18+ Gambling can be addictive. Play responsibly.
L
Luckelo

Privacy Policy

Last updated: May 2026 · Effective date: May 1, 2026

This Privacy Policy describes how Luckelo.com (“we”, “our”, or “us”) collects, uses, and protects your personal data when you use our website. We are committed to full compliance with the General Data Protection Regulation (GDPR, EU 2016/679) and applicable national data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Luckelo.com

Email: privacy@luckelo.com

For data protection enquiries, please contact us at the above email. We aim to respond within 72 hours.

2. Data We Collect and Why (Lawful Basis)

We process personal data only where we have a lawful basis under Article 6 GDPR.

2.1 Account Registration

  • Data: Email address, name, hashed password, email verification status
  • Purpose: Create and manage your user account
  • Lawful basis: Performance of a contract (Art. 6(1)(b) GDPR) — necessary to provide the account service you requested
  • Retention: Until you delete your account, plus 30 days for purging

2.2 Site Analytics

  • Data: Anonymised IP address (last octet removed), pages visited, session duration, browser type, referring URL
  • Purpose: Understand how visitors use our site and improve content
  • Lawful basis: Legitimate interests (Art. 6(1)(f) GDPR) — we have a legitimate interest in improving our service. You can opt out at any time via cookie settings. We use privacy-oriented analytics providers with EU data hosting where available.
  • Retention: Up to 26 months, depending on the tool and your consent

2.3 Affiliate Click Tracking

  • Data: Timestamp, casino clicked, referring page, anonymised session identifier
  • Purpose: Track affiliate referrals to receive commissions from casinos
  • Lawful basis: Legitimate interests (Art. 6(1)(f) GDPR) — necessary for our business model. No personally identifiable data is shared with casinos.
  • Retention: 24 months

2.4 Email Communications

  • Data: Email address, name
  • Purpose: Send transactional emails (email verification, account notifications) and, with your explicit consent, newsletter and promotional content
  • Lawful basis: Performance of contract for transactional emails (Art. 6(1)(b)); Consent for marketing emails (Art. 6(1)(a)). You may withdraw marketing consent at any time via the unsubscribe link in any email.
  • Retention: Until you unsubscribe or delete your account

2.5 Contact Form Submissions

  • Data: Name, email address, message content
  • Purpose: Respond to your enquiry
  • Lawful basis: Legitimate interests (Art. 6(1)(f) GDPR) — responding to user enquiries
  • Retention: 12 months after the enquiry is resolved

2.6 Security & Fraud Prevention

  • Data: IP address, user-agent, request timestamps, and CAPTCHA verification tokens
  • Purpose: Prevent spam, bot signups, and abuse; protect our service
  • Lawful basis: Legitimate interests (Art. 6(1)(f) GDPR) — security is a legitimate interest
  • Retention: 90 days for security logs

3. Cookies

We use essential cookies and, with your consent, analytics cookies. For full details of every cookie we use, their purpose, and how to manage them, please see our Cookie Policy.

4. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We share data only with categories of trusted processors that help us operate the site, each under a Data Processing Agreement (DPA) or equivalent contractual safeguards where required by GDPR:

  • Hosting and infrastructure — database, application hosting, content delivery, and DDoS protection (primarily EU/EEA, with Standard Contractual Clauses where data may leave the EEA).
  • Email delivery — transactional messages such as account verification (EU-based providers where possible).
  • Analytics — only if you consent to analytics cookies; providers configured for EU data residency where available.
  • Security and anti-abuse — CAPTCHA, bot detection, and rate limiting to protect the service.

A detailed list of subprocessors is available on request at privacy@luckelo.com. We do not publish vendor names on this page to reduce unnecessary exposure of our technical stack.

We may disclose data to law enforcement or regulatory authorities if required by applicable law or court order.

5. International Data Transfers

We primarily store and process data within the European Economic Area (EEA). Where data is transferred outside the EEA (e.g., via certain infrastructure or analytics services), we ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission, or by relying on the EU–US Data Privacy Framework where applicable.

6. Your Rights Under GDPR (Articles 15–22)

As a data subject under GDPR, you have the following rights. To exercise any of them, contact us at privacy@luckelo.com. We will respond within 30 days (or 3 months for complex requests, with prior notice).

  • Right of Access (Art. 15): Request a copy of all personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure / “Right to be Forgotten” (Art. 17): Request deletion of your personal data. You can also delete your account directly from your profile page, which will initiate immediate deletion.
  • Right to Restriction of Processing (Art. 18): Request that we limit how we process your data while a dispute is resolved.
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format (JSON/CSV) for transfer to another provider.
  • Right to Object (Art. 21): Object to processing based on legitimate interests (e.g., analytics). We will cease processing unless we can demonstrate compelling legitimate grounds.
  • Rights Related to Automated Decision-Making (Art. 22): We do not make automated decisions that produce legal or similarly significant effects about you.
  • Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent (e.g., marketing emails, analytics cookies), you may withdraw at any time without affecting the lawfulness of prior processing.

7. Age of Consent

Our service is strictly for users aged 18 or over. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, please contact us at privacy@luckelo.com and we will delete it immediately.

Note: In most EU countries, the age of digital consent for processing based on consent is 16. We apply the stricter 18+ standard due to our gambling-related content.

8. Data Security

We implement appropriate technical and organisational security measures, including: encrypted connections (HTTPS/TLS), hashed passwords (bcrypt), access controls, and regular security reviews. No system is 100% secure — if we become aware of a breach affecting your data, we will notify you and the relevant supervisory authority as required by GDPR.

9. Right to Lodge a Complaint

If you believe we have not handled your data correctly, you have the right to lodge a complaint with your national data protection supervisory authority. In the EU, you can find your local supervisory authority at: edpb.europa.eu. You may also contact us first at privacy@luckelo.com — we will do our best to resolve any concerns directly.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be communicated to registered users via email. The “Last updated” date at the top indicates when this policy was last revised.

11. Contact & Data Protection Enquiries

For any privacy-related questions, data subject requests, or concerns:

Privacy Policy | Luckelo