burger icon
Casino Metropol United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Casino Metropol, through the Casino Metropol version of its website available at metropolca.com, collects, uses, shares, and protects personal data of players and website visitors. It applies to all users who visit, register, or otherwise interact with our services via metropolca.com, whether or not they open a real-money account. This Privacy Policy is effective from 6 November 2025 and complements our Terms and Conditions and Responsible Gaming information.

Who We Are

Data Controller

The services provided via the Casino Metropol version of metropolca.com are operated by:

  • Company name: Realm Entertainment Limited
  • Registered number: C51126
  • Legal form: Limited company incorporated under the laws of Malta
  • Registered and principal place of business: Betsson Experience Centre, Ta' Xbiex Seafront, Ta' Xbiex, XBX 1027, Malta
  • Gaming licence: Malta Gaming Authority (MGA) licence number MGA/B2C/196/2010 for the provision of online casino services

Realm Entertainment Limited is a wholly-owned subsidiary within the Betsson group of companies and is responsible for determining the purposes and means of processing your personal data in connection with metropolca.com and the Casino Metropol instance.

Data Protection Contact

We have appointed a data protection contact function (Data Protection Officer or equivalent) responsible for overseeing questions in relation to this Privacy Policy.

  • Postal address: Data Protection Officer, Realm Entertainment Limited, Betsson Experience Centre, Ta' Xbiex Seafront, Ta' Xbiex, XBX 1027, Malta
  • Website contact: through the contact or support facilities on https://metropolca.com
  • Regulatory support (gaming-related): Malta Gaming Authority player support page at https://mga.org.mt/support/

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us using the above details. We may ask you to verify your identity before handling your request.

What Personal Data We Collect

Identification and Contact Data

  • Basic identification: full name, date of birth, gender, nationality, and unique account identifiers.
  • Contact details: email address, postal address, country of residence, mobile and/or landline telephone numbers (where provided), preferred language.
  • Verification data (KYC): copies or details of identity documents (e.g. passport, ID card, driving licence), proof of address (e.g. utility bill, bank statement), and any additional information required to verify your identity or source of funds.

Account, Gameplay and Behavioural Data

  • Account information: username, passwords or other authentication credentials (stored in encrypted form), security questions and answers, account status, account settings and preferences.
  • Gameplay and transactional behaviour: betting history, games played, session duration, frequency of play, stake sizes, wins and losses, bonuses used, promotions joined, self-exclusion or cooling-off details, and responsible gaming limits you set.
  • Communication records: records of emails, chats, phone calls (where applicable), internal messages, and complaint correspondence.

Financial and Payment Data

  • Payment details: partial payment card details (card type, masked card number), e-wallet identifiers, bank account or IBAN details where required for payouts, and payment transaction identifiers.
  • Financial history: deposits, withdrawals, chargebacks, refunds, and related payment logs.
  • Anti-money laundering (AML) and affordability data: information on income, source of funds, occupation, and other financial information required under AML, counter-terrorist financing (CTF), and responsible gambling obligations.

Technical and Usage Data

  • Technical identifiers: IP address, device identifiers, operating system, browser type and version, language settings, time zone, and approximate location derived from IP.
  • Log and event data: login timestamps, logouts, failed login attempts, changes to security credentials, device fingerprints, performance and error logs.
  • Usage patterns: pages visited, clicks, navigation paths, time spent on pages, referral URLs, and interactions with banners, emails, and push notifications.

Cookies and Similar Technologies

  • Cookies: small text files stored on your device that may be session-based (deleted when you close your browser) or persistent (stored for a defined period).
  • Similar identifiers: pixel tags, web beacons, local storage, SDKs and similar technologies used for analytics, security, and advertising (where permitted).

Further details are provided in the "Cookies & Tracking Technologies" section below.

