Privacy Policy

This Privacy Policy explains how Bet On Red, operated via https://betonred-aussie.com, collects, uses, discloses, and protects personal information of players and website visitors. It applies to all users who access or use our website, register an account, participate in casino or sportsbook activities, or interact with our customer support. By using our services, you acknowledge that you have read and understood this Policy. This Privacy Policy is effective as of 1 January 2026 and supersedes any prior versions published on our website.

Who We Are

OBSERVE: Users need to know the identity and contact details of the operator responsible for their data, including its registration and oversight structure.

EXPAND: We clarify the group structure (operator and processor), offshore licensing context, and direct contacts for privacy matters in a way that is transparent for Australian users.

REFLECT: This information allows you to understand who determines the purposes and means of processing and how to exercise your rights.

The services offered under the brand Bet On Red and via the domain https://betonred-aussie.com are operated by:

Operator (Data Controller): Uno Digital Media B.V.
Legal form: Besloten Vennootschap (private limited company)
Registered jurisdiction: Curaçao
Company registration number: 157147 (Uno Digital Media B.V., Curaçao)
Gaming licence: Sublicence no. B2C-AK2QPM3H-1668JAZ, issued under Curaçao eGaming (CEG). The status of this licence should always be verified via the validation seal available on our website due to the risk of licence cloning and transition to the new LOK regime.

For certain payment-related processing activities, the following group company may act as processor or joint controller:

Payment Processing Entity: UDM Processing Corp
Role: Payment processing services for Bet On Red
Jurisdiction: Cyprus

Data Protection Contact

Data Protection Officer / Privacy Contact: Data Protection Department, Uno Digital Media B.V.
E-mail (primary privacy contact): [email protected]
E-mail (support and rights requests accepted): [email protected]
E-mail (payments-related queries): [email protected]

Because our corporate and mailing addresses may change from time to time, the current legal and correspondence addresses are always indicated in the footer or "Contact" section of https://betonred-aussie.com. If any address is not specified there, you may direct all written correspondence to us via email in the first instance.

What Personal Data We Collect

OBSERVE: Operating an online casino and sportsbook for Australian players requires collection of identity, technical, financial, and behavioural data to run accounts, comply with KYC/AML rules, and ensure fair play.

EXPAND: We specify each category to give you clarity on what is collected directly from you, what is obtained automatically, and what may be generated or inferred from your use of our services.

REFLECT: Understanding these categories helps you evaluate necessity, lawfulness, and your rights in relation to each type of data.

1. Identification and Contact Data

Full name, date of birth, place of residence and postal address
Username, account ID
E-mail address, phone number, language preferences
Copies or details of identification documents (passport, driver licence, national ID), proof of address (utility bill, bank statement), and other KYC documentation where required

2. Account and Gameplay Data

Registration details, account settings, communication preferences
Betting and gaming history: game titles played, stakes, wins and losses, frequency and duration of sessions
Bonus participation: opt-ins, wagering progress, bonus abuse flags
Responsible gambling data: self-exclusions, limits, time-outs, reality checks

3. Payment and Financial Data

Deposits and withdrawals: amounts, currencies, timestamps, methods used
Partial payment instrument details as provided by payment providers (e.g. masked card numbers, IBAN or account identifiers) - we do not store full card details where the payment provider processes them directly
Transaction verification data: payment confirmations, chargeback information, anti-fraud scores

4. Technical and Log Data

IP address and approximate geolocation (country/region)
Device information: device type, operating system, browser type and version, screen resolution, device identifiers where applicable
Log files: access times, pages visited, clicks, referring URLs, error logs, session duration

5. Behavioural and Usage Data

Navigation patterns, clicks, scrolls, interaction with banners, and time spent on specific pages
Response to campaigns: opened emails, link clicks, opt-ins/opt-outs
Risk and behaviour profiles generated to detect problem gambling, fraud, or bonus abuse

6. Cookies and Similar Technologies

HTTP cookies, HTML5 local storage, and similar identifiers used to remember your preferences, maintain sessions, provide security features, and conduct analytics and marketing
Identifiers placed by third-party providers (e.g. analytics, advertising networks) where enabled

7. Communication Data

Content of communications with our support team (live chat, e-mail, internal messaging)
Voice recordings where we offer and you use phone support (if applicable, and where permitted by law)
Records of complaints, requests, and dispute correspondence

Legal Basis for Processing

OBSERVE: As an offshore operator serving Australian users, we align our privacy framework with internationally recognised principles, including GDPR-like standards, while also complying with Curaçao licensing and applicable AML/KYC obligations.

