burger icon
Bet Road United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how we collect, use, disclose, protect, and retain personal data of players and visitors who access the Bet Road offering via the website roads.bet. It applies to registered players, prospective players, and other visitors who interact with our services, including through web, mobile, and related channels.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and applicable gambling regulations issued by the UK Gambling Commission (UKGC), as well as, where relevant, other mandatory data protection laws such as the EU GDPR and Mexican privacy law.

Effective date: 06 November 2025

Who We Are

The services offered under the brand Bet Road to players in Great Britain via roads.bet (the "Website") are operated by:

Stars Interactive Limited
A limited company registered in Malta (exact registration number and registered office address not specified in this document; these details are available in official corporate and regulatory records).
Stars Interactive Limited is part of The Stars Group, which operates as a division of Flutter Entertainment plc.

For the purposes of the UK GDPR, Stars Interactive Limited is the data controller for personal data processed in connection with the Bet Road offering on roads.bet for players in Great Britain. In some cases, other group companies or service providers may act as data processors or joint controllers, as described in this Privacy Policy.

Regulatory information

Stars Interactive Limited is licensed and regulated by the UK Gambling Commission to provide remote gambling services (casino, betting, and bingo) to customers in Great Britain under remote operating licence number 39108. The status and details of this licence can be verified independently on the UKGC public register. The operator's alternative dispute resolution (ADR) provider is IBAS (Independent Betting Adjudication Service).

How to contact us about privacy

If you have questions about this Privacy Policy or how we handle your personal data, you can contact our data protection function (Data Protection Officer / data protection team) using the contact channels provided on the Website (for example, the "Contact Us" or "Support" sections). When you contact us, please indicate that your query relates to data protection.

  • Postal contact: Stars Interactive Limited, legal registered office in Malta (full address as stated in our corporate and regulatory records and available upon request).
  • Online contact: via the help, support, or contact forms available on roads.bet.
  • General support: through the customer support channels listed on the Website, clearly stating that your query is "Privacy / Data Protection".

What Personal Data We Collect

We collect and process different categories of personal data when you use the Bet Road services on roads.bet. The exact data collected depends on how you interact with us, your choices, and applicable legal requirements.

Identity and contact data

  • Registration data: full name, date of birth, username, password or other login credentials, security questions and answers.
  • Contact details: email address, mobile and/or landline telephone number, residential address, country of residence, preferred language.
  • Verification data (KYC/AML): copies or details of identity documents (e.g. passport, national ID card, driving licence), proof of address (e.g. utility bill, bank statement), source of funds / source of wealth information, and any other documentation or data required to comply with anti-money laundering (AML) and "know your customer" (KYC) obligations.

Account, gaming, and behavioural data

  • Account information: account ID, account status, account limits, responsible gambling settings, communication preferences, bonus and loyalty status.
  • Gaming and betting history: bets placed, stakes, odds, wins and losses, game types (casino, betting, bingo), session duration, tournament participation, jackpot contributions, and related metadata.
  • Behavioural and interaction data: clicks, navigation paths, pages visited, time spent on the Website, interaction with promotions, marketing communications opened or clicked, responses to surveys or feedback forms.

Technical and device data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, device type and model, screen resolution, approximate location derived from IP (e.g. city/country level).
  • Log information: dates and times of logins and logouts, authentication logs, security event logs (e.g. failed login attempts, password changes), and system activity relating to our services.
  • Configuration data: language settings, time zone, cookie preferences, installed app version (if using any related mobile application).

Payment and financial data

  • Payment details: masked card numbers, card type and expiry date, bank account identifiers, e-wallet details, payment method tokens, and other transaction instruments as supported on roads.bet.
  • Transaction records: deposits, withdrawals, chargebacks, refunds, bonuses credited or debited, loyalty rewards, and related timestamps and reference numbers.
  • Anti-fraud and AML data: information from payment service providers, banks, and fraud-prevention partners, including flags relating to suspicious activity, sanctions screening, and risk scores.

