burger icon
Rembrandt United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Rembrandt, operated through the website rembrendt.com, collects, uses, discloses, and protects personal data of players and other visitors from the United Kingdom and other countries. It applies to all users who access or use rembrendt.com, including visitors, registered account holders, and recipients of our marketing communications. By using rembrendt.com, you acknowledge that your personal data will be processed in accordance with this Privacy Policy and applicable data protection laws, including the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018. Effective date: 1 January 2026.

Who We Are

Rembrandt is an online gambling brand operated through the website rembrendt.com. The casino is part of the Condor Gaming Group and is operated by Condor Malta Ltd, a limited liability company established in Malta.

Condor Malta Ltd holds a remote gaming licence issued by the Malta Gaming Authority (MGA) under licence number MGA/B2C/340/2016. This licence governs the provision of remote gaming services under Maltese law and expressly excludes the provision of licensed gambling services to persons located in the United Kingdom. However, this Privacy Policy applies to UK-based visitors who access rembrendt.com, including for informational purposes.

The data controller responsible for your personal data in connection with rembrendt.com is:

Data Controller: Condor Malta Ltd
Operating brand: Rembrandt (Rembrandt for the UK project on rembrendt.com)
Legal form: Limited liability company (Ltd)
Registered in: Malta
Licensing authority: Malta Gaming Authority (MGA), licence no. MGA/B2C/340/2016

Because the precise registered office address and company registration number may change, you can verify the current details of Condor Malta Ltd at the official MGA licensee register: https://mga.org.mt/licencee-hub/licencee-register/.

Contact Details and Data Protection Officer

If you have any questions about this Privacy Policy or our data protection practices, or if you wish to exercise your data protection rights, you can contact us using the following details:

  • Email (primary contact): support@rembrendt.com (please include "Privacy" in the subject line)
  • Website: https://rembrendt.com

We designate an internal data protection contact within Condor Malta Ltd (Data Protection Officer or equivalent data protection function). You can reach our data protection contact via the same email address: support@rembrendt.com, or via any privacy-specific forms we may provide on rembrendt.com. We typically respond to privacy-related requests within 30 days.

What Personal Data We Collect

We collect and process different categories of personal data depending on how you interact with rembrendt.com (for example, browsing the website, registering an account, depositing funds, placing bets, or contacting support). We collect data directly from you, automatically through your use of the site, and from certain third parties such as payment providers and fraud-prevention services.

Identity and Contact Data

  • Basic identification: first name, last name, date of birth, nationality, country of residence, and proof of identity or age documents (for example, copies of ID cards, passports, or driving licences) where required for KYC (Know Your Customer) and AML (anti-money laundering) checks.
  • Contact information: email address (such as the address you use to contact us or to open an account on rembrendt.com), postal address, and telephone number if you provide it.
  • Account details: username, unique player ID, security questions and answers, and other information necessary to operate your rembrendt.com account.

Technical and Usage Data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, language settings, time zone, and similar technical information collected when you access rembrendt.com.
  • Connection and log data: dates and times of access, pages visited, referring URLs, clickstream data, session duration, and log files generated by our servers and security systems.
  • Security-related data: login attempts, password changes, account lockouts, and information used for fraud detection and security monitoring.

Payment and Transaction Data

  • Payment details: partial payment card details (for example, masked card numbers), bank account details, e-wallet identifiers, and transaction references, as provided by you or by payment service providers.
  • Transaction history: deposits, withdrawals, bonus credits, promotional credits, chargebacks, refunds, and related financial records linked to your rembrendt.com account.
  • Verification data: documents and information necessary to verify your payment methods and to comply with AML and counter-terrorist financing regulations.

Behavioural and Profile Data

  • Gaming activity: betting history, game types played, stakes, wins and losses, bonuses used (including Rembrandt's proprietary "Buy-off" bonus mechanisms), wagering patterns, time spent playing, and self-imposed or regulatory limits.
  • Website behaviour: clicks, page interactions, navigation paths, and responses to on-site prompts (for example, interactions with promotional banners or responsible-gaming tools).
  • Marketing and preference data: your communication preferences, responses to marketing campaigns, unsubscribe actions, and information about how you interact with our emails or notifications.

