Your personal data deserves the same editorial precision as every other page on this site. Below, we explain which data points Savaspin collects, why each point is needed and how the operator keeps the file sealed. Terdersoft B.V. and Interdersoft Limited run the casino under Curaçao eGaming Licence No. 152341 and accept joint controllership for Finnish players. Furthermore, the policy is refreshed whenever a processing activity changes, so periodic re-reads are a sensible habit.
Data Categories We Collect
Savaspin gathers five data families to keep the platform safe, compliant and personalised. Moreover, every category is limited to what is strictly necessary for the stated purpose. The overview below is followed by a detailed breakdown of each family.
| Category | Typical examples | Why we collect it |
|---|---|---|
| Personal data | Legal name, email, date of birth, home address | Account creation, KYC, AML compliance |
| Payment data | Card tokens, crypto wallet addresses, transaction IDs | Deposits and batch withdrawals |
| Technical data | IP, user agent, device model, cookie IDs | Security, fraud prevention, performance |
| Behavioural data | Game history, session length, bet size | Responsible gaming checks, personalisation |
| Communication data | Chat transcripts, support emails | Customer service, dispute evidence |
Personal Data at Registration
At sign-up we request your legal name, email, date of birth and residential address. Consequently, this file lets us open your account and confirm that you clear the 18-year threshold required by Finnish consumer norms (21+ in some jurisdictions). In addition, the same data powers the critical account notifications — KYC outcomes, batch payout alerts and security warnings. Marketing emails are never sent from this base without an explicit opt-in.
Payment Data and Tokenisation
Deposits and withdrawals require a minimal payment file — card number tokens, expiry dates and crypto wallet addresses. Importantly, the full 16-digit PAN is never stored on Savaspin servers. Instead, certified PCI-DSS processors handle the raw string and return a reversible token that we keep in place of the number. As a result, even in the unlikely event of a breach, your card cannot be used to charge new transactions.
Technical Data and Device Fingerprints
Our systems automatically log IP address, browser string, operating system and device identifiers on every session. Moreover, cookies keep the login alive and feed our traffic analytics. Specifically, the technical data points we collect include:
- IP address and geolocation: used to confirm your country of residence and block restricted regions before a wager is placed.
- Browser and device fingerprint: used to spot unusual login attempts and stop account takeovers.
- Session timestamps: used to enforce automatic timeouts after periods of inactivity.
- Clickstream data: used to refine navigation and spot UX friction on the cashier page.
- Cookie identifiers: used to remember language, theme and consent preferences between sessions.
How Savaspin Uses Your Data
Processing happens only for clearly defined, lawful purposes aligned with GDPR-equivalent frameworks. Therefore, we never handle data arbitrarily or beyond what the law permits. The primary processing objectives are listed below:
- Account management: we use registration details to create, maintain and secure your player account.
- KYC and AML compliance: we verify identity and monitor transactions to satisfy anti-money-laundering rules under the Curaçao eGaming licence.
- Fraud prevention: we analyse technical and behavioural signals to spot anomalies and shield both parties.
- Payment processing: we pass minimal payment fields to certified processors so deposits and withdrawals settle reliably.
- Marketing communications: we send promotional emails only to players who have opted in, with a one-click opt-out in every message.
- Responsible gaming: we review session data to identify possible harm patterns and suggest suitable tools early.
- Legal obligations: we retain selected records to respond to lawful requests from regulators and law-enforcement bodies.
The legal bases we rely upon include consent, contractual necessity, compliance with legal obligations and our legitimate interest in operating a secure platform. However, legitimate interest is always balanced against your rights before it is used as a basis. Moreover, you may ask for a written explanation of any specific processing activity at any time.
Your Rights Under GDPR-Equivalent Frameworks
As a Finnish player, you hold a well-defined set of rights over the data Savaspin keeps about you. Furthermore, the operator honours every valid request within 30 days of receipt, with a reasoned extension when a file is unusually complex. Your rights are:
- Right of access: request a copy of every personal data point held on your account.
- Right to rectification: ask us to correct inaccurate or outdated information in your file.
- Right to erasure: request deletion of your data where no legal basis for retention applies.
- Right to data portability: receive your data in a structured, machine-readable format for transfer.
- Right to restriction: pause processing while a dispute, complaint or verification is pending.
- Right to object: object to processing grounded in legitimate interest, including direct marketing.
- Right to withdraw consent: remove consent for marketing or analytical cookies without affecting past lawful processing.
To exercise any right, email our privacy desk at [email protected] from your registered address and state the specific right you wish to invoke. Moreover, we may need to verify your identity before acting on a sensitive request. If you believe the operator has mishandled your data, you may lodge a complaint with the Office of the Data Protection Ombudsman — Tietosuojavaltuutetun toimisto — which acts as the competent Finnish data protection authority, or with the supervisory body of your current country of residence.
