Learn how to request your personal data securely, understand your GDPR rights, and follow the DSAR process step by step.
Submit my GDPR data requestThis page explains, in plain English, how a data subject access request works if you want to access your personal data at PlayOJO under GDPR. A DSAR is simply a request asking a company for a copy of the personal information it holds about you. Here, I cover your access rights, how to submit DSAR steps, what happens after you send a request, and what to know about correction, restriction, or deletion requests. This guide supports, but does not replace, the main policy documents, so you should also read our full privacy and cookie statement.
PlayOJO Casino
50 Free Spins β No Wagering!
18+ | New players only | T&C apply | BeGambleAware.org
PlayOJO Casino
100 Spins + Β£500 Match Bonus
Limited offer ends in
π Oferta limitada | 18+ | T&C apply | BeGambleAware.org
PlayOJO Casino
Exclusive Kicker Codes for VIPs
18+ | Existing & new players | T&C apply
β 4.7 / 5 β based on 1,247 verified reviews from UK & Irish players
If you use PlayOJO services, GDPR gives you a set of rights over personal information linked to your account and activity. In iGaming, these rights apply alongside local licensing, fraud-prevention, and anti-money laundering rules, so some records cannot always be erased straight away. On this page, I focus mainly on the right to access your data, but the same route can also help you start other privacy requests.
In practical terms, your PlayOJO privacy rights may include:
If you already have an account, you may also need to log in or confirm account ownership during the process. If you do not yet use the service and plan to open a real money account, your future privacy rights will be explained in the same policy framework.
A GDPR data request can cover most personal information connected to your relationship with PlayOJO. That usually includes registration details such as your name, email, phone number, address, or country, along with account settings and marketing preferences. Depending on your history, it can also include gameplay logs, payment records, withdrawal activity, communication history with customer care, and notes linked to responsible gaming tools.
Some information may fall outside the scope of personal data if it has been anonymised or aggregated so it no longer identifies you. In other cases, part of a file may be redacted where disclosure could affect another personβs rights, internal fraud checks, or legal record-keeping duties.
| Data category | Typical examples | Notes / limitations |
|---|---|---|
| Account details | Name, username, registered email, phone, address, country | May reflect current and historical profile data |
| Identity & KYC docs | Identity verification records, document status, proof checks | Copies may be limited or partially redacted for security |
| Gameplay history | Session dates, products used, activity history, outcomes | Technical logs may be filtered to relevant personal records |
| Payments & withdrawals | Deposit records, withdrawal requests, payment method history | Some financial or fraud-screening details may be restricted |
| Communications with support | Emails, chat records, complaint history, case notes | Third-party personal details may be removed |
| Responsible gaming tools | Self-exclusion records, limit changes, safer play settings | Retention can be affected by legal obligations |
| Marketing preferences | Email opt-ins, SMS preferences, consent records | Historical preference changes may also appear |
If you want to access my personal data style information held on your account, the easiest approach is to use PlayOJOβs GDPR contact channel and be clear about what you need. You do not need legal wording. A short and accurate request is usually better than a long one.
Most requests are free of charge. If a request is clearly excessive or repeatedly asks for the same material, the law may allow a reasonable fee or a refusal in limited cases.
Use the main privacy route if you are ready to submit your request.
Before releasing personal data, PlayOJO has to make sure the request really comes from the account holder. That protects you from someone else trying to access account records, payment history, or identity information without permission. In my review of GDPR workflows, this is one of the most normal parts of the process.
The privacy team may ask for:
Any verification request should be tied to security and handled through protected channels. The aim is usually to confirm identity while keeping extra document handling to a minimum.
| Step | Why we ask for this | How it protects you |
|---|---|---|
| Email confirmation | To match the request to the registered account | Helps stop unauthorised third parties |
| Security questions | To verify account ownership details | Adds an extra layer before disclosure |
| ID document check | To confirm identity if account details do not fully match | Reduces the risk of mistaken release |
| Secure delivery of data file | To send your data safely | Helps prevent interception or accidental access |
After you submit a request, PlayOJO should handle it within the time limits set by GDPR and local law. The exact timing can vary depending on how broad the request is, whether identity checks are needed, and whether records need review before release.
The journey usually starts with confirmation that the request has been received. After that, the team may ask follow-up questions, verify your identity, gather data from the relevant systems, and prepare the response. Once ready, the data is sent through a secure method.
Possible outcomes include full access to the data requested, partial access where some details are removed, or refusal to disclose certain records. Partial or limited responses can happen where information contains third-party details, internal fraud markers, or records that must stay protected under legal duties.
| Stage | What we do | What you see/receive | Notes |
|---|---|---|---|
| Request received | Log and review your submission | Acknowledgement or confirmation | May include a request reference |
| Verification | Check identity and account ownership | Verification message or follow-up | Response timing may pause until checks are complete |
| Data collection | Gather relevant records from systems | Usually no visible change | Scope may be clarified if needed |
| Response sent | Prepare and deliver the final package | Data file, summary, or explanation | Some content may be redacted |
| Follow-up | Answer reasonable questions on the response | Clarification message | A separate rights request may be needed for changes |
If you have already sent a request and need an update, use the official follow-up route.
Track or follow up on my request
After you receive a copy of your records, you may decide that something needs to be corrected or limited. This is often the point where people notice an old phone number, outdated address, or marketing preference they want changed. A DSAR can therefore be the starting point for broader data management.
Common next steps include:
Some profile and communication preferences can often be managed directly in your account. Requests to restrict or erase data usually need manual review, and some records must be kept for legal, security, or AML reasons.
If you are not sure whether you need a DSAR, a correction request, or a deletion request, the quickest next step is to contact our support team. Support can explain the difference between request types, direct you to the right privacy route, and tell you what information to prepare before you send anything.
That can save time, especially if you want specific records rather than a full data export. It also helps reduce delays caused by missing account details or incomplete identity checks.
Legal and privacy pages can change when internal processes, platform tools, or data protection rules are updated. I recommend checking this page from time to time if you want the latest playojo data subject access request info and general privacy guidance.
You can also follow PlayOJOβs official channels for broader brand updates and transparency-related communications, though social media is not the right place to submit a DSAR: Facebook, Instagram, X, and YouTube.
Before sending a request, take a few minutes to read our full privacy and cookie statement and, if you are unsure which route fits your case, contact our support team.
Not always, but access to meaningful account-related records usually depends on a current or past account. Without one, the data available may be very limited, such as basic website contact records or enquiry history rather than full account activity.
Responses should arrive within the time limits required by GDPR and local law. Straightforward requests are generally easier to process, while broader or more complex requests may take longer, especially if identity checks or scope clarifications are needed first.
In many cases, yes. A response can include gameplay logs, account activity, and payment-related records that qualify as your personal data. Some fields may still be limited, anonymised, or redacted where third-party rights, fraud controls, or legal duties apply.
You can ask for deletion or restriction after reviewing your records, but not every record can be removed. Some information must be retained under regulatory, security, or AML rules. For fuller context, you can also read our full privacy and cookie statement.
Start by replying to PlayOJO and asking for clarification, especially if you think data is missing or a restriction has not been explained clearly. If the issue remains unresolved, you also have the right to raise the matter with the relevant data protection regulator.
