Privacy Notice
Table of Contents
1 WHEN DOES THIS PRIVACY NOTICE APPLY?
This Privacy Notice explains how we process your personal data It applies to, for instance:
- Your use of our services on our websites including our mobile apps.
- The personalisation of your experience on our platforms
- The infrastructure that we need to offer our services.
This notice is not:
- Our Terms and Conditions, these will be a different document which you can find on our different brand webpages.
Our cookie notice can be found here. It describes how we use cookies and other trackers and how you can manage your cookie settings.
This Privacy Notice may be updated from time to time to reflect changes in the way we work or the way our work is regulated. If significant changes are made to the Privacy Notice, we will notify you.
2 WHO ARE WE?
32red is Platinum Gaming Limited, acting as the data controller responsible for the processing of your personal data in accordance with the General Data Protection Regulation (GDPR). Platinum Gaming Limited is a company having its registered office at Sovereign Place, 117 Main Street, Gibraltar, GX11 1AA, Gibraltar. Platinum Gaming Limited is part of FDJ United.
3 HOW CAN YOU GET IN TOUCH?
There are various ways you can contact us.
For general queries do not hesitate to get in touch with our Customer Service team via Contact us page.
For general questions on this privacy notice or if you wish to exercise your data subject rights, please complete our online Privacy Webform or contact our Data Protection Officer at dpo[at]kindredgroup.com
4 DEFINITIONS OF CATEGORIES OF PERSONAL DATA
Please see the table below for detailed information regarding what personal data we process.
Category of personal data
Contact Details
- Address
- Email address
- Home number
- Other related contact information
Geolocation data
- Location data from your unit e.g., collected via cookies
- Log data (e.g., in connection with your use of our mobile application or when you visit our website)
- IP address
- Other related geolocation data
Financial data
- Information regarding credit card or other payment methods, including vouchers and account balance of your user account
- Transaction ID
- Date and time of payment
- Amount
- Name
- Credit card number
- Bank account number
- Transaction status
- IP address
- Browser
- Type of device
- Pay, points and rewards
- Bank details
- Transactions
- Other related financial information
Special Category Data
- Data concerning health, such as information concerning gambling addiction or suspicions thereof
Background Data
- Background Checks (Criminal records, sanctioned Person, PEP, RCA, SIP)
Behaviour Data
- Information about subscription and purchases
- Online activity
- Gameplay
- Preferences
- Online behaviour
- Other related behaviour data
Commercial Data
- User ID
- Promotional bonus and reward data
- Blocks
- Media partner data
- Other Related Commercial Data
Communications Data
- Chat
- Emails
- Phone
- Phone call recordings
- Other related Communication Data
Identification Data
- Name
- Surname
- DOB
- Home address
- ID
- Passport Number
- Place of Residence/Registration/Birth
- Player number User ID
- Voice Data
- Personal identity number and/or coordination number (if specified)
- Membership number
- Other related Identification Data
Publicly available data
- Images provided by you to us
- Social media Data
- Publicly available registers
System & Equipment Usage Data
- Device type, name, number, ID
- IP address
- Type of phone / PC/ OS used
- Logs (Audit trail)
- Other relevant system & equipment Usage Data
5 WHAT PERSONAL DATA DO WE COLLECT, AND FOR WHAT PURPOSE?
Opening an account
Collecting and verifying personal data to create and authenticate your account
Categories of personal data
- Contact Data
- System & Equipment Usage Data
- Background Data
- Identification Data
- Financial Data
- Geolocation Data
- Equipment Usage Data
Legal Basis
Necessary for the performance of a contract (Art. 6(1)(b) GDPR) as described in our Terms and Conditions, in particular to manage service-related tasks such as password reminders and service messages (e.g., site maintenance)Using the product
Processing data to enable and personalize your interaction with gambling products and services
Categories of personal data
- Behaviour Data
- Financial Data
Legal Basis
- Necessary for the performance of a contract (Article(6)(1)(b) GDPR) as indicated in our Terms and Conditions.
