Unable to withdraw at Casumo - awaiting verification of documents

[maxd]

ok, so looking at Casumo's privacy policy, it states under legal
...

That's drifting rather far from your original statement which was:

The GDPR does have provisions for the data controller -- in our case the casino -- to pass the data subject's info on to a data processor without explicit consent from the data subject. See GDPR Article 28.

Yes, but not in the case where they are asking for personal details of a third party and their ID for people who have made payments into the Casumo customer bank account.

You were claiming knowledge of the GDPR -- "Yes, but not in the case ..." -- which I challenged you to support with actual evidence.
So far you haven't done that.

All I'm saying is don't say "GDPR means this" or "GDPR says that" without actual evidence. Anyone can claim whatever they like about the GDPR -- shoddy casinos do it all the time -- but we'd all be a lot better off if there was actual evidence given to support the claims.

From personal experience I know how difficult it can be to produce a evidence-supported case from the GDPR text, largely because the GDPR is a complex bit of legislation because of the vast ground it tries to cover. Putting together a valid case about what it says -- or doesn't say -- is not a trivial task. But the alternative is just "fake news" and I think we've all had quite enough of that.

 

[colinsunderland]

That's drifting rather far from your original statement which was:


You were claiming knowledge of the GDPR -- "Yes, but not in the case ..." -- which I challenged you to support with actual evidence.
So far you haven't done that.

All I'm saying is don't say "GDPR means this" or "GDPR says that" without actual evidence. Anyone can claim whatever they like about the GDPR -- shoddy casinos do it all the time -- but we'd all be a lot better off if there was actual evidence given to support the claims.

From personal experience I know how difficult it can be to produce a evidence-supported case from the GDPR text, largely because the GDPR is a complex bit of legislation because of the vast ground it tries to cover. Putting together a valid case about what it says -- or doesn't say -- is not a trivial task. But the alternative is just "fake news" and I think we've all had quite enough of that.

The GDPR states (basically) you can process without consent for various reasons, mainly legal obligations. However, the company should state that in their privacy policy if thats the case, as Casumo do for their customers. A company cannot legally process data of a person who they have no relationship with, without a lawful reason (which, I would suggest are few and far between), and not every situation will be set out in black and white in any document. I could turn it back on you and say, you prove they can process the data in this exact situation, but thats unlikely too for the same reasons, not every situation that can occur will be specifically mentioned.

That was the whole point of my asking the rep, if they are confident they can lawfully process this data, then whats the problem in showing the section of the GDPR they are reliant on? They MUST know this or they shouldn't be processing it. I agree the rep himself probably doesn't know, but a quick walk over to the data controller and a 2 minute conversation should be enough for him to be able to answer the question.

 

[dunover]

Other casinos (ie L&L for example) have stated on here, while a SOW request is being processed they would not delay any withdrawals, so clearly this is a Casumo policy rather than a license requirement.

Maybe @Casumo Casino or @CasumoLouis will confirm the fact. But yes, nearly 24 hours now and withdrawal still being held hostage.

 

[ChopleyIOM]

Other casinos (ie L&L for example) have stated on here, while a SOW request is being processed they would not delay any withdrawals, so clearly this is a Casumo policy rather than a license requirement.

I thought the new regs stated that if they wanted to do any of this stuff they had to do it at the time of a deposit, or basically at any time EXCEPT when someone is requesting a withdrawal.

Am I mistaken in this?

Waiting until someone requests a withdrawal to hit them with a SOW request is clearly a scummy and underhanded tactic to get a customer to play the winnings back, especially as it seems that the accounts are not locked and the customer can still deposit and play.

 

[SpinUk]

I thought this was flat out against the new UKGC regulations?

i.e. Withdrawals can't be held to ransom.

They cannot 100%. Had it twice and argued the toss then showed them the relevant handbook aspect and it was paid.

