Privacy Policy

Introduction and scope

OneRed collects personal data on visitor behavior, app installation and use, account creation, game play, support interactions, and informational site views, per this Privacy Policy. Clarity and compliance with the GDPR and Dutch implementation guidelines were prioritized. In a dispute, the law will prevail over this language.

Our role and accountability

OneRed controls personal data created, observed, or provided through the platform. As a controller, we decide why and how data is handled and must show that our actions respect service users’ rights. We carefully pick CPUs, provide written instructions, and monitor performance. We document our processing actions, analyze risk and impact, and design our systems to secure data by design and default.

Plain definitions

Any information pertaining to an identifiable individual is considered personal data when this Policy makes reference to it. Activities such as collecting, storing, viewing, organizing, using, sharing, and deleting are all part of processing. The Dutch data protection regulator is cited whenever the authority is discussed. Wherever the word “gambling authority” appears, it is referring to the national agency in charge of regulating gaming. By “partners” and “providers,” we mean other companies that help us run the service and fulfill specific obligations. The purpose of these definitions is to keep the text readable; they will not affect your rights in any kind.

Principles that guide us

Privacy is more than compliance. We follow principles of transparency, fairness, and necessity. We collect only what is needed to provide the service, we explain why, and we give you tools to manage choices. We try to keep data accurate and up to date. We secure systems in layers and we test them. We limit who can access personal data and we train staff to recognize risks. We plan for rare events by maintaining incident response procedures and by learning from every case so that the platform becomes safer over time.

Categories of data we handle

Using the platform naturally creates information. Typical categories include identity attributes, residency indicators, eligibility checks, ownership of payment instruments, account credentials, device and network signals, session events, traffic logs, gameplay records, choices you make about safer play, self exclusion status where relevant, support conversations, and marketing preferences. We may also create derived insights that help us flag fraud or misuse, always with caution and with guardrails that match the sensitivity of the context. We do not seek to collect information about beliefs, health, or other special categories. If such information appears because you choose to share it in a support conversation, we use it only to assist you and then restrict access and retention.

Where the data comes from

Most data comes directly from you when you complete forms, set preferences, or speak with support. Some data arises from your device and browser during sessions, such as general location derived from network routing or technical identifiers that help keep sessions secure. When the law requires verification, we may consult official registers or receive signals from verification providers. We document the sources we use and we ask providers to meet strict privacy and security standards.

Why we process personal data

To fulfill your service request, comply with gaming and financial transaction legislation, and guarantee the platform’s and users’ safety are the three main reasons why your personal information is handled. Account creation and management, identity and eligibility verification, processing of deposits and withdrawals, supporting customers, improving products and stability, ensuring system security, and demonstrating compliance to regulatory bodies are all part of these goals. Some features are optional, and you will be asked to consent to them. We are unable to fulfill your service request until we refer to the contract. When we rely on legal duty, it is required by a rule. When we operate in accordance with our legitimate interests, we safeguard your rights and find a middle ground between our goals and yours.

Lawful bases in simple words

Contract covers tasks that are necessary for providing the platform. Legal obligation covers duties such as anti money laundering checks, tax and audit duties, and directions from competent authorities. Legitimate interests allow limited processing that supports security, product integrity, and service improvement, provided those interests do not override your rights and expectations. Consent applies to genuinely optional features, such as controlled personalization or non essential analytics, and you can withdraw consent in the same simple way you gave it.

Responsible play data

Safer gambling features depend on certain information, such as your limits, break preferences, and patterns that suggest fatigue or rising risk. We use these signals to offer guidance, to show reminders, or to pause access when a risk indicator crosses a threshold defined in policy or guidance. We treat these signals with special care because they relate to wellbeing. They are used to protect players and to help us meet our duty of care under Dutch law.

Cookies and comparable technologies

The platform uses cookies, local storage, and similar technologies. Some are essential to keep you logged in, route traffic safely, and prevent abuse. Others help us measure performance, find bugs, and, where permitted, offer tailored content. On first visit and from time to time you will see a consent interface that lets you manage non essential categories. Your browser also gives you controls. We honor your choices and design our systems to respect them.

Automated checks and profiling

The service uses automated checks to make quick decisions that protect people and systems. Fraud screening, payment risk control, and responsible gambling alerts often run in real time. We strive to keep these systems proportionate and open to review. If an automated step has a meaningful effect on your ability to use the platform, you can request human intervention, explain your point of view, and seek a fresh assessment. Where a profile is used to predict or prevent harm, we document the logic in broad terms and assess fairness on a regular cycle.