- Legal obligation (Article(6)(1)(c) GDPR), such as applicable gambling regulations to register you in our systems and ensure eligibility for our services
Service Administration
Processing data to provide essential services such as password reminders, service messages (including site maintenance notifications, updates to our Privacy and Cookies Policies, and Terms and Conditions), and to inform you if your account has become inactive and inquire whether you would like to reactivate it before we close it
Categories of personal data
- Behaviour Data
- Financial Data
Legal Basis
Necessary for the performance of a contract (Art. 6(1)(b) GDPR) as described in our Terms and Conditions.Financial administration
Handling deposits, withdrawals, payments, and financial record keeping to comply with financial and anti-fraud regulation.
Categories of personal data
- Financial Data
- Contact Data
- Identification Data
Legal Basis
- Performance of a contract (Art. 6(1)(b) GDPR).
- Compliance with a legal obligation (Article(6)(1)(c) GDPR) such as our bookkeeping obligations and managing any financial requests (withdrawal, deposit or refund).
Direct Marketing
Using personal data to send promotional offers and communications
Categories of personal data
- Behaviour Data
- Contact Data
- Geolocation data
Legal Basis
Your consent (Art. 6(1)(a) GDPR).Customer Service Interaction
Managing your inquiries and support requests to provide effective assistance
Categories of personal data
- Financial Data
- Contact Data
- Identification Data
Legal Basis
- Our legitimate interest (Art. 6(1)(f) GDPR) and performance of a contract. The processing is necessary to fulfil our legitimate interest of responding to your inquiries as effectively as possible and providing you with the assistance you need.
- Performance of a contract (Art. 6(1)(b) GDPR) as described in our Terms and Conditions.
Call recordings for quality and training purposes
Recording interactions to improve service quality and staff training while ensuring compliance with data protection laws
Categories of personal data
- Contact Data
- Identification Data
Legal Basis
Our legitimate interest (Art. 6(1)(f) GDPR). The processing is necessary to ensure fair gaming with our customers and to handle any complaints and disputes and litigationsTo deter, prevent or detect the use of third-party software in peer-to-peer gambling
Monitoring and preventing unauthorized software use to maintain fair play and integrity
Categories of personal data
- Behaviour Data
- Identification Data
Legal Basis
Our legitimate interest (Art. 6(1)(f) GDPR). The processing is necessary to ensure fair gaming with our customers.To deter, prevent, or detect any activities conducted in breach of our Terms and Conditions
Identifying and addressing violations to protect the platform and users
Categories of personal data
- Behaviour Data
- Financial Data
- Identification Data
- Contact data
Legal Basis
Our legitimate interest (Art. 6(1)(f) GDPR). The processing is necessary to prevent and deter breaches of our Terms and Conditions, this can be done through phone calls.Location-Based Redirection and License Compliance
Using location data to ensure your access services is compliant with local licensing laws
Categories of personal data
- Geolocation data
Legal Basis
Compliance with legal obligations (Article (6)(1)( c) GDPR) to make sure our customers are redirected to the appropriate country site in adherence to our license conditions.Conducting an Affordability Review
Assessing your financial capacity to gamble responsibly and prevent harm. The affordability score calculated by credit reporting agencies, such as TransUnion in the UK, is used to assess your financial capacity to gamble responsibly.
Categories of personal data
- Background Data
- Behaviour Data
- Commercial Data
- Communication Data
- Contact Data
- Financial Data
- Identification Data
- Special Category Data
Legal Basis
- Our legitimate interest (Art. 6(1)(f) GDPR) to ensure that our customers have the funds to use our services safely.
- Where applicable: Compliance with legal obligations (Article (6)(1)( c) GDPR) to comply with legal obligation from gambling authorities.
Prevention of gambling addiction: to deter, assess risk and prevent gambling problem
We collect certain data to help identify and reduce the risk of gambling-related harm, ensuring a safer experience for all our customers. By assessing patterns and behaviours, we can detect early signs of potential gambling addiction and take appropriate steps to support those at risk. This proactive approach enables us to provide tailored interventions and tools that promote responsible gambling and protect your well-being.
