burger icon
Slot Monster United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Slot Monster, including the UK-facing project Slot Monster, processes and protects your personal data when you visit or use the website monstersl.com and its associated mirror domains (including, but not limited to, slotmonster8.com) (together, the "Website"). It applies to all visitors, registered players, and any person who contacts us via the Website or our support channels. This Privacy Policy is prepared in line with the UK General Data Protection Regulation ("UK GDPR"), the UK Data Protection Act 2018, and relevant international standards. By using the Website, you acknowledge that you have read and understood this Privacy Policy. Effective date: 6 November 2025.

Who We Are

Data Controller and Operating Entities

For the purposes of data protection laws, the primary data controller for personal data collected via the Website is:

  • Sarah Eternal S.R.L., a limited liability company registered in Costa Rica under registration number 3-102-897452, acting as one of the operating entities for Slot Monster mirror sites.
  • Veloce S.r.l., a limited liability company registered in Costa Rica (registration number not publicly specified), which may also operate certain mirrors of the Website.

Both entities are collectively referred to in this Privacy Policy as "Slot Monster", "we", "us", or "our". Our principal operational and corporate presence is in Costa Rica, with claimed online gambling licensing relationships in Curaçao and the Union of the Comoros (Anjouan). A specific legal address and mailing address are not publicly disclosed on the Website as of 2025; however, you can obtain up-to-date registered office information by contacting us using the channels below.

Regulatory Context for UK Players

Slot Monster targets players in the United Kingdom through offshore, non-GamStop casino operations. As of February 2025, Slot Monster does not hold a licence from the UK Gambling Commission ("UKGC"), and therefore UK players do not benefit from protections offered by the UKGC, the Independent Betting Adjudication Service (IBAS), or the Financial Services Compensation Scheme (FSCS). Nevertheless, when we offer services to individuals in the UK, we treat their personal data in accordance with the UK GDPR's extraterritorial provisions.

Contact Details and DPO

We have designated a person responsible for data protection matters (Data Protection Officer or equivalent data protection contact):

  • Data Protection Contact: Data Protection Officer, Slot Monster
  • Email (primary and critical contact): support@monstersl.com
  • Purpose of this email: support, general enquiries, disputes, self-exclusion requests, and privacy/data-protection requests.
  • Live chat: on-site support chat, available 24/7, usually with human escalation within approximately 5 minutes of initial bot interaction.

Please use the email address above for all privacy-related requests, including exercising your rights, raising concerns, or asking questions about this Privacy Policy.

What Personal Data We Collect

Identification and Contact Data

  • Basic profile data: full name, username or player ID, date of birth, country of residence, and proof of age information.
  • Contact details: email address (such as the one you use to register or contact us), telephone number if provided, and any postal details you share for correspondence or verification purposes.
  • KYC documents: copies of identification documents (e.g., passport, national ID card, driving licence), proof of address (e.g., utility bill or bank statement), and, where required under our KYC/AML policy, Source of Wealth and/or Source of Funds documentation for higher-risk activity (for example, deposits exceeding thresholds such as €2,000, as referenced in our KYC policy).

Account and Behavioral Data

  • Account information: registration details, login history, account settings, communication preferences, self-exclusion or responsible gambling flags, and customer support tickets.
  • Gaming and transaction history: bets placed, games played, session times, wins and losses, bonus usage, wagering progress, payment methods used, deposit and withdrawal records, and loyalty or promotional participation.
  • Behavioral data: clickstream data, navigation paths, time spent on pages, interaction with banners and emails, and technical events (e.g., error logs) collected for analytics, fraud prevention, and service optimisation.

Technical and Device Data

  • Technical identifiers: IP address, approximate location derived from IP, device type, operating system, browser type and version, language settings, and unique device identifiers where technically necessary.
  • Log data: server logs, authentication logs, security event logs, and information about the way you access and use the Website, including timestamps.

Payment and Financial Data

  • Payment details: payment method type (e.g., card, e-wallet, cryptocurrency where applicable), partial card information (masked), transaction IDs, and payment confirmations. We do not generally store full card numbers; these are processed by our payment partners.
  • AML/KYC financial information: information we receive or request regarding your Source of Funds or Source of Wealth, including income information or employer details, where necessary under our KYC/AML obligations and risk assessment procedures.

