burger icon
Betfair United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how the Betfair experience on betfairj.com ("we", "us", "our") collects, uses, discloses and protects personal data of players and website visitors in the United Kingdom. It applies to registered customers, prospective customers, visitors to betfairj.com and users of our mobile or web applications linked to this policy. By using betfairj.com you acknowledge that your personal data will be processed in accordance with this Privacy Policy and applicable law. The policy is effective from 1 January 2026 and reflects regulatory requirements and industry practice as at January 2026.

If you do not agree with this Privacy Policy, you should not create an account or should stop using betfairj.com and request closure of your account. This Privacy Policy should be read together with our Terms & Conditions, responsible gambling information and any product-specific notices shown on betfairj.com.

Who We Are

The Betfair experience on betfairj.com is operated within the Flutter Entertainment group (the "Betfair group"). For players in Great Britain and Northern Ireland, the relevant licensed operators are:

  • PPB Counterparty Services Limited, and
  • PPB Entertainment Limited,

each authorised and regulated by the UK Gambling Commission ("UKGC") under licence numbers 39426 and 39439 for online gambling activities in Great Britain.

The Betfair group is ultimately owned by Flutter Entertainment plc, a public limited company listed on the FTSE 100, which provides group-level governance and financial stability. Player funds for UK customers are held in segregated accounts and are classified by the UKGC as having a "Medium" protection level, meaning funds are kept separate from operating funds but are not absolutely guaranteed in all insolvency scenarios (see our Terms & Conditions for details).

For the purposes of UK data protection law and the UK General Data Protection Regulation ("UK GDPR"), the primary data controller for betfairj.com in the United Kingdom is the Betfair group entity that provides your account, typically PPB Counterparty Services Limited and/or PPB Entertainment Limited, acting alone or jointly.

We maintain a dedicated data protection function, including a Data Protection Officer ("DPO") for the Betfair group.

  • Data protection contact: please use the "Contact Us" options in your betfairj.com account or the help section, clearly marking your request "For the attention of the Data Protection Officer".
  • Primary support channels: 24/7 in-account live chat (using our "Hydra" assistant as first line, with the option to reach a human agent), and the support Twitter account @BetfairCS.
  • Email support: available via our online forms on betfairj.com with a typical response time of 24 - 48 hours. No public phone number is currently advertised for general support.

What Personal Data We Collect

We collect and process different categories of personal data when you visit betfairj.com, register, place bets, participate in casino games, contact support, or use responsible gambling tools. The main categories are:

Identification and Contact Data

  • Basic details: full name, username, date of birth, gender, language preference, country of residence, and proof that you are at least 18 years old.
  • Contact details: email address, postal address, billing address, and, where provided, mobile or landline phone number.
  • Verification data (KYC): copies or details of identity documents (e.g. passport, ID card, driving licence), proof of address, proof of payment method ownership, and information obtained from credit reference and identity verification agencies (without using credit information for gambling purposes contrary to UK rules).

Account, Transaction and Behavioural Data

  • Account data: account ID, registration date, account status, account settings, language and communication preferences.
  • Transaction data: deposits, withdrawals, bonus credits, chargebacks and payment method details (e.g. masked card numbers, IBAN, e-wallet identifiers), noting that credit card deposits are prohibited for UK customers in line with UK regulations.
  • Betting and gaming history: stakes, odds, game rounds, wins and losses, session duration, game type, markets played, and profit & loss information visible in your account.
  • Behavioural data: clicks, page views, navigation paths, time on page, interaction with banners and offers, use of features such as Fast Funds withdrawals, and responses to surveys or feedback.

Technical and Device Data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system and platform, time zone and language settings.
  • Usage logs: login timestamps, authentication logs, unsuccessful login attempts, session IDs, and security logs.
  • Location-related data: approximate location derived from IP or other permitted means to enforce territorial and regulatory restrictions.

