1Red Privacy Policy

What personal data 1Red may collect

• Identification data: name, date of birth, nationality, address, PPSN where required by law, and verification document images (e.g., passport, driving licence, proof of address).
• Contact details: email, phone number, account identifiers, and user communications.
• Account and gameplay data: usernames, preferences, responsible gambling settings (limits, time-outs, self-exclusion), session logs, and support tickets.
• Financial and transaction information: deposits, withdrawals, payment method identifiers or tokens (processed via payment providers), transaction history, and currency.
• Technical data: device identifiers, IP address, browser type, operating system, mobile IDs, cookie IDs, and network diagnostics.
• Usage data: pages visited, features used, time stamps, referral URLs, and interaction metrics.
• Compliance data: results of KYC/AML checks, sanctions screening, fraud risk indicators, and dispute records.

Purpose of collection

• Provide and maintain services, including account set-up, wagers, payments, and support.
• Meet legal and regulatory obligations in Ireland and the EU (KYC/AML, age verification, responsible gambling, tax, and audit).
• Safeguard the platform, detect fraud, prevent money laundering, and secure user accounts.
• Improve service performance, fix errors, and develop new features based on aggregated analytics.
• Send service communications and, where consented, marketing messages relevant to the user.

Protection measures

• Encryption: TLS in transit; encryption and tokenisation of payment and identity data at rest where supported by providers.
• Access controls: role-based access, least privilege, multi-factor authentication, session timeouts.
• Monitoring and logging: security monitoring, audit trails, and anomaly detection.
• Vendor governance: due diligence, data processing agreements, and ongoing reviews of processors.
• Data minimisation and retention: keep only necessary information for limited periods set by law and policy.
• Secure development and testing: change management, vulnerability scanning, and penetration testing.
• Incident response: documented procedures and reporting obligations in line with GDPR.

User rights

Users in Ireland have rights under GDPR and the Data Protection Act 2018, including:

• Access: request a copy of personal data.
• Rectification: correct inaccurate information.
• Erasure: request deletion in line with legal limits.
• Restriction and objection: limit or object to processing in certain cases.
• Portability: receive data in a structured, commonly used format.
• Consent management: withdraw consent at any time where processing relies on consent.
• Complaint: lodge a complaint with the Data Protection Commission (DPC) in Ireland.

Compliance statement

• 1Red processes personal data in accordance with the EU GDPR, the Data Protection Acts 1988–2018 (as amended), the ePrivacy Regulations, and applicable anti-money laundering legislation in Ireland.

Service delivery and account management

• Create and manage user accounts, verify identity, process wagers, and settle transactions.
• Provide customer support and respond to user requests.

Safety, security, and integrity

• Authenticate logins, prevent unauthorised access, and protect accounts.
• Detect, investigate, and prevent fraud, money laundering, and abuse.

Improvement and analytics

• Analyse usage to enhance performance, fix errors, and improve user experience.
• Produce aggregated statistics that do not identify individuals.

Communications and preferences

• Send service notices (e.g., changes to this policy, security alerts, transactional emails).
• Send marketing information where the user has consented and can opt out.

Regulatory and legal compliance

• Meet obligations for KYC/AML, responsible gambling, tax, reporting, and dispute handling.

Lawful, transparent processing

• Consent: for marketing, certain cookies, and optional features.
• Contract: to provide requested services and process payments.
• Legal obligation: AML checks, retention for audits, and reporting.
• Legitimate interests: platform safety, improvement, and prevention of misuse, balanced against user rights.

How to exercise rights

• Use account settings for basic profile updates where available.
• Submit a request through Support channels shown on the websites, stating the right you wish to exercise (access, rectification, erasure, restriction, portability, objection).
• 1Red may request additional information to confirm identity before acting on a request.
• Expected response time is one month, extendable where requests are complex as permitted by GDPR.

Correction and deletion procedures

• Rectification: provide updated details or document copies to verify changes.
• Deletion: where no legal basis requires retention, data will be erased or anonymised. Certain records must be kept for statutory periods (for example, AML and financial data).
• Records subject to legal holds or disputes will be retained until resolved.

Security checks and payment processing consent

By using 1Red, the user consents to security checks, identity and age verification, sanctions screening, fraud prevention, and processing of payment information by approved providers for the purposes of account service and compliance.

• Services are intended for users aged 18 years and over. Accounts for minors are not permitted under Irish law.
• The operator cannot confirm age without appropriate documents. Where verification is requested, users must provide acceptable proof.
• If a parent or guardian believes a minor has submitted personal information, contact Support. 1Red will delete the account and associated data where feasible and lawful.

• Personal data may be processed in or transferred to countries outside Ireland and the EEA where 1Red service providers operate (for example, cloud hosting, payments, KYC/AML vendors, analytics).
• Using the site signifies consent to such transfers for the purposes described in this policy.
• Where data is transferred outside the EEA, 1Red implements appropriate safeguards, including EU Standard Contractual Clauses, transfer risk assessments, and technical measures.
• All partners are bound by confidentiality and data protection obligations and may process information only for the documented purposes and instructions given by 1Red.

• This disclaimer explains how the rules in this policy may be interpreted and may affect how they apply in particular situations, without limiting statutory rights under Irish or EU law.
• The policy does not create rights beyond those provided by law and contract, and it does not diminish rights that cannot be limited by agreement.
• The disclaimer applies once the user accepts the policy by signature, affirmative acceptance during registration, or accession through continued use of the services.

Definition

• Cookies are small text files stored on a device by the websites to remember a user, save preferences, and enable features.

How 1Red uses cookies

• Statistics and analytics: measure visits, page performance, and error rates.
• Behaviour analysis: understand how features are used to improve services.
• Personalisation: remember settings such as language and display choices.
• Site improvement and security: balance load, prevent abuse, and maintain session integrity.

Types and retention

• Essential cookies: required for login and core functions.
• Analytics and performance cookies: help improve the online experience.
• Functional cookies: remember preferences.
• Advertising cookies (where applicable and consented): manage frequency and relevance.
• Unless a shorter period is necessary, cookies are retained for up to 1 year.

Control

• Users can manage cookie choices through the on-site cookie banner and browser settings. Disabling certain cookies may affect service functionality.

• By accessing or using 1Red services, the user accepts this Privacy Policy in full.
• If the policy is updated, the version published on the websites prevails and applies to ongoing collection and processing of personal data.
• Continued use of the services after changes take effect constitutes acceptance of the updated terms.

• Personal data may be shared where necessary to comply with law, manage disputes, enforce agreements, or deliver requested services.
• Typical recipients include payment providers, banks, identity and age verification services, fraud prevention agencies, hosting and cloud platforms, analytics providers, responsible gambling tools, advisors, regulators, and law enforcement when required.
• The list of key processors and partners may be available on the websites. If a partner is not listed, 1Red will inform users of the purpose and scope before or at the time of collection where feasible.
• Each third party processes personal information under its own privacy policy. By providing data for the relevant purpose, the user consents to sharing as described.

• The websites may contain links to third-party websites or services that operate under their own privacy policies.
• 1Red is not responsible for how external sites collect, use, or protect information.
• Users should review the privacy notices of any external site visited and consider the security of any data provided there.