burger icon
Olymp United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Olymp, operated through the online casino service available at ollymp.casino and certain related access or "mirror" domains, collects, uses, shares, and protects your personal data. It applies to all visitors to ollymp.casino, registered players, and any other individuals who interact with our services, whether you access the site directly or via mirror domains such as jackpot.olympwin.net or other alternative URLs used to reach ollymp.casino from the United Kingdom or elsewhere. The Policy is designed to meet the requirements of UK data protection law (including the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018), as well as to align with relevant international standards for online gambling services. It also incorporates principles from the EU GDPR for users in the European Economic Area ("EEA") and key aspects of Mexican data protection law where applicable. This Privacy Policy is effective from 6 November 2025 and is intended to remain in force throughout 2025 unless replaced or updated in accordance with the "Updates" section below.

Who We Are

In this section we OBSERVE who controls your data, EXPAND on our licensing and geographical footprint, and REFLECT how you can contact us about privacy matters.

The Olymp online casino service, available via ollymp.casino and related mirror domains, is operated by a private company established and managed out of Willemstad, Curaçao. The operator forms part of a network of "crypto-first" online casinos.

The service is provided under an online gambling licence issued in Curaçao:

  • Licensing jurisdiction: Curaçao eGaming (under Antillephone N.V. sub-licence 8048/JAZ)
  • Licence type: Online gambling / casino
  • Licence status: Active as of January 2025 (according to the validator seal; precise expiry date may vary)
  • UK presence: No registered office in the UK and not licensed by the UK Gambling Commission; ollymp.casino operates as a grey-market casino for UK residents.

The source corporate data describes the operator's management location as Willemstad, Curaçao, but does not specify a full legal entity name, street address, or postal code. The most current legal name and registered address of the operator are published in the footer of ollymp.casino and/or in your account area and are incorporated by reference into this Privacy Policy.

For data protection queries, including exercising your rights, please contact our data protection contact point (Data Protection Officer or equivalent privacy function) using the details provided in the "Complaints & Contacts" section and in the "Contact" or "Help" sections of ollymp.casino. These channels are the primary means to reach our data protection team.

What Personal Data We Collect

Here we OBSERVE the categories of data we handle, EXPAND with practical examples tied to gambling services, and REFLECT on how these datasets relate to your use of ollymp.casino.

Personal identification and contact data

  • Identity data: full name, date of birth, nationality, gender (where required for KYC/AML purposes), and copies or details of identity documents (passport, ID card, driving licence) when needed to verify your age and identity.
  • Contact data: email address, mobile and/or landline phone number, preferred language, and any postal or billing address you provide.
  • Account data: username, encrypted password, security questions or authentication tokens, account settings, and communication preferences.

Technical and device data

  • Technical identifiers: IP address, approximate location derived from IP, device identifiers, browser type and version, operating system, and language settings.
  • Usage logs: login timestamps, session duration, pages and screens viewed, clicks, scrolling and navigation paths, error logs, and device performance indicators.
  • Access route data: whether you connected via ollymp.casino directly or via a mirror/alternative domain (for example, where UK ISPs block access and you use a VPN or other route).

Payment and financial data

  • Payment method details: limited card data (e.g. masked card number, card type, expiry month/year), bank account identifiers, or crypto wallet references, depending on method used.
  • Transaction data: deposits, withdrawals, bonuses credited, chargebacks, payment approvals/declines, and anti-fraud flags.
  • KYC/AML data: information required under anti-money laundering and counter-terrorist financing rules, such as source-of-funds information, occupation, or enhanced due diligence records.

Behavioral and gambling activity data

  • Gameplay data: betting history, games played (e.g. slots such as Book of Dead and other titles), bet sizes, wins/losses, game session duration, and bonus usage.
  • Behavioural patterns: frequency of play, time of day, responsible gambling indicators (self-exclusion, limits, time-outs), and patterns suggesting increased risk or possible fraud.
  • Marketing and interaction data: responses to promotions, opening and clicking of emails, participation in loyalty schemes or tournaments, and customer support interactions (chat logs, email threads, call notes).