Cookies and Similar Technologies

  • Cookies: small text files stored on your device to recognise you, maintain your session, remember preferences, and support security functions.
  • Similar technologies: web beacons, tracking pixels, SDKs, and local storage used for analytics, advertising, and fraud prevention.

Details about specific cookies and how to manage them are provided in the Cookies & Tracking Technologies section below and, where available, via a cookie consent interface on the Website.

Legal Basis for Processing

Performance of a Contract

We process your personal data where it is necessary to enter into and perform a contract with you (Article 6(1)(b) UK GDPR). This includes:

  • Creating and managing your player account on monstersl.com and associated mirror domains, including slotmonster8.com.
  • Processing deposits, wagers, withdrawals, bonuses, and loyalty rewards.
  • Providing customer support, resolving technical issues, and enabling core Website functionality.

Compliance with Legal Obligations

We process certain data to comply with our legal obligations (Article 6(1)(c) UK GDPR) and with applicable anti-money laundering (AML), counter-terrorist financing (CTF), and responsible gambling rules in the jurisdictions where we operate (including Costa Rica, Curaçao, and other relevant territories). This may include:

  • Verifying your identity, age, and place of residence (KYC checks).
  • Monitoring transactions for suspicious activity and fulfilling reporting obligations to competent authorities where required.
  • Collecting Source of Wealth information for higher-risk profiles and large deposit thresholds (e.g., above €2,000 as indicated in our KYC policy).

Legitimate Interests

We process your data when it is necessary for our legitimate interests and when these are not overridden by your rights and interests (Article 6(1)(f) UK GDPR). These legitimate interests include:

  • Preventing fraud, abuse of bonuses, and unauthorised access to accounts, as well as maintaining the security and integrity of our systems.
  • Running analytics to understand how players use the Website, to improve game offerings, site performance, and user experience.
  • Enforcing our Terms and Conditions, managing business risks (including the risk of payment blocks or banking issues affecting UK players due to evolving regulatory scrutiny in late 2025), and defending legal claims.

Consent

We rely on your consent (Article 6(1)(a) UK GDPR) where required by law, in particular for:

  • Sending direct electronic marketing communications (email, SMS, push notifications) where these are not covered by "soft opt-in" rules under UK privacy and electronic communications regulations.
  • Using non-essential cookies and similar technologies for advertising, cross-site tracking, and certain advanced analytics.

You may withdraw your consent at any time, as described in the Your Rights section, without affecting the lawfulness of processing based on consent before its withdrawal.

Purpose of Processing

Provision of Casino and Website Services

  • Account operation: to register and authenticate you, maintain your account, and allow you to access games and features on monstersl.com and associated mirrors.
  • Gaming operations: to process bets, determine outcomes, credit winnings, apply bonuses, and manage tournaments and other promotional offers.
  • Support and communication: to respond to your questions, handle disputes, manage self-exclusion requests, and provide service announcements.

Risk Management, KYC/AML, and Compliance

  • KYC/AML checks: to verify your identity, age, and location, and to collect Source of Wealth documentation when legally required or justified by our risk assessment (for example, when your deposits exceed certain thresholds such as €2,000 in a given period).
  • Fraud prevention: to detect and prevent suspicious transactions, multi-accounting, bonus abuse, chargebacks, and use of stolen payment instruments.
  • Regulatory cooperation: to comply with lawful requests from regulators, law enforcement, and other competent authorities in the jurisdictions where we operate.

Improvement, Analytics, and Personalisation

  • Service improvement: to analyse aggregated and pseudonymised data about game performance, stability, and user behaviour, helping us optimise load times, interfaces, and game selection.
  • Personalisation: to tailor content and offers (e.g., recommended games or bonuses) to your preferences, subject to your marketing and cookie choices.
  • Statistical reporting: to compile usage statistics that support our business planning and risk management.

Marketing and Promotions

  • Direct marketing: to send you promotional emails or messages about Slot Monster's products, bonuses, and special offers, in line with your consent or applicable "soft opt-in" rules.
  • Advertising networks: to run targeted or personalised advertising campaigns via third-party platforms (only where permitted and subject to your consent for relevant cookies and trackers).

