burger icon
Watch My Spin United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Watch My Spin, operating the online casino available at watchmyspini.com (internal project identifier: Watch My Spin), collects, uses, discloses and protects personal data of players and website visitors in the United Kingdom. It applies to all visitors, registered players and users of our website, games, services, customer support channels and related communications. This Privacy Policy is effective from 21 January 2026 and replaces any previous versions published on our website.

Who We Are

Operator details

The Watch My Spin online casino available at watchmyspini.com is operated on the Grace Media Limited white-label platform for customers in Great Britain.

  • Operator / licence holder: Grace Media Limited
  • Brand: Watch My Spin (project identifier: Watch My Spin)
  • Licensing authority: United Kingdom Gambling Commission (UKGC)
  • UKGC licence number: 57869 (remote gambling licence, active as of January 2025)
  • Registered / legal address (operator): 4 Winds, The Square, Hessian, United Kingdom (as associated with Grace Media Limited in UKGC public register)

Contact for privacy matters

Grace Media Limited is the "controller" of your personal data for the purposes of the UK General Data Protection Regulation ("UK GDPR") and the UK Data Protection Act 2018.

  • Primary contact email: support@watchmyspini.com (please mention "Privacy request" in the subject line)
  • Postal contact: Data Protection Officer, Grace Media Limited (Watch My Spin), 4 Winds, The Square, Hessian, United Kingdom
  • Online contact: customer support live chat via watchmyspini.com (available approximately 08:00 - 00:00 GMT; initial bot triage followed by human agent)

Grace Media Limited has designated a Data Protection Officer ("DPO"). You can contact the DPO for any questions or requests regarding this Privacy Policy or our handling of your personal data using the contact details above. We do not currently operate a dedicated telephone line specifically for data protection queries; please contact us by email, live chat or post.

What Personal Data We Collect

Account and identification data

  • Registration and profile data: full name, date of birth, gender (where provided), residential address, country of residence (normally United Kingdom only), email address, mobile or landline telephone number, username, password, preferred language and currency (GBP).
  • Verification / KYC data: copies or details of identity documents (e.g. passport, ID card, driving licence), proof of address (e.g. utility bills, bank statements), source-of-funds documentation (e.g. payslips, bank statements), affordability and income information and any other documents we are required to collect under UK law (including UKGC and anti-money laundering requirements).

Technical and device data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, device type (mobile, tablet, desktop), screen resolution, language settings, approximate location derived from IP address and other standard technical information sent by your browser.
  • Usage and log data: access dates and times, pages visited, clickstream data, referring/exit pages, time spent on pages, interaction with website elements, crash logs, performance data and similar diagnostic information.

Payment and financial data

  • Payment method details: limited card details (such as cardholder name, masked card number and expiry date), details of e-wallets or other payment instruments, although full payment card data is normally processed and stored by our authorised payment service providers.
  • Transaction and balance data: deposits, wagers, wins, withdrawals, bonuses, chargebacks, refunds, loyalty points, account balance and associated transaction history, including timestamps and payment channel used.

Behavioural and gambling activity data

  • Game and betting history: games played, session length, stakes, wins and losses, bonus usage, game preferences, device used to play and gameplay timestamps.
  • Behavioural insights: clicks, scrolls, navigation patterns, responsiveness to offers, responsible gambling behaviour indicators, self-exclusion status (including GamStop and internal exclusions shared across the Grace Media Limited white-label network), time spent on site and interaction with safer gambling tools.

Communications and support data

  • Customer support interactions: emails, live chat transcripts (including interactions with automated "GraceBot" and human agents), complaint correspondence, call notes (if any phone contact takes place) and any attachments you provide.
  • Marketing communications data: your subscriptions and opt-out choices for email, SMS and push notifications, records of consents given or withdrawn, marketing campaign engagement (opens, clicks, unsubscribes).

Cookies and similar technologies

  • Cookies: small text files stored on your device that may contain identifiers or other information related to your use of watchmyspini.com.
  • Similar technologies: pixel tags, web beacons, SDKs and local storage used for similar purposes as cookies, such as analytics, security and advertising.

