burger icon
Play Bet United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how the Play Bet service, available via pleybet.com (the "Website"), collects, uses, discloses and protects your personal data. It applies to all UK-based players, account holders, and other visitors who access or use the Website, whether you browse, register, place bets, or interact with us in any other way. By applying our internal OBSERVE -> EXPAND -> REFLECT approach, we aim to give you a clear and legally robust explanation of our data practices.

This Privacy Policy is drafted in accordance with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and other applicable UK privacy and gambling regulations. Where you are located in another jurisdiction (for example, within the EEA or Mexico), additional local rights may apply as explained below. This Privacy Policy is effective from 1 January 2026 and remains in force until replaced or updated as described in the "Updates" section.

Who We Are

In this section we OBSERVE who is responsible for your data, EXPAND on our regulatory context, and REFLECT this in clear contact information so you know who to approach with any privacy-related request.

Operator details

The Play Bet service on pleybet.com ("Play Bet", "we", "us", "our") is operated for UK players by:

Grace Media (Gibraltar) Limited
Registered address: Suite 7, Hadfield House, Library Street, Gibraltar, GX11 1AA
Jurisdiction: Gibraltar (corporate seat) and the United Kingdom (regulated gambling services)
UK Gambling Commission ("UKGC") remote operating licence number: 57869
UKGC public register entry: https://gamblingcommission.gov.uk/public-register/business/detail/57869

Grace Media (Gibraltar) Limited is licensed and regulated by the UKGC for the purpose of offering online gambling services to players in Great Britain. We also adhere to industry best practices and guidance issued by the UKGC and other responsible gambling organisations, including GAMSTOP and BeGambleAware.

Data protection contact

We have appointed a data protection lead and dedicated privacy team responsible for overseeing questions in relation to this Privacy Policy, following a structured OBSERVE -> EXPAND -> REFLECT process when assessing data protection risks.

Data Protection Contact
Attention: Data Protection Officer (DPO), for Play Bet / pleybet.com
Email: [email protected]
Postal: Data Protection Officer, Grace Media (Gibraltar) Limited, Suite 7, Hadfield House, Library Street, Gibraltar, GX11 1AA

You may also reach us via the "Contact Us" or similar web form available on the Website. For consistency across our group, additional privacy information is available at our group privacy centre: https://playuk.com/privacy-policy. If there is any inconsistency, this Privacy Policy on pleybet.com governs the processing of personal data for Play Bet.

What Personal Data We Collect

Here we OBSERVE the categories of data we handle, EXPAND on how they arise during your use of our services, and REFLECT on why each category is necessary for lawful and responsible gambling operations.

Identity and contact data

  • Registration data: full name, date of birth, username, password, security questions and answers.
  • Contact details: email address, telephone number, residential address, country of residence, preferred language.
  • Verification (KYC/AML) data: copies or details of identity documents (passport, ID card, driving licence), proof of address (utility bill, bank statement), and where required, information about source of funds or source of wealth.

Technical and device data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, time zone setting, language settings, approximate location derived from IP.
  • Usage and log data: access dates and times, pages viewed, links clicked, session duration, login and logout timestamps, error logs and crash reports.

Payment and financial data

  • Payment method details: partially masked card numbers, card expiry date, cardholder name, IBAN or other payment account identifiers, payment token information provided by payment processors.
  • Transaction history: deposits, withdrawals, bet stakes, winnings and losses, bonuses credited and redeemed, account balances and chargeback information.

Behavioural and profile data

  • Gaming and betting behaviour: games played, betting markets selected, frequency and duration of sessions, bet sizes, patterns of play, time-of-day activity, responsible gambling tools used.
  • Preference data: selected language and currency, communication preferences, marketing opt-ins/opt-outs, favourite games, device preferences.
  • Risk and interaction data: responsible gambling flags, affordability and vulnerability indicators where assessed, customer service interactions, complaint history.

Cookies and similar technologies

  • Cookies: small data files stored on your device to remember your settings, keep you logged in, and measure usage.
  • Similar technologies: tracking pixels, tags, SDKs and local storage that help us analyse traffic, deliver personalised content, and measure marketing performance.

Where we need to collect personal data by law, under our licence conditions, or under the terms of our contract with you, and you fail to provide that data when requested, we may be unable to open or maintain your account or provide all or part of the Play Bet services.