EXPAND: We map each main category of processing to a corresponding legal basis: consent, contract, legitimate interest, and legal obligation, and clarify when each applies.

REFLECT: This structure allows users to understand when they can withdraw consent, when processing is strictly necessary, and how we balance legitimate interests with privacy.

1. Performance of a Contract

We process your data when it is necessary to enter into and perform our agreement with you, including our Terms and Conditions. This includes:

Creating and managing your player account
Providing access to games and sportsbook services
Processing deposits, bets, bonuses, and withdrawals
Providing customer support and communicating about service matters
Ensuring the technical functioning and security of your account

2. Compliance with Legal and Regulatory Obligations

We are required under Curaçao law, our licence conditions, and generally accepted anti-money-laundering (AML) and counter-terrorist-financing (CTF) standards to:

Verify your identity (KYC) and age
Monitor transactions for suspicious activity
Maintain records for defined periods for audit, tax, AML, and regulatory reporting
Cooperate with law enforcement, regulators, courts, and competent authorities where lawfully requested

Processing for these purposes is based on our legal obligations and licensing conditions and is not optional.

3. Legitimate Interests

We process certain data where we have a legitimate interest that is not overridden by your rights and freedoms, such as:

Preventing, detecting, and investigating fraud, abuse, bonus misuse, and other unlawful behaviour
Protecting the integrity and security of our systems and the fairness of games
Improving our products, services, and user experience through aggregated or pseudonymised analytics
Enforcing our Terms and Conditions and defending our legal rights and interests

4. Consent

In specific cases, we process your personal data based on your explicit consent, which you can withdraw at any time (without affecting prior lawful processing):

Receiving marketing communications (e-mail, SMS, push notifications, in-site messages) that are not strictly service-related
Placement and use of non-essential cookies (analytics, advertising) where required by applicable law
Participation in optional surveys, competitions, loyalty programmes, and promotional activities beyond what is necessary to perform our contract with you

Purpose of Processing

OBSERVE: Players must understand concretely why data is collected and how it is used.

EXPAND: We divide purposes into service delivery, compliance, optimisation, marketing, and risk management.

REFLECT: This helps you evaluate proportionality and necessity of each processing activity.

Primary Purposes

Provision of casino and sportsbook services: To register and authenticate users, enable deposits and withdrawals, place bets, credit winnings, and operate games smoothly.
Account management: To administer your profile, preferences, limits, self-exclusions, and communication settings.
Customer support: To respond to queries, issues, complaints, and to provide technical assistance.
Compliance and risk management: To satisfy KYC/AML requirements, age and location checks, and to maintain accurate records for regulators and auditors.

Secondary Purposes

Service improvement and analytics: To analyse aggregated gameplay and usage data, identify technical issues, and enhance our product offering, interface, and performance.
Marketing and personalisation: To send you offers, bonuses, and promotions (subject to your consent or applicable law) and to personalise content and recommendations.
Fraud prevention and security: To detect abnormal patterns, account takeovers, collusion, chargebacks, bonus abuse, and other forms of misuse, and to secure our infrastructure.
Legal defence: To establish, exercise, or defend legal claims in disputes with users, payment processors, partners, or authorities.

Disclosure & Sharing

OBSERVE: Operation of Bet On Red requires a network of service providers, payment partners, and legal counterparts who may receive limited data.

EXPAND: We specify who may receive data, under which safeguards, and for what purposes, distinguishing between processors and independent controllers.

