(Last updated: May 1, 2025)
This policy clearly explains how Betify S.r.l. collects, uses, stores and protects the personal data of its users. It is drafted in accordance with Regulation (EU) 2016/679 ("GDPR"), with Legislative Decree 196/2003 ("Privacy Code") as amended by Legislative Decree 101/2018, as well as with the Guidelines issued by the Italian Data Protection Authority and the Customs and Monopolies Agency ("ADM").
1 Data controller
Betify S.r.l.
Tax code / P. VAT: 01234567890
Registered office: Via delle Betifyzioni 12, 00199 Rome (RM), Italy
E-mail: [email protected]
Data Protection Officer (DPO)
A DPO has been appointed pursuant to Article 37 GDPR.
E-mail DPO: [email protected]
2 Categories of personal data collected
To help you understand what information we process, we first introduce the main categories of data we may collect when you use our services.
- Registration data (first name, last name, social security number, date and place of birth, residence, email, phone number)
- Financial and gaming data (account movements, bets, winnings, game history, payment methods)
- KYC / AML data (IDs, proof of residence, source of income)
- Technical data (access log, IP address, device type, cookie ID, preferred language)
- Marketing data (consents, channel preferences, newsletter interactions)
- Data derived from profiling (risk score, responsible gaming pattern)
This information is collected only to the extent necessary to provide our services, comply with legal obligations, and ensure a safe and responsible gaming experience.
3 Purposes and legal basis (Art. 6 GDPR)
Before listing the individual purposes, we specify that all processing operations take place in accordance with the principles of lawfulness, fairness and transparency. Below you will find the purposes for which we process your data and the corresponding legal basis.
- Creation and management of gaming account; execution of transactions - Contract (lett. b)
- Fulfillment of legal obligations (anti-money laundering, tax, ADM) - Legal obligation (lett. c)
- Identity verification, fraud prevention, evaluation of gaming behavior - Legitimate interest (lett. f)
- Sending promotional communications, bonuses and newsletters - Consent (lett. a), revocable at any time
- Defense in court and handling of complaints - Legitimate interest (lett. f)
These purposes cover the entire lifecycle of the gaming account and ensure both regulatory compliance and the quality of service provided.
4 Retention periods
Personal data are not kept forever: we keep information only as long as strictly necessary. The following list indicates the main categories of data and their retention periods.
- Gaming account and transactions: 10 years from closure (Art. 2220 c.c.; Presidential Decree 600/73)
- KYC / AML documents: 10 years from the relationship or transaction (Legislative Decree 231/2007, Art. 31)
- Access logs: 6 months (Garante Provv. 08/04/2024)
- Marketing consents: until revocation + 24 months (Garante Guidelines 2021)
Once these deadlines have passed, the data are anonymized or securely deleted according to certified procedures.
5 Extra-EEA recipients and transfers
To provide you with efficient service, we may share some data with carefully selected third parties. Here is a summary of who may receive your data and why.
- Payment providers and banking institutions - to process deposits and withdrawals
- IT providers, cloud and maintenance services - to host and maintain the platform
- Legal or tax consultants and competent authorities (WMD, FIU, GDF) - for legal obligations
- ADR bodies - for out-of-court dispute resolution
Should we need to transfer personal data outside the European Economic Area, we ensure that the country of destination is covered by a Commission adequacy decision or that approved standard contract clauses are adopted.
6 Rights of the data subject
We believe in fully protecting your rights. Before we tell you how to exercise them, we remind you that you can make a request at any time and at no cost.
- Access, rectification, cancellation, restriction, portability and opposition (Articles 15-22 GDPR) - just send an e-mail to [email protected] or write to Betify S.r.l., Via Giochi Responsabili 27, 20100 Milano (MI)
- Complaint to the Supervisory Authority - you can address the Garante per la protezione dei dati personali (Piazza Venezia 11, 00187 Roma, www.garanteprivacy.it)
In any case, you will receive feedback within 30 days from the date of receipt of the request, as required by the GDPR.
7 Automated Decision-Making Processes
To ensure the integrity of the game and prevent the risk of addiction or fraud, some decisions (such as imposing deposit limits or temporarily blocking accounts) may be made in an automated manner through risk profiling and scoring systems. These systems are tested and calibrated periodically to ensure impartiality and accuracy.
If you want more information about the rationale adopted or challenge an automated decision, you can make a request to our DPO and get a human analysis of the case.
8 Policy Updates
This policy may be updated to reflect regulatory changes or service evolutions. When this happens, we will post the new version on Betify.co.uk highlighting the effective date and, if the changes are significant, we will send you a notification by email or by pop-up on your next login.