Responsible Gambling and Regulatory Data

  • Responsible gambling tools: deposit limits (including requested increases and decreases), time-outs, reality checks, self-exclusion status, and use of GAMSTOP-based self-exclusion where applicable for UK players.
  • Risk and monitoring data: internal assessments of affordability and play patterns, notes relating to safer gambling interactions, and flags used to monitor for potential harm in line with UK rules.
  • Self-exclusion schemes: information received from or provided to centralised schemes (such as GAMSTOP) where required by UK regulation.

Communications, Marketing and Cookie Data

  • Communications: records of live chat transcripts (including interactions with the "Hydra" chatbot and human agents), email messages, social media interactions (e.g. with @BetfairCS), and recordings or summaries of complaints.
  • Marketing and preference data: your marketing opt-ins and opt-outs, communication channel preferences, responses to campaigns, and participation in promotions.
  • Cookies and tracking technologies: cookie identifiers, pixel tags, SDK identifiers, and similar technologies on betfairj.com and associated services. For more details see the "Cookies & Tracking Technologies" section.

Data from Third Parties

  • Verification and risk management: data from identity verification providers, sanctions and politically exposed persons ("PEP") screening services, fraud prevention agencies, payment service providers and banks.
  • Regulatory bodies and ADR: information from the UK Gambling Commission, other regulators, law enforcement, and our alternative dispute resolution ("ADR") provider IBAS (Independent Betting Adjudication Service) if they handle a dispute involving you.
  • Marketing partners: limited data from affiliates and advertising networks where permitted by law and by your consent choices.

Legal Basis for Processing

We process personal data only where we have a valid legal basis under the UK GDPR and other applicable law. Depending on the specific processing activity, we rely on:

  • Performance of a contract: necessary to create and administer your betfairj.com account, verify your identity, process deposits and withdrawals, settle bets, pay winnings, provide customer support, and deliver requested features such as Fast Funds withdrawals and responsible gambling tools.
  • Compliance with legal obligations: required by UK and EU/UK-derived laws and regulations, including anti-money laundering ("AML") and counter-terrorist financing rules, responsible gambling obligations, accounting and tax rules, UKGC licence conditions (such as mandatory connection to GAMSTOP), and laws requiring age verification and fraud prevention.
  • Legitimate interests: to operate, secure and improve betfairj.com, to prevent, detect and investigate fraud, money laundering and other abuses, to ensure network and information security, to understand how players use our products, to personalise content and offers within reasonable expectations, to protect the integrity of markets and games, and to exercise or defend legal claims. When we rely on legitimate interests, we balance our interests against your fundamental rights and freedoms and implement safeguards such as access controls, minimisation and opt-outs where appropriate.
  • Consent: for certain marketing communications (e.g. email, SMS or push notifications where consent is required), for the placement or reading of non-essential cookies, and for specific optional features. You can withdraw your consent at any time using your account settings, the unsubscribe link in communications or the cookie management tools on betfairj.com.
  • Vital interests: in rare situations, to protect your vital interests or those of another person (for example if we reasonably believe a player is at immediate risk of serious harm and we need to share information with emergency services).
  • Public interest / legal claims: where processing is necessary for tasks carried out in the public interest (for example, cooperating with law enforcement or regulators) or for the establishment, exercise or defence of legal claims.

Where applicable Mexican data protection law or EU/EEA law applies (for example, if a player from those regions accesses betfairj.com under specific arrangements), we align our legal bases with the EU GDPR and Mexico's Federal Law on the Protection of Personal Data Held by Private Parties, ensuring that processing rests on contract, legal obligation, legitimate interests or consent as appropriate.

