Cookies on this website

We use cookies to give you the best experience possible. By continuing to navigate through this site you consent to the use of cookies in accordance with our cookie policy.
Help

Version Date: 25th July 2022

Previous Version Date: 2nd December 2021

Betfred Group Privacy Policy

We understand that privacy and the security of your personal information is extremely important. This policy sets out what we do with your information and how we keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you in line with the UK GDPR, EU GDPR, the Gibraltar GDPR and the UK Data Protection Act 2018.

This policy applies to you if you use our services in store, over the phone, online, through our mobile applications or otherwise by using any of our websites or interacting with us on social media. It underpins our commitment to protecting your personal information and has been adopted.

This Privacy Policy was last updated in July 2022 and will be updated from time to time if any changes are made that could affect you. If we do update the Policy, we will publish the effective date of the new version. Previous versions of the Policy can be obtained by contacting the Data Protection Officer, contact details below.

This privacy policy should be read in conjunction with our cookies policy, our site terms of use and our terms and conditions.


Who we are

References in this Privacy Policy to ‘Betfred’, ‘we’ or ‘us’ relate to the companies below and brands who make up the Betfred Group, these are listed below:

Done Brothers (Cash Betting) Limited (UK), registered in the UK, company number 1277703; Petfre (Gibraltar) Ltd, registered in Gibraltar, company number 99314;

Trading as: Betfred; Oddsking

Brand Owners of:

The Sportsman (editorial website www.thesportsman.com, owned by Petfre (Gibraltar) Ltd

Bucky Bingo – www.buckybingo.co.uk (brand owned by Petfre Gibraltar) Ltd, site operated and managed in the UK by 888 UK Limited

It also includes any other companies/brands we may add in the future. If you’d like more information about which Betfred Group brand you are dealing with, please check the terms and conditions of the service you are using.

Done Brothers (Cash Betting) Limited (UK) is registered as a Data Controller with the Information Commissioner’s Office (ICO) – Registration Number Z8005918.

Petfre (Gibraltar) Ltd, is registered as a Data Controller with the Gibraltar Regulatory Authority (GRA) – Registration Number DP008163.


Contacting our Data Protection Officer

If you have any questions about how we handle your personal information, have a question about this Privacy Policy or would like to submit a subject access request or a request to exercise any of your rights, you can contact us in the following way:

By email: dataprotection@Betfred.com

OR

The Data Protection Officer. Betfred, The Spectrum, 56-58 Benson Road, Birchwood, Warrington, WA3 7PQ.


How and why we collect and use your personal information

We collect personal information about you from the following sources:

  • When you visit our website or our social media sites
  • When you register for an account with us
  • When you visit one of our shops
  • When you communicate with us (by email, phone, mail, live chat or social media)
  • Undertaking analysis of any interaction you have had with us
  • From public sources of information, which would include public records, social media postings and information available from Companies House
  • From cookies and similar technology on your devices where you have permitted their use. When you use our website, we collect some information about you using cookies. You will be informed of this and asked to accept these cookies, a link to the cookie policy can be found here.
  • From third party databases to comply with any legal or regulatory obligation we have
  • From service providers such as financial services, and information lawfully acquired from third party providers.

We will only process your personal information where we have a lawful, legal, and legitimate basis to do so.

Provision of products and services we provide:

If you are a customer who has an online account:

We will ask you to provide personal information in order that you can register for an online account and use our services. You will also be asked to accept our terms and conditions.

The information collected would typically include your name, home and email address, telephone number, your date of birth and payment details.

We need to collect this information so that we can provide you with the products and services that you request from us and it is done so in accordance with the performance of contract and meeting our legal obligations.

If you are a customer in one of our shops:

We may collect information about you in a number of ways, these being; CCTV - Images of people who visit Betfred premises or staff who work in Betfred premises may be captured by CCTV. These images will not be shared with any other person or organisation, unless you have consented or if we are allowed to by law, for example, for the apprehension and prosecution of offenders or to prevent or detect crime.

There may be occasions when entering Betfred premises that we may challenge your age. Please don’t be offended – we need to record this information so that we can demonstrate that we have complied with our age verification process.