Disclosure & Sharing

Service Providers and Technical Partners

  • Payment processors: we share necessary payment data (such as transaction amount, partial card data, and account identifiers) with banks, card schemes, e-wallet providers, cryptocurrency payment processors, and other payment intermediaries to process deposits and withdrawals.
  • IT and hosting providers: we use hosting companies, cloud infrastructure providers, content delivery networks, and cybersecurity firms to operate and secure the Website.
  • Analytics and anti-fraud providers: we may share pseudonymised or technical data with analytics services and fraud-prevention tools to help detect suspicious activity and improve services.

Regulators, Authorities, and Dispute Resolution

  • Regulatory authorities: we may share data with regulators and licensing or oversight bodies in the jurisdictions where we operate (for example, relevant authorities in Costa Rica, Curaçao, or the Union of the Comoros (Anjouan)), where required by law or licence conditions.
  • Law enforcement and courts: we may disclose data in response to valid legal requests, subpoenas, court orders, or to establish or defend legal claims.
  • Alternative dispute bodies: if we agree to participate in any alternative dispute resolution scheme, we may share data strictly necessary to handle the dispute.

Affiliates and Marketing Partners

  • Group entities and mirrors: personal data may be shared between the operating entities Sarah Eternal S.R.L., Veloce S.r.l., and other Slot Monster-related entities where necessary to provide services or align security measures across mirror domains.
  • Affiliate partners: we may share limited data (often aggregated or pseudonymised) with affiliate marketers and advertising networks to measure campaign performance, subject to your consent for relevant cookies and trackers.

Business Transfers

  • Corporate transactions: in the event of a merger, acquisition, restructuring, or sale of all or part of our business, personal data may be transferred to the relevant purchaser or successor entity, subject to appropriate safeguards and continuity of privacy protections.

International Transfers

Where Your Data May Be Processed

Given the offshore nature of Slot Monster's operations, your personal data may be transferred to and processed in countries outside the United Kingdom, including:

  • Costa Rica: where Sarah Eternal S.R.L. and Veloce S.r.l. are registered and where data processing infrastructure or support functions may be located.
  • Curaçao and the Union of the Comoros (Anjouan): where certain gambling licensing and related service providers may be based.
  • Other countries: including EU/EEA member states and other third countries where our hosting providers, payment processors, or technical partners operate.

Legal Safeguards for Cross-Border Transfers

When we transfer your personal data outside the UK, we take steps to ensure an appropriate level of protection consistent with UK data protection law. These measures may include:

  • Using UK International Data Transfer Agreements (IDTA) or the UK Addendum to the European Commission's Standard Contractual Clauses ("SCCs") with our non-UK service providers.
  • Ensuring that the recipient is subject to legally binding and enforceable obligations that provide adequate protection for your data, including contractual confidentiality and security commitments.
  • Carrying out transfer risk assessments and applying additional technical and organisational measures where necessary (for example, strong encryption and strict access controls).

Where data is transferred to jurisdictions without an adequacy decision, we rely on appropriate safeguards such as SCCs/IDTA, or, in limited cases, other lawful derogations as permitted under the UK GDPR.

Data Retention

General Retention Principles

We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including to meet legal, accounting, and reporting requirements. The specific retention period depends on the nature of the data and the applicable laws in the relevant jurisdictions (including UK and international AML regulations) as at 2025.

Indicative Retention Periods

  • Account and gaming records: generally retained for the duration of your account and, after account closure, for up to five (5) years, unless a longer period is required to comply with AML/CTF laws or to defend legal claims (which may extend retention to seven (7) years or as mandated by law).
  • KYC and Source of Wealth documents: retained for at least five (5) years after the end of the customer relationship or the final transaction, and longer where required under local AML regulations or where a regulatory authority instructs us to do so.
  • Technical logs and security data: retained for a shorter period, typically between six (6) and twenty-four (24) months, unless needed longer for security investigations or legal proceedings.
  • Marketing data: retained until you opt out or withdraw consent, after which we will keep a minimal record of your preference (e.g., your email on a suppression list) to ensure you do not receive further marketing.
  • Customer support correspondence: retained for up to five (5) years from resolution of the query or dispute, subject to legal obligations.

Deletion and Anonymisation

When data is no longer required, we will securely delete or anonymise it. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for statistical or analytical purposes. In that case, we may use this anonymised information indefinitely without further notice to you.