Cookies and similar technologies

  • Cookies: small text files stored on your device to remember your preferences, maintain sessions, and perform analytics and advertising functions.
  • Similar technologies: pixels, tags, SDKs, log files and local storage that help us measure site performance, prevent fraud, and deliver targeted content.

Further detail on cookies is provided in the "Cookies & Tracking Technologies" section.

Legal Basis for Processing

In this section we OBSERVE the legal grounds recognised under UK GDPR, EXPAND to cover related EU and Mexican frameworks, and REFLECT how these bases apply to the Olymp service on ollymp.casino.

Contract performance and steps at your request

  • What this means: We process personal data because it is necessary to create, manage, and operate your player account and to provide gambling services you request.
  • Examples: setting up your account, verifying that you are eligible to play, processing deposits and withdrawals, settling bets, granting bonuses, and providing customer support.
  • Legal reference: Article 6(1)(b) UK GDPR / EU GDPR (where applicable) and equivalent contractual necessity concepts under Mexican law.

Compliance with legal obligations

  • What this means: We must collect and retain certain data to comply with laws on anti-money laundering (AML), counter-terrorist financing (CTF), sanctions, fraud prevention, tax reporting, and responsible gambling.
  • Examples: verifying your identity and age, monitoring transactions and betting patterns for suspicious activity, complying with requests from regulators or law enforcement in Curaçao, the UK, or other competent jurisdictions.
  • Legal reference: Article 6(1)(c) UK GDPR / EU GDPR and applicable AML/CTF and gambling laws, as well as statutory duties recognised in Mexican data protection and financial crime frameworks.

Legitimate interests

  • What this means: We process some data because it is necessary for our legitimate business interests, provided these interests are not overridden by your fundamental rights and freedoms.
  • Examples: maintaining site security and integrity, detecting and preventing fraud or abuse (including abuse of bonuses and mirror domains), improving and optimising our services, conducting aggregated analytics, and defending legal claims.
  • Safeguards: we perform balancing tests, apply data minimisation, and use pseudonymisation or aggregation where possible to reduce privacy impact, in line with UK GDPR and comparable international practices.

Consent

  • What this means: In some cases we rely on your explicit consent to process your data, especially for marketing, certain cookies, and (for some jurisdictions) specific types of profiling.
  • Examples: sending you promotional emails or SMS about new games or bonuses, using non-essential analytics and advertising cookies, or allowing certain optional data sharing with affiliates and advertising networks.
  • Mexican law alignment: For users in Mexico, we rely on consent consistent with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), while also enabling ARCO rights (Access, Rectification, Cancellation, Opposition) and opt-out mechanisms as required.

Vital interests and legal claims

  • Vital interests: In rare cases we may process data to protect your vital interests or those of another person (for example, passing information to emergency services where there is a credible risk of serious harm).
  • Legal claims: We may process and retain information where necessary to establish, exercise, or defend legal claims in courts, arbitration, or before regulators in Curaçao, the UK, the EU, Mexico, or elsewhere.

Purpose of Processing

Here we OBSERVE why we process your data, EXPAND on the specific purposes related to online gambling, and REFLECT on how these purposes support both service quality and regulatory compliance.

Provision and management of casino services

  • Account lifecycle: creating, verifying, maintaining, and closing player accounts associated with ollymp.casino, including Olymp profiles, as well as managing passwords, security settings, and preferences.
  • Gaming operations: enabling you to browse games, place bets, participate in tournaments, receive bonuses, and access support via web, mobile, or mirror domains.

Payments, risk, and regulatory compliance

  • Payments: processing deposits and withdrawals using fiat and/or crypto payment methods, handling disputes and chargebacks, and keeping mandatory transaction records.
  • AML/CTF and KYC: verifying identity, monitoring transactions and gambling behaviour for suspicious patterns, and reporting in line with Curaçao licensing conditions and applicable international obligations.
  • Responsible gambling: implementing self-exclusion (internal only, as Olymp is not part of GamStop), limits, cooling-off periods, and related safeguards.

