Spybet Privacy Policy

What personal data is collected

• Account and identity data: full name, date of birth, address, email, mobile number, nationality.
• Verification (KYC): copies of identity documents, proof of address, selfies/biometrics (where required), verification results.
• Financial and transaction data: payment method details provided to payment providers, deposits and withdrawals, IBAN or card token, transaction history, chargeback information.
• Responsible gambling data: limits, time-outs, self-exclusion status, affordability and risk assessments.
• Technical data: IP address, device identifiers, browser and OS details, app telemetry, log files, cookie identifiers.
• Usage data: page views, games played, bets placed, session times, preferences.
• Communications: support tickets, emails, chat transcripts, call recordings (where permitted).
• Compliance data: sanctions and PEP screening results, AML risk indicators, fraud signals.

Why this information is collected

• To provide and maintain online services and the user account.
• To process payments, withdrawals, and verify identity and age.
• To meet legal and regulatory duties (AML/CFT, gambling regulation, tax, accounting).
• To ensure security, prevent fraud, and protect the platform and users.
• To support responsible gambling tools and interventions.
• To analyse performance and improve the website and applications.
• To deliver optional marketing and notifications, subject to consent.

Protection measures

• Encryption in transit (TLS) and at rest for appropriate datasets.
• Role-based access control, least-privilege permissions, and multi-factor authentication for staff access.
• Continuous monitoring, logging, and incident response procedures.
• Vendor due diligence, data processing agreements, and regular audits.
• Secure development practices and vulnerability management.
• Alignment to recognised standards (e.g., ISO/IEC 27001). Card data is handled by PCI DSS-compliant providers.

User rights

• Access: receive a copy of personal data.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion where no longer needed or where consent is withdrawn, subject to legal retention duties.
• Restriction: limit processing in specific circumstances.
• Portability: obtain data in a structured, commonly used format.
• Objection: object to processing based on legitimate interests and object to direct marketing at any time.
• Consent: withdraw consent where processing relies on consent.
• Complaint: lodge a complaint with the Data Protection Commission (www.dataprotection.ie).

Compliance statement

Processing follows the General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018, and the ePrivacy Regulations. AML obligations are met under the Criminal Justice (Money Laundering and Terrorist Financing) Acts.

Processing is lawful, fair, and transparent. Typical uses include:

• Account setup and service delivery (contract): create and manage the user profile, provide games and sportsbook services, customer support.
• Payments and withdrawals (contract/legal obligation): process transactions through payment providers, resolve payment disputes, maintain accounting records.
• Identity checks and age verification (legal obligation/public interest): meet KYC/AML duties and gambling age restrictions.
• Security and fraud prevention (legitimate interests/legal obligation): monitor, detect, and investigate suspicious activity and misuse.
• Responsible gambling (legal obligation/legitimate interests): apply limits, self-exclusion, affordability checks, and interventions.
• Service improvement and analytics (legitimate interests/consent for cookies): measure performance, fix errors, enhance user experience.
• Marketing and notifications (consent/legitimate interests): send offers or updates where permitted; users can opt out at any time.
• Legal compliance and enforcement (legal obligation): respond to lawful requests, enforce terms, and manage disputes.

How users can exercise their rights

• Access and update: users may review and amend core account data in account settings or by contacting the privacy team.
• Deletion: users may request deletion of personal data; Spybet will de-identify or erase data unless retention is required by law.
• Response times: requests are addressed within one month, extendable where complex. Identity verification may be required.
• Cost: requests are free, save for manifestly unfounded or excessive cases.

Requests can be made by emailing [email protected]. Additional secure channels may be provided in the help centre. When deletion is limited by legal duties (e.g., AML, tax), Spybet will restrict processing and retain only what is necessary.

By using the services, the user consents to security checks and to the processing of payment information by authorised payment service providers for transactions, screening, and fraud prevention.

• Services are for persons aged 18 and over. Registration by anyone under 18 is prohibited.
• Age cannot be confirmed without verification documents. Proof may be requested at any time.
• If data relating to a minor is identified, the account will be closed and personal data will be deleted where permitted by law.
• Parents or guardians may request deletion of a minor’s information through [email protected]. Minimal records may be retained to comply with legal obligations and to prevent re-registration.

• Personal data may be processed outside Ireland, including in the EEA, the UK, and other countries where partners and service providers operate.
• Using the website and services constitutes consent to such transfers for the purposes described in this document.
• Safeguards are applied: adequacy decisions (where available), Standard Contractual Clauses, and supplementary measures. Copies of relevant safeguards can be requested where appropriate.
• All partners are bound by confidentiality, contractual restrictions, and security standards consistent with GDPR.

• This disclaimer clarifies how the rules in this document apply and, where permitted by law, may limit or qualify their scope and effects.
• If any provision is held invalid, the remainder continues to apply to the maximum extent allowed by law.
• In case of inconsistency between versions, the latest English (Ireland) version prevails.
• The disclaimer applies once the user accepts this policy by electronic acceptance, signature, or accession through continued use of the services.

What cookies are

Cookies are small text files stored on a device by websites or Spybet app. Similar technologies include SDKs, pixels, and local storage.

How cookies are used

• Strictly necessary: enable core functions such as login and security.
• Functional: remember preferences like language and region.
• Analytics: gather statistics, measure performance, and analyse behaviour to improve services.
• Personalisation and advertising: tailor content and limit repetitive ads.

Retention and control

• Standard retention for non-essential cookies is up to 1 year.
• Users can manage consent for non-essential cookies in the cookie banner or settings, and can delete or block cookies via browser settings.
• Blocking some cookies may impact certain features.

Further details are available in the Cookie Policy, which forms part of this document.

• Use of the website or applications constitutes full acceptance of this Privacy Policy.
• The current version of the policy prevails over any prior versions.
• Material changes will be noted on the website. Continued use after updates indicates acceptance of the revised terms.

• Personal data may be shared with third parties where necessary: payment processors, identity verification and AML providers, analytics and cloud hosting, customer support tools, professional advisers, regulators, and dispute-resolution bodies.
• Data may also be shared to comply with law, respond to lawful requests, protect rights, or enforce agreements.
• A current list of key processors and partners is maintained on the website or help centre. Where a specific party is not listed, the purpose and scope of sharing will be communicated where required by law.
• Providing personal data for the services constitutes consent to such sharing for the purposes outlined in this document.
• Each third party is responsible for its own privacy practices and may have separate notices.

• The website may contain links to third-party websites or applications that operate under their own privacy policies.
• Spybet is not responsible for how external sites collect, use, or protect information.
• Users should review the privacy notices of any external websites visited and exercise caution before providing personal data.