSERVE: As a cross-border operator, we may transfer personal data to countries outside the UK. EXPAND: these transfers can occur within the Luckia group and to external providers in the EEA and other jurisdictions, including Spain, Portugal, Colombia and potentially Malta or other locations. REFLECT: we use appropriate safeguards to ensure your data remains protected to a standard essentially equivalent to UK law.

Transfers Within the EEA and Adequacy Countries

  • Transfers from the UK to the European Economic Area (EEA), including Spain and Portugal, generally benefit from adequacy decisions recognising equivalent protection standards.
  • Where the UK grants adequacy to a country, we may rely on that decision as a legal basis for transfer.

Transfers to Non-Adequate Countries

  • When transferring data to countries that do not benefit from an adequacy decision (for example, Colombia or certain service providers in other jurisdictions), we implement appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs).
  • We assess the laws and practices of the destination country and, where necessary, apply additional technical and organisational measures (such as encryption, access controls and data minimisation) to protect your data.

Onward Transfers and Access

  • Access to your data is limited to persons who need it for the purposes described in this Privacy Policy and who are bound by confidentiality obligations.
  • You may contact us for more information on the safeguards used for any specific transfer of your personal data.

Data Retention

OBSERVE: We retain personal data only for as long as necessary for the purposes for which it was collected and to meet legal obligations. EXPAND: retention periods vary by data type and context, particularly due to AML, gambling and accounting requirements in our licensed jurisdictions. REFLECT: once the relevant period expires, we securely delete or anonymise your data.

General Retention Principles

  • We keep data for the duration of your active relationship with us (for example, while your Luckia Casino account on luckyica.com remains open and for a period after closure).
  • We then retain certain records for defined periods to comply with legal obligations, resolve disputes and enforce our agreements.

Indicative Retention Periods

  • Account and identification data: typically up to 5 years after account closure, to satisfy AML, CTF and gambling regulatory requirements and for the establishment or defence of legal claims.
  • Transaction and financial data: typically up to 5 - 7 years after the relevant transaction, in line with accounting and tax record-keeping rules.
  • Marketing data: retained until you opt out or withdraw consent, or for a shorter period where local rules require more frequent refresh; suppression lists to respect your opt-out may be kept longer.
  • Technical logs and security records: retained for shorter operational periods (often months rather than years) unless required longer for security investigations or legal purposes.

Deletion and Anonymisation

  • When data is no longer needed, we either securely delete it or irreversibly anonymise it so that it can no longer be linked to you.
  • We may retain anonymised or aggregated data indefinitely for statistical, analytical and business planning purposes.
  • You may request deletion of your data; where we cannot comply due to legal obligations, we will explain the reasons and restrict processing where possible (see "Your Rights").

Your Rights

OBSERVE: Under the UK GDPR and Data Protection Act 2018, you have specific rights regarding your personal data. EXPAND: these include rights of access, rectification, erasure, restriction, objection, portability and withdrawal of consent, as well as the right to lodge a complaint with a supervisory authority. REFLECT: we process requests free of charge in most cases and respond within one month, extendable by up to two further months for complex or numerous requests.

Right of Access

  • You can ask us whether we process your personal data and request a copy of that data, together with information about how we use it.

Right to Rectification

  • You can request correction of inaccurate personal data and completion of incomplete information. You can also update many details directly via your luckyica.com account where available.

Right to Erasure ("Right to Be Forgotten")

  • You can request deletion of your personal data where, for example, it is no longer necessary for the purposes for which it was collected, you have withdrawn consent and there is no other legal basis, or you successfully object to processing.
  • We may not be able to delete data that we must retain for legal reasons (such as AML, tax or regulatory obligations); in such cases we will inform you and restrict processing as far as possible.

Right to Restrict Processing

  • You may ask us to restrict processing of your data while we verify its accuracy, assess an objection, or where processing is unlawful and you prefer restriction to deletion.