Special Categories and Sensitive Data

We generally do not seek to collect special-category data (such as health data) but, in the context of responsible gambling and self-exclusion, we may process limited information relating to your health or vulnerabilities where you voluntarily provide it (for example, when you inform us of a gambling problem). Such processing is carried out only where strictly necessary, subject to enhanced confidentiality safeguards and as permitted by applicable law.

Minors

Our services are intended only for persons aged 18 years or over (or the higher legal gambling age in your jurisdiction). We do not knowingly collect personal data relating to minors. If we discover that a minor has provided personal data or opened an account, we will close the account and delete or anonymise the data as soon as reasonably practicable, subject to any legal obligations that require retention.

Legal Basis for Processing

We process personal data in accordance with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and, where applicable, the EU General Data Protection Regulation ("EU GDPR") and Maltese data protection law. Depending on the specific processing activity, we rely on one or more of the following legal grounds:

Performance of a Contract

  • Account creation and management: processing data to register and maintain your Casino Metropol account on metropolca.com, verify your age and eligibility, and manage your profile and preferences.
  • Provision of services: enabling you to deposit funds, place bets, participate in games, receive bonuses, and withdraw winnings.
  • Customer support: communicating with you in relation to your account, resolving technical issues, handling complaints, and responding to queries.

Compliance with Legal Obligations

  • AML/CTF and KYC: verifying your identity, detecting and preventing fraud, money laundering, and terrorist financing, and fulfilling record-keeping obligations under Maltese, EU, and UK laws and regulatory rules applicable to our MGA-licensed operations.
  • Responsible gambling duties: monitoring play to identify potential problem gambling and applying tools such as self-exclusion, limits, and affordability checks as required by law and regulatory guidance.
  • Tax and accounting: maintaining transaction records and financial documentation for mandatory retention periods.
  • Regulatory and law enforcement requests: responding to lawful orders, investigations, and reporting obligations from competent authorities.

Legitimate Interests

  • Service improvement and analytics: analysing aggregated and pseudonymised data to improve game offerings, website performance, user experience, and fraud detection mechanisms.
  • Network and information security: ensuring the security of our systems, preventing unauthorised access, combatting bots and abuse, and testing system resilience.
  • Internal management: conducting internal audits, business reporting, quality assurance, and risk management across the Betsson group.
  • Direct marketing to existing customers: sending carefully selected offers relating to our own products and services via email, SMS, or push notifications (subject to your rights to object and applicable e-privacy rules such as the UK Privacy and Electronic Communications Regulations).

Consent

  • Marketing communications to non-customers or where required by law: sending promotional emails, SMS, or push notifications where we are required to obtain your prior consent.
  • Non-essential cookies and similar technologies: placing and accessing analytics, personalisation, and advertising cookies, and similar technologies, in accordance with your cookie preferences.
  • Special-category data: processing any health or vulnerability information you voluntarily provide in connection with responsible gambling support, where such processing is based on your explicit consent or another permitted legal basis.

Where we rely on consent, you may withdraw it at any time using the mechanisms described in this Privacy Policy. Withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal.

Purpose of Processing

Provision and Administration of Casino Services

  • Account registration and maintenance: opening, verifying, operating, and closing your Casino Metropol account on metropolca.com, including management of credentials, preferences, and responsible gambling settings.
  • Gameplay and transaction processing: enabling deposits, bets, game participation, bonuses, and withdrawals, and maintaining accurate records of your activity for operational and legal purposes.
  • Customer support and communication: providing assistance, responding to queries, notifying you about changes to our terms, policies, or services, and sending transactional messages such as deposit confirmations.

Compliance, Risk Management and Responsible Gambling

  • Regulatory compliance: fulfilling obligations under gaming, AML/CTF, tax, accounting, and consumer protection laws, including mandatory reporting and record keeping.
  • Fraud and abuse prevention: detecting, investigating, and preventing fraud, collusion, chargebacks, bonus abuse, account takeover, money laundering, and other unlawful or prohibited activities.
  • Responsible gambling: monitoring playing patterns, applying limits, and implementing self-exclusion and other measures to promote safer gambling and to comply with regulatory standards.

