burger icon
Spinoli United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Spinoli B.V. processes and protects personal data when you access or use the Spinoli version of our online gambling and related services via the website spinoli.bet (including any replacement or mirror domains that point to the same service). It applies to all visitors to our websites, prospective and registered players, and any other individuals whose personal data we process in connection with these services.

The services offered through spinoli.bet to users in the United Kingdom are provided on an offshore basis and are not licensed by the UK Gambling Commission. Nevertheless, we process personal data in line with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and other applicable privacy rules, as well as aligning with relevant international frameworks where they apply to our activities.

This Privacy Policy is effective from 6 November 2025 and was last updated on 6 November 2025. We may update it from time to time as described in the "Updates" section below.

Who We Are

Data controller. For the purposes of the UK GDPR and other applicable data protection laws, the primary controller of your personal data is:

Spinoli B.V.
Scharlooweg 39
Willemstad, Curaçao
(operating the online casino services available via spinoli.bet for the Spinoli market)

Spinoli B.V. operates under a Curaçao eGaming sublicense issued by Antillephone N.V., license number 8048/JAZ, including reference 8048/JAZ2020-013. Public licence validation has been made available via an Antillephone validator link (e.g. validator.antillephone.com for the domain spinoli.com), although the availability of such tools may vary over time.

According to the information available to us as of 2025, the specific corporate registration and tax identification numbers of Spinoli B.V. are not publicly detailed in our source documentation. These may be obtained on request via our contact channels if required for your records.

Payment and processing partners. Certain payment-related processing is carried out on our behalf by partners, including, in particular:

  • Tilaros Limited, based in Cyprus, which is described as assisting with payment processing for the services provided via spinoli.bet.
  • Other payment institutions, card schemes, banks, and financial intermediaries that may participate in your deposits or withdrawals.

Contact for privacy matters (Data Protection Officer / data protection team). For any questions about this Privacy Policy or how we process your personal data, you can contact our data protection team (and, where appointed, our Data Protection Officer) using the following channels:

  • Email: [email protected] (please include "Data Protection" or "Privacy" in the subject line for faster routing to the appropriate team).
  • Online chat: on-site live chat at spinoli.bet (typically available 24/7, with an initial automated bot and subsequent escalation to a human agent).
  • Postal address (for written privacy inquiries and complaints): Data Protection Officer, Spinoli B.V., Scharlooweg 39, Willemstad, Curaçao.

We may also operate related domains such as spinoli.com and regional mirrors (for example, domains similar to spinoli-1.com) to maintain availability of the same underlying service. Unless stated otherwise, this Privacy Policy applies to personal data processed in connection with the Spinoli facing services of spinoli.bet.

What Personal Data We Collect

We collect and process different categories of personal data depending on how you interact with spinoli.bet and whether you register and use the Spinoli services. The main categories are:

  • Identification and contact data: such as full name, date of birth, nationality, residential address, email address, telephone number (if provided), username, and account identifiers.
  • Verification and KYC data: copies or details of identity documents (passport, ID card, driving licence), proof of address (utility bill, bank statement), payment account ownership evidence, and information obtained from sanctions, politically exposed persons (PEP), and other due diligence databases.
  • Account and transactional data: account registration details, login history, deposits, wagers, win/loss records, withdrawals, bonuses claimed, loyalty program usage, chargeback history, and related financial records.
  • Behavioral and gameplay data: betting history, game sessions, game preferences, device and interface interactions, clickstream data, time spent on the website, self-exclusion or cooling-off choices, and responsible gambling limits you set.
  • Technical and device data: IP address, approximate location inferred from IP, browser type and settings, device type and operating system, language preferences, referral URLs, log files, and performance diagnostics.
  • Payment and financial data: payment method type (e.g. card, e-wallet, bank transfer, voucher, or other supported methods), masked card details, payment identifiers, transaction references, and details of payment service providers involved. We do not store full card PAN/CVV where prohibited; such data is typically handled by certified payment processors.
  • Communications data: records of your interactions with us, including emails, live chat transcripts, internal notes on your requests, complaint files, and any feedback you provide through forms or surveys.
  • Cookies and similar technologies: identifiers placed on your device (cookies, web beacons, pixels, SDKs, and similar tools) to remember your preferences, keep you logged in, perform analytics, and support marketing and affiliate tracking. More detail is provided in the "Cookies & Tracking Technologies" section.
  • Inferred and risk-scoring data: profiles and scores that we generate for fraud prevention, anti-money laundering (AML) monitoring, credit or affordability assessments (where applicable), and responsible gambling risk assessment, using the data listed above and internal rules.