Categories of personal data
- Behaviour Data
- Special Category Data
- Identification Data
- Geolocation Data
- Financial Data
- Background Data
- Communication Data
- Contact Data
- publicly available Data
- Commercial Data
Legal Basis
- Our legitimate interest (Art. 6(1)(f) GDPR) to ensure that our customers do not become exposed to problem gaming
- Our legal obligations (Article (6)(1)( c) GDPR) such as from the gambling authorities, where applicable. Special Category Data may be processed to determine whether there is of gambling addiction, such as health data. This category of personal data are being collected to comply with legal obligation This is done under our duty of care, in accordance with Art. 6(1)(e)GDPR and Art. 9(2)(g) GDPR.
Gameplay Monitoring
We regularly review customer accounts to monitor gameplay and betting activity. This monitoring ensures the accuracy, fairness, and safety of our services, and is essential for
- Preventing cheating, fraud, or misuse of our services, and
- Upholding the integrity of sports betting, including the detection and prevention of match-fixing and other forms of betting-related corruption.
Categories of personal data
- Behaviour Data
- Financial data
- Identification Data
Legal Basis
- Necessary for the performance of a contract (Article(6)(1)(b) GDPR) as described in our Terms and Conditions.
To monitor and prevent fraudulent activities related to our online advertising
Detecting and stopping fraud that affects advertising integrity and your trust
Categories of personal data
- Behaviour Data
- System & Equipment Usage Data (including IP address)
- Geolocation Data
Legal Basis
Our legitimate interest (Art. 6(1)(f) GDPR) in preventing fraud and ensuring that our advertising campaigns are directed towards legitimate customers. The data collected through our third-party provider, is used to detect and block fraudulent clicks.Ensure network security
Protecting systems and data from unauthorized access and cyber threats
Categories of personal data:
- System & Equipment Usage Data
Legal Basis
Our legitimate interest (Art. 6(1)(f) GDPR) to ensure security while using our products.Ensure Security and Resilience of IT Systems
To ensure the continued availability, integrity, and security of our IT systems and services. This includes:
- implementing disaster recovery processes to restore data and functionality in case of incidents affecting our primary data centres; and
- monitoring systems and accounts to detect and prevent unauthorised access, misuse, or data breaches.
Protecting systems and data from unauthorized access and cyber threats
Categories of personal data
- System & Equipment Usage Data
Legal Basis
- Our legitimate interest (Art. 6(1)(f) GDPR) in maintaining secure and resilient IT infrastructure and preventing security incidents;
Ensure Security of User Authentication with CAPTCHA
We use CAPTCHA - a quick test to check if you're a real person and not a bot - to protect your account from abuse. This helps us stop fake accounts, block automated hacking attempts, and keep your data safe.
Categories of personal data
- System & Equipment Usage Data
Legal Basis
Legitimate interest (Article 6(1)(f) GDPR) to ensure the security of our services and protect user accounts from fraudulent or automated access.
Conducting Anti-Money Laundering and Anti-Fraud Checks
Processing data to comply with AML laws and prevent financial crimes
Categories of personal data
- Contact Data
- Identification Data
- Background Data
- Geolocation Data
- Behaviour Data
- Communication Data
- Financial Data
- System and equipment usage Data
Legal Basis
Compliance with legal obligations (Article (6)(1)( c) GDPR) to ensure we are identifying, mitigating, reporting any AML or Fraud activity and risk rating customers appropriately.
Promotions and Competitions
Managing your participation in marketing campaigns, reward schemes and contests
Categories of personal data
- Identification Data
- Commercial Data
Legal Basis
With your consent (Art. 6(1)(a) GDPR) to administrate promotion and competitions in which you consent to participate.Market Research
Collecting data to understand your preferences and improve services
Categories of personal data
- Identification Data
Legal Basis
Our legitimate interest (Art. 6(1)(f) GDPR) to conduct internal and third-party collaborative market research and surveys.
Use of Cookies
We employ cookies to enhance website functionality and user experience. This includes:
- Ensure our services, and those provided by our partners such as game providers work correctly.
- Provide you with the best possible experience
- Understand how to improve our services
- Remember your preferences and past actions on the device
- Make the interaction between you and the device quicker and easier
- Provide personalised and relevant content from us and our service partners.