Requirements for remote casinos

6.99 Where remote casino operators are unable to complete or apply the required CDD measures115 in relation to a particular customer at the point the CDD threshold for transactions116 is reached, and are accordingly required to cease transactions or terminate the business relationship with the customer117, they should adopt the following procedure: • at the point where the threshold is reached, remote casino operators should put all funds owed to the customer into an account (or equivalent) from which no withdrawals can be made • further deposits can be made to that account as long as they too are locked into it until CDD is completed • bets can be made from the account, again providing any winnings are locked until CDD is completed 110 Regulation 39(6). 111 Regulation 39(7). 112 Regulation 39(8). 113 Regulation 31. 114 Regulation 31(2). 115 These measures are discussed in paragraphs 6.8 to 6.17. 116 See paragraphs Outdated URL. 117 In accordance with regulation 31(1). 52 • once CDD is completed, the account can be unlocked and business continue as normal • if CDD cannot be completed, then the operator must proceed in line with regulation 31(1)(c) and terminate the existing business relationship with the customer • if funds are to be repaid, then the amount repaid should consist of all funds owed to the customer at the point that the threshold was reached, plus all deposits made at that point and thereafter • funds should be refunded back to the originating account, and: o there should be appropriate risk mitigation o where it is suspected that the funds are the proceeds of crime, remote casino operators should submit SARs or seek a defence (appropriate consent) before refunding any of the funds • if the refund is to be completed back to another account (whether partially or completely): o risk assessment must be done that should take into account information such as:  multiple destinations – is the customer requesting that the money be sent to several bank accounts?  high risk destination – is the customer requesting that the money be returned to a country where there is a significant money laundering or terrorist financing concern?  above €2,000 – is the amount above the threshold for CDD? o there should be appropriate risk mitigation o where it is known or suspected that the funds are the proceeds of crime, remote casino operators should submit SARs or seek a defence (appropriate consent) before refunding any of the funds • there should be ongoing monitoring of the account and, if necessary, reporting of findings via relevant fraud monitoring services in the public and private sector. 6.100 The customer should be made fully aware of the procedures adopted by the remote casino operator when they first register with the operator so that there is no misunderstanding at a later stage.

 

[dunover]

They cannot 100%. Had it twice and argued the toss then showed them the relevant handbook aspect and it was paid.

Yes I see but it basically says they CAN hold on to withdrawals while the process is being undertaken and then these should be paid either when the process is complete OR if it cannot be completed, in which case deposits made AFTER the process was initiated would be refunded as well as the withdrawals actioned beforehand. Unless I'm mistaken. Needless to say I haven't heard a thing back since sending all this personal stuff to them.

 

[SpinUk]

Yes I see but it basically says they CAN hold on to withdrawals while the process is being undertaken and then these should be paid either when the process is complete OR if it cannot be completed, in which case deposits made AFTER the process was initiated would be refunded as well as the withdrawals actioned beforehand. Unless I'm mistaken. Needless to say I haven't heard a thing back since sending all this personal stuff to them.

This bit - you comply or they terminate the relationship. But they have to pay you. If you want to maintain the relationship (carry on playing there) then of course you have to comply - but that is fair and common across all regulated businesses.

What they can’t do is ransom your withdrawal and deposits after the event if you don’t play ball.

if CDD cannot be completed, then the operator must proceed in line with regulation 31(1)(c) and terminate the existing business relationship with the customer • if funds are to be repaid, then the amount repaid should consist of all funds owed to the customer at the point that the threshold was reached, plus all deposits made at that point and thereafter

 

[dunover]

This bit - you comply or they terminate the relationship. But they have to pay you. If you want to maintain the relationship (carry on playing there) then of course you have to comply - but that is fair and common across all regulated businesses.

What they can’t do is ransom your withdrawal and deposits after the event if you don’t play ball.

if CDD cannot be completed, then the operator must proceed in line with regulation 31(1)(c) and terminate the existing business relationship with the customer • if funds are to be repaid, then the amount repaid should consist of all funds owed to the customer at the point that the threshold was reached, plus all deposits made at that point and thereafter

So I'm actually better-off saying 'stuff your SOW' and then getting the withdrawal processed and account then shut?

 

[SpinUk]

Depends if you want to jump through their hoops. But yes, you can.

 

[Mr_Slot5]

Surely the best thing that could happen long term is for players to just close their accounts when casinos employ this tactic of holding withdrawals to ransom? That way there would be no incentive for them to do it this way over asking pre deposit.