We do not deliberately collect special categories of personal data (such as health data or information on political opinions) unless you voluntarily provide such information, for example when sharing reasons for self-exclusion or submitting documents that incidentally contain sensitive details. Where that occurs, we process such information only as strictly necessary and in line with applicable law.

Legal Basis for Processing

Under the UK GDPR and, where relevant, other data protection laws, we must have a valid legal basis for processing your personal data. Depending on the specific processing activity, we rely on one or more of the following legal grounds:

  • Contractual necessity: We process your data where it is necessary to enter into and perform the contract for providing you with the online gambling services available via spinoli.bet for the Spinoli market. This includes creating and managing your account, processing deposits and withdrawals, settling bets, providing customer support, and operating the games and features you use.
  • Compliance with legal obligations: We process certain data to comply with laws and regulatory standards applicable to us, including AML and counter-terrorist financing rules, fraud and crime prevention obligations, record-keeping requirements under Curaçao licensing conditions, tax and accounting obligations, and-where applicable-data protection laws such as the UK GDPR, the Data Protection Act 2018, and analogous regulations in other jurisdictions. This may include identity verification, transaction monitoring, and retention of records for specified periods.
  • Legitimate interests: We process data where it is necessary for our legitimate interests or those of third parties, provided such interests are not overridden by your rights and freedoms. These interests include maintaining network and information security, preventing abuse of our services, managing business operations, performing analytics to improve our product and user experience, enforcing our terms and conditions, and defending legal claims. When relying on legitimate interests, we carry out a balancing test and implement safeguards to protect your privacy.
  • Consent: We rely on your consent where required by law, for example:
    • sending certain forms of direct electronic marketing (such as email promotions) where consent is required, or where we do not rely on a "soft opt-in" under applicable rules;
    • using non-essential cookies and similar technologies for advertising and advanced analytics, in accordance with UK privacy and electronic communications rules; and
    • in limited cases, processing any special category data you voluntarily provide, where explicit consent is required.

For users located in jurisdictions aligned with EU GDPR or Mexican privacy law, we apply equivalent legal grounds (such as consent and contractual necessity, or the ARCO framework under Mexican law) to the extent those laws apply. You can withdraw your consent at any time, as set out in the "Your Rights" section, but this will not affect the lawfulness of processing carried out before withdrawal.

Purpose of Processing

We process personal data for clearly defined and legitimate purposes. The main purposes for which we use your data in connection with the Spinoli services on spinoli.bet are:

  • Providing and operating our services: to create and manage your account, verify your age and eligibility, process deposits and withdrawals, operate games, settle bets, credit winnings, manage bonuses and promotions, and provide customer support via email and live chat.
  • Compliance, risk management, and fraud prevention: to carry out identity checks and KYC/AML verification, detect and prevent fraud or abuse (including bonus abuse, collusion, and payment fraud), enforce self-exclusion settings, manage chargebacks and disputes, and comply with record-keeping obligations under licensing and anti-money laundering frameworks.
  • Improving and personalising the service: to analyse performance and usage of our websites and games, troubleshoot technical issues, test new features, tailor content and game recommendations to your preferences, and maintain the stability and security of our infrastructure.
  • Marketing and promotions: to provide you with information about offers, bonuses, and services that may be of interest to you, in accordance with your marketing preferences and applicable laws. This includes using data to segment audiences, measure campaign effectiveness, and limit the frequency of communications.
  • Analytics and statistics: to compile aggregated statistics on player activity, website performance, and market segments, which help us improve our products and business strategy. Where feasible, we use anonymised or pseudonymised data for these purposes.
  • Legal and business purposes: to handle complaints and disputes, respond to lawful requests from authorities, maintain business and tax records, protect our legal rights, and support corporate transactions such as restructuring or potential transfer of business units.