REFLECT: Transparency on sharing allows you to assess potential risks and understand our accountability for third parties.

1. Group Companies and Processors

Group entities: UDM Processing Corp (Cyprus) and any other affiliated company acting as payment or technical processor.
IT and infrastructure providers: Hosting, cloud storage, security, and content delivery network providers who process data on our behalf under written contracts.
Customer support and CRM vendors: Tools used to manage support tickets, live chat, email campaigns, and account management.

2. Payment Service Providers and Financial Institutions

Banks, card schemes, e-wallet providers, prepaid voucher issuers, crypto payment gateways (where offered), and other financial intermediaries that process deposits, withdrawals, and refunds.
These entities generally act as independent controllers for their own compliance obligations and terms of service.

3. Regulatory and Public Authorities

Curaçao regulators and other competent authorities overseeing online gambling and AML/CTF obligations.
Law enforcement agencies, courts, and governmental bodies where required by law, court order, or to protect our rights, users, or third parties.
Where Australian authorities (such as ACMA or other enforcement bodies) lawfully request information, we may be required or entitled to cooperate, subject to applicable law.

4. Business Partners and Affiliates

Affiliates: Marketing partners who refer players to us. We may share limited pseudonymised or aggregated data to verify traffic quality and commission calculations.
Advertising and analytics networks: Third parties providing analytics or marketing services may receive cookie identifiers and usage data, subject to your consent where required.

We do not sell your personal data as a standalone business model. Any sharing is conducted under appropriate data protection safeguards and only to the extent necessary for the specified purposes.

International Transfers

OBSERVE: Bet On Red is operated from Curaçao with processing support from Cyprus and potentially other locations, while targeting players in Australia.

EXPAND: Data may therefore be transferred across multiple jurisdictions with varying data protection regimes, requiring contractual and technical safeguards.

REFLECT: We describe where data may go and how we protect it during cross-border transfers.

1. Locations of Processing

Curaçao: Primary operational and regulatory jurisdiction of Uno Digital Media B.V.
Cyprus: Location of UDM Processing Corp for payment processing and related services.
European Economic Area (EEA) and United Kingdom: Where certain hosting, analytics, or service providers are located.
Other jurisdictions: Additional locations of cloud, security, or support providers as indicated in their respective privacy notices and as engaged by us from time to time.

2. Transfer Safeguards

We use contractual safeguards such as data protection clauses and, where applicable, standard contractual clauses (SCCs) or equivalent mechanisms to ensure an adequate level of protection.
We apply technical and organisational measures, including encryption in transit, access controls, and data minimisation, to reduce risks associated with cross-border transfers.
Where local laws conflict with our privacy commitments, we seek to apply the higher protective standard where feasible and lawful.

By creating an account and using our services, you acknowledge that your data may be transferred and processed in countries outside your country of residence, including jurisdictions that may not provide the same level of data protection as your home jurisdiction, subject to the safeguards described above.

Data Retention

OBSERVE: Gambling operators are typically required to retain records for AML, tax, and regulatory reasons for defined periods after an account is closed.

EXPAND: We align retention periods with regulatory obligations and operational needs while limiting storage to what is necessary.

REFLECT: Clear timelines and criteria explain when and how data is anonymised or deleted.

1. General Principles

We keep personal data only for as long as necessary to fulfil the purposes described in this Policy, including satisfying legal, accounting, or reporting requirements.
When data is no longer required, we either securely delete it or irreversibly anonymise it so that it can no longer be associated with you.

2. Typical Retention Periods

Account and identification data: Generally retained for 5 to 7 years after account closure to comply with AML and regulatory obligations and to defend legal claims.
Transaction and payment data: Retained for at least 7 years from the date of the relevant transaction, or longer if required by financial or tax laws.
Gameplay and betting history: Retained for the lifetime of the account and then typically for 5 years after closure for dispute resolution and regulatory audit.
Marketing data: Retained until you withdraw your consent or object to marketing, after which we will keep only minimal records to respect your opt-out.
Support and complaint records: Retained for 5 years from the date of the last correspondence or resolution of the complaint, or longer if a dispute is ongoing.

