Admiral Shark Privacy Policy

The platform processes personal data to provide and manage online casino and sportsbook services in a lawful, fair, and transparent manner.

Types of personal data collected

Depending on how the user interacts with the website, the following categories of information may be collected:

• Identification data: name, surname, date of birth, nationality, unique customer identifiers.
• Contact details: residential address, email address, telephone number.
• Account information: username, password, security questions, preferences, communication settings.
• Verification and compliance data: copies of identity documents, proof of address, source of funds information, results of age verification and anti-money laundering checks.
• Financial and transaction data: payment card details, bank account information, deposit and withdrawal history, betting and gaming records.
• Technical and usage data: IP address, device identifiers, browser type, operating system, access times, pages viewed, referring websites.
• Responsible gambling data: self-exclusion status, deposit and loss limits, interaction records relating to safer gambling.

Personal data may be collected directly from the user, generated through the use of services, or obtained from trusted third parties such as payment providers, identity verification services, and fraud prevention agencies.

Purposes of collection and lawful bases

Personal information is collected and processed for the following purposes:

• To create and manage user accounts.
• To verify identity and age and comply with legal and regulatory requirements, including anti-money laundering and counter-terrorist financing obligations.
• To process deposits, withdrawals, and bets and to manage transactions.
• To provide customer support and respond to enquiries or complaints.
• To monitor and promote responsible gambling and protect vulnerable users.
• To prevent, detect, and investigate fraud, misuse of services, and security incidents.
• To improve websites, products, and services through analytics and performance monitoring.
• To send service communications and, where the user has given consent or another lawful basis exists, marketing communications.

The main legal bases relied upon under United Kingdom data protection law and the UK GDPR include:

• Performance of a contract.
• Compliance with a legal obligation.
• Legitimate interests, provided that these are not overridden by the rights and interests of the user.
• Consent, where required for certain uses, such as direct electronic marketing where no other lawful basis applies.

Technical and organisational protection measures

The operator applies appropriate technical and organisational measures to protect personal data from unauthorised access, accidental loss, destruction, or alteration. These measures include:

• Use of encryption and secure communication protocols for data transmission.
• Access controls and authentication procedures to limit staff access to personal information.
• Segregation of duties and role-based permissions.
• Regular monitoring, logging, and security testing of systems.
• Secure data backup and business continuity procedures.
• Staff training on data protection, confidentiality, and security obligations.

While no online service can guarantee absolute security, proportionate controls are maintained in line with industry standards and legal requirements.

User rights under data protection law

Subject to certain limitations under applicable law, users have the following rights in respect of their personal data:

• Right of access: to obtain confirmation whether their personal information is processed and to receive a copy of that data.
• Right to rectification: to request correction of inaccurate or incomplete data.
• Right to erasure: to request deletion of personal information where there is no valid reason for continued processing.
• Right to restriction: to request restriction of processing in certain situations.
• Right to data portability: to receive personal data provided in a structured, commonly used, and machine-readable format, and to request that it is transmitted to another controller where technically feasible.
• Right to object: to object to processing carried out on the basis of legitimate interests, and to object at any time to direct marketing.
• Right to withdraw consent: where processing is based on consent, users may withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

Users also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the United Kingdom if they believe that data protection law has been breached.

Compliance with United Kingdom laws

The processing of personal data is conducted in accordance with applicable United Kingdom legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations, and relevant gambling regulations issued by the Gambling Commission. Records and procedures are maintained to demonstrate compliance and accountability under these laws.

Personal information is used only for purposes that are compatible with the reasons it was originally collected, and always on a lawful basis.

Account management and service delivery

Personal data is used to:

• Set up and maintain user accounts.
• Authenticate logins and secure access.
• Provide online casino and sportsbook services, including placing bets, playing games, settling wagers, and crediting winnings.
• Manage user balances, deposits, and withdrawals.

