Privacy Policy

DuckDice.io (“the Website”, “DuckDice”, “Service”, “Website”, “us”, “our”, “we”) is owned and operated by Zentari Limitada. Registration number: 9845000OAF4456CVB467, registered address: Provincia 01 San José, Cantón 01 San José, Mata Redonda, Sabana Oeste, Avenida Doce, Calle Noventa, 10108, Costa Rica (the Company). DuckDice.io is licensed and regulated by the Government of the Autonomous Island of Anjouan, Union of Comoros and operates under License No. ALSI-202509013-FI1. The Company operates the Website in accordance with the applicable regulatory framework governing online gaming services and maintains strict internal controls to ensure the integrity, transparency, and fairness of all gaming activities offered through the Website.

The Policy forms an integral and legally binding part of the Company’s Terms & Conditions, available on the Website. By accessing or using any services offered through DuckDice, Users acknowledge and accept their responsibility to comply with this Policy, as well as with all other applicable rules and requirements set forth in the Terms & Conditions.

The Company reserves the right, at its sole discretion, to modify, update, or revise these Terms & Conditions, Privacy Policy, and any related policies at any time.

Where material changes are made, the Company shall notify Users through the Website or other appropriate communication channels; however, Users are responsible for reviewing the most current versions of such documents.

Continued use of the Website following any updates constitutes acknowledgment and acceptance of the revised Terms & Conditions, Privacy Policy, and other applicable policies.

DuckDice aims to collect the least possible amount of personal data necessary for using the service.

The personal data processed by DuckDice are as described in this Policy.

The Company processes personal data on different legal bases depending on the purpose of processing, including performance of a contract, compliance with legal obligations and legitimate interests.

In connection with the provision of the Website and related services, the Company may process personal data necessary for account registration and administration, provision of gaming services, fraud prevention, security monitoring, customer support, operational communications, and compliance with AML/CFT, KYC and other applicable legal and regulatory obligations. Such processing is carried out where necessary for the performance of a contract, compliance with legal obligations, or the Company’s legitimate interests, as applicable.

Every DuckDice User can:

• download his own personal data information, so all User's personal data that is being processed by DuckDice can be also accessible by this User;
• rectify User personal data (where applicable);
• remove User personal data;
• restrict User personal data processing.

To download, rectify, remove or restrict User personal data please contact [email protected].

Deletion or restriction of the User’s personal data may result in the termination of the User’s account. Upon termination of the account, the User’s personal data shall be deleted, except for the data that the Company is required to retain in accordance with applicable laws and regulatory requirements.

Note that Username can be changed only once from settings and only via support request, if eligible.

Every User can now unsubscribe from the DuckDice mailing list in E-mail Settings, however, note that you cannot unsubscribe from the System e-mail which provide you with Security notices, security codes, password recovery details, etc.

Conditions applicable to child's consent in relation to information society services:

It is strictly forbidden for underage to access the Service. By agreeing to these Terms of Use, you represent and warrant to us that you are at least eighteen years of age.

Use of technology for personal data collection

The Company uses various technologies to facilitate the Website. These technologies may involve the temporary processing of certain technical data related to Users (such as device identifiers, cookie data, or IP addresses) for the sole purpose of enabling advertising features such as targeting and analytics. The Company processes personal data in order to provide, operate, and improve its services, as well as to comply with applicable legal and regulatory obligations.

When a User accesses the Website, the Company may automatically collect certain technical data from the User’s browser or device. Such data may include the User’s IP address, device type, operating system, browser type and language, and general location. This information is used strictly for security, account management, and service optimization purposes.

The Company may use standard internet technologies, including but not limited to cookies, pixels, and tracking scripts, to support the functionality of the Website and the performance of advertising campaigns. Such technologies may be embedded by Users or their authorized third parties in advertisements served to Users via third-party publisher environments. The Company itself does not embed tracking mechanisms directly into User-facing content but may process resulting data in real time to enable reporting, optimization, and campaign measurement, strictly under the instructions of its Users.

The Company processes personal data on the following legal bases:

• Performance of a contract (Article 6(1)(b) GDPR) – to provide access to the Website and its services;
• Compliance with legal obligations (Article 6(1)(c) GDPR) – including AML/KYC, fraud prevention, and financial reporting;
• Legitimate interests (Article 6(1)(f) GDPR) – for service improvement, security, and fraud detection;

Purposes of and lawful bases for the collection of the personal data

The Company processes the personal data relating to Users, which are listed above of this Policy, in order to provide the best service possible to the Users. This article gives the Users an overview of how their personal data shall be processed in the context of their use of the Website.

The Company may collect additional categories of personal data beyond those explicitly listed in this Policy, where necessary to provide specific services, fulfill legal obligations, or enhance the Users experience. Such data shall be collected only on lawful basis permitted under applicable data protection legislation, such as for the performance of a contract, compliance with a legal obligation, or the pursuit of the Company’s legitimate interests.

In each case, the Company ensures that data subjects are properly informed about the nature and purpose of the data collection and their rights in relation to such processing.