3. Deletion Criteria

Expiry of the relevant retention period consistent with our legal and operational obligations.
Successful verification and fulfilment of your request for erasure, where applicable and not overridden by legal retention requirements.
End of the purpose for which the data was collected and absence of any overriding legitimate interest.

Your Rights

OBSERVE: While we are an offshore operator, we aim to align our privacy standards with internationally recognised frameworks such as the GDPR and comparable regional laws.

EXPAND: We describe a broad set of rights - access, rectification, erasure, restriction, objection, portability, and consent withdrawal - and how to exercise them, referencing GDPR-style rights while acknowledging that specific local laws may vary.

REFLECT: Providing clear procedures, timelines, and cost-free access strengthens user control over personal data.

1. Overview of Rights

Subject to applicable law and certain limitations, you may have the following rights in relation to your personal data:

Right of access: To obtain confirmation whether we process your personal data and, if so, to receive a copy and related information.
Right to rectification: To request correction of inaccurate data and completion of incomplete data.
Right to erasure ("right to be forgotten"): To request deletion of your personal data where it is no longer necessary, where you withdraw consent, or where processing is unlawful, subject to retention obligations (e.g. AML/CTF).
Right to restriction of processing: To request that we limit processing in certain circumstances (e.g. while we verify accuracy or legality of processing).
Right to object: To object to processing based on our legitimate interests, and to object at any time to processing for direct marketing purposes.
Right to data portability: To receive personal data you have provided to us, in a structured, commonly used and machine-readable format, and to transmit it to another controller where technically feasible and subject to confidentiality.
Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before the withdrawal.

2. How to Exercise Your Rights

Submit a request: You may send your request by email to [email protected] or [email protected]. Indicate "Privacy Request" in the subject line and specify the right you wish to exercise.
Provide identification: To protect your data, we may ask for additional information to verify your identity before fulfilling the request, especially for access, portability, or erasure.
Processing timeframe: We aim to respond to your request without undue delay and, in any event, within 30 days of receipt. This period may be extended where allowed by law due to complexity or volume, in which case we will notify you of the extension.
Costs: We handle requests free of charge, unless they are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act, as permitted by applicable standards.

Note that these rights are not absolute and may be limited by overriding legal obligations (e.g. AML retention rules, regulatory requirements, or our need to defend legal claims). We will always explain the reasons where we cannot fully comply with your request.

Cookies & Tracking Technologies

OBSERVE: Cookies and similar technologies are essential for secure account operation and user experience, while others support analytics and marketing.

EXPAND: We distinguish between different types, their purposes, and how you can manage them.

REFLECT: This enables you to make informed choices about tracking while still being able to use the core services.

1. Types of Cookies We Use

Strictly necessary (session) cookies: Essential to log you in, maintain your session, process bets, and ensure security (e.g. CSRF protection). These are usually session-based and expire when you close your browser.
Functional (persistent) cookies: Remember your language, region, and other preferences across sessions to improve convenience.
Analytics cookies: Help us understand how visitors use the site (pages visited, time on page, errors encountered) so we can improve performance and usability. These may be provided by third-party analytics services.
Advertising and affiliate cookies: Track the effectiveness of our marketing, measure campaign performance, and ensure our affiliates are fairly compensated. These may be placed by us or our partners.

2. Managing Cookies

You can manage or disable cookies via your browser settings. Most browsers allow you to refuse all cookies, accept only certain types, or delete cookies already stored on your device.
Disabling strictly necessary cookies may affect the functionality of the website and prevent you from logging in or placing bets.
Where we provide an internal cookie or privacy preferences panel on https://betonred-aussie.com, you may use it to adjust your choices for non-essential cookies.

Data Security

OBSERVE: As an online gambling operator handling financial transactions and sensitive data, we must implement robust safeguards.

EXPAND: We combine technical, organisational, and procedural controls to protect data confidentiality, integrity, and availability.

REFLECT: While no system is entirely risk-free, these measures significantly reduce exposure to unauthorised access, loss, or misuse.