Where required by UK law (including the Privacy and Electronic Communications Regulations, "PECR"), we will ask for your consent before setting non-essential cookies or similar technologies on your device.

Legal Basis for Processing

Contractual necessity

We process many categories of your personal data because it is necessary to enter into and perform our contract with you, including our terms and conditions and game rules. This legal basis applies in particular when we process your data in order to:

  • create and manage your Watch My Spin player account on watchmyspini.com;
  • verify your identity and age, and confirm that you are legally permitted to gamble in Great Britain;
  • enable deposits, gameplay, bonuses, participation in promotions and withdrawals of winnings;
  • provide customer support and handle your queries, complaints or disputes (including via our ADR provider, IBAS, where necessary);
  • contact you about important changes to our services, terms or this Privacy Policy.

Compliance with legal obligations

We are subject to strict regulatory and legal requirements, including those imposed by the UK Gambling Commission, anti-money laundering and counter-terrorist financing legislation, tax laws and general data protection laws. We therefore process your data where necessary to:

  • conduct "Know Your Customer" (KYC) checks, affordability assessments and ongoing due diligence;
  • monitor transactions for fraud, money laundering, terrorist financing and other financial crime;
  • maintain accurate business and accounting records and comply with audit and reporting obligations;
  • respect self-exclusion obligations (including GamStop and internal exclusion shared with other Grace Media Limited brands) and other safer gambling requirements;
  • respond to lawful requests from law enforcement, courts, the UK Gambling Commission or other competent authorities.

Legitimate interests

Where our processing is not strictly required by contract or law, we may rely on our legitimate interests, provided these are not overridden by your rights and freedoms. Our legitimate interests include:

  • Service optimisation: monitoring and improving the performance, reliability and user experience of watchmyspini.com and related apps;
  • Network and information security: preventing unauthorised access, abuse of bonuses, account takeovers, bot attacks, fraud and other misuse of our services;
  • Analytics and reporting: analysing site usage and game performance across the Grace Media Limited white-label network to inform product development and business strategy;
  • Moderate direct marketing: sending you marketing about similar products or services where permitted by law and where you have not opted out.

Where we rely on legitimate interests, we carry out a balancing test to ensure that our interests do not override your privacy rights and we apply appropriate safeguards.

Consent

In certain situations we will only process your personal data if you have given clear consent. This includes:

  • the use of non-essential cookies and similar technologies for analytics and advertising;
  • sending you electronic marketing communications about offers, promotions and new features where these go beyond what is permitted on the basis of our legitimate interests;
  • sharing your data with certain third-party marketing or advertising partners, where required by UK law.

You can withdraw your consent at any time using the mechanisms described in this Privacy Policy (for example in your account settings, via unsubscribe links or by contacting us at support@watchmyspini.com). Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.

Purpose of Processing

Provision of gambling services

  • Account operation: creating and maintaining your account, allowing you to log in securely, managing your account settings and ensuring that your account remains active and accurate.
  • Gameplay and transactions: enabling you to play casino games and mobile slots, process deposits and withdrawals in GBP, manage bonuses and loyalty rewards, and record game outcomes.
  • Customer support: handling your questions and complaints via email and live chat, including queue management and triage through automated tools such as "GraceBot".

Compliance, safety and responsible gambling

  • Regulatory compliance: meeting our obligations to the UK Gambling Commission, HM Revenue & Customs and other competent authorities, including KYC, AML and reporting.
  • Responsible gambling: monitoring behaviour to identify potential gambling-related harm, applying limits, time-outs and self-exclusion (including GamStop and network-wide exclusions across Grace Media Limited sister sites) and conducting affordability checks.
  • Fraud and security: detecting and preventing fraud, bonus abuse, account takeover, payment misuse and other unlawful or suspicious activities.

Improvement, analytics and marketing

  • Service improvement: analysing aggregated and pseudonymised data about how you and other players use our website and games to improve design, features, performance and content.
  • Marketing communications: providing you with tailored offers, bonuses and promotions by email or other electronic channels, where permitted by law and your preferences, and measuring the effectiveness of these campaigns.
  • Analytics and statistics: preparing internal statistics about the performance of Watch My Spin and other Grace Media Limited brands, including product, risk and compliance reporting.