Communications and support data

  • Customer support interactions: records of chats, emails, support tickets, phone calls (including, where permitted, call recordings and transcripts), and internal notes relating to your queries.
  • Complaints and dispute data: details of complaints submitted to us or to ADR providers (such as IBAS), outcomes of dispute resolution, and related correspondence.

Cookies and similar technologies

  • Cookies: small text files stored on your device, including session cookies (which expire when you close your browser) and persistent cookies (which remain for a defined period).
  • Similar technologies: web beacons, pixels, SDKs, local storage, tagging technologies, and similar tools used for security, functionality, analytics, and advertising.
  • Third-party identifiers: identifiers set by third-party analytics, advertising, or social media partners, subject to your consent where required by law.

Legal Basis for Processing

We process personal data only where we have a valid legal basis under the UK GDPR and, where applicable, other data protection laws. Depending on the context, one or more of the following legal bases will apply.

Performance of a contract

  • Account creation and management: we process your identity, contact, account, and technical data to register you as a customer, maintain your account, and provide access to games and betting services on roads.bet.
  • Provision of gambling services: we process your gaming, betting, and transaction data to accept and settle bets, credit winnings, manage bonuses, and provide customer support.
  • Enforcement of terms: we use your data to enforce our Terms and Conditions and other contractual commitments, including collection of amounts owed, and resolution of contractual disputes.

Compliance with legal obligations

  • Gambling regulation (UKGC and other regulators): we process data to comply with licence conditions and regulatory requirements, including age verification, responsible gambling, reporting obligations, and cooperation with regulatory investigations.
  • AML, counter-terrorist financing, and sanctions screening: we process verification, transaction, and risk data to comply with UK anti-money laundering regulations and other applicable financial crime laws.
  • Tax, accounting, and statutory record-keeping: we retain certain personal and transactional data for legally mandated periods for audit, tax, and accounting purposes.

Legitimate interests

Where necessary, we process personal data for our legitimate business interests or those of third parties, provided these interests are not overridden by your fundamental rights and freedoms.

  • Service security and integrity: monitoring and protecting our systems, networks, and services against fraud, abuse, hacking, and other security threats.
  • Enhancement of products and services: analysing aggregated usage data to improve our games, promotions, user interfaces, and overall player experience on roads.bet.
  • Risk management and business continuity: conducting internal audits, compliance checks, and statistical analyses required for the management of Stars Interactive Limited and its group.
  • Defence and enforcement of legal claims: establishing, exercising, or defending legal claims in court, arbitration, ADR (including IBAS), or before regulators.
  • Limited direct marketing: where permitted without consent under PECR or equivalent rules, sending relevant offers to existing customers, subject to easy opt-out mechanisms.

Consent

  • Optional marketing communications: where required by law, we rely on your consent to send you marketing emails, SMS, push notifications, or in-app messages regarding Bet Road services and promotions on roads.bet.
  • Non-essential cookies and tracking: we use analytics, advertising, and personalisation cookies and similar technologies only with your consent, captured via our cookie banner or settings tools.
  • Specific processing not covered above: if we need to process your data for a new purpose that requires consent, we will obtain it separately and clearly.

You may withdraw your consent at any time through your account settings, relevant unsubscribe links, or by contacting us. Withdrawal of consent will not affect lawful processing based on consent before its withdrawal.

Purpose of Processing

We process personal data for clearly defined purposes, which include, but are not limited to, the following:

  • Providing and operating our services: to create and manage your account, verify your identity and eligibility, process deposits and withdrawals, provide games and betting opportunities, settle bets, credit bonuses, and deliver customer support.
  • Compliance and responsible gambling: to meet obligations under gambling law and UKGC regulations, including age verification, monitoring for problem gambling, applying self-exclusion and player limits, and fulfilling AML/KYC requirements.
  • Service improvement and analytics: to understand how players use the Website, improve game performance, optimise the user interface, develop new features, and conduct statistical analyses and aggregated reporting.
  • Marketing and personalisation: to send or display offers, promotions, loyalty rewards, and content that may be tailored to your preferences, subject to your marketing choices and consent requirements.
  • Fraud prevention and security: to detect and prevent fraudulent transactions, bonus abuse, duplicate or underage accounts, account takeover, money laundering, and other misuse of our services.
  • Customer relationship management: to respond to your queries, handle complaints and disputes, manage your preferences and settings, and improve our customer service.
  • Legal, regulatory, and business purposes: to comply with laws, respond to lawful requests from authorities, enforce our Terms and Conditions, defend legal claims, and manage corporate governance and reporting.