Your Rights

Data Protection Rights under UK GDPR

If you are located in the United Kingdom, you have the following rights under the UK GDPR, subject to applicable limitations:

  • Right of access: to obtain confirmation whether we process your personal data and to receive a copy of that data, along with certain information about the processing.
  • Right to rectification: to request correction of inaccurate data and completion of incomplete data.
  • Right to erasure: to request deletion of your personal data where, for example, it is no longer necessary for the purposes for which it was collected, or you have withdrawn consent and there is no other legal basis. This right may be restricted where we must retain data for legal or regulatory reasons (e.g., AML obligations).
  • Right to restriction: to request that we limit processing of your data in certain circumstances (e.g., while we verify accuracy or where you object).
  • Right to object: to object to processing based on our legitimate interests, and to object at any time to processing for direct marketing, including profiling for marketing purposes.
  • Right to data portability: to receive personal data that you have provided to us in a structured, commonly used, machine-readable format and to request that we transmit it to another controller where technically feasible.

Consent and Marketing Preferences

  • Withdrawal of consent: where processing is based on your consent, you may withdraw that consent at any time by adjusting your account preferences (where available), using the unsubscribe link in marketing emails, or contacting us at support@monstersl.com.
  • Marketing opt-out: you can opt out of marketing communications at any time, and this will not affect your ability to use the core casino services (although some personalised offers may no longer be available).

Alignment with Mexican and EU Data Protection Standards

While Slot Monster primarily applies UK data protection laws for players in the United Kingdom, we also strive to align our rights framework with key principles found in other major data protection regimes, including:

  • European Union GDPR: for players located in the EU/EEA, we apply similar rights to those under the EU General Data Protection Regulation, including access, rectification, erasure, restriction, objection, and portability, to the extent feasible in light of our offshore operational structure.
  • Mexican privacy law: for users who may access the Website from Mexico, we aim to respect the core principles of Mexico's Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), including rights akin to access, rectification, cancellation, and opposition (ARCO rights), subject to technical and jurisdictional limitations.

Procedures, Timeframes, and Costs

  • How to exercise your rights: send an email from your registered address (where possible) to support@monstersl.com with a clear description of your request. We may ask you for additional information to confirm your identity and to locate your data.
  • Response time: we aim to respond to all valid requests within one (1) month (30 days) of receipt. In complex cases or when we receive numerous requests, this period may be extended by up to a further two months; if so, we will inform you of the extension and reasons.
  • Fees: we handle your requests free of charge. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, for example due to repetitive nature.

Cookies & Tracking Technologies

Types of Cookies We Use

  • Strictly necessary cookies: session cookies required for the operation of the Website, such as those enabling log-in, navigation, and use of secure areas. These are usually set in response to your actions and cannot be switched off via generic consent tools.
  • Functional cookies: cookies that remember your choices (e.g., language, region, display settings) to provide a more personalised experience.
  • Analytics cookies: first- and third-party cookies that help us understand how visitors interact with the Website, measure performance, and improve content and navigation.
  • Advertising and targeting cookies: cookies and similar trackers that may be used to deliver relevant ads and measure the effectiveness of marketing campaigns, including via affiliate networks and advertising partners, subject to your consent.

Similar Technologies

  • Web beacons and pixels: small graphic files used in emails or on the Website to understand whether content has been viewed, to prevent fraud, and to measure engagement with promotions.
  • Local storage and SDKs: technologies used particularly on mobile or in web apps to store settings and support functionality.

Managing Cookies

  • Browser settings: you can usually configure your browser to block, delete, or alert you about cookies. However, blocking strictly necessary cookies may affect your ability to log in or use core features of the Website.
  • On-site controls: where available, we may provide a cookie banner or internal preference panel that allows you to manage non-essential cookies (for example, analytics or advertising cookies). If such a panel is present, it will be clearly accessible from the Website footer or settings area.
  • Third-party tools: some third-party services used on the Website may offer their own opt-out mechanisms, which we encourage you to review.

