Parimatch Privacy Policy

This Privacy Policy (“Policy“) explains how Parimatch (the “Company,” “we,” “us,” or “our“) collects, uses, processes, protects, and discloses your personal information when you use our website, mobile applications, and services (collectively, the “Services“).

Parimatch is committed to maintaining the privacy and security of your personal data. This Policy applies to all users of Parimatch’s platform and complies with:

  • The General Data Protection Regulation (GDPR) (UK and EU)
  • The UK Data Protection Act 2018
  • UK Gambling Commission regulations (License #39576)
  • The Digital Personal Data Protection Act, 2023 (India)
  • Other applicable international data protection laws

By using Parimatch, you acknowledge and agree to the practices described in this Privacy Policy. If you do not agree with our data handling practices, please discontinue use of our Services immediately.

Who Controls Your Data?

Company Details:

  • Operator: Parimatch
  • Registered Office: [Corporate Address]
  • UK Gambling Commission License: #39576
  • Alderney License: [License Number]
  • Data Protection Officer (DPO): [Email]
  • Contact Email: privacy@parimatch.com

Your Rights: As a user in the UK or EU, you have specific rights under GDPR. You can contact our Data Protection Officer with any privacy concerns.

Information We Collect

Parimatch collects various types of information to provide safe, fair, and compliant Services. Here’s a comprehensive breakdown:

Information You Provide Directly

Identity and Contact Information:

  • Full name, date of birth, nationality
  • Email address and phone number
  • Physical/postal address
  • Identification documents (passport, driver’s license)
  • Photographs or selfies for identity verification

Account Information:

  • Username and password
  • Security questions and answers
  • Account preferences and settings
  • Language and communication preferences

Financial Information:

  • Payment method details (card numbers, bank account information)
  • Deposit and withdrawal records
  • Betting history and account balance
  • Transaction history

Responsible Gambling Data:

  • Self-exclusion requests and periods
  • Deposit limits you set
  • Session time limits
  • Cool-off period selections
  • Any problem gambling declarations

Communication Data:

  • Customer support inquiries and responses
  • Emails, chats, or messages with our team
  • Feedback and complaints
  • Survey responses

Information Collected Automatically

Technical Data:

  • IP address and device identifiers
  • Browser type, version, and operating system
  • Device type (mobile, tablet, desktop)
  • Mobile device IDFA or Android Advertising ID
  • MAC address

Usage Data:

  • Pages visited and features accessed
  • Time and duration of visits
  • Clicks, interactions, and navigation patterns
  • Betting patterns and preferences
  • Games played and amounts wagered
  • Win/loss records and gaming behavior

Location Data:

  • Approximate geographic location (derived from IP address)
  • Precise location (only with your explicit consent)
  • Country, region, and city information

Cookies and Similar Technologies:

  • Session cookies for login persistence
  • Tracking cookies for analytics
  • Advertising cookies for personalization
  • Flash cookies and local storage data
  • Web beacons and pixels

Behavioral Data:

  • Frequency of logins and activity patterns
  • Responsible gambling compliance monitoring
  • Fraud detection analysis
  • Risk assessment scoring
  • Customer lifetime value calculations

Information from Third Parties

Payment Processors:

  • Transaction confirmations and receipts
  • Payment status and verification data

Identity Verification Services:

  • Verification results from third-party KYC providers
  • Age confirmation data
  • Address verification results
  • Credit history checks (where applicable)

Affiliate Partners:

  • Referral source and click-through data
  • Campaign performance metrics
  • Lead generation information

Fraud Prevention Services:

  • Device fingerprinting data
  • Risk assessment information
  • Suspicious activity alerts

Other Sources:

  • Betting syndicates and integrity monitoring services
  • Regulatory bodies and law enforcement (upon request)
  • Credit reference agencies

Data We Do NOT Collect

Parimatch does NOT collect or process:

  • Race, ethnicity, or national origin
  • Political opinions or affiliations
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data (except facial recognition for KYC with explicit consent)
  • Sexual orientation or sexual life information
  • Criminal conviction records (except for KYC/AML purposes as legally required)

Why We Process Your Data

Under GDPR Article 6, Parimatch processes your personal data only on valid legal bases. Here are the specific legal grounds:

Consent

Definition: You have explicitly agreed to data processing for specific purposes.

Examples:

  • Marketing communications (email, SMS, push notifications)
  • Cookies and tracking technologies
  • Geolocation services
  • Personalized betting recommendations

Your Right: You can withdraw consent at any time by updating preferences or contacting us. Withdrawal does not affect the validity of prior processing.

