Privacy Notice

  • About us
  • The information that we collect about you
  • How we use your personal data
  • Who we share your data with
  • Responsible gaming
  • Location we can transfer your data to
  • Security
  • Cookies
  • Marketing communications and your options
  • Your ARCO rights
  • ARCO rights: procedure for granting and withdrawing consent to the handling of your personal data.
  • Contact us or our Privacy Officer
  • Changes to this Privacy Notice

About us

Entain México, S.A. de C.V, with its address at San Francisco 1005 Col. del Valle, C.P. 03100 Mexico City, CDMX, Mexico is a member of the Entain Group of companies and this Notice explains what your personal data will be used for.

When we use the term "we" or "us", this includes the company and the Brands ("https://entaingroup.com/about/business-overview/our-brands/") and other companies within the Entain group.

We undertake to protect your personal data when you use our services via our website and mobile application and we take the security of your information very seriously. We have strict security measures in place to protect your personal data, which include solid security procedures that are tested and reviewed regularly. If you have any concern regarding the way in which we process or protect your personal data or if you wish to contact us in relation to any aspect of this Privacy Notice, contact us using the contact details at the bottom of this declaration.

This Privacy Notice must be read with our Cookies Policy and the terms and conditions of our website.

The information that we collect about you

We will collect personal data about you from the following sources:

  • When you register for an account with us
  • When you visit our website or our social media sites
  • From any surveys that you complete
  • When you contact us (by email, mail, telephone, in the shop or via the chat, including chat rooms or social networks)
  • When we analyse your interactions with us
  • From other companies in the group for internal reasons, principally for commercial and operational purposes
  • From public information sources, such as public registers or publications on social media
  • From cookies and monitoring devices on your devices when you have permitted their use
  • On third party databases in order to comply with our legal and regulatory obligations
  • From online suppliers and service providers, such as financial and shared liquidity services, and from client lists acquired legally from external suppliers

How we use your personal data

What we use your personal data for

Typical personal data

Further information

    Delivering products or services
  • Your name, address or email address, telephone number or online identity or other contact information that you give to us.
  • Your date of birth, gender
  • Start of session information
  • Transactional information regarding gaming and payment methods
  • In order to comply with our obligations derived from any agreement entered into between you and us and provide you with the information, products and services that you request of us, including information on changes to our website, services or our terms, conditions and policies.

      Customer service is important
  • Name, online identity, player ID
  • Contact information
  • Account notes and communications, call recording
  • Transactional information on gaming and payment methods
  • IP address, MAC address, device type, applications, location
  • In order to provide a service to the customer, answer their questions or address their complaints or concerns.

      In order to comply with our legal and regulatory obligations
  • Name, online identity, player ID, RFC, CURP, contact information, occupation
  • Games played, bets, wins and losses, deposits and withdrawals, payment methods
  • Online gaming images and screen shots
  • IP address, MAC address, device type, applications, location
  • In order to comply with our obligations and legal and regulatory duties, which include (but are not limited to) laws that regulate betting games, prevention of money-laundering, tax and anti-fraud laws and anti-terrorism laws. This may include electronic methods to identify this, such as the use of cookies and images in online gaming.

      Identity, age verification and responsible gaming controls
  • Name, online identity, player ID, contact information, date of birth and gender
  • Details of start of session, websites and web pages visited
  • Transactional information on gaming and payment methods
  • IP address, MAC address, device type, applications, location
  • Previous communications and account notes, call recording
  • Customer well-being information
  • Images and selfies
  • In order to comply with our responsible gaming obligations (such as registration of self-excluded persons and when we believe that a customer has a gambling problem).

    In order to verify or validate your identity or age and protect your information.

    This may include electronic methods to identify you, such as the use of cookies, and third party verification service providers such as Jumio, which assist with the verification of national identity documents or passports and additional identity verification documents.

      In order to conductsurveys, competitions and promotions
  • Name or online identity
  • Contact details, address, email address or telephone number
  • Contact preferences
  • Responses to surveys, clicks on marketing, preferred products, comments that you make
  • In order to invite you to take part in competitions, comment on your experiences or to accept promotions or keep you informed about service products that may be of interest to you.

    In order to calculate or understand the effectiveness of the marketing that we provide to you and to others, and to send you relevant marketing.

    You can choose not to receive direct marketing communications at any time.