We do not use your personal data for purposes that are incompatible with the ones described above. If we intend to use your data for a new purpose not covered in this Privacy Policy, we will inform you and, where required, obtain your consent before doing so.

Disclosure & Sharing

We share personal data only with parties that need to receive it for lawful, specified purposes and subject to appropriate safeguards. Depending on your activities on spinoli.bet and the Spinoli services, we may disclose your data to the following categories of recipients:

  • Group companies and affiliated entities: other entities that are involved in providing the services or related back-office functions, including current or future affiliates, subsidiaries, or entities engaged in white-label or platform arrangements.
  • Payment service providers and financial institutions: card schemes, banks, e-wallet providers, payment processors (such as Tilaros Limited in Cyprus), and similar institutions that process your deposits and withdrawals, conduct fraud screening, or handle chargebacks.
  • Technology and infrastructure providers: hosting providers, content delivery networks, IT and security service providers, CRM systems, email delivery and SMS providers, customer support platforms (including live chat), and tools used to prevent abuse, attacks, or unauthorised access.
  • Verification, risk, and compliance partners: identity verification providers, KYC/AML screening services, sanctions and PEP database providers, fraud detection services, responsible gambling tools, and analytical services used to assess risk and compliance.
  • Analytics and advertising partners: subject to your consent and preferences, we may share certain device and usage data with analytics providers and advertising networks to measure performance and deliver or limit personalised marketing. This may involve the use of cookies and similar technologies described in the "Cookies & Tracking Technologies" section.
  • Regulators, authorities, and dispute resolution bodies: law enforcement, courts, regulators (including Curaçao eGaming and its delegates), tax authorities, gambling or financial regulators in other jurisdictions, and alternative dispute resolution providers, where disclosure is required by law or reasonably necessary to protect our rights or the rights of others.
  • Professional advisors and business transferees: lawyers, auditors, consultants, and potential or actual purchasers (and their advisors) in connection with a corporate transaction such as a merger, asset sale, or restructuring. In such cases, we will share only what is reasonably necessary and ensure appropriate confidentiality obligations.

When sharing data with service providers that act as our processors, we enter into contracts requiring them to process personal data only on our documented instructions, to apply appropriate security measures, and to ensure confidentiality. Some recipients may act as independent or joint controllers; in those cases, they are responsible for their own compliance with data protection laws.

We do not sell your personal data in the traditional sense. Where data is shared for advertising or affiliate tracking, this is done in accordance with applicable legal bases, your preferences, and the safeguards described in this Privacy Policy.

International Transfers

Because Spinoli B.V. is established in Curaçao and uses infrastructure and partners located in multiple countries, your personal data may be transferred to, and processed in, jurisdictions outside the United Kingdom and the European Economic Area (EEA). This includes, in particular:

  • Curaçao: where Spinoli B.V. is based and where core operational, compliance, and support functions may be located.
  • Cyprus and other EEA states: where certain payment processors (such as Tilaros Limited) or technical service providers may be located.
  • Other countries (including, potentially, the United States and other non-EEA jurisdictions): where cloud hosting, analytics, or specialised service providers are established.

These countries may have data protection laws that are different from those in the UK and may not be subject to an adequacy regulation issued by the UK government. Where we transfer personal data outside the UK, we take steps to ensure that appropriate safeguards are in place, including:

  • using destinations covered by an adequacy decision, where applicable;
  • concluding standard contractual clauses or UK-specific international data transfer agreements or addenda with recipients, as approved by relevant authorities;
  • implementing additional technical and organisational measures, such as strong encryption, strict access controls, and data minimisation, to reduce transfer-related risks; and
  • conducting transfer impact assessments where required by law.