If you complete a self-exclusion form, you will need to provide your full name, address, a photograph of yourself and details of the length of self-exclusion you require.

Interacting with our Customer Services Team

If you have to contact our Customer Services Team, we will keep a record of your information, such as name, address, email address, telephone number and details of your enquiry. This is so we can provide you with the service you need and answer any questions you have or respond to any complaint or concerns you may have. We process this information under the performance of contract and any legitimate interests either to you as a customer or us as a business

If your contact is by telephone, our telephone calls are recorded. All callers are informed of this at the beginning of the call.

Please note that calls to Betfred are fully compliant with PCI DSS standards. This standard ensures that we handle your payment card details (e.g. your credit or debit cards) securely.

Marketing Purposes

When you register for an account with us, we will ask you if you consent to marketing by SMS and Email, and if so, what your marketing preferences are. Please note, you may withdraw your consent to marketing at any time within the “My Account” under “My Details” page of your online account or by choosing to opt out on any marketing communication you may receive.

We may also send marketing material to you by direct mail post, this is done where we believe there is a legitimate interest in doing so and you have opted in to receive marketing via other methods on your account preference centre. We may also make live telephone marketing calls to you without your consent, we will only do this where the law allows and when all checks with the TPS in relation to live telephone marketing have been made. You have the right to object to this marketing, please see the section below on Data Subject Rights (Your Right).

Where you have opted in to consent to marketing by Betfred’s Digital Brands, these brands are; Betfred and Oddsking

Where you have opted in to consent to marketing by ‘Our friends’, these organisations are; Bucky Bingo.

You can opt out of any marketing you may have opted in to at any point either via the preference centre on your ‘My Account’ or by choosing the method of opt out on any marketing communication you may receive.

Social Media Advertising

We may use information which we hold about you to show you relevant advertising on third party sites (e.g. Facebook, Google, Instagram, Snapchat and Twitter). If you don’t want to be shown targeted advertising messages from us, some third-party sites allow you to request not to see messages from specific advertisers on that site in future. The Gambling Commission have published detailed guidance on how you can control the gambling related content you see on Facebook. If you want to stop all personalised services from us, including targeted advertising messages on third party sites you can contact our Customer Service (support@betfred.com) or email the Data Protection Officer (dataprotection@betfred.com) to disable personalisation.

Market Research

We also like to hear your views to help us to improve our services, so we may contact you for market research purposes. You always have the choice about whether to take part in our market research and we will only ever do this with your consent.

Meeting our Legal and Regulatory Obligations

We have legal and regulatory obligations that we need to comply with, as determined by our regulators (the Gambling Commission and the Gibraltar Gambling Commissioner), or as set out in the Gambling Act 2005 and Licence Conditions and Codes of Practice, Gibraltar Gaming Act 2005 and the Generic Code of Practice for the Gambling Industry. These obligations include, but are not limited to, Responsible Gambling obligations, Anti-money Laundering, Anti-fraud & Anti-terrorism laws. Information processed to meet these obligations would include; your name, online identity, player ID, contact information, game history, betting history including withdrawals and deposits, information we may hold on your wellbeing and any correspondence held on your account.

Identity and Validation Checks, Age Verification and Responsible Gambling

We take responsible gambling very seriously and we have an obligation to identify those at harm from gambling as early as we can and help them stop gambling by placing certain limits on accounts; this could include deposit limits, product limits, limiting the ability of an account to gamble to certain products/times/periods. To meet these obligations, we continuously analyse customer’s transactions and evaluate behaviour or financial status across all of our products and brands, which may lead us to make decisions on your account(s). We may use automated decision making when we carry out identity and validation checks on customer transactions. This is so we can help you to gamble responsibly and make sure we can meet our obligations in respect of social compliance. This may include affordability checks which could include obtaining data from other sources such as public domain information or credit history

We need to also check and validate your age to ensure you are old enough to gamble. We do this either by an automated method or ask you to provide ID documents to us.

We also need to record details if you are self-excluded and or where we believe a customer may have a gambling problem.

We do all of this because we have a legal obligation to do so, and to protect the vital interests of you the data subject and where necessary, other people.

In the interests of responsible gambling, we may share information about you between members of the Betfred Group regarding any self-exclusion. This is part of our ‘Keep it fun’ responsibly gambling policy.