      Lifestyle and demography
  • Contact preferences
  • Responses to surveys, clicks on marketing, preferred products, comments that you make
  • Interests and habits
  • To create a profile on you, your preferences and your habits in order to better understand your interests and how you play.

      To improve our services and ensure that our systems are secure and up to date
  • Player ID
  • Details of start of session, websites and web pages visited
  • Games played,
  • IP address, MAC address, device type, applications, location
  • How you use the mobile applications and websites
  • To ensure that the site content is presented in the most effective way for you and for your devices, to maintain and improve our products and services, optimise commercial processes, guarantee the integrity of our systems and administer our information technology assets, give quality guarantees, support the efficient management of our staff, analyse the performance of the web pages or promotions and provide content that is relevant to you.

      Crime Prevention and Detection

      Loss prevention

      Staff and customer protection

  • Name, online identity, player ID, contact information
  • Details of start of session, websites and web pages visited
  • Games played, bets, wins and losses, credits and withdrawals, payment methods
  • Online gaming images, video sequences and screen shots
  • IP address, MAC address, device type, applications, location
  • Risk scores, profile classification
  • Historical communications and accounts notes
  • List of software applications and processes active during use of our website, including access to files and programme files relating to the site
  • To prevent or detect crime, fraud, theft or losses on behalf of our business and our customers and to prevent the use of unfair practices on our websites or possible breaches of our General Terms and Conditions and of applicable law.

    In order to protect our staff and other persons from damage or loss.

    This may include monitoring online activity, electronic methods to identify you, such as through use of cookies, your online transactions and payments.

      Sale, acquisition and commercial rights
  • Name, online identity, player ID, contact information
  • Details of start of session, websites and web pages visited
  • Games played, bets, wins and losses, credits and withdrawals, payment methods
  • IP address, MAC address, device type, applications, location
  • Risk scores, profile classifications
  • Historical communications and accounts notes
  • In order to bring or defend legal claims or acquire or sell a business

    A large part of the information that we collect about you is necessary to comply with our legal and regulatory obligations, such as the Federal Law on Gaming and Sweepstakes and the Federal Law for the Prevention and Identification of Transactions with Resources from an Unlawful Origin and their respective regulations. However, when we seek your consent to process your personal data, you are not obliged to provide it to us but, if you do not do so, it is possible that you may not be able to use our services.

    We can also store sensitive personal data about you that may come directly from you, from other sources as described or from the decisions that we have made about you. In any event, we will notify you beforehand of this data processing.

    Some of these decisions or actions that we can take in order to manage your account or comply with our legal obligations may involve totally automated decisions. However, we will always provide you with contact details where you can ask for the decision to be reviewed or obtain more information from us.

    Who we share your data with

    It is possible that we may need to share personal information with other organisations in order to assure ourselves that we are complying with our legal obligations or when we need support to meet your needs or our contractual obligations. These other parties are usually:

    • commercial partners, suppliers and subcontractors needed to execute any contract that we enter into with them or with you;
    • our affiliates and selected third parties. If you have expressly chosen not to receive marketing from us/third parties, or have excluded yourself, we may share exclusion lists with our affiliates and selected third parties, in order to ensure that you do not receive unsolicited marketing;
    • members of the Entain Group, suppliers and providers of external services for any of the purposes identified in the table above, external suppliers and providers of services to the extent that they help the Entain Group with its legal and regulatory obligations, for example, suppliers of services relating to the prevention of money-laundering, fraud or verification;
    • selected third parties, so that they may contact you with details of the services that they provide, when you have expressly opted for the disclosure of your personal data for these purposes;
    • analysis providers and search engines that help us to improve and optimise our site and other selected third parties;
    • other organisations that seek, promote or collect comments and any online opinion of your experiences with us in order to help us to improve and optimise our services;
    • banks, credit card companies and relevant agencies that may share your personal details with third parties with a view to investigating and preventing gambling by minors, or activities that are fraudulent, criminal or suspicious (or other activities that we are obliged to investigate and prevent by law or regulation) or if we have reason to believe that you have carried out such an activity; and
    • our regulators, authorities responsible for ensuring compliance with the law or for fraud prevention, and also our legal advisers, courts, applicable independent adjudication services and gaming integrity organisations and any other authorised body, with a view to investigating any actual or suspected criminal activity and maintaining standards of conduct in the casino or other regulatory or legal matters.

    We may share your personal information with other members of the Entain Group for marketing purposes. However, we will not share it with other third party organisations unless you have expressly consented to the disclosure of your personal data for these purposes.

