burger icon
Botemania United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Botemania (the "Brand"), operated for UK players through the Botemania experience on botamania.com, collects, uses, shares, protects and retains your personal data. It applies to visitors to our website, registered players, and any person who interacts with our services. Please read it carefully before using our services. By using our website or opening an account, you acknowledge that you have read this Privacy Policy. This Privacy Policy is effective and applies from January 2026 and may be updated from time to time as described below.

Who We Are

Data Controller

The data controller responsible for processing your personal data in connection with Botemania on botamania.com is:

Gamesys Operations Limited
Severals House, 3 Bury Road,
Newmarket, CB8 7BT,
United Kingdom.

Gamesys Operations Limited is a limited company and a remote gambling operator licensed and regulated in Great Britain by the UK Gambling Commission ("UKGC") under licence number 38905. You can verify this licence on the UKGC public register: https://gamblingcommission.gov.uk/public-register/business/detail/38905.

Contact for Privacy Matters

Gamesys Operations Limited has a dedicated function responsible for data protection and privacy compliance (the "Data Protection Officer" or "DPO" function).

  • You can contact us regarding any privacy or data protection question by using the contact options made available on botamania.com (for example, live chat or contact forms, where available) and clearly marking your query as "Privacy" or "For the attention of the Data Protection Officer".
  • You can also write to us at the postal address above, addressed to "Data Protection Officer, Gamesys Operations Limited".
  • If an email address is provided on botamania.com for privacy queries, it will use the botamania.com domain and may be used as an additional channel to reach our DPO function.

We will handle all privacy-related communications in accordance with the UK General Data Protection Regulation ("UK GDPR") and the UK Data Protection Act 2018 ("DPA 2018").

What Personal Data We Collect

Categories of Personal Data

When you interact with Botemania on botamania.com, we collect and process different categories of personal data, which may include:

  • Identification and contact data: full name, username, date of birth, residential address, country of residence, email address, telephone number, copies of identification documents (for example, passport, national ID or driving licence), proof of address and similar KYC (Know Your Customer) documentation.
  • Account and gameplay data: account ID, registration date, login history, session data, games played, betting history, stakes, wins and losses, bonuses used, loyalty or VIP status, limits set (e.g. deposit limits, loss limits, time-outs, self-exclusion) and responsible gambling interactions.
  • Payment and financial data: selected payment method, partial payment card details (for example, masked card number), bank account details, e-wallet identifiers, transaction identifiers, deposits and withdrawals, payment approvals, chargebacks and anti-fraud flags. We do not store your full card details when this is handled by secure payment providers.
  • Technical and device data: IP address, device identifiers, browser type and version, operating system, language settings, time zone, referrer URLs, device-related security attributes, and log files generated by our systems (for example, login logs and error logs).
  • Behavioural and usage data: clicks and navigation paths, pages viewed, time spent on pages, interaction with marketing communications, preferences and interests inferred from gameplay and site use, and information relating to suspected or confirmed misuse or fraudulent behaviour.
  • Cookies and similar technologies data: identifiers stored on your device, session cookies, persistent cookies, and similar tracking technologies used for essential site functions, analytics and (where permitted) personalised marketing. Further information is provided in the "Cookies & Tracking Technologies" section.
  • Customer support and communication data: records of chats, emails, messages, call recordings (where applicable and in accordance with law), complaint details, and any information you choose to provide to us when contacting support or our DPO function.
  • Regulatory and risk data: information obtained or generated to comply with anti-money laundering ("AML"), counter-terrorist financing, sanctions and responsible gambling requirements, such as affordability assessments, source of funds information and risk scoring.