Disclosure & Sharing

Service providers and partners

We may share your personal data with carefully selected third parties who provide services that are essential to operating watchmyspini.com and the Watch My Spin brand. These include:

  • Payment service providers and banks: to process deposits, withdrawals, refunds and chargebacks, and to perform fraud and AML checks.
  • Platform and game providers: companies supplying casino games, hosting, IT, cloud storage, customer support tools, email delivery and analytics services.
  • Identity verification providers: providers of age verification, identity verification, affordability and fraud prevention databases.
  • Professional advisers: lawyers, auditors, compliance consultants and other professional advisers bound by confidentiality obligations.

Group and network sharing

Watch My Spin is part of the Grace Media Limited white-label casino network. Within this group and network we may share personal data where necessary to:

  • maintain shared self-exclusion lists and safer gambling controls across sister sites (e.g. 333 Casino, Slotster, Play UK, Plush Casino and other Grace Media Limited brands);
  • apply network-wide AML, fraud and risk management controls;
  • perform centralised technical operations, IT security and data hosting.

Regulators, authorities and ADR providers

  • Regulators and authorities: the UK Gambling Commission, law enforcement agencies, tax authorities and other public bodies where we are required or permitted by law to share data (for example in relation to AML, fraud or safer gambling investigations).
  • Alternative Dispute Resolution (ADR): our appointed ADR provider, the Independent Betting Adjudication Service ("IBAS"), when we need to share relevant information to resolve a dispute that you have escalated.
  • Courts and legal proceedings: courts, legal representatives and other parties where necessary to establish, exercise or defend legal claims.

Advertising and affiliate partners

Where you have given your consent (where required), or where otherwise permitted by law, we may share limited information with advertising networks, affiliate marketing partners or social media platforms to:

  • measure the effectiveness of advertising campaigns that promote Watch My Spin on watchmyspini.com;
  • avoid showing our adverts to self-excluded or otherwise restricted players.

We do not sell your personal data in exchange for money. Any sharing with marketing or advertising partners is subject to appropriate data protection safeguards and, where required, your prior consent.

International Transfers

Transfers outside the UK

Some of our service providers, group companies and partners may be located outside the United Kingdom or may store data on servers in other countries. This may involve transfers of your personal data to countries in the European Economic Area (EEA) and to countries outside the UK and EEA (for example, where global cloud infrastructure or specialised fraud-prevention providers are used).

Legal safeguards for international transfers

  • Adequacy regulations: where the UK Government has recognised a country as providing an adequate level of data protection, we may rely on that decision to transfer personal data.
  • Standard contractual clauses: where no adequacy regulations are in place, we usually rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with additional technical and organisational measures, to protect your data.
  • Other safeguards: in limited cases we may rely on specific legal derogations (for example where the transfer is necessary to establish, exercise or defend legal claims).

Regardless of where your data is processed, we require all recipients to handle your personal data securely and in accordance with the UK GDPR and this Privacy Policy.

Data Retention

General principles

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, accounting and reporting obligations, and to resolve disputes. We apply clear retention periods and securely delete or irreversibly anonymise data when it is no longer needed.

Indicative retention periods

  • Account and identification data: generally kept for up to 5 years after your account is closed or after the end of the business relationship, in line with UK anti-money laundering and regulatory requirements.
  • Transaction and gambling activity data: usually retained for up to 7 years after the relevant transaction or account closure, to comply with financial, tax and regulatory obligations and to handle any legal claims.
  • KYC and verification documents: normally kept for at least 5 years after the end of the business relationship or after the date of the last transaction, as required by AML laws.
  • Customer support data and complaint files: kept for approximately 3 - 6 years after resolution, depending on the nature of the complaint and potential legal requirements.
  • Marketing data and preferences: retained while you continue to receive marketing from us and for up to 2 years after you opt out, to record and respect your preferences and demonstrate compliance.
  • Cookies and analytics identifiers: stored for the lifespan of the relevant cookie or similar technology, typically between a single session and 24 months, depending on the cookie type and purpose.

Deletion and anonymisation

When retention periods expire, or when data is no longer required for the purposes for which it was collected, we will:

  • securely delete or destroy personal data; or
  • irreversibly anonymise it so that it can no longer be associated with you (for example for long-term statistical analysis and reporting).