Cookies and Similar Technologies

  • Cookies: small text files stored on your device that help us remember your preferences, maintain your session, and understand how you use rembrendt.com.
  • Similar technologies: web beacons, pixels, SDKs, and local storage used for analytics, advertising, and security purposes.
  • Third-party tracking: where permitted by law and your consent, we may allow carefully selected partners, such as analytics and advertising providers, to set cookies or similar technologies on your device when you visit rembrendt.com.

More information about how we use cookies and how you can manage them is provided in the "Cookies & Tracking Technologies" section below.

Legal Basis for Processing

We process your personal data only when we have a valid legal basis under the UK GDPR and, where applicable, the EU GDPR and other relevant data protection laws. Depending on the specific processing activity, the legal basis will typically be one or more of the following:

  • Performance of a contract: We process your data where it is necessary to enter into or perform a contract with you, including:
    • creating and managing your rembrendt.com account;
    • processing deposits, bets, withdrawals, and bonus credits;
    • providing customer support and resolving technical issues;
    • honouring promotions, loyalty schemes, and "Buy-off" bonus features.
  • Compliance with legal obligations: We must process certain data to comply with legal and regulatory requirements, including:
    • AML, counter-terrorist financing, and fraud prevention laws;
    • age verification and responsible gambling obligations;
    • tax, accounting, and regulatory reporting duties in Malta and other relevant jurisdictions;
    • data retention and reporting requirements imposed by the Malta Gaming Authority and other competent authorities.
  • Legitimate interests: We process data where it is necessary for our legitimate business interests, provided that your interests and fundamental rights do not override those interests. These include:
    • maintaining the security and integrity of our systems and platform;
    • preventing abuse, fraud, and money laundering across Condor Gaming Group brands (such as 24Bettle, Casino Sieger, b-Bets, and Big5 Casino);
    • improving our website, services, and user experience through analytics and statistics;
    • defending and exercising legal claims, handling disputes, and managing risk.
  • Consent: We rely on your consent where required by law, for example:
    • sending you electronic marketing communications (email, SMS, push notifications) that are not based on an existing customer relationship;
    • using non-essential cookies and similar technologies for personalised advertising;
    • sharing your data with certain advertising partners or affiliates for targeted marketing.
    You may withdraw your consent at any time, as explained in the "Your Rights" section.
  • Vital interests and legal claims: In rare cases, we may process data to protect your vital interests or those of another person (for example, where self-harm or severe gambling-related harm is suspected), or for the establishment, exercise, or defence of legal claims.

Purpose of Processing

We use your personal data for clearly defined purposes that are compatible with the reasons for which the data was collected. These purposes include, in particular:

  • Providing and operating casino and related services: to allow you to register, log in, verify your age and identity, place bets, participate in casino games and sports betting, use bonus features, manage your wallet, and cash out winnings through rembrendt.com.
  • Customer support and communication: to respond to your enquiries (for example via support@rembrendt.com or live chat), to provide updates on your account, to notify you about major changes, and to handle complaints or disputes.
  • Compliance, risk management, and fraud prevention: to perform KYC and AML checks, detect and prevent fraudulent or abusive behaviour, monitor betting patterns for manipulation or irregularities, and comply with regulatory requirements imposed by the MGA and other authorities.
  • Service improvement and analytics: to analyse how visitors and players use rembrendt.com, to understand technical performance, and to improve user experience, game selection, and platform stability.
  • Marketing and personalisation: to send you promotional communications about Rembrandt and other Condor Gaming Group brands (where permitted and subject to your consent), to personalise content and offers, and to measure the effectiveness of campaigns.
  • Responsible gambling and player protection: to implement and monitor responsible gambling tools, self-exclusion, limits, and other protective measures, and to cooperate with support organisations such as GamblingTherapy.org.
  • Legal, regulatory, and business purposes: to maintain business records, perform audits, ensure player fund segregation where required by the MGA licence, support corporate governance within Condor Gaming Group, and manage potential mergers, acquisitions, or reorganisations.

