Privacy Policy

This Privacy Policy details the information we gather, why, how, with whom, and for how long we store it, as well as your options. This applies to everyone who interacts with us, including players, visitors, complainants, job applicants, and anybody else. It is complementary to our AML/CTF Policy, Terms & Conditions, Responsible Gambling Policy, and Cookie Notice. If anything here is unclear, contact our Data Protection Officer (DPO) using the details in Section 16.

1. What we collect

We collect information you provide, information created when you use the Platform, and information from trusted partners.

1.1 Data you give us

• Identification: full name, date of birth, nationality. We never ask for BSN unless a law expressly requires it.
  
• Contact: address, email, phone, preferred language.
  
• Account: username, password, communication and marketing preferences, responsible‑play settings (limits, time‑outs).
  
• Verification: images or scans of identity documents, selfies or liveness video, proof of address, proof of payment ownership, source‑of‑funds/wealth evidence when legally required.
  
• Payments: IBAN, cardholder name, masked card digits, deposit and withdrawal history.
  
• Support: messages, attachments, and recordings of calls/chats when you contact us.
  

1.2 Data we create or collect automatically

• Device and log data: IP address, device identifiers, browser and OS version, app version, time zone, crash logs, security events (failed logins, session tokens).
  
• Usage data: pages viewed, features used, referral URLs, time in session, games played, stake sizes, wins/losses, limit changes.
  
• Location: country‑level location from IP/geolocation checks to comply with Dutch licence rules. Precise GPS is not required.
  
• Security signals: indicators of VPN/proxy/TOR, remote desktop, unusual device changes.
  

1.3 Data from third parties

• KYC and fraud‑prevention vendors: identity verification, document checks, sanctions/PEP/adverse‑media screening, device intelligence.
  
• Payment providers and banks: transaction confirmations, chargeback status, account name/IBAN matching.
  
• Regulators: CRUKS pass/fail status via the Dutch Gambling Authority where required.
  
• Analytics/communications tools: pseudonymised engagement data to deliver service updates and measure performance.
  
• Recruitment platforms: CV and profile data for job applicants.
  

We do not seek to collect special categories of data (e.g., health). If such data appears in documents you submit (for example, in a bank statement used to evidence income), we minimise and mask where possible and keep it only as long as required by law.

2. Why we use your data (purposes and legal bases)

We only use your data when we have a lawful basis under the GDPR/AVG.

2.1 To deliver the contract (Article 6(1)(b))

• create and manage your account;
  
• run games, process deposits/withdrawals, and settle outcomes;
  
• provide support, service messages, and account history;
  
• show responsible‑play tools you select.
  

2.2 To meet legal duties (Article 6(1)(c))

• Wwft/AML checks, sanctions screening, and CRUKS checks;
  
• accounting, tax, and regulatory reporting;
  
• responding to lawful requests from courts, FIU‑Netherlands, police, or the KSA.
  

2.3 Our legitimate interests (Article 6(1)(f))

• prevent fraud, misuse, and security incidents;
  
• protect players from harm and uphold our duty of care;
  
• improve the Platform, fix bugs, and run limited analytics;
  
• defend or establish legal claims and manage business continuity.
  We balance these interests against your rights and expectations. You can object where stated in Section 11.
  

2.4 With your consent (Article 6(1)(a))

• marketing by email, SMS, or push notifications;
  
• non‑essential cookies and similar tracking technologies;
  
• certain surveys or beta features.
  You can withdraw consent anytime in your profile or via the unsubscribe link. Withdrawal does not affect prior lawful processing.
  

3. Cookies and similar technologies

We utilize cookies that are necessary for logging in, security, and settings. We utilize extra cookies and SDKs to track performance and make features better with your permission. You can change your cookie choices at any time via the cookie banner or in Account → Privacy. Our Cookie Notice lists each cookie type, provider, and duration.

4. Profiling and automated decisions

We use automated systems to: (a) verify identity and detect fraud; (b) perform sanctions/PEP screening; (c) monitor behaviour for AML and responsible‑play indicators; and (d) segment communications. Where a decision produces legal or similarly significant effects (for example, blocking withdrawals pending checks), you may request human review, express your point of view, and contest the decision. Contact the DPO or Support to do so.

5. How we share data

We share data only when necessary and with safeguards.

• Regulators and authorities: KSA, FIU‑NL, police, prosecutors, courts—where required by law.
  
• Payment processors and banks: to process deposits/withdrawals, verify ownership, and manage chargebacks.
  
• KYC/screening providers: to verify identity, screen sanctions/PEP/adverse media, and perform device risk assessments.
  
