burger icon
Bull Casino United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Bull Casino (available at https://byllcasino.com) collects, uses, shares, and protects personal data. A privacy policy is required to provide transparency, to explain lawful grounds for processing, and to help you understand and exercise your rights under applicable data-protection laws. It applies to website visitors, registered players, and anyone who communicates with us through byllcasino.com. Effective date: 6 November 2025.

Who We Are

OBSERVE: Bull Casino is operated in the UK market under UK Gambling Commission licensing, with corporate operations connected to Malta and a UK operational presence. EXPAND: UK users require clear identification of the data controller, a contact point for privacy matters, and company/registration details to support accountability under the UK GDPR and the Data Protection Act 2018. REFLECT: The following details identify the entities responsible for processing and how to contact the responsible privacy function.

  • Operator / Data Controller: Taurus Gaming Ltd. (Limited company, Malta)
  • Registered legal address: 123, Taurus Tower, Sliema, SLM 1540, Malta
  • Company registration number: C 12345 (Malta)
  • UK operations office (administrative presence): Taurus Gaming UK Ltd., 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
  • Licensing (Great Britain): UK Gambling Commission (UKGC) licence 54321 (activities include Casino and Real Event Betting; status: active; last verified 15 May 2025) - public register reference: https://registers.gamblingcommission.gov.uk/54321
  • Additional licence (Malta): Malta Gaming Authority (MGA) licence MGA/B2C/789/2020 (status: active)
  • Privacy contact (Data Protection Department): Email/phone are not specified in the provided data. Please use the support/contact functionality available on https://byllcasino.com and clearly mark your message "Data Protection / Privacy Request". If a dedicated DPO contact is published in your account area or on the site's privacy/contact pages, that contact should be used.
  • UK compliance contact (operational role): John Davies, Head of UK Compliance (contact details not specified in provided data)

Regional compliance note (UK): For UK users, "UK GDPR" means the retained UK version of the GDPR as implemented via the Data Protection Act 2018, supervised by the UK Information Commissioner's Office (ICO).

What Personal Data We Collect

OBSERVE: Operating an online casino on byllcasino.com requires account creation, age/identity checks, payments, fraud monitoring, and platform security-each of which typically involves personal and technical data. EXPAND: UKGC expectations (e.g., AML, safer gambling) imply collection of verification and risk-related information, and the UK GDPR requires data minimisation and transparency about categories and sources. REFLECT: We collect the following categories, depending on how you use Bull Casino on byllcasino.com.

  • Account and identity data: full name, date of birth, username, password (stored as a secure hash), email address, telephone number, address, country of residence, nationality (where needed for checks), and account status information.
  • Verification (KYC/AML) data: copies/images of identity documents, proof of address, age-verification results, source-of-funds/source-of-wealth information where required, affordability/safer gambling indicators where relevant, and verification outcomes. References: AML/KYC information may also be described at https://byllcasino.com/info/aml.
  • Payment and financial data: deposit/withdrawal amounts, transaction identifiers, payment method type, payment processor references, partial card details (where applicable), bank or e-wallet details required for payouts, chargeback and refund information. We do not intentionally store full card numbers when tokenisation/processor vaulting is available; processors may store them under their own security standards.
  • Gameplay and behavioural data: betting and gaming history, session times, game interactions, clickstream events, bonus participation, responsible gambling tools usage (e.g., limits), and preference settings.
  • Technical and device data: IP address, device identifiers, browser type and version, operating system, timestamps, logs, referral URLs, approximate location derived from IP, and security signals (e.g., failed logins, suspected bot activity).
  • Communications data: messages to customer support, emails, chat transcripts, complaint correspondence, and call recordings where calls are used (phone details not specified in provided data).
  • Marketing and preferences data: subscription status, marketing consents, channel preferences, and campaign interaction data.
  • Cookies and similar technologies: identifiers stored on your device to keep you logged in, remember preferences, perform analytics, and (where you consent) deliver advertising/affiliate attribution. See "Cookies & Tracking Technologies" below.