In connection with the processing of fiat payments or when Users choose to buy crypto, the We may collect and process the following categories of personal data:

• First name
• Last name
• Country code and phone number
• Date of birth
• Country
• Region or state
• City
• Residential address
• Postal or ZIP code

This information is collected for the purposes of identity verification, compliance with applicable anti-money laundering (AML) and know-your-customer (KYC) regulations, transaction processing, and fraud prevention, in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada.

We ensure that all personal data is collected and processed lawfully, fairly, and transparently, and that appropriate technical and organizational measures are implemented to safeguard such data against unauthorized access, disclosure, alteration, or destruction.

The recipients of the personal data

The personal data collected and processed by the Company may be disclosed to the following recipients or categories of recipients:

• To individuals authorized by the Company to process personal data on behalf of Users, including Company employees, who are bound by confidentiality obligations and non-disclosure agreements;
• To service providers engaged by the Company to perform specific processing operations related to the data of Users and, where applicable, technical data related to Users processed on behalf of Users;
• Payment service providers (for processing transactions initiated by Users, including cryptocurrency transactions);
• Hosting and infrastructure providers (for the maintenance and operation of the Website);
• Website maintenance and development service providers;
• Analytics providers involved in performance measurement;
• Email delivery services (for transactional or service-related communication with Users);
• The Company may use blockchain analytics and transaction monitoring tools to detect fraud, money laundering, sanctions exposure, and other prohibited activities;
• Governmental bodies as described by the applicable legislation, including AML act.

All subcontractors engaged by the Company provide appropriate safeguards as required under applicable data protection laws. These subcontractors are granted access only to the data strictly necessary to perform their services and are not authorized to process any data for their own purposes.

Any processing of User data is conducted solely on behalf of and under the instructions of Users, in accordance with applicable data protection obligations.

For the purpose of marketing and retargeting campaigns, we may disclose Users’ data (such as email addresses) to third-party data processors acting on our behalf.

Before sending to advertising platforms, email addresses may be cryptographically hashed (pseudonymized) using widely accepted algorithms, reducing the risk of identification by third parties.

Data Processing Agreements (DPAs) are concluded with such processors to ensure confidentiality, security, and processing strictly according to our documented instructions.

Users may withdraw their consent to the processing of data for marketing purposes at any time, including the right to object to processing for direct marketing purposes. To withdraw the consent Users should contact the support team.

Data retention period

The Company retains personal data of Users only for as long as is strictly necessary to fulfill the purposes for which the data was collected, including the performance of services and compliance with contractual or legal obligations.

After the end of the active use period, User data may be archived with restricted access for a limited additional duration, solely to enable the Company to meet legal or regulatory requirements related to data retention and audit.

Personal data of Users is retained only for as long as necessary to fulfil the purposes for which such data was collected, including the provision of services, security monitoring, analytics, compliance with legal and regulatory obligations, and dispute resolution. Once the relevant processing purpose has been fulfilled, personal data is deleted, anonymized, or retained only where continued retention is required or permitted under applicable law.

Retention periods may vary depending on the nature of the data and the applicable legal or operational requirements.

Retention periods depend on the nature of the data:

• account data – for the duration of the account;
• KYC/AML data – as required by applicable laws;
• transaction data – for accounting and regulatory purposes;
• marketing data – until the User withdraws consent.

Protection of personal data

The Company implements appropriate technical and organizational measures to protect the personal data of its Users, and any User data processed on their behalf, against unauthorized access, disclosure, alteration, or destruction.

Although the Company follows industry best practices and security standards, it cannot guarantee absolute security of any information transmitted or stored. Users are responsible for maintaining the security of their own login credentials and communication channels.

All data processing activities are carried out in accordance with recognized international standards and legal frameworks governing the collection, use, and protection of personal data.

Cookies Policy

What are cookies?

A cookie is a piece of information in the form of a very small text file that is placed on an internet User's computer. It is generated by a web page server (which is basically the computer that operates the website) and can be used by that server whenever the User visits the site. A cookie can be thought of as an internet User's identification card, which tells a website when the User has returned. Cookies can't harm your computer.

Why do we use cookies on DuckDice?

DuckDice uses two types of cookies: cookies set by us and cookies set by third parties (i.e. other websites or services). DuckDice cookies enable us to keep you signed in to your account throughout your visit and to tailor the information displayed on the site to your preferences.

The Website uses cookies and similar tracking technologies to ensure proper functionality, improve User experience, and support analytics and marketing activities.

By accepting our Terms of Use and Privacy Policy and continuing to use the Website, you acknowledge that you have read and understood how we collect, use, and process your personal data as described in this Privacy Policy.

Cookies and tracking technologies What cookies do we use on DuckDice?

The Website uses cookies and similar tracking technologies to ensure proper functionality, enhance User experience, and support security, analytics, and marketing activities.

Such technologies may be used for the following purposes:

• to enable core Website functionality and account access;
• to maintain security, prevent fraud, and detect suspicious activity;
• to analyze Website performance and understand User interactions;
• to support analytics, advertising, and retargeting activities.

