Smash Privacy Policy

Smash collects personal data necessary to provide a secure, functional, and compliant online gaming experience. The categories of information collected and the purposes for which they are used are described below.

Categories of Personal Data Collected

The following types of personal information may be collected from users:

• Full name and date of birth;
• Residential address and contact details, including email address and telephone number;
• Government-issued identification documents, as required for identity verification;
• Financial information, including payment method details and transaction records;
• Device and technical data, including IP address, browser type, and operating system;
• Behavioural data related to platform usage and activity logs.

Purpose of Data Collection

Personal information is collected for the following purposes:

• To create and manage user accounts;
• To process deposits, withdrawals, and other financial transactions;
• To fulfil legal and regulatory obligations, including identity verification and anti-money laundering checks;
• To detect and prevent fraudulent activity;
• To improve platform performance and user experience.

Technical and Organisational Safeguards

Smash applies industry-standard technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, or destruction. These include:

• Encryption of sensitive data during transmission and storage;
• Access controls that restrict data visibility to authorised personnel only;
• Regular security assessments and internal audits;
• Staff training on data protection obligations.

User Rights Under UK Data Protection Law

In accordance with the UK GDPR and the Data Protection Act 2018, users hold the following rights regarding their personal information:

• The right to access personal data held by the platform;
• The right to request correction of inaccurate or incomplete information;
• The right to request deletion of personal data, subject to legal retention requirements;
• The right to object to or restrict certain forms of processing;
• The right to data portability in a structured, machine-readable format;
• The right to withdraw consent at any time, without affecting the lawfulness of prior processing.

Requests relating to any of the above rights may be submitted to the platform’s data protection contact, details of which are available in the platform’s support documentation.

Personal data collected by Smash is used exclusively for defined, lawful purposes. No information is processed in a manner inconsistent with the purposes disclosed at the time of collection.

Account and Service Delivery

User data is used to:

• Register and maintain active player accounts;
• Authenticate users upon login;
• Provide access to casino and sportsbook services.

Transaction Processing

Financial data is processed to:

• Facilitate deposits and withdrawals;
• Verify payment method ownership;
• Maintain accurate transaction records in accordance with regulatory requirements.

Platform Improvement and Analytics

Aggregated and anonymised usage data is analysed to:

• Identify technical issues and improve platform stability;
• Understand user behaviour patterns to enhance service delivery;
• Optimise the layout and functionality of the website.

Marketing Communications

Where users have provided explicit consent, personal information may be used to:

• Send promotional offers and relevant updates via email or other agreed channels;
• Personalise content displayed on the platform.

Users may withdraw consent for marketing communications at any time by contacting the support team or using the unsubscribe option included in all marketing messages.

Regulatory Compliance

Personal data is processed as required to:

• Comply with anti-money laundering (AML) regulations;
• Respond to lawful requests from regulatory authorities;
• Fulfil obligations under the UK Gambling Commission licence conditions.

All processing activities are conducted on a lawful basis, as defined under the UK GDPR, including consent, contractual necessity, legal obligation, and legitimate interests.

Users of the Smash platform have the right to access, update, and request deletion of their personal data at any time, subject to applicable legal obligations.

Accessing Personal Data

Users may request a copy of all personal information held by the platform by contacting the data protection team through the official support channels. Requests will be acknowledged and fulfilled within the timeframes prescribed by UK data protection legislation (generally within one calendar month).

Correcting Personal Information

If any personal details held on a user account are found to be inaccurate or outdated, users are encouraged to:

• Update their information directly via the account settings page, where available;
• Submit a correction request to the support team for information that cannot be amended independently.

Requesting Deletion of Data

Users may request the deletion of their personal data. Such requests will be assessed in accordance with applicable retention obligations. Certain categories of information may be retained for a defined period as required by law, including financial transaction records and identity verification documents.

Consent to Security and Payment Processing

By using the Smash platform, users acknowledge and consent to:

• The performance of identity verification and security checks as required by regulatory obligations;
• The processing of payment data by approved third-party payment service providers, solely for the purpose of facilitating transactions.

This consent forms part of the terms under which access to the platform is granted and is a necessary condition of service provision.

The Smash platform is strictly intended for individuals aged 18 years or over. Access to online gambling services is prohibited for minors under United Kingdom law, and the platform takes this obligation seriously.

Age Restriction Policy

• All users must confirm they are aged 18 or over at the point of registration;
• The platform reserves the right to request documentary proof of age at any stage;
• Accounts may be suspended or permanently closed if a user is found to be under the legal age.

Limitations on Age Verification

Despite reasonable precautions, the platform acknowledges that it is not always possible to verify a user’s age without the submission of valid identity documents. Users are responsible for providing accurate information during the registration process.

Handling of Data Belonging to Minors

In the event that personal data belonging to an individual under the age of 18 has been collected without the knowledge of a parent or legal guardian:

• The parent or guardian may contact the platform to request the immediate deletion of that data;
• Upon verification of the request, all relevant personal information will be permanently removed from the platform’s systems;
• The associated account will be closed without delay.

Parents or guardians who suspect that a minor has registered on the platform are encouraged to contact the support team immediately.

In the course of providing its services, Smash may engage partners, service providers, and third parties located outside the United Kingdom. As a result, personal data may be transferred to and processed in countries beyond UK borders.

Circumstances of International Transfer

Personal data may be transferred internationally in the following circumstances:

• Where payment processing services are operated by providers based outside the UK;
• Where technical infrastructure or cloud storage is hosted in overseas jurisdictions;
• Where third-party compliance or analytics services are delivered by internationally based organisations.