In some cases we may retain limited information beyond the standard retention periods where necessary to comply with legal obligations, handle ongoing disputes or enforce our terms and conditions.

Your Rights

Data protection rights under UK GDPR

If you are located in the United Kingdom, you have the following rights in relation to your personal data, subject to certain conditions and exceptions in the UK GDPR and the Data Protection Act 2018:

  • Right of access: to obtain confirmation of whether we process your data and to receive a copy of the personal data we hold about you.
  • Right to rectification: to have inaccurate or incomplete personal data corrected or completed.
  • Right to erasure: to request that we delete your personal data where there is no valid legal reason for us to continue processing it (for example, where our retention obligations have expired).
  • Right to restriction: to ask us to limit the processing of your data in certain circumstances, for example while we verify the accuracy of data you contest.
  • Right to object: to object at any time to processing based on our legitimate interests and to object to direct marketing, including profiling for marketing purposes.
  • Right to data portability: to receive the personal data you provided to us in a structured, commonly used and machine-readable format and to ask us to transmit it to another controller where technically feasible.
  • Rights related to automated decision-making: to request human review and to challenge decisions that are based solely on automated processing and that produce legal or similarly significant effects, such as certain risk or affordability assessments.

Marketing and cookies choices

  • You can manage your marketing preferences within your account settings, by using the "unsubscribe" link in marketing emails, or by contacting us at support@watchmyspini.com.
  • You can manage cookie settings via our cookie banner or through your browser settings as described in the "Cookies & Tracking Technologies" section below.

Mexican and EU data protection alignment

Although Watch My Spin on watchmyspini.com is focused on UK customers and access from most other countries (including most EU Member States and the USA) is geo-blocked, we aim to align our practices with international standards, including the EU General Data Protection Regulation ("EU GDPR") and, where relevant, Mexican privacy regulations such as the Federal Law on Protection of Personal Data Held by Private Parties. If you interact with our services from Mexico in circumstances where access is technically possible, your core rights (access, rectification, cancellation/deletion and opposition - "ARCO" rights) are broadly consistent with the rights described above, and you may exercise them using the same contact channels.

How to exercise your rights

  1. Submit your request: contact us by email at support@watchmyspini.com or by post to the address in the "Who We Are" section, clearly stating that your request concerns data protection rights and specifying which right you wish to exercise.
  2. Verification: we may ask you to provide information to verify your identity (for example, confirming account details or providing identity documentation) to protect your data from unauthorised access.
  3. Response timeframes: we aim to respond to all valid requests within one month (30 days) of receipt. In complex cases or where you have made multiple requests, we may extend this period by up to two further months, and we will inform you of any extension and the reasons for it.
  4. Fees: we will handle your requests free of charge. We may, however, charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, in line with the UK GDPR.

Cookies & Tracking Technologies

Types of cookies we use

  • Strictly necessary cookies: required for the operation of watchmyspini.com, such as cookies that enable you to log in, maintain a session, use the cashier and ensure site security. These are usually session cookies and are not subject to consent under PECR.
  • Functional cookies: used to remember your preferences (such as language, currency and display settings) and to provide enhanced, personalised features.
  • Analytics and performance cookies: used to collect aggregated information about how visitors use our website (e.g. pages visited, time spent, errors encountered) so we can improve performance and usability.
  • Advertising and marketing cookies: used, where allowed, to deliver relevant marketing content, prevent showing you the same adverts repeatedly, and measure the effectiveness of our campaigns, including those run with affiliate partners within the Grace Media Limited network.
  • Third-party cookies: cookies set by third-party providers (for example analytics providers or embedded content) when you visit watchmyspini.com.

Managing cookies

  • You can control cookies through the cookie banner or settings tool available on our site, where we provide options to accept or reject different categories of non-essential cookies.
  • You can also adjust your browser settings to block or delete cookies. Please note that blocking strictly necessary cookies may affect the functionality of the site and your ability to play games or access certain features.
  • For more information about cookies, including how to see what cookies have been set and how to manage or delete them, you can use your browser's help function or visit independent information sites.

