Privacy centre: data lifecycle and choices

Welcome to a narrative-style privacy centre for bet365. Instead of scattering facts across footnotes, we walk through the lifecycle of personal data—from the moment you land on our site, through account activity, to eventual deletion or archival required by law—so you can see how choices you make affect processing.

Arrival and browsing

Before registration, technical logs may capture IP and device data for security and basic analytics. Cookie banners record your preferences where mandated. Marketing tags load only according to those preferences and applicable soft opt-in rules.

Referrer headers may indicate how you found us; we use that data in aggregate to judge channel quality, not to single you out unless combined with other identifiers for permitted purposes.

Registration spike

Verification

Identity steps collect sensitive categories only as needed. Biometric checks, if used, are constrained to verification purposes with documented retention caps.

Affordability cues

Where regulations require, we may process additional financial information. You will be told why a particular document class is relevant rather than receiving blanket requests.

Active account period

Gameplay, payments, bonuses, and support tickets accumulate in your profile. Some fields power mandatory reports to regulators; others power optional personalisation. You can review many categories in self-service portals where deployed.

Machine-learning features, where used, undergo bias and legality reviews before launch; we document training data categories at a high level in internal registers available to regulators.

Marketing logic

Segments may combine game interest, engagement recency, and responsible-gambling flags that suppress inappropriate offers. Unsubscribe links honour marketing preferences but cannot erase legally mandated service notices.

Sharing map (conceptual)

Payments route through acquirers and e-wallet APIs. Hosting spans regions bounded by transfer tools. Support tooling may temporarily display data to vendors under strict confidentiality. We do not sell personal data as a commodity.

After closure

Some records must remain for audit windows; others can be erased sooner. Suppression lists prevent accidental re-mailings. Aggregated analytics may survive if irreversibly anonymised.

Rights in practice

Access requests return structured summaries where feasible. Erasure may be limited when law commands retention; we explain those conflicts. Portability covers data you provided and certain observed activity. Objection rights apply to specific legitimate-interest processing; we assess each request.

We do not charge fees for manifestly unfounded or excessive repeats, but we may refuse or invoice where requests are duplicative within short intervals, as permitted by law.

Security incidents

We maintain breach playbooks including regulator and user notifications when thresholds are met. Practice exercises run internally to keep response times sharp.

Children and vulnerable adults

Services are adult-oriented. Safeguards include age gates and monitoring for suspiciously young profiles. Reports from the public are investigated.

Evolving law

Privacy law changes; we track consultations and adjust policies. Major revisions appear here with updated effective dates and, when needed, proactive emails or banners.

Industry codes and regulator guidance may impose additional transparency duties; we map those obligations to concrete UI and documentation updates rather than vague promises.

Consultation responses we file with regulators may be published publicly; personal data within them is minimised by design.