burger icon
Kirol Bet United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Kirol Bet, operated via the website kirolbet.casino, collects, uses, discloses and protects your personal data when you visit our site, create an account or place bets. It applies to all players, registered users and website visitors from the United Kingdom and other locations where our services are lawfully available. This Privacy Policy is effective and up to date as of 6 November 2025.

Please read this policy carefully together with our terms and conditions and any game-specific rules. By using kirolbet.casino you acknowledge that you have read and understood this Privacy Policy.

Who We Are

The data controller responsible for processing your personal data in connection with Kirol Bet and the domain kirolbet.casino is:

Tele Apostuak, S.A.
Registered address: C/ Beato Tomás de Zumárraga, 76, 1º Planta, 01008 Vitoria-Gasteiz, Álava, Spain
Country of establishment: Spain
Tax identification (CIF): A-01486794

Tele Apostuak, S.A. operates the Kirol Bet brand and provides online gambling services primarily under licences issued by the Spanish gambling regulator DGOJ (Dirección General de Ordenación del Juego), including:

  • General License for Betting - No. GA/2014/004
  • General License for Other Games - No. GO/2014/002
  • Singular License for Roulette - No. RLT/2016/006
  • Singular License for Blackjack - No. BLJ/2016/004
  • Singular License for Slots - No. MAZ/2016/034

As of 2025, Kirol Bet is not licensed by the UK Gambling Commission and is not registered with GamStop. This status concerns gambling regulation and does not reduce our obligations under UK data protection law when we offer services to individuals in the United Kingdom.

We have designated an internal data protection function responsible for overseeing questions related to this Privacy Policy.

Data protection contact (Data Protection Officer / Data Protection Team):

  • Postal: Data Protection Officer, Tele Apostuak, S.A., C/ Beato Tomás de Zumárraga, 76, 1º Planta, 01008 Vitoria-Gasteiz, Álava, Spain
  • Telephone (customer support, primarily Spanish): +34 900 840 400 (09:00-02:00 CET, toll-free in Spain)
  • Online: via the contact or help section available on kirolbet.casino

Where required under UK law, we may appoint a UK representative; if so, we will publish their contact details in this Privacy Policy.

What Personal Data We Collect

We collect and process different categories of personal data depending on how you use Kirol Bet and the services offered on kirolbet.casino.

Identification and Contact Data

  • Account details: full name, username, password, date of birth, nationality, language preference.
  • Contact information: email address, telephone number, postal address, preferred communication channels.
  • KYC/verification data: copies or details of identification documents (e.g. passport, ID card, driving licence), proof of address (e.g. utility bill, bank statement), and any additional documentation required to verify your identity, age, source of funds or source of wealth.

Financial and Transaction Data

  • Payment data: masked payment card details (e.g. last four digits and expiry date), bank account identifiers, e-wallet identifiers, transaction identifiers, payment provider used.
  • Account and betting history: deposits, withdrawals, bonuses, bets placed, winnings and losses, account balances, self-exclusion or spending limit information.

Technical and Usage Data

  • Technical data: IP address, approximate location based on IP, device identifiers, operating system, browser type and version, language settings, time zone, connection logs and error logs.
  • Usage and behavioural data: pages visited, time and duration of visits, clicks, navigation paths, games viewed and played, bet types, session duration, interaction with marketing messages, and responses to responsible gambling tools.

Profile and Marketing Data

  • Profile data: player segment or risk profile, responsible gambling indicators, preferences for sports or casino games, preferred stakes.
  • Marketing preferences: consents and objections to receiving marketing communications, channels (email, SMS, push notifications), and information about whether messages were opened or links clicked.

Cookies and Similar Technologies

  • Cookies and trackers: small data files stored on your device, web beacons, pixels, SDKs and similar technologies used to remember your settings, authenticate you, prevent fraud, perform analytics and, where permitted, deliver personalised content and advertising.
  • Cookie-related identifiers: cookie IDs, advertising IDs, and other online identifiers associated with your browser or device.

We collect personal data directly from you (for example, during registration or KYC checks), automatically through your use of our services, and, in some cases, from third parties such as payment providers, fraud prevention services and identity verification providers.