Sharing with processors and partners

We share personal data with providers who act on our instructions to deliver hosting, security, payments, game content, identity verification, customer support, and analytics that respect consent choices. Processors must keep data confidential, implement appropriate security, and assist with requests. Some partners act as independent controllers, for example when they offer their own game environments or carry out checks under their own obligations. In those cases they present their own notices and are responsible for handling rights requests addressed to them. We also share information with public authorities when the law requires it, or when necessary to protect vital interests such as safety and integrity.

International transfers and safeguards

Outside Europe, certain service providers operate. European law allows contracts and extra technology to secure personal data transported across borders. We monitor the local legal framework, watch for changes, and take actions to protect your rights wherever your data is processed. We can summarize protections and cross-border flow records upon request.

Retention and minimization

We retain personal data only as long as needed for the purposes described here, including periods set by gambling, financial, tax, and anti money laundering law. When a retention period ends, or when a purpose no longer applies, we delete or anonymize the data in a timely way. Archived copies and backups are subject to the same rules and are removed in an orderly schedule. We review forms and logs from time to time to see if collection can be reduced, and we adjust designs so that less data is gathered by default.

Security of processing

OneRed maintains a layered security program. Measures include encryption where appropriate, strict access control, segregation of duties, environment isolation, continuous monitoring, anomaly detection, and regular testing. We teach secure development, track dependencies, and review changes before deployment. If an incident occurs, we investigate, contain, and notify the authority and affected individuals when the law requires. We also study root causes so that lessons lead to better resilience. Security works best when everyone participates, so we encourage strong passwords, additional verification for sensitive actions, and care when using shared devices.

Your privacy rights

You have rights under European and Dutch law. You can ask for confirmation that we process your data and request a copy. You can ask us to correct inaccurate or incomplete information. In certain situations you can request erasure or restriction. You can object to processing based on legitimate interests, including for tailored messages, and we will consider your reasons against our grounds. You can request a portable copy in a common format. Where processing relies on consent, you can withdraw that consent at any time. Where a decision is based solely on automated processing that has a significant effect, you can request human review.

How to exercise those rights

You can make a request using the tools that are in your account. Before we do anything, we may ask for information that helps us confirm your identity. This is because we need to stop rights processes from being abused. We may limit the response and explain why as far as the law permits if a request would expose someone else’s personal information, put trade secrets at risk, or make the system less secure. We reply in a timely manner and preserve a record of requests to show that we are responsible.

Marketing and personalization choices

Control over marketing is in your hands. You can choose whether to receive promotional messages and whether limited personalization is appropriate for you. When you opt out, we switch off non essential channels and continue to send only messages that are necessary for account safety, legal updates, or transactions that you have initiated. We record your preference and ask providers who act on our behalf to respect it as well.

Children and protected persons

The platform is intended for adults who meet the legal standard for participation in games of chance within the Netherlands. We apply checks to prevent access by minors. People listed in the national exclusion register are not permitted to gamble on OneRed. If we discover that an account was opened in breach of these rules, we will close it and take appropriate steps under law and policy.

Product improvement and analytics

We study aggregated and pseudonymized data to understand how features perform and where errors arise. This helps us plan improvements, tune stability, and make the service simpler to use. Where analytics are not essential, we rely on your consent and we provide clear choices. We avoid building profiles for advertising that would follow you across unrelated services. Our focus is improving the product you chose to use, not building a marketing dossier.

Fairness, transparency, and explainability

We work to ensure that people can understand how important choices are made. Key dialogs and notices use plain language. When we rely on automated logic, we describe the main factors involved and offer a path to request a human check. We document design decisions, test for bias where relevant, and invite feedback from users and experts who focus on safer gambling and digital rights.

Changes to this Policy

Law and guidance evolve, and so does the platform. We may revise this Policy to reflect new obligations, to clarify language, or to support new features. Significant changes are highlighted within the product, and where the law requires, we will seek your acknowledgment. If you continue using the service after an update, that will signal your acceptance of the revised Policy. If you do not agree with a change, you can adjust your settings, limit optional features, or discontinue use.

Complaints and supervision

If you believe we have not respected your rights, you can raise a concern through the mechanisms available in your account. You also have the right to lodge a complaint with the Dutch data protection authority. We cooperate with supervisory bodies and implement binding directions. We treat every complaint as an opportunity to improve our explanations and our processes.