We understand that privacy and the security of your personal information is extremely important. This notice sets out what we do with your information and how we keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.
This notice applies to you if you use our services in store, over the phone, online, through our mobile applications or otherwise by using any of our websites or interacting with us on social media. It applies to customer’s and employee’s and underpins our commitment to protecting your personal information. This notice has been adopted by all of the companies and brands in our group.
This Privacy Notice was last updated in October 2020 and will be updated from time to time if any changes are made that could affect you. if we do update the Notice we will publish the effective date of the new version, previous versions of the Notice can be obtained by contacting the Data Protection Officer, contact details below.
References in this Privacy Notice to ‘Betfred’, ‘we’ or ‘us’ relate to the companies and brands who make up the Betfred Group, these are listed below:
Done Brothers (Cash Betting) Limited (UK), registered in the UK, company number 1277703;
Petfre (Gibraltar) Ltd, registered in Gibraltar, company number 99314;
Trading as: Betfred; Oddsking
Brand Owners of: The Sportsman (editorial website www.thesportsman.com, owned by Petfre (Gibraltar) Ltd
Bucky Bingo – www.buckybingo.co.uk (brand owned by Petfre Gibraltar) Ltd, site operated and managed in the UK by 888 UK Limited
Kerching – www.kerching.com (brand owned by Petfre (Gibraltar) Ltd, site operated and managed by Nektan (Gibraltar) Ltd
It also includes any other companies/brands we may add to this group in the future. If you’d like more information about which Betfred Group brand you are dealing with, please check the terms and conditions of the service you are using.
Done Brothers (Cash Betting) Limited (UK) is registered as a Data Controller with the Information Commissioner’s Office (ICO) – Registration Number Z8005918.
Petfre (Gibraltar) Ltd, is registered as a Data Controller with the Gibraltar Regulatory Authority (GRA) – Registration Number DP008163.
If you have any questions about how we handle your personal information, have a question about this Privacy Notice or would like to submit a subject access request or a request to exercise any of your rights, you can contact us in the following way:
By email: firstname.lastname@example.org
By mail: The Data Protection Officer. Betfred, The Spectrum, 56-58 Benson Road, Birchwood, Warrington, WA3 7PQ.
We collect personal information about you when you interact with us and use our services.
We will only process your personal information where we have a lawful, legal and legitimate basis to do so.
This may include ‘Special Category Data’ as defined in the General Data Protection Regulations (GDPR). Special Category Data may include –
personal data revealing racial or ethnic origin;
personal data revealing political opinions;
personal data revealing religious or philosophical beliefs;
personal data revealing trade union membership;
biometric data (where used for identification purposes);
data concerning health;
data concerning a person’s sex life; and
data concerning a person’s sexual orientation.
The GDPR places tighter controls on the processing of ‘special category data’ and we would only process information categorised as such where we have a lawful, legal and legitimate basis to do so and assess the processing against the rights and freedoms of the data subject.
If you use our website, we will ask you to provide personal information in order that you can register for an account and use our services. You will also be asked to accept our terms and conditions.
If you write to us either by letter or email, we will keep a record of your information, such as name, address, email address, telephone number and details of your enquiry.
If you contact our Customer Service Team by telephone, telephone calls are recorded. All callers are informed of this at the beginning of the call.
Please note that calls to Betfred are fully compliant with PCI DSS standards. This standard ensures that we handle your payment card details (e.g. your credit or debit cards) securely.
If you use our ‘Live chat’ Service, the following information is collected; your name, username/password, date of birth, postcode, email address and content of the live chat session.
We may collect information about you in a number of ways, these being; CCTV – Images of people who visit Betfred premises or staff who work in Betfred premises may be captured by CCTV. These images will not be shared with any other person or organisation, unless you have consented or if we are allowed to by law, for example, for the apprehension and prosecution of offenders or to prevent or detect crime.
There may be occasions when entering Betfred premises that we may challenge your age. Please don’t be offended – we need to record this information so that we can demonstrate that we have complied with our age verification process.