Purpose of Processing

We use personal data only for specified, explicit and legitimate purposes, and we do not process it in a manner incompatible with those purposes. The main purposes are:

Providing and Managing Our Services

  • Account creation and management: enabling registration, login, verification, account configuration, and the use of your betfairj.com wallet and gaming products under the Betfair experience.
  • Betting and gaming operations: accepting stakes, running games, determining outcomes, crediting winnings, handling bonuses, enforcing promotional terms, and displaying your transaction and profit & loss history.
  • Customer support: responding to questions and complaints via live chat, email and social media, and keeping records of communications for quality and training purposes.

Regulatory, AML and Responsible Gambling

  • Compliance with UKGC rules: satisfying licence conditions, including age and identity verification, AML checks, record keeping, and integration with schemes such as GAMSTOP.
  • Fraud and risk management: monitoring transactions and behaviour to prevent, detect and investigate fraud, money laundering, bonus abuse, improper use of betting markets and other irregular play.
  • Responsible gambling: monitoring play to identify markers of potential harm, offering tools such as deposit limits, reality checks, time-outs and self-exclusion, and intervening where appropriate.

Improvement, Personalisation and Analytics

  • Service improvement: analysing how betfairj.com and our apps are used to fix issues, optimise performance, develop new features and improve the user experience.
  • Personalisation: tailoring content, default settings and some offers to segments of players (for example, based on games you like or the devices you use), within UK regulatory limits and with appropriate controls.
  • Statistics and reporting: creating aggregated and anonymised statistics on product performance, risk, and responsible gambling, used within the Betfair group and for regulatory reporting.

Marketing and Relationship Management

  • Direct marketing: sending you promotional communications about products, offers and events available on betfairj.com, where permitted by law and in line with your preferences.
  • Digital advertising: using cookies and similar technologies to show or measure advertisements, including on third-party sites, only where allowed by law and your consent choices.
  • Surveys and feedback: requesting your feedback to improve our services and to better understand customer satisfaction and expectations.

Legal, Security and Business Purposes

  • Security: protecting the confidentiality, integrity and availability of data and systems, guarding against cyber-attacks, and managing access controls.
  • Legal obligations and claims: retaining and using data necessary to comply with legal obligations, respond to requests from regulators or law enforcement, and establish, exercise or defend legal claims.
  • Corporate transactions: in the context of mergers, acquisitions, restructurings or similar corporate events within the Flutter Entertainment group, subject to appropriate safeguards.

Disclosure & Sharing

We treat your personal data as confidential and only share it where necessary, subject to appropriate safeguards and strict contractual terms. We do not sell your personal data. We may disclose personal data to:

  • Betfair group and Flutter group companies: to manage accounts, provide shared infrastructure and security, perform group-level analytics, and comply with group-wide legal and regulatory obligations.
  • Payment service providers and financial institutions: to process deposits, withdrawals and refunds, to verify account ownership, and to handle chargebacks or disputes. This may include card schemes, banks, e-wallet providers and other regulated entities. Credit card deposits are not permitted for UK customers, but some payment data is still processed for withdrawals and verification.
  • KYC, AML and fraud prevention partners: identity verification providers, credit reference and sanctions screening agencies, fraud detection services and other risk management providers to help confirm your identity, prevent fraud and comply with AML and responsible gambling obligations.
  • Technology and service providers: companies that host our platforms, provide customer support tools (including live chat and chatbot services), data storage, security services, analytics, email and SMS delivery, and other operational support.
  • Self-exclusion and responsible gambling services: GAMSTOP and other applicable self-exclusion or safer gambling programmes, where required to implement your self-exclusion choices and regulatory obligations.
  • Regulators, ADR and public authorities: the UK Gambling Commission, other regulators, tax authorities, law enforcement, courts, and our ADR provider IBAS where necessary to comply with legal duties, resolve disputes or protect our rights, players or the public.
  • Affiliates and marketing partners: selected partners and advertising networks that refer customers to betfairj.com or display our advertisements, subject to your consent and cookie choices and to strict data protection clauses.
  • Prospective purchasers and professional advisers: in connection with corporate transactions involving the Betfair group or Flutter Entertainment plc, under confidentiality obligations and only to the extent necessary.