How to Withdraw: Visit Account Settings > Marketing Preferences > Unsubscribe, or email privacy@parimatch.com

Contract Performance

Definition: Data processing is necessary to enter into or perform a contract with you.

Examples:

  • Creating and maintaining your Parimatch account
  • Processing deposits and withdrawals
  • Settling bets and payouts
  • Providing customer support
  • Account verification and KYC

Legal Basis: Without this data, we cannot provide Services.

Legal Obligation

Definition: Processing is required by law or regulatory requirements.

Examples:

  • Anti-Money Laundering (AML) checks
  • Know Your Customer (KYC) verification
  • Gambling Regulation Commission requirements
  • Tax and financial reporting obligations
  • Responsible gambling age verification
  • Self-exclusion records for GAMSTOP (UK)
  • UK Gambling Commission compliance
  • Court orders and law enforcement requests

Legal Framework:

  • UK Proceeds of Crime Act 2002
  • Financial Action Task Force (FATF) recommendations
  • UK Gambling Commission License conditions
  • Money Laundering Regulations 2017

Legitimate Interests

Definition: We process data because we have a legitimate business interest, balanced against your privacy rights.

Examples:

  • Fraud and money laundering prevention
  • Network and information security
  • Protecting against abuse and unauthorized access
  • Direct marketing (when not requiring consent)
  • Responsible gambling interventions
  • Business operations and analytics
  • Legal claims and disputes
  • Product improvement

Our Balancing Test: We conduct a Legitimate Interests Assessment (LIA) for each processing activity, ensuring your rights are protected.

Vital Interests

Definition: Processing is necessary to protect your vital interests (health or safety).

Examples:

  • Intervention for problem gambling
  • Suicide prevention awareness
  • Mental health crisis support
  • Safeguarding minors

Data Processing Purposes

Your data is processed for specific, clearly defined purposes:

Account Management & Service Delivery

  • Creating and maintaining your account
  • Processing login requests with Parimatch login security
  • Verifying your identity and age
  • Updating account information
  • Managing account settings and preferences
  • Processing deposits, withdrawals, and transactions
  • Settling bets and calculating winnings
  • Generating account statements

Regulatory Compliance & Legal Requirements

  • Anti-Money Laundering (AML) verification
  • Know Your Customer (KYC) checks
  • Sanction screening against international watchlists
  • Prevention of fraud and financial crime
  • Compliance with UK Gambling Commission requirements
  • Response to regulatory inquiries and audits
  • Tax reporting and filing obligations
  • Criminal record checks (where legally permissible)

Responsible Gambling & Player Protection

  • Monitoring for signs of problem gambling
  • Implementing self-exclusion programs
  • Enforcing deposit, time, and session limits
  • Sending responsible gambling reminders
  • Detecting and intervening in risky behavior
  • Calculating responsible gambling scores
  • Compliance with gambling addiction prevention measures
  • Integration with GAMSTOP (UK national self-exclusion scheme)
  • Providing reality check notifications

Fraud Detection & Prevention

  • Detecting suspicious or fraudulent activity
  • Device fingerprinting and analysis
  • IP address and location anomaly detection
  • Transaction pattern analysis
  • Abuse prevention and account protection
  • Chargeback and payment dispute prevention
  • Identifying multi-accounting and collusion
  • Protecting against bot activity and automation

Customer Service & Support

  • Responding to inquiries and complaints
  • Providing technical support
  • Resolving disputes and conflicts
  • Quality assurance and training
  • Feedback collection and analysis
  • Satisfaction surveys and reviews

Marketing & Communications

Only with your consent:

  • Promotional emails about new games and offers
  • SMS messages about bonuses and events
  • Push notifications to your mobile device
  • Personalized marketing based on your preferences
  • Retargeting advertising on third-party websites
  • Newsletter subscriptions
  • VIP program communications

How to Opt-Out: Update your preferences in Account Settings, click unsubscribe in any email, or reply STOP to SMS messages.

Analytics, Research & Optimization

  • Website and app performance analysis
  • User behavior research and insights
  • Identifying trends and patterns
  • Optimizing user experience
  • A/B testing and personalization
  • Aggregated statistics (anonymized data)
  • Product development and improvement
  • Business intelligence reporting

Legitimate Business Operations

  • Financial forecasting and budgeting
  • Licensing compliance and audits
  • Insurance and risk management
  • Dispute resolution and legal claims
  • Acquisition and merger activities
  • Asset protection

Who Has Access to Your Data?

Parimatch carefully controls who can access your personal information. We share data only when necessary and legally permissible.

