burger icon
Stay Bet United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Stay Bet (online casino profile: Stay Bet) collects, uses, stores, and protects personal data when you visit or use the website steybet.com (the "Website") and related services. It applies to players, prospective players, and other visitors from the United Kingdom and other countries where our services are lawfully available. By using steybet.com, you acknowledge that you have read this Privacy Policy. This Privacy Policy is effective from 6 November 2025 and was last updated on 6 November 2025.

Who We Are

The Website steybet.com is owned and operated for the Stay Bet brand by the following entities (together, "we", "us", "our"):

  • Operating company (casino operator): Stay Gaming Group N.V., a company incorporated under the laws of Curaçao, which owns and operates the Stay Bet online casino brand associated with steybet.com.
  • Registered jurisdiction: Curaçao. Stay Gaming Group N.V. is authorized to operate online gaming under a sub-licence of Master Licence 8048/JAZ issued to Antillephone N.V., under the authority of the Government of Curaçao.
  • Payment processing entity (EU/UK payments): Stay Gaming Ltd, located in Cyprus, which typically acts as our payment and billing processor for certain card and alternative payment methods for players in the European Union and the United Kingdom.
  • Registered address details: Our full registered office details in Curaçao and the corporate particulars of Stay Gaming Ltd in Cyprus are provided in our Terms & Conditions at https://staybet.com/terms-and-conditions and can be supplied on request.

For the purposes of UK and EU data protection laws (including the UK General Data Protection Regulation and the Data Protection Act 2018), Stay Gaming Group N.V. is the main "data controller" for personal data processed in connection with steybet.com and the Stay Bet casino profile. Stay Gaming Ltd may act as a separate controller or as our data "processor" for payment-related data, depending on the transaction.

You can contact our Data Protection Officer ("DPO") or privacy team using the details below:

  • Email: [email protected]
  • Postal contact: "Data Protection Officer, Stay Gaming Group N.V." (full postal address as indicated in our Terms & Conditions and available on request via email).

What Personal Data We Collect

When you visit or use steybet.com and the Stay Bet casino services, we collect and process different categories of personal data. The exact data collected will depend on your interactions with us, your account settings, and applicable legal requirements (including KYC/AML obligations).

Identification and contact data

  • Account information: full name, username, password or other authentication credentials, date of birth (to verify you are 18+), nationality, and in some cases national identification numbers where required by law.
  • Contact details: email address, telephone number, country of residence, preferred language, and communication preferences (e.g. marketing consent settings).
  • KYC/verification data: copies or details of identity documents (passport, national identity card, driving licence), proof of address (e.g. utility bill issued within the last 3 months, bank statements), and documents or information required under our KYC/AML policy (see https://staybet.com/kyc-policy).

Technical and usage data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, language settings, time zone, and approximate location derived from your IP address.
  • Log and activity data: login and logout timestamps, session duration, page views, clicks and navigation paths, error logs, referral URLs, and similar diagnostic data.
  • Cookies and tracking technologies: identifiers stored via cookies, pixels, tags, local storage, SDKs and similar technologies (see "Cookies & Tracking Technologies" section below).

Financial and transactional data

  • Payment data: partial card details (such as card type, masked card number, expiry date), payment instrument identifiers, wallet identifiers, bank account details (where applicable), and payment transaction IDs.
  • Transaction history: deposits, withdrawals, chargebacks, payment method used, amounts, currencies, timestamps, and related accounting information.
  • Payment risk data: data relating to fraud checks, chargeback history, and risk scores provided by payment processors or anti-fraud providers.

Gaming and behavioural data

  • Gameplay data: game sessions, stakes, wins and losses, bonuses used, wagering progress, bet history, game preferences, and time spent playing.
  • Behavioural analytics: clickstream analysis, device usage patterns, promotional responsiveness, and results of internal risk and responsible-gaming profiling.
  • Communication data: records of interactions with customer support (emails, tickets, live chat logs), marketing communications (opens, clicks, unsubscribes), and feedback or complaints.

Special categories and sensitive data

  • Responsible gambling data: self-exclusion status, deposit/loss/time limits, reality checks, internal notes related to problem-gambling risk, and interactions regarding responsible gaming tools (see https://staybet.com/responsible-gaming).
  • Financial source-of-funds information: where legally required, we may request documents evidencing source of funds or source of wealth (such as payslips, tax returns, or business documents). We only collect such data when necessary for compliance with KYC/AML regulations.

