Natural8 Privacy Policy: Protecting Your Data and Rights

This Privacy Policy describes what data poker platform Natural8 collects, how it is used, under what conditions it is shared, and how it is protected. The page also covers user rights, data retention rules, cookie usage, breach handling, and international transfer conditions. This policy connects directly with Natural8’s Terms & Conditions and applies to all users of the platform. Review the full policy below to understand how your information is handled – and contact support@natural8.com if you want to exercise any of your privacy rights.

Privacy Principles Behind Data Processing

Natural8 processes personal data in accordance with a defined set of principles that govern every data handling activity on the platform. These principles apply to all categories of information collected, regardless of how the data was submitted or obtained.

Core processing principles:

• Lawful, fair and transparent processing – data is collected with a legal basis and users are informed about how it is used;
• Purpose limitation – data is collected for explicit, defined purposes and not used beyond those stated goals;
• Data minimisation – only the information necessary for the stated purpose is collected and retained;
• Accuracy – reasonable steps are taken to ensure data is correct and kept up to date;
• Storage limitation – data is held no longer than necessary for the purpose it was collected;
• Confidentiality – appropriate technical and organisational measures protect data against unauthorised processing, loss, or disclosure.

Identity and Contact Information Users May Provide

The first category of information collected covers personal identity and contact details. This data is provided by the user during registration or account management, and forms the basis for account identification, communication, and verification.

Identity and contact data includes:

• Full name (first name and surname);
• Email address;
• Home address;
• Telephone number and mobile number;
• Date of birth;
• Government ID information, used for identity verification where required.

This data category is distinct from device information and payment records, each of which is covered separately below. For a seamless experience, you can also download the Natural8 app and access all services directly from your mobile device.

Technical, Device and Location Data

Beyond information users enter manually, Natural8 may collect technical data generated by the use of the platform. This data is collected automatically and relates to the device, connection, and location of the user session.

Technical and device data includes:

• Electronic location information – general geographic data based on the network connection;
• Electronic device information – device type, operating system, browser version, and similar device-level data;
• MAC address – hardware identifier of the device used to access the platform;
• IP address – network identifier assigned to the device at the time of connection.

This information supports platform security, fraud detection, and session management. It is not combined with payment card data or gaming transaction records in this category.

Transaction, Payment and Gameplay Records

Financial and gameplay data forms a separate category of information that may be associated with a Natural8 account. This data relates to actions taken on the platform after registration.

Transaction and gameplay data includes:

• Transaction information – records of deposits, withdrawals, and account-level financial movements;
• Payment card details – stored where relevant for processing financial transactions;
• Details of games played – logs of gameplay activity across poker formats and other platform products;
• Underlying gaming transactions – hand-level or session-level records generated during play.

Why User Information Is Processed

Natural8 uses collected data for specific, defined purposes. The table below outlines the main processing activities and their corresponding purpose:

When Information Can Be Shared

Personal data held by Natural8 is not shared with third parties without a defined basis for doing so. The general rule is non-disclosure without prior explicit consent, with exceptions applied only where the policy specifically provides for them.

Disclosure may occur in the following scenarios:

• Service provision – sharing with processors or providers who operate parts of the platform infrastructure on behalf of Natural8;
• Legal obligations – responding to lawful requests from regulatory or law enforcement authorities;
• Authorised investigations – cooperating with entities conducting fraud or compliance-related checks;
• User-authorised sharing – where the user has given specific consent to a disclosure.

Data shared for service provision purposes is subject to the same confidentiality and security obligations that apply to Natural8’s own operations. To explore the latest offers, check out the Natural8 bonus page for more details.

Cookies, Session Access and Tracking Tools

Natural8 uses cookies and related tracking tools to support platform functionality and analyse usage. Cookies are small files placed on the user’s device by the browser when accessing the service.

Cookie types and tracking tools in use:

• Session cookies – temporary cookies that expire when the browser is closed, used to maintain the user’s active session on the platform;
• Persistent cookies – cookies that remain beyond a single session, supporting user preferences and recognition on return visits;
• Web beacons and spotlight tags – pixel-based tools used for aggregated analysis of page views and user behaviour across the platform;
• Browser-based controls – users can manage or disable cookies through browser settings, though some platform features may not function correctly without them.

User Rights and Privacy Requests

Users of Natural8 hold a defined set of privacy rights under the platform’s data handling policy. These rights apply to personal data held in connection with a registered account.

Rights available to users:

• Access – request confirmation of what data is held and obtain a copy;
• Rectification – request correction of inaccurate or incomplete data;
• Erasure – request deletion of personal data where there is no longer a basis for holding it;
• Restriction – request that processing is limited in specific circumstances;
• Objection – object to processing based on legitimate interests or for direct marketing;
• Portability – request data in a structured, machine-readable format for transfer to another service;
• Complaint – lodge a complaint with the relevant supervisory authority;
• Withdrawal of consent – withdraw consent for consent-based processing at any time.

To submit a privacy request, contact support@natural8.com. Acknowledgement is provided within 72 hours of receipt, and a full response is issued within one calendar month in standard cases.

Data Security in Daily Operations

Natural8 applies security measures throughout its daily operations to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure. These measures apply to data in storage and in transit.

Security controls include:

• Secure operating environments – data is stored and processed within systems subject to access controls and operational security policies;
• Confidentiality obligations – staff and processors handling personal data are bound by confidentiality requirements;
• Transport protection – data transmitted between users and the platform is encrypted using HTTPS/TLS protocols;
• Winnings and cash-out confidentiality – financial outcome data related to user accounts is handled under specific confidentiality standards.

How Breaches Are Investigated and Reported

When a suspected or actual data breach is identified, Natural8 follows a structured response process. This process is separate from standard security operations and focuses on investigation, containment, and notification.

Breach response steps:

• Internal investigation – an assessment of the nature, scope, and impact of the suspected breach is conducted as soon as it is identified;
• Remedial measures – steps to contain the breach and prevent further exposure are implemented during or immediately after the investigation;
• Notification to supervisory authorities – where reportable under applicable obligations, notification is made without undue delay and, where possible, within 72 hours of the breach being identified;
• Notice to affected users – where a breach poses a high risk to the rights of individuals, direct notification to affected users is issued where practicable.

Retention Periods and Long-Term Storage Logic

Data is retained only for as long as necessary for the purpose for which it was collected, subject to legal obligations and dispute-related requirements that may extend certain retention periods.

Retention varies by data category:

• Active account data – held for the duration of the account relationship;
• Enquiries and correspondence – retained for a period of months following resolution, depending on the nature of the communication;
• Legal and dispute-related records – may be retained for over ten years where required by law or where disputes remain unresolved;
• Payment details – retained for up to eight years in line with financial record-keeping requirements.

Where data is no longer required and no legal basis exists for continued retention, it is deleted or anonymised in accordance with the platform’s data management procedures. To get started and manage your data, Register on Natural8 today.