Privacy Policy 1Red Casino

At 1Red Casino (1redcasinouk.uk), operated by Bets Entertainment N.V. under Curacao licence OGL/2024/1178/0479, we take the protection of your personal data extremely seriously. This Privacy Policy explains how we collect, use, store, share and protect your personal information when you visit our website, register an account or use any of our services. We are committed to ensuring that your privacy is protected in accordance with applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our services, you acknowledge that you have read and understood this Privacy Policy. This policy was last updated on 13 March 2026.

1. Data Controller and Contact Information

The data controller responsible for the processing of your personal data is Bets Entertainment N.V., the operator of 1Red Casino. If you have any questions, concerns or requests relating to the processing of your personal data, or if you wish to exercise any of your data protection rights, you can contact us using the following details: Email: support@1redcasinouk.uk Website: 1redcasinouk.uk We have designated a Data Protection Officer (DPO) who is responsible for overseeing our data protection practices and ensuring compliance with applicable regulations. You may contact our DPO through the email address provided above, marking your correspondence 'For the attention of the Data Protection Officer'. We aim to respond to all data protection queries and requests within 30 days of receipt. In complex cases, or where we receive a high volume of requests, this period may be extended by up to two additional months, in which case we will notify you of the extension and the reasons for it.

2. Personal Data We Collect

We collect personal data from you in several ways and for various purposes. The categories of personal data we collect include: Information You Provide Directly: When you register an account, we collect your full name, date of birth, gender, residential address, email address, telephone number, preferred currency and any other information you provide during registration. When you make deposits or withdrawals, we collect your payment details, including credit/debit card numbers, e-wallet account details, bank account information and transaction history. When you contact our customer support, we collect the content of your communications, including chat logs, emails and telephone recordings. When you participate in promotions, we collect information related to your participation and eligibility. Information Collected Automatically: When you visit our website or use our services, we automatically collect certain technical and usage data, including: your IP address and approximate geolocation, device type, operating system and browser information, unique device identifiers, pages visited, time and date of visits, referring URLs, clickstream data and navigation patterns, game play data (including bets placed, outcomes, session duration and game preferences), and cookies and similar tracking technologies (see our Cookie Policy for details). Information from Third Parties: We may receive personal data about you from third-party sources, including: identity verification services, credit reference agencies, fraud prevention databases, payment service providers, affiliated companies within our group, and publicly available sources such as social media profiles and electoral registers. Special Category Data: We do not intentionally collect special category data (also known as sensitive personal data), such as data relating to your racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data or sexual orientation. However, if you voluntarily provide such information to us (for example, in a customer support communication), we will process it only to the extent necessary to respond to your query and in accordance with applicable law.

3. Legal Basis for Processing

We process your personal data only where we have a valid legal basis for doing so. The legal bases upon which we rely include: Contractual Necessity (Article 6(1)(b) UK GDPR): Processing that is necessary for the performance of our contract with you — namely, the provision of our gambling services. This includes processing required to: create and manage your account, process your deposits and withdrawals, provide you with access to games and other services, manage your bonuses and promotional offers, and communicate with you about your account and our services. Legal Obligation (Article 6(1)(c) UK GDPR): Processing that is necessary for compliance with a legal obligation to which we are subject. This includes processing required to: verify your identity and age under KYC and anti-money laundering regulations, report suspicious transactions to relevant authorities, comply with tax reporting obligations, respond to lawful requests from law enforcement and regulatory authorities, and maintain records as required by our licensing conditions. Legitimate Interests (Article 6(1)(f) UK GDPR): Processing that is necessary for our legitimate interests or those of a third party, provided that your rights and freedoms do not override those interests. Our legitimate interests include: fraud prevention and detection, ensuring the security and integrity of our platform, improving and optimising our services, analysing usage patterns to enhance the user experience, and enforcing our Terms and Conditions. Consent (Article 6(1)(a) UK GDPR): Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. We rely on consent for: sending you marketing communications (where not based on legitimate interests), placing non-essential cookies on your device, and processing any special category data you voluntarily provide. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