Legal Basis for Processing

OBSERVE: Bull Casino processes personal data to provide gambling services and meet legal obligations, including UKGC requirements and AML expectations. EXPAND: Under UK GDPR, each processing purpose must map to a lawful basis; marketing typically relies on consent (or soft opt-in where permitted), while AML/KYC relies on legal obligation and public interest considerations. REFLECT: We rely on the following lawful bases, depending on the activity.

  • Performance of a contract: to create and administer your account, provide games and betting services, process deposits/withdrawals, apply bonuses (see https://byllcasino.com/info/bonus-policy), and manage customer support.
  • Legal obligation: to comply with applicable laws and regulatory requirements, including (where applicable) UKGC requirements, AML/KYC checks, identity/age verification, recordkeeping, reporting, responding to lawful requests, and enforcing safer gambling measures.
  • Legitimate interests: to protect byllcasino.com, our players, and the integrity of games, including fraud prevention, security monitoring, service improvement, analytics (where consent is not required), internal administration, and defending legal claims. We balance these interests against your rights and implement safeguards (e.g., minimisation, access controls).
  • Consent: for non-essential cookies, certain analytics/advertising technologies, and direct marketing communications where required by law. You may withdraw consent at any time without affecting processing that occurred before withdrawal.
  • Vital interests (rare): if needed to protect someone's life (e.g., emergencies), typically in conjunction with responsible gambling escalation, where applicable.

Regional compliance note (UK): We also consider UK PECR rules for cookies and electronic marketing (e.g., consent requirements for certain tracking technologies).

Purpose of Processing

OBSERVE: The data collected is used to deliver gambling services, maintain safety/security, meet compliance obligations, and operate the business effectively. EXPAND: Purposes must be specific and limited; gambling operators also need to address integrity, player protection, and regulatory cooperation. REFLECT: We use personal data for the following purposes.

  • Providing and operating services: account registration, authentication, customer support, enabling gameplay and betting, and processing payments and withdrawals.
  • Identity, age, and compliance checks: KYC/AML verification, sanctions/PEP screening (where applicable), fraud detection, and adherence to UKGC and other regulatory requirements.
  • Security and platform integrity: monitoring for suspicious activity, preventing unauthorised access, maintaining logs, and protecting byllcasino.com against abuse.
  • Service improvement and analytics: understanding usage patterns, diagnosing technical issues, developing features, and improving user experience (using aggregated and/or pseudonymised data where feasible).
  • Marketing and promotions: sending promotional communications and personalised offers, where legally permitted and in line with your preferences/consents.
  • Legal and dispute management: responding to complaints, handling disputes, enforcing our Terms (see https://byllcasino.com/info/terms), and establishing/exercising/defending legal claims.

Disclosure & Sharing

OBSERVE: Running Bull Casino on byllcasino.com requires third-party infrastructure (payments, KYC, hosting, analytics) and regulatory interaction. EXPAND: UK GDPR requires transparency about recipients and safeguards; gambling operators must share certain data to meet legal obligations (AML/safer gambling) and to prevent fraud. REFLECT: We may disclose personal data as follows, using data minimisation and contractual protections.

  • Payment service providers and banks: to process deposits, withdrawals, chargebacks, refunds, and payment risk checks.
  • KYC/AML and fraud-prevention providers: identity verification, document authentication, sanctions screening, and fraud scoring, including cross-checking with external databases where permitted by law.
  • IT and security service providers: hosting, content delivery networks, incident monitoring, logging, backups, and security testing.
  • Game providers and platform vendors: to deliver game content, ensure fairness/integrity, manage game sessions, and resolve game-related incidents.
  • Analytics and performance partners: measurement and service optimisation. Where required (e.g., certain cookies), we use these partners only after you provide consent.
  • Affiliates and advertising networks: attribution and marketing performance measurement, and (where consent is required) targeted advertising. You can manage preferences via cookie controls and marketing opt-outs.
  • Regulators and authorities: including the UK Gambling Commission and other competent authorities where applicable, law enforcement, courts, and dispute/ADR bodies when required or permitted by law.
  • Corporate group sharing: within our group structure where necessary for operations, compliance, risk management, and reporting (e.g., Taurus Gaming Ltd., Taurus Gaming UK Ltd., and parent group Apex Gaming Group), subject to access controls and need-to-know limitations.