For more detailed information on our use of cookies, please see our cookie notice.
Categories of personal data
- System & Equipment Usage Data
Legal Basis
- For any non-essential cookies: we rely on Your consent (Art. 6(1)(a) GDPR) .
- For essential cookies our legal ground is legitimate interest (Art. 6(1)(f) GDPR) to ensure that our website function.
Personalization
Tailoring content and offers based on your preferences and behaviour
Categories of personal data
- Behaviour Data
- Commercial Data
- Geolocation Data
- Identification Data
Legal Basis
Our legitimate interest (Art. 6(1)(f) GDPR) to personalise your experience while using our product and service which are tailored to your interests.
Profiling
Analysing data to predict your preferences and behaviour for better and safer service delivery
Categories of personal data
- Contact Data
- Identification Data
- Behaviour Data
- Financial Data
- Geolocation Data
- System and equipment usage Data
- Publicly available Data
Legal Basis
- Our legitimate interest (Art. 6(1)(f) GDPR) to conduct profiling activities for personalized services, marketing, and enhancing user experience, and consent (Art. 6(1)(a) GDPR) where necessary.
Analytics
Measuring and analysing service usage to optimize operations and marketing
Categories of personal data
- Contact Data
- Identification Data
- Behaviour Data
- Financial Data
- Geolocation Data
- System and equipment usage Data
- Communication Data
- Commercial Data
Legal Basis
Our legitimate interest (Art. 6(1)(f) GDPR) to conduct data analytics for improving our services, understanding user behaviour, and optimizing our business operations.Data Transformation and Analytics Enablement
To transform and model data, in order to standardise business metrics and improve the efficiency and consistency of data analysis and reporting across the organisation.
Categories of personal data
- Identification Data
- Financial Data
- System & Equipment Usage Data
- Publicly Available Data
Legal Basis
Our legitimate interest (Art. 6(1)(f) GDPR) in enabling efficient data analysis and informed decision-making through standardised data modelling, while ensuring data governance and security practices are respected.
Defending our rights
Using data to protect legal interests and enforce terms against misuse or disputes
Categories of personal data
- Contact Data
- Background Data
- Behaviour Data
- Commercial Data
- Communication Data
- Financial Data
- Identification Data
Legal Basis
Our legitimate interest (Art. 6(1)(f) GDPR) to resolve a dispute or litigation.
Special Category Data
In certain circumstances we may collect personal data which is referred to as "special categories of data," such as information related to health. This includes, for example, health-related information, particularly in the context of our responsible gambling obligations.
Such data may be collected directly from you, or in some cases, from third parties such as healthcare professionals, support organisations, or other regulated entities.
We will only process such data if:
- you have given us your explicit consent;
- it relates to personal data which you have made public;
- it is necessary for the establishment, exercise or defence of legal claims;
- is necessary for reasons of substantial public interest, on the basis of European Union or Member State law.
For example, if you inform us of a health condition affecting your ability to gamble safely, or if your behaviour or financial activity raises concerns about gambling-related harm, we may collect and use relevant information to assess risk and apply appropriate safer gambling measures. This may include setting deposit limits, offering support, or applying temporary or permanent account restrictions. The collection of such special category data falls under the public interest as indicated in article 6 (1)(e) of GDPR and in accordance with article 9 (2)(g) of GDPR to allow us to process special category data.
We may also process information relating to criminal convictions or suspected criminal activity, but only where permitted under Article 10 of the GDPR and applicable national laws. This typically occurs in the context of:
- Anti-money laundering (AML) checks;
- Fraud detection and prevention;
- Compliance with other legal obligations.
We process this data only where necessary to meet our legal obligations, or, where appropriate, for the legitimate interest of preventing fraud or defending legal claims, and always subject to appropriate safeguards.
We apply enhanced safeguards when handling special category and criminal offence data. These include strict access controls, data minimisation, retention limits, and staff training to ensure that such data is treated with the highest level of care and confidentiality.
6 WHERE DO WE GET YOUR DATA FROM?
We collect personal data when you interact with us and use our services. Sometimes, this information is provided to us by you – such as when you register for the first time and when you make use of our products or get in touch with us. Sometimes third parties or publicly available sources provide us information about you.