Disclosure & Sharing

We do not sell your personal data. We only disclose your data to third parties where this is lawful, necessary, and subject to appropriate safeguards. The categories of recipients include:

  • Group companies: other entities within the Condor Gaming Group (including brands such as 24Bettle, Casino Sieger, b-Bets, and Big5 Casino) for internal administration, unified risk management, consolidated reporting, and, where permitted by law and your consent, cross-brand marketing.
  • Payment service providers and banks: providers of cards, e-wallets, bank transfers, and other payment solutions that process deposits and withdrawals linked to your rembrendt.com account. These providers act as independent controllers or processors, depending on the specific service.
  • Technical and operational service providers: hosting providers, IT and security service providers, analytics and business intelligence tools, communication platforms (email delivery, SMS, live chat), and customer support tools that process data on our behalf under data processing agreements.
  • Verification and anti-fraud partners: identity verification services, AML and sanctions-screening providers, fraud detection and risk scoring tools that help us meet regulatory obligations and protect our platform from abuse.
  • Regulators and public authorities: the Malta Gaming Authority and other competent regulators, supervisory authorities, law enforcement agencies, and courts, when we are legally required or permitted to disclose data, for example to comply with AML obligations, respond to investigations, or defend legal claims.
  • Professional advisers: lawyers, auditors, and consultants who require access to certain data to provide professional services, subject to confidentiality obligations.
  • Affiliates and advertising networks: where you arrive at rembrendt.com via an affiliate link or advertising campaign, we may share limited data (such as tracking identifiers and conversion information) with that affiliate or network. Where this involves marketing beyond our own services, we do so only with your consent and in accordance with cookie and tracking settings.
  • Corporate transactions: if Condor Malta Ltd or the Rembrandt brand is involved in a merger, acquisition, restructuring, or sale of assets, your data may be transferred to the relevant third party as part of the transaction, subject to this Privacy Policy and applicable law.

Whenever we share your data with processors, we ensure that they are bound by written contracts requiring them to process personal data only on our instructions, to implement appropriate security measures, and to respect confidentiality and data protection obligations.

International Transfers

Condor Malta Ltd is based in Malta, and many of our systems and service providers are located within the European Economic Area (EEA). If you are located in the United Kingdom, your data may therefore be transferred from the UK to Malta and other EEA countries. The UK Government currently recognises the EEA as providing an adequate level of data protection, so such transfers are permitted without additional safeguards.

In some cases, we may transfer personal data to countries outside the UK and EEA (for example, where certain IT providers, anti-fraud partners, or group service providers are located in or use infrastructure in third countries). In these situations, we apply appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs): we enter into data transfer agreements based on the standard clauses approved by the European Commission or the UK Information Commissioner's Office (ICO), as applicable.
  • Additional technical and organisational measures: including encryption, strict access controls, and minimisation of data transferred, to ensure that third-country recipients cannot misuse the data.
  • Reliance on other lawful transfer mechanisms: where applicable, such as adequacy regulations or your explicit consent for specific transfers.

Details of the applicable safeguards for a particular transfer can be provided upon request, subject to confidentiality restrictions.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, and to comply with legal, regulatory, and contractual obligations. Retention periods may vary depending on the nature of the data and the context of processing, but we apply the following general principles:

  • Player account data: core account information, identity documentation, and transactional history are typically retained for the duration of your relationship with us and for up to five (5) years after your account is closed, in line with AML and gaming regulatory requirements, unless a longer period is required for legal claims or investigations.
  • Payment and financial data: records relating to deposits, withdrawals, and financial transactions are retained for periods required by tax, accounting, and financial regulations, usually between five (5) and ten (10) years, depending on the jurisdiction and nature of the records.
  • Marketing data: information about your marketing preferences and consent is retained for as long as you remain subscribed to marketing communications and for a reasonable period thereafter to demonstrate compliance with consent and unsubscribe obligations.
  • Technical and analytics data: logs and analytics data are retained for shorter periods, typically between six (6) months and three (3) years, depending on the purpose and security requirements.
  • Complaints and disputes: records of complaints, disputes, and responsible-gambling interventions are retained for as long as necessary to handle the matter and for a reasonable period afterwards to protect our legal rights and demonstrate compliance.

When data is no longer required for the purposes described in this Privacy Policy, we will securely delete, anonymise, or aggregate it. If you exercise certain rights (such as the right to erasure), we will also update our retention schedules accordingly, subject to legal obligations that may require continued retention of some data.

Your Rights

Depending on your place of residence and applicable law, you have a range of rights in relation to your personal data. For users in the United Kingdom and the EEA, these rights are primarily governed by the UK GDPR and EU GDPR. For users in Mexico, additional rights may apply under Mexican privacy law. We respect and facilitate these rights in a fair, transparent, and timely manner.