Protective clause: We do not "sell" personal data as a standalone product. Where we share data with service providers, they process it under our instructions (as processors) or for their own regulated purposes (as independent controllers), as applicable.

International Transfers

OBSERVE: The operator's registered address is in Malta and there is a UK operations office; service providers may be located outside the UK. EXPAND: UK GDPR requires appropriate safeguards for transfers outside the UK, including UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs; for EEA transfers, EU SCCs may also be relevant. "Privacy Shield" is not a UK transfer mechanism for new transfers. REFLECT: We manage international transfers using recognised safeguards and risk assessments.

  • Where data may be transferred: the United Kingdom (operations), Malta/EEA (corporate administration and/or licensing context), and other jurisdictions where our vetted service providers or group companies operate (for example, cloud hosting, fraud prevention, analytics, and payment processing locations).
  • Safeguards we use:
    • UK IDTA or the UK Addendum to the EU Standard Contractual Clauses (SCCs), as appropriate, with supplementary measures where required.
    • Adequacy decisions where the UK Government has recognised a destination as providing an adequate level of protection.
    • Transfer risk assessments and vendor due diligence focusing on confidentiality, access controls, and lawful-access risks.
  • Your transparency options: you may request more information about transfer safeguards via the "Data Protection / Privacy Request" channel on byllcasino.com.

Regional compliance note (UK): International transfers are implemented to meet Chapter V UK GDPR requirements and relevant ICO guidance.

Data Retention

OBSERVE: Bull Casino must retain certain records to meet legal/regulatory obligations (AML, payments, dispute handling) while also respecting storage limitation under UK GDPR. EXPAND: Retention periods should be purpose-based, with longer retention for AML/financial records; gambling disputes and regulatory inquiries may extend retention. REFLECT: We apply the retention periods below unless law or a live dispute requires longer retention.

  • Account profile data: kept for the life of your account and typically up to 5 years after account closure to meet regulatory, audit, and dispute-handling needs.
  • KYC/AML and verification records: typically retained for up to 5 years after the end of the business relationship or completion of a transaction, unless applicable law/regulator requires a different period.
  • Transaction and payment records: typically retained for up to 6 years (or longer where required) for accounting, tax, anti-fraud, and chargeback management.
  • Gameplay logs and responsible gambling records: retained for operational integrity, dispute resolution, and compliance purposes, generally aligned with the 5-6 year periods above unless specific rules require a different duration.
  • Technical logs and security records: typically retained from 90 days to 12 months, unless needed longer to investigate incidents, prevent fraud, or comply with legal obligations.
  • Marketing preferences and consent records: retained while marketing is active and for a reasonable period thereafter to demonstrate compliance (e.g., maintaining a suppression list to respect opt-outs).

Deletion criteria: We delete or irreversibly anonymise personal data when (a) it is no longer needed for the purposes described, (b) applicable retention periods expire, and (c) there is no overriding legal basis to keep it (e.g., legal obligation, ongoing dispute, or fraud investigation). Requests to erase data are assessed against legal and regulatory retention duties.

Your Rights

OBSERVE: UK users have enforceable rights under UK GDPR; the section request also requires alignment references to Mexican privacy law. EXPAND: While Bull Casino targets the UK, referencing Mexico's LFPDPPP can help users understand equivalent rights if they are located in Mexico; we must avoid implying Mexican law automatically applies, but we can describe comparable "ARCO" rights and how we operationalise them. REFLECT: The rights below apply under the UK GDPR (and, where relevant by your location and applicable law, are aligned with comparable protections such as Mexico's Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP) and its Regulations).

Rights available to you

  • Access: obtain confirmation of processing and a copy of your personal data, plus related information (purposes, categories, recipients, retention).
  • Rectification: correct inaccurate data and complete incomplete data.
  • Erasure ("right to be forgotten"): request deletion where applicable; this is not absolute and may be refused/limited where we must retain data for AML, UKGC obligations, legal claims, or fraud prevention.
  • Restriction: request restricted processing in certain circumstances (e.g., while accuracy is contested).
  • Objection: object to processing based on legitimate interests; you can also object to direct marketing at any time (we will stop marketing upon objection).
  • Data portability: receive certain data you provided to us in a structured, commonly used format and/or have it transmitted to another provider where technically feasible.
  • Withdraw consent: where processing is based on consent (e.g., certain cookies/marketing), you can withdraw at any time.
  • Automated decision-making: where applicable, request meaningful information and challenge certain decisions that produce legal or similarly significant effects. Fraud and AML tools may involve automated signals; we apply safeguards and, where required, human review.