Cookie Policy
Cookies are small text files that a website stores on your device to remember context between visits. Savaspin deploys cookies to keep sessions alive, measure site performance and — with explicit consent — tailor marketing to repeat visitors. Moreover, the consent banner on your first visit lets you accept or decline each non-essential category, and you can revisit the choice any time through the footer link.
Three Cookie Families in Use
Three cookie families operate on the platform. Essential cookies run permanently because key features — login, currency selection, anti-CSRF — depend on them. Analytical and marketing cookies switch on only when consent is recorded. Furthermore, embedded third-party content such as provider-hosted game frames may set additional cookies once you interact with them.
| Cookie name | Type | Purpose | Duration |
|---|---|---|---|
| sv_session | Essential | Keeps your login session alive | Session |
| sv_csrf | Essential | Blocks cross-site request forgery attacks | Session |
| sv_lang | Essential | Remembers your language preference | 1 year |
| sv_analytics | Analytical | Tracks page views and navigation paths | 90 days |
| sv_perf | Analytical | Measures page load times and error rates | 30 days |
| sv_ads | Marketing | Delivers personalised promotional content | 180 days |
| sv_retarget | Marketing | Supports retargeting campaigns on partner networks | 90 days |
Managing Cookie Preferences
You stay in charge of which non-essential cookies Savaspin may store. First, use the consent banner on the initial visit to accept or reject each category independently. In addition, you can revisit your choices through the cookie-settings link in the footer. Furthermore, every major browser lets you clear or block cookies entirely from within its privacy settings. However, disabling essential cookies will break login, currency persistence and the cashier flow.
Third-Party Data Sharing
Sometimes the operator needs to pass a narrow data set to a trusted partner to deliver the service you requested. Nevertheless, Savaspin never sells personal data to advertisers or data brokers. Moreover, each partner signs a data-processing agreement that binds them to confidentiality and security standards at least as strict as our own.
The categories of partners that may receive your data are:
- Payment providers: we share the minimal payment fields needed to execute a deposit or withdrawal securely.
- Game providers: we pass anonymised session tokens to software studios so their games load in your account state.
- KYC and identity verification vendors: we forward document images and personal details to certified verification partners for final clearance.
- Regulatory and law-enforcement authorities: we disclose data when legally compelled under the Curaçao eGaming licence or applicable law.
- IT, hosting and security service providers: we share technical logs with infrastructure partners who maintain uptime and block intrusion attempts.
In every case, only the data strictly needed for the purpose is transferred. Furthermore, any cross-border transfer outside the EEA is guarded by standard contractual clauses or equivalent safeguards. Consequently, your rights travel with the data wherever it flows.
Data Retention Windows
Personal data is kept for the active life of your account plus a defined archive period after closure. Specifically, transaction records and KYC documents are retained for a minimum of five years from the date of the last transaction. This window reflects AML duties under Curaçao eGaming regulations. Once a retention window closes, the operator securely deletes or anonymises the relevant records. However, an ongoing dispute or regulatory investigation can extend the window until the matter is fully resolved.
Account registration data follows the same five-year clock after closure, while support-chat transcripts are kept for three years. Moreover, you may withdraw marketing consent at any time by clicking the unsubscribe link in any email, and analytical cookie consent can be revoked inside the cookie-settings panel.
Data Security Controls
Protecting your file is a core engineering priority at Savaspin. Specifically, 256-bit SSL encryption shields every connection, so information travels through a channel that third parties cannot intercept. Besides transport-layer security, we add several further protective layers:
- Segregated player accounts: player funds and personal data sit separately from the operator’s working capital, so they remain safe even in the unlikely event of a financial shock.
- Role-based access controls: staff access is limited to data relevant to their role, and every access event is logged and audited on a recurring schedule.
- Two-factor authentication: administrative consoles require a second factor to block unauthorised internal access.
- Regular security audits: penetration tests and vulnerability assessments run on a continuous schedule to surface weaknesses before an attacker can.
Nevertheless, no system is entirely risk-free. If you see suspicious activity on your profile, write to [email protected] at once. Consequently, the security desk responds within 24 hours and opens an investigation on every credible report.
Contact and Policy Updates
For questions about this policy or the data file on your account, our support desk is reachable at [email protected]. Moreover, the typical answer window is two business days. For formal data-protection requests, use the same address and add “Data Protection Request” to the subject line so that your message is routed to the correct queue at once.
The operator reviews this policy regularly to stay aligned with service changes, technology upgrades and legal reforms. When a material change is made, registered Finnish players are notified by email at least 14 days before the update takes effect. Therefore, revisiting this page periodically is a sensible discipline. Finally, continued use of savaspin-finland.com after an update is interpreted as acceptance of the revised clauses.