Rights under UK/EU GDPR

  • Right of access: you can request confirmation as to whether we process your personal data, and receive a copy of that data together with information about how and why we use it.
  • Right to rectification: you can ask us to correct inaccurate or incomplete personal data, including updating your contact details or identity information, subject to verification requirements.
  • Right to erasure ("right to be forgotten"): you can request deletion of your personal data in certain circumstances, for example where the data is no longer necessary, you withdraw consent, or you successfully object to processing. This right is limited where we must retain data to comply with legal obligations (such as AML or regulatory requirements) or to establish, exercise, or defend legal claims.
  • Right to restriction of processing: you can request that we temporarily restrict processing of your data in specific cases, for example if you contest the accuracy of the data or object to our legitimate interest basis.
  • Right to object: you can object to processing based on our legitimate interests, including profiling for risk or marketing purposes, and we will stop processing unless we can demonstrate compelling legitimate grounds. You can always object to direct marketing, and we will honour this absolutely.
  • Right to data portability: where processing is based on consent or contract and carried out by automated means, you can request that we provide your data in a structured, commonly used, machine-readable format, or transfer it to another controller where technically feasible.
  • Right to withdraw consent: where we rely on your consent (for example, for marketing or certain cookies), you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing that took place before withdrawal.

Rights under Mexican Privacy Law (Where Applicable)

For users located in Mexico, additional rights may apply under the Federal Law on Protection of Personal Data Held by Private Parties and related regulations. These rights are sometimes referred to as ARCO rights:

  • Access: the right to obtain confirmation of whether we hold your personal data and to receive information about the origins, use, and transfers of that data.
  • Rectification: the right to request correction of inaccurate or incomplete data.
  • Cancellation: the right to request that your data be cancelled when you consider it inappropriate or excessive, subject to legal retention obligations.
  • Opposition: the right to oppose certain processing activities for legitimate reasons, including direct marketing.

We will handle Mexican data subject requests in a manner consistent with both Mexican law and the standards of the UK/EU GDPR, to the extent they apply to our processing activities.

How to Exercise Your Rights

  • Request channels: you can exercise your rights by contacting us at support@rembrendt.com, clearly stating that your request concerns data protection rights and specifying which right you wish to exercise.
  • Verification: to protect your privacy, we may ask you to provide information or documentation to verify your identity before acting on your request, especially for access, rectification, or erasure requests relating to your player account.
  • Timeframe: we aim to respond to all valid requests within 30 days of receipt. If your request is complex or if we receive multiple requests from you, we may need more time, in which case we will inform you of the delay and the reasons for it.
  • Fees: we generally handle rights requests free of charge. However, we may charge a reasonable fee or refuse to act on the request where it is manifestly unfounded or excessive, for example due to its repetitive nature, as permitted by law.

Cookies & Tracking Technologies

We use cookies and similar technologies to make rembrendt.com work properly, to enhance your user experience, to perform analytics, and, where permitted, to deliver personalised advertising. When you visit rembrendt.com from the United Kingdom or other jurisdictions that require consent, you will normally see a cookie banner or preferences panel enabling you to manage your choices.

Types of Cookies We Use

  • Strictly necessary (session) cookies: these cookies are essential for the operation of rembrendt.com and the provision of services you request, such as keeping you logged in, securing transactions, and enabling core navigation. They are usually session-based and are deleted when you close your browser.
  • Functional (persistent) cookies: these cookies remember your settings and preferences (such as language, region, or display options) to provide a more personalised experience. They may remain on your device for a defined period or until you delete them.
  • Analytics and performance cookies: these cookies collect aggregated information about how visitors use rembrendt.com, such as which pages are visited most often, how users navigate the site, and whether they encounter errors. This helps us improve the stability, speed, and usability of the platform.
  • Advertising and targeting cookies: where you consent, we and our selected partners may use cookies or similar technologies to show you more relevant adverts, track campaign performance, and prevent the same advert from being shown repeatedly. These may be set by us (first-party) or by third-party advertising networks.

Managing and Disabling Cookies

  • Cookie banner and internal panel: you can use our on-site cookie banner or preferences panel, where available, to accept or reject non-essential cookies and to update your choices at any time.
  • Browser settings: you can configure your browser to refuse all or some cookies, or to alert you when websites set or access cookies. Please note that blocking certain cookies may impact the functionality of rembrendt.com, particularly strictly necessary cookies.
  • Opt-out tools: where we use third-party analytics or advertising services, those providers may offer additional opt-out mechanisms. Details can be provided upon request.