Service Improvement, Personalisation and Analytics

  • Service optimisation: analysing technical performance and user behaviour to maintain, secure, and optimise the functioning of metropolca.com and related services.
  • Product development: aggregating and anonymising data to understand trends, develop new features and games, and improve our offerings for players, including those using Casino Metropol.
  • Personalisation: tailoring content, recommendations, user interface elements, and promotional materials to your preferences and playing style, where permitted by law and your settings.

Marketing and Communication

  • Marketing communications: sending news, promotions, bonuses, and offers relating to Casino Metropol and metropolca.com via email, SMS, push notifications, and in-site messages, subject to applicable consent and opt-out rules.
  • Advertising and measurement: using cookies and similar technologies to measure the effectiveness of campaigns, avoid showing the same adverts repeatedly, and understand how users interact with our marketing, where you have allowed such cookies.

Legal, Business and Administrative Purposes

  • Dispute handling: investigating and resolving disputes, complaints, and chargebacks, including cooperation with alternative dispute resolution bodies and regulators.
  • Corporate transactions: managing business reorganisations, mergers, acquisitions or asset transfers, where your data may be disclosed under appropriate safeguards.
  • General administration: conducting internal audits, accounting, billing, and other back-office activities necessary to run our business in a compliant manner.

Disclosure & Sharing

We do not sell your personal data. However, for the purposes described in this Privacy Policy, we may share your data with carefully selected recipients, always subject to appropriate contractual and security safeguards.

Within the Betsson Group

  • Group companies: other entities within the Betsson group that provide shared services such as IT, risk, compliance, finance, customer support, and marketing in support of metropolca.com and Casino Metropol.

Service Providers and Business Partners

  • Payment processors and banks: providers that process card payments, e-wallet transactions, bank transfers, and other payment methods on our behalf.
  • KYC, AML, and risk management providers: identity verification services, credit reference agencies, fraud detection services, and other due diligence partners.
  • Technology and hosting providers: cloud hosting, data storage, security services, analytics providers, and other IT vendors that support our infrastructure.
  • Marketing and analytics partners: email delivery platforms, customer relationship management (CRM) tools, advertising networks, and analytics providers that help us manage campaigns and understand user engagement, where permitted by your consent and applicable law.
  • Affiliates: marketing affiliates and partners that refer players to metropolca.com, to the extent necessary for attribution, commission calculation, and fraud prevention.

Regulators, Authorities, and Dispute Bodies

  • Gaming regulator: the Malta Gaming Authority (MGA) and its designated bodies, particularly in relation to our licence MGA/B2C/196/2010. The MGA support channel is available at https://mga.org.mt/support/ and the licence registry at https://mga.org.mt/registry/.
  • Data protection authorities: such as the Office of the Information and Data Protection Commissioner in Malta, the UK Information Commissioner's Office (ICO), and, where relevant, other supervisory authorities within the European Economic Area and in your country of residence.
  • Law enforcement and public authorities: where we are required or permitted by law to disclose data for the purposes of preventing or investigating crime, enforcing legal rights, or complying with court orders.
  • Alternative dispute resolution (ADR) bodies: competent dispute resolution bodies that may handle complaints relating to our services.

Corporate Transactions and Legal Rights

  • Corporate restructuring: potential buyers, their advisors, and other third parties in connection with any merger, acquisition, sale of assets, or similar corporate transaction, subject to confidentiality obligations.
  • Legal advisors and auditors: professional advisers, including lawyers, accountants, and auditors, as necessary for the establishment, exercise, or defence of legal claims, compliance, and corporate governance.

Whenever we share personal data, we do so only to the extent necessary and, where appropriate, on the basis of data processing agreements that require recipients to protect your data and to use it only for the specified purposes.

International Transfers

Realm Entertainment Limited is established in Malta, a Member State of the European Union. Your data may therefore be processed in Malta and in other countries where the Betsson group or its trusted service providers operate, including the United Kingdom and, in some cases, countries outside the European Economic Area ("EEA") and the UK.