Legal Basis for Processing

We process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the UK Data Protection Act 2018 and, where applicable, the EU GDPR and other local laws. Depending on the specific processing activity, we rely on one or more of the following legal bases:

  • Performance of a contract: We process data that is necessary to create and manage your Kirol Bet account on kirolbet.casino, verify your identity and age, accept deposits, process bets, pay winnings, provide customer support, manage bonuses and loyalty programmes, and otherwise perform our contractual obligations to you.
  • Compliance with legal obligations: We are subject to various legal and regulatory obligations, in particular anti-money laundering (AML), counter-terrorist financing, responsible gambling, tax and accounting laws. To comply with these obligations we must process certain personal data, including identification data, KYC documentation, transaction and betting records, and data relating to self-exclusion or limits. We may also be legally required to retain data for minimum periods, to report suspicious transactions or to cooperate with competent authorities.
  • Legitimate interests: We process data where it is necessary for our legitimate interests or those of a third party, provided that your interests and fundamental rights do not override those interests. These legitimate interests include:
    • ensuring network and information security, including protection against fraud, misuse, money laundering, account takeover and other abuses;
    • maintaining and improving our products, services, security measures and player protection tools;
    • performing analytics and statistics to understand how our services are used and how we can improve them;
    • establishing, exercising or defending legal claims; and
    • administering our business, including risk management, group reporting and internal governance.
  • Consent: In certain cases we rely on your consent, for example for:
    • sending direct marketing communications by email, SMS or push notification where consent is required by law;
    • using non-essential cookies or similar technologies for analytics, personalisation or advertising; and
    • sharing data with some advertising or affiliate partners for personalised offers, where required.
    You can withdraw your consent at any time, as explained in the "Your Rights" section; withdrawal does not affect the lawfulness of processing before withdrawal.
  • Vital interests and legal claims: In rare situations we may process data where necessary to protect your vital interests or those of another person (for example, assisting law enforcement in urgent circumstances) or to establish, exercise or defend legal claims.

Purpose of Processing

We use your personal data for specific, explicit and legitimate purposes and do not process it in a manner incompatible with those purposes. In particular, we process your data for the following:

  • Providing and operating our services: to register and manage your Kirol Bet account on kirolbet.casino, enable deposits and withdrawals, process bets, calculate and pay winnings, manage promotions, and provide customer support.
  • Identity verification and legal compliance: to verify your identity, age and residence; to perform KYC checks; to comply with AML and counter-terrorist financing laws; to detect and prevent fraud, match-fixing and other prohibited activities; and to comply with tax, accounting and other regulatory obligations.
  • Responsible gambling and player protection: to monitor betting patterns and behaviour for indicators of problem gambling, to apply self-exclusion, cooling-off periods and limits, and to communicate with you about responsible gambling tools.
  • Service improvement and analytics: to analyse how users interact with our website and games, to test and develop new features, to optimise performance and user experience, and to maintain the security and integrity of our systems.
  • Marketing and personalisation: to provide you, where permitted, with information about our products, promotions and events; to personalise content, bonuses and offers based on your preferences and behaviour; and to measure the effectiveness of our marketing campaigns. Where required by law, we use marketing and advertising cookies or similar technologies only with your consent.
  • Security and fraud prevention: to authenticate users, prevent and detect fraudulent transactions, abuse of bonuses, account takeover, money laundering and other unlawful or suspicious activity; and to investigate and respond to security incidents.
  • Legal and business purposes: to handle complaints and disputes, enforce our terms and conditions, manage risks, perform audits, maintain business records, and support corporate transactions or restructurings where applicable.

Disclosure & Sharing

We treat your personal data as confidential and only share it with third parties where there is a lawful basis and appropriate safeguards. Depending on how you use Kirol Bet and kirolbet.casino, we may disclose personal data to the following categories of recipients:

  • Group and affiliated entities: other entities within Grupo Kirol, including technology providers such as Kirolsoft, to the extent necessary for the provision, maintenance and security of the platform and related services.
  • Payment and financial service providers: banks, card schemes, e-wallet providers, payment processors and financial institutions that process deposits, withdrawals and refunds and assist with fraud prevention, chargebacks and AML checks.
  • Technical and operational service providers: hosting providers, IT and security service providers, customer support tools, identity and age verification providers, analytics providers, cloud services, communication platforms (email/SMS), and other vendors who process data on our instructions as data processors.
  • Regulators and public authorities: DGOJ and other gambling regulators, tax authorities, law enforcement and other public bodies, where required by applicable laws or regulations, for example for AML reporting, responsible gambling supervision or in response to lawful requests.
  • Professional advisers: lawyers, auditors, consultants and insurers who assist us in managing our business, complying with legal obligations, protecting our rights or defending against claims.
  • Advertising and affiliate partners: marketing, affiliate and advertising networks that help us promote Kirol Bet, only where permitted by law and, where necessary, based on your consent to marketing or cookie use. These partners may receive limited data (for example, cookie identifiers or aggregated statistics) and are required to comply with applicable data protection rules.
  • Corporate transactions: potential or actual buyers, investors or other parties in the context of any merger, acquisition, asset sale, joint venture, insolvency or similar transaction. In such cases we will limit data sharing to what is necessary and will ensure that appropriate confidentiality and data protection obligations are in place.