Prevention or Detection of Crime

We have an obligation to implement measures to identify and investigate any suspected unlawful, fraudulent, or improper activity connected with our services, including possible money laundering, and the use of proceeds of crime and fraud.

We may implement manual and automated checks when processing your personal data to highlight any suspicious activity. Automated identification, verification and credit checks are carried out on our behalf by third party organisations. We do this to protect our staff and other individuals from harm or loss. This processing may include monitoring your online activity, including transactions and payments, games played, bets placed and IP address information.

This processing is necessary for us to comply with our contractual and legal obligations. We may also process information this way if it is in the legitimate interests of our customers and or our business.

Lifestyle insight and Profiling

We may carry out profiling of you and your activity in relation to our services so we can tailor marketing communications to better suit your interests.

This will be undertaken based on your use of our services and your marketing selections made via the preference centre on your ‘My Account’ page. This helps us build a picture of you, your preferences, and your habits to better understand your interests and how you play. When we do this, we are doing so because it is in the legitimate interests of you our customer and our business.

The Sportsman

We will not ask you to provide any personal information when using The Sportsman website. You may see advertisement banners on the site, and if you choose to visit those websites, you will accept the terms and conditions and privacy policy applicable to those websites.


Explaining the legal basis we rely on

As has been explained, the majority of information we collect about you is required to meet our legal and regulatory obligations. under the Gambling Act and Money Laundering.

Where we ask for consent to process your personal information, you are not obliged to provide it, however if you do not do so, this could prevent you from taking advantage of all of our services.

We sometimes collect information from you to perform our duties under a contract, an example of this would be when you sign up to an account for one of our services and accept our terms and conditions.

Where we process information when it is necessary for our legitimate interests (or those of a third party) and your interests, we will only do so when your fundamental rights do not override those interests.


How long will we keep your personal information

Whenever we collect or process your personal information, we’ll only keep it for as long as is necessary for the purpose for which it was collected, this is called the retention period. At the end of the retention period, your information will be permanently and securely deleted.

Some examples of our retention periods are below;

When you contact us by telephone, the call recordings are kept for a period of 12 months after which time they are archived. All calls are permanently and securely deleted after a period of 6 years.

All images captured on any of our CCTV are kept for a period of between 7 and 30 days after which time the images are overwritten.

If you use our live chat service, your information is retained for a period of two years in the live system after which time it is archived and permanently and securely deleted after 5 years.

If you make a complaint and the complaint is escalated through our complaint’s procedure, we will keep all information in relation to the complaint for 3 years after the issue has been closed.

To fulfil our requirements, some of your personal information will need to be retained for a period after you cease to be a customer. There is a 7-year retention period on customer account data which starts from when the relationship with the customer ends. When we no longer need it to fulfil the above requirements, we delete it securely.


How we protect your personal information

We are committed to protecting your information, we handle it with the utmost care and take all appropriate steps to protect it.

To ensure the continuous security of our website we perform annual PCI-DSS assessments. The PCI-DSS security standards enforce rigorous controls surrounding cardholder data and are intended to protect sensitive cardholder data.

To further our security measures, we also perform annual independent security audits as requested by the Gambling Commission. These assessments are based on a subset of the remote gambling and software technical standards, the purpose aims to ensure customers are not exposed to unnecessary security risks.


Who we share your personal information with

From time to time, we may need to share your personal information with other organisations. These organisations are typically:

  • Our regulators such as the Gambling Commission, Gibraltar Regulatory Authority, Advertising Standards Authority, Independent Betting Adjudication Service, the Information Commissioners Office
  • Law Enforcement or fraud prevention agencies, as well as our legal advisors, courts, applicable independent adjudication services
  • Banks, sport’s governing bodies, betting integrity and other relevant agencies for the purpose of investigating and safeguarding against underage, fraudulent, criminal, or suspicious activity.
  • Business partners, suppliers, and sub-contractors for the performance of any contract we enter with either them or you.
  • Our affiliates and third parties for the purpose of marketing. Where you have opted out of receiving marketing from us or are self-excluded, your details will be placed on a suppression list which will be shared with our marketing affiliates to ensure you do not receive unsolicited marketing.
  • Analytics and search engine providers that assist us in the improvement and optimization of our site.
  • An organisation, where we are under a duty to disclose or share your personal information with in order to comply with any legal obligation or regulatory requirement, or otherwise for the prevention or detection of fraud and crime.
  • Credit reference agencies and identity verification agencies. Where we need to conduct verification checks which could include sharing information with third party organisations, such as credit reference agencies. When we perform such checks, a ‘soft’ footprint will appear on your credit file.

