Privacy Policy

Purpose and reading guide

This Privacy Policy explains how OneRed gathers, uses, and safeguards personal information across the website, the apps, and all the gaming and support features that are available through the platform. The wording follows both the General Data Protection Regulation and the Dutch rules that carry it out and add to it. The goal is to be clear without losing legal accuracy. If there is a regulation that is binding and it goes against anything contained here, that rule takes precedence and the rest of this Policy still applies.

Our role and responsibility

OneRed acts as the controller for personal data processed through the platform. As controller we decide the purposes and means of processing and we accept the duty to demonstrate compliance. We choose service providers with care, instruct them in writing, and supervise delivery. We record our processing activities, review risks through formal assessments where appropriate, and design the service according to the principles of privacy by design and privacy by default. These are not slogans but habits that guide everyday work.

Key concepts explained plainly

Personal data means information that identifies you or makes you identifiable. Processing covers actions such as collecting, viewing, storing, organizing, analyzing, sharing, and deleting. A processor is a trusted provider that handles personal data on documented instructions from OneRed. A supervisory authority is the public body that oversees compliance with data protection law. The gambling authority is the public body that supervises the market for games of chance and sets protective expectations. These concepts are used throughout the Policy to keep the narrative consistent and readable.

What we collect

Using the platform generates information about you and about the way you interact with the service. This includes identity and residency details, eligibility confirmations, ownership of payment methods, account credentials, device and network attributes, security events, session logs, gameplay records, preferences for safer play, status in the national exclusion register where relevant, customer support conversations, and choices you make regarding analytics and marketing. We may also derive insights that help us prevent fraud or misuse. We do not seek to collect special category data. If you share sensitive information with support because you need assistance, we restrict access and use it only for the narrow purpose of helping you.

Where the data comes from

Most information comes directly from you when you register, set preferences, or contact support. Additional data is produced by your device and browser as part of secure communications, such as general location inferred from network routing, and technical identifiers that protect sessions. In some cases we consult official registers or receive verification signals from providers who help confirm identity, eligibility, or payment ownership. We require those providers to respect strict confidentiality, security, and retention rules.

Why we process personal data

We process personal data to operate a safe and lawful gaming platform. The purposes are broad yet concrete: creating and maintaining accounts, confirming identity and eligibility, handling deposits and withdrawals, preventing fraud and abuse, enforcing safer play measures, providing customer support, improving product performance and quality, keeping systems secure, and demonstrating compliance to supervisory bodies. We also process data to meet duties that arise from anti money laundering and sanctions rules, from financial and tax law, and from directions issued by public authorities. Where features are genuinely optional we rely on your consent. Where processing is necessary for the contract, we proceed on that basis. Where a legal obligation applies, we follow it. Where we rely on legitimate interests, we consider your rights and expectations and we provide a channel to object.

Legal bases in everyday language

Contract is the legal footing for steps that are essential to the service you choose to use. Legal obligation covers actions that law requires, such as certain checks and reports. Legitimate interests allow processing that protects security, integrity, and quality, provided your rights are not overridden. Consent applies to optional analytics, controlled personalization, and similar features. You can withdraw consent without penalty, and withdrawing does not affect use that already took place while consent was in place.

Responsible play signals

The platform includes tools that help you stay in control, such as deposit and loss limits, stake caps, time outs, reminders, and breaks. To make these tools effective, we record your settings and observe relevant patterns, for example signs of fatigue or rising risk. The goal is protection, not surveillance. When indicators suggest heightened risk, we may prompt a review of settings, recommend a pause, or apply temporary restrictions in line with our duty of care and the policies that govern licensed operators in the Netherlands.

Cookies and similar technologies

OneRed uses cookies, local storage, and comparable technologies. Essential technologies keep sessions stable, protect against fraud, and make core features work. Optional categories help us measure performance, diagnose issues, and offer limited personalization where you have allowed it. On your first visit and from time to time, a consent interface lets you set preferences. You can revisit those choices at any moment, and your browser provides additional control. We design systems to respect your selection.

Automated checks and fair outcomes

Certain safeguards operate at machine speed. Fraud screening, payment risk control, game integrity monitoring, and responsible play alerts rely on automated logic. We test these systems for accuracy and proportionality and we document their purpose and limits. If an automated result has a significant effect on your ability to use the platform, you may request human review, share context that the system may not have seen, and seek a fresh outcome. We see automation as an aid to protection, not a replacement for accountability.

Sharing with service providers and partners

OneRed shares personal data with carefully chosen providers that deliver hosting, security, payments, game content, identity verification, analytics that respect your consent, and customer care technology. Providers that act as processors follow our instructions, maintain confidentiality, and implement suitable security. In some scenarios a provider acts as an independent controller, for example a studio that runs its own environment under separate legal duties. In those cases the provider presents its own notice and handles rights requests addressed to it. We also share personal data with public bodies where law requires or permits it, and when necessary to protect vital interests such as safety and integrity.