4. How We Use Your Personal Data

We use the personal data we collect for the following purposes: Service Delivery: To create, manage and maintain your account. To process your deposits, withdrawals and other financial transactions. To provide you with access to our games, promotions and other services. To personalise your experience and display content relevant to your preferences. To communicate with you about your account, transactions and our services. Regulatory Compliance: To verify your identity, age and address as required by KYC regulations. To monitor transactions for signs of money laundering, terrorist financing or fraud. To comply with our reporting obligations to licensing authorities, tax authorities and law enforcement. To maintain records as required by applicable laws and regulations. Safety and Security: To protect the security and integrity of our platform and infrastructure. To detect and prevent fraud, cheating, collusion and other prohibited activities. To enforce our Terms and Conditions and other policies. To protect our rights, property and safety, and those of our players and third parties. Business Improvement: To analyse usage patterns and trends to improve our services and user experience. To conduct research and statistical analysis for business planning purposes. To develop and test new features, products and services. To train our staff and improve our customer support. Marketing: To send you promotional offers, newsletters and other marketing communications where you have opted in or where we have a legitimate interest in doing so. To display targeted advertising based on your preferences and activity. To measure the effectiveness of our marketing campaigns. You can opt out of marketing communications at any time by clicking the 'unsubscribe' link in any email, adjusting your communication preferences in your account settings, or contacting us at support@1redcasinouk.uk.

5. Data Sharing and Third-Party Disclosure

We may share your personal data with the following categories of third parties, in each case only to the extent necessary and in accordance with applicable data protection law: Service Providers: We engage trusted third-party service providers to assist in the operation of our platform and the delivery of our services. These include payment processors, identity verification providers, hosting and cloud infrastructure providers, email service providers, analytics providers and customer support tools. Our service providers are contractually bound to process your data only on our instructions and in accordance with applicable data protection law. Gaming and Software Providers: We share certain data with the gaming software providers whose games are available on our platform. This data is necessary for the operation of the games and may include your player ID, bet amounts, game outcomes and session data. Our gaming providers are required to comply with applicable data protection regulations. Regulatory and Legal Authorities: We may disclose your personal data to regulatory authorities, licensing bodies, tax authorities, law enforcement agencies or courts of competent jurisdiction where required by law, where necessary for the prevention or detection of crime, or where required to comply with a court order or legal process. Affiliated Companies: We may share your personal data with other companies within the Bets Entertainment N.V. group of companies for the purposes set out in this Privacy Policy, including service delivery, fraud prevention and business analysis. Professional Advisers: We may share your data with our professional advisers, including lawyers, auditors and accountants, where necessary for the provision of their professional services to us. Business Transfers: In the event of a merger, acquisition, reorganisation, sale of assets or bankruptcy, your personal data may be transferred to the successor entity. We will notify you of any such transfer and any changes to the processing of your data. We do not sell your personal data to third parties for their own marketing purposes. We do not share your personal data with any third party for purposes incompatible with those set out in this Privacy Policy without your explicit consent.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal and regulatory obligations, to resolve disputes and to enforce our agreements. The specific retention periods we apply are as follows: Account Data: We retain your account registration data (name, date of birth, address, email, telephone) for the duration of your account and for a minimum of five (5) years after account closure. This retention period is necessary to comply with anti-money laundering regulations and our licensing conditions. Transaction Data: We retain records of all financial transactions (deposits, withdrawals, bets, winnings) for a minimum of seven (7) years from the date of the transaction, in accordance with anti-money laundering and tax reporting obligations. KYC Documents: Identity verification documents are retained for the duration of your account and for a minimum of five (5) years after account closure. Documents are stored in encrypted form with strict access controls. Communication Records: Customer support communications (chat logs, emails, call recordings) are retained for a minimum of three (3) years from the date of the communication. Technical and Usage Data: IP addresses, device information and usage logs are typically retained for a period of twelve (12) months, after which they are anonymised or deleted. Marketing Preferences: Records of your marketing consent and preferences are retained for as long as necessary to honour your preferences and for a period of two (2) years after you withdraw consent or close your account. When your personal data is no longer required for any purpose and the applicable retention period has expired, it will be securely deleted or irreversibly anonymised.