    We may also disclose your personal information to third parties in the following circumstances:

    • if we are considering selling or buying any company or asset, in which case, we will disclose your personal data to any possible seller or buyer of said company or asset;
    • in the event of any insolvency situation (for example, administration or liquidation) of Entain Group plc, or a data controller or any of the entities in its group;
    • if we, or essentially the entirety of our assets, are acquired by a third party, in which case, the personal data that we have about our clients will be one of the assets transferred;
    • for the purpose of ensuring compliance with or applying the terms of use of our website;
    • in order to protect the rights, property or security of ourselves, our staff, and our customers. This includes exchange of information with other companies and organisations (including the local police or other local public order agencies, if the law so requires) for the purpose of ensuring staff and customer safety, crime prevention, protection against fraud and the reduction of credit risk;
    • if we are obliged to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime;
    • and

    • When there has been self-exclusion from gaming, we may share this information with our regulators or other companies in our field if we consider that this is important in order to support your exclusion.

    Responsible gaming

    • At Entain, we take responsible gaming very seriously. We may share your information via our brands in the Entain Group and, when necessary, with other organisations in order to comply with our responsible gaming commitments.
    • We have a moral obligation to identify those at risk from gaming as soon as we can and help them to stop gaming by placing certain limits on accounts. This might include limits on deposits, product limits, limiting the capacity of an account to bet on certain products, or at certain times or periods. To this end, we analyse client transactions and we evaluate conduct or the financial status of our products and brands and this may cause us to make decisions relating to your account(s).
    • We are also constantly seeking innovative ways to help detect players who may be on the path towards difficulties and to identify them digitally. This means that we may use systems that identify clients (such as cookies on players' devices or images sent by you) and we have developed internal systems to understand your gaming in order to better communicate any risk relating to your activity. We may also share or receive player data with or from other organisations that help to evaluate risks or evaluate affordability from observing how you interact with other gambling operators or by helping people directly.

    In all these cases, you can be sure that we take our obligations very seriously, by helping customers to gamble responsibly and by protecting your personal information. We will always ensure that we apply the measures and controls that are most appropriate for protecting your data.

    Locations to which we may transfer your personal data

    Occasionally, services providers, members of the Entain Group and organisations we work with may be located outside Mexico in countries that do not have the same personal data protection standards as Mexico. However, we will ensure, through contractual clauses, that third party recipients assume at least the same obligations that Mexican law imposes on us as managers of your personal data. In addition, we will ensure that our service providers enter into processing agreements in conformity with us in order to guarantee that your personal data are processed in accordance with the applicable data protection legislation. Contact us at the email below if you have any specific enquiry about international transfers.

    Security

    We take compliance with the regulations on security, standards, guidelines and privacy laws very seriously and we promote security measures that will maintain the confidentiality, integrity and availability of personal data. We use reasonable organisational, technical and administrative measures to protect customers' personal data from unauthorised access and from alteration, disclosure or destruction of the personal data that we have.

    As a company, we have secure data centres with firewall, certified coded web pages and with ISO27001:2013 certification. We also take measures to ensure that our subsidiaries, agents, affiliates and providers employ adequate levels of security across the company.

    When we have given you (or when you have chosen) a password that allows you to access certain parts of our site, you are responsible for keeping this password confidential. We ask that you not share your password with anybody.

    Unfortunately, the transfer of information over the Internet is not completely secure. Although we will do everything possible to protect your personal data, we cannot guarantee the security of your data sent to our site. Any data transmission is at your own risk. Once we have received your information, we will use strict procedures and security features in order to avoid unauthorised access attempts.

    Cookies

    We use cookies for several purposes, including to improve your experience on our website. For more information on our use of cookies, consult our Cookies Notice.

    Marketing communications and your options

    When we collect your personal data for the first time, we will ask you to tell us how you would like to hear from us in the future about other products and services. This will normally be via a verification box on forms or the web page and you can choose not to participate at any time.

    What is Voluntary Exclusion?

    The term voluntary exclusion refers to various methods with which people may avoid receiving unsolicited information on products or services. This option is generally associated with direct marketing campaigns such as telemarketing or email or direct mail marketing.

    *Bear in mind that "voluntary exclusion" will not prevent any essential client correspondence, for example, bets or account correspondence.

    How can I choose not to receive marketing correspondence?