Cookies and similar technologies may collect technical and usage-related information, including IP address, device identifiers, browser type, operating system, and interaction data.

We use the following categories of cookies and similar tracking technologies on the Website:

• Operational Cookies - strictly necessary for the proper operation and security of the Website, including User authentication, fraud prevention, attribution, network management, and protection against abuse or unauthorized access.
• Functional Cookies - used to remember User preferences and settings, maintain interface customization, and improve the usability and functionality of the Website.
• Analytics Cookies - used to collect information about how Users interact with the Website, including traffic measurement, User behavior analysis, A/B testing, performance monitoring, and session replay technologies.
• Marketing Cookies - used to support marketing and communication activities, including advertising pixels, push notification services, customer support widgets, review and feedback tools, and related third-party integrations.

The full list of cookies we collect is as follows:

The Company may engage third-party service providers acting as data processors to process such data on its behalf. These providers help us with website operation, security, analytics, and marketing activities in accordance with our legitimate interests and documented instructions.

How can I manage my cookies on DuckDice?

If you wish to stop accepting cookies, you can do so through the Privacy Settings option in your browser.

GDPR compliance

What is the GDPR?

The General Data Protection Regulation (“GDPR”) is a European privacy regulation which replaced EU Data Protection Directive (“Directive 95/46/EC”).

The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law.

To whom does the GDPR apply?

The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.

If a company collects, transmits, hosts or analyzes personal data of EU citizens, it is must comply with the General Data Protection Regulation (“GDPR”), which is enforceable since May 25, 2018. Our Terms Of Use has been updated to provide customers with contractual commitments regarding our compliance with applicable EU data protection law and to implement additional contractual provisions required by the GDPR. Our contractual commitments guarantee that customers can request from data subjects to obtain, correct, unsubscribe or delete personal data, will be made aware of and report personal data breaches to relevant supervisory authorities and data subjects in accordance with GDPR timeframes.

Data breach notification

When DuckDice will be made aware of personal data breaches we will notify relevant Users in accordance with GDPR timeframes.

However, Users are responsible for maintaining the confidentiality of their account credentials, devices, and authentication methods.

The Company shall not be liable for unauthorized access resulting from the User’s failure to maintain adequate account security.

Data international transfer

We may transfer personal data to countries outside the European Economic Area where our service providers, group companies or other recipients are located. Where we do so, we rely on an adequacy decision of the European Commission or implement appropriate safeguards, such as the European Commission’s Standard Contractual Clauses. Where required, we also assess whether additional technical, organisational or contractual measures are necessary to ensure an adequate level of protection for the transferred data.

In such cases, appropriate safeguards are implemented, including Standard Contractual Clauses (SCCs) or equivalent mechanisms.

Third parties data sharing

We may share your personal data with carefully selected third-party service providers who act as our data processors. Such sharing is limited to the purposes necessary for the provision and improvement of our services.

We may disclose the following categories of data:

• Identification and contact data (such as Username and email address);
• Technical data (such as IP address).
• This information may be shared for purposes including, but not limited to:
• Account creation, management and service delivery;
• Identity verification and compliance procedures;
• Customer support and communication;
• Fraud prevention and security;
• Service optimization, analytics and performance improvement;
• Marketing and retargeting activities.

All third-party service providers are bound by contractual obligations to process personal data only on our behalf and in accordance with our instructions. We do not sell your personal data to any third parties.

You may request detailed information about the specific recipients to whom your personal data has been disclosed by contacting us.

Recording of support calls

Certain Users may be granted access to phone support services as part of VIP or enhanced account features.

Any phone calls with our support, compliance or account management teams are conducted strictly upon the User’s prior request, including callback requests submitted through the Website. We do not make unsolicited calls to Users.

All phone calls are recorded and stored for safety, security and service quality purposes. By proceeding with the call after being notified of the recording, you acknowledge and agree to the processing of your personal data in accordance with this Privacy Policy.

If you do not wish for your call to be recorded, you should refrain from using phone support services and instead use alternative support channels made available through your account.

Call recordings are processed for the following purposes:

• to ensure the best possible handling and resolution of your request;
• to maintain a record of communications and instructions provided;
• to monitor and improve the quality of our services and customer support;
• to train and supervise our staff;
• to establish, exercise or defend legal claims where necessary;
• to ensure compliance with applicable legal and regulatory obligations, including fraud prevention and security requirements.

The legal basis for processing call recordings is our legitimate interests in providing efficient customer support, ensuring service quality, operational security, and dispute resolution, and, where applicable, compliance with legal obligations.

Call recordings are stored securely and access is strictly limited to authorized personnel on a need-to-know basis. We implement appropriate technical and organizational measures to protect such data against unauthorized access, alteration or disclosure.

Call recordings may be disclosed where required by law, regulatory obligation, or where necessary for the establishment, exercise or defense of legal claims.

For the avoidance of doubt, any information regarding account-related features or special conditions communicated during such calls is provided solely in connection with the User’s account status or service features and does not constitute advertising or promotion of gambling activities.