You may contact us using the details in the "Who We Are" or "Complaints & Contacts" section if you would like more information about the safeguards we use for international transfers, or to request a copy of the relevant contractual protections, subject to applicable confidentiality restrictions.

Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal and regulatory obligations, and to protect our legitimate interests (for example, in connection with legal claims). Retention periods vary depending on the category of data and the context of processing, but we generally apply the following principles:

  • Player account and identification data: We typically retain core account records (such as name, contact details, KYC documents, and account identifiers) for the duration of your relationship with us and for up to five (5) years after account closure, unless a longer period is required or permitted by law (for example, for AML record-keeping or to defend legal claims).
  • Transactional and AML data: Records of deposits, withdrawals, bets, winnings, bonuses, and AML-related information are usually retained for at least five (5) years from the date of the relevant transaction or the termination of the relationship, whichever is later, in line with common AML and accounting requirements. In some cases, we may extend this period if required by law or ongoing investigations.
  • Gameplay and behavioural data: Detailed game logs and behavioural data are generally kept for the life of the account and for a limited period (for example, up to 5 years) after account closure to support complaint handling, responsible gambling assessments, and fraud prevention, after which they may be archived or anonymised.
  • Marketing data: Information about your marketing preferences and interactions with marketing communications is retained for as long as you remain subscribed and for a limited period (for example, up to 2 years) after you opt out, to document your preferences and ensure we do not send unwanted communications.
  • Cookies and tracking data: Cookie lifetimes vary depending on type and purpose, and are detailed in our cookie interfaces. Session cookies generally expire when you close your browser; persistent cookies may remain on your device for a period ranging from a few days up to around two years, unless you delete them earlier via your browser or device settings.
  • Complaint and support records: Communications and complaint files are normally retained for the duration of the issue and for a period (often up to 5 years) after resolution, to comply with legal obligations and to improve our services.

When personal data is no longer needed for the purposes for which it was collected and we are not legally required to keep it, we will take steps to delete, anonymise, or otherwise render it unusable for identification. In some cases, data may remain in system backups for a limited period before being overwritten in the ordinary course of business. If you exercise certain rights (such as erasure), we will also consider whether and how our retention obligations permit us to act on your request, as explained below.

Your Rights

Subject to applicable law and certain limitations, you have a number of rights in relation to the personal data we hold about you when using the Spinoli services on spinoli.bet. These rights arise primarily under the UK GDPR and, where relevant for users in other jurisdictions, under the EU GDPR and the Mexican Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP). They include:

  • Right of access: to request confirmation as to whether we process your personal data and, if so, to receive a copy along with information about how we use it.
  • Right to rectification: to request correction of inaccurate personal data and completion of incomplete data.
  • Right to erasure ("right to be forgotten" / cancellation): to request deletion of your personal data in certain circumstances, for example where it is no longer necessary for the purposes for which it was collected, you withdraw consent and there is no other legal basis, or data has been processed unlawfully. This right is subject to important exceptions, particularly where we must retain data for legal or regulatory reasons (e.g. AML or record-keeping).
  • Right to restriction of processing: to ask us to limit processing of your data in specific situations, such as where you contest the accuracy of the data or object to our processing and we are verifying the request.
  • Right to object: to object to processing based on our legitimate interests, including profiling carried out on that basis. You also have an absolute right to object at any time to processing of your personal data for direct marketing, including profiling related to such marketing.
  • Right to data portability: to receive certain personal data in a structured, commonly used, and machine-readable format and to ask us to transmit that data to another controller, where technically feasible and legally required.
  • Rights in relation to automated decision-making: where we use automated systems (including profiling) that produce legal effects or significantly affect you (for example in fraud, AML, or responsible gambling assessments), you may have the right to obtain human intervention, express your point of view, and contest the decision.
  • Right to withdraw consent: where processing is based on your consent (for example, some marketing activities or certain optional cookies), you may withdraw your consent at any time. Withdrawal will not affect processing that has already taken place but may affect the services we can provide.

