Rocketman United Kingdom Privacy Policy Statement

Rocketman processes personal data as necessary for service delivery and legal compliance under UK GDPR. Data is protected through technical and organizational measures.

This Privacy Policy explains how Rocketman, the brand operating the Rocketman game and related online casino services, collects, uses, stores, and protects personal data from players in the United Kingdom. This document is issued to provide transparency regarding data handling practices and to outline the lawful processing activities conducted by the brand. Compliance with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) governs all procedures described herein. The policy details the information obtained during account management, identity verification, and transactional operations. It also describes the technical and organisational measures applied to safeguard personal data. This policy does not constitute a contract for services but serves as an administrative notice of data processing. By maintaining an account, players acknowledge the practices described in this policy.

Data Collection and Categories of Information Processed

Rocketman collects several categories of personal data from players during account registration, gameplay, and financial transactions. The following table summarises the primary data types, their sources, and the purposes for which they are held.

Data Category	Examples of Data	Method of Collection
Registration Details	Full name, date of birth, residential address, email address, telephone number	Account creation forms
Identification Data	Copy of passport or driving licence, proof of address (e.g., utility bill)	Upload during Know Your Customer (KYC) procedures
Transactional Information	Deposit history, withdrawal requests, payment method details, wagering records	Payment processing systems and game logs
Technical Data	IP address, browser type, device identifiers, operating system, session logs	Cookies, server logs, and analytics tools
Compliance-Related Records	Self-exclusion flags, gambling history reviews, source of funds documentation	Manual submissions and automated risk assessments

Processing of identification data is mandatory for verifying player age and identity as required by the Gambling Commission licence. Transactional information is recorded to maintain accurate financial ledgers and to detect irregular betting patterns. Technical data is collected to ensure the stability and functionality of the Rocketman 2 platform. Compliance-related records are retained to fulfil regulatory obligations under the United Kingdom's gambling legislation.

Data Usage and Legal Basis for Processing

The brand processes personal data for specific operational and regulatory purposes. Each processing activity is supported by a lawful basis as defined under UK GDPR. Below are the primary processing activities and their corresponding legal grounds.

Account Verification and Identity Checks - Legal basis: Legal obligation. Processing is necessary to comply with the Gambling Commission’s requirements to prevent underage gambling and money laundering.
Processing Deposits and Withdrawals - Legal basis: Performance of a contract. Data is used to execute player transactions and manage balances, including gameplay using rocketman play money.
Security Monitoring and Fraud Prevention - Legal basis: Legitimate interest. The brand maintains a legitimate interest in protecting the integrity of the Rocketman game and preventing unauthorised access or financial crime.
Responsible Gambling Interventions - Legal basis: Legal obligation. Data is processed to enforce self-exclusion, deposit limits, and time-out periods as mandated by UK regulatory standards.
Marketing Communications (where consent provided) - Legal basis: Consent. Promotional messages are sent only after players have explicitly opted in. Consent can be withdrawn at any time without affecting account services.

For all processing activities, data minimisation principles are applied. The brand does not collect or use personal data beyond what is necessary for the stated purposes. Where legitimate interest is relied upon, a balancing test is conducted to ensure that player rights are not overridden.

Data Storage, Security Measures and Retention Rules

Personal data is stored on secure servers located within the European Economic Area and the United Kingdom. All data transmitted between player devices and the brand’s systems is encrypted using Transport Layer Security (TLS) protocol, version 1.2 or higher. Access to personal data is restricted to authorised personnel only, based on role-specific permissions. Multi-factor authentication is required for administrative accounts that access sensitive records.

Retention periods are established in accordance with legal and regulatory requirements. The following retention schedule applies:

Account registration data: Retained for the duration of the account plus six years after closure for regulatory audit purposes.
Transactional records: Retained for seven years from the date of each transaction to satisfy anti-money laundering obligations.
Identification documents: Retained for five years after the last account activity, after which they are securely deleted.
Technical logs: Retained for twelve months, after which they are anonymised or destroyed.
Self-exclusion records: Retained indefinitely until the exclusion period ends, then archived for a further six years.

Data deletion is performed using secure overwriting methods that render the information unrecoverable. Archival data is stored in encrypted, access-controlled repositories. The brand conducts annual penetration testing and vulnerability assessments of its data storage infrastructure. Any data breaches are reported to the Information Commissioner’s Office within 72 hours in compliance with UK GDPR notification requirements.

Player Rights and Data Access Procedures

Players in the United Kingdom hold specific rights regarding their personal data under UK GDPR. These rights include the following:

Right of Access: Players may request a copy of the personal data held about them. A response will be provided within one calendar month.
Right to Rectification: Inaccurate or incomplete data can be corrected upon request by contacting the data protection officer.
Right to Erasure: Players may request deletion of personal data, subject to legal retention obligations (e.g., anti-money laundering records).
Right to Restriction of Processing: Processing can be paused in cases where data accuracy is contested or the processing is unlawful.
Right to Object: Players may object to processing based on legitimate interest, including direct marketing. The brand will cease processing unless compelling grounds are demonstrated.
Right to Data Portability: Players can request transfer of their data to another controller in a machine-readable format, provided the processing is based on consent or contract performance.

To exercise any of these rights, players must submit a verifiable request via email or postal mail to the address provided in the account settings. Identity verification is required for all data access requests. This verification process involves matching the player’s name, date of birth, and registered email address against records held. Additional identification documentation may be requested in certain circumstances to prevent unauthorised disclosure. The brand will respond to all requests within the statutory time limit. If a request is refused, the player will be informed of the reason and their right to lodge a complaint with the Information Commissioner’s Office. Players using the rocketman 2 free version or engaging with rocketman play money balances retain the same data rights as active depositing players.