Data Processing Partners (Data Processors)

These companies process data on Parimatch’s behalf under strict data processing agreements:

Payment Processors & Financial Institutions:

  • Visa, Mastercard, PayPal
  • Bank clearing and settlement systems
  • Payment gateway providers
  • Card fraud prevention services

Identity Verification & KYC Providers:

  • Third-party verification companies
  • Biometric identification services
  • Credit reference agencies
  • Address verification services

Anti-Fraud & Security:

  • Fraud prevention software providers
  • Device fingerprinting companies
  • Machine learning and AI security firms
  • DDoS protection services

Responsible Gambling:

  • GAMSTOP (UK national self-exclusion scheme)
  • Problem gambling monitoring services
  • Gambling therapy platforms
  • Mental health crisis services

Analytics & Technology:

  • Google Analytics
  • Server hosting providers (AWS, Azure)
  • Customer Relationship Management (CRM) systems
  • Email service providers
  • SMS delivery platforms

Legal & Compliance:

  • Compliance and monitoring software
  • Legal advisors and audit firms
  • Accountants and tax professionals

All Data Processors sign Data Processing Agreements (DPAs) ensuring GDPR compliance.

Independent Data Controllers

These organizations control their own data processing:

Affiliate Partners:

  • Referral sources that directed you to Parimatch
  • Marketing partners and agencies
  • Data shared: referral source, campaign information

Sports Integrity Bodies:

  • International betting fraud detection services
  • Sports leagues and governing bodies
  • Match-fixing prevention organizations
  • Data shared: suspicious betting patterns (anonymized where possible)

Betting Syndicates & Industry Partners:

  • Licensed betting exchange operators
  • Sports betting data providers
  • Data shared: aggregate betting information

Regulatory & Legal Disclosure

Parimatch may disclose your data without consent when:

  • Required by Law: Court orders, subpoenas, law enforcement requests
  • Regulatory Authorities: UK Gambling Commission inquiries, NCA/HMRC investigations
  • Money Laundering Reporting: Suspicious Activity Reports (SARs) to Financial Intelligence Unit
  • Child Protection: Information indicating minor gambling
  • Public Safety: Imminent threat to public safety
  • Tax Authorities: Tax reporting and audit cooperation

Legal Basis: These disclosures are under legal obligation (GDPR Article 6(1)(c)).

Business Transitions

In the event of acquisition, merger, bankruptcy, or asset sale:

  • Data may be transferred to the acquiring company
  • You’ll be notified of any material changes
  • Your rights remain protected

How Long Do We Keep Your Data?

Parimatch retains data only as long as necessary for the purposes outlined above. Retention periods vary depending on the type of data and legal requirements:

Active Account Data

While Your Account is Active:

  • Identity and contact information: Duration of account + 7 years (tax purposes)
  • Account activity and betting history: Duration of account + regulatory retention
  • Payment information: As required by payment processors (typically 3-7 years)
  • Session data and cookies: Duration of session or up to 2 years

After Account Closure

Following Account Termination:

  • Account verification documents: 7 years (tax and regulatory)
  • Transaction records: 7 years (AML/KYC regulatory requirements)
  • Betting history: 5-7 years (UK Gambling Commission requirements)
  • Self-exclusion records: Lifetime (for GAMSTOP and responsible gambling purposes)
  • Fraud investigation data: 3 years minimum
  • Marketing preferences: 2 years
  • Technical logs: 90 days

Specific Legal Retention Requirements

Anti-Money Laundering (AML):

  • 5 years minimum after transaction (UK FATF requirements)
  • Extended if account under investigation

Responsible Gambling & Self-Exclusion:

  • Lifetime retention for self-exclusion records
  • Problem gambling declarations: 5 years minimum
  • Deposit limit history: Duration of retention period + 3 years

Gambling Commission Compliance:

  • All records: 3-5 years minimum
  • May be extended during investigations

Tax Purposes:

  • All financial records: 7 years (HMRC requirements)
  • Supporting documentation: 6 years from year-end

Your Right to Erasure (Right to be Forgotten)

When You Can Request Deletion:

  • Data is no longer necessary for original purpose
  • You withdraw consent (if consent was basis)
  • You object to processing
  • No legal obligation to retain

Exceptions (Data Will NOT Be Deleted):

  • Required for legal compliance (AML/KYC, tax, gambling regulation)
  • Active investigation or dispute
  • Outstanding deposits or winnings
  • Self-exclusion purposes
  • Fraud prevention

How to Request: Email privacy@parimatch.com with “Request for Data Deletion” in subject line. Include account details and specific data categories.

Response Time: Within 30 days of verified request (GDPR standard).