Transactions and payment processing

Financial and identification data is processed to:

• Process payments securely and prevent unauthorised transactions.
• Conduct checks required by payment providers and banking partners.
• Maintain accurate transaction records for accounting, auditing, and regulatory reporting.

Service improvement and analytics

Technical and usage data is used to:

• Monitor performance of websites and apps.
• Diagnose technical issues and maintain system reliability.
• Analyse how services are used so that content, features, and user experience can be improved.
• Produce aggregated, anonymised statistics that do not identify individuals.

Marketing and communication

Contact details and preference information may be used to:

• Send service-related messages, such as changes to terms, account notifications, and security alerts.
• Provide marketing communications about products and services, where permitted by law and subject to user consent or another lawful basis.
• Tailor communications to user interests, based on account activity and preferences, in accordance with applicable rules on profiling.

Users can adjust their marketing preferences at any time through account settings or by following the instructions in communications.

Compliance, security, and responsible gambling

Personal data is also processed to:

• Comply with legal and regulatory obligations, including anti-money laundering, counter-terrorist financing, and gambling regulations.
• Carry out identity and age verification, sanctions screening, and risk assessments.
• Detect and investigate fraud, collusion, cheating, and misuse of services.
• Monitor gameplay and betting patterns for signs of problem gambling and to apply safer gambling tools.

All processing of personal information is undertaken in a manner that is lawful, fair, transparent, and limited to what is necessary for these purposes.

Users have control over much of their personal data through their online account and, in addition, may exercise formal data protection rights.

Accessing and updating personal data

Users may:

• Log in to their account to review and update certain account details, contact information, and preferences.
• Contact customer support to request correction of information that cannot be edited directly.

When a request to rectify data is made, reasonable steps are taken to verify identity before changes are applied and to keep records accurate and up to date.

Requesting deletion or restriction

Users may request deletion of their personal data where legal grounds exist. Requests will be considered in line with the UK GDPR and other applicable laws. Personal information cannot be removed where it must be retained to:

• Comply with legal and regulatory obligations, including gambling and anti-money laundering rules.
• Establish, exercise, or defend legal claims.
• Maintain essential records required by licensing conditions.

In some circumstances, processing may be restricted instead of deleted, for example during the investigation of a dispute or complaint.

How to exercise data protection rights

To exercise any of the rights described in this Privacy Policy, users may contact the data protection contact point or customer support using the details provided on the website. Requests will be handled within the timeframes set by law and users will be informed if an extension is required due to complexity or volume of requests.

Security checks and payment processing

By using the services, creating an account, or initiating transactions, the user acknowledges and consents to:

• Security, fraud prevention, and verification checks being conducted, which may include automated decisions.
• Personal and payment data being processed by payment service providers, banks, and other financial institutions for the purposes of authorising and completing deposits and withdrawals, complying with legal obligations, and preventing financial crime.

These third parties act as independent controllers or processors, depending on the circumstances, and are required to protect personal information in line with applicable law and contractual safeguards.

The services are intended only for users who are 18 years of age or older and legally permitted to participate in gambling activities in the United Kingdom.

• The operator does not knowingly collect or process personal data relating to minors.
• Identity and age verification checks are carried out, but it is not possible to guarantee the age of every user without appropriate documents.
• Where it is discovered that an account has been created by a person under 18, the account will be closed and any personal information associated with that account will be deleted, subject to legal retention obligations.

Parents or legal guardians who believe that a child has provided personal information are asked to contact customer support. Once a valid request is verified, any data relating to the minor will be removed as far as permitted by law and any necessary steps will be taken to prevent further access.

In order to provide services, personal data may be transferred to and processed in countries outside the United Kingdom and the European Economic Area. These locations may include jurisdictions where technical infrastructure, support teams, group companies, or service providers are based.

Such transfers may occur when:

• Using hosting or cloud service providers located abroad.
• Engaging payment service providers, identity verification services, or other partners operating internationally.
• Relying on group entities or contractors that provide support or maintenance services.

