Del Oro Privacy Policy

Del Oro is the data controller for personal data of users in the United Kingdom.

What personal data is collected and why

• Identity and contact details: name, date of birth, address, email, phone. Used to create and manage the account, verify age and identity, and contact the user when needed.
• Verification documents: copies of ID, proof of address, source of funds or source of wealth where required. Used for age checks, anti-money laundering, and regulatory compliance.
• Account and usage information: username, settings, responsible gambling preferences, safer gambling interactions, session data, bets, transactions, withdrawal requests, and support history. Used to provide services, resolve issues, and support safer gambling.
• Payment and financial information: masked card details, bank information, payment tokens, and payment history. Used to process deposits, pay winnings, prevent fraud, and meet legal obligations.
• Technical and device data: IP address, device identifiers, operating system, browser type, network data, and approximate location. Used for security, fraud prevention, and content availability.
• Cookies and similar technologies: identifiers for preferences, analytics, and personalisation. See Cookies section for details.
• Special categories: only where the user chooses to share health-related information for safer gambling support. Processed based on explicit consent.

Security and organisational measures

• Encryption in transit, strong hashing, and secure key management.
• Strict access controls, multi-factor authentication, and role-based permissions.
• Network segregation, logging, and continuous monitoring.
• Due diligence for suppliers and confidentiality agreements.
• Regular security testing and staff training on data protection.
• Incident response procedures, including reporting to the Information Commissioner’s Office and to users where required.

User rights under UK law

• Access: request a copy of personal data.
• Rectification: correct inaccurate or incomplete information.
• Erasure: request deletion where no longer required or consent is withdrawn, subject to legal retention duties.
• Restriction: limit processing in certain cases.
• Portability: receive certain data in a portable format.
• Objection: object to processing based on legitimate interests or direct marketing.
• Withdraw consent: withdraw at any time for processing based on consent.
• Complaint: raise concerns with the Information Commissioner’s Office at ico.org.uk.

Compliance framework

• UK GDPR and the Data Protection Act 2018.
• Privacy and Electronic Communications Regulations for electronic marketing.
• UK Gambling Commission Licence Conditions and Codes of Practice.
• Money Laundering Regulations and related financial crime laws.

Data retention

• Kept only as long as necessary for the purposes described, then securely deleted or anonymised.
• Records needed for gambling, tax, and anti-money laundering requirements are typically retained for at least five years after account closure, and longer where required for legal claims or investigations.

Del Oro processes personal data lawfully, fairly, and transparently for the purposes below:

• Account setup and service delivery: create accounts, verify age and identity, provide online gaming and betting services. Lawful basis: contract and legal obligation.
• Payments and withdrawals: process deposits and pay winnings, prevent fraud, and manage chargebacks. Lawful basis: contract, legal obligation, and legitimate interests.
• Compliance and risk management: anti-money laundering checks, sanctions screening, affordability assessments, record keeping, safer gambling interactions, and reporting to regulators. Lawful basis: legal obligation and legitimate interests.
• Customer support: respond to requests and resolve disputes. Lawful basis: contract and legitimate interests.
• Personalisation and analytics: improve services, test features, measure performance, and enhance the website and app. Lawful basis: consent for cookies that are not essential and legitimate interests for necessary analytics where permitted.
• Marketing: send news about services and promotions based on preferences. Lawful basis: consent where required by law and legitimate interests where soft opt-in applies. Users can opt out at any time.
• Security: detect and prevent fraud, abuse, and unauthorised access, including automated checks and profiling for risk monitoring. Users may request human review where legally required.

How to exercise rights

• Submit a request through the privacy or contact channels provided on the website.
• We may ask for information to confirm identity and to locate the relevant records.
• A response will be provided within one month, or longer where permitted due to complexity, in which case an explanation is given.

Updating and correcting information

• Users can update most account details in profile settings.
• For changes that require verification, supporting documents may be requested.

Deletion requests

• Requests for deletion are honoured where the information is no longer required and retention is not mandated by law or regulation.

Security checks and payments

• By using the services, users consent to required security checks, identity verification, sanctions screening, affordability reviews, and processing of payment information by authorised payment service providers and verification partners.

• Services are intended for individuals aged 18 or over.
• Age cannot be confirmed without appropriate documents, so verification is requested before withdrawal and may be required earlier.
• If a parent or guardian learns that a minor has provided personal data, they should contact us using the website channels. Such information will be promptly reviewed and deleted where appropriate, and any account will be closed.

• Personal data may be processed in other countries where group entities and trusted partners operate, including hosting, payments, verification, and support services.
• By using the website, users acknowledge and consent to these transfers.
• Transfers are protected using recognised safeguards, such as adequacy decisions, the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, and risk assessments.
• Partners are required to keep information confidential, use it only for documented instructions, and apply appropriate security.

• This privacy notice may be updated and may affect interpretation of certain rules where permitted by law and regulation.
• The disclaimer applies once the user accepts the policy through account registration, a recorded acceptance action, or continued use of the services.
• Nothing in this section limits statutory rights or obligations under UK law or the rules of the UK Gambling Commission.

• Cookies are small files placed on devices to store and retrieve information about the user and the website session.
• Uses include essential operation, statistics, behaviour analysis, personalisation, fraud prevention, and service improvement.
• Non-essential cookies are used only after consent through the cookie banner. Settings can be changed at any time.
• Cookie retention: up to 1 year, after which they expire or are renewed if consented again.
• Users can also manage cookies through browser settings, noting that blocking essential cookies may affect functionality.

• Use of the services signifies full acceptance of this Privacy Policy.
• The current version published on the website prevails over any previous version.
• Continued use after updates constitutes acceptance of the revised document.

• Personal data may be shared where necessary for law compliance, dispute resolution, contractual performance, and fraud prevention.
• Typical recipients include payment processors, banks, identity and age verification vendors, credit reference agencies, fraud prevention bodies, self-exclusion schemes, analytics and hosting providers, auditors, advisers, regulators, and law enforcement.
• Third parties are listed on the website where applicable. If a specific party is not listed, the purpose and scope of sharing will be communicated at the point of collection or before disclosure.
• Providing personal information and using the services constitutes consent to share data in line with this policy and applicable law. Each third party maintains its own privacy practices.

• The website may contain links to external websites that have their own privacy policies and practices.
• Del Oro is not responsible for how those websites collect, use, or disclose information.
• Users should review the privacy notices of external websites before providing personal data.