    If you do not wish to receive offers, promotions, information on events and personalised communications based on your account activity, you may request no contact with you:

    • Use of the option "unsubscribe" provided in any marketing communication that you receive
    • change your account configuration preferences
    • by contacting our department

    What details do you require of me?

    We would require as many of the following as possible in order to ensure that you are not sent more unwanted correspondence:

    • Your full name
    • Your account number
    • How we contacted you; i.e. email, SMS or post
    • The mobile telephone number or the email/postal address we used to contact you
    • The mobile telephone number or the email address that the message comes from
    • The date(s) and time(s) when you were contacted
    • A copy of the message that was sent to you (for example, a screen shot or a forwarded email sent to our customer service team)

    Your ARCO rights

    Description of the right

    Right 1

    Right of access

    You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights.

    You can ask us to tell you what information we have and how we obtained it. You will be sent a copy or email with this information.

    Right 2

    Right of rectification

    You can tell us about any change to any piece of data in particular or to all of the data if they are incorrect or inaccurate or because they have changed, and ask for them to be rectified.

    Right 3

    Right of cancellation

    You have the right to ask us to delete or cancel any personal data that we have about you that are not necessary or that are not of use for the purposes for which they were collected. This right will only apply when (for example): we no longer need to use the personal data to achieve the purpose for which we collected them, or when you withdraw your consent if we are using your personal data with your consent, or when you object to the way in which we process your data (in accordance with Right 6 below). This right is not absolute and will not apply when legitimate and prevailing reasons apply.

    Right 4

    Right to object to processing

    A right to object to the processing of your personal data for any purposes other than those that are necessary and give rise to the legal relationship between us and you but this will not lead to the conclusion of processing for these latter purposes.

    Right 5

    The right to file a complaint

    You have the right to commence data protection proceedings before the relevant Data Protection Supervision Authority. In Mexico, this is the National Institute of Transparency, Access to Information and Personal Data Protection (INAI).

    ARCO rights: procedure for granting and withdrawing consent to the handling of your personal data.

    You, in your name or through a legal representative, have the possibility of exercising the ARCO Rights (Access, Rectification, Cancellation and Objection) described above.

    We will deal with your application with proper care and within the first twenty (20) business days after you file it.

    The application for additional information may be sent to the address given here, or by email to the account stated in the contact section, where you will notify us as to which of the ARCO Rights you are exercising, providing the following information:

    • Subject's name and authorisation of the legal representative, where applicable.
    • Subject's address and email address where we can provide a response to the application.
    • Description of the personal data in relation to which he/she wishes to exercise an ARCO right.
    • Any other element that facilitates the identification or location of personal data.

    In order to adequately deal with your application, you or your legal representative (where applicable) must provide sufficient proof of identity. If you or your legal representative do not establish your identity or do not provide correct and truthful information, we will contact you, by telephone or by email, within the next five business days after dispatch to ask you to clarify this omission. If you do not respond to the requirement mentioned above, it will be understood that you do not wish to continue with this application.

    We will inform you as to the decision reached within no more than twenty (20) business days after the date when your application was received, or on the day after this application has been correctly amended. In all cases, the decision will be notified by email to the email address provided in the application.

    Refusal to allow use of your personal information for the purposes described in this privacy notice will not constitute a reason for us to deny you our Services. Bear in mind that, if you revoke your consent to this handling, it is possible that some Services may not be provided in full.

    It is possible to revoke any consent that you have given to us if your personal data are not needed for us to comply with essential objectives. However, it is very important that you be aware that your application regarding denial of use your personal data may not be satisfied in full or immediately, because we may be asked to continue handling your personal data in order to comply with legal requirements or contractual obligations.

    Contact us or our Privacy Officer

    If you wish to exercise your ARCO rights, contact us at privacy@bwin.mx.

    If you have any question about this notice or wish to obtain further information about your rights, contact our Personal Data Protection Officer at the following email address: dataprotectionofficer@entaingroup.com.

    *The means of communication stated above will not be used for enquiries relating to the customer care service and so any type of enquiry of this sort will not be sent to the customer service teams.

    Questions, comments and requests relating to this privacy notice are welcome.

    Changes to this Privacy Notice

    Any change to this privacy notice in the future will be published on this page and, when appropriate, you will be notified by email. Consult it frequently in order to see any update or change to this privacy notice.

    This privacy notice was last revised and updated: 01.07.2023