Transfers Within the EEA and to the UK

  • EEA-UK data flows: transfers of personal data between the EEA and the United Kingdom are permitted under adequacy regulations adopted by the European Commission and the UK government, which recognise each other's data protection frameworks as providing an adequate level of protection.
  • Group processing: your data may be accessed from or processed in Malta, the UK, and other EEA countries where group entities and service providers are located, subject to internal policies and access controls.

Transfers to Other Third Countries

  • Standard Contractual Clauses (SCCs): where personal data is transferred to countries that do not benefit from an adequacy decision, we implement European Commission-approved and/or UK-approved Standard Contractual Clauses (or equivalent instruments) to ensure appropriate safeguards.
  • Additional safeguards: depending on the context, we may apply supplementary measures such as encryption, pseudonymisation, strict access controls, and data minimisation to further protect your data.
  • Onward sharing: we require our third-party recipients to comply with applicable data protection laws and to process personal data only in accordance with our documented instructions.

You may request further information about the international transfer mechanisms that apply to your data, or a copy of the relevant contractual safeguards, by contacting our data protection contact (subject to redactions where necessary to protect confidentiality).

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, regulatory, and reporting requirements. Retention periods may vary depending on the category of data and applicable law. As a general guide:

Category of data Typical retention period Main rationale
Account and identification data (including KYC files) Up to 5-10 years after account closure Compliance with AML/CTF, gaming, and record-keeping obligations.
Gameplay and transaction data Up to 10 years from the relevant transaction Accounting, tax, regulatory reporting, dispute handling, and audit requirements.
Customer support and complaint records Up to 5 years after resolution of the issue Evidence of communications, dispute resolution, regulatory queries.
Marketing and preference data For as long as you remain subscribed and up to 5 years after last active interaction Managing marketing preferences and evidencing consent and opt-outs.
Technical logs and security data Approx. 6-24 months Security incident detection, troubleshooting, and systems integrity.
Data relating to disputes or legal claims Until the claim is resolved, then as required by limitation periods Establishment, exercise, or defence of legal claims.

Where data is no longer required for the purposes for which it was collected and no longer needs to be retained under legal obligations, we will delete or irreversibly anonymise it. In some cases, data may be retained in secure backups for a limited additional period before being overwritten. If you request deletion of your data, we will also consider our legal obligations and legitimate interests; we may retain certain data where we have a lawful basis to do so, for example to comply with AML rules or defend legal claims.

Your Rights

As a data subject, you have a number of rights in relation to your personal data under UK GDPR, EU GDPR (where applicable), and aligned Mexican privacy principles. We aim to facilitate these rights in a transparent and accessible way.

Your Rights under UK/EU Data Protection Law

  • Right of access: you can request confirmation of whether we process your personal data and obtain a copy of that data, along with information about how we use it.
  • Right to rectification: you can request correction of inaccurate data and completion of incomplete data. You can often update your details directly via your account settings.
  • Right to erasure: you can request deletion of your personal data where it is no longer needed, where you withdraw consent (and there is no other legal basis), or where processing is unlawful. This right is subject to legal retention obligations, particularly in AML and gaming contexts.
  • Right to restriction: you can ask us to restrict processing in certain circumstances, for example while we verify the accuracy of data or assess an objection.
  • Right to object: you can object at any time to processing based on our legitimate interests, including profiling related to such interests. You always have the right to object to direct marketing, after which we will stop sending you marketing messages.
  • Right to data portability: where processing is based on consent or contract and carried out by automated means, you can request that we provide your data in a structured, commonly used, machine-readable format, or transmit it to another controller where technically feasible.
  • Right not to be subject only to automated decisions: you have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects you, except where permitted by law and subject to safeguards. We may use automated tools for fraud detection and responsible gambling monitoring, but manual review is involved where decisions significantly affect you.
  • Right to withdraw consent: where we rely on consent, you may withdraw it at any time via your account settings, unsubscribe links in messages, cookie management tools, or by contacting us. Withdrawal does not affect prior lawful processing.