I think we are at a stage where players are going far above and beyond what they should reasonably be asked to provide for a bit of online gambling.

 

[Gaz237]

So I'm actually better-off saying 'stuff your SOW' and then getting the withdrawal processed and account then shut?

If I am reading Spinuk's post right, you would be better off depositing a large chunk of money risk free.

If you win, then jump through their hoops.

If you lose, tell them to bog off and get your deposits back and your withdrawal processed.

Surely I have got that wrong?

 

[Jono777]

Surely the best thing that could happen long term is for players to just close their accounts when casinos employ this tactic of holding withdrawals to ransom? That way there would be no incentive for them to do it this way over asking pre deposit.

I think we are at a stage where players are going far above and beyond what they should reasonably be asked to provide for a bit of online gambling.

One of the best things I've read recently and spot on.

Can understand SoW for those depositing £10K on a regular basis but for the 10 Million low rollers who throw £20-£25 in here and there and in the main simply recycle their small withdrawals, cannot and never will understand why all this BS?

 

[chiya]

My VIP manager at Casumo told me five (5) times that the ONLY way I could ever withdraw and see the money in my account was to complete the SOW.
The SOW was impossible for me to complete, so I ofc gambled the money away...
Casumo even sent me in an deposit bonus after I lost the money.

Tbh I don't understand the mentality people seem to have, that when issues arise that prohibits them from withdrawing their money, the only logical route to take is to gamble with the said money? What would you have done íf you had won more? You'd still be stuck in the same situation. You should've never gambled the money and kept fighting them.

 

[Mr_Slot5]

One of the best things I've read recently and spot on.

Can understand SoW for those depositing £10K on a regular basis but for the 10 Million low rollers who throw £20-£25 in here and there and in the main simply recycle their small withdrawals, cannot and never will understand why all this BS?

It's because they're putting arbitrary accumulative limits on deposits and/or withdrawals rather than actually taking the time to look at specific account history.

Why should someone who deposits 10k over the course of 5 years be scrutinised the same as someone who deposits 10k in a week? For the vast majority of players there is absolutely no need for the level of intrusiveness that is being seen.

 

[PaaskeDenmark]

i just logged into my Casumo account and had 7 free spins then when trying to use i get this message, anyone had this??? wtf

Sorry friend
Currently you're not eligible to use bonuses. Speak with us in the chat if you need more information.

 

[maxd]

... I could turn it back on you and say, you prove they can process the data in this exact situation ...

I'm not the one who said "GDPR says XYZ". You claim it, you prove it. Responding to that by saying "no, you prove it doesn't" is lame.

As I've repeatedly said, proving almost anything using the GDPR is a non-trivial task. The case typically needs to be made with reference to several parts of the GDPR because that's just the way the document is structured.

Finally, since neither of us are data protection lawyers I respectfully suggest that neither of us is likely to "prove" a damn thing. We can point to relevant and meaningful sections of the GDPR -- as I tried to do in my recent Who are the GDPR violators? -- but that's about as good as amateurs like us can do. It is irresponsible to claim otherwise. Until the courts or a relevant body like ICO.org.uk make a judgement applicable to the case (s) we are discussing we are simply engaging in spirited speculation.

I agree the rep himself probably doesn't know, but a quick walk over to the data controller and a 2 minute conversation should be enough for him to be able to answer the question.

I suspect you either aren't reading what I've been saying or for reasons known only to you you've been ignoring most of it. So I'll say it again:

In almost all cases that I've had to discuss anything related to the GDPR with a rep it was blatantly obvious that they were under instruction from their legal people to say nothing and (if absolutely necessary) pass the issue on to them for comment. In other words the reps are out of the GDPR loop by design so asking them to comment, explain or elaborate on such issues is very much a waste of time.

Reps are not generally free to drop by the Legal Department for a wee chat about the GDPR, or anything else for that matter. You are imagining how you'd like things to be not how they really are.

 

[dunover]

i just logged into my Casumo account and had 7 free spins then when trying to use i get this message, anyone had this??? wtf

Sorry friend
Currently you're not eligible to use bonuses. Speak with us in the chat if you need more information.

