Privacy Policy

Overview and scope

A user’s personal information is collected, used, shared, and protected by OneRed in accordance with this Privacy Policy. This policy applies to all features of the platform, including the website and applications. In an effort to avoid jargon and comply with European data protection legislation, the text follows Dutch practice. Whenever you access information pages, establish or maintain an account, play games, communicate with customer service, or adjust marketing and safety settings, this applies. If any statement in this Policy is in disagreement with a binding legal norm, the rule of law will be applied and the remaining sections will remain in effect. After receiving this notice, continuing to use the site indicates your understanding and acceptance of these policies. Put this Policy on hold and think about your alternatives if you feel uneasy about any portion of it.

Our role as controller and how we govern processing

OneRed acts as the controller for personal data handled within the platform. Acting as controller means we decide why and how data is processed and we accept the duty to demonstrate compliance. We appoint processors to support hosting, payments, security, content delivery, analytics that respect consent, identity verification, and customer care. Processors act under written instructions and are bound by confidentiality and security obligations. We keep records of our processing activities, conduct impact assessments where appropriate, and design systems according to principles of privacy by design and privacy by default. These are practical habits that influence how we choose vendors, write code, review changes, and train employees.

Plain words for important concepts

Personal data means any information that relates to an identified or identifiable person. Processing is any action taken with such information, including collection, storage, use, sharing, and deletion. A processor is a service provider that handles personal data for OneRed under strict instructions. A supervisory authority is the public body that oversees data protection law. The gambling authority is the public body that supervises games of chance. When this Policy mentions partners, it refers to third parties who either act as processors or operate as separate controllers for their own services. These explanations are provided for readability and do not limit your rights.

Categories of data we handle

Using the platform naturally creates or reveals information. Typical categories include identity attributes supplied during account creation, residency indicators that help determine eligibility, signals that confirm you are the rightful owner of a payment method, security credentials used to log in, device and network characteristics, session events, and traffic logs that protect against misuse. Gameplay records exist to settle outcomes and to ensure fairness. Safer play relies on settings such as deposit and time preferences, break choices, and indicators that suggest rising risk. Support conversations may include details you choose to share so that we can help you. Marketing preferences reflect whether you wish to receive offers or tailored information. In addition to the items you provide, we may create derived indicators that help detect fraud or technical abuse. We do not seek to collect special category data such as health or belief information. If such material appears because you volunteer it to support, we limit access, use it only to help you, and remove it when the immediate purpose is over.

Where the data comes from

Most personal data comes directly from you when you fill forms, change settings, or talk with support. Some information is produced by your device and browser as part of secure communication, for example general location inferred from network routing and technical identifiers that allow the service to recognize your session. When law or licensing requires verification, we may consult public registers or rely on verification partners who provide signals about identity, eligibility, or ownership of a payment method. We require those partners to follow strict confidentiality, security, and retention rules and we review them at regular intervals.

Why we process personal data

We use personal data to provide a safe, legal, and fun platform. Account creation, identity verification, deposit and withdrawal processing, gameplay settlement, fraud and abuse prevention, safer gambling, support, stability and usability improvements, system protection, legal compliance under gambling and financial rules, and supervisory body directions are core functions. Limited personalization and non-essential measurement are optional and require your approval. Contracting is necessary to provide the service you requested. Rule-based legal responsibility needs it. We weigh our goals against your rights and expectations and offer a way to object when we use justifiable interests.

Legal bases explained without jargon

Contract covers what must happen so that you can use the platform as intended. Legal obligation covers steps that law and licensing demand, including identification checks, certain reports, and cooperation with supervisory bodies. Legitimate interests allow processing that strengthens safety, integrity, and service quality, provided these aims do not override your rights. Consent is reserved for features that are genuinely optional. If you say yes to a discretionary feature, you may withdraw later, and withdrawal is as simple as the way consent was given.

Responsible play and the information that supports it

Safer play works through a combination of your choices and our duty of care. You can set deposit preferences, session reminders, and breaks. We observe patterns that can indicate fatigue or rising risk, and we may nudge you to review settings or to pause. Where policy or supervisory guidance calls for stronger action, we may apply temporary restrictions to protect you. We treat these data points with care because they concern wellbeing. They are not collected to profile personal traits for marketing. They exist to keep gambling within healthy limits and to meet the operator’s responsibilities under Dutch law.

Cookies and comparable technologies

The platform uses cookies, local storage, and similar technologies to keep sessions stable, defend against misuse, and operate core features. Additional categories help measure performance, find defects, and offer limited personalization when you allow it. On first visit and at intervals you will see a consent interface that lets you manage non-essential categories. You can revisit these choices at any time and your browser offers further control. Our systems are built to honor your selections, and we design product flows that avoid pressuring people into optional settings.

Automated checks, profiling, and human review

Many safeguards operate at machine speed. Fraud screening, payment risk control, game integrity monitoring, and responsible play alerts rely on automated logic. We test these systems for fairness, accuracy, and proportionality, document their goals, and monitor their outcomes. If an automated step has a meaningful effect on your ability to use the platform, you may request human review, provide context the system may not have seen, and ask for reconsideration. When we use profiles to predict or prevent harm, we keep the logic focused on safety rather than marketing and we reassess models on a routine cycle to avoid drift.