We use the information you provide to us to process your application for employment. Information about unsuccessful applicants will be retained in accordance with our retention policy.
Your personal information is processed to meet the conditions of your employment contract and will be kept for the duration of your employment. If you leave Betfred, your information is kept in line with our retention policy. We may share information with other organisations for the purpose of providing a reference for employment.
Your information is used to manage the provision of goods and services to us. Depending upon the nature of the service, this may include the use of personal information.
If you enter competitions or take part in promotions, we will collect information from you to be able to process your competition entry or application. Only when you have indicated that you would like to receive future promotional material will we retain your personal information for this purpose; if you have indicated that you would not like future promotional material, then the information will be deleted after the competition/promotion has ended.
Your personal data will be used to open an account and for payment processing. Our employees may use this information to contact you to discuss your account and activities, and any such communications will be recorded for the purposes of training and security in line with our retention policy.
Additional personal data and documentation may be requested from time to time for the purpose of identity verification in order to meet our regulatory requirements.
We also ask you if you consent to marketing by SMS and Email, and if so, what your marketing preferences are. Please note, you may withdraw your consent to marketing at any time within the “My Account” under “My Details” page of your online account or by choosing to opt out on any marketing communication you may receive.
We may also send marketing material to you by direct mail post and make live telephone marketing calls to you without your consent. We will only do this where the law allows and when all checks with the TPS in relation to live telephone marketing have been made. You have the right to object to this marketing, please see the section below on Data Subject Rights (Your Right).
Where you have opted in to consent to marketing by Betfred’s Digital Brands, these brands are; Betfred and Oddsking.
Where you have opted in to consent to marketing by ‘Our friends’, these organisations are; Jackpot Jones and Kerching.
You can opt out of any marketing you may have opted in to at any point either via the preference centre on your ‘My Account’ or by choosing the method of opt out on any marketing communication you may receive.
We may use information which we hold about you to show you relevant advertising on third party sites (e.g. Facebook, Google, Instagram, Snapchat and Twitter). If you don’t want to be shown targeted advertising messages from us, some third party sites allow you to request not to see messages from specific advertisers on that site in future. The Gambling Commission have published detailed guidance on how you can control the gambling related content you see on Facebook. If you want to stop all personalised services from us, including targeted advertising messages on third party sites you can contact our Customer Service (email@example.com) or email the Data Protection Officer (firstname.lastname@example.org) to disable personalisation.
We also like to hear your views to help us to improve our services, so we may contact you for market research purposes. You always have the choice about whether to take part in our market research.
Where it is reasonable for us to do so and not detrimental to your rights and freedoms, we also collect Personal Data from publicly available sources such as internet searches, social media and Companies House.
In the interests of responsible gambling, your personal information may be shared between members of the Betfred Group regarding any self-exclusion. This is part of our ‘Keep it fun’ responsibly gambling policy.
As an accountable organisation, this information may be used to ensure that we meet our obligations in respect of social compliance. The information is processed to enable us to comply with any legal or regulatory requirements as determined by our regulators (the Gambling Commission and the Gibraltar Gambling Commissioner), or as is set out in the the Gambling Act 2005 and Licence Conditions and Codes of Practice. Gibraltar Gaming Act 2005 and the Generic Code of Practice for the Gambling Industry.
For the purposes of prevention or detection of crime as well as responsible gambling, we may also supplement the information about you with information that we receive from third parties or collate by accessing third party sources, including information published on the internet about or by you, for example on social media and social networking sites.
Your information may also be used to help us make decisions about how your gambling behaviour affects our business. Any such decisions are based upon our legitimate business interests and might reasonably be expected as part of running our business and does not materially impact your rights, freedoms or interests. These are things we do to help us operate as a commercial organisation. If we make decisions based on these grounds, then you have a right to object. However compelling grounds for processing such information, may over-ride your right to object.
We may carry out profiling of you and your activity in relation to our services so we can tailor marketing communications to better suit your interests.