Legal Basis for Processing

In this section we OBSERVE the main legal grounds under UK GDPR, EXPAND on how they apply to typical gambling operations, and REFLECT this in clear categories so you can understand why we use your data.

Contractual necessity

  • Account creation and management: we process identity, contact, technical and transactional data to create, verify and manage your account, provide access to games, process deposits and withdrawals, and deliver customer support. This processing is necessary to perform the contract you enter into when you register and accept our terms and conditions.
  • Bonus and promotion fulfilment: we use your account and behavioural data to credit bonuses, apply wagering requirements, and assess eligibility according to our bonus policy, as part of the contractual relationship between you and us.

Compliance with legal and regulatory obligations

  • KYC/AML duties: we are legally required by anti-money laundering, counter-terrorist financing and fraud-prevention laws, as well as UKGC licence conditions, to verify your identity, age and residence, monitor transactions, and report suspicious activity to relevant authorities.
  • Responsible gambling obligations: UK gambling regulations require us to monitor play patterns, identify markers of harm, contact players where necessary, and apply limits or exclusions, which involves systematic analysis of behavioural data.
  • Tax, accounting and record-keeping: we retain and process payment and transaction data to comply with accounting, tax and statutory retention requirements.

Legitimate interests

  • Service improvement and analytics: we analyse aggregated and pseudonymised usage data to enhance our games, fix performance issues, develop new features, and improve user experience. We balance these interests against your privacy rights through technical and organisational safeguards.
  • Fraud detection and security: we process technical, behavioural and transactional data to prevent fraud, abuse, account takeover, money laundering and other illegal activities, and to ensure the integrity and security of our platform.
  • Business management: we use limited personal data to conduct internal reporting, risk management and group-level planning, provided these activities do not override your fundamental rights and freedoms.

Consent

  • Marketing communications: we send email, SMS or push marketing about Play Bet offers only where you have given valid consent or where local rules permit us to rely on a "soft opt-in" for existing customers, always providing an easy opt-out.
  • Non-essential cookies and similar technologies: we place analytics and advertising cookies only with your consent, obtained through our cookie banner or settings interface.

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. Where we rely on legitimate interests, you have the right to object as described in the "Your Rights" section.

Purpose of Processing

We OBSERVE how and why data is used in our operations, EXPAND this into specific purposes, and REFLECT these purposes in grouped categories that match your expectations and regulatory requirements.

Provision of gambling services

  • Operating your account: to register you as a player, verify your age and identity, manage your balances, enable deposits and withdrawals, and provide access to games and betting markets.
  • Customer support: to respond to questions, complaints and feedback via email, chat, phone or web forms, and to monitor quality of support.

Compliance, risk management and responsible gambling

  • Regulatory compliance: to meet obligations imposed by the UKGC, law enforcement, tax authorities and other regulators, including KYC/AML checks, transaction monitoring, and reporting.
  • Responsible gambling: to monitor betting patterns, detect potential problem gambling, offer tools such as limits and self-exclusion, and contact you where risk indicators are identified.
  • Fraud and security: to protect your account and our systems from unauthorised access, fraud, money laundering and other misuse.

Service improvement and analytics

  • Performance and usability: to analyse how players navigate and use the Website, identify bugs or performance issues, and optimise content layout and game offerings.
  • Product development: to evaluate new games, features or promotions based on anonymised or pseudonymised usage statistics, and to perform A/B or multivariate testing.

Marketing and personalisation

  • Marketing communications: to send offers, news and tailored promotions about Play Bet, in line with your preferences and applicable marketing laws.
  • Personalised experience: to recommend games and promotions that may be of interest to you based on your previous activity, within appropriate responsible gambling parameters.

We do not sell your personal data. Any profiling we perform is limited to what is necessary to operate a regulated gambling service, prevent harm and fraud, and tailor our services in a responsible manner.

Disclosure & Sharing

Here we OBSERVE the categories of recipients who may receive your data, EXPAND on why such disclosures are necessary or legally required, and REFLECT on safeguards we apply when sharing information.