Data Security

We implement a combination of technical, organisational, and physical measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. While no system can guarantee absolute security, we continuously assess and improve our measures to reflect evolving industry standards and regulatory requirements.

  • Encryption in transit and at rest: we use modern encryption technologies (including TLS 1.2 or higher) to protect data transmitted between your device and our servers. Where appropriate, we also encrypt sensitive data at rest within our infrastructure.
  • Access controls and authentication: access to personal data is restricted to authorised personnel who need it for legitimate business purposes, based on role and necessity. Administrative access to systems is protected using strong authentication measures, including multi-factor authentication where appropriate.
  • Secure infrastructure: rembrendt.com is hosted on secure servers with network segmentation, firewalls, intrusion detection/prevention systems, and regular vulnerability assessments to mitigate common cyber threats.
  • Monitoring and incident response: we maintain logs and monitoring tools to detect unusual activities and potential security incidents. We have internal procedures to investigate, contain, and remediate suspected breaches, and we will notify affected individuals and relevant authorities where required by law.
  • Staff training and policies: employees and contractors with access to personal data receive training on data protection, confidentiality, and security requirements. They are bound by contractual obligations and internal policies to respect the privacy and security of your data.
  • Regulatory and industry standards: our security and data protection practices are designed to align with recognised international standards for information security management (such as ISO 27001) and with the expectations of regulators including the Malta Gaming Authority and, where applicable, UK and EU supervisory authorities. This alignment does not necessarily mean formal certification but reflects our commitment to robust security controls.

Complaints & Contacts

We take privacy and data protection seriously and encourage you to contact us directly if you have concerns. We will work with you to resolve any issues in a fair and transparent manner.

Contacting Us

  • Primary email for privacy issues: support@rembrendt.com
  • Subject line: please include "Data Protection" or "Privacy Complaint" so that your message can be prioritised.
  • Information to include: your name, contact details, country of residence, relevant account or transaction IDs (if any), and a clear description of your concern or request.

Our Internal Complaint Procedure

  1. Submission: you submit your complaint or query via email or any dedicated privacy form on rembrendt.com.
  2. Acknowledgement: we usually acknowledge receipt within a few working days and may request additional information if necessary to understand your concern.
  3. Investigation: our data protection contact and relevant departments will review your complaint, analyse relevant logs or records, and, where needed, consult internal specialists or service providers.
  4. Response: we aim to provide a substantive response within 30 days. For particularly complex matters, we may extend this period as permitted by law, but we will inform you of any delay and its reasons.
  5. Follow-up: if you are not satisfied with our response, you may request further clarification or escalate the matter as described below.

Escalation to Supervisory Authorities

  • United Kingdom (UK data subjects): you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe that your personal data has been processed unlawfully:
    Information Commissioner's Office (ICO)
    Website: https://ico.org.uk
  • European Union / EEA: if you reside in the EEA, you may also lodge a complaint with your local data protection authority or with the authority of the place where the alleged infringement occurred.
  • Mexico (Mexican data subjects): if Mexican privacy law applies to your data, you may lodge a complaint with the National Institute for Transparency, Access to Information and Personal Data Protection (INAI):
    Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI)
    Website: https://home.inai.org.mx

We encourage you to contact us first so that we can attempt to resolve your concern directly, but you are not obliged to do so before contacting a supervisory authority.

Updates

We may update this Privacy Policy from time to time to reflect changes in our services, technology, legal requirements, or business operations. When we make significant changes, we will take appropriate steps to inform you in advance.

  • Notification methods: we may notify you of updates via email, on-site banners or pop-ups, account dashboard alerts, or other suitable communication channels associated with rembrendt.com.
  • Advance notice for material changes: where a change materially affects your rights or the way we process your data (for example, introducing new categories of recipients or new processing purposes), we will, where reasonably possible, provide at least 30 days' advance notice before the change takes effect for existing users.
  • Your options: if you do not agree with a material change, you may choose to stop using rembrendt.com and, where applicable, close your account. We will continue to process your data in accordance with the version of the Privacy Policy that applied at the time of collection for any disputes arising before the change, subject to legal requirements.
  • Version control: we indicate the date of the latest update at the end of this document. We recommend that you review this Privacy Policy periodically to stay informed about how we protect your data.

Last updated: January 2026.