Privacy Policy

Statement of scope

This Privacy Policy covers how OneRed handles personal data whether you visit the website, use the apps, open or maintain an account, play games, contact customer support, or use safer play options. The wording follows European data protection law and Dutch practice while being readable. If a binding legal norm disagrees with a Policy sentence, the law prevails and the rest apply. You confirm that you understand these practices by using the platform after seeing this warning. You can stop using and adjust your settings if you’re uncomfortable.

Legal cornerstones

OneRed controls platform-processed personal data. OneRed defines processing purposes and methods and must prove compliance as controller. We use trusted processors for hosting, security, payments, content, analytics, permission, identity verification, and customer service. Processors follow written instructions under secrecy and security. We log our processing actions, do risk and impact assessments, and design and construct systems with privacy by default. Privacy is a daily practice rather than a phrase thanks to these principles for procurement, coding standards, change control, and staff training.

What counts as personal data

Personal data is information that relates to you or can be connected to you. Processing is any action performed on that information, from collection to deletion. A supervisory authority is the public body that oversees data protection law, and the gambling authority is the body that supervises the market for games of chance. When this Policy refers to partners, it includes third parties that either act as processors on our instructions or operate as independent controllers for their own services. These clarifications exist to keep the narrative plain and do not limit your legal rights.

Data we collect and how it arrives

Using the platform naturally produces information about you and your sessions. During registration you may provide identity details and indicators of residency that help confirm eligibility. Payment features rely on signals that establish you as the rightful holder of a method. Logging in creates credentials and session markers. Devices and networks supply attributes that help keep access secure, while traffic logs support prevention of misuse. Gameplay generates records required to settle outcomes and to preserve fairness. Safer play depends on settings such as deposit preferences, reminders, and breaks, as well as indicators that can suggest fatigue or rising risk. Support conversations create transcripts that help our teams resolve issues. Marketing preferences reflect whether you choose to receive offers or tailored information. Alongside what you provide, we may derive limited insights that help detect fraud or technical abuse, always with caution and with guardrails that match the sensitivity of the context. OneRed does not seek to collect special category data such as health or belief information. If such information appears because you voluntarily share it in a support exchange, we restrict access to those who need it to help you and remove it when the purpose has been fulfilled.

Sources and verification

Most personal data comes directly from you when you complete forms, change settings, or speak with support. Some information arises automatically from your device and browser as part of secure communication, such as general location inferred from routing and technical identifiers that allow the system to recognize your session. When law or licensing requires verification, we may consult official registers or rely on verification services that provide signals about identity, eligibility, or ownership of a payment instrument. We expect those services to follow strict confidentiality, security, and retention standards, and we reassess them on a regular rhythm.

Purposes and lawful bases

We process personal data for a secure, compliant, and fun platform. Create and maintain accounts, confirm identity and eligibility, handle deposits and withdrawals, settle games, prevent fraud and abuse, enable responsible gambling, answer support requests, improve stability and usability, protect systems, and comply with gambling, financial, and sanctions laws. In addition, we follow supervisory orders. We require consent and provide an easy mechanism to opt out of optional features. We use contract when processing is necessary for your service. Legal obligation is used when a binding rule necessitates a step. We weigh our legitimate interests against your rights and expectations and offer a way to object.

Responsible play and wellbeing signals

Safer play rests on your choices and on our duty of care. You can set deposit preferences, session reminders, breaks, and stricter limits if you wish. We observe patterns that may indicate rising risk, such as extended sessions or sharp changes in behavior. When indicators suggest that a pause would help, we may nudge you to adjust settings or apply temporary restrictions in line with policy and supervisory guidance. These signals are handled with particular care because they touch on wellbeing. They are used to protect players and to meet regulatory expectations, not to build marketing profiles.

Cookies and telemetry

The platform uses cookies, local storage, and comparable technologies for two broad purposes. Essential technologies keep sessions stable, defend against misuse, and make core features work. Optional categories help with performance measurement, diagnostics, and modest personalization where permitted. On your first visit and from time to time, a consent interface lets you choose which optional categories to allow. You can revisit those choices at any moment, and your browser offers additional control. We design product flows to avoid pressure tactics and to respect the selections you make.

Automated decisions and human review

Many protective controls operate at machine speed. Fraud screening, payment risk assessment, game integrity checks, and alerts for responsible play rely on automated logic. We test these systems for fairness, accuracy, and proportionality, document their purposes and limits, and monitor their outcomes. If an automated step has a meaningful effect on your ability to use the platform, you can request human review, explain context that the system may not have seen, and seek a fresh outcome. We treat automation as a tool for safety and consistency, not as a substitute for accountability.

Sharing and recipients

OneRed shares personal data with service providers that help operate the platform. Typical recipients include hosts, security specialists, studios that deliver game content, payment services, identity verification partners, analytics providers that honor consent, and customer care platforms. Providers that act as processors follow our instructions, maintain confidentiality, and implement strong security. Some partners act as independent controllers for their own services, in which case they present their own notices and handle rights requests addressed to them. We also share information with public bodies when law requires or permits it, including scenarios that protect vital interests such as safety and integrity. OneRed does not sell personal data.