Whenever we share personal data with processors (service providers acting on our behalf), they are required by contract to use the data only in accordance with our instructions and to implement appropriate security measures.

International Transfers

Personal data collected through betfairj.com is primarily processed in the United Kingdom and, where relevant, within the European Economic Area ("EEA"). Because the Betfair group and some of our providers operate globally, your data may be transferred to and processed in countries outside the UK and EEA, including countries that may not offer the same level of data protection.

Where we transfer personal data outside the UK or EEA, we ensure that appropriate safeguards are in place, for example:

  • Adequacy decisions: transferring data to countries that the UK or EU has formally recognised as providing an adequate level of data protection.
  • Standard Contractual Clauses ("SCCs"): entering into SCCs approved by the UK and/or EU with recipients in non-adequate countries, supplemented by risk assessments and additional safeguards where necessary.
  • Intra-group agreements: using group-wide data protection agreements and policies within the Flutter Entertainment group to ensure consistent protection standards.
  • Other safeguards: using appropriate derogations in specific situations, such as where the transfer is necessary for the performance of a contract, for the establishment, exercise or defence of legal claims, or where you have explicitly consented after being informed of the risks.

You can obtain more information about international transfer mechanisms used for your data by contacting us as described in the "Complaints & Contacts" section.

Data Retention

We retain personal data for no longer than necessary for the purposes for which it was collected, including to comply with legal, regulatory and reporting obligations, to resolve disputes and to enforce our agreements. Because we operate in a heavily regulated sector, certain categories of data must be kept for extended periods.

Data Category Typical Retention Period
Account and identification data For the duration of your active account and typically at least 5 years after account closure to meet AML and regulatory requirements.
Transaction, betting and gaming history For the duration of the relationship and typically 5 - 7 years after account closure to comply with AML, tax, accounting and UKGC record-keeping obligations.
Responsible gambling and self-exclusion data For as long as necessary to implement your limits or self-exclusion and to meet regulatory expectations, and for a reasonable period afterwards (generally up to 7 years) to evidence compliance and manage risk.
Customer support and complaint records Typically up to 6 years after the issue is resolved, to handle follow-up complaints and legal claims.
Marketing data Until you opt out or your account is closed, plus a short period (normally up to 2 years) to maintain records of your preferences and demonstrate compliance.
Technical logs and security data For short to medium periods (from a few months up to 2 years), unless required longer for security investigations or legal claims.

When retention periods expire, we either securely delete or irreversibly anonymise personal data so that it can no longer be associated with you. We may retain anonymised or aggregated data indefinitely for statistical, analytical or regulatory reporting purposes. If you request erasure, we will also consider whether we are permitted or required to retain certain data despite your request (for example, for AML, gambling regulation, or legal claims).

Your Rights

Under the UK GDPR and, where applicable, the EU GDPR and Mexican data protection law, you have various rights in relation to your personal data. These rights are subject to conditions and legal exceptions, especially in the regulated gambling context where AML and licensing obligations may limit how far we can comply with some requests.

Data Protection Rights (UK/EU GDPR)

  • Right of access: to obtain confirmation whether we process your personal data and to receive a copy of that data, along with information about the processing.
  • Right to rectification: to have inaccurate or incomplete personal data corrected. You can update many details directly in your betfairj.com account.
  • Right to erasure ("right to be forgotten"): to request deletion of your personal data where it is no longer necessary, where you withdraw consent (if consent was the basis) or where you successfully object. We may be unable to delete data we must keep by law (for example, AML, gambling regulation and tax data).
  • Right to restriction of processing: to request that we limit processing of your data (for example, while we verify its accuracy or consider an objection).
  • Right to object: to object at any time to processing based on legitimate interests, including profiling, and to object to direct marketing. We will stop processing for direct marketing purposes on receipt of an objection.
  • Right to data portability: to receive certain personal data you provided to us in a structured, commonly used and machine-readable format and to transmit it to another controller where technically feasible.
  • Right to withdraw consent: where we rely on your consent (for example, for some marketing or non-essential cookies), you may withdraw it at any time without affecting the lawfulness of processing based on consent before withdrawal.
  • Rights related to automated decision-making: where we use automated decision-making that produces legal or similarly significant effects (for example, some risk and fraud screening, or automated limits), you may have rights to obtain human review, to express your point of view and to contest the decision.