How to exercise your rights (procedure)

  1. Submit a request: use byllcasino.com support/contact functionality and label it "Data Protection / Privacy Request". If you have an account, submit the request from your registered email/address to help verification.
  2. Verify identity: for security, we may request additional information to confirm you are the account holder (especially for access/portability/erasure requests).
  3. Scope your request: specify the right you wish to exercise and the context (account email/username, timeframe, transaction IDs if relevant) to speed up handling.
  4. Response timeframe: we aim to respond within 30 days. If requests are complex or numerous, we may extend in line with law and will inform you of the reasons and expected timeline.
  5. Fees: requests are handled free of charge unless manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request as permitted by law.

Mexico alignment note: If Mexico's LFPDPPP applies to your situation, your rights broadly correspond to ARCO (Access, Rectification, Cancellation, Opposition) and consent withdrawal. We will process such requests via the same channel and timelines to the extent compatible with applicable legal obligations.

Cookies & Tracking Technologies

OBSERVE: byllcasino.com uses cookies and similar technologies for essential site operation and optional analytics/advertising. EXPAND: Under UK PECR and UK GDPR, non-essential cookies generally require prior consent and clear information; users must have a way to manage preferences. REFLECT: We classify cookies as follows and provide control options.

Types of cookies we use

  • Strictly necessary (functional) cookies: required to operate the site and provide requested services (e.g., login sessions, security, load balancing). These cannot typically be disabled without affecting core functionality.
  • Preferences cookies: remember choices (e.g., language, region, interface preferences).
  • Analytics cookies: help us understand how users interact with byllcasino.com, measure performance, and improve services. These are used only where required by law and in line with your choices.
  • Advertising/affiliate cookies (third-party): measure campaign performance, prevent attribution fraud, and (where enabled) deliver more relevant advertising across sites.
  • Session vs persistent: session cookies expire when you close your browser; persistent cookies remain for a set period or until deleted.

How to manage cookies

  • Cookie banner/settings: where available on byllcasino.com, you can accept, reject, or customise non-essential cookies at any time.
  • Browser controls: you can delete or block cookies via browser settings; blocking strictly necessary cookies may prevent account login or payments.
  • Third-party opt-outs: some advertising partners provide their own opt-out tools; use them in addition to our cookie settings where relevant.

Data Security

OBSERVE: Bull Casino processes sensitive operational data (financial transactions, verification documents) and must protect it against unauthorised access and fraud. EXPAND: UK GDPR requires "appropriate technical and organisational measures," and gambling regulators expect strong controls, monitoring, and incident response. REFLECT: We apply layered security controls designed to protect confidentiality, integrity, and availability.

Technical and organisational measures

  • Encryption in transit: we use TLS 1.2+ (or higher where available) to protect data sent between your device and byllcasino.com.
  • Encryption at rest: where appropriate, sensitive datasets are encrypted when stored, with controlled key management practices.
  • Access controls: role-based access, least-privilege principles, segregation of duties, and access logging for sensitive systems.
  • Account protection: strong password rules; multi-factor authentication (MFA) may be offered/required for certain actions or roles; monitoring for credential stuffing and suspicious logins.
  • Security testing and audits: regular vulnerability scanning, patching, penetration testing, and supplier security due diligence. Where applicable, we align controls to recognised standards such as ISO/IEC 27001 and/or SOC 2 principles (depending on vendor and system scope).
  • Staff training: privacy and security awareness training, with additional training for teams handling AML/KYC and customer data.
  • Incident response: documented procedures for detecting, responding to, and recovering from security incidents, including assessment of notification duties to users and regulators when legally required.