For users located in Mexico, these rights are often referred to as ARCO rights (Access, Rectification, Cancellation, and Opposition), along with the right to revoke consent and to limit the use or disclosure of personal data. We aim to respect these rights to the extent that the Mexican LFPDPPP applies to our processing.

How to exercise your rights. You can exercise your rights by contacting us via email at [email protected] (with "Privacy Request" in the subject line), via live chat on the website, or by written request to our postal address. To protect your data, we may need to verify your identity before responding, which may involve asking for additional information or documentation.

Response times and charges. We aim to respond to your request within one (1) month from receipt. For complex or multiple requests, this period may be extended by up to two additional months, in which case we will inform you of the extension and reasons. We do not normally charge a fee; however, where a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request, as allowed by law.

Cookies & Tracking Technologies

Our websites and services relating to Spinoli on spinoli.bet use cookies and similar technologies to distinguish you from other users, enhance your experience, and support security and analytics. These technologies may be set by us or by third parties acting on our behalf. The main categories are:

  • Strictly necessary (functional) cookies: cookies that are essential for the site to function and for you to navigate and use core features, such as logging in, remembering your selections within a session, and processing payments. These are generally set in response to actions you take and do not usually require consent, but you can still block them via your browser settings (although this may affect site functionality).
  • Preference cookies: cookies that store your choices, such as language, region, or display settings, so that we can provide a more personalised experience when you return.
  • Analytics and performance cookies: cookies that help us understand how visitors use the site (for example, which pages are visited most, whether error messages occur, and how long sessions last). We use this information to improve our websites and services. These may be set by internal tools or by third-party analytics providers, subject to appropriate safeguards.
  • Advertising and affiliate cookies: cookies and pixels used to deliver, measure, and control marketing and affiliate campaigns, including tracking which advertising or affiliate link led you to spinoli.bet, limiting the number of times you see a specific advertisement, and measuring campaign performance. These are generally used only with your consent, where required by applicable law.
  • Similar technologies: in addition to cookies, we may use technologies such as web beacons, SDKs, and server-side tracking to collect or associate device and usage information in a way that helps us understand and improve our services.

Managing your cookie preferences. When you first visit our site (and periodically thereafter), you may be presented with a cookie banner or interface allowing you to accept, reject, or configure non-essential cookies. You can adjust your preferences at any time through the cookie management tool on the site, where available.

You can also manage cookies via your browser settings by blocking or deleting them. How you do this depends on your browser or device; please refer to the help section of your browser for more details. Note that disabling certain cookies may affect the functionality and performance of the website and may prevent you from using some features. For more information about cookies and how to manage them, you may consult independent online resources such as browser vendor guides.

Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. While no system can be guaranteed to be completely secure, our measures include, among others:

  • Encryption in transit and at rest: we use strong encryption technologies (such as TLS 1.2 or higher) to secure data transmitted between your device and our servers, and we apply encryption or equivalent protections to sensitive data stored in our systems or by trusted service providers, where appropriate.
  • Access controls and authentication: access to personal data is restricted to authorised staff and service providers who need it to perform their duties and who are bound by confidentiality obligations. We use role-based access controls, strong authentication mechanisms, and logging of access activities.
  • Network and infrastructure security: we employ firewalls, intrusion detection and prevention systems, anti-malware tools, segmentation, and regular patching to protect our infrastructure. We monitor systems for suspicious activities and take action to mitigate threats.
  • Organisational policies and training: we maintain internal policies and procedures covering data protection, information security, acceptable use, and incident response. Staff members who handle personal data receive training on security and privacy obligations and are expected to follow our policies at all times.
  • Vendor and third-party security: when engaging service providers that process personal data on our behalf, we assess their security measures and contractually require them to implement appropriate safeguards and comply with applicable data protection standards.
  • Testing and audits: we periodically review and test our security controls, including through internal audits and, where appropriate, external assessments. We aim to align our practices with recognised international security standards (such as ISO 27001 or SOC 2-style controls), even where formal certification may not yet be obtained.
  • Incident response: we maintain procedures for identifying, assessing, and responding to security incidents. In the event of a personal data breach that poses a risk to your rights and freedoms, we will take appropriate steps to mitigate the impact and, where required, notify you and relevant supervisory authorities in accordance with applicable law.