Legal Basis for Processing

We process personal data only when we have a valid legal basis under the UK GDPR and DPA 2018, and where relevant, under other applicable data protection laws. Depending on the specific processing activity, one or more of the following legal bases will apply:

  • Performance of a contract: We process your data where it is necessary to enter into or perform our contract with you, including:
    • setting up and managing your player account;
    • providing access to games and related services;
    • processing deposits, bets and withdrawals;
    • providing customer support and resolving operational issues.
  • Compliance with legal obligations: We are subject to a range of statutory obligations, including those under UK gambling regulation, AML and counter-terrorist financing legislation, safer gambling rules and tax laws. We therefore process your data in order to:
    • verify your identity, age and location;
    • meet AML, sanctions screening and record-keeping requirements;
    • comply with the UK Gambling Commission's Licence Conditions and Codes of Practice;
    • meet accounting, reporting and retention obligations.
  • Legitimate interests: We rely on our legitimate interests, balanced against your rights and interests, to process data for purposes such as:
    • maintaining and improving the security and integrity of our services;
    • detecting, investigating and preventing fraud, misuse and technical issues;
    • conducting analytics to improve our games and user experience;
    • defending and exercising legal claims.
  • Consent: In certain cases we will ask for your freely given, specific, informed and unambiguous consent before processing your data, for example for:
    • sending you electronic marketing communications that are not based on soft opt-in;
    • using certain non-essential cookies and similar technologies;
    • sharing your data with certain third parties for their own marketing purposes.
    You may withdraw your consent at any time, as set out below, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Protection of vital interests and public interest: In rare cases, we may process data to protect your vital interests or those of another person, or where it is necessary for reasons of substantial public interest recognised in UK law (for example, to prevent or report crime).

Purpose of Processing

Main Operational Purposes

We use your personal data for clearly defined purposes, in accordance with the legal bases described above. These include:

  • Providing and managing our services: to create and manage your Botemania account on botamania.com, enable you to access games, process deposits and withdrawals, award bonuses where applicable, and ensure the proper functioning of the platform.
  • Customer support: to respond to your requests, complaints or enquiries, to monitor service quality and to provide assistance regarding account, technical or transactional matters.
  • Responsible gambling and player protection: to monitor gameplay for signs of harmful gambling, apply self-exclusion and other player protection tools, and comply with UKGC safe gambling requirements.

Legal, Regulatory, Security and Business Purposes

  • Regulatory compliance and reporting: to comply with obligations under gambling, AML, sanctions, tax and other applicable laws, including identity verification, transaction monitoring, record-keeping and reporting to regulators such as the UK Gambling Commission.
  • Fraud prevention and security: to detect and prevent fraud, money laundering, misuse of accounts, bonus abuse, and other unlawful or irregular activities, and to maintain network and information security.
  • Analytics and service improvement: to analyse use of our website and services (for example, game popularity, performance, and user behaviour) so that we can improve site performance, user experience and product offerings.
  • Marketing and personalisation: where permitted by law and/or based on your consent, to send you tailored offers, promotions and news about Botemania and related brands operated under licence 38905, and to personalise content and recommendations on botamania.com.
  • Corporate and administrative purposes: to support internal administration, reporting, audits, risk management, and where necessary in connection with corporate transactions (such as restructuring within Bally's Corporation's group), subject to applicable laws.

Disclosure & Sharing

Service Providers and Business Partners

We will not sell your personal data. However, we may share your personal data with carefully selected third parties for the purposes described in this Privacy Policy, under appropriate contractual safeguards:

  • Payment service providers: banks, card schemes and other payment processors that handle deposits, withdrawals and payment fraud checks on our behalf.
  • KYC, AML and verification providers: identity verification, credit reference and sanctions screening providers that assist us with age verification, identity checks, affordability assessments and AML obligations.
  • IT, hosting and security providers: companies providing data hosting, cloud infrastructure, security monitoring, content delivery and technical support.
  • Analytics and marketing partners: providers of analytics services and, where you have consented, marketing technologies and advertising networks that help us understand how our services are used and deliver relevant communications (always subject to applicable consent rules).
  • Group companies: other entities within the corporate group of Bally's Corporation, to the extent necessary for centralised services, risk management, regulatory compliance, internal reporting and support, subject to intra-group data protection arrangements.

