Scope and consent for personal information handling

• Categories of personal data we collect:
  • Identification and contact details: name, date of birth, ID number, address, email, phone.
  • Account and verification data: username, documents for KYC, age and identity checks, self-exclusion status.
  • Transaction and payment information: deposits, withdrawals, payment method details processed by providers.
  • Gameplay and betting activity: stakes, results, session time, responsible gambling interactions.
  • Technical and usage data: device details, IP address, log files, cookies, approximate location.
• Purposes for collection:
  • Provide and maintain services, verify age and identity, process payments, and offer support.
  • Meet legal duties under Kenya’s Betting, Lotteries and Gaming Act and anti-money laundering laws.
  • Promote safer play and responsible gambling measures, including monitoring and self-exclusion tools.
  • Improve online performance, security, and user experience through analytics.
• Technical and organisational safeguards:
  • Encryption in transit and at rest, strong access controls, multi-factor authentication for staff.
  • Role-based permissions, audit logging, network segmentation, and regular security testing.
  • Staff training on data protection and incident response procedures.
• User rights under the Kenya Data Protection Act, 2019 and related Regulations:
  • Access a copy of personal data, request correction, or request deletion where permitted.
  • Object to or restrict processing in certain cases and withdraw consent where processing is based on consent.
  • Lodge a complaint with the Office of the Data Protection Commissioner.
• Compliance statement:
  • The platform complies with the Kenya Data Protection Act, 2019, the General Regulations, and applicable standards inspired by international principles.

• Service delivery: create and manage accounts, authenticate users, run games and sportsbook, and handle customer support.
• Transactions: process deposits and withdrawals, detect payment issues, and manage disputes.
• Service improvement: analyse usage to enhance website reliability and performance.
• Responsible gambling: monitor patterns, apply limits, and manage self-exclusion where requested.
• Marketing and communications: send service notices and, where consent is given, relevant updates. Users may opt out at any time.
• Analytics and security: measure site performance, prevent fraud, and protect the platform.
• Compliance: meet legal, regulatory, and reporting obligations, including BCLB and AML/CFT requirements.

Processing is lawful, fair, and transparent, based on consent, contract performance, legal obligation, or legitimate interests.

• Access and updates:
  • Users can review and edit key account details in profile settings or contact the Data Protection Officer.
  • Identity verification may be required before fulfilling a request.
• Corrections and deletion:
  • Incorrect information can be corrected upon request.
  • Deletion requests are honoured where permitted, subject to legal retention for regulatory, tax, AML, or dispute purposes.
• How to submit requests:
  • Email: [email protected]
  • We respond within applicable legal timelines set by the Kenya Data Protection Act.
• Security checks and payments:
  • By using the services, users consent to security and identity checks and the processing of payment data by authorised providers for verification, fraud prevention, and compliance.

• Access to the online services is restricted to persons aged 18 years and above as required in Kenya.
• The operator cannot confirm age without identity documents and may request such documents to verify eligibility.
• If a parent or guardian believes a minor has provided personal data, they may contact the Data Protection Officer. Upon verification, the account will be closed and the data deleted, subject to legal retention requirements.

• Personal data may be stored or processed outside Kenya where service providers or partners operate.
• Use of the website and apps constitutes consent to international transfers permitted under Kenyan law.
• Transfers are subject to safeguards required by the Kenya Data Protection Act, including contractual protections, adequacy assessments, or approvals where necessary.
• All partners handling personal information are bound by confidentiality and data protection obligations.

• This policy may be supplemented by notices or terms that clarify or adjust how certain rules apply to specific services.
• Where law requires different handling, the legal requirement prevails over any conflicting part of this document.
• The disclaimer applies once the user accepts the policy by signature, click-acceptance, or accession through continued use of the online services.
• Updates may occur to reflect legal or operational changes. The most recent version governs from the date of publication.

• Definition: cookies are small text files stored on a device to remember a user and improve the online experience.
• Uses:
  • Statistics and analytics to understand site performance and usage.
  • Behaviour analysis to detect fraud and improve security.
  • Personalisation such as language or preference settings.
  • Site improvement through aggregated insights.
• Retention: cookie data is generally retained for up to 1 year, after which it is deleted or anonymised.
• Control: browser settings and the cookie banner allow users to manage non-essential cookies. Disabling some cookies may affect services.

• By accessing or using the services, users confirm full acceptance of this Privacy Policy.
• If any version differs from a prior version, the current version on the website prevails and applies to ongoing collection and processing.

• Personal data may be shared with third parties when required by law, to resolve disputes, to enforce agreements, or to deliver services such as payments, identity verification, fraud screening, analytics, messaging, and cloud hosting.
• A list or examples of key providers is maintained on the website. If a new category of recipient is introduced and not listed, users will be informed of the purpose and scope before or at the time of collection where feasible.
• Providing information for a specific service may serve as consent to share it for that purpose, in addition to other lawful bases.
• Third-party providers are required to protect personal data under contracts and applicable data protection laws.

• The website may include links to external websites that have their own privacy policies.
• The operator is not responsible for how those websites collect, use, or disclose personal information.
• Users should review the privacy policies of external sites before providing any data.