Information you provide
At registration
- Identification data
- Financial data
Through your use of our services
- Geolocation data (please refer to our cookie notice for more information);
- Behaviour Data
- System & Equipment Usage Data
- Communications Data
- publicly available Data
Other sources of personal data
At registration
- We may collect personal data on you that are publicly available (for example social media data) for responsible gambling purpose (category of data: publicly available data).
- Data received from our business partners and from other organisations, such as specialist companies providing verification services, credit reference agencies, and fraud prevention agencies, when applicable (category of data background data);
- In addition to the above, please note that if you give us personal data about someone else (for example via a Refer a Friend scheme) then you should not do so without their permission (category of data: contact details). Please note that where information is provided by you about someone else, or someone else discloses information about you, it may be added to any personal data that is already held by us and it will be used in the ways described in this Privacy Notice.
7 COOKIES AND SIMILAR TRACKING TECHNOLOGIES
Our websites and apps use cookies for various purposes.
We use cookies for the following purposes, amongst others:
- to identify the account holder's (as defined in our Terms and Conditions) preferred language, so it can be automatically selected when the account holder returns to the website;
- to ensure that bets placed by the account holder are associated with the account holder's betting coupon and account;
- to ensure that the account holder receives any bonuses for which they are eligible, and
- for analysis of the website traffic, to allow us to make suitable improvements.
More information can be found in our Cookie Notice.
8 WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
In certain circumstances, we share your personal data with other companies within FDJ United, with third parties that provide services on our behalf, and with other third parties to comply with our legal obligations. These third parties include companies such as Evolution, which provides live casino products; Microgaming, a gaming platform specializing in slots; Trustly, a payment provider; credit insight agencies, such as TransUnion in the UK, Oracle, which offers database software; Microsoft; Amazon Web Services; and Pragmatic, known for its casino products, including slot games and live casino offerings.
We do not sell your personal data to marketing companies.
In the context of a merger, sale of business or transfer of business—including the acquisition of a FDJ United entity—some of your personal data may be transferred to the recipient company. This transfer is intended to ensure the continuity of service, the proper management of your account and compliance with our contractual and legal obligations. Personal data of customers can be included in the transaction. If so, you will be informed in advance of such transfer, and we ensure that your data is only used for the purposes described in this Privacy Notice.
Within FDJ United:
We may share the personal data we collect with other companies within FDJ United for purposes such as:
- Providing products and services, and keeping you informed about important changes or developments related to them;
- responding to your enquiries and complaints;
- administering offers, competitions, and promotions;
- facilitating the secure access to online platforms
- updating, consolidating, and improving the accuracy of our records
- undertaking transactional analysis;
- testing new systems and checking upgrades to existing systems;
- crime detection, prevention, and prosecution, as well as complying with regulatory requirements;
- evaluating the effectiveness of marketing, and for market research and training;
- customer modelling, statistical and trend analysis, with the aim of developing and improving products and services.
- Under your consent, to receive promotional content, sending you promotional content from our others brands (such as 32Red, Bingo, CasinoHuone, Kolikkopelit, Maria Casino, High Roller, Vlad Cazino, Ottokasino)
With third parties
We may share personal data with third parties in the following circumstances:
- Providing Products and Services:
- Keeping you informed about important changes or developments in the features and operation of our products and services.
- If you use our sports betting services, your personal data usage is also governed by the Kambi Player Fair Processing Notice.
- Regulatory Compliance and Legal Requirements:
- Compliance with orders from regulatory bodies or legal provisions in the governing law.
- Instructing and authorizing financial institutions to disclose requested information to the Regulator in line with legal requirements.
- Verifying your eligibility through national self-exclusion registers.
- Legal Rights and Fraud Detection:
- Establishing, exercising, or defending our legal rights.
- Transferring personal data to third parties for fraud detection and control, including address verification system service providers, sport's governing bodies, payment service providers, and financial institutions.
- Service Providers and Auditors:
- Sharing data with service providers for Services delivery, technology support, data storage, payment processing, and online advertising.
