Privacy Notice


You might have noticed that we like to have fun here at Casumo, but one thing we take really seriously is your privacy. We know that when you share your personal information with us, we need to keep it secure and use it fairly and lawfully. To help you understand how we do this, we’ve put together this privacy notice so you’re clear about what happens to your personal information when you engage with Casumo as an affiliate.

The data controller and how to contact us

When you engage with the Casumo affiliate programme, the data controller is Casumo Services Limited.


The Unicorn Centre

Triq Il-Uqija


SWQ 2335



Data Protection Officer:

Privacy Principles

As Casumo is based in Malta, we are subject to the General Data Protection Regulation (GDPR). This means that whenever we process personal data, we always follow the GDPR principles:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability
  • Where we get your information from

    We need to process your personal information in order to provide you with our services. We will only ever ask you for the minimum amount of information that we need and we only ever use it for lawful purposes.

    When you register to be an affiliate, we ask you for some information about yourself and your affiliate company. This will include general information such as name, address and contact details, as well as ID and financial documentation. We use this information to create an account for you, as well as to carry out due diligence checks to ensure you are who you say you are and to check that you qualify for the affiliate programme. We do this to meet both the obligations of the contract between us and the legal obligations we have under Anti Money Laundering (AML) regulations. We also collect some financial details from you, such as bank account number, in order to be able to pay out your commission in line with the contract between us.

    We will also use the contact information that you share with us to get in touch with you, either to answer questions or queries you may have asked or to just check in with how you’re finding the programme, and we do this to ensure we meet our side of the contract between us. Where we have your consent, we will also use this information to send you our weekly newsletter where we keep you up to date with promotions and offers, whether we’ll be in attendance at events and any compliance updates we think you should know about. You can withdraw your consent regarding the newsletter at any time and we will stop sending it to you.

    Who we share your information with

    There are some circumstances where we need to share your information with recipients who are outside of Casumo in order to provide our services. When we carry out any sharing with third parties we always ensure that there is an appropriate contract in place, that the information being shared is transferred in a secure way and that we only share the minimal amount of your information that we need to. Casumo will never sell your information to any other parties.

    The third parties we work with include:

  • Netrefer - to host and manage the data that we collect about you
  • Active Campaign - to facilitate the distribution of the affiliates newsletter
  • KYCP - to carry out due diligence checks and store documentation
  • Incopro - brand protection, identification of affiliates and communications
  • Occasionally we may receive a request to disclose information about you with law enforcement, regulators and supervisory authorities. We will always ensure that the organisation requesting the information has a legal basis to do so and will only share the minimum amount of information required in a secure way. We will also share your personal information with law enforcement, regulators and supervisory authorities where we believe a criminal act has been or may be committed.

    International transfers

    Wherever possible, Casumo keeps your information within the European Economic Area (EEA). However in some circumstances your information may have to leave the EEA, such as when we work with third parties. Casumo always makes sure that any transfers outside of Europe are carried out in line with the law and are made securely.

    Active Campaign, who we use for communications, are based in the US. They are signed up with the EU-US Privacy Shield which is considered to offer an adequate level of data protection for data transfers outside of the EEA.

    A small number of people that work for Casumo are located outside of the EEA. We require them to work in line with all of our internal policies and procedures, and they also have the EU Commission’s Standard Contractual Clauses added to their employment contracts to ensure that your information is protected and safe at all times and that the transfer of the information is lawful.

    How long do we keep your information

    When we close your affiliate account with us, we will keep your account information for up to 1 year after the date of the closure. Regarding the financial information we hold about our relationship, such as the payment of commission, we will hold this for 10 years after the closure of the account. This is to meet our legal obligations around fraud, taxation and anti-money laundering. The information is kept securely until the retention period is over, then we securely destroy this information.

    Your rights around your information

    You have a number of rights that you can exercise when it comes to your information. These rights include:

  • Having access to the information that we hold about you
  • Being able to rectify information we have about you that is incorrect
  • In very limited circumstances, having your information deleted
  • In some circumstances, have the use of your information restricted or “paused”
  • Have your information provided to you in a digital format and where possible transferred to another organisation
  • If you would like to exercise any of these rights, you should email your Affiliate Manager or and provide:

  • Your name
  • Contact details
  • Full details of your request
  • In some circumstances we may request that you provide us with ID so that we can verify your identity. If this is needed we will let you know and explain the ID that we require. Some of these rights only apply in certain circumstances, so if we are unable to action your request we will explain to you why. These rights also only apply to personal data, so information about you as an individual, and not business data.

    Withdrawing your consent

    Where we rely on your consent to process your information you always have the option to withdraw this consent at any time.

    We rely on your consent to send you our affiliates newsletter. We only ever send marketing messages to you if you have given us your consent to receive these messages, which we collect as part of the registration process. You can opt-out of receiving these messages at any time either by clicking the “unsubscribe” link in every email, or by contacting your Affiliate Manager.

    You should be aware that even if you do not consent to marketing messages, you may still receive the occasional service email from Casumo. These messages are so that we can inform you of changes to Terms and Conditions and this privacy notice, as well as anything else that may impact the service we are able to provide to you.

    Automated decision making and profiling

    We are required to take a number of steps to meet the rules around Anti-Money Laundering (AML) Counter Terrorist Financing, and fraud and other illegal activities. In order to do this we employ programmes that monitor and alert us to suspicious or fraudulent transactions and activity. Where relevant transactions are flagged we escalate these to the necessary regulators and enforcement bodies and accounts may be blocked.

    Making a complaint

    If you are unhappy with how your information has been handled by Casumo the first thing you can do is raise this with your Affiliate Manager by emailing them directly or at to try and resolve it.

    If you are unable to resolve your complaint with your Affiliate Manager, the next step is for you to make a complaint to our Data Protection Officer (DPO). You can do this by sending an email to and detailing:

  • Your name
  • Your contact details
  • Full details of the complaint that you have
  • The DPO will then look into your complaint and investigate whether your information has been handled appropriately and in line with this privacy notice, our legal obligations and our internal policies and procedures. The DPO will then contact you regarding the outcome of the investigation and any steps that have been taken as a result.

    If after raising your complaint with the DPO you are unhappy with the resolution to your complaint you can make a complaint to our lead supervisory authority, the Maltese Data Protection Commissioner:

    Office of the Information and Data Protection Commissioner

    Level 2, Airways house

    High Street


    SLM 1549


    (+356) 2328 7100

    Changes to this privacy notice

    We will review and update this privacy notice anytime there is a significant change to how we are using personal information and at least annually.

    If we make any changes to the privacy notice we will summarise these changes below. We may also contact you to notify you of any significant changes if we think this is necessary.

    This privacy notice was originally created and published October 2019

    Translations of this privacy notice

    We have translated our privacy notice from English into the official languages of the countries that we provide our services to. We have done this to ensure that all of our affiliates are clear about how Casumo uses personal information.

    If there are any conflicts or inconsistencies between the translated versions of this privacy notice, the English version will prevail.

    Previous changes to this privacy notice

    October 2019 - Affiliates privacy notice launched