Service improvement and analytics

  • Usage analysis: understanding how users navigate ollymp.casino and its mirrors, which games are popular, and where technical issues arise.
  • Product development: optimising game offerings, bonuses, site design, and performance based on aggregated or pseudonymised data.

Marketing and personalisation

  • Direct marketing: sending emails, SMS, push notifications, or in-account messages about promotions, new games, and news, where permitted by law and your preferences.
  • Profiling: tailoring offers based on your account history, betting patterns, and preferences, subject to your rights to object or withdraw consent.

Security, fraud prevention, and abuse control

  • Fraud and abuse detection: identifying and blocking compromised accounts, bonus abuse, multi-accounting, and fraudulent payment activity, particularly in connection with VPN use or mirror domains.
  • Technical security: preventing attacks, spam, DDoS, and unauthorised access to our systems and your account.

Disclosure & Sharing

In this section we OBSERVE the categories of recipients, EXPAND on circumstances where data is shared, and REFLECT on safeguards applied when ollymp.casino acts as a grey-market operator for UK users.

Service providers and technical partners

  • Payment processors: banks, card schemes, e-wallet providers, and crypto payment gateways that process deposits, withdrawals, and refunds on our behalf.
  • Verification and AML providers: identity verification, sanctions screening, and fraud-detection services that assist with KYC/AML obligations.
  • IT and infrastructure vendors: hosting, cloud storage, security, analytics, email delivery, and customer support platforms (e.g. live chat providers).

Regulators, authorities, and dispute bodies

  • Licensing bodies: Curaçao eGaming and related governmental or supervisory bodies, in line with licence 8048/JAZ.
  • Law enforcement and authorities: courts, police, tax authorities, and other public authorities in Curaçao, the UK, the EU, Mexico, or elsewhere, where required by law or necessary to protect our rights or those of others.
  • Note for UK players: Olymp is not licensed by the UK Gambling Commission and is not a member of IBAS; therefore, UK-specific dispute resolution bodies such as IBAS are not available for this service.

Affiliates, marketing partners, and advertising networks

  • Affiliates: marketing affiliates that refer players to ollymp.casino, to whom we may provide limited information such as aggregated statistics or tracking IDs.
  • Advertising and analytics partners: where you consent to relevant cookies or similar technologies, certain pseudonymised data may be shared for analytics, attribution, or tailored advertising.

Corporate transactions

  • Business changes: if we undergo a reorganisation, merger, acquisition, or transfer of business, your data may be shared with prospective or actual buyers or their advisers, subject to appropriate confidentiality and data protection safeguards.

We do not sell your personal data in the sense commonly prohibited by modern data protection laws. Where local law (including Mexican regulations) defines "sale" or "transfer" differently, we comply with relevant consent and opt-out rules.

International Transfers

Here we OBSERVE the cross-border nature of the Olymp service, EXPAND on transfer destinations and mechanisms, and REFLECT on safeguards for users in the UK, EEA, Mexico, and elsewhere.

Transfer destinations

  • Curaçao: core operational management and licensing for ollymp.casino are based in Willemstad, Curaçao, so many processing activities occur or are overseen there.
  • European Economic Area (EEA): some service providers, game studios, or infrastructure providers may be located in or operate from EEA countries.
  • United Kingdom: data may be stored or accessed from the UK, particularly in relation to UK users or UK-based technical partners.
  • Other countries: certain cloud, analytics, or support services may operate from countries outside the UK and EEA, including but not limited to the United States or Latin American countries (including Mexico).