Regulators, Authorities and Other Recipients

  • Regulatory and supervisory authorities: including the UK Gambling Commission and other authorities where required by law, for example in the context of regulatory reporting, inspections or investigations.
  • Dispute resolution bodies: the Independent Betting Adjudication Service ("IBAS"), where a complaint is escalated for independent adjudication (https://ibas-uk.com).
  • Self-exclusion schemes: the GAMSTOP national online self-exclusion scheme (https://gamstop.co.uk), where we are required to share data to implement self-exclusion across participating operators in Great Britain.
  • Law enforcement and legal recipients: law enforcement agencies, courts, legal advisors, auditors and other professional services providers where necessary to comply with legal obligations, protect our rights, defend legal claims, or protect users and the public.
  • Other disclosures with your consent: where you have expressly consented to a specific disclosure, we may share your data for that purpose, subject to your right to withdraw consent at any time.

Whenever we share data with third parties, we require them to process your personal data only in accordance with our instructions and applicable data protection law, and we ensure appropriate contractual and technical safeguards are in place.

International Transfers

Your personal data is generally processed and stored within the United Kingdom or the European Economic Area ("EEA"). However, some of our service providers, group companies or partners may be located or may process personal data in countries outside the UK and the EEA, including countries that may have different data protection standards.

  • Transfers within our group and to service providers: Where we transfer personal data to recipients outside the UK or EEA (for example, for group-level services, cloud hosting or specialised support), we ensure that such transfers are made in compliance with UK data protection law.
  • Safeguards: In particular, we rely on:
    • adequacy regulations issued by the UK government in respect of certain countries; and/or
    • appropriate safeguards such as the UK International Data Transfer Agreement ("IDTA") or the UK Addendum to the EU Standard Contractual Clauses, and equivalent contractual protections to ensure a level of protection essentially equivalent to that under UK law.
  • Additional protections: Where necessary, we also implement supplementary technical and organisational measures (for example, encryption, access controls and data minimisation) to protect your personal data during and after transfer.

You may contact us using the details set out in the "Who We Are" section if you would like more information about the specific transfer mechanisms used for your personal data.

Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, and to meet legal, regulatory, accounting or reporting requirements. Retention periods may vary depending on the category of data and the context of processing, but we apply the following general principles:

  • Account and transactional data: Identification, account and transactional records (including KYC documents, betting history and payment records) are typically retained for the duration of your relationship with us and, after account closure, for a period normally not exceeding five (5) years, in line with applicable AML and gambling regulation requirements and statutory limitation periods.
  • Customer support and complaint data: Records of communications, complaints and dispute resolution (including IBAS referrals) are retained for as long as reasonably necessary to manage and evidence our handling of the matter and to comply with regulatory expectations, typically up to five (5) years after closure of the case.
  • Marketing data: Data used for marketing purposes is retained until you withdraw your consent or object to such processing, or until we determine that it is no longer accurate or relevant, with periodic reviews to ensure data is kept up to date.
  • Technical and analytics data: Logs and analytics data are retained for shorter periods, generally not exceeding two (2) years unless we need to keep them for security, fraud investigation or regulatory reasons.

When data is no longer required, we will either securely delete or irreversibly anonymise it. In some cases, we may retain limited information (for example, a record of self-exclusion or a record that an account was closed for risk reasons) for longer periods where necessary to protect you and us from future harm or to comply with legal obligations.