Alignment with Mexican Privacy Rights

While Casino Metropol on metropolca.com is primarily targeted at UK users and regulated under EU/UK data protection law, we also endeavour to align with core principles of Mexican data protection regulations, such as the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), for users who may access our services from Mexico.

  • ARCO rights (Access, Rectification, Cancellation, Opposition): if you are located in Mexico, you may exercise rights that broadly correspond to the access, rectification, erasure (cancellation), and objection rights outlined above. We will consider such requests in line with both Mexican law (where applicable) and our EU/UK obligations.
  • Consent and revocation: if our processing of your data in a Mexican context relies on consent, you may revoke that consent, subject to legal and contractual limitations similar to those described in this Policy.

How to Exercise Your Rights

  1. Submit your request: contact us via the support/contact section on https://metropolca.com or by writing to our Data Protection Officer at the postal address provided in the "Who We Are" section, clearly indicating that your message concerns a data protection right.
  2. Verification: we may ask you to provide information to confirm your identity (e.g. account details or identification documents) to ensure that we do not disclose data to unauthorised persons.
  3. Assessment: we will review your request, consider our legal and regulatory obligations, and determine how it can be fulfilled. Where we decline or limit your request, we will provide reasons unless prohibited by law.
  4. Response timeframe: we aim to respond within one month (30 days) of receiving a complete request. This period may be extended by up to a further two months for complex or multiple requests, in which case we will inform you of the extension and reasons.
  5. Charges: requests are generally handled free of charge. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, in accordance with applicable law.

Cookies & Tracking Technologies

We use cookies and similar technologies on metropolca.com to operate the site, enhance your experience, conduct analytics, and deliver relevant marketing in compliance with the UK Privacy and Electronic Communications Regulations and applicable EU e-privacy rules.

Types of Cookies We Use

  • Strictly necessary (session) cookies: essential for the operation of the website and the Casino Metropol services, enabling functions such as login, session management, security, and language preferences. These are typically session cookies that expire when you close your browser.
  • Functional (persistent) cookies: used to remember your preferences (such as saved settings, display options, or remembering you between sessions) to provide a more personalised experience.
  • Analytics and performance cookies: used to collect aggregated information about how visitors use metropolca.com (e.g. which pages are visited most often, error messages, click paths) to help us improve site performance and usability.
  • Advertising and tracking cookies: set by us or our selected third-party partners to deliver relevant advertisements, measure campaign effectiveness, and limit the number of times you see a particular advert, where you have consented to such cookies.

Managing Your Cookie Preferences

  • Cookie banner and settings: when you first visit metropolca.com (and periodically thereafter), a cookie banner will allow you to accept or manage non-essential cookies. You can adjust your preferences at any time via the cookie settings tool available on the website, where provided.
  • Browser controls: most browsers allow you to block, delete, or disable cookies through their settings. The methods differ by browser; please refer to your browser's help section for details. Blocking certain cookies may affect the functionality of the site.
  • Do Not Track and similar signals: while we respect privacy-focused technologies, our response to browser-based "Do Not Track" signals may be limited due to the evolving nature of standards. Your most reliable control is through our cookie management tools and your browser settings.

Further details on the specific cookies used, their duration, and their providers may be presented in a dedicated cookie notice or within our cookie management interface on metropolca.com.

Data Security

We take the security of your personal data seriously and implement a combination of technical and organisational measures designed to protect it against unauthorised access, loss, destruction, or alteration.

Technical Measures

  • Encryption in transit: data transmitted between your browser and metropolca.com is protected using industry-standard Transport Layer Security (TLS) protocols (version 1.2 or higher), helping to prevent interception and tampering.
  • Encryption at rest: sensitive data, including passwords and certain financial information, is stored using strong encryption and hashing techniques, with keys managed under strict controls.
  • Access controls and authentication: access to production systems is restricted to authorised personnel on a need-to-know basis and is protected by multi-factor authentication and role-based permissions.
  • Network security: firewalls, intrusion detection and prevention systems, and regular security monitoring are used to detect and mitigate malicious activity.