International data movement

Some providers are non-European. We use contractual and technical precautions to secure personal data crossing borders under European legislation. We examine destination legal environments, monitor rights-related changes, and alter our strategy as needed to keep protections effective. We keep records of cross-border transfers and can explain the broad precautions on request without compromising security.

Retention and minimisation

We keep personal data only as long as necessary for the purposes described in this Policy, including durations shaped by gambling regulation, financial and tax law, and anti money laundering duties. When a purpose ends, we delete or anonymize the data in an orderly and secure process. Backups and archives follow the same principles and are removed on rolling schedules. We review forms, logs, and telemetry to discover where collection can be reduced, and we adapt designs so that less personal data is gathered by default. Minimisation is not a single act but a continuous habit that guides product choices.

Security architecture

Personal data security involves multiple layers and discipline. OneRed uses encryption, access control, environment separation, monitoring, alerting, secure development, and testing. Code and infrastructure changes are reviewed and scheduled to reduce risk. We examine incidents quickly, contain them, notify supervisory bodies and impacted parties as required by law, and learn from them to build resilience. Choose strong credentials, enable additional verification for sensitive actions, sign out on shared devices, and be wary of strange notifications.

Your rights

You have rights under European and Dutch law. You may request confirmation that we process your data and receive a copy. You may ask us to correct information that is inaccurate or incomplete. In specific situations you may request deletion or restriction. You may object to processing based on legitimate interests, including for tailored messages, and we will weigh your reasons against our grounds. You may request a portable copy in a structured format. Where processing relies on consent, you may withdraw that consent at any time. Where a decision rests solely on automated processing and produces significant effects, you may request human involvement. These rights exist to give you meaningful control without disrupting essential security and integrity goals.

How to exercise those rights

You can begin a request through tools provided inside your account. To protect everyone’s privacy, we may ask for information that confirms your identity before acting. If a request would expose the personal data of another person, reveal confidential safeguards, or weaken security, we may limit the response while explaining our reasoning as far as the law allows. We respond within reasonable timeframes and maintain a record of requests and outcomes as part of our accountability duties. Where we decline a request in whole or in part, we base the decision on law and guidance, and you remain free to raise the matter with the supervisory authority.

Children and protected persons

The gambling features of OneRed are intended for adults who meet the national standard for participation in games of chance. We apply checks to prevent access by minors. People recorded in the national exclusion register are not allowed to gamble on the platform. If we discover that an account was opened or used in breach of these rules, we close it and act according to legal and supervisory expectations, including safeguarding funds in line with applicable procedures.

Marketing choices and relevance

Control over promotional communication rests with you. In your account you can decide whether to receive offers and whether limited personalization is appropriate. When you opt out, we silence non essential channels and continue to send only messages related to security, policy updates, and transactions that you initiate. We record your preference and ask providers acting on our behalf to honor it. If you change your mind, you can revisit settings at any time.

Product analytics and research with restraint

We analyze aggregated and pseudonymized information to understand stability, performance, and usability. This analysis helps us correct defects, shape roadmaps, and focus attention on areas that genuinely need improvement. Where measurement is not essential to the core operation of the platform, we rely on consent and present clear choices. We avoid building advertising profiles that follow you across unrelated services. Our focus is improving the product you chose to use, not tracking you elsewhere.

Design ethics and transparency

We work to present choices in plain language and at moments when they matter. We avoid patterns that pressure people toward agreeing to optional processing. When automated logic influences an outcome, we describe the main factors in ordinary words and leave a path open for human review. We consult external guidance on fairness, listen to independent voices that specialize in safer play and digital rights, and translate that learning into better product decisions.

Updates to this Policy

Law and technology evolve, and so does this Policy. We may revise the text to reflect new obligations, clarify language, or support new features. When a change is significant, we highlight it inside the product and, where required, seek your acknowledgment. Continued use after an update signals acceptance of the revised Policy. If you do not accept a change, you can limit optional features, adjust settings, or stop using the platform.

Supervision and remedies

If you believe your rights have not been respected, you can raise a concern through the mechanisms available in your account. You also have the right to bring the matter to the Dutch data protection authority. We cooperate with oversight bodies, follow binding directions, and treat each complaint as a chance to improve both explanation and execution. Transparency supports trust, and trust is the only foundation on which a sustainable platform can stand.

Language and interpretation

This Policy is written in English to keep the text accessible. If a translated version appears and differences arise, the version identified within the service as authoritative will prevail. The Policy works alongside the Terms and Conditions, the Cookie Policy, and the rules that apply to specific games and promotions. If texts appear to conflict, the clause that most precisely addresses the situation will guide the outcome while mandatory consumer rights remain intact.

Closing statement

Privacy is part of product quality. OneRed strives to collect less, explain more, and give you practical control without making the service hard to use. If something feels unclear, slow down, review your choices, and proceed only when comfortable. Entertainment should live alongside care and clarity, and that is the balance we aim to preserve every day.