How Parimatch Protects Your Data

Parimatch implements industry-leading security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

Encryption & Data Transmission

SSL/TLS Encryption:

  • 256-bit AES encryption for all data in transit
  • HTTPS protocol enforced on all pages
  • Certificate authority: DigiCert/Sectigo
  • Certificate pinning on mobile apps
  • Perfect Forward Secrecy (PFS) enabled

Data at Rest:

  • Database encryption with AES-256
  • Encrypted storage for sensitive data
  • Tokenization of payment card information
  • Password hashing with bcrypt/Argon2

Access Controls

Role-Based Access Control (RBAC):

  • Employees access only necessary data
  • Multi-level authorization for sensitive data
  • Principle of least privilege enforced
  • Regular access reviews and audits

Authentication:

  • Staff: Two-Factor Authentication (2FA) mandatory
  • Biometric access for executive roles
  • Session timeouts after 15 minutes inactivity
  • IP whitelisting for admin access

User Account Security

Parimatch Login Security Features:

  • Strong password requirements (12+ characters, numbers, symbols)
  • Password hashing algorithm: Argon2id
  • Account lockout after 5 failed attempts
  • 30-minute timeout on inactivity
  • Login notifications and suspicious activity alerts

Two-Factor Authentication (2FA):

  • SMS-based 2FA (6-digit codes)
  • Authenticator app support (Google Authenticator, Authy)
  • Optional but highly recommended
  • Easy to enable in Account Settings

Session Security:

  • Secure session tokens (CSRF protection)
  • HttpOnly and Secure flags on cookies
  • Session expiration after extended inactivity
  • Automatic logout on suspicious activity

Network Security

Firewalls & Intrusion Prevention:

  • Web Application Firewall (WAF) protection
  • DDoS mitigation and protection
  • Intrusion Detection Systems (IDS)
  • Intrusion Prevention Systems (IPS)
  • Regular penetration testing

Server Security:

  • Regular security patching and updates
  • Disabled unnecessary services and ports
  • Security Information & Event Management (SIEM)
  • Log monitoring and alerting

Data Protection Infrastructure

Segregation & Isolation:

  • Customer data physically separated from operational data
  • Segregated payment processing environments
  • Isolated testing and development systems
  • Network segmentation and VLANs

Backup & Recovery:

  • Redundant encrypted backups
  • Off-site backup storage
  • Regular backup testing and recovery drills
  • Disaster recovery plan with 24-hour RTO

Compliance & Auditing

Regular Security Assessments:

  • Annual penetration testing by independent firms
  • Quarterly vulnerability assessments
  • Compliance audits (ISO 27001, PCI DSS)
  • Security code reviews and SAST/DAST testing

Certifications:

  • ISO 27001 – Information Security Management
  • PCI DSS Level 1 – Payment Card Security
  • SOC 2 Type II – Service Organization Control

Third-Party Security

Vendor Management:

  • Security due diligence on all data processors
  • Data Processing Agreements (DPAs) with processors
  • Regular vendor security audits
  • Insurance requirements (cyber liability insurance)

Your Rights Regarding Your Personal Data

If you are located in the UK or EU, you have full rights under GDPR and the UK Data Protection Act 2018. You may request access to your personal data, ask for corrections, restrict processing, transfer your data, or request deletion where legally permitted.

You have the right to access your data by requesting a copy of the personal information Parimatch holds about you, including how it is used and how long it is retained. Requests can be made by emailing privacy@parimatch.com, and responses are provided within 30 days.

You also have the right to rectification, allowing you to correct inaccurate or outdated information such as your name, contact details, or date of birth. Most changes can be made directly in your account settings or by contacting support.

The right to erasure allows you to request deletion of your data in certain cases, such as when consent is withdrawn or the data is no longer required. However, some information must be retained due to legal, regulatory, AML, KYC, or fraud-prevention obligations.

  • You may request restriction of processing if you are disputing the accuracy or lawfulness of your data usage. During this period, your data will not be actively processed.
  • The right to data portability allows you to receive your personal data in a machine-readable format so it can be transferred to another service provider.
  • You may object to processing, especially for marketing, analytics, or profiling purposes. Marketing objections are applied immediately upon request.
  • Parimatch may use automated systems for fraud detection or responsible gambling. You have the right to human review and can challenge automated decisions that significantly affect you.
  • If you believe your data rights have been violated, you may lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local EU Data Protection Authority.

How Parimatch Handles International Data

Parimatch operates globally, which means your data may be transferred outside the UK or EU for services such as payments, customer support, analytics, cloud hosting, and fraud prevention.