Mexican ARCO Rights (Where Mexican Law Applies)

If Mexican data protection law applies to you (for example, if you are located in Mexico and use betfairj.com in a way that makes the Federal Law on the Protection of Personal Data Held by Private Parties applicable), you may also have the so-called ARCO rights:

  • Access: to know which of your personal data we hold and how we use it.
  • Rectification: to request corrections where your data is inaccurate or incomplete.
  • Cancellation: to request that we stop using and (subject to legal retention duties) delete your data.
  • Opposition: to object to certain processing activities for legitimate reasons.

We handle ARCO requests through the same channels and timeframes as GDPR rights, subject to applicable legal limitations in the gambling context.

How to Exercise Your Rights and Timeframes

  • How to submit a request: log in to your betfairj.com account and use the "Contact Us" or help centre forms, or contact us through our support channels clearly indicating that your request concerns data protection rights.
  • Verification: to protect your data, we may ask for additional information to verify your identity before acting on a request.
  • Response times: we aim to respond to all valid requests within one month of receipt. For particularly complex or numerous requests, we may extend this by up to two further months, in which case we will inform you of the extension.
  • Fees: we ordinarily handle rights requests free of charge. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, in line with the law.

Cookies & Tracking Technologies

We use cookies and similar technologies on betfairj.com to make our services work, to enhance your experience, to perform analytics and, where permitted, to personalise advertising. Cookies are small text files placed on your device.

Types of Cookies We Use

  • Strictly necessary cookies: essential for the operation of betfairj.com, enabling core functions such as logging in, maintaining your session, processing bets and ensuring security. These cannot be switched off in our systems.
  • Functional cookies: remember your preferences and choices (such as language, region, display settings and saved details) to provide a more personalised experience.
  • Analytics and performance cookies: help us understand how visitors use betfairj.com (for example, which pages are visited most often, and whether users encounter errors), so we can improve our products and services.
  • Advertising and targeting cookies: used to deliver more relevant advertising on our sites and third-party sites, to limit how often you see an ad, and to measure campaign effectiveness. These may be set by us or by our advertising partners.
  • Third-party cookies: set by third-party services integrated into betfairj.com, such as analytics, security tools, social media plug-ins and advertising networks.

Managing Cookies

  • Cookie banner and preferences centre: when you first visit betfairj.com (or after significant changes), you will be presented with options to accept, reject or customise non-essential cookies. You can change your choices at any time via the cookie settings link where available.
  • Browser settings: you can configure your browser to block or delete cookies. However, blocking strictly necessary or functional cookies may affect your ability to use parts of betfairj.com or reduce functionality.
  • Third-party opt-outs: for certain third-party analytics or advertising cookies, you may also manage preferences directly with the provider, subject to their tools and policies.

For more detailed information about specific cookies used on betfairj.com, including their duration and providers, please refer to any cookie-specific documentation or settings provided on our site.

Data Security

We take the security of your personal data seriously and implement a combination of technical and organisational measures designed to protect it from unauthorised access, loss, misuse, alteration or destruction. While no system is completely secure, we continually work to reduce risk in line with industry standards.