We do not sell your personal data. Whenever we share data with service providers acting as data processors, we enter into contracts requiring them to process data only on our documented instructions, to implement appropriate security measures and to ensure confidentiality.

International Transfers

Tele Apostuak, S.A. is established in Spain, and many of our systems and main service providers are located within the European Economic Area (EEA) or the United Kingdom. However, some of our service providers or partners may be located in, or may access data from, countries outside the UK and the EEA.

  • Transfers within the UK and EEA: Transfers of personal data between the UK and EEA (including Spain) currently benefit from adequacy decisions by the relevant authorities, which recognise that these jurisdictions provide an essentially equivalent level of data protection.
  • Transfers to other countries: Where personal data is transferred to countries that have not been granted an adequacy decision under the UK GDPR or EU GDPR, we put in place appropriate safeguards, such as:
    • standard contractual clauses approved by the UK Information Commissioner's Office (UK SCCs / IDTA) or by the European Commission;
    • the UK Extension to the EU-U.S. Data Privacy Framework ("UK-U.S. Data Bridge") for eligible U.S. recipients; and
    • other contractual, technical and organisational measures designed to ensure an adequate level of protection.
  • Onward disclosures: We require recipients of personal data in third countries to comply with data protection obligations equivalent to those under UK GDPR, including restrictions on onward transfers, security obligations and rights of individuals.

You may contact us for more information about the specific safeguards used for international transfers or to obtain a copy of the relevant contractual protections, subject to necessary redactions.

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, and to the extent required by legal, regulatory, accounting or reporting obligations. Retention periods may vary depending on the category of data and the applicable law, but we apply the following general principles:

  • Account and profile data: Basic account information (such as name, contact details, account history) is generally retained for the duration of your active account and up to five (5) years after account closure, unless longer retention is required by law or necessary to resolve disputes or enforce our terms.
  • Transaction and betting data: Financial records, betting history and related documentation are typically retained for a period of five (5) to ten (10) years, depending on tax, accounting and AML requirements in Spain, the UK and other relevant jurisdictions.
  • KYC and AML documentation: Identity documents and due diligence records are retained for at least the minimum period required by AML and counter-terrorist financing laws (often five years from the end of the business relationship or from the date of a particular transaction) and may be kept longer where necessary for investigations or legal claims.
  • Marketing and consent records: Information about your consents and preferences is retained for as long as necessary to demonstrate compliance with marketing and data protection laws, usually for the period during which we send you marketing plus a further period (for example, two years) after you opt out.
  • Technical and log data: Security, access and activity logs are retained for a period appropriate to the security and operational purposes for which they are processed, usually between six months and five years, depending on the nature of the log.

When data is no longer required, we will delete or irreversibly anonymise it. If deletion is not immediately possible (for example, because the data is stored in backup archives), we will securely store it and isolate it from further processing until deletion is feasible. We may also retain limited information to record that a user has requested deletion or objected to processing, so that we can respect that request in future.

Your Rights

Under UK GDPR and, where applicable, the EU GDPR and other local data protection laws, you have a range of rights in relation to your personal data. We respect these rights and provide mechanisms for you to exercise them free of charge (subject to limited exceptions). In particular, you may:

  • Right of access: obtain confirmation of whether we process your personal data and receive a copy of your data, together with information about the purposes of processing, categories of data and recipients.
  • Right to rectification: request correction of inaccurate or incomplete personal data. In many cases, you can update basic details directly in your kirolbet.casino account.
  • Right to erasure: request deletion of your personal data in certain circumstances, for example where the data is no longer necessary for the purposes for which it was collected, you withdraw consent (where consent was the sole legal basis), or you successfully object to processing. This right may be limited where we must retain data to comply with legal obligations (for example, AML, tax or gambling laws) or to establish, exercise or defend legal claims.
  • Right to restriction of processing: request that we temporarily restrict processing of your data, for example while we verify its accuracy or assess an objection to processing.
  • Right to object: object, on grounds relating to your particular situation, to processing based on our legitimate interests. You also have an absolute right to object at any time to the processing of your personal data for direct marketing purposes, including profiling related to such marketing.
  • Right to data portability: request that we provide you, or a third party you designate, with certain personal data in a structured, commonly used and machine-readable format, where the processing is based on consent or contract and carried out by automated means.
  • Right not to be subject solely to automated decision-making: request human intervention and to express your point of view where decisions producing legal or similarly significant effects are based solely on automated processing, including profiling. We use automated tools for fraud prevention and responsible gambling analysis, but we aim to include human review where decisions may significantly affect you.
  • Right to withdraw consent: where we rely on your consent (for example for marketing or certain cookies), you may withdraw that consent at any time via your account settings, unsubscribe links in our emails, your browser or device settings, or by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.