This will be undertaken based on your use of our services and your marketing selections made via the preference centre on your ‘My Account’ page.
We have an obligation to implement measures to identify and investigate any suspected unlawful, fraudulent or improper activity connected with our services, including possible money laundering, the use of proceeds of crime and fraud.
We may implement manual and automated checks when processing your personal data to highlight any suspicious activity. In addition, automated identification, verification and credit checks are carried out on our behalf by third party organisations.
These decisions are necessary for us to comply with our contractual and legal obligations.
We may use automated decision making when we carry out identity and validation checks on customer transactions. This is so we can help you to gamble responsibly and make sure we can meet our obligations in respect of social compliance.
The law on data protection sets out a number of different reasons which a company may collect and process your personal information, these include;
In certain situations we collect and process your information with your consent, an example of this is where you have opted into receiving direct marketing from us.
We sometimes collect information from you to perform our duties under a contract, an example of this would be when you enter into a contract of employment with us. Another example is when you sign up to an account for one of our services and accept our terms and conditions.
We will only use your personal data when the law allows us to. Where we need to perform the contract, we are about to enter into or have entered into with you;
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
• Where we need to comply with a legal or regulatory obligation, included but not limited to the following:
• Requests for Information from Law Enforcement, Courts or our Regulators;
• For the Detection and Prevention of Crime;
• For the protection of the integrity of Professional Sports; and
• For Compliance with Anti-Money Laundering Regulations.
As an accountable organisation, we may also collect information about you to ensure that we meet our obligations in respect of responsible gambling. This information is processed to enable us to comply with any legal or regulatory requirements as determined by our regulators (the Gambling Commission and the Gibraltar Gambling Commissioner), or as is set out in the under the Gambling Act 2005, Licence Conditions and Codes of Practice, Gibraltar Gaming Act 2005 and the Generic Code of Practice for the Gambling Industry.
Whenever we collect or process your personal information, we’ll only keep it for as long as is necessary for the purpose for which it was collected. At the end of the retention period, your information will be permanently and securely deleted.
Some examples of our retention periods are below;
When you contact us by telephone, the call recordings are kept for a period of 12 months after which time they are archived. All calls are permanently and securely deleted after a period of 6 years.
If you use our live chat service, your information is retained for a period of two years in the live system after which time it is archived and permanently and securely deleted after 5 years.
All images captured on any of our CCTV are kept for a period of between 7 and 30 days after which time the images are overwritten.
If you make a complaint and the complaint is escalated through our complaints procedure, we will keep all information in relation to the complaint for 3 years after the issue has been closed.
To fulfil our requirements, some of your personal information will need to be retained for a period of time after you cease to be a customer. When we no longer need it to fulfil the above requirements, we delete it securely.
We are committed to protecting your information, we handle it with the utmost care and take all appropriate steps to protect it.
To ensure the continuous security of our website we perform annual PCI-DSS assessments. The PCI-DSS security standards enforce rigorous controls surrounding cardholder data and are intended to protect sensitive cardholder data.
To further our security measures, we also perform annual independent security audits as requested by the Gambling Commission. These assessments are based on a subset of the remote gambling and software technical standards, the purpose aims to ensure customers are not exposed to unnecessary security risks.
Some of your personal information may have to be shared with our regulators such as the Gambling Commission, Gibraltar Regulatory Authority, Advertising Standards Authority, Independent Betting Adjudication Service, the Information Commissioners Office.
We may share your personal information with Sporting Regulatory Bodies when the information is relevant to support their investigation and the law allows.
In most circumstances we will not disclose your personal information, unless you have consented or unless we are allowed to do so by law. However when we investigate a complaint, for example, we may need to share personal information with the organisation concerned and with other relevant bodies.
We may need to conduct verification checks which could include sharing information with third party organisations, such as credit reference agencies.
One such organisation is TransUnion, who further act as a Data Controller when processing personal information. More information about TransUnion’s activities can be found by clicking on the link below.