Protective clause: No method of transmission or storage is 100% secure. You are responsible for keeping your login credentials confidential and for promptly notifying us via byllcasino.com if you suspect unauthorised access.

Complaints & Contacts

OBSERVE: Users need clear complaint channels and escalation routes, including data-protection regulators (UK ICO) and gambling dispute mechanisms (ADR such as IBAS for gambling disputes). The provided data includes IBAS and UKGC complaint resources, but not dedicated DPO email/phone. EXPAND: We must provide step-by-step handling and timeframes; also include Mexican authority contact info as requested, while clarifying jurisdictional relevance. REFLECT: Use the channels below to raise privacy complaints or requests, and escalate if you are not satisfied.

How to contact us (privacy)

  • Primary channel: submit a request through https://byllcasino.com (support/contact functionality) with subject "Data Protection / Privacy Complaint" or "Data Protection / Privacy Request".
  • Postal contact (operator registered address): Taurus Gaming Ltd., 123, Taurus Tower, Sliema, SLM 1540, Malta
  • UK office (administrative): Taurus Gaming UK Ltd., 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
  • DPO/department email/phone: Not specified in provided data. If an email/phone is later published on byllcasino.com/privacy or your account dashboard, that published contact should be used.

Complaint procedure (step-by-step)

  1. Step 1 - Submit: provide your account identifier (email/username), the nature of the complaint, relevant dates, and what outcome you seek.
  2. Step 2 - Acknowledgement: we aim to acknowledge receipt within 7 days (where operationally possible).
  3. Step 3 - Investigation: we review logs, account notes, vendor records (if applicable), and compliance obligations (e.g., AML retention duties) to determine what can be changed or disclosed.
  4. Step 4 - Response: we aim to provide a substantive response within 30 days. If more time is needed, we will explain why and provide an updated target date.
  5. Step 5 - Resolution: where appropriate, we correct data, implement restrictions, provide copies, update consents, or explain lawful grounds for refusal/partial refusal.

Escalation to supervisory authorities (privacy)

  • United Kingdom (ICO): Information Commissioner's Office - report a concern via https://ico.org.uk/make-a-complaint/
  • European Union/EEA (if applicable): you may contact your local data protection authority; directory: https://edpb.europa.eu/about-edpb/about-edpb/members_en
  • Mexico (if applicable): INAI (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales) - information and guidance: https://www.inai.org.mx/

Gambling disputes / ADR (non-privacy)

  • ADR provider: IBAS (Independent Betting Adjudication Service) - https://ibas-uk.com/
  • UKGC complaints guidance: https://gamblingcommission.gov.uk/public-and-players/complaints

Regional compliance note (UK): Privacy complaints are handled under UK GDPR/ICO oversight; gambling outcome/service disputes may be handled via ADR (IBAS) and are separate from data-protection rights.

Updates

OBSERVE: Policies must remain current as services, vendors, and legal requirements change; users must be notified of material changes. EXPAND: UK GDPR transparency expectations support clear versioning and advance notice for significant changes, especially where processing purposes or sharing materially change. REFLECT: We manage changes through version control, clear notices, and user options.

  • Version control: Last updated: November 2025 (this version effective from 6 November 2025).
  • How we notify you: where appropriate, we may use (a) on-site banners on byllcasino.com, (b) notifications in your account dashboard, and/or (c) email notifications to the registered email on your account.
  • Advance notice for material changes: for significant changes (e.g., new processing purposes, new categories of recipients, or changes affecting your rights), we aim to provide at least 30 days' notice before the change takes effect, unless an urgent change is required for security, fraud prevention, or legal compliance.
  • Your options: if you object to material changes, you may (i) adjust cookie/marketing preferences where applicable, (ii) exercise your rights as described above, and/or (iii) close your account (subject to legal and regulatory retention obligations).

Changelog of material changes (November 2025)

  • Clarity updates: clarified international transfer safeguards to reference UK IDTA/UK Addendum rather than legacy mechanisms.
  • Operational transparency: expanded examples of KYC/AML, fraud prevention, and security controls relevant to UKGC-regulated operations.
  • Rights handling: detailed procedures, 30-day response target, and free-of-charge principle; added alignment references to Mexico's LFPDPPP for users where applicable.