Service providers and business partners

  • Payment providers: banks, card schemes, payment processors and e-wallet providers that process your deposits and withdrawals. We share necessary identity and transaction data to complete your payments and handle chargebacks or disputes.
  • IT and hosting providers: companies that host our servers, provide cloud infrastructure, data storage, technical monitoring and logging services.
  • Game and platform providers: third-party software suppliers whose casino or betting products we integrate, where access to limited user or session information is needed to provide games and resolve technical issues.
  • Analytics and marketing partners: where you consent to non-essential cookies, we may share pseudonymised identifiers with analytics or advertising partners to measure campaign performance and reach.

Group companies and affiliates

  • Group entities: other companies within the same corporate group as Grace Media (Gibraltar) Limited, for consolidated reporting, compliance, risk management and (where permitted) cross-brand responsible gambling checks.
  • Affiliate partners: carefully selected affiliates who refer players to us may receive confirmation of your registration or aggregated performance statistics, but do not receive full access to your personal data.

Regulators, authorities and dispute bodies

  • Regulatory authorities: the UK Gambling Commission, financial intelligence units, tax authorities and other regulators, where disclosure is required by law or licence conditions.
  • Law enforcement and fraud prevention agencies: where necessary to investigate or prevent suspected crime, fraud, money laundering, or threats to safety or security.
  • Alternative dispute resolution (ADR) bodies: where you refer a complaint to an approved ADR entity, we may share relevant data to enable resolution.

Corporate transactions and legal rights

  • Business transfers: in the event of a merger, acquisition, restructuring or sale of assets, player data may be transferred to the new owner, subject to strict confidentiality and continuity of this Privacy Policy.
  • Legal claims: we may disclose data to external lawyers, auditors or insurers where reasonably necessary to establish, exercise or defend legal claims.

We require all third parties that process personal data on our behalf to respect the security of your data and to treat it in accordance with the law, using appropriate contractual safeguards and technical measures.

International Transfers

In this section we OBSERVE where data may travel, EXPAND on the safeguards used when data moves outside your home jurisdiction, and REFLECT on how we keep those transfers compliant with UK data protection law.

Your personal data is generally processed within the United Kingdom, Gibraltar and the European Economic Area ("EEA"). However, some of our service providers and group entities may be located or may store data in countries outside the UK and EEA, including jurisdictions that may not provide the same level of data protection as under UK GDPR.

Types of international transfers

  • Intra-group transfers: movement of data between Grace Media (Gibraltar) Limited and related entities or infrastructure used to support pleybet.com and Play Bet.
  • Service provider transfers: cloud hosting, payment processing, analytics or support services located outside the UK/EEA.

Safeguards applied

  • Adequacy decisions: where the UK government has recognised a country as providing an adequate level of protection, we may rely on that decision for data transfers.
  • Standard Contractual Clauses (SCCs): for other countries, we implement UK-approved SCCs or equivalent contractual clauses that contractually oblige recipients to protect your data to UK standards.
  • Additional measures: where appropriate, we apply encryption, pseudonymisation and access controls, and conduct transfer risk assessments in line with prevailing regulatory guidance.

You can obtain further details of the specific safeguards applied to international transfers relating to your personal data by contacting us at [email protected].

Data Retention

Here we OBSERVE how long we keep different types of data, EXPAND on the regulatory and business reasons for those periods, and REFLECT on when and how data is anonymised or deleted.

General retention principles

  • Regulatory and legal requirements: we retain personal data for as long as necessary to comply with laws, UKGC licence conditions, anti-money laundering rules and tax obligations.
  • Contractual and operational needs: we keep data while your account is active and for a period afterwards to handle queries, disputes and chargebacks.
  • Data minimisation: when retention periods expire, or data is no longer required, we securely delete or anonymise it.

Indicative retention periods

  • Account and identification data: normally kept for the duration of your account and up to 5 years after account closure, to meet KYC/AML and UKGC record-keeping requirements.
  • Transaction and payment data: retained for at least 5 - 7 years after the end of the relevant financial year, in line with legal and accounting obligations.
  • Behavioural and responsible gambling data: held for as long as necessary to meet responsible gambling and regulatory expectations, typically aligned with the account and transaction retention periods.
  • Marketing data: retained while you remain opted in, and for a short period (normally up to 2 years) after you opt out to demonstrate compliance with your request.
  • Technical logs: stored for shorter periods (often 6 - 24 months), unless required longer for security investigations or legal obligations.