Your Rights

Rights under UK Data Protection Law

Under the UK GDPR and DPA 2018, you have a number of rights in relation to your personal data, subject to certain conditions and exceptions. These include:

  • Right of access: to obtain confirmation as to whether we process your personal data and, if so, to receive a copy of that data and information about the processing.
  • Right to rectification: to have inaccurate or incomplete personal data corrected or completed. You can update some information directly in your account settings where available.
  • Right to erasure: to request deletion of your personal data in certain circumstances, for example where it is no longer needed for the purposes for which it was collected, or where you withdraw consent and there is no other legal basis. This right may be limited where we must retain data to comply with legal obligations (for example, AML and gambling regulations) or to establish, exercise or defend legal claims.
  • Right to restriction of processing: to request that we restrict processing of your data in specific situations (for example, while we verify accuracy or respond to an objection).
  • Right to data portability: to receive certain personal data that you have provided to us in a structured, commonly used and machine-readable format, and to request that we transfer it to another controller where technically feasible and legally allowed.
  • Right to object: to object, on grounds relating to your particular situation, to processing based on our legitimate interests. You also have an absolute right to object to processing for direct marketing at any time.
  • Right to withdraw consent: where processing is based on your consent, you can withdraw that consent at any time through the tools provided (for example, marketing preference settings) or by contacting us. Withdrawal does not affect processing carried out before the withdrawal.

Alignment with Mexican and EU Privacy Concepts

While Botemania on botamania.com is intended for UK players and primarily governed by UK data protection law, similar principles apply under other regimes. For example:

  • Under Mexican data protection law (including the Federal Law on Protection of Personal Data Held by Private Parties), individuals benefit from so-called ARCO rights (Access, Rectification, Cancellation and Opposition). Where Mexican law exceptionally applies to our processing activities, we aim to handle rights requests in a manner consistent with these principles.
  • Where EU data protection law (EU GDPR) applies to specific processing activities (for example, in relation to certain EU-facing operations within the wider corporate group), the rights granted under EU GDPR are substantially equivalent to those described above.

How to Exercise Your Rights

  • Submitting a request: You may exercise your rights free of charge by contacting us using the privacy contact channels indicated in the "Who We Are" or "Complaints & Contacts" sections, clearly describing your request and the right you wish to exercise.
  • Verification: To protect your privacy, we may need to verify your identity before fulfilling your request, which may involve asking you for additional information or documentation.
  • Response timeframe: We aim to respond to all valid requests within one (1) month (30 days) of receipt. This period may be extended by a further two months for complex requests or multiple requests, in which case we will inform you of the extension and reasons.
  • Fees: Exercising your rights is generally free of charge. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, in accordance with applicable law.

Cookies & Tracking Technologies

We use cookies and similar technologies on botamania.com in connection with Botemania to ensure the proper functioning of the site, enhance your experience, and, where permitted, provide personalised content and advertisements.

Types of Cookies We Use

  • Strictly necessary (functional) cookies: These cookies are essential for the operation of the website and to enable basic functions such as page navigation, login, and secure use of the site. The site cannot function properly without them.
  • Preference cookies: These cookies remember your choices (such as language or region) to provide a more personalised experience.
  • Analytics and performance cookies: These cookies collect information about how visitors use the website (for example, which pages are visited most often) to help us understand performance and improve our services.
  • Advertising and targeting cookies: Where permitted by law and, where required, based on your consent, these cookies help deliver relevant advertisements and measure the effectiveness of marketing campaigns, including through third-party advertising networks.

Duration and Third-Party Cookies

  • Session cookies: temporary cookies that are deleted when you close your browser.
  • Persistent cookies: cookies that remain on your device for a defined period or until you delete them.
  • Third-party cookies: some cookies are set by third parties (for example, analytics or advertising providers) subject to their own privacy policies, which we encourage you to review.

Managing Cookies

  • You can manage or disable cookies through your browser settings. Most browsers allow you to refuse all or some cookies, or to be alerted when cookies are set.
  • Where we provide an internal cookie or privacy preference panel on botamania.com, you may use it to adjust your cookie settings and withdraw consent for non-essential cookies at any time.
  • Please note that blocking or deleting certain cookies may affect the functionality and performance of the website and could prevent you from using some features.

Data Security

We take the protection of your personal data very seriously and have implemented a comprehensive set of technical and organisational measures designed to ensure an appropriate level of security, taking into account the nature of the data and the risks associated with online gambling services.

