Notifications 5

You have got bonus

You have got 200 points on your bonus balance. Check it out!

12:09

You have got bonus

You have got 200 points on your bonus balance. Check it out!

12:09

You have got bonus

You have got 200 points on your bonus balance. Check it out!

12:09

You have got bonus

You have got 200 points on your bonus balance. Check it out!

12:09

You have got bonus

You have got 200 points on your bonus balance. Check it out!

12:09

You have got bonus

You have got 200 points on your bonus balance. Check it out!

12:09

Privacy Policy

1. Introduction

SkinJoker (“SkinJoker”, “we”, “us”, “our”) is an online, cryptocurrency-based casino operated by SkinJoker Tech Ltd., a company incorporated in Hong Kong under company number 3098212 with its registered office at 22/F, 2 International Finance Centre, 8 Finance Street, Central, Hong Kong.

This Privacy Policy explains how we collect, use, disclose, and secure your personal information when you create an account, browse our website (the “Site”), interact with our games, or contact our 24 / 7 / 365 support service. It also sets out your rights and how you may exercise them. By accessing or using the Site you confirm that you have read and understood this Policy and the accompanying Terms & Conditions.

2. Key Definitions

Term Meaning
Personal Data / Personal Information Any information that identifies, relates to, describes, or can reasonably be linked to an identified or identifiable natural person.
GDPR Regulation (EU) 2016/679 and the United Kingdom General Data Protection Regulation.
CCPA/CPRA California Consumer Privacy Act as amended by the California Privacy Rights Act.
PDPO Personal Data (Privacy) Ordinance of Hong Kong (Cap. 486).
Controller The natural or legal person that determines the purposes and means of processing personal data.
Processor A natural or legal person that processes personal data on behalf of a controller.

 

3. Who Is the Data Controller?

SkinJoker Tech Ltd. is the data controller for the purposes of the GDPR, PDPO, and comparable legislation. We have appointed a Data Protection Officer (“DPO”) whom you may contact at [email protected] or by post to the address above.

EU/EEA residents may also contact our Article 27 representative:
EU DataRep BV
Stadhouderskade 85, 1073 AT Amsterdam, The Netherlands
e-mail: [email protected]

 

4. What Personal Data Do We Collect?

Category Examples Source
Identification Data Full name, date of birth, nationality, government-issued ID number, selfie image Provided by you; verification vendors
Contact Details E-mail address, mobile number, postal address Provided by you
Account & Gameplay Data Username, wallet addresses, wagering history, bonuses, chat logs, tournament entries Generated by your use of the Site
KYC & AML Data Proof of address, proof of source of funds/wealth, sanctions-screening results Provided by you; third-party compliance databases
Financial Data Deposit and withdrawal records, blockchain transaction hashes, token balances Generated automatically; blockchain explorer APIs
Technical & Usage Data IP address, browser type, device identifier, operating system, time zone, clickstream, cookies, crash logs Collected automatically via cookies, pixels and server logs
Marketing Preferences Opt-in/opt-out status for e-mail, SMS and push notifications Provided by you

We do not knowingly collect data from persons under 18 years of age. If we learn that a minor has provided personal data, we will delete that information and close the account.

 

5. Legal Bases and Purposes of Processing

Purpose Legal Basis (GDPR Art. 6) Details
Account creation and management Performance of a contract (Art. 6 (1)(b)) To open, maintain and secure your account; to deliver games and support
Know Your Customer (KYC) & AML screening Legal obligation (Art. 6 (1)(c)); legitimate interests (Art. 6 (1)(f)) To verify identity, prevent fraud, combat money laundering and terrorist financing (FATF standards)
Responsible-gaming controls Legal obligation; legitimate interests To provide self-exclusion, deposit limits, reality checks
Payment processing Performance of a contract; legitimate interests To credit deposits, pay withdrawals and maintain financial records
Game fairness & security monitoring Legitimate interests To detect bots, multi-accounting, collusion or technical anomalies
Marketing communications Consent (Art. 6 (1)(a)) To send promotional e-mails, SMS or push notices; you may withdraw consent at any time
Analytics & site optimisation Legitimate interests To measure performance, improve UI/UX and troubleshoot errors
Regulatory or legal requests Legal obligation To comply with subpoenas, court orders or lawful requests by authorities

 

6. Cookies and Similar Technologies

We use first-party and third-party cookies, SDKs and pixels to:

  • remember session preferences;
  • authenticate log-ins;
  • prevent fraud and abuse;
  • compile aggregate statistics about site traffic.