Legal mechanisms and safeguards

  • Standard Contractual Clauses (SCCs) and IDTAs: where required by UK or EU law, we implement standard contractual clauses or the UK International Data Transfer Agreement to ensure adequate protection when data leaves the UK/EEA.
  • Supplementary measures: technical measures such as strong encryption, access controls, and minimisation; organisational measures such as strict policies and audits; and, where appropriate, contractual commitments restricting onward transfers.
  • Local law assessment: we assess the legal environment of destination countries and, where necessary, adapt safeguards to account for local surveillance or access risks.

Regional compliance notes

  • UK and EEA users: transfers from the UK/EEA to Curaçao or other non-adequate countries are carried out under recognised transfer mechanisms and with additional safeguards as required by UK GDPR/EU GDPR.
  • Mexican users: when data of individuals in Mexico is transferred internationally, we seek to ensure continuity of protections consistent with LFPDPPP, informing you of the nature and purpose of transfers where required.

Data Retention

In this section we OBSERVE how long we keep different types of data, EXPAND on legal and operational retention needs, and REFLECT on how we securely delete or anonymise data when no longer required.

Retention principles

  • Necessity: we retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including legal, accounting, and reporting requirements.
  • Legal and regulatory requirements: AML/CTF and gambling regulations, as well as tax laws, may require us to retain certain records for minimum periods.

Indicative retention periods

  • Account and identity data: typically kept for the duration of your account and up to 5 years after account closure, to meet AML, dispute, and regulatory obligations (this may be extended where legal claims are anticipated or ongoing).
  • Transaction and payment data: normally retained for at least 5 years after the relevant transaction, in line with financial and AML rules.
  • Gambling activity and logs: gameplay logs and behavioural data are generally kept for the life of the account and then archived for 5 years for compliance, audit, and responsible gambling evidence.
  • Marketing data: retained while you remain opted in to marketing; if you opt out, we keep a minimal record of your preference to ensure we do not contact you, usually for as long as necessary to evidence compliance.
  • Technical logs and security data: retained for shorter periods (often months rather than years), unless needed for security investigations, regulatory inquiries, or legal proceedings.

Deletion and anonymisation

  • Deletion: when data is no longer needed, we seek to securely delete it or render it inaccessible.
  • Anonymisation: where appropriate, we convert personal data into aggregated or anonymised form so it can no longer be linked to you, and we may use such data indefinitely for analytics and reporting.

Your Rights

Here we OBSERVE the privacy rights available to you, EXPAND on how they operate under UK GDPR, EU GDPR, and Mexican law, and REFLECT on practical procedures for Olymp users of ollymp.casino. Rights may vary slightly by jurisdiction; we aim to provide a harmonised, user-friendly approach.

Core UK/EU GDPR rights

  • Right of access: you can request confirmation of whether we process your personal data and obtain a copy of that data, along with information about how we use it.
  • Right to rectification: you can ask us to correct inaccurate or incomplete data (for example, updating contact details or correcting your name).
  • Right to erasure: you can ask us to delete your data in certain circumstances, for instance where the data is no longer needed or you withdraw consent and no other legal basis applies. Due to AML/CTF obligations, we may need to retain some data even after account closure.
  • Right to restriction: you can ask us to limit processing of your data in specific situations (e.g. while we verify accuracy or consider an objection).
  • Right to object: you may object to processing based on our legitimate interests, including profiling for direct marketing. We will stop such processing unless we demonstrate compelling legitimate grounds or need the data for legal claims.
  • Right to data portability: where processing is based on consent or contract and carried out by automated means, you can request your data in a structured, commonly used, machine-readable format and ask us to transfer it to another provider where technically feasible.

Consent and marketing controls

  • Withdrawal of consent: where we rely on your consent (for example for marketing or certain cookies), you can withdraw it at any time via your account settings, unsubscribe links, or by contacting us.
  • Marketing opt-out: you can opt out of marketing communications at any time; we will process such requests promptly and free of charge.