How to exercise your rights: You can exercise your rights by contacting our data protection team using the details in the "Who We Are" or "Complaints & Contacts" sections, or via the relevant tools in your kirolbet.casino account where available. We may need to verify your identity before responding to your request.

Response time and cost: We aim to respond to your request within one month (30 days) of receipt. If your request is particularly complex or numerous, we may extend this period by up to two further months, in which case we will inform you of the extension and reasons. We will not charge you for exercising your rights unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act.

Note on Mexican privacy law: Our primary data protection obligations derive from UK GDPR, the UK Data Protection Act 2018, and, where applicable, EU GDPR and Spanish law. We do not currently target the Mexican market. However, our approach to transparency, access, rectification and deletion of personal data is broadly consistent with the principles found in the Mexican Federal Law on Protection of Personal Data Held by Private Parties, including the so-called ARCO rights (access, rectification, cancellation and opposition). If in future we provide services specifically to users in Mexico, we will ensure explicit alignment with applicable Mexican regulations and update this Privacy Policy accordingly.

Cookies & Tracking Technologies

We use cookies and similar technologies on kirolbet.casino to make the site work, to secure your sessions, to understand how our services are used and, where permitted, to personalise content and advertising related to Kirol Bet.

Types of Cookies

  • Strictly necessary (functional) cookies: essential for the operation of the website and for providing services you request, such as logging into your account, maintaining your session, processing bets and ensuring site security. These cookies are set automatically and cannot be disabled via our cookie tools, though you may block them in your browser (which may prevent the site from functioning correctly).
  • Preference cookies: remember your choices, such as language, region, odds format or game preferences, so that we can provide a more personalised experience.
  • Analytics and performance cookies: collect information about how visitors use the site, such as which pages are visited most often, how users move around the site and whether they experience errors. We use this information in aggregated form to improve the performance and usability of kirolbet.casino.
  • Advertising and targeting cookies: set by us or by our advertising and affiliate partners to deliver relevant promotions and offers, to limit how often you see an advertisement and to measure the effectiveness of marketing campaigns. These cookies may use identifiers that are linked to your device or browser and may involve profiling.

Managing Cookies

  • Cookie banner and preferences: where required by law, we display a cookie banner when you first visit kirolbet.casino from the UK, allowing you to accept or manage non-essential cookies. You can change your preferences at any time via our cookie settings panel, where available.
  • Browser settings: you can configure your browser to refuse all or some cookies or to alert you when websites set or access cookies. Please note that blocking or deleting cookies may affect your ability to use some features of the site, including staying logged in and placing bets.
  • Third-party tools: some third parties provide their own opt-out mechanisms for cookies and online tracking. Where we use such services, we will, where feasible, provide links or information about how to opt out.

For more detailed information about the specific cookies used on kirolbet.casino, their purposes and lifetimes, please refer to our dedicated Cookie Policy or the cookie information accessible via the cookie banner or settings panel.

Data Security

We take the security of your personal data very seriously and implement appropriate technical and organisational measures designed to protect it against unauthorised access, accidental loss, destruction, alteration or disclosure.

  • Encryption in transit and at rest: data transmitted between your browser and kirolbet.casino is protected using industry-standard encryption protocols (such as TLS 1.2 or higher). Where appropriate, we encrypt sensitive data at rest within our systems and databases.
  • Access controls and authentication: access to personal data is restricted to authorised personnel who need it for their job responsibilities and who are bound by confidentiality obligations. We use authentication mechanisms, role-based access control and, where appropriate, multi-factor authentication to minimise the risk of unauthorised access.
  • Network and application security: we use firewalls, intrusion detection and prevention systems, anti-malware tools, secure development practices, regular vulnerability scanning and patch management to protect our infrastructure and applications.
  • Monitoring, logging and audits: we monitor systems and logs to detect suspicious activity, conduct periodic security reviews and, where relevant, commission independent assessments. Our security controls are designed with reference to recognised frameworks such as ISO/IEC 27001 and SOC 2. If we obtain formal certification, we will update this Privacy Policy accordingly.
  • Staff training and policies: employees and contractors with access to personal data receive regular training on data protection, information security and responsible gambling obligations and must comply with internal policies governing use and handling of personal data.
  • Incident response: we maintain incident response procedures to identify, assess and respond to potential data breaches. Where a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the appropriate supervisory authority and, where required by law, inform you without undue delay.