- Sharing with external auditors conducting independent checks for accreditations.
- We use third party credit insight companies such as TransUnion (in the UK, for example) to assist in carrying out affordability checks. The affordability check is triggered on opening an account. More information on how such companies process your personal data is found in their privacy notice, in the case of TransUnion under the following link: TransUnion Bureau Privacy Notice | An Information & Insights Company After carrying out the affordability assessment (having received from ourselves relevant information forming part of your Identification Data, namely your name, date of birth and home address), TransUnion (by way of example) provides us with a score indicating affordability risk and reflecting any negative financial indicators. As required by applicable regulation, we may place limitations on your account consistent with the affordability check score, for example placing a monthly financial limit on your account, or where a high affordability risk has been identified, decide not to open the account. You may request that we carry out a manual review of any such decision.
Please also note that for TransUnion, the soft footprint does not adversely impact consumer credit score.
- Business Transfers:
- Disclosing data to organizations during the sale or transfer of our businesses, rights, or obligations. The receiving organization can use the data similarly.
- For exclusively technical and organizational purposes, preparatory operations (such as duplicate accounts or data migration) may be carried out, with the sole purpose of optimizing the performance and security of the transfer on the scheduled date.
- Successors and Network Security:
- Sharing data with successors in title to our business.
- Sharing with security supplier to ensure the network security
- Fraud Prevention and Advertising Efficiency
- We may share data related to fraudulent detection and prevention with third parties such as TrafficGuard. This includes data collected through login events on our website, which helps us identify and prevent fraudulent activities related to our online advertising efforts.
9 DO WE TRANSFER YOUR DATA OUTSIDE THE EEA?
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers: such as United States of America (USA), Australia and India. This can be the case for instance if we provide services globally. In addition, your data may in a few instances be processed in countries where we have operations or services providers. Further, for efficiency and reliability, we may use cloud services hosted in different countries. In certain cases, we might need to transfer data to comply with international legal obligations.
To ensure your personal data remains safe when transferred in this manner, we will take all reasonable steps to maintain a suitable level of protection in line with this notice.
Any transfer of your personal data to a location outside the EEA will processed/performed in accordance with applicable data protection laws, including the GDPR, and will be based on:
- The Standard Contractual Clauses adopted by the European Commission which you can access here or a relevant data protection authority; or
- An adequacy decision from the European Commission, confirming that the third country provides adequate protection for your personal data; or
- Your consent, or another legal basis on which we are entitled to make the transfer.
Should you have any questions regarding our transfers of personal data to countries outside the EU/EEA area, please contact us by using the contact details provided at the beginning of this Privacy Notice.
10 HOW LONG WILL WE KEEP YOUR DATA?
We will only retain your information for as long as needed to fulfil the purposes for which they are collected.
While you are a customer, we will need to retain your information to meet our legal and contractual requirements. However, when you cease using Our services, we may still retain your personal data for a period of time. There are several reasons why we retain your information, these include:
- To comply with legal obligations under EU/local laws (for example, anti-money laundering regulations, or licensing regulations). Those data may be stored for up to 10 years from the date of the closure of your account.
- To establish or defend legal claims (for example negligence claims) which could be made against us;
- To comply with our contractual obligations and rights in relation to the information involved;
- Our legitimate interests where we have carried out balancing tests;
- To comply with guidelines issued by relevant data protection authorities.
If you ever request to have your data erased, we will promptly action your request. However, certain types of personal data may need to be retained in order to comply with our legal obligations as indicated above. In such cases, your data will be securely archived and held only for the duration required by applicable laws and regulations. During this retention period, your data will not be processed for any other purpose.
11 YOUR RIGHTS & CHOICES OVER YOUR PERSONAL DATA
Under the GDPR, you have a number of rights concerning the personal data we hold about you. If you wish to exercise these rights, you should use our GDPR Online Form. Please note that in certain circumstances, we may be unable to disclose specific personal data in response to your request where doing so would infringe on the rights of others, compromise ongoing investigations, or conflict with legal or regulatory obligations applicable to our business.
You also have the right to complain to your local data protection authority if you are concerned with how we process your information.