It is also your responsibility to keep your account credentials confidential, choose a strong password, and avoid sharing your account with others. You should immediately notify us via [email protected] or live chat if you suspect any unauthorised access to your account or personal data.

Complaints & Contacts

If you have any questions, concerns, or complaints about how we handle your personal data in connection with the Spinoli services on spinoli.bet, you are encouraged to contact us first so we can attempt to resolve the matter. You can reach us through:

  • Email: [email protected] (please mark the subject as "Privacy Complaint" or similar).
  • Live chat: via the on-site chat feature at spinoli.bet, available 24/7 (initial responses may be automated, with escalation to a human agent typically within a short period).
  • Postal mail: Data Protection Officer, Spinoli B.V., Scharlooweg 39, Willemstad, Curaçao.

Internal complaint procedure. When you submit a privacy-related complaint:

  1. We acknowledge receipt of your complaint as soon as reasonably possible and, where feasible, within seven (7) days.
  2. We review the complaint, which may involve contacting you for additional information or clarification and consulting relevant internal teams.
  3. We aim to provide a substantive response or resolution within one (1) month of receiving your complete complaint, in line with UK GDPR timeframes, and will inform you if more time is needed due to complexity (up to a reasonable extension where permitted by law).
  4. Where your complaint is upheld, we will take appropriate remedial measures, which may include correcting data, adjusting processing practices, or improving our internal procedures.

Escalation to supervisory authorities. You also have the right to lodge a complaint with a data protection authority, in particular in the country where you live, work, or where you believe a breach of data protection law has occurred. Depending on your location, this may include:

  • United Kingdom - Information Commissioner's Office (ICO)
    Website: https://ico.org.uk
    Telephone: +44 303 123 1113
    Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
  • European Union / EEA: if EU/EEA data protection law applies to you, you may contact your local data protection authority. Contact details for EU/EEA supervisory authorities are available via the European Data Protection Board's website.
  • Mexico - Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI)
    Website: https://www.inai.org.mx
    INAI provides guidance on how to exercise ARCO rights and file complaints regarding the protection of personal data under Mexican law.

We would appreciate the opportunity to address your concerns before you approach a supervisory authority, but you are not obliged to contact us first to exercise this right.

Updates

We may revise this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data protection practices relevant to the Spinoli services on spinoli.bet. When we make changes, we will update the "Last updated" date at the beginning of this document and, where appropriate, provide additional notice.

Notification of changes. Depending on the nature and impact of the changes, we may notify you by one or more of the following methods:

  • displaying a prominent notice on our website (e.g. banner or pop-up);
  • sending an email or in-account message to the address associated with your account; and/or
  • providing alerts or notifications within your account dashboard.

For material changes that significantly affect how we process your personal data or your rights (for example, changes to our lawful bases, new categories of data, or substantial amendments to international transfer practices), we will endeavour to provide notice at least thirty (30) days before the changes become effective, where reasonably practicable. This will give you an opportunity to review the updated terms and, if you do not agree, to adjust your privacy settings, exercise your rights, or close your account.

Versioning and historical record. For transparency, we keep an internal record of Privacy Policy versions applicable to spinoli.bet, including the Spinoli services. On request, we may provide you with information about prior versions that were in force at a given point in time.

Your continued use of the services after the effective date of an updated Privacy Policy will constitute your acknowledgement of the changes. If you do not agree with an update, you should discontinue using the services and may request account closure and, where applicable, exercise your rights (such as withdrawal of consent or objection to certain processing) as described in this document.