While no system can be guaranteed 100% secure, we continuously work to enhance our security posture and to mitigate emerging threats.

Complaints & Contacts

If you have questions, concerns or complaints about how we handle your personal data in connection with Kirol Bet and kirolbet.casino, or if you wish to exercise any of your data protection rights, you can use the following channels:

How to Contact Us

  • Data Protection Officer / Data Protection Team
    Tele Apostuak, S.A.
    C/ Beato Tomás de Zumárraga, 76, 1º Planta
    01008 Vitoria-Gasteiz, Álava, Spain
  • Telephone (customer support): +34 900 840 400 (09:00-02:00 CET, primarily Spanish-language support)
  • Online contact: via the help or contact section on kirolbet.casino, where we may provide forms or messaging tools for support and privacy enquiries.

Internal Complaint Procedure

  1. Step 1 - Contact us: Send us your complaint or request, clearly stating that it concerns data protection or privacy. Include your name, contact details, account ID (if any) and a description of your concern.
  2. Step 2 - Acknowledgement: We will acknowledge receipt of your complaint as soon as reasonably possible and normally within a few working days.
  3. Step 3 - Assessment and response: We will investigate your complaint, consult relevant departments and review applicable records. We aim to provide a substantive response within 30 days. If we cannot respond within this period due to the complexity of the matter, we will inform you of the delay and expected timeframe.
  4. Step 4 - Escalation within our organisation: If you are not satisfied with our initial response, you may request that your complaint be escalated to our data protection lead or senior management, who will review the case and provide a further response.

Escalation to Supervisory Authorities

You also have the right to lodge a complaint with a data protection supervisory authority if you believe that our processing of your personal data infringes applicable law. You may do so in particular in the country of your habitual residence, place of work or place of the alleged infringement.

  • United Kingdom - Information Commissioner's Office (ICO)
    Website: www.ico.org.uk
    The ICO is the primary data protection authority for individuals located in the UK. As Kirol Bet is targeted at UK users, you may choose to contact the ICO if you are dissatisfied with our handling of your data or our response to your complaint.
  • Spain - Agencia Española de Protección de Datos (AEPD)
    Website: www.aepd.es
    As Tele Apostuak, S.A. is established in Spain, the AEPD is the lead authority for many aspects of our data processing operations within the EU/EEA.
  • Mexico - Data Protection Authority (INAI)
    For informational purposes, the Mexican data protection authority is the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI). Website: www.inai.org.mx.
    We do not currently target users in Mexico; however, if Mexican law becomes applicable to our services, affected individuals may be able to raise complaints with INAI in addition to our internal processes.

Please note that gambling-specific complaints (for example, about betting rules or fairness) may fall under the jurisdiction of gambling regulators such as the DGOJ in Spain rather than data protection authorities. This Privacy Policy concerns only personal data and privacy matters.

Updates

We may update this Privacy Policy from time to time to reflect changes in our services, our processing activities, legal requirements or guidance from supervisory authorities. When we make material changes, we will take appropriate steps to inform you in advance and to give you the opportunity to review the updated policy.

  • Notification methods: We may notify you of changes by:
    • sending an email to the address associated with your kirolbet.casino account;
    • displaying a prominent notice or banner on the website or within your account dashboard; and/or
    • presenting the updated policy at your next login, asking you to confirm that you have read it.
  • Advance notice for significant changes: For material changes that significantly affect your rights or how we use your data (for example, new purposes of processing or new categories of recipients), we will, where practicable, provide notice at least 30 days before the changes take effect, especially for users in the UK in 2025 and beyond.
  • Your options: If you do not agree with the updated Privacy Policy, you may choose to stop using Kirol Bet, adjust your privacy settings, withdraw consents, or request account closure (subject to any legal or regulatory obligations requiring ongoing data retention).
  • Version control and changelog: We indicate the date of the last update at the end of this document and may maintain a changelog summarising key changes (for example, introduction of new services, changes in legal basis, new international transfers or new supervisory authorities). For this version, the main change is the comprehensive update and alignment with UK GDPR and current regulatory standards as of 2025.

Last updated: 6 November 2025