Organisational and Procedural Measures

  • Policies and training: staff handling personal data are subject to confidentiality obligations and receive regular training on data protection, information security, and responsible handling of player information.
  • Vendor due diligence: we select third-party service providers carefully and require them to implement appropriate security measures and comply with applicable data protection law.
  • Testing and audits: our systems are subject to regular security assessments, including vulnerability scanning and, where appropriate, penetration testing and independent audits. We aim to align our practices with recognised industry standards such as ISO/IEC 27001 and SOC 2, where applicable.
  • Incident response: we maintain procedures to detect, investigate, and respond to potential data breaches. In the event of a breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required by law, affected individuals without undue delay.

Complaints & Contacts

If you have concerns about how we handle your personal data in relation to Casino Metropol on metropolca.com, you have multiple channels to contact us and, if necessary, escalate your complaint.

Contacting Us First

  1. Initial contact: use the support or contact options on https://metropolca.com, or write to our Data Protection Officer at the postal address listed in the "Who We Are" section, describing your concern in as much detail as possible.
  2. Acknowledgement: we will acknowledge receipt of your complaint or request as soon as reasonably practicable, typically within a few business days.
  3. Investigation and response: we will investigate your concern and aim to provide a substantive response within 30 days. Complex matters may take longer, in which case we will inform you of the delay and expected timeframe.
  4. Escalation internally: if you are not satisfied with the initial response, you may request that the matter be escalated to our Data Protection Officer or another appropriate senior representative for further review.

Complaints to Supervisory Authorities

  • Malta - Data protection: you may lodge a complaint with the Office of the Information and Data Protection Commissioner (IDPC), the Maltese data protection authority, if you believe your data has been processed in violation of applicable laws.
  • United Kingdom - Data protection: if you are in the UK, you may contact the Information Commissioner's Office (ICO). Up-to-date contact details are available at the ICO's website (for example, https://www.ico.org.uk).
  • European Union - Other DPAs: if EU GDPR applies to you, you may also complain to your local supervisory authority in the EEA.
  • Mexico - Data protection alignment: if you are located in Mexico and believe your rights under Mexican data protection law have been affected, you may contact the relevant Mexican data protection authority (such as INAI) for further guidance.
  • Gaming-related complaints: for issues specific to our gaming services that remain unresolved, you may contact the Malta Gaming Authority using the player support channel at https://mga.org.mt/support/, in line with its procedures.

We encourage you to contact us first so we can try to resolve your concerns directly, but you have the right to approach a supervisory authority at any time.

Updates

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, or industry best practices. The version posted on https://metropolca.com/en/privacy-policy will always indicate the date on which it was last updated.

Notification of Changes

  • Last updated notice: the "Last updated" date at the end of this document indicates the most recent revision (currently November 2025).
  • Material changes: where changes materially affect your rights or the way we process your data, we will provide additional notice, which may include email notifications, prominent banners on the website, and/or alerts in your account dashboard.
  • Advance notice: for significant changes that require your attention or consent, we will endeavour to provide at least 30 days' advance notice before the changes take effect, unless immediate changes are required by law or for security reasons.

Your Responsibility and Options

  • Reviewing updates: we encourage you to review this Privacy Policy periodically so that you remain informed about how we process your personal data in connection with Casino Metropol and metropolca.com.
  • Continued use: where permitted by law, your continued use of our services after the effective date of an updated Privacy Policy will constitute your acknowledgement of the changes.
  • Right to object or close account: if you do not agree with material changes, you may choose to stop using our services and request closure of your account. We will then handle your data in accordance with this Privacy Policy and applicable retention requirements.

Last updated: November 2025