Legal Basis for Processing

We process personal data only where we have a lawful basis under applicable data protection laws, including the UK GDPR, EU GDPR where applicable, and, for Mexican users, the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP). Our main legal bases are:

  • Performance of a contract: We need to process certain data to create and manage your account, verify your age and identity, process deposits and withdrawals, provide casino games, manage bonuses and promotions, verify game results, and provide customer support. Without this data, we cannot provide you with the steybet.com services associated with the Stay Bet casino profile.
  • Compliance with legal obligations: We are subject to KYC (Know Your Customer), AML (Anti-Money Laundering), counter-terrorist financing, fraud prevention, and responsible gambling obligations. We process identification documents, transactional data, and behavioural data to comply with applicable regulations in Curaçao and in other jurisdictions, including UK AML regulations and record-keeping laws applicable to our payment processing structure.
  • Legitimate interests: We process data for purposes such as:
    • maintaining the security and integrity of our platform;
    • detecting, investigating, and preventing fraud, bonus abuse, chargebacks, and other unlawful or improper conduct;
    • improving our services, games, and user experience through analytics and statistical analysis;
    • enforcing our Terms & Conditions and protecting our rights, our players, and third parties.
    When relying on legitimate interests, we balance our interests against your rights and freedoms.
  • Consent: Where required, we rely on your consent to send marketing communications by email, SMS, push notifications, or similar channels; to use non-essential cookies and other tracking technologies for analytics and advertising; and to share data with certain third-party advertising partners or affiliates. You may withdraw your consent at any time (see "Your Rights" section).
  • Legal bases under Mexican law: For users located in Mexico, we rely on consent and necessity for the relationship under the LFPDPPP and its Regulations, combined with applicable contractual and legal obligations. We will obtain your consent in accordance with Mexican law for any processing beyond what is strictly necessary to provide requested services.

Purpose of Processing

We use personal data for clearly defined and legitimate purposes. Depending on how you interact with steybet.com, your data may be used for one or more of the following purposes:

  • Providing and operating our services: To register and administer your player account; provide access to casino and related games; support gameplay and account functionalities; manage payments, deposits, withdrawals, and currency conversions; track your balance and transaction history; and provide customer support.
  • Compliance, KYC, and AML: To verify your age, identity, address, and eligibility to play; meet regulatory requirements in Curaçao and in other applicable jurisdictions such as the UK; run checks to detect money laundering, terrorist financing, fraud, and other abuses; monitor for suspicious transactions; and comply with reporting and retention obligations.
  • Responsible gambling: To enforce self-exclusion, cooling-off periods, and other responsible gambling tools; monitor gameplay patterns for indicators of problematic gambling; contact you where we identify potential risks; and keep records required by responsible gaming standards.
  • Service improvement and analytics: To analyse how users interact with steybet.com, understand game popularity, improve user experience and site performance, test new features, and perform statistical reporting and business intelligence. Where possible, we use aggregated or pseudonymised data for these purposes.
  • Marketing and promotions: With your consent where required, to send promotional offers, newsletters, bonus notifications, and personalised recommendations; to run loyalty programmes and tournaments; and to track the effectiveness of campaigns. You can opt out of marketing at any time using the unsubscribe links or account settings.
  • Security and fraud prevention: To protect accounts, prevent unauthorised access, detect bots and automated abuse, maintain system integrity, and perform risk scoring and device fingerprinting (where legally permitted). This may include automated decision-making to block or flag transactions or accounts where high fraud risk is detected.
  • Legal claims and enforcement: To investigate and resolve disputes, respond to regulators or law enforcement, enforce our Terms & Conditions, and manage or defend legal claims.

Disclosure & Sharing

We do not sell your personal data. We only share personal data with third parties where necessary for the purposes described in this Privacy Policy, where you have given consent, or where we are legally required to do so. Categories of recipients include:

  • Payment service providers and banks: We share necessary payment and KYC data with payment gateways, card schemes, banks, and other financial institutions (including entities in Cyprus) to process deposits, withdrawals, refunds, and chargebacks, and to perform fraud and AML checks.
  • Technical and infrastructure providers: Hosting providers, cloud services, IT security vendors, game platform providers, and other technical partners who support the operation, security, and performance of steybet.com. These parties may have controlled or processor access to personal data strictly as needed to provide their services.
  • Game providers and platform partners: In some cases, your gameplay data, username or user ID, IP address, and approximate location may be shared with game studios and platform integrators to deliver games, manage jackpots, and monitor fairness and security.
  • Verification, KYC, and AML partners: Identity verification services, credit reference agencies, and risk and fraud-prevention providers, who help us verify identities, assess risk, and comply with KYC/AML obligations.
  • Marketing, analytics, and affiliates: With your consent where required, we may share identifiers and usage data with marketing agencies, analytics providers, and affiliate partners to run campaigns, measure performance, and attribute traffic to affiliate websites. Any sharing with third-party advertising networks is limited and subject to your cookie and marketing preferences.
  • Group and corporate entities: Within Stay Gaming Group N.V. and its subsidiaries (including Stay Gaming Ltd in Cyprus) for internal administrative purposes, consolidated reporting, risk management, compliance, and customer support.
  • Regulators and public authorities: We may disclose personal data to regulators, supervisory authorities, tax authorities, courts, law-enforcement bodies, and other public authorities where required by law or regulation. This includes, for example, the Curaçao licensing authorities, the Information Commissioner's Office (ICO) in the UK, and, for Mexican users, the National Institute for Transparency, Access to Information and Personal Data Protection (INAI) where legally relevant.
  • Dispute and complaint bodies: Where you lodge a complaint with a regulatory body or dispute resolution service, we may share relevant account, transaction, and communication data with that body. For example, information may be provided to Curaçao eGaming or Antillephone in relation to complaints submitted through https://curacao-egaming.com/public-and-players/complaints or via the Antillephone validator at https://validator.antillephone.com/validate?domain=staybet.com.
  • Business transfers: In the event of a merger, acquisition, reorganisation, or sale of assets, your data may be transferred to the acquiring or successor entity, subject to appropriate safeguards and continued protection in accordance with this Privacy Policy.

International Transfers

Because Stay Gaming Group N.V. is established in Curaçao and uses service providers and partners located in various countries, your personal data may be transferred and processed outside the United Kingdom, the European Economic Area (EEA), and your home country.

  • Transfers to Curaçao: Your data may be processed and stored in Curaçao where our core operational and compliance functions are located and where our gaming licence No. 8048/JAZ (Antillephone N.V.) is held.
  • Transfers to Cyprus: Payment and billing data may be processed in Cyprus by Stay Gaming Ltd and by financial institutions or payment processors located there, particularly for EU and UK transactions.
  • Other locations: Some of our third-party service providers (e.g. cloud hosting, analytics, fraud prevention) may be located or may store data in other countries, including within the EEA, the United States, and other jurisdictions.

Where data is transferred from the UK or EEA to countries that are not recognised as providing an adequate level of data protection, we implement appropriate safeguards, which may include:

  • entering into standard contractual clauses (SCCs) approved under UK and/or EU law, including the UK International Data Transfer Addendum where applicable;
  • ensuring that the recipient implements robust technical and organisational security measures (such as encryption, access controls, and audit logs);
  • in the case of certain US providers, relying on the EU - US Data Privacy Framework and the UK extension (where the provider is certified);
  • conducting transfer impact assessments and adjusting safeguards where necessary.

You may contact us at [email protected] for more information about international transfers and the safeguards in place, including a copy of the relevant standard contractual clauses, subject to redactions for confidentiality.

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, to comply with legal obligations, to resolve disputes, and to enforce our agreements. Retention periods may vary depending on the type of data and legal requirements in Curaçao, the UK, the EU, and other applicable jurisdictions.

  • Player account and identification data: As a general rule, we retain your core account data and key KYC records for no longer than 5 years after the closure of your account or the date of your last transaction, whichever is later, unless we are legally required to keep it longer (for example, up to 10 years for certain AML-related records).
  • Transactional and financial data: Payment records, transaction histories, and accounting records are typically kept for at least 5 to 10 years, depending on applicable statutory limitation periods, tax, and AML regulations.
  • Gameplay and behavioural data: Detailed gameplay logs and behavioural analytics are generally retained for the lifespan of your account and for a reasonable period after closure (normally up to 5 years) for compliance, dispute resolution, and responsible gambling purposes. Aggregated or anonymised data may be retained for longer.
  • Marketing data: We keep marketing preferences and records of consent or withdrawal of consent for as long as we need to demonstrate compliance, normally for up to 5 years after your last marketing interaction. If you unsubscribe, we retain a minimal record to ensure we respect your preference.
  • Cookies and technical logs: Cookie durations vary (see "Cookies & Tracking Technologies" section). Server logs and security logs are typically retained for a period of 6 to 24 months, unless we need them longer for security investigations or legal claims.
  • Complaints and disputes: Correspondence and documentation relating to complaints, including those involving regulators or dispute bodies, are usually kept for at least 5 years after the matter is closed.

When personal data is no longer required, we will securely delete, anonymise, or irreversibly de-identify it, unless retention is mandated by law or necessary for the establishment, exercise, or defence of legal claims. If you request deletion of your data, we will comply to the extent permitted by law, while retaining data we must keep under KYC/AML or other regulatory obligations.