Where required by UK law, we will obtain your consent before using non-essential cookies or similar technologies. You can withdraw your consent at any time via the tools described above.

Data Security

Technical and organisational measures

We take the security of your personal data very seriously and implement appropriate technical and organisational measures to protect it against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include, among others:

  • Encryption: use of TLS 1.2 or higher to encrypt data in transit between your device and our servers, and industry-standard encryption or pseudonymisation techniques for certain categories of data at rest.
  • Access controls: strict access rights based on roles, with access to personal data limited to staff and service providers who need it for their job functions, protected by authentication and, where appropriate, multi-factor authentication.
  • Network and application security: firewalls, intrusion detection and prevention systems, anti-malware solutions and secure development practices, including regular patching and vulnerability management.
  • Segregation of player funds: compliance with UKGC requirements, including maintaining player funds at a "medium" protection level as applicable to the Grace Media Limited licence, combined with appropriate financial controls.

Governance, training and audits

  • Policies and procedures: internal data protection, information security, incident response and retention policies aligned with UK regulatory expectations.
  • Staff training: regular training for relevant staff on data protection, information security, AML and safer gambling obligations.
  • Monitoring and audits: periodic internal reviews and, where appropriate, third-party audits or assessments of our security controls and those of key service providers. Some of our critical providers may hold recognised security certifications such as ISO 27001 or SOC 2, and we seek assurance regarding their controls.
  • Incident response: procedures to detect, respond to and investigate potential data breaches, and to notify affected users and regulators where required by law.

Complaints & Contacts

Contacting us

If you have any questions, concerns or complaints about how we handle your personal data, you should contact us first so that we can try to resolve the issue:

  • Email (primary): support@watchmyspini.com (please state "Privacy complaint" in the subject line)
  • Live chat: via watchmyspini.com, available approximately 08:00 - 00:00 GMT
  • Post: Data Protection Officer, Grace Media Limited (Watch My Spin), 4 Winds, The Square, Hessian, United Kingdom

Complaint procedure

  1. Initial review: once we receive your complaint, we will acknowledge it within a reasonable time (typically within a few working days) and assign it to the appropriate team, which may include our DPO and compliance staff.
  2. Investigation: we will investigate your complaint, which may involve reviewing logs, communications, relevant policies and any information you provide.
  3. Response: we aim to provide a substantive response within 30 days. If we cannot respond within this period due to complexity or the number of requests, we will inform you of the delay and provide an updated timeframe.
  4. Further steps: if you remain dissatisfied with our response, you have the right to escalate your complaint to the relevant supervisory authority as described below.

Supervisory authorities and escalation

  • United Kingdom (primary authority): If you are in the UK or your complaint relates to our UK operations, you can contact the Information Commissioner's Office (ICO):
  • European Union: If you are located in the EEA and are able to interact with our services, you may also have the right to lodge a complaint with your local data protection authority. Contact details are available on the European Data Protection Board website.
  • Mexico: If you are in Mexico and interact with our services, you may contact the National Institute for Transparency, Access to Information and Personal Data Protection (INAI) regarding your privacy rights:
    • Website: www.inai.org.mx

We would, however, appreciate the opportunity to address your concerns directly before you contact a supervisory authority.

Updates

Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our services, legal or regulatory developments, or guidance from supervisory authorities. When we make material changes, we will take appropriate steps to inform you in advance where reasonably possible.

Notification methods

  • Email notifications: we may send an email to the address registered on your Watch My Spin account outlining the key changes.
  • On-site notices: we may display banners, pop-ups or other notices on watchmyspini.com and/or within your account dashboard.
  • Policy versioning: we will update the "Last updated" date shown in this Privacy Policy and may keep a record of previous versions for reference.

Advance notice and your options

Where a change is likely to have a significant impact on your rights or the way we use your data (for example, introducing a new category of data processing or expanding sharing with third parties), we will, where reasonably practicable, provide at least 30 days' advance notice before the change takes effect. During this period you will have the opportunity to:

  • review the updated Privacy Policy in detail;
  • adjust your privacy or marketing preferences;
  • close your account and stop using our services if you do not agree with the changes (subject to the settlement of any outstanding balances or obligations).

Last updated: January 2026.