Further information and advice about your rights can be obtained from your local data protection authority. A list of EU/EEA supervisory authorities can be found here on the European Data Protection Board website.
We have also designated a lead data protection authority, the Office of the Information and Data Protection Commissioner (“IDPC”) in Malta, which you can also contact for further information: For Individuals - IDPC
If you are located in the United Kingdom, you can contact the Information Commissioner’s Office (“ICO”) here.
You have, under certain circumstances, the right to exercise the following rights:
Be informed
>What is your right?
Be informed of the personal data we process about you and how we process it.
>How to exercise
By accessing this Privacy Notice we are informing you of your rights and the principles. Information may also be provided by us in connection with your provision of your personal information and/or in connection with your use of our services. More information can be found in our Help Centre.
Access
>What is your right?
You may request confirmation whether personal data about you is processed by us and, if that is the case you have a right to request a copy of the personal data we hold about you, known as a data subject access request.
>How to exercise
These requests can be made in our Help Centre.
Rectification
>What is your right?
You have a right to request that we amend or update your personal data where it’s inaccurate or incomplete.
>How to exercise
These requests can be made in our Help Centre.
Erasure
>What is your right?
In some circumstances, you can ask us to erase personal data we hold about you (‘the right to be forgotten’). This includes when:
- the information is no longer necessary in relation to the purpose for which it was collected.
- if you withdraw consent and we cannot justify another legal ground for using it;
- if you withdraw consent and we cannot demonstrate overriding legitimate grounds to continue processing the information;
- we don’t have a lawful ground under data protection laws to process your information;
- the data has to be erased to comply with a legal requirement.
>How to exercise
These requests can be made in our Help Centre.
Restrict / Object
>What is your right?
You have the right to ask us to restrict (‘block’ or ‘suppress’) the processing of your personal data. When processing is restricted, we can still store your information, but will not process it further. This right is available to you when:
- You think there might be a mistake in your personal data;
- You think the use of your personal data is against the law, and you want us to limit its use instead of deleting it;
- We no longer need the data, but you require it to establish, exercise or defend a legal claim; and
- We process your information for our legitimate business interests but you object and while we verify the grounds for continued processing.
You can object to the processing of your personal data, that is:
- based on our legitimate business interests (including profiling); or
- For research and statistics
>How to exercise
These requests can be made in our Help Centre.
If you would like to not receive marketing emails, you can also unsubscribe / opt out of receiving them.
Withdrawal of consent
>What is your right?
You have the right to at any time withdraw your consent to the processing of personal data to the extent the processing is based on your consent
>How to exercise
These requests can be made in our Help Centre.
Data Portability
>What is your right?
This allows you to request and reuse your information for your own purposes across different services. For example, if you decide to switch to a different provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability. This is not a general right however, and only arises when the processing of your information is:
- based on your consent or where it is necessary for the performance of a contract, and
- when the information is processed by solely by automated means.
>How to exercise
These requests can be made in our Help Centre.
We will respond to any of your requests relevant to this Section within one (1) month from their receipt. Upon prior notice, this period may be extended by a further two (2) months if necessary, taking into account the complexity of the request and the number of any other pending requests. In case of rejection of your request, we will provide relevant justification.
Restrictions on data subject's rights:
In certain circumstances, your rights as a data subject under GDPR, particularly your right to access personal data and the right to request the erasure of data, may be restricted or limited. Such restrictions may be necessary and proportionate for reasons such as ensuring compliance with legal obligations or to protect the rights and freedoms of others.
We will ensure that any restrictions on your rights are clearly justified
12 AUTOMATED DECISION MAKING
We may use automated processes, including profiling, to support certain decisions relating to your account. This means that some decisions may be made using software algorithms without human involvement. However, we ensure that any such processing is done in accordance with applicable data protection law and is subject to appropriate safeguards.
Your rights:
You have the right not to be subject to a decision based solely on automated processing, including profiling, if it produces legal effects concerning you or similarly significantly affects you. Where such decisions are made, you have the right to request human intervention, to express your point of view, and to contest the decision.