Technical Measures

  • Encryption in transit and at rest: data transmitted between your browser or device and betfairj.com is protected using modern transport layer security (TLS 1.2 or higher). Sensitive data is protected by encryption or other safeguards when stored.
  • Access controls: access to systems and databases is restricted on a need-to-know and role-based basis, authenticated with strong credentials and, where appropriate, multi-factor authentication.
  • Network and application security: we use firewalls, intrusion detection and prevention systems, vulnerability management, secure software development practices and regular testing to reduce security risks.
  • Logging and monitoring: security-related events are logged and monitored to detect unusual behaviour, fraudulent activity and potential threats.

Organisational Measures

  • Policies and training: staff handling personal data are subject to confidentiality obligations and receive regular training on data protection, information security and responsible gambling.
  • Third-party management: we select service providers carefully and require them to implement appropriate security safeguards through contractual obligations and, where relevant, audits or assessments.
  • Governance and standards: our security controls are designed to align with recognised industry best practices and frameworks (such as ISO 27001-style information security management), although formal certification may not apply to all entities or systems.

Incident Response

  • Incident handling: we maintain procedures to detect, investigate and respond to suspected personal data breaches or security incidents.
  • Notification: where a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, inform affected individuals as soon as reasonably practicable, in accordance with legal requirements.

Separately from data security, your player funds are held in segregated accounts with a "Medium" protection level under UKGC classifications, as described in our Terms & Conditions and the UKGC public register. This relates to financial protection rather than personal data, but reflects our broader approach to safeguarding players.

Complaints & Contacts

If you have questions, concerns or complaints about how we handle your personal data on betfairj.com, or if you wish to exercise your data protection rights, you can contact us using the following channels:

  • In-account support: use the help centre or "Contact Us" options once logged into betfairj.com. This is the fastest way to reach us and allows us to verify your identity securely.
  • Live chat: access our 24/7 live chat (initially via the "Hydra" assistant, with the option to be transferred to a human agent) from within your account, specifying that your query relates to privacy or data protection.
  • Social media: contact our support Twitter account @BetfairCS for general assistance (do not share sensitive personal data publicly; we may ask you to move to a private channel).
  • Email and online forms: submit requests via the online forms on betfairj.com, clearly stating that the message is for the attention of the Data Protection Officer where applicable.

We aim to acknowledge and address privacy-related complaints as promptly as possible and, in any event, within the timeframes set out in the "Your Rights" section (typically within one month).

Escalation to Supervisory Authorities

  • United Kingdom (primary authority): if you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office ("ICO"). Further details are available at www.ico.org.uk, including an online complaint form. The ICO can also be contacted at:
    Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.
  • EU/EEA data subjects (where applicable): if EU/EEA data protection law applies to you, you may also complain to your local data protection authority or to the authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
  • Mexico (where Mexican law applies): if Mexican data protection law applies to you and you are not satisfied with how we handle your personal data, you may lodge a complaint with the Mexican data protection authority, the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales ("INAI"), via its official channels (see www.inai.org.mx for details).

These options are in addition to any rights you may have to seek remedies through the courts or, for gambling-related disputes, to use ADR mechanisms such as IBAS as described in our Terms & Conditions. However, IBAS focuses on betting disputes rather than data protection complaints.

Updates

We may update this Privacy Policy from time to time, for example to reflect changes in law, regulatory guidance, technology, our business operations or the products offered on betfairj.com under the Betfair experience.

  • Notification of changes: where we make material changes, we will take appropriate steps to inform you in advance, which may include notifications by email, messages in your betfairj.com account, website banners or other prominent notices.
  • Advance notice: for significant changes that materially affect your rights or how we process your data, we will, where reasonably practicable, provide at least 30 days' notice before the changes take effect, unless an earlier change is required by law or to address urgent security or regulatory issues.
  • Your options: if you do not agree with the updated Privacy Policy, you may close your account and stop using betfairj.com. Continued use of betfairj.com after the effective date of an updated policy will constitute your acknowledgement of the changes.
  • Version control: this Privacy Policy is identified by the "Last updated" date below. Earlier versions may be retained by us for accountability and legal purposes.

Last updated: January 2026