All international transfers are protected through GDPR adequacy decisions, Standard Contractual Clauses (SCCs), and strict data processing agreements. Your data is transferred only when necessary and handled with the same level of protection as required under GDPR.

You have the right to know where your data is transferred, the safeguards applied, and to raise concerns if you believe a transfer affects your rights.

How Parimatch Uses Cookies

Parimatch uses cookies to ensure website functionality, improve performance, analyze usage, and deliver relevant content.

Essential cookies are required for login, security, and platform operation and cannot be disabled. Analytics and marketing cookies are optional and used only with your consent.

You can manage or withdraw cookie consent at any time through your account settings, browser controls, or by contacting privacy@parimatch.com. A cookie consent banner appears on your first visit and allows you to customize preferences.

Children’s Privacy & Age Verification

Protecting Minors

Parimatch is strictly for users aged 18 and above. Age verification checks are performed during registration and may be repeated during account use.

If a minor is identified, the account is immediately suspended and reviewed. Parimatch cooperates with guardians and authorities where legally required and supports responsible gambling and child-protection initiatives.

Changes to This Privacy Policy

Policy Updates

Parimatch may update this Privacy Policy to reflect legal or operational changes. Significant updates will be communicated via email, in-app notifications, or website banners with advance notice.

Minor changes will be reflected by an updated revision date. Continued use of the platform indicates acceptance of the updated policy.

Third-Party Websites & Links

External Links

Parimatch may link to third-party websites such as payment providers, affiliates, or social media platforms. These sites operate under their own privacy policies, and Parimatch is not responsible for their data practices.

Users are encouraged to review third-party privacy policies before sharing personal information.

Data Breach Notification

How We Respond to Data Breaches

Parimatch follows strict GDPR procedures in the event of a data breach. Any incident is immediately investigated, contained, and assessed.

If required, authorities are notified within 72 hours, and affected users are informed promptly with clear guidance on protective steps. Users have the right to information, complaints, and compensation where applicable.

Contact Information & Support

How to Contact Us

For privacy-related questions, data requests, or security concerns, you can contact Parimatch via privacy@parimatch.com, dpo@parimatch.com, or security@parimatch.com.

Requests related to GDPR rights are handled within 30 days. Urgent security issues are escalated immediately.

Additional Information by Region

Regional Privacy Laws

UK users are protected under GDPR and the Data Protection Act 2018. EU users are protected under GDPR and national laws. Indian users are covered under the Digital Personal Data Protection Act, 2023.

Your local Data Protection Authority oversees enforcement and complaints.

Glossary of Terms

Key Privacy Definitions

This policy uses standard privacy terms such as personal data, processing, consent, data controller, data processor, GDPR, KYC, AML, cookies, and encryption to clearly explain how your information is handled.

Legal Compliance & Certifications

Regulatory Compliance

Parimatch complies with GDPR, UK data protection laws, gambling regulations, PCI DSS, and international security standards. Regular audits and compliance reviews ensure ongoing data protection and platform security.

Parimatch Parimatch Parimatch, Parimatch privacy policy, Parimatch data protection, Parimatch GDPR compliance, Parimatch UK data protection, Parimatch EU GDPR rights, Parimatch personal data, Parimatch data rights, Parimatch user privacy, Parimatch data security, Parimatch cookies policy, Parimatch cookie settings, Parimatch tracking technologies, Parimatch age verification, Parimatch children privacy, Parimatch responsible data use, Parimatch data access request, Parimatch data correction, Parimatch right to erasure, Parimatch data portability, Parimatch restrict processing, Parimatch object to processing, Parimatch automated decision making, Parimatch data breach policy, Parimatch breach notification, Parimatch international data transfer, Parimatch SCC compliance, Parimatch third party links, Parimatch external websites, Parimatch contact privacy team, Parimatch DPO contact, Parimatch privacy email, Parimatch legal compliance, Parimatch UK GDPR, Parimatch EU privacy rights, Parimatch India data protection, Parimatch DPDP Act, Parimatch AML KYC data, Parimatch secure encryption, Parimatch user consent, Parimatch marketing preferences, Parimatch unsubscribe marketing, Parimatch data retention policy, Parimatch compliance certifications, Parimatch ISO security, Parimatch PCI DSS, Parimatch privacy support

Your Privacy is Our Priority

Parimatch is committed to protecting your personal data, maintaining transparency, and respecting your legal rights. We collect only necessary information, secure it using advanced technologies, and give you full control over how your data is used.

If you have any questions or concerns, our Data Protection Officer is always available at dpo@parimatch.com.