Whenever personal information is transferred outside the United Kingdom, appropriate safeguards are applied, such as:

• Adequacy regulations adopted by the UK government for certain countries.
• Standard contractual clauses or equivalent legally recognised transfer mechanisms.
• Contractual obligations that require recipients to protect personal data to standards that are comparable to UK requirements.

By using the website and services, registering an account, or submitting personal data, the user acknowledges that their information may be processed in these countries for the purposes described in this Privacy Policy. All partners that receive such information are required to maintain confidentiality and to use the data only for agreed lawful purposes.

This Privacy Policy is intended to describe how personal data is handled and to explain user rights, but it does not create contractual rights or obligations beyond those required by law or set out in the applicable terms and conditions.

If any provision of this Privacy Policy conflicts with mandatory legal requirements or regulatory obligations, those laws and regulations shall prevail. The operator reserves the right to interpret and apply the policy in line with applicable legislation, licence conditions, and decisions of competent authorities.

The disclaimer provisions apply from the moment the user indicates acceptance of this Privacy Policy. Acceptance may take place through actions such as creating an account, ticking a confirmation box, continuing to use the websites or services after being informed of the policy, or otherwise signifying agreement or accession in the manner described on the site.

Cookies are small text files that are placed on a user’s device when they visit websites or use online services. Similar technologies, such as pixels and local storage, may also be used for related purposes.

Cookies and similar tools are used to:

• Collect statistics about how the website is used and measure performance.
• Analyse user behaviour to understand which pages and features are visited.
• Remember preferences, such as language or login details, to provide a more consistent experience.
• Personalise content and tailor certain aspects of the service to user interests.
• Improve the design, functionality, and security of the website.

Cookies are retained for up to 1 year, after which they expire automatically or are deleted. Some cookies are essential for the operation of the site and cannot be disabled through internal tools, while others are optional and may be controlled through browser settings or on-site consent mechanisms.

Users can choose to block or delete cookies through their browser, but this may affect the availability or performance of some features. Further details on specific cookies used, their purposes, and control options may be provided in a separate cookie notice.

By accessing the website, creating an account, or using any services provided, the user confirms that they have read, understood, and fully accept this Privacy Policy.

Continued use of the services following publication of an updated version of this document signifies acceptance of the revised terms. Users who do not agree with any part of the policy are required to stop using the website and services and, where applicable, close their account.

If there is any inconsistency between this version and any previous versions of the Privacy Policy, the current version published on the website will prevail and apply to the processing of personal data from the date of its publication.

In certain situations, personal information may be shared with third parties where this is necessary and lawful. These recipients may include:

• Public authorities, regulators, courts, and law enforcement agencies when required by law or in connection with investigations and legal proceedings.
• Payment service providers, banks, and financial institutions for processing transactions, preventing fraud, and meeting compliance obligations.
• Identity verification services, credit reference agencies, and fraud prevention bodies for security, age verification, and risk assessment.
• Professional advisers, auditors, and consultants who provide services under confidentiality obligations.
• Technical and customer support providers that help operate the websites, systems, and user support channels.

Details of key third parties and categories of recipients may be listed on the website or provided upon request. Where a specific third party is not listed, users will be informed of the purpose and scope of sharing where required by law.

By providing personal data and using the services, the user agrees that their information may be shared in the ways described in this Privacy Policy. Each third party that receives personal data is expected to handle it in accordance with applicable data protection laws and its own privacy practices. Users are encouraged to review the privacy policies of such third parties where relevant, as the operator does not control how independent controllers manage information once it is shared for legitimate purposes.

The website may contain links to external websites or services operated by third parties. These links are provided for information and convenience only.

Third-party websites have their own terms, conditions, and privacy policies, which govern how they collect, use, and protect personal data. The operator has no control over, and is not responsible for, the content, security, or privacy practices of such external sites or services.

When a user follows a link to a third-party site, any personal information provided to that site is subject to the third party’s privacy policy, not this Privacy Policy. Users are advised to review the relevant privacy statements and terms of use before submitting any personal data or using those services.