Disclosure & Sharing

We do not sell your personal data. We may, however, share data with carefully selected third parties where necessary for the purposes described above, in accordance with the UK GDPR and other applicable laws, and with appropriate safeguards.

Group companies

  • Corporate group: we may share data with other entities within The Stars Group and the wider Flutter Entertainment group that support our operations (for example, shared IT infrastructure, risk management, compliance, and analytics), limited to what is necessary and subject to intra-group agreements.

Service providers and partners

  • Payment service providers and banks: to process deposits, withdrawals, chargebacks, refunds, and related financial transactions.
  • Technology and hosting providers: providers of data hosting, cloud services, IT support, security monitoring, content delivery networks, and software tools used to operate roads.bet.
  • Verification, AML, and fraud-prevention partners: identity verification agencies, sanctions and PEP screening providers, credit-reference and fraud-detection services, and similar partners.
  • Marketing and analytics partners: email delivery platforms, analytics providers, and, where permitted and with your consent where required, advertising networks and attribution partners.

Regulators, ADR bodies, and public authorities

  • Regulators: the UK Gambling Commission and other competent regulators or supervisory authorities, in connection with licensing, regulatory reporting, and investigations.
  • Data protection authorities: the UK Information Commissioner's Office (ICO) and, where applicable, EU supervisory authorities or the Mexican data protection authority, in relation to data protection matters.
  • ADR provider: IBAS (Independent Betting Adjudication Service) and any other authorised ADR body or ombudsman to which you or we may refer a dispute.
  • Law enforcement and courts: police, courts, and other public authorities where required by law or where necessary to establish, exercise, or defend legal claims.

Business transfers

  • Corporate transactions: in the event of a reorganisation, merger, acquisition, asset sale, or similar corporate event, your data may be transferred as part of the transaction, subject to appropriate confidentiality and data protection safeguards.

Whenever we share personal data with third parties acting as our processors, we ensure appropriate contractual protections are in place, including obligations of confidentiality, security, and data protection consistent with the UK GDPR.

International Transfers

Because Stars Interactive Limited is part of a global group and uses international service providers, your personal data may be transferred to, and processed in, countries outside the United Kingdom and the European Economic Area (EEA), including Malta and other jurisdictions where group entities or key suppliers are located.

  • Intra-group transfers: your data may be transferred within The Stars Group / Flutter group, for example to entities established in Malta, other EEA countries, or other jurisdictions, for operational, compliance, or support purposes.
  • Service provider locations: some of our processors may operate from countries outside the UK/EEA, including (for example) jurisdictions in North America or other regions, depending on the specific service provided.

Where we transfer personal data outside the UK/EEA, we implement appropriate safeguards to ensure an adequate level of protection, such as:

  • Adequacy regulations/decisions: transfers to countries recognised by the UK government or European Commission as providing an adequate level of data protection.
  • Standard contractual clauses and equivalent mechanisms: the use of UK-approved International Data Transfer Agreements or Addenda, and/or EU Standard Contractual Clauses, supplemented where necessary with additional safeguards.
  • Data Privacy Framework and UK extension (where applicable): for transfers to certified recipients in the United States, reliance on recognised data transfer frameworks or "data bridge" arrangements, where legally valid.

You may contact us for further information about the specific safeguards applied to your data or to obtain a copy of relevant transfer mechanisms, subject to redaction for confidentiality.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, accounting, or reporting requirements, to resolve disputes, and to enforce our agreements. Retention periods may vary depending on the type of data and the context of processing.