LOL....ditto Exactly the same.

 

[ternur]

I'm not the one who said "GDPR says XYZ". You claim it, you prove it. Responding to that by saying "no, you prove it doesn't" is lame.

As I've repeatedly said, proving almost anything using the GDPR is a non-trivial task. The case typically needs to be made with reference to several parts of the GDPR because that's just the way the document is structured.

Finally, since neither of us are data protection lawyers I respectfully suggest that neither of us is likely to "prove" a damn thing. We can point to relevant and meaningful sections of the GDPR -- as I tried to do in my recent Who are the GDPR violators? -- but that's about as good as amateurs like us can do. It is irresponsible to claim otherwise. Until the courts or a relevant body like ICO.org.uk make a judgement applicable to the case (s) we are discussing we are simply engaging in spirited speculation.



I suspect you either aren't reading what I've been saying or for reasons known only to you you've been ignoring most of it. So I'll say it again:


Reps are not generally free to drop by the Legal Department for a wee chat about the GDPR, or anything else for that matter. You are imagining how you'd like things to be not how they really are.

@maxd, I think there have been some misunderstandings in this thread. If I'm correct, @colinsunderland (and myself) were referring to @Lobo's case where the casino asked for ID's of third parties (which showed on their bank statement as transferrers of funds).

The point from that case was and is about the legal basis for processing personal data of these third parties.

 

[colinsunderland]

I'm not the one who said "GDPR says XYZ". You claim it, you prove it. Responding to that by saying "no, you prove it doesn't" is lame.

No I'm sorry, it isn't. You are asking me to prove something that isn't there in black and white, as it should be obvious to any reasonable person, that it isn't allowed. Therefore it is impossible to prove. Processing someones data who is neither a customer, has no relationship with a company, and has not given consent is clearly not acceptable. If it is acceptable, considering the scope of the processing, then it will be covered in the act somewhere. It isn't (from my reading of the act), therefore it is safe to determine that it is not allowed.

When I get time over the weekend I will email Casumo's data controller and ask the question and report back with the response.

 

[mariafbb]

boom, made y'day a withdraw and same thing happend to me too.
now waiting to see how long it takes to get my wins

 

[dunover]

boom, made y'day a withdraw and same thing happend to me too.
now waiting to see how long it takes to get my wins

Don't hold your breath - I am now on second day and nothing seems to have progressed. I have had a reply to my PM but radio silence as far as the casino goes.

 

[Nordog]

So all of you who are hit with sow and extra verification checks, does it always happen on withdrawal? Can someone share if they experienced that to be allowed to deposit? And you who have gotten these requests what amount do you gamble for? Small or high?

Seems i will steer away from casumo if this keeps up, if this is a new strategy they use.

 

[Gaz237]

The wheels seem to be falling off the wagon at Casumo.

 

[Borgie]

So nobody can withdraw at casumo unless they are prepared to sell their mother, give 10 pints of blood or go round all their mates asking for their passports

I don't have an account at Casumo and guess who wont be getting one !

 

[maxd]

...You are asking me to prove something that isn't there in black and white ...

If you can't provide the evidence then don't say "the GDPR says this" or "the GDPR does that". If you state something as a fact then bloody well be prepared to prove it. If you can't then either keep your suppositions to yourself or be very clear that you are speculating. Otherwise you're simply spreading misinformation which, especially when it comes to the GDPR, is all too plentiful already thank you very much.

And whether something is "obvious to any reasonable person" or not is an awfully flaccid argument when you are talking about casino misbehavior. As we all know a good many casinos operate on a "we'll do it until the law says we can't" basis. Your "any reasonable person" argument isn't worth spit when it comes to dealing with that kind of MO. You're basically just typing because you like the sound of your keyboard or whatever.

My point is that almost no one here has actually read the GDPR never mind processed it to the point where they can speak in an informed manner about it. Which by the way includes me: if I'm going to say something about what the GDPR does or doesn't say I damn well do my homework to make sure I know what I'm talking about and what I'm saying is true and verifiable.

If you are going to make statements as fact about the GDPR the same requirements would and should apply to you. Dodging it later by saying "well it's not there in black and white" is BS.