Your Rights

Under the UK GDPR, the Data Protection Act 2018, EU data protection law (where applicable), and, for Mexican users, the LFPDPPP and its Regulations, you have a number of rights in relation to your personal data. These rights are subject to certain exceptions and limitations (for example, where we must retain data for AML/KYC obligations).

  • Right of access: You may request confirmation as to whether we process your personal data and, if so, obtain a copy of the data and certain information about how we use it.
  • Right to rectification: You may request correction of inaccurate or incomplete data. In many cases, you can update basic details directly via your account settings on steybet.com.
  • Right to erasure ("right to be forgotten" / cancellation): You may request deletion of your personal data in certain circumstances, for example where the data is no longer needed for its original purpose, where you withdraw consent (and no other legal basis applies), or where the processing is unlawful. Under Mexican law, this corresponds to the right of "cancellation" in the ARCO framework. We may retain data that we are legally required to keep (e.g. AML/KYC records).
  • Right to restriction of processing: You may ask us to restrict processing of your data in certain cases, such as where you contest the accuracy of the data or where you object to processing and we are verifying that objection.
  • Right to object: You may object to processing based on our legitimate interests, including profiling related to such interests. You always have the right to object at any time to processing of your data for direct marketing, in which case we will stop using your data for marketing.
  • Right to data portability: Where processing is based on consent or on a contract and is carried out by automated means, you may request that we provide your data in a structured, commonly used, machine-readable format or transmit it to another controller where technically feasible.
  • Rights relating to automated decision-making and profiling: You may have the right to request human intervention, express your point of view, and contest decisions that are based solely on automated processing and that produce legal or similarly significant effects (for example, automated decisions to restrict an account based on risk scoring).
  • Withdrawal of consent: Where processing is based on your consent (for example, email marketing or non-essential cookies), you may withdraw your consent at any time. This will not affect the lawfulness of processing carried out before withdrawal.
  • ARCO rights (Mexico): Users located in Mexico have rights of Access, Rectification, Cancellation, and Opposition (ARCO) under the LFPDPPP. We will handle such requests in line with Mexican legal requirements, in addition to any overlapping GDPR-style rights.

How to exercise your rights:

  1. Submit your request by emailing [email protected] from the email address associated with your account, or via any dedicated privacy request form made available on steybet.com.
  2. Provide sufficient information to allow us to verify your identity (for security, we may ask you to confirm certain account details or provide identification).
  3. Describe clearly which right you wish to exercise and, where relevant, specify the data or processing activities concerned.

We aim to respond to all valid requests within one month (30 days) of receipt. This period may be extended by up to a further two months for complex or multiple requests, in which case we will notify you of the extension and reasons. We do not charge a fee for handling your requests, unless they are manifestly unfounded or excessive, in which case we may either charge a reasonable fee or refuse to act, as permitted by law.

Cookies & Tracking Technologies

We use cookies and similar technologies on steybet.com to operate the site, improve performance, personalise content, and support marketing activities. Cookies are small text files stored on your device when you visit a website. We group them into the following categories:

  • Strictly necessary (functional) cookies: These cookies are essential for the operation of steybet.com and the Stay Bet casino services. They enable core features such as logging in, maintaining your session, keeping your selections in the bet slip or game lobby, and ensuring security. You cannot disable these cookies via our site, but you may block them in your browser (which may cause the site to malfunction).
  • Preference cookies: These remember your settings and choices (such as language, region, game view preferences) to provide a more personalised experience.
  • Analytics and performance cookies: These help us understand how visitors use steybet.com (which pages are visited, how long sessions last, error messages, etc.) so we can improve functionality and performance. We may use third-party analytics providers, who receive aggregated or pseudonymised data.
  • Advertising and marketing cookies: With your consent where required, we may use cookies, pixels, and tags set by us or by third parties (e.g. affiliates, advertising networks) to deliver personalised offers, measure campaign performance, and prevent bonus abuse or fraud.

Managing cookies:

  • You can control or delete cookies through your browser settings. Instructions are typically available in the "Help" section of your browser.
  • When you first visit steybet.com (and periodically thereafter), you may be presented with a cookie banner or preference panel allowing you to accept or reject non-essential cookies and manage categories.
  • If you disable some cookies, certain features of the Website may not function correctly, and your experience may be degraded.

Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

  • Encryption: Data transmitted between your browser and steybet.com is protected using Transport Layer Security (TLS 1.2+) or equivalent protocols. Where feasible, we also apply encryption or pseudonymisation to data at rest, particularly for sensitive data and backups.
  • Access controls: Access to personal data is restricted to authorised personnel and service providers who need it for their roles, based on the principle of least privilege. Access is controlled through authentication mechanisms, role-based permissions, and logging of access events.
  • Authentication and account security: We use security measures to protect accounts, such as secure password hashing, session management controls, and, where available, additional authentication mechanisms. You are responsible for keeping your login details confidential and using unique, strong passwords.
  • Network and infrastructure security: We employ firewalls, intrusion-detection and prevention systems, anti-malware tools, and other safeguards to protect our infrastructure. Systems are regularly patched and monitored.
  • Monitoring, audits, and testing: We perform regular security reviews and may engage independent experts to carry out security assessments or audits of critical systems. Where appropriate and feasible, we align our practices with recognised security frameworks (such as ISO 27001 or SOC 2-type controls), although we may not be formally certified.
  • Staff training and policies: Employees and contractors with access to personal data are bound by confidentiality obligations and receive training on data protection, information security, and responsible handling of player data.
  • Incident response: We maintain procedures to detect, respond to, and remediate personal data breaches or security incidents. Where required by law, we will notify relevant supervisory authorities and affected individuals without undue delay, taking into account the nature and impact of the breach.

Complaints & Contacts

If you have questions, concerns, or complaints about how we handle your personal data in connection with steybet.com and the Stay Bet casino profile, you can contact us using the channels below.

Contacting us

  • Data Protection Officer / Privacy team: [email protected]
  • Website contact / support: You may also use any contact or support forms provided on steybet.com or the links listed in our Terms & Conditions at https://staybet.com/terms-and-conditions.
  • Postal correspondence: Data Protection Officer, Stay Gaming Group N.V., Curaçao (full postal details as set out in our Terms & Conditions; please mark the envelope "Privacy - Confidential").

Complaint handling process:

  1. Submission: Send us your complaint, clearly describing your concerns and providing any relevant account details or supporting documents.
  2. Acknowledgement: We will acknowledge receipt of your complaint as soon as reasonably practicable, typically within 5 working days.
  3. Investigation: We will review your complaint, gather relevant information, and may contact you for clarification or additional details. For privacy-related complaints, our DPO or privacy team will oversee the investigation.
  4. Response timeframe: We aim to provide a substantive response to privacy complaints within 30 days of receipt. Where the matter is complex or involves multiple systems or third parties, we may require more time, in which case we will inform you of the extension and expected timeline.
  5. Outcome: We will explain the outcome of our investigation, any corrective measures taken, and options for further escalation if you remain dissatisfied.

Escalation to supervisory authorities and regulators

  • United Kingdom (UK GDPR / Data Protection Act 2018): If you are located in the UK and are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom; website: https://ico.org.uk.
  • European Union: If EU data protection law applies to you, you may lodge a complaint with your local data protection authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.
  • Mexico (LFPDPPP): Users in Mexico may submit complaints to the National Institute for Transparency, Access to Information and Personal Data Protection (INAI), in accordance with the LFPDPPP and its Regulations (see https://home.inai.org.mx or its current official website for contact details).
  • Curaçao gaming regulator / licence-related complaints: For disputes relating specifically to the operation of our gaming services under our Curaçao licence, you may, after contacting us, submit a complaint to the relevant Curaçao gaming authority or our licensor. For example, you may use the complaint facilities at https://curacao-egaming.com/public-and-players/complaints or consult the Antillephone N.V. validator at https://validator.antillephone.com/validate?domain=staybet.com for information related to Licence No. 8048/JAZ.

Updates

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, or for other operational reasons. When we make material changes, we will take appropriate steps to inform you in advance and give you an opportunity to review the updated terms.

  • Notification methods: We may notify you of updates by:
    • posting the revised Privacy Policy on steybet.com with a revised "Last updated" date;
    • displaying banners or pop-up notices on the Website;
    • sending email notifications to the address associated with your steybet.com account; and/or
    • posting alerts in your account dashboard.
  • Advance notice for significant changes: Where we make material changes that significantly affect how we process your data (for example, introducing new categories of data sharing or substantially changing our legal bases), we will, where practicable, provide at least 30 days' notice before the changes take effect.
  • Your choices: If you do not agree with the revised Privacy Policy, you may choose to stop using steybet.com and request closure of your account. Continued use of the services after the effective date of the updated policy will constitute your acceptance of those changes.

The current version of this Privacy Policy applies to all processing of personal data relating to steybet.com and the Stay Bet casino profile carried out from its effective date onwards, and it remains under regular review to ensure ongoing compliance with applicable data protection laws as of 2026 and beyond.