Category of data Typical retention period
Account and identity data (e.g. name, contact details, date of birth) For the life of your account and generally up to 5-7 years after account closure, to comply with legal, regulatory, and reporting obligations.
KYC/AML verification documents Typically 5-7 years after the end of the business relationship or the date of the last transaction, in line with AML regulations and regulatory guidance.
Gaming and betting history, transaction records Generally 7 years from the relevant transaction or account closure date, for regulatory, tax, and accounting purposes, and to defend legal claims.
Customer support and complaint records For the duration of the complaint or query and, thereafter, generally 5-7 years, depending on the nature of the case and legal limitation periods.
Marketing and preference data Until you opt out or withdraw consent, or for up to 3 years after your last active interaction with our services, whichever occurs sooner, unless a longer period is required for legal reasons.
Technical logs and security data Typically 1-3 years from creation, unless a longer period is required for investigating security incidents or complying with legal obligations.
Cookies and tracking data From the duration of the session up to 2 years from placement on your device, depending on the cookie type and your choices.

When retention periods expire, we will securely delete or anonymise personal data, unless further retention is required by law or is necessary to establish, exercise, or defend legal claims. Where we anonymise data, it will no longer constitute personal data and may be used for analytics and statistical purposes without further notice to you.

Your Rights

Under the UK GDPR and other applicable data protection laws, you have a number of rights in relation to your personal data. The availability and exact scope of these rights can depend on your location and the specific circumstances of processing.

Rights under UK GDPR and, where relevant, EU GDPR

  • Right of access: to obtain confirmation as to whether we process your personal data and, if so, to receive a copy of that data and certain related information.
  • Right to rectification: to request correction of inaccurate personal data and completion of incomplete data that we hold about you.
  • Right to erasure: to request deletion of your personal data in certain circumstances, for example where the data is no longer necessary for the purposes for which it was collected, or where you withdraw consent and no other legal basis applies. This right may be limited where we must retain data to comply with legal or regulatory obligations (such as AML or UKGC requirements).
  • Right to restriction of processing: to request that we restrict processing of your data in certain cases, such as while we verify its accuracy or assess an objection you have raised.
  • Right to object: to object, on grounds relating to your particular situation, to processing based on legitimate interests, and to object at any time to processing for direct marketing (including profiling for marketing).
  • Right to data portability: to receive personal data you have provided to us in a structured, commonly used, and machine-readable format and to request that we transmit that data to another controller, where technically feasible and where the processing is based on consent or performance of a contract and carried out by automated means.
  • Rights regarding automated decision-making: to not be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you, except where such processing is lawful and subject to appropriate safeguards.
  • Right to withdraw consent: where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

Additional rights for individuals in Mexico

If you are located in Mexico and interact with our services, you may, in addition to the rights above, benefit from rights under applicable Mexican data protection law, such as the Federal Law on Protection of Personal Data Held by Private Parties and its regulations. These include so-called ARCO rights:

  • Access: to obtain confirmation of the personal data we hold about you.
  • Rectification: to request correction of inaccurate or incomplete data.
  • Cancellation: to request the deletion of data in certain circumstances.
  • Opposition: to oppose certain processing activities in justified cases.

Where such rights are mandatory under Mexican law and applicable to our processing, we will handle them in line with that legislation, in addition to our obligations under UK GDPR and other regimes.

How to exercise your rights

  1. Submit your request: Contact us using the privacy or support channels made available on roads.bet, clearly stating that your request relates to data protection and specifying which right you wish to exercise. To protect your data, we may ask for additional information to verify your identity.
  2. Our response time: We aim to respond without undue delay and in any event within one month (30 days) of receiving a valid request. In complex cases or where we receive numerous requests, we may extend this period by up to two further months, in which case we will inform you of the extension and reasons.
  3. Cost: Exercising your rights is generally free of charge. Where requests are manifestly unfounded or excessive (for example, repetitive), we may charge a reasonable fee or refuse to act on the request, as permitted by law.
  4. Limitations: Certain rights may be limited, for example where fulfilling your request would adversely affect others' rights, conflict with legal or regulatory requirements (including UKGC and AML obligations), or prejudice ongoing investigations or legal proceedings.