1. Technical Measures

Encryption in transit: Data exchanged between your browser and our servers is protected using TLS 1.2 or higher.
Encryption at rest: Sensitive datasets, including certain financial and authentication information, are stored in encrypted form where technically feasible.
Access controls: Role-based access restrictions ensure that only authorised personnel and systems can access personal data strictly on a need-to-know basis.
Network and application security: Firewalls, intrusion detection and prevention mechanisms, anti-malware solutions, and regular security patching.

2. Organisational Measures

Staff training: Employees and contractors with access to personal data receive regular training on data protection, information security, and responsible gambling obligations.
Internal policies: Documented procedures for access management, data classification, incident handling, and retention.
Vendor due diligence: Security and privacy assessments of key service providers before engagement and periodically thereafter.

3. Monitoring and Incident Response

Regular internal reviews, vulnerability assessments, and, where appropriate, external audits or certifications aligned with recognised standards (such as ISO/IEC 27001 or SOC 2-style controls) may be applied to strengthen our posture.
Incident response processes aimed at timely detection, containment, investigation, and remediation of security events.
Where required by law, we will notify relevant authorities and affected users of significant data breaches without undue delay.

Complaints & Contacts

OBSERVE: Users need accessible channels to raise questions, exercise rights, or lodge complaints about our handling of personal data.

EXPAND: We set out the step-by-step internal process and explain options for escalation to supervisory authorities where applicable.

REFLECT: This approach promotes accountability and transparency in our privacy practices.

1. How to Contact Us

Primary privacy contact/DPO: Data Protection Department, Uno Digital Media B.V.
E-mail (privacy and complaints): [email protected]
E-mail (support): [email protected]
E-mail (payments-related queries): [email protected]

If an online contact or complaint form is made available in your account or the "Contact" section of our site, you may also use that form to submit privacy-related requests or concerns.

2. Internal Complaint Procedure

Submission: Send your complaint, including a clear description of your concern and any supporting documentation, to one of the contact emails above, preferably [email protected].
Acknowledgement: We will acknowledge receipt of your complaint within 7 days where feasible.
Investigation: We will investigate the matter, potentially contacting you for additional information or clarification.
Response: We aim to provide a substantive response within 30 days. If more time is needed due to complexity, we will inform you of the extension and expected timeframe.

3. Escalation to Supervisory Authorities

Depending on your place of residence and the applicable legal framework, you may have the right to lodge a complaint with a competent data protection authority if you believe that your rights have been infringed.

If you are located in a jurisdiction with a dedicated data protection authority (for example, an EU Member State), you may contact that authority in accordance with local law.
Regardless of jurisdiction, we encourage you to contact us first so we can attempt to resolve your concerns directly and efficiently.

Information on how to contact your local data protection or consumer authority is usually available on the official government websites of your country or region.

Updates

OBSERVE: Our services, legal environment, and regulatory obligations may evolve, particularly in the online gambling sector and in light of changes affecting offshore operations in Australia.

EXPAND: We explain how and when we update this Privacy Policy, how we inform you, and what options you have.

REFLECT: Version control and advance notice for material changes help you make informed decisions about continued use.

1. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our services, technologies, legal requirements, or business practices.
Each version will be identified by the "Last updated" date indicated below.

2. Notification Procedures

Minor changes: For non-material updates (clarifications, editorial changes), we may simply publish the revised Policy on https://betonred-aussie.com.
Material changes: For significant changes affecting how we process your data or your rights, we will provide additional notice, which may include:
- E-mail notifications to the address linked to your account
- In-account notifications or dashboard alerts
- Website banners or pop-ups drawing attention to the updated Policy

3. Advance Notice and Your Options

Where feasible and legally required, we will provide at least 30 days' advance notice before material changes take effect.
If you do not agree with the updated Policy, you may choose to stop using our services and request account closure in accordance with our Terms and Conditions.
Your continued use of the website and services after the effective date of the updated Policy will constitute your acceptance of the changes, to the extent permitted by law.

Last updated: January 2026