• Game studios: to run games, verify results, and handle jackpots; we share only what is needed (session IDs, basic account identifiers).
  
• Technology vendors: hosting, communications, analytics, and security services under data‑processing agreements.
  
• Professional advisers and auditors: where necessary and bound by confidentiality.
  We do not sell personal data.
  

6. International transfers

We assess the destination’s legal environment and apply supplementary measures (encryption, access minimisation) when appropriate. Copies of relevant safeguards are available on request, subject to confidentiality.

7. How long we keep data

We keep data only as long as necessary for the purposes in this Policy and to meet legal retention duties. Typical periods include:

• Account and gameplay: life of the account plus a statutory period for disputes and compliance.
  
• AML/CTF: as required by the Wwft (records of identification, transactions, and reports).
  
• Payments and tax: as required by accounting and tax law.
  
• Marketing: until you withdraw consent or object.
  When retention ends, we delete or irreversibly anonymise the data. Backups roll off on a schedule.
  

8. Security

Data is protected by Transport Layer Security (TLS) encryption in transit, sensitive data encryption at rest, least-privilege access, staff multi-factor authentication, logging and monitoring, vulnerability management, secure development methods, and verified suppliers. We test our controls and have a backup plan. Since no system is perfect, use strong passwords, never divulge your credentials, and encrypt your devices.

9. Your rights

Under the GDPR/AVG you may have the right to:

• Access your data and get a copy;
  
• Rectify inaccurate data;
  
• Erase data in certain cases (right to be forgotten);
  
• Restrict processing in certain cases;
  
• Object to processing based on legitimate interests and to direct marketing;
  
• Portability for data you provided to us, in a machine‑readable format;
  
• Withdraw consent at any time for activities based on consent.
  Some rights are limited by our legal obligations—e.g., we cannot erase AML records before retention ends.
  

How to exercise: contact Support or the DPO (Section 16). We may ask for proof of identity. We aim to respond within one month and will explain reasons if we cannot comply.

10. Marketing preferences

You control marketing through your profile and unsubscribe links. We respect “do not track” settings for marketing where supported. We continue to send service messages (transactional communications, security alerts, changes to Terms) even if you opt out of marketing.

11. Children

BinoBet is for adults (18+). We do not knowingly collect data from minors. If we discover that an under‑18 has registered, we close the account, return deposits where lawful, and delete data we are not required to retain.

12. Responsible gambling and CRUKS

We process data to meet our duty of care. This includes session time, net results, limit use, and interactions with our support team. By law we must check CRUKS before access and at session start. We store only what is necessary to confirm pass/fail and keep a record of the check.

13. Complaints and dispute data

If you submit a complaint or dispute, we process the data you provide along with relevant account and gameplay records to respond and, if needed, to share with our ADR provider or the courts. We retain complaint files according to legal and regulatory requirements.

14. Job applicants

If you apply for a job, we process your CV, contact details, interview notes, and references. We retain applicant data for the recruitment process and for a limited period afterwards. You can ask us to delete your application earlier unless law requires retention.

15. Automated fraud and risk tools

We use device fingerprints, behavioural analytics, velocity rules, and third‑party data to combat fraud and account takeover. These tools may temporarily restrict actions (e.g., withdrawals) while a check runs. You can request human review of any automated decision that produces legal or similarly significant effects.

16. Changes to this Policy

We may update this Policy to reflect changes in law, guidance, or our services. We will post the new version with a revised date and, where changes are material, we will notify you through the Platform or by email. Historic versions are available on request.

17. Short data map (for quick reference)

Category	Examples	Purpose	Legal basis	Typical retention
Identity & contact	name, DOB, address, email, phone	account setup, support	contract; legal obligation	account life + statutory
Verification	ID image, selfie, proof of address	KYC, AML, sanctions	legal obligation; legitimate interests	Wwft period
Payments	IBAN, card (masked), history	deposits, withdrawals, accounting	contract; legal obligation	accounting/tax period
Gameplay & usage	games played, session time, limits	provide and improve services; RG	contract; legitimate interests	account life + period
Device & security	IP, device ID, logs	prevent fraud, secure access	legitimate interests	rolling security window
Marketing	consents, preferences	optional offers and updates	consent	until withdrawn

18. Glossary

• Controller: the company that decides why and how personal data is used.
  
• Processor: a company that processes data for us under contract.
  
• Personal data: information that identifies you or can be linked to you.
  
• Profiling: automated processing to evaluate personal aspects, like risk or preferences.
  
• Pseudonymisation: replacing identifiers with codes so data cannot be linked to you without extra information.
  
• CRUKS: national self‑exclusion register in the Netherlands.