Mexican law alignment (LFPDPPP and ARCO rights)

  • ARCO rights: for users located in Mexico, we uphold rights to Access, Rectification, Cancellation, and Opposition (ARCO) under the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP). These map closely to the access, rectification, erasure, and objection rights described above.
  • Information and consent: we seek to provide clear prior notice of processing purposes and obtain consent where required, including for international transfers from Mexico.

Procedures, timeframes, and cost

  • How to exercise rights: you can exercise your rights by contacting us through the channels listed in the "Complaints & Contacts" section or via any privacy tools in your account dashboard.
  • Verification: we may ask you to provide information to confirm your identity (e.g. login verification or additional documents) to protect your account and data.
  • Response times: we aim to respond to rights requests within 30 days from receipt of a complete request. Complex or numerous requests may take longer, but we will inform you of any extension and its reasons, consistent with UK GDPR, EU GDPR, and LFPDPPP requirements.
  • Cost: we handle rights requests free of charge. We may charge a reasonable fee or refuse to act only where a request is manifestly unfounded or excessive, in line with applicable law.

Cookies & Tracking Technologies

Here we OBSERVE how ollymp.casino uses cookies and similar tools, EXPAND on their types and purposes, and REFLECT on how you can control them while using Olymp services.

Types of cookies we use

  • Session cookies: temporary cookies that exist only while your browser is open and are deleted when you close it; used for core functions such as keeping you logged in during a session.
  • Persistent cookies: cookies that remain on your device for a defined period or until you delete them; used to remember preferences (e.g. language, login choices) and measure site performance over time.
  • First-party cookies: set directly by ollymp.casino to support essential site functions and analytics.
  • Third-party cookies: set by external providers (such as analytics, anti-fraud, or advertising services) integrated into our site.

Purposes of cookies and similar technologies

  • Strictly necessary/functional: enabling core features such as secure login, shopping cart/payment flows, and preferences; these are required for the site to operate.
  • Analytics and performance: helping us understand how users navigate ollymp.casino, which pages or games are popular, and where technical errors occur.
  • Advertising and marketing: where permitted, helping us and our partners deliver more relevant offers and measure the effectiveness of campaigns and affiliate referrals.
  • Security and fraud prevention: identifying unusual behaviour, multiple accounts, or abusive patterns, particularly where mirror domains or VPNs are used.

Managing and disabling cookies

  • Browser settings: you can usually configure your browser to refuse or delete cookies. Doing so may affect site functionality, including your ability to log in or remain logged in.
  • Internal controls: where available, you can use consent banners or cookie settings panels on ollymp.casino to accept or reject non-essential cookies.
  • Third-party tools: some third-party providers offer their own opt-out tools (for example, for analytics or advertising cookies); links to these may be provided in our cookie notices.

Data Security

In this section we OBSERVE the risks inherent in online gambling and grey-market access, EXPAND on technical and organisational measures we apply at ollymp.casino, and REFLECT on how these measures align with recognised security standards.

Technical safeguards

  • Encryption in transit and at rest: we use TLS 1.2 or higher to encrypt data in transit between your device and our servers, and apply encryption or other protective measures to sensitive data at rest where appropriate.
  • Access controls and authentication: access to systems and databases is limited to authorised personnel and systems based on role; we use strong authentication mechanisms and may support multi-factor authentication for administrative access.
  • Network and application security: we employ firewalls, intrusion detection/prevention systems, regular patching, and secure coding practices to reduce vulnerabilities.

Organisational and procedural measures

  • Policies and training: staff with access to personal data receive training on data protection, confidentiality, and security, including the specific risks of operating a crypto-first online casino and serving UK users via mirrors or VPNs.
  • Need-to-know principle: we limit access to personal data to those who need it for their job and subject them to confidentiality obligations.
  • Vendor management: we select third-party processors that commit to appropriate security standards and data protection obligations in their contracts.