A detailed Cookie Notice, including a list of vendors (e.g., Cloudflare, Google Analytics 4, Hotjar), is accessible from every page. You can manage non-essential cookies via our preference centre or your browser settings.

 

7. Disclosure of Personal Data

Recipient Category Example Providers Safeguard
Identity & AML Vendors SumSub, Chainalysis, Onfido Standard Contractual Clauses (SCCs)
Game Suppliers Pragmatic Play, Bgaming Data-processing addenda
Payment Processors / Crypto Gateways CoinPayments, NOWPayments SCCs; ISO 27001 certification
Cloud & Hosting Providers Amazon Web Services (EU / Hong Kong) Encrypt-at-rest & in transit; SCCs
Marketing Platforms Mailgun, Firebase Consent-based processing
Professional Advisers Lawyers, auditors, accountants Confidentiality undertakings
Law-enforcement & regulators Financial Intelligence Units, tax authorities Statutory disclosure only

We never sell your personal information to third parties.

 

8. International Transfers

Because we operate globally, your data may be transferred to, and processed in, countries outside your jurisdiction. Where such transfers involve data subjects in the EEA/UK, we rely on:

  • the European Commission’s Standard Contractual Clauses;
  • adequacy decisions (e.g., Japan); or
  • Art. 49 GDPR derogations (performance of a contract).

A copy of the relevant safeguard can be obtained by contacting the DPO.

 

9. Security Measures

  • TLS 1.3 encryption for data in transit.
  • AES-256 encryption and role-based access controls for data at rest.
  • Multi-signature cold-storage wallets for the majority of player funds.
  • Biometric 2FA for privileged system access.
  • Quarterly penetration tests by CREST-certified assessors.
  • Continuous DDoS mitigation via Cloudflare.

In the unlikely event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the competent supervisory authority without undue delay and, where feasible, within 72 hours.

 

10. Data Retention

Data Type Retention Period
KYC, AML & transactional data 5 years after account closure (FATF & EU AMLD 6)
Marketing preferences Until consent is withdrawn or account is closed
Gameplay logs 5 years (dispute-resolution window)
Technical logs 365 days
Dormant-account data 12 months of inactivity, then archived for 5 years

We anonymise or delete data once the applicable period expires unless legal proceedings require longer retention.

 

11. Your Rights

Depending on your location, you may have the right to:

  • Access – obtain a copy of the personal data we hold about you.
  • Rectification – correct inaccurate or incomplete data.
  • Erasure – request deletion of data when no longer necessary (subject to AML retention).
  • Restriction – pause processing under certain conditions.
  • Portability – receive data in a structured, machine-readable format.
  • Object – oppose processing based on legitimate interests or direct marketing.
  • Withdraw Consent – at any time, without affecting prior processing.
  • Opt-out of Sale/Sharing (CCPA / CPRA) – SkinJoker does not sell personal information, but California residents may still issue an opt-out request.

Submit requests via [email protected]. We will respond within 30 days (GDPR) or 45 days (CCPA/CPRA). Identity verification is required.

 

12. Complaints

If you believe we have infringed your privacy rights you may lodge a complaint with:

  • Office of the Privacy Commissioner for Personal Data (Hong Kong);
  • your local supervisory authority (EU/EEA: see https://edpb.europa.eu/about-edpb/board/members); or
  • Information Commissioner’s Office (UK) for UK residents.

We encourage you to contact the DPO first so that we may address your concerns swiftly.

 

13. Third-Party Sites and Blockchain Networks

Our Site may contain links to third-party websites or dApps. We are not responsible for their privacy practices. When you interact with public blockchains, transactions you initiate (including wallet addresses) may become public, immutable records outside our control. Please consider this inherent transparency before using cryptocurrency services.

 

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via e-mail or in-site notification at least seven (7) days before they take effect. Continued use of the Site after the effective date constitutes acceptance of the revised Policy.

 

15. Contact Us

SkinJoker Tech Ltd.
22/F, 2 IFC, 8 Finance Street, Central,
Hong Kong SAR, China
General enquiries: [email protected]
Data-protection enquiries: [email protected]

This Privacy Policy is provided in English. Translations may be offered for convenience; in the event of conflict, the English version prevails.