Betfred Affiliate Privacy Policy. Version Date: 16th July 2024
We understand that privacy and the security of your personal information is extremely important. This policy sets out what we do with your information and how we keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you in line with the UK GDPR, EU GDPR, the Gibraltar GDPR, and the UK Data Protection Act 2018.
This policy applies to you if you apply to become one of our affiliate partners. It underpins our commitment to protecting your personal information.
This Privacy Policy was last updated in July 2024 and will be updated from time to time if any changes are made that could affect you. if we do update the Policy, we will publish the effective date of the new version. Previous versions of the Policy can be obtained by contacting the Data Protection Officer, contact details below.
This privacy policy should be read in conjunction with our site terms of use and our terms and conditions.
Who we are
Contacting our Data Protection Officer
How and why we collect and use your personal information
Explaining the legal bases we rely on
How long will we keep your personal information
How we protect your personal information
Who do we share your personal information with
Data Subject Rights (Your Rights)
Contacting the Regulator
References in this Privacy Policy to ‘Betfred’, ‘we’ or ‘us’ relate to Petfre (Gibraltar) Ltd, registered in Gibraltar, company number 99314.
Petfre (Gibraltar) Ltd, is registered as a Data Controller with the Gibraltar Regulatory Authority (GRA) – Registration Number DP008163.
If you have any questions about how we handle your personal information, have a question about this Privacy Policy or would like to submit a subject access request or a request to exercise any of your rights, you can contact us in the following way:
By email: dataprotection@Betfred.com
OR
The Data Protection Officer. Betfred, The Spectrum, 56-58 Benson Road, Birchwood, Warrington, WA3 7PQ.
We collect personal information about you from the following sources:
We will only process your personal information where we have a lawful, legal, and legitimate basis to do so.
We process your information in the following way:
We will ask you to provide personal information as part of the application process. You will also be asked to accept our terms and conditions.
The information collected on our application form would typically include your name, home and email address, telephone number, your date of birth and your bank details to enable monies to be paid to you. You will only need to provide your bank details once your application is successful.
You will also be asked to provide the following, which will be used to assess your application submission and help us reach a decision on your application status. Any decision is made by manual means and no automated decision making is in place.
For personal applications you will need to provide photo ID and proof of address in the form of a utility bill or bank statement dated within 3 months of the date of your application.
For business applications you will need to provide photo ID and proof of address for the named director on the application form, you will also need to provide this information for all active directors and relevant shareholders as well as a certificate of incorporation. We will also ask you to provide a copy of the register of shareholders and a corporate structure diagram detailing parent/holding and individual shareholders
We need to collect this information so that we can assess whether we can accept you into the affiliate program. The information you provide is done so in accordance with your consent and the performance of a contract between us.
If you have to contact us, either as part of the application process, or once you become one of our affiliate partners we will keep a record of any contact you make, such as name, address, email address, telephone number and details of your enquiry. This is so we can provide you with the service you need and answer any questions you may have. We process this information under the performance of contract and any legitimate interests either to you as a partner or us as a business
We have legal and regulatory obligations that we need to comply with, as determined by our regulators (the Gambling Commission and the Gibraltar Gambling Commissioner), or as set out in the Gambling Act 2005 and Licence Conditions and Codes of Practice, Gibraltar Gaming Act 2005 and the Generic Code of Practice for the Gambling Industry. These obligations include, but are not limited to, Responsible Gambling obligations, Anti-money Laundering, Anti-fraud & Anti-terrorism laws.
We have an obligation to implement measures to identify and investigate any suspected unlawful, fraudulent, or improper activity connected with our services, including possible money laundering, and the use of proceeds of crime and fraud.
To meet these requirements, when you apply to become one of our affiliate partners, we carry out checks on you which may include: Bankruptcy/CCJ/IVA status; PEP Sanctions; Passport verification; Reports provided by Companies House; Open source checks.
This processing is necessary for us to comply with our contractual and legal obligations. We may also process information this way if it is in the legitimate interests of our business.