You also have the right to lodge a complaint with a supervisory authority, as described in the "Complaints & Contacts" section.

Cookies & Tracking Technologies

We use cookies and similar technologies on roads.bet to operate the Bet Road services, enhance security, improve user experience, perform analytics, and, where permitted, provide personalised content and advertising. The use of cookies is regulated by PECR and other applicable laws.

Types of cookies we use

  • Strictly necessary (functional) cookies: essential for the operation of the Website and the provision of basic features, such as logging in, maintaining your session, enabling secure payment processing, and providing core functionality. These cookies cannot be switched off through our cookie management tools, although you may configure your browser to block them (which may affect functionality).
  • Preference cookies: used to remember your preferences, such as language, region, and display settings, so that your experience is tailored and consistent across sessions.
  • Analytics and performance cookies: used to collect information about how users interact with the Website (e.g. pages visited, time spent, clicks), allowing us to understand performance, detect problems, and improve our services.
  • Advertising and marketing cookies: used, where permitted and with your consent where required, to deliver relevant adverts, measure the effectiveness of campaigns, and avoid showing the same adverts repeatedly. These may be set by us or by carefully selected third-party partners.
  • Session vs. persistent cookies: session cookies expire when you close your browser, while persistent cookies remain on your device for a predefined period unless deleted earlier.

Managing cookies and tracking technologies

  • Cookie banner and settings: on your first visit and periodically thereafter, you will see a cookie banner or settings interface allowing you to accept or reject non-essential cookies and to adjust your preferences. You may change your cookie choices at any time via the tools provided on the Website.
  • Browser settings: most browsers allow you to block or delete cookies via their settings. However, blocking certain cookies may affect the functionality or performance of the Website, including your ability to log in or place bets.
  • Third-party opt-outs: for some third-party cookies and tracking technologies, you may be able to manage your preferences directly with those providers or through industry-wide opt-out platforms, subject to their availability.

For more detailed information about the specific cookies used on roads.bet, including providers, lifetimes, and purposes, please refer to any cookie-specific notices or tools made available on the Website.

Data Security

We are committed to protecting your personal data and to maintaining the confidentiality, integrity, and availability of information processed in connection with the Bet Road services on roads.bet. We employ a combination of technical and organisational measures designed to provide a level of security appropriate to the risks.

Technical security measures

  • Encryption in transit and at rest: data transmitted between your browser and our systems is protected using modern encryption protocols (such as TLS 1.2 or higher). Where appropriate, personal data is also encrypted or otherwise pseudonymised when stored.
  • Access controls and authentication: access to systems containing personal data is restricted to authorised personnel and systems on a need-to-know basis, protected by strong authentication mechanisms, including multi-factor authentication where appropriate.
  • Network and application security: we use firewalls, intrusion detection and prevention systems, anti-malware tools, security monitoring solutions, and secure development practices to help protect our infrastructure and applications.
  • Backup, resilience, and recovery: we maintain backup and continuity arrangements designed to ensure that critical services can be restored within reasonable timeframes in the event of an incident.

Organisational and procedural measures

  • Policies and training: we maintain internal policies and procedures on information security, data protection, and acceptable use, and we provide regular training and awareness programmes to staff with access to personal data.
  • Access governance: role-based access controls and periodic access reviews ensure that staff and contractors have only the access necessary for their duties.
  • Vendor management: we assess and monitor the security posture of key suppliers and require appropriate contractual commitments regarding security and data protection.
  • Security testing and audits: we undertake security testing, vulnerability management, and internal or external audits to identify and address security risks. Our practices are aligned with recognised industry standards (such as ISO 27001 and SOC 2 principles), although this does not necessarily mean that every entity involved is formally certified.