Monitoring, audits, and incident response

  • Monitoring: we monitor systems and logs for suspicious activity, anomalies, or performance issues that could indicate security threats.
  • Audits and reviews: we periodically review our security controls and may benchmark them against internationally recognised frameworks (such as ISO 27001 or SOC 2) to the extent feasible, though we do not claim formal certification unless expressly stated on ollymp.casino.
  • Incident response: we maintain procedures to detect, investigate, and respond to personal data breaches, including notifying affected individuals and relevant authorities (such as the UK ICO or other regulators) where required by law.

Complaints & Contacts

Here we OBSERVE your need for clear communication channels, EXPAND on how you can contact us or lodge complaints, and REFLECT on escalation options to supervisory authorities in the UK, EU, and Mexico.

Contacting us

  • Primary contact: for any questions, requests, or concerns about this Privacy Policy or your data, please use the contact methods provided in the "Contact" or "Support" sections of ollymp.casino (for example, secure messaging, live chat, or helpdesk forms).
  • Data protection contact (DPO or equivalent): you can direct privacy-specific requests to our data protection contact via the dedicated contact details indicated in your account area or in the Privacy/Legal section of ollymp.casino. These details are regularly updated and form part of this Policy by reference.
  • Postal correspondence: where postal contact is needed, you may address correspondence to our operational management in Willemstad, Curaçao, using the postal details provided on ollymp.casino or supplied upon request via support.

Internal complaint procedure

  • Step 1 - Initial contact: submit your concern or complaint through support or our privacy contact channels, describing the issue and the outcome you seek.
  • Step 2 - Acknowledgement: we will acknowledge receipt of your complaint within a reasonable time, usually within a few working days.
  • Step 3 - Investigation and response: we aim to investigate and respond substantively within 30 days. If the issue is complex or requires more time, we will inform you of the delay and provide an updated timeframe.
  • Step 4 - Further review: if you are not satisfied with our response, you may request an internal review, and we will re-examine your complaint where appropriate.

Escalation to supervisory authorities

  • United Kingdom: if you are in the UK and believe we have not handled your personal data lawfully, you can lodge a complaint with the Information Commissioner's Office (ICO): www.ico.org.uk.
  • European Union/EEA: if you are in the EEA, you may contact your local data protection authority (for example, the authority in your country of residence or work) if you consider that your data has not been processed in accordance with EU GDPR.
  • Mexico: if you are in Mexico, you may lodge a complaint with the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI): www.inai.org.mx, in relation to your ARCO rights and other protections under LFPDPPP.

We encourage you to contact us first so we can attempt to resolve your concerns directly, but you are not obliged to do so before approaching a supervisory authority.

Updates

In this final section we OBSERVE that privacy and regulatory environments evolve, EXPAND on how we will notify you of changes to this Policy, and REFLECT on how updates apply to Olymp users of ollymp.casino in 2025.

How and why we update this Privacy Policy

  • Reasons for change: we may update this Policy to reflect changes in law (including UK GDPR, EU GDPR, Mexican regulations, or Curaçao licensing conditions), our practices, technologies, or business structure.
  • Version control: each version of this Policy will include a "Last updated" date and, where appropriate, a summary of material changes.

Notification methods

  • Email notifications: for significant changes, we may send an email to the address associated with your ollymp.casino account describing the changes.
  • On-site notices: we may display banners, pop-ups, or dashboard alerts when you log in, especially where a change is material to your rights or how we process your data.
  • Accessible archive: where feasible, we may keep previous versions of this Policy accessible or provide them upon request.

Effective date, advance notice, and your options

  • Last updated: this version of the Privacy Policy was last updated in November 2025.
  • Advance notice: for material changes that significantly affect your rights or how we use your data, we will strive to provide at least 30 days' prior notice before the new version takes effect, where practical.
  • Your choices: if you do not agree with updated terms, you may close your account and cease using ollymp.casino. Continued use of the service after the effective date of an updated Policy generally indicates your acceptance of the changes, subject to applicable law.

We encourage you to review this Privacy Policy periodically to stay informed of how Olymp handles personal data in connection with your use of ollymp.casino and its related access domains.