Consent to International Processing

By registering and using the Smash platform, users provide their informed consent to the transfer and processing of their personal data in jurisdictions outside the United Kingdom. This consent is obtained at the point of account creation and remains in effect for the duration of the user's relationship with the platform.

Confidentiality Obligations of International Partners

All third-party partners engaged in the processing of personal data, regardless of their geographic location, are contractually required to:

• Maintain the confidentiality of all personal information received;
• Apply data protection standards equivalent to those required under UK law;
• Process data only for the specific purposes for which it has been shared.

Smash does not transfer personal data to international partners unless appropriate safeguards are in place to protect the rights and freedoms of users.

This section sets out the legal context in which the Privacy Policy operates and its relationship to the broader terms governing the use of the Smash platform.

Scope and Effect of the Disclaimer

The terms of this disclaimer may alter the scope or legal effects of specific provisions within this Privacy Policy. Users should read this section carefully before accepting the policy, as acceptance constitutes a legally binding acknowledgement of its terms.

Conditions of Acceptance

This Privacy Policy, including the provisions set out in this disclaimer, takes effect at the moment the user:

• Electronically signs or confirms acceptance during the registration process;
• Accepts the policy through an explicit opt-in mechanism on the platform;
• Accedes to its terms by continuing to use the platform after a notified update.

Amendments to the Policy

Smash reserves the right to amend this Privacy Policy at any time. Any material changes will be communicated to users through the platform or via registered contact details. Continued use of the platform following notification of an amendment constitutes acceptance of the revised terms.

Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the United Kingdom. Any disputes arising from or in connection with this document shall be subject to the jurisdiction of the courts of England and Wales.

Smash uses cookies on its platform to support core functionality and to improve the overall quality of the user experience. This section explains what cookies are, how they are used, and how users can manage their preferences.

What Are Cookies

Cookies are small text files that are stored on a user’s device when they visit a website. They are widely used to make websites function correctly and to provide information to the website operator.

How Cookies Are Used

The platform uses cookies for the following purposes:

• Statistical analysis, including the measurement of user volumes and page visits;
• Behavioural analysis, to understand how users interact with different areas of the platform;
• Personalisation, to tailor content and settings to individual user preferences;
• Platform improvement, by identifying areas of the website that require optimisation.

Cookie Retention Period

Cookies placed by the platform are retained for a period of up to 12 months from the date of the user’s most recent visit. After this period, cookies are automatically expired and removed from the user’s device.

Managing Cookie Preferences

Users may manage or withdraw their consent to the use of cookies at any time by:

• Adjusting the browser settings on their device to block or delete cookies;
• Using the cookie preference centre available on the platform, where applicable.

Disabling certain categories of cookies may affect the functionality of the platform and limit access to some features.

The use of the Smash platform constitutes full and unconditional acceptance of this Privacy Policy in its entirety. Users who do not agree with any provision of this document should discontinue use of the platform immediately.

Binding Nature of Acceptance

Acceptance of this policy is confirmed through any of the following actions:

• Completing the account registration process;
• Logging in to an existing account following a notified update to the policy;
• Continuing to access or use the platform after changes to the policy have been communicated.

Prevailing Version

The version of the Privacy Policy published on the platform at any given time is the current and prevailing version. In the event of any inconsistency between a previously communicated version and the current published version, the current published version takes precedence.

Notification of Changes

Where material amendments are made to this Privacy Policy, users will be informed through the platform or via their registered contact details. It is the responsibility of each user to review the policy periodically to remain informed of any updates.

In certain circumstances, personal data held by Smash may be disclosed to third parties. This section explains when such disclosures occur and the basis on which they are made.

Circumstances for Third-Party Disclosure

Personal information may be shared with third parties in the following situations:

• Where required by law, including in response to lawful requests from regulatory or law enforcement authorities;
• In connection with the resolution of disputes, including legal proceedings;
• Where disclosure is necessary to fulfil obligations under agreements with licensed partners or service providers.

Identification of Third Parties

Where third parties to whom data may be disclosed are identified on the platform, users are encouraged to review those parties' own privacy documentation. In cases where specific third parties are not listed, users will be informed of the purpose and scope of any intended disclosure prior to data being shared, where this is legally permissible.

Consent to Third-Party Sharing

By providing personal information and using the platform, users consent to the disclosure of that information to third parties in the circumstances described above. This consent is obtained at the point of registration and is a condition of accessing the services provided by the platform.

Third-Party Responsibility

Smash does not control the data practices of third-party recipients. Once personal data has been lawfully disclosed, the receiving party assumes responsibility for its processing in accordance with its own applicable obligations.

The Smash platform may contain links to third-party websites, including those operated by partners, affiliates, or other external organisations. This section clarifies the platform’s position regarding the privacy practices of those external sites.

Nature of External Links

Links to third-party websites are provided for informational or functional purposes only. The presence of such links does not constitute an endorsement of the content, products, or services offered by those websites.

No Responsibility for External Data Practices

Smash has no control over and accepts no responsibility for:

• The privacy policies or data handling practices of any external website;
• The collection, use, or storage of personal information by third-party site operators;
• The security measures applied by external websites to protect user data.

User Caution

Users are advised to exercise caution when following links to external websites and to review the privacy policy of each website they visit. Any personal information provided to a third-party website is subject to that website’s own terms and data practices, not those of this platform.

Smash accepts no liability for any loss or damage arising from a user’s interaction with an external website linked from the platform.