Your personal information may be processed in any country in which we and/or our data processors have facilities. Where your personal information is sent to a country outside of the European Union (EU), by using the service, you are consenting for such a transfer to take place. We will ensure that adequate measures are in place to protect your information and treat it as securely as it would have been had it remained in the EU.
The United Kingdom withdrew from the European Union on 31 January 2020. On the basis, of the Withdrawal Agreement that has been ratified by both the European Union and the United Kingdom, a transitional period during which EU law will continue to apply in the United Kingdom will last until 31 December 2020, with a further 1 to 2 year extension currently being considered. With regards to personal data, the situation remains unchanged and no transfer mechanism under Chapter V of the GDPR or of the Law Enforcement Directive is therefore required whilst the Withdrawal Agreement is still in place.
As the landscape changes, we will ensure that these are reflected in our processes.
Occasionally your data will be disclosed to third party organisations with whom we contract to provide services on our behalf. These services will only be carried out under contract which will contain our instructions and expectations in respect of how your data will be used.
Examples of where we use data processors is below:
We may share and disclose personal information with our Marketing Affilliates for the purpose of providing you with different marketing offers, which we, or our Marketing Affilliates believe are relevant for you.
We may share and disclose your personal information with third parties in order to facilitate our marketing services, including SMS, email, telephone and direct mail delivery services.
Below is an overview of your rights in relation to your personal information that we process.
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice . If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
If you need to contact us in relation to any request you wish to make under your data subject rights, you can do this by emailing or writing to the Data Protection Officer (contact details are within this privacy notice).
You have the right to obtain confirmation that your personal information is being processed and access to your personal information. If you would like to request a copy of the personal information we hold about you, you should contact the Data Protection Officer. We will ask you to complete and return a form, this is not compulsory but helps us to help you by ensuring we receive all the necessary information from you to assist with your access to data request.
You have the right to have inaccurate personal information rectified. If you cannot amend any inaccuracies yourself through your on-line account for example, your request will be looked at and where we can we will update any inaccuracies, if however we take the decision not to make a change you have requested, we will explain this to you in writing.
This right is subject to mandatory retention periods under EU/local laws.
This is sometimes referred to as ‘the right to be forgotten’. You have the right to have your personal information erased, if:
the personal information is no longer necessary for the purpose which we originally collected or processed it for;
You gave your consent to the processing in the first place and you withdraw your consent and we have no other legal basis to rely upon to process the information;
Your request will be looked at and where we can we will erase the personal information requested, if however we take the decision not to comply with the request as we have a lawful basis to continue the processing, we will explain this to you in writing.
You have the right to restrict the processing of your personal information in certain circumstances. This could be because you have issues with the content of the information we hold or how we have processed your information at a certain time. Your request will be looked at and where we can comply with the request we will and for the duration of the restriction time scale you have indicated, if however we take the decision not to comply with the request, we will explain this to you in writing.
The right to data portability only applies:
to personal data you have provided to us;
where the processing is based on your consent or for the performance of a contract; and
when processing is carried out by automated means
If you meet the above criteria and still would like to make a request, you will need to do this in writing as stated above and we will provide you with information in a CSV file. In the future it may become possible to transfer your information directly to another provider. It is unlikely that we will be able to do this at the present time but we will try to accommodate requests where we can.
you have the right to object to:
processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
Your request will be looked at and where we can comply with the request we will, if we take the decision not to comply with the request, we will explain this to you in writing.
Data protection law seeks to safeguard individuals against harm that may arise from decision-making – including profiling – that takes place without human intervention. You have the right not to be subject to a decision – including profiling – when it is based on the automated processing of your personal information and it has a legal effect or a similarly significant effect on you. You also have the right to request an explanation of the logic involved where we make decisions about you solely through automated means.
If after contacting us, you remain unhappy about how we handle your personal data, customers located in the United Kingdom may contact the Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or visit https://ico.org.uk/. Customers located outside of the United Kingdom can contact the Gibraltar Regulatory Authority, 2nd Floor, Euro Towers 4, 1 Europort Road, Gibraltar or visit www.gra.gi/data-protection