Right to Object

  • You can object at any time to processing based on our legitimate interests, including profiling related to such interests.
  • We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing is required for legal claims.
  • You can also object at any time to processing for direct marketing; we will then stop such marketing without exception.

Right to Data Portability

  • You can request to receive certain personal data you have provided to us in a structured, commonly used and machine-readable format and ask us to transmit it to another controller where technically feasible.

Right to Withdraw Consent

  • Where we rely on your consent (for example, for marketing or certain cookies), you may withdraw it at any time via your account settings, the unsubscribe link in communications, cookie tools, or by contacting us.
  • Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.

Exercising Your Rights

  • How to contact us: To exercise any of these rights, contact the DPO at [email protected] and provide sufficient information to identify your account (such as username, registered e-mail and country of residence).
  • Verification: We may request additional information to confirm your identity before responding, to protect your account and prevent fraud.
  • Response time: We aim to respond within one month of receiving a valid request. For complex or numerous requests, this may be extended by up to two additional months; if so, we will inform you and explain the reasons.
  • Cost: Requests are handled free of charge unless they are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request in line with the UK GDPR.

Right to Lodge a Complaint

  • You have the right to lodge a complaint with the UK data protection supervisory authority if you believe your rights have been infringed.
  • UK supervisory authority (ICO): Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom - https://ico.org.uk.
  • We encourage you to contact us first so we can try to resolve your concerns directly, but you are not obliged to do so before contacting the ICO.

Cookies & Tracking Technologies

OBSERVE: We use cookies and similar technologies on luckyica.com to operate and improve the Luckia Casino experience. EXPAND: some cookies are strictly necessary, while others help us analyse performance, personalise content or deliver advertising. REFLECT: you can control non-essential cookies through our consent tools and your browser settings, in accordance with UK law (including PECR).

Types of Cookies We Use

  • Session cookies: temporary cookies that remain on your device only while your browser is open and are deleted when you close it.
  • Persistent cookies: remain for a longer period or until deleted manually, used for settings and login preferences.
  • First-party cookies: set directly by luckyica.com.
  • Third-party cookies: set by trusted partners (e.g. analytics, advertising or game providers) when you visit our site.

Cookie Purposes

  • Strictly necessary / functional: required for the site to work correctly (e.g. keeping you logged in, processing payments, providing core security features).
  • Performance / analytics: help us understand how visitors use the site (e.g. page views, click paths, error messages) so we can improve functionality and reliability.
  • Personalisation: remember your language, region or other preferences to tailor your experience.
  • Advertising and tracking: measure the effectiveness of campaigns and, where allowed, deliver more relevant offers relating to Luckia Casino.

Managing Cookies

  • You can manage your cookie preferences via our on-site cookie banner or settings panel, where available, choosing to accept or reject non-essential categories.
  • Most browsers also allow you to block or delete cookies through their settings. If you block all cookies, some features of luckyica.com may not function correctly.
  • Changes to your cookie settings may not affect cookies already stored; you may need to delete them manually via your browser tools.

Data Security

OBSERVE: Protecting your personal data is a core priority. EXPAND: we apply appropriate technical and organisational measures designed to prevent unauthorised access, alteration, disclosure or loss. REFLECT: while no system can be guaranteed 100% secure, we continually assess and improve our controls in line with recognised industry standards.

Technical Measures

  • Encryption in transit: data transmitted between your browser and our systems is protected using TLS 1.2+ (or successor protocols) wherever technically feasible.
  • Encryption at rest: sensitive data is stored using strong encryption and hashing where appropriate (for example, for passwords and certain financial information).
  • Access controls: role-based access control (RBAC), strong authentication (including multi-factor authentication for administrative access) and strict logging of privileged actions.
  • Network security: firewalls, intrusion detection/prevention systems, segmentation and regular vulnerability management.