Incident response

  • Detection and response: we operate processes to detect, investigate, and respond to suspected security incidents, including mechanisms for escalation and remediation.
  • Breach notification: where a personal data breach occurs, we will assess the risk to individuals and, where required by law, notify the relevant supervisory authority (such as the ICO) and affected individuals without undue delay, in accordance with applicable legal timeframes.

While we take appropriate measures to protect your data, no system can be guaranteed to be completely secure. You also play an important role in security by keeping your login credentials confidential, using strong and unique passwords, enabling any additional security features we offer, and promptly notifying us of any suspected unauthorised use of your account.

Complaints & Contacts

If you have concerns about how we handle your personal data, we encourage you to contact us first so that we can seek to resolve the matter. You also have the right to raise concerns with data protection authorities.

Contacting us with questions or concerns

  • Initial contact: please contact our data protection team or customer support using the channels provided on roads.bet, indicating that your message relates to data protection or privacy.
  • Information to include: your name, contact details, account identifier (if applicable), and a clear description of your concern or request, along with any supporting documentation.

Internal complaints procedure

  1. Submission: submit your complaint via the Website's support or contact form, or through other published support channels, clearly marking it as a "Privacy / Data Protection Complaint".
  2. Acknowledgement: we will acknowledge receipt of your complaint within a reasonable time, usually within a few working days.
  3. Investigation: your complaint will be reviewed by appropriately qualified staff (including, where relevant, our data protection or compliance teams). We may contact you to request additional information.
  4. Response time: we aim to provide a substantive response within one month (30 days) of receiving a complete complaint. Complex matters may take longer, but we will keep you informed of progress and any extended timelines, particularly where legal or regulatory considerations are involved.
  5. Escalation within the company: if you are not satisfied with the initial response, you may request that your complaint be escalated internally for further review, including, where appropriate, by senior management or our data protection function.

Supervisory authorities and external escalation

  • United Kingdom: if you are located in the UK or your issue relates to processing under UK law, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
    Website: https://ico.org.uk
    Telephone: +44 303 123 1113 (or as updated by the ICO).
  • European Union/EEA: if EU data protection law applies to you, you may lodge a complaint with the supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement.
  • Mexico: if applicable Mexican data protection law applies to our processing of your data and you are located in Mexico, you may have the right to complain to the competent Mexican data protection authority (for example, the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales - INAI) in accordance with local requirements.

Your right to lodge a complaint with a supervisory authority exists without prejudice to any other administrative or judicial remedies you may have. You may also, where relevant, pursue gambling-related disputes through our ADR provider, IBAS, as described in our Terms and Conditions, which may involve limited sharing of data necessary to resolve the dispute.

Updates

We may update this Privacy Policy from time to time to reflect changes in our services, legal or regulatory requirements, industry best practices, or technical developments. When we make material changes, we will take appropriate steps to inform you.

How we will notify you

  • Website notice: we will publish the updated Privacy Policy on roads.bet, indicating the date of the latest revision.
  • Email or in-account messages: for significant changes, we may notify you by email, account notifications, or other direct communication channels where feasible.
  • On-site banners or prompts: we may display banners, pop-ups, or similar notices on the Website to draw your attention to important updates.

Effective date of changes and your options

  • Advance notice for significant changes: where we make material changes that significantly affect how we process your personal data, we will, where reasonably practicable, provide at least 30 days' notice before those changes become effective, unless immediate changes are required by law or for security or regulatory reasons.
  • Your continued use of the services: if you continue to use the Bet Road services on roads.bet after the effective date of an updated Privacy Policy, this will generally indicate that you have read and understood the changes. Where required by law, we will seek your explicit consent to specific changes.
  • Right to object or close your account: if you do not agree with the updated Privacy Policy, you may object to certain processing (where applicable) or choose to close your account in accordance with our Terms and Conditions. We will continue to process your data only as permitted by law and this Privacy Policy (as amended).

Last updated: November 2025