Sharing with processors, partners, and public bodies

We share personal data with carefully chosen processors that provide hosting, security operations, game delivery, payment services, identity verification, analytics that respect consent, and customer support technology. Processors must follow our instructions, protect confidentiality, and implement robust security controls. Some partners act as separate controllers for their own services. For example, a studio that runs its own environment may present its own privacy notice and handle rights requests addressed to it. We also share personal data with public bodies when law requires or permits it, including scenarios that protect vital interests such as safety and integrity. OneRed does not sell personal data.

International transfers and the safeguards we use

Some providers are based outside the European area. When personal data moves across borders, we implement safeguards recognized by European law, including contractual protections and layered technical measures. We evaluate the legal environment of each destination, monitor changes, and adjust our approach when necessary so that your rights remain meaningful in practice. We keep records of these flows and can describe the general safeguards upon request, without exposing confidential details that would weaken security.

Retention rules and how we minimize data

We keep personal data only as long as needed for the purposes described in this Policy, including periods specified by gambling, financial, tax, and anti money laundering rules. When a purpose ends, we delete or anonymize the data in an orderly process. Backups and archives follow the same principles and are removed on rolling schedules. We review forms and telemetry with an eye toward collecting less by default, and we adjust designs so that optional features do not quietly expand data collection without clear explanation.

Security measures and your part in them

Security is not a single tool but a collection of practices. We maintain encryption where suitable, strict access control, separation of environments, continuous monitoring, anomaly detection, secure development practices, and regular testing. Changes to code and infrastructure pass through review and staged release so that risk is contained. If an incident occurs, we investigate, contain, and notify affected individuals and supervisory bodies where the law requires. We analyze root causes to prevent repetition. You can help by choosing strong credentials, signing out on shared devices, enabling additional verification for sensitive actions, and treating unexpected messages with caution.

Your rights and how to use them

You have rights under European and Dutch law. You can request confirmation that we process your data and receive a copy. You can ask us to correct information that is inaccurate or incomplete. In specific situations you can request deletion or restriction. You can object to processing based on legitimate interests, including for tailored messages, and we will weigh your reasons against our grounds. You can request a portable copy of your data in a structured format. Where processing relies on consent, you may withdraw that consent at any time. Where a decision rests solely on automated processing and produces meaningful effects, you can request human involvement. These rights are exercised without charge except where requests are manifestly unfounded or excessive, a judgment made according to law and guidance.

How we handle rights requests

You can start a request through tools in your account. To protect everyone’s privacy, we may ask for information that confirms identity before acting. If a request would expose the personal data of another person, reveal confidential safeguards, or weaken the security of the platform, we may limit the response while explaining our reasoning as far as the law allows. We respond within reasonable timeframes and maintain a log of requests and outcomes as part of our accountability duties. Where we decline a request in whole or in part, we provide reasons grounded in law, and you remain free to raise the matter with the supervisory authority.

Marketing choices and relevance controls

Control over promotional communication rests with you. In your account you can choose whether to receive offers and whether limited personalization is appropriate. When you opt out, we disable non-essential channels and continue to send only service messages about security, policy updates, and transactions you initiate. We record your preference and ask providers acting on our behalf to honor it. If you change your mind, you can revisit settings at any time.

Children, young people, and protected persons

The gambling features of OneRed are intended for adults who meet the national standard for participation in games of chance. We implement checks to prevent access by minors. People recorded in the national exclusion register are not allowed to gamble on the platform. If we discover that an account was opened or used in breach of these rules, we close it and take steps consistent with legal and supervisory expectations, including safeguarding funds according to applicable procedures.

Product improvement and measurement with restraint

We analyze aggregated and pseudonymized information to understand stability, performance, and usability. This helps us fix defects, plan improvements, and focus effort where the platform needs it most. Where measurement is not essential to core operation, we rely on your consent and provide straightforward choices. We avoid building advertising profiles that follow you across unrelated services. Our aim is to improve the product you chose to use, not to chase you elsewhere.

Fair design, transparency, and explainability

We try to write notices in plain language and to present choices at the moment they matter. We avoid design patterns that push people toward agreeing to optional processing. When automated logic influences an outcome, we describe the main factors in ordinary terms and keep a path open for human review. We consult external guidance on fairness, pay attention to research on safer play, and invite feedback from users and advocates who care about digital rights.

Relationship to other documents and languages

This Policy works alongside the Terms and Conditions, the Cookie Policy, product rules, and promotion conditions. Where texts appear to conflict, the clause that most precisely addresses the situation will guide the outcome, while mandatory consumer rights remain intact. This Policy is written in English for clarity. If a translated version appears and differences arise, the version identified within the service as authoritative will prevail.

Changes to this Policy

Law, guidance, and technology evolve, and so does this Policy. We may update the text to reflect new requirements, clarify language, or support new features. When a change is significant, we highlight it inside the product and, where required, seek your acknowledgment. Continued use after an update signals acceptance of the revised Policy. If you do not accept a change, you can limit optional features, adjust settings, or stop using the platform.

Complaints, supervision, and cooperation

If you believe your rights have not been respected, you can raise a concern through the mechanisms available in your account. You also have the right to bring the matter to the Dutch data protection authority. We cooperate with supervisory bodies, implement binding directions, and treat every complaint as a chance to improve our explanations and our processes. Transparency is part of trust, and we work to earn it each day.

Closing statement

Privacy is a measure of product quality. OneRed strives to collect less, explain more, and give you meaningful control without needless friction. If you ever feel unsure about a feature, slow down, review settings, and make choices that fit your comfort. Entertainment works best when it is accompanied by care, clarity, and respect for personal data.