International movement of data

Some providers operate beyond the European area. When data travels across borders, we rely on safeguards recognized by European law, such as standard contractual commitments and layered technical protections. We assess the legal environment of each destination, monitor changes, and adjust measures so that your rights remain effective no matter where processing occurs. We keep a record of these transfers and can describe the general safeguards on request.

Retention, minimization, and archives

We keep personal data only for as long as it is needed for the purposes described in this Policy. Retention periods are influenced by duties in gambling regulation, financial and tax law, anti money laundering rules, and supervision by public bodies. When a purpose ends, we delete or anonymize the data in an orderly and secure way. Backups and archives are governed by the same principles and are removed according to documented schedules. We routinely review forms, logs, and telemetry to see if collection can be reduced, and we adjust designs so that less personal data is gathered by default.

Security in depth

It’s always a job to keep personal information safe. Modern encryption, strict access control, job separation, monitoring, and regular testing are all things we do to keep our systems safe. When we make changes to code or infrastructure, we use controlled releases. We also check dependencies to make sure that all parts are up to date. If something goes wrong, we look into it right away, try to limit the damage, tell the right people and the government agency in charge when the law says so, and use what we learned to make the platform better next time. You can help by creating strong passwords, allowing extra proof for important tasks, and not accessing your account from shared or unknown devices.

Your privacy rights

You have rights under European and Dutch law. You can request confirmation that we process your data and receive a copy. You can ask us to correct inaccurate or incomplete information. In certain situations you can request deletion or restriction. You can object to processing based on legitimate interests, including for tailored messages, and we will weigh your reasons against our grounds. You can ask for a portable copy in a structured and commonly used format. Where processing relies on consent, you may withdraw that consent at any time. Where a decision rests solely on automated processing and produces legal or similar significant effects, you can request human involvement.

Exercising those rights

You can start a request through tools available inside your account. We may seek information that confirms identity before acting on a request, as this prevents misuse. If a request would expose the personal data of another person, reveal confidential methods, or weaken security, we may limit the response and explain our reasoning as far as the law allows. We respond within reasonable timeframes and we maintain a record of requests and outcomes as part of our accountability duties.

Marketing choices and relevance controls

Control over promotional messages is in your hands. Within the account area you can set whether you wish to receive offers and whether limited personalization suits you. When you opt out, we switch off non essential channels and continue to send only service messages tied to security, policy updates, and transactions that you initiate. We record your preference and ask providers acting on our behalf to respect it as well.

Special cases and sensitive contexts

We do not seek to collect health data, belief information, or other sensitive categories. If such material appears because you volunteered it in a conversation with support, we handle it strictly for the purpose of assisting you, then limit retention. We do not use sensitive traits for marketing or to determine eligibility for promotions. Where the law requires a proportionate assessment to protect people from harm, we perform the assessment with restraint and document the grounds.

Children and protected persons

The gambling features of the platform are intended only for adults who meet the legal standard in the Netherlands. We apply checks to prevent access by minors. Individuals listed in the national exclusion register cannot gamble on the platform. If we discover that an account was opened or used contrary to these rules, we will close it and handle related records according to legal and supervisory expectations.

Product improvement and measurement

Understanding how features perform helps us fix problems and plan improvements. We analyze aggregated and pseudonymized information to study stability, speed, and usability. Where measurement is not essential, we rely on your consent and we honor your choices. We do not build advertising profiles that follow you across unrelated services. Our focus is the quality of the product you use, not surveillance.

Fairness and transparency in design

We write in clear language and explain what happens with data at the moment choices are made. We try to avoid patterns that push you toward accepting optional processing. Where automated logic influences outcomes, we describe the main factors in plain terms and offer a path to request a human check. We welcome feedback from customers, advocates for safer play, and researchers who study digital trust.

Policy updates

Law, guidance, and technology evolve, and so does this Policy. We may update the text to reflect new obligations, to clarify wording, or to support new features. When a change is significant, we highlight it inside the service and, when required, we ask for your acknowledgment. Continued use of the platform after an update signals acceptance of the revised Policy. If you do not accept a change, you can adjust settings, limit optional features, or discontinue use.

Oversight and complaint paths

If you believe your rights have not been respected, you can raise a concern using the mechanisms available within your account. You also have the right to bring a matter to the Dutch data protection authority. We cooperate with oversight bodies, implement binding directions, and treat each complaint as a chance to improve our practices and our explanations.

Relation to other documents

This Policy works alongside the Terms and Conditions, the Cookie Policy, the product rules, and promotion conditions. Where texts appear to conflict, the clause that most precisely addresses the situation will guide the outcome while mandatory consumer rights remain intact. The Policy is written in English for clarity. If a translated version appears within the service and differences arise, the version designated as authoritative in the legal notice will prevail.

Closing statement

Making good goods includes protecting customers’ privacy, according to OneRed. We aim to give you greater power in a straightforward manner. If a certain function or setting is unfamiliar to you, you might pause and consider your alternatives.