One such organisation is TransUnion, who further act as a Data Controller when processing personal information. More information about TransUnion’s activities can be found by clicking on the link below.

https://www.transunion.co.uk/legal-information/bureau-privacy-policy

Overseas transfers of your information.

From time to time, service providers who we work with may be located outside the UK or the European Economic Area (EEA). They could be based in a country which does not have the same standards or protection for personal information as the UK or EEA. We will always use every reasonable effort to ensure that sufficient protections are in place to protect your personal information. All of our service providers (data processors) enter into relevant data processing agreements, this is to ensure that your personal information is processed in accordance with applicable data protection legislation.


Data Subject Rights (Your Right)

Below is an overview of your rights in relation to your personal information that we process.

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

If you need to contact us in relation to any request you wish to make under your data subject rights, you can do this by emailing or writing to the Data Protection Officer (contact details are within this privacy policy).

Right of Access (Subject Access)

You have the right to obtain confirmation that your personal information is being processed and access to your personal information. If you would like to request a copy of the personal information we hold about you, you should contact the Data Protection Officer. We will ask you to complete and return a form, this is not compulsory but helps us to help you by ensuring we receive all the necessary information from you to assist with your access to data request.

Right to Rectification

You have the right to have inaccurate personal information rectified. If you cannot amend any inaccuracies yourself through your on-line account for example, your request will be looked at and where we can we will update any inaccuracies, if however we take the decision not to make a change you have requested, we will explain this to you in writing.

Right to Erasure

This right is subject to mandatory retention periods under EU/local laws.

This is sometimes referred to as ‘the right to be forgotten’. You have the right to have your personal information erased, if:

the personal information is no longer necessary for the purpose which we originally collected or processed it for;

You gave your consent to the processing in the first place and you withdraw your consent and we have no other legal basis to rely upon to process the information;

Your request will be looked at and where we can we will erase the personal information requested, if however we take the decision not to comply with the request as we have a lawful basis to continue the processing, we will explain this to you in writing.

Right to Restrict Processing

You have the right to restrict the processing of your personal information in certain circumstances. This could be because you have issues with the content of the information we hold or how we have processed your information at a certain time. Your request will be looked at and where we can comply with the request we will and for the duration of the restriction time scale you have indicated, if however, we take the decision not to comply with the request, we will explain this to you in writing.

Right to Data Portability

The right to data portability only applies:

to personal data you have provided to us

where the processing is based on your consent or for the performance of a contract and

when processing is carried out by automated means

If you meet the above criteria and still would like to make a request, you will need to do this in writing as stated above and we will provide you with information in a CSV file. In the future it may become possible to transfer your information directly to another provider. It is unlikely that we will be able to do this at the present time, but we will try to accommodate requests where we can.

Right to object

you have the right to object to:

processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);

direct marketing (including profiling); and processing for purposes of scientific/historical

Your request will be looked at and where we can comply with the request we will, if we take the decision not to comply with the request, we will explain this to you in writing.

Data protection law seeks to safeguard individuals against harm that may arise from decision-making – including profiling – that takes place without human intervention. You have the right not to be subject to a decision – including profiling – when it is based on the automated processing of your personal information, and it has a legal effect or a similarly significant effect on you. You also have the right to request an explanation of the logic involved where we make decisions about you solely through automated means.


Contacting the Regulator

If after contacting us, you remain unhappy about how we handle your personal data, customers located in the United Kingdom may contact the Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or visit https://ico.org.uk/. Customers located outside of the United Kingdom can contact the Gibraltar Regulatory Authority, 2nd Floor, Euro Towers 4, 1 Europort Road, Gibraltar or visit http://www.gra.gi/data-protection