7. Your Data Protection Rights

Under the UK GDPR and the Data Protection Act 2018, you have a number of rights in relation to the personal data we hold about you. We are committed to facilitating the exercise of these rights and will respond to all valid requests within 30 days. Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you, along with information about how and why it is processed. This is commonly known as a 'Subject Access Request' (SAR). We will provide this information free of charge, although we may charge a reasonable fee for manifestly unfounded or excessive requests. Right to Rectification (Article 16): You have the right to request the correction of any inaccurate personal data we hold about you, and to have incomplete personal data completed. You can update most of your personal information directly through your account settings. Right to Erasure (Article 17): You have the right to request the deletion of your personal data in certain circumstances, including where the data is no longer necessary for the purpose for which it was collected, where you withdraw consent, or where processing is unlawful. This right is not absolute and is subject to exceptions, particularly where we are required to retain data for legal or regulatory compliance. Right to Restriction of Processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances, including where you contest the accuracy of the data, where processing is unlawful, or where you have objected to processing pending verification of our legitimate interests. Right to Data Portability (Article 20): You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and to transmit that data to another controller without hindrance from us. This right applies where processing is based on consent or contractual necessity and is carried out by automated means. Right to Object (Article 21): You have the right to object to the processing of your personal data where processing is based on legitimate interests or for direct marketing purposes. Where you object to processing for direct marketing, we will cease such processing without exception. Where you object to processing based on legitimate interests, we will assess whether our interests override your rights and freedoms. Right Not to Be Subject to Automated Decision-Making (Article 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Where we make such decisions, we will inform you and provide meaningful information about the logic involved. To exercise any of these rights, please contact us at support@1redcasinouk.uk. We may need to verify your identity before processing your request.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our platform to enhance your experience, analyse usage patterns and deliver personalised content. Cookies are small text files that are stored on your device when you visit our website. They allow us to recognise your browser, remember your preferences and provide certain features. For comprehensive information about the types of cookies we use, the purposes for which we use them, and how you can manage your cookie preferences, please refer to our separate Cookie Policy, which is available on our website. Essential Cookies: Some cookies are strictly necessary for the operation of our platform and cannot be disabled. These include cookies that enable core functionality such as security, account authentication, session management and network management. Non-Essential Cookies: Other cookies are used for analytics, performance tracking, personalisation and advertising purposes. These cookies are placed only with your consent, and you can manage your preferences through our cookie consent banner or your browser settings. Do Not Track: Some browsers offer a 'Do Not Track' (DNT) signal that indicates you do not wish to be tracked across websites. There is currently no universally accepted standard for how companies should respond to DNT signals. We honour browser-based DNT signals to the extent technically feasible.

9. Data Security

We implement robust technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, loss or destruction. Our security measures include: Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS encryption (256-bit). Sensitive personal data stored in our databases, including passwords, payment details and KYC documents, is encrypted at rest using AES-256 encryption. Access Controls: Access to personal data within our organisation is strictly limited to authorised personnel who require it to perform their duties. Access is controlled through role-based access policies, multi-factor authentication and individual audit trails. Infrastructure Security: Our servers are hosted in secure, SOC 2 Type II certified data centres with physical access controls, environmental controls and redundant power and networking. We employ firewalls, intrusion detection and prevention systems, DDoS mitigation and regular penetration testing. Monitoring and Incident Response: We continuously monitor our systems for security threats and maintain a comprehensive incident response plan. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with our legal obligations. Staff Training: All staff who handle personal data receive regular training on data protection principles and information security best practices. While we take all reasonable precautions to protect your personal data, no system of transmission or storage is completely secure. We cannot guarantee the absolute security of your data and accept no liability for any unauthorised access or loss that occurs despite our security measures.

10. Children's Privacy

Our services are intended exclusively for persons aged 18 and over. We do not knowingly collect, process or store personal data from anyone under the age of 18. If we become aware that we have collected personal data from a child under 18, we will take immediate steps to delete that data from our systems and close any associated account. If you are a parent or guardian and believe that your child has provided personal data to us, please contact us immediately at support@1redcasinouk.uk. We will investigate the matter promptly and take appropriate action. We encourage parents and guardians to monitor their children's internet usage and to educate them about the importance of not providing personal information to websites without parental permission. We also recommend the use of parental control software to prevent minors from accessing gambling websites.

11. International Data Transfers

As 1Red Casino is operated by Bets Entertainment N.V., which is registered in Curacao, your personal data may be transferred to, stored in and processed in jurisdictions outside the United Kingdom. We may also engage service providers located in other countries who process data on our behalf. Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements. These safeguards may include: transfers to countries that have been recognised by the UK government as providing an adequate level of data protection, the use of Standard Contractual Clauses (SCCs) approved by the relevant authorities, binding corporate rules within our group of companies, and, in specific circumstances, your explicit consent to the transfer. You may request further information about the safeguards we use for international data transfers by contacting us at support@1redcasinouk.uk.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements or business operations. When we make material changes, we will notify you by: posting the updated policy on our website with a revised 'last updated' date, sending you an email notification to your registered email address, and/or displaying a prominent notice on our platform. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of our services after any changes to this Privacy Policy constitutes your acknowledgement of the updated terms. If you do not agree with any changes to this Privacy Policy, you should stop using our services and close your account. Previous versions of this Privacy Policy are available upon request. Contact Us: If you have any questions, concerns or complaints about this Privacy Policy or our data processing practices, please contact us at support@1redcasinouk.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe that your data protection rights have been infringed. The ICO can be contacted at ico.org.uk.