As has been explained, the majority of information we collect about you is required to meet our legal and regulatory obligations. under the Gambling Act and Money Laundering.
Where we ask for consent to process your personal information, you are not obliged to provide it, however if you do not do so, this could prevent you from being able to carry out your obligations as stated in the terms and conditions you have signed up to.
We sometimes collect information from you to perform our duties under a contract, we would do this where you have applied to be one of our affiliate partners and accepted our terms and conditions.
Where we process information when it is necessary for our legitimate interests (or those of a third party) and your interests, we will only do so when your fundamental rights do not override those interests.
Whenever we collect or process your personal information, we’ll only keep it for as long as is necessary for the purpose for which it was collected, this is called the retention period. At the end of the retention period, your information will be permanently and securely deleted.
We are committed to protecting your information, we handle it with the utmost care and take all appropriate steps to protect it.
To ensure the continuous security of our website we perform annual PCI-DSS assessments. The PCI-DSS security standards enforce rigorous controls surrounding cardholder data and are intended to protect sensitive cardholder data.
To further our security measures, we also perform annual independent security audits as requested by the Gambling Commission. These assessments are based on a subset of the remote gambling and software technical standards, the purpose aims to ensure customers are not exposed to unnecessary security risks.
From time to time, we may need to share your personal information with other organisations. These organisations are typically:
Below is an overview of your rights in relation to your personal information that we process.
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
If you need to contact us in relation to any request you wish to make under your data subject rights, you can do this by emailing or writing to the Data Protection Officer (contact details are within this privacy policy).
You have the right to obtain confirmation that your personal information is being processed and access to your personal information. If you would like to request a copy of the personal information we hold about you, you should contact the Data Protection Officer. We will ask you to complete and return a form, this is not compulsory but helps us to help you by ensuring we receive all the necessary information from you to assist with your access to data request.
You have the right to have inaccurate personal information rectified. If you cannot amend any inaccuracies yourself through your on-line account for example, your request will be looked at and where we can we will update any inaccuracies, if however we take the decision not to make a change you have requested, we will explain this to you in writing.
This right is subject to mandatory retention periods under EU/local laws.
This is sometimes referred to as ‘the right to be forgotten’. You have the right to have your personal information erased, if:
the personal information is no longer necessary for the purpose which we originally collected or processed it for;
You gave your consent to the processing in the first place and you withdraw your consent and we have no other legal basis to rely upon to process the information;
Your request will be looked at and where we can we will erase the personal information requested, if however we take the decision not to comply with the request as we have a lawful basis to continue the processing, we will explain this to you in writing.
You have the right to restrict the processing of your personal information in certain circumstances. This could be because you have issues with the content of the information we hold or how we have processed your information at a certain time. Your request will be looked at and where we can comply with the request we will and for the duration of the restriction time scale you have indicated, if however, we take the decision not to comply with the request, we will explain this to you in writing.
The right to data portability only applies:
to personal data you have provided to us
where the processing is based on your consent or for the performance of a contract and
when processing is carried out by automated means
If you meet the above criteria and still would like to make a request, you will need to do this in writing as stated above and we will provide you with information in a CSV file. In the future it may become possible to transfer your information directly to another provider. It is unlikely that we will be able to do this at the present time, but we will try to accommodate requests where we can.
you have the right to object to:
processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
Your request will be looked at and where we can comply with the request we will, if we take the decision not to comply with the request, we will explain this to you in writing.
Data protection law seeks to safeguard individuals against harm that may arise from decision-making – including profiling – that takes place without human intervention. You have the right not to be subject to a decision – including profiling – when it is based on the automated processing of your personal information, and it has a legal effect or a similarly significant effect on you. You also have the right to request an explanation of the logic involved where we make decisions about you solely through automated means.
If after contacting us, you remain unhappy about how we handle your personal data, customers located in the United Kingdom may contact the Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or visit https://ico.org.uk/. Customers located outside of the United Kingdom can contact the Gibraltar Regulatory Authority, 2nd Floor, Euro Towers 4, 1 Europort Road, Gibraltar or visit http://www.gra.gi/data-protection