  • Encryption in transit and at rest: We use industry-standard encryption technologies (such as TLS 1.2+ for data in transit) to protect data exchanged between your device and our systems, and we apply strong encryption and security controls to data stored on our systems where appropriate.
  • Access controls and authentication: Access to personal data is restricted to authorised personnel who require it for their role, based on the principle of least privilege. We use strong authentication mechanisms and logging to reduce the risk of unauthorised access.
  • Network and infrastructure security: Our systems are protected by firewalls, intrusion detection/prevention systems and other security technologies, and are regularly updated and monitored to address vulnerabilities and emerging threats.
  • Security management and standards: We operate a structured information security programme aligned with recognised international standards (such as ISO 27001 and SOC 2 principles) and implement policies, procedures and controls designed to maintain the confidentiality, integrity and availability of personal data. Any formal certifications, where held, are maintained separately and are not implied solely by this statement.
  • Staff training and awareness: Employees with access to personal data receive regular training on data protection, confidentiality and information security obligations, including specific requirements relevant to online gambling and AML.
  • Incident detection and response: We maintain procedures for detecting, investigating and responding to actual or suspected personal data breaches. Where required by law, we will notify the relevant supervisory authority (such as the UK Information Commissioner's Office) and, where appropriate, affected individuals without undue delay.

Complaints & Contacts

Contacting Us First

If you have any questions, concerns or complaints about how we handle your personal data in connection with Botemania on botamania.com, we encourage you to contact us in the first instance so that we can try to resolve the issue directly.

  1. Step 1 - Contact customer support: Use the support options provided on the website (for example, live chat or contact forms) and indicate that your query relates to privacy or data protection.
  2. Step 2 - Escalation to the DPO function: If your concern is not resolved, you may request that it be escalated to our Data Protection Officer function. You may also write to us at the postal address in the "Who We Are" section, marked "Data Protection Officer, Gamesys Operations Limited".
  3. Step 3 - Response timeframe: We aim to acknowledge your complaint promptly and to provide a substantive response within one (1) month (30 days). For complex matters, we may extend this period, in which case we will inform you of the extension and the reasons.

Complaints to Supervisory Authorities

  • United Kingdom: You have the right to lodge a complaint with the UK Information Commissioner's Office ("ICO") if you are unhappy with our response or believe that your data protection rights have been infringed. Further information is available at https://ico.org.uk or by contacting the ICO directly.
  • European Union: Where EU data protection law applies to specific processing activities, you may also have the right to complain to the data protection authority in the EU Member State of your habitual residence, place of work or alleged infringement.
  • Mexico: Where Mexican data protection law applies to your situation, you may have the right to lodge a complaint with the competent Mexican data protection authority (for example, the National Institute for Transparency, Access to Information and Personal Data Protection, "INAI"), in accordance with Mexican law.

These rights exist in addition to, and do not replace, any gambling-related complaint or dispute resolution mechanisms that may apply to your use of our services (such as escalation of gambling disputes to IBAS).

Updates

We may update this Privacy Policy from time to time to reflect changes in law, regulatory guidance, our processing practices, or the features of our services. When we make material changes, we will take appropriate steps to inform you in advance.

  • Notification methods: For significant updates, we will notify you via one or more of the following:
    • email communication to the address registered on your account;
    • prominent notices or banners on botamania.com (for example, on login or in the account area);
    • updates or messages within your account dashboard.
  • Advance notice: Where feasible and where changes are material, we will provide notice at least 30 days before the updated Privacy Policy takes effect, so that you have time to review the changes.
  • Your options: If you do not agree with the updated Privacy Policy, you may choose to stop using our services and, where applicable, request account closure. Continued use of the services after the effective date of changes will be deemed acceptance of the updated Privacy Policy.
  • Version control and "Last updated" date: We include a "Last updated" date to indicate when this Privacy Policy was most recently revised.

Last updated: January 2026.