We may use automated decision-making in the following circumstances:
Detecting Fraud:
Your personal data is used to identify and prevent potential fraud or money laundering activities. This includes analysing patterns in your transactions, login activity, or account usage. If a risk is detected, actions such as temporarily blocking or suspending the account may be taken automatically. These measures are in place to protect you and the integrity of our services.
Opening an Account:
When you create an account, we may automatically verify whether you meet the necessary criteria (e.g. age, residency, nationality, or financial status) based on the information you provide. These checks help us comply with our legal obligations and ensure the product is suitable for you.
Use of AI technology:
We may use AI technology as part of our processing activities to support some of our decision-making processes. These tools help us improve efficiency and enhance user experience. However, decisions that could significantly affect you will not be made solely by AI unless required or permitted by law, and appropriate safeguards will always be in place.
Player Safety:
We may use AI technology such as our PS-EDS tool (https://www.fdjunited.com/our-journey-towards-zero/ps-eds/) to detect potentially problematic gambling behaviour Such behaviour may include (a non-exhaustive list): logging in at unusual hours; betting more than usual; and making unsuccessful deposits. If such behaviour is detected, this is notified to our Player Safety Team who may conduct a review of your account to determine any risk level and implement appropriate harm reduction measures. Such measures may include monitoring to ensure continued sustainable behaviour, system prompts and direct messages, along with other emails or calls promoting responsible gambling and use of non-mandatory control tools, as well as actions to minimize potential harm including e.g., placing a reasonable financial limit on an account up to blocking of account in accordance with legal requirements and in the interest of consumer protection.
If you would like to have an automated decision reviewed by a human, you can exercise this right by contacting us through our Help Centre.
13 SECURITY OF YOUR DATA AND CONFIDENTIALITY
We are committed to protecting the personal data you entrust to us. We take all reasonable steps to ensure that all information collected through our website is treated securely and in line with this Privacy Notice and strict data protection standards. Accordingly, we have adopted robust procedures and technologies to protect your data from unauthorised access and improper use.
After logging in all information sent to and from the |Website is encrypted using 128-bit Secure Socket Layer (SSL) technology. The SSL certificate used is issued and verified by Trustwave.
Your credit card details are encrypted and sent only once over the internet to us. It is then stored encrypted in our secure systems. We are dedicated to protecting our customers’ confidential information and, as part of doing so, we are certified towards the Payment Card Industries Data Security Standard.
The security of our systems and applications are tested several times per year by third-party security experts. Furthermore, we have an Intrusion Detection System that monitors all network traffic 24/7 for signs of attacks or intrusions.
We have a dedicated fraud department and advanced systems in place to detect and prevent suspicious activity, to ensure that our websites remain a secure playing-field. Any account involved in suspicious activity will be suspended and investigated to the fullest extent. Should you as user have any doubts about the activity on your account, such as unrecognized transactions in the transaction history or surprising changes in the balance, please contact us immediately.
14 COMPLAINTS
If you are not satisfied with our handling of your personal data or believe we are not processing your personal data in accordance with the law you can complaint to our lead data protection authority, the Office of the Information and Data Protection Commissioner (IDPC) (For Individuals IDPC), or your local data protection authority. A list of EU/EEA supervisory authorities can be found here on the European Data Protection Board website. If you are located in the United Kingdom, you can contact the Information Commissioner’s Office (“ICO”) here.
15 GLOSSARY OF ABBREVIATIONS
| AML | Anti-Money Laundering |
| DPA | Data Protection Authority |
| DPO | Data Protection Officer |
| EEA | European Economic Area |
| EU | European Union |
| FDJ | Française des Jeux |
| GDPR | General Data Protection Regulation or United Kingdom General Data Protection Regulation |
| IPDC | Information and Data Protection Commissioner |
| IP | Internet Protocol (Address) |
| PEP | Politically Exposed Person |
| PS-EDS | Player Safety - Early Detection System |
| RCA | Relatives and Close Associates |
| SCC | Standard Contractual Clauses |
| SIP | Special Interest Person |
| PS-EDS | Player Safety – Early Detection System |
| RCA | Relatives and Close Associates |
| SCC | Standard Contractual Clauses |
| SIP | Special Interest Person |