Know Your Customer Policy

OneRed validates the identities of its users, collects information on its customers, and monitors the activities of its users in order to guarantee that all acts are safe, fair, and in compliance with various laws. This is in accordance with the regulations that have been established by the Dutch government addressing gaming, the privacy laws that are in place throughout Europe, and the laws that are in place around the world concerning sanctions, anti-money laundering, and counter-terrorism financing. There need to be no room for doubt regarding the desired objective, which is to achieve robust security with a minimum of work necessary.

Purpose and scope

Customer due diligence at OneRed serves three aims. First, to make sure only eligible adults use gambling features in the Netherlands. Second, to prevent misuse of the platform for crime or harm. Third, to support safer play by ensuring that activity remains personal, transparent, and sustainable. This policy covers every account, every presented payment instrument, and all features that touch real-money play. It also guides how we work with providers whose services interact with customer data or funds.

Principles we follow

We apply proportionality, clarity, and confidentiality. Proportionality means checks fit the risk. Clarity means requests are explained in plain words. Confidentiality means sensitive data is seen only by people who need it and is protected by layered security. When rules change, our controls rise to the new standard without delay.

Eligibility and single-account rule

Gambling features are available only to adults who meet the Dutch legal standard and who act on their own behalf. Each natural person may maintain one account. Tools that hide location or identity are not allowed. During onboarding we check the national exclusion register known as CRUKS. A match blocks gambling and limits access to information and safer-play resources.

Identification at onboarding

Opening an account requires accurate identity information. We confirm name, date of birth, and residence, and we gather signals that the person using the device is the rightful applicant. Depending on risk, we may request documentary proof, digital identity assertions, biometric liveness, or reliable database checks. If details are incomplete, inconsistent, or cannot be verified with confidence, the account remains restricted or may be declined.

Payment method ownership

OneRed accepts only payment instruments held in the same name as the account. Ownership can be checked at any time. We confirm that deposits and withdrawals move through appropriate routes and that refunds return through compatible channels. Third-party payments, circular transfers, and unusual routing are not permitted. When a payment is reversed without valid basis, we may deduct the amount, pause features during review, and pursue recovery where needed.

Source of funds and source of wealth

When activity suggests that more context is appropriate, we may request information that connects deposits to a lawful origin and, in higher-risk cases, broader indicators of wealth. Examples include income confirmations or statements that credibly link funds to legitimate sources. If cooperation is refused or the explanation does not raise confidence, we may apply stricter limits or close the account.

Politically exposed persons and sanctions screening

We screen customers against politically exposed person lists and national or international sanctions registers maintained by competent authorities. A politically exposed match triggers enhanced steps and senior review. A sanctions match results in denial of service and, where required, freezing of transactions and formal reporting.

Ongoing monitoring

Know Your Customer is continuous, not a single gate. We monitor deposit velocity, withdrawal patterns, live session behaviour, device changes, geolocation signals, and other indicators that show how an account is being used. When behaviour shifts sharply or crosses internal guardrails, we may request updated information, reduce limits, pause features, or close the account.

Enhanced due diligence

Some situations call for a deeper look. Triggers include adverse media about financial crime, frequent payment reversals, complex routing, attempts to bypass controls, or sustained play that does not fit available information. Enhanced steps can include expanded verification, additional proof of funds, closer transaction analysis, and more frequent reviews. We prefer clear dialogue and focused requests that address the exact risk.

Prohibited conduct

The platform cannot be used to disguise origins of funds, to split or layer transactions, to act on behalf of another person, or to evade sanctions or taxes. Manipulation of promotions, chip-dumping, or collusive behaviour is also prohibited. Evidence of misuse prompts rapid action to protect players and meet legal duties.

Record keeping

We document identification steps, risk assessments, screening results, and decisions. Records are retained for legally required periods and then deleted or anonymised in an orderly way. Access to records is limited to authorised staff and governed by strict controls, with audit trails to prove who viewed what and why.

Data protection and privacy

KYC data is personal data. We minimise collection, explain purposes, and secure systems with layered measures such as encryption, access control, monitoring, and change management. Legal bases include performance of the contract, legal obligation, and legitimate interests that support safety and integrity. Optional features that rely on consent remain separate from KYC obligations. Rights of access, rectification, erasure, restriction, portability, and objection apply as described in the OneRed Privacy Policy. Where automated steps play a part, you can request human review.

Use of automation with human accountability

Automation helps us detect forged documents, confirm liveness, compare data points, and flag anomalies at speed. Automated checks never remove accountability. If an automated outcome meaningfully affects a person’s ability to use the service, a human can review the case, consider context, and provide a reasoned decision. We study false positives and refine models to reduce friction.

Training and oversight

Everyone who handles KYC receives training on the legal framework, respectful communication, and escalation routes. We refresh training regularly. Supervisors review samples of work for quality and fairness, while internal audit tests whether controls are effective. Findings feed a concrete improvement plan with clear ownership.

Reporting obligations

When legal thresholds are met, OneRed files reports with the competent financial intelligence unit or other designated bodies. In some situations the law prohibits us from telling the customer that a report was filed. We cooperate with lawful information requests from supervisory authorities and law enforcement and maintain confidentiality around investigations.

Responsible-gaming alignment

KYC and safer play reinforce each other. Identity and ownership checks ensure that limits, breaks, and exclusions are applied to the correct person. When harm indicators rise, KYC reviews may accompany responsible-gaming interventions such as tighter limits or a pause. The intent is protective rather than punitive.

Third-party providers and outsourcing

Where we rely on verification partners, screening services, or analytics providers, we use written contracts that set boundaries, require strong security, and limit use of data to the contracted purpose. Providers assist with rights requests and supervisory inquiries. We reassess them on a regular cadence and change course if standards are not met.

Partners and affiliates

Although OneRed accounts are personal, we perform due diligence on affiliates, marketing partners, and suppliers whose behaviour can affect platform integrity. This may include identity checks on principals, sanctions screening, ownership verification, and adverse media review. Relationships that fall short of expectations end.

Escalation and decision rights

Uncertain or higher-risk cases escalate to specialists who balance risk, fairness, and regulatory expectations. Senior decision makers approve material outcomes and ensure that similar situations receive similar treatment. We keep a clear audit trail of decisions, reasons, and evidence.

Customer communication

We ask only for what is necessary and explain why. If features are restricted, we say so in plain language and outline what is needed for review. Where law limits disclosure, we still aim for respectful tone and practical guidance. We prefer conversation to silence.

Security standards

KYC information moves through hardened systems. We employ environment separation, monitoring, integrity checks, and disciplined change control. Incident response is prepared, tested, and continually improved. Customers can help by keeping credentials private, using trusted devices, and reporting suspicious messages.

Reviews and updates

Crime evolves and so do rules and best practices. We review this policy at sensible intervals and update processes when guidance changes or experience shows a better way. Significant changes flow into staff training and are reflected in product where they affect customers.

Breach of this policy

Deliberate or negligent failure to follow KYC controls undermines safety and trust. Staff are required to comply. Breaches trigger corrective action, which can include training, process change, or disciplinary steps according to internal standards and law.

Final statement

KYC is not a barrier for its own sake. It is a promise that play on OneRed remains personal, lawful, and safe. We will keep investing in clear communication, proportionate checks, and technology that protects without intruding. When in doubt, we choose the path that protects people and keeps the market clean.