1. Introduction
Welcome to the official Privacy Policy for the bwin online betting and iGaming platform. We deeply respect your privacy and are completely committed to protecting your personal data. This comprehensive privacy notice will transparently inform you as to how we look after your personal data when you visit our website, register an account, utilize our mobile applications, or otherwise interact with our sports betting and casino ecosystem (regardless of where you visit it from).
This document is meticulously designed to tell you about your privacy rights and how current global data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), protect you. It is imperative that you read this privacy policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them.
2. Controller and Contact Details
The bwin entity operating in your specific jurisdiction is the controller and is strictly responsible for your personal data (collectively referred to as "bwin", "we", "us", or "our" in this privacy policy). We have appointed a dedicated Data Protection Officer (DPO) who is legally responsible for overseeing all questions and concerns in relation to this privacy policy. If you have any questions about this document, including any requests to exercise your legal rights, please contact the DPO using the details provided below:
- Email Address: [email protected]
- Postal Address: bwin Data Protection Office, Legal Department, [Insert Registered Corporate Address]
You have the right to make a formal complaint at any time to your relevant national or state supervisory authority for data protection issues. We would, however, deeply appreciate the chance to deal with your concerns internally before you approach the authorities, so please contact us in the first instance.
3. The Data We Collect About You
Personal data, or personal information, legally means any information about an individual from which that person can be directly or indirectly identified. It completely excludes data where the identity has been irreversibly removed (anonymous data). We may systematically collect, use, strictly store, and transfer various different kinds of personal data about you which we have grouped together as follows:
- Identity Data: includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, and gender. We also collect copies of government-issued identification (passports, driver's licenses) to fulfill our rigorous Know Your Customer (KYC) obligations.
- Contact Data: includes your billing address, permanent residential address, email address, and active telephone numbers.
- Financial Data: includes detailed bank account records, payment card details, and alternative payment method identifiers (e.g., e-wallet accounts).
- Transaction Data: includes comprehensive details about payments to and from you, detailed logs of wagers placed, casino games played, deposits made, successful withdrawals, and other granular details of products and services you have purchased from us.
- Technical Data: includes internet protocol (IP) address, your secure login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other unique technology identifiers on the devices you use to access this website.
- Profile Data: includes your username and password, wagers made by you, your personal interests, preferences, feedback, and customer survey responses.
- Usage Data: includes detailed analytical information about how you navigate and utilize our website, mobile application, casino products, and live dealer services.
- Marketing and Communications Data: includes your explicit preferences in receiving marketing materials from us and our trusted third parties, as well as your communication preferences.
We absolutely do not knowingly collect personal data relating to minors. The services provided by our platform are strictly prohibited for individuals under the age of 18 (or the legal age of majority in your jurisdiction). If we discover that we have inadvertently collected data from a minor, the account will be immediately suspended, and the data will be permanently deleted in accordance with legal mandates.
4. How Is Your Personal Data Collected?
We use various distinct operational methods to responsibly collect data from and about you, including through:
Direct Interactions
You may voluntarily give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, live chat, or otherwise. This includes personal data you provide when you:
- Create a betting or casino account on our platform;
- Place sports wagers or participate in iGaming activities;
- Request targeted marketing to be sent to you;
- Enter a promotional competition, VIP promotion, or network survey;
- Contact our customer support teams to provide feedback or request technical assistance.
Automated Technologies or Interactions
As you actively interact with our platform, we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We meticulously collect this personal data by using digital cookies, server logs, web beacons, and other similar advanced tracking technologies. We may also inadvertently receive Technical Data about you if you visit other independent websites employing our cookies. Please see our dedicated Cookie Policy for further granular details.
Third Parties or Publicly Available Sources
To adhere to strict international anti-money laundering (AML) laws and sports integrity standards, we will routinely receive personal data about you from various qualified third parties and public sources, including:
- Fraud prevention and identity verification agencies (e.g., Jumio, Onfido) based globally;
- Financial institutions, payment gateways, and credit reference agencies;
- Sports integrity monitoring bodies (e.g., IBIA) to detect suspicious betting patterns;
- Publicly available governmental sanction lists and politically exposed person (PEP) registries.
5. How We Use Your Personal Data
We will only legally process your personal data when the law expressly allows us to. Most commonly, we will use your personal data in the following operational circumstances:
- Contractual Necessity: Where we need to firmly perform the contract we are about to enter into or have already entered into with you (e.g., managing your account, executing bets, paying out legitimate winnings).
- Legal Obligation: Where it is absolutely necessary for our overriding legitimate compliance with a strict legal or regulatory obligation (e.g., AML compliance, responsible gambling interventions, self-exclusion registers).
- Legitimate Interests: Where it is fundamentally necessary for our legitimate corporate interests (or those of a trusted third party) and your fundamental interests and rights do not override those interests. This includes the prevention of fraud, ensuring network security, and studying how customers utilize our betting services to optimize our user interface.
- Consent: Generally, we do not strictly rely on consent as a legal basis for processing your personal data other than in relation to sending third-party direct marketing communications to you via email or text message. You explicitly have the right to withdraw your marketing consent at any time by accessing your account settings.
Automated Decision Making and Profiling
As a highly regulated digital betting operator, we proactively utilize sophisticated automated decision-making and algorithmic profiling to fulfill our legal obligations and protect our ecosystem. This predominantly includes:
- Fraud Detection: We algorithmically monitor betting patterns, login locations, and device identifiers to immediately flag and block accounts suspected of fraudulent activity, bonus abuse, or syndicate betting.