Data Security

Technical and Organisational Measures

We take the security of your personal data seriously and implement a combination of technical and organisational measures appropriate to the risks associated with online gambling and international data transfers. These measures include:

  • Encryption in transit: use of modern cryptographic protocols (such as TLS 1.2 or higher) to encrypt data transmitted between your device and our servers.
  • Encryption at rest: encryption or other strong protection mechanisms for sensitive data stored on our systems, especially authentication credentials and payment-related information handled by our partners.
  • Access controls: strict role-based access control (RBAC), multi-factor authentication for administrative accounts, and logging of access to critical systems and databases.
  • Network and application security: firewalls, intrusion detection and prevention systems, regular vulnerability scanning, and patch management processes.

Organisational Safeguards and Standards

  • Staff training: regular training for relevant staff on data protection, secure handling of personal data, phishing awareness, and internal policies.
  • Policies and governance: internal procedures for data classification, retention, incident response, and access management.
  • Audits and assessments: periodic internal or external reviews of security controls and risk assessments, with remediation plans where vulnerabilities are identified.
  • Alignment with standards: while Slot Monster does not claim formal certification under specific frameworks such as ISO 27001 or SOC 2 as of 2025, our security programme aims to align with recognised industry best practices inspired by these standards.

Incident Response

We maintain procedures to detect, investigate, and respond to suspected personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay, and, where required by law, we will also inform affected individuals as soon as reasonably practicable, including information on steps you can take to mitigate potential adverse effects.

Complaints & Contacts

How to Contact Us

  • Email (primary channel): support@monstersl.com (for privacy requests, complaints, disputes, and self-exclusion).
  • Live chat: 24/7 on-site chat with escalation to a human agent typically within about five minutes.
  • Postal correspondence: as our operating entities are registered in Costa Rica and we do not publicly list a UK postal address as of 2025, please contact us by email if you require current registered office details for sending physical correspondence; we will provide appropriate instructions.

Internal Complaint Procedure

  1. Step 1 - Submit your complaint: send a detailed explanation of your concern (including your username, relevant dates, and any supporting evidence) to support@monstersl.com, preferably from the email linked to your account.
  2. Step 2 - Acknowledgement: we aim to acknowledge receipt of your complaint within five (5) working days.
  3. Step 3 - Investigation: your complaint will be reviewed by our support and, where relevant, our compliance or data protection teams. We may request additional information from you.
  4. Step 4 - Response: we will provide a substantive response to your privacy-related complaint within one (1) month (30 days), unless the matter is particularly complex, in which case we may extend this period by up to two further months and will notify you of the extension and reasons.
  5. Step 5 - Escalation: if you are not satisfied with our response, you may escalate the matter to the relevant supervisory authority as described below.

Supervisory Authorities

  • United Kingdom - Information Commissioner's Office (ICO): If you are in the UK and believe that your data protection rights have been infringed, you can lodge a complaint with the ICO. Website: https://ico.org.uk.
  • European Union data protection authorities: If you are located in the EU/EEA, you may have the right to lodge a complaint with your local data protection authority. Contact details are usually available on the authority's official website or via the European Data Protection Board.
  • Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI): For users in Mexico, and where applicable, you may contact INAI regarding concerns under Mexican privacy law. Website: https://home.inai.org.mx.

We encourage you to contact us first so that we can attempt to resolve your concerns directly, but you have the right to contact a supervisory authority at any time.

Updates

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, or business practices, especially in light of evolving regulations affecting offshore gambling services offered to UK players in 2025 and beyond. When we make material changes, we will take appropriate steps to inform you in advance.

Notification Methods

  • Email notifications: where you have a registered account and a valid email address, we may send you an email describing the key changes.
  • Website notices: we may display a prominent banner or notice on the Website, including within your account dashboard, summarising significant updates.
  • Policy access: the latest version of this Privacy Policy will always be available on the Website, typically via the footer link.

Effective Date, Versioning, and Your Options

  • Last updated: November 2025 (version effective from 6 November 2025).
  • Advance notice: where we make substantial changes that materially affect your rights or how we use your data, we will, where practicable, provide at least thirty (30) days' advance notice before the new terms become effective for existing players.
  • Your choices: if you do not agree with the updated Privacy Policy, you may choose to stop using the Website and request closure of your account. Continued use of the Website after the effective date of any changes will constitute your acknowledgement of the updated policy.

If you have any questions about this Privacy Policy or how Slot Monster, including the Slot Monster project on monstersl.com, processes your personal data, please contact us at support@monstersl.com.