Organisational Measures

  • Policies and training: internal data protection and security policies, with regular staff training and awareness programmes.
  • Need-to-know principle: access to personal data is limited to personnel and providers who require it for their role and are bound by confidentiality obligations.
  • Vendor due diligence: assessment and contractual controls for third-party processors, including data protection requirements and security obligations.

Monitoring, Testing and Standards

  • Regular security monitoring, logging and review of systems to identify potential threats or incidents.
  • Periodic reviews and testing of our security measures, including vulnerability assessments and, where appropriate, penetration testing.
  • We seek to align our information security practices with recognised standards such as ISO 27001 and SOC 2, where appropriate for our operations, although this does not imply formal certification unless expressly stated on our corporate channels.

Incident Response

  • If we become aware of a personal data breach likely to result in a risk to your rights and freedoms, we will assess the impact and notify the relevant supervisory authority and affected individuals in accordance with legal requirements.

Complaints & Contacts

OBSERVE: We aim to handle all privacy concerns promptly and fairly. EXPAND: you can contact us through several channels, and you also have the right to escalate matters to the UK Information Commissioner's Office. REFLECT: using our internal process helps us resolve issues efficiently but does not affect your statutory rights.

Contacting Us

  • E-mail: [email protected] (Data Protection / Privacy).
  • Online form: where available, you can submit a privacy-related query or complaint via the contact or support forms on luckyica.com, clearly marking it as "Data Protection".
  • Postal mail: Data Protection Officer, Luckia Gaming Group S.A., A Coruña, Spain (full address provided on request or via our corporate site).

Internal Complaint Procedure

  1. Submission: Send us a clear description of your concern, including your contact details and relevant account information (e.g. username and registered e-mail).
  2. Acknowledgement: We aim to acknowledge receipt of your complaint within 5 working days.
  3. Investigation: We will review your complaint, consult relevant records and, where appropriate, contact you for additional information.
  4. Response: We aim to provide a substantive response within 1 month. For complex cases, we may need more time; if so, we will inform you and explain why.
  5. Escalation: If you are not satisfied with the outcome, you may request that your case be escalated to our Data Protection Officer or senior management for further review.

Escalation to Supervisory Authority

  • If you believe we have not handled your personal data in accordance with applicable law, you can lodge a complaint with the UK Information Commissioner's Office (ICO) using the contact details set out in the "Your Rights" section.
  • Depending on your residence and the location of the controller, you may also have the right to complain to another competent data protection authority in the European Economic Area or elsewhere.

Updates

OBSERVE: Our services and legal obligations may change over time. EXPAND: we may update this Privacy Policy to reflect changes in our processing activities, legal requirements or industry standards. REFLECT: when we make significant changes, we will notify you and give you an opportunity to review the updated terms.

How We Notify You

  • Website notice: posting the updated Privacy Policy on luckyica.com with a revised "Last updated" date.
  • Direct communications: for material changes, notifying you by e-mail and/or in-account messages where appropriate.
  • On-site banners: displaying banners or pop-ups highlighting key changes when you next visit or log in.

Advance Notice and Your Options

  • For significant changes that materially affect your rights or the way we use your data, we will provide, where practicable, at least 30 days' notice before the changes take effect.
  • If you do not agree with the updated Privacy Policy, you may close your account (if you hold one) and stop using the Luckia Casino services on luckyica.com. We will continue to process your data only as required for closure and legal obligations.

Version Control

  • Last updated: January 2026.
  • Previous key changes:
  • November 2025: clarification of international transfers and expanded information on regulatory licences (Spain, Colombia, Portugal, historical Malta presence) and status for UK players.
  • January 2026: enhanced explanations of legal bases, user rights, security measures and cookie controls; explicit clarification that Luckia Casino as presented on luckyica.com is not licensed by the UK Gambling Commission and is considered high-risk/unregulated for UK gambling law purposes, without prejudice to your data protection rights under UK GDPR.