Where we anonymise data, it is no longer considered personal data and may be kept for longer for statistical, research or reporting purposes. If you exercise your right to erasure, we may retain limited information where legally required or where necessary to establish, exercise or defend legal claims.

Your Rights

In this section we OBSERVE the core rights granted by UK GDPR and relevant laws, EXPAND on how these rights can be used in practice, and REFLECT on our procedures and timelines, including alignment with certain Mexican and EU data protection principles where applicable.

Data protection rights

  • Right of access: you can request confirmation as to whether we process your personal data and obtain a copy of that data together with information about how and why it is processed.
  • Right to rectification: you can ask us to correct inaccurate or incomplete personal data. In many cases you can update details directly in your account profile.
  • Right to erasure: you may request deletion of your personal data where there is no lawful basis for us to continue processing it (for example, where data is no longer needed for the purposes for which it was collected). We may retain certain data where required by law or regulation.
  • Right to restriction: you can ask us to restrict processing in certain circumstances, such as while we verify the accuracy of data or consider an objection.
  • Right to object: you have the right to object to processing carried out on the basis of our legitimate interests, including profiling related to such interests, and to object at any time to direct marketing.
  • Right to data portability: you can request that we provide you, or a third party you designate, with personal data you have provided to us in a structured, commonly used and machine-readable format, where the processing is based on consent or contract and carried out by automated means.
  • Rights related to automated decisions: where we make automated decisions that have a significant effect on you (for example, certain fraud checks or responsible gambling interventions), you may request human review and contest the decision, subject to legal and regulatory constraints.
  • Right to withdraw consent: where we rely on your consent (for example, for marketing or non-essential cookies), you can withdraw it at any time via your account settings, the unsubscribe link, or by contacting us.

Mexican and EU privacy alignment

  • Mexican ARCO rights: if you are located in Mexico, you may benefit from rights analogous to the above under Mexican data protection law (including rights of Access, Rectification, Cancellation and Opposition (ARCO)). We handle such requests in a manner consistent with our UK GDPR obligations, while taking into account any specific Mexican legal requirements.
  • EU/EEA residents: if you are in the EEA, EU GDPR rights generally mirror UK GDPR rights described here. You may exercise them through the same channels and may also contact your local supervisory authority as outlined below.

Exercising your rights

  • How to contact us: send an email to [email protected] or write to the postal address in the "Who We Are" section, clearly indicating that your request concerns data protection rights.
  • Verification: to protect your account and prevent fraud, we may need to OBSERVE and confirm your identity (for example, by requesting additional information or using existing KYC data) before fulfilling your request.
  • Timeframe: we aim to respond within one month (30 days) of receiving a valid request. Where a request is complex or numerous, we may EXTEND this period by up to two further months, informing you of the extension and reasons.
  • Cost: we handle rights requests free of charge. We may charge a reasonable fee or refuse to act only where a request is manifestly unfounded or excessive, as permitted by law.

Cookies & Tracking Technologies

In this section we OBSERVE the types of cookies we use, EXPAND on their purposes, and REFLECT on the controls available to you under UK privacy and electronic communications rules.

Types of cookies

  • Strictly necessary cookies: session and persistent cookies that are essential for the Website to function, such as keeping you logged in, enabling payment flows, and enforcing security features. These cannot be switched off via our systems.
  • Functional cookies: cookies that remember your preferences (such as language, region, layout and game filters) to provide a more personalised experience.
  • Analytics cookies: first-party or third-party cookies that collect aggregated information about how visitors use the Website, such as pages visited and error frequencies, helping us improve performance and usability.
  • Advertising and targeting cookies: cookies and similar technologies that track your browsing activity across our Website and, where permitted, other sites in order to deliver relevant offers and measure the effectiveness of campaigns.

Managing cookies

  • On-site controls: when you first visit pleybet.com, you are presented with a cookie banner that allows you to accept, reject, or customise non-essential cookies. You can update these preferences at any time via our internal cookie settings panel (accessible in the footer or account area).
  • Browser settings: most browsers allow you to block or delete cookies by changing the browser settings. However, blocking essential cookies may affect the functionality of the Website and your ability to use Play Bet services.
  • Third-party opt-outs: where we use third-party analytics or advertising providers, you may also manage your preferences directly with them, subject to the options they provide.

For more details, please refer to our dedicated cookie information provided on or via the Website, which works together with this Privacy Policy.