- Responsible Gambling: Our systems continuously scan player behavioral data (e.g., frequency of deposits, increasing wager sizes, prolonged session times) to detect potential indicators of gambling-related harm. If triggered, this automated profiling may result in mandatory account restrictions or the deployment of responsible gambling interventions without human interference.
6. Disclosures of Your Personal Data
We may be required to share your personal data with the specific parties set out below for the exact purposes detailed in Section 5 above:
- Internal Third Parties: Other affiliated corporate entities within the bwin parent group acting as joint controllers or processors, who provide global IT administration, unified wallet infrastructure, and localized customer leadership reporting.
- External Third Parties: This crucially includes premier game developers (e.g., Evolution Gaming, NetEnt, Pragmatic Play) who require anonymized usage data to facilitate gameplay; financial institutions and payment facilitators processing your deposits and withdrawals; and external legal, compliance, and auditing professionals.
- Regulatory and Law Enforcement Bodies: Including but not limited to the UK Gambling Commission, the Malta Gaming Authority, global financial intelligence units, sports governing bodies (e.g., FIFA, UEFA, IOC), and local police forces. We are compelled to share data to assist in investigations regarding match-fixing, money laundering, or general criminality.
- Business Transfers: Third parties to whom we may proactively choose to sell, dynamically transfer, or actively merge parts of our corporate business or our assets. If a major corporate change happens to our business, then the new owners may predictably use your personal data in the same way as detailed in this privacy policy.
We rigorously require all permitted third parties to mutually respect the absolute security of your personal data and to uniquely treat it in strict accordance with international data protection laws. We unequivocally do not permit our third-party operational service providers to exploit your personal data for their own independent purposes.
7. International Data Transfers
Because we operate an expansive global iGaming network, we inherently share your personal data within our international corporate group. This dynamic operation will often involve actively transferring your sensitive data entirely outside the European Economic Area (EEA) or your home jurisdiction. Whenever we systematically transfer your personal data out of the EEA, we absolutely ensure a remarkably similar degree of protection is afforded to it by ensuring at least one of the following legal safeguards is fundamentally implemented:
- We will only transfer data to destination countries that have been deemed to effectively provide an adequate, robust level of data protection by the European Commission.
- Where we actively use specific IT providers, we apply explicitly approved contractual mechanisms (such as Standard Contractual Clauses) which give personal data the exact same rigorous protection it has fundamentally enjoyed within Europe.
8. Data Security Architecture
We have meticulously engineered and implemented state-of-the-art organizational and technical security measures to absolutely prevent your personal data from being accidentally lost, compromised, used, dynamically altered, or accessed in an unauthorized malicious manner. This prominently features military-grade 128-bit Secure Socket Layer (SSL) encryption protocols safeguarding every single transmission across our network.
Furthermore, we strictly limit and partition access to your personal data solely to those specific employees, authorized agents, specialized contractors, and third parties who categorically have a genuine business need to know. They will solely process your personal data under our explicit documented instructions and they are continually subject to rigid, uncompromising duties of absolute confidentiality.
We have put robust, automated procedures in place to aggressively deal with any suspected digital personal data breach. We will rapidly notify you and any applicable sovereign regulatory body of a confirmed breach where we are legally obligated to do so.
9. Data Retention Policy
We will only retain your personal data for as long as inherently necessary to thoroughly fulfill the original purposes we collected it for, including for the strict purposes of satisfying any overriding legal, regulatory, complex accounting, or operational reporting requirements.
To definitively determine the appropriate legal retention period for private data, we deeply consider the amount, physical nature, and extreme sensitivity of the data, the potential catastrophic risk of harm from unauthorized use, and specifically, the heavily binding strictures of international gambling legislation. Notably, due to stringent Anti-Money Laundering (AML) statutes, we are legally mandated to retain basic Identity, Contact, Financial, and granular Transaction Data for a minimum statutory period of five (5) to seven (7) years strictly after an individual ceases to be a customer and closes their account.
10. Your Legal Rights
Under specific circumstances meticulously dictated by overriding data protection laws, you intrinsically hold several powerful rights directly concerning your private data:
- Request Access (Data Subject Access Request): This fundamentally enables you to formally receive a structured copy of the personal data we securely hold about you and to legally verify that we are processing it properly.
- Request Correction: This immediately enables you to have any radically incomplete or wildly inaccurate data we possess about you systematically corrected.
- Request Erasure (Right to be Forgotten): This empowers you to demand we aggressively delete or entirely remove personal data where there is absolutely no prevailing reason for us continuing to securely process it. (Note: Due to massive regulatory constraints, we may not always be legally capable of complying with immediate erasure requests regarding historical betting data).
- Object to Processing: You possess the power to object where we are fundamentally relying on a legitimate corporate interest and your specific, nuanced personal situation makes you wish to aggressively object to processing.
- Request Restriction: This permits you to formally ask us to immediately suspend the active processing of your data in specific scenarios.
- Request Portability: We will securely provide to you, or a designated third party, your specific data in a cleanly structured, commonly used, deeply machine-readable format.
- Withdraw Consent: Fundamentally right at any given time where we heavily rely on your consent to dynamically process your data (e.g., VIP marketing newsletters).
If you earnestly wish to exercise any of the massive, far-reaching rights explicitly set out above, please formally contact our DPO via the contact mechanisms previously provided. You will categorically not have to pay a financial fee to securely access your data; however, we reserve the right to confidently charge a highly reasonable administrative fee if your statutory request is clearly totally unfounded, wildly repetitive, or highly excessive.