Data Security

Here we OBSERVE the main risks to your data, EXPAND on the technical and organisational measures we apply, and REFLECT our commitment to continuous improvement through audits and training.

Technical measures

  • Encryption in transit and at rest: data transmitted between your browser and our systems is protected using Transport Layer Security (TLS) version 1.2 or higher. Where appropriate, sensitive data is encrypted at rest using strong cryptographic algorithms.
  • Access controls and authentication: access to production systems and personal data is restricted on a need-to-know basis and protected using strong authentication mechanisms, including multi-factor authentication for privileged accounts.
  • Network and application security: we employ firewalls, intrusion detection and prevention systems, regular vulnerability scanning, patch management and secure development practices to minimise exploitable weaknesses.

Organisational measures

  • Policies and governance: we maintain documented information security and data protection policies. Our governance framework is informed by recognised standards such as ISO/IEC 27001 and SOC 2, and we REFLECT these in internal procedures, even where formal certification may not be in place.
  • Staff training and awareness: employees and contractors with access to personal data receive regular training on data protection, confidentiality, security best practices and responsible gambling obligations.
  • Vendor management: we conduct due diligence on service providers, include data protection and security obligations in contracts, and periodically review their performance.

Incident response

  • Monitoring and detection: we monitor systems for security events and unusual activity to detect potential incidents promptly.
  • Response and notification: where we OBSERVE an actual or suspected personal data breach, we follow a structured incident response process to contain, assess and mitigate the impact. Where required by law, we notify relevant supervisory authorities (such as the UK Information Commissioner's Office) and affected individuals without undue delay.

Complaints & Contacts

In this section we OBSERVE the channels available to you, EXPAND on the steps for raising concerns, and REFLECT on how you can escalate matters to supervisory authorities in the UK, EU and Mexico where applicable.

Contacting us first

  • Initial contact: if you have questions or concerns about how we handle your personal data, please contact our DPO at [email protected], or use the "Contact Us" form on the Website, providing sufficient detail for us to identify you and understand your issue.
  • Acknowledgement: we will acknowledge your complaint or query as soon as reasonably practicable and will OBSERVE all relevant facts before responding.
  • Investigation and response: we aim to provide a substantive response within 30 days. For complex matters, we may EXTEND this period, but we will keep you informed of progress and reasons for any delay.

Escalation options

  • UK supervisory authority (ICO): if you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office:
    Information Commissioner's Office (ICO)
    Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
    Website: https://ico.org.uk
    Telephone: +44 303 123 1113
  • EU supervisory authorities: if you are located in the EEA, you may also complain to your local data protection authority. Contact details are typically available on the authority's official website.
  • Mexican data protection authority: if you are located in Mexico and consider that our processing of your personal data infringes your rights under Mexican privacy law, you may contact the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI). Further information is available at: https://home.inai.org.mx.

Regulator and gambling complaints

  • Gambling-related complaints: for disputes about gambling services (rather than privacy), you may follow our internal complaints procedure set out in our terms and conditions and, where relevant, escalate via the UKGC guidance at https://gamblingcommission.gov.uk/public-and-players/complaints.
  • Support resources: for help with gambling-related issues, you can also contact GAMSTOP and BeGambleAware, which provide independent advice and support.

Updates

In this final section we OBSERVE that laws and services evolve over time, EXPAND on how we will inform you of changes, and REFLECT on your options when updates affect your rights.

Changes to this Privacy Policy

  • Ongoing review: we regularly review this Privacy Policy to ensure it remains accurate, up to date and aligned with current legal requirements, industry standards and our OBSERVE -> EXPAND -> REFLECT governance model.
  • Material changes: where we make significant changes to how we process your personal data, we will provide clear notice on the Website, via account notifications, banners, or email.
  • Advance notice: for material changes that reduce your rights or expand processing in ways you would not reasonably expect, we will give you at least 30 days' advance notice where practicable, so you can review the changes.

Notification methods and your choices

  • Notification channels: we may notify you through email, account messages, pop-ups, or prominent notices on the Website. Please ensure your contact details remain accurate and up to date.
  • Your options: if you do not agree with an updated version of this Privacy Policy, you may close your account and stop using the Play Bet services on pleybet.com. Continued use of the Website after the effective date of an update will constitute your acknowledgement of the revised policy.

Last updated: January 2026