burger icon
Public Win United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Sea Bet S.R.L., operating the Public Win brand through the website publicwins.bet and its UK-facing presentation Public Win, collects, uses, discloses, and protects your personal data. It applies to visitors and eligible users of publicwins.bet, including those who access the website from the United Kingdom, the European Economic Area (EEA), Mexico, and other permitted jurisdictions. The service is not licensed by the UK Gambling Commission and is not intended for gambling by persons located in the United Kingdom; however, this Policy still governs any personal data processed when you visit the site for informational purposes. This Privacy Policy is effective and was last updated on 6 November 2025.

Who We Are

Data controller. The data controller responsible for personal data processed through publicwins.bet (including the localized presentation Public Win) is:

Sea Bet S.R.L.
Company registration number: J40/10099/2017
Tax identification (CUI): 37926958
Registered jurisdiction: Bucharest, Romania
Regulated gambling license: Class I gambling license no. L1172986W000768, issued by ONJN (Oficiul Național pentru Jocuri de Noroc), valid until 31 July 2027.

Sea Bet S.R.L. operates the Public Win platform domestically in Romania and is not licensed by the UK Gambling Commission. It may not advertise to, or accept players from, the United Kingdom for real-money gambling. Any use of the brand in this Policy relates exclusively to its operation on publicwins.bet.

Data Protection Officer (DPO) / privacy contact. Sea Bet S.R.L. has appointed a contact point for data protection matters:

  • Postal contact: Data Protection Officer, Sea Bet S.R.L., Bucharest, Romania (full mailing address available on request or via the website).
  • E-mail (preferred): privacy contact details are provided in the "Contact" or "Support" section of publicwins.bet and directed to the Data Protection Officer or privacy team.
  • Telephone: A dedicated telephone number is not currently provided; please use the electronic channels indicated on publicwins.bet for faster handling.

If you are unsure which channel to use, you may contact us through the general support or contact form on publicwins.bet, clearly marking your message with "Privacy" or "DPO", and your request will be routed to the appropriate team.

What Personal Data We Collect

We collect only the personal data that is necessary, proportionate, and relevant for operating publicwins.bet, complying with legal obligations, and improving our services. Depending on how you interact with the website, we may process the following categories of data:

  • Identification and contact data: full name, date of birth, country of residence, address details, e-mail address, username, and any telephone numbers you voluntarily provide when creating or managing an account or contacting support.
  • Verification and KYC/AML data: copies or data extracted from identity documents, proof of address, information obtained from sanctions and politically exposed person (PEP) lists, and results of checks carried out by third-party verification providers, where required by gambling, anti-money laundering (AML), or counter-terrorist financing laws.
  • Account and transactional data: account credentials (stored in encrypted form), account status, language and currency preferences, session history, bonuses and promotions used, deposits, withdrawals, bets placed, game rounds, wins and losses, and related transactional logs.
  • Payment and financial data: partial payment card details (masked where possible), bank account details for payouts, payment instrument identifiers, payment provider IDs, timestamps, and payment status information. We do not store full card numbers where this is not necessary, and we rely mainly on licensed payment service providers to handle card data securely.
  • Technical and usage data: IP address, device identifiers, operating system, browser type and version, language settings, time zone, referring URLs, access dates and times, clickstream data, and server logs generated when you access or interact with publicwins.bet.
  • Behavioural and interaction data: betting and gaming history, click behaviour, pages and features visited, interactions with promotions, self-exclusion or limits that you set, and communications with customer support (including chat transcripts and e-mails).
  • Cookies and similar technologies: unique identifiers stored via cookies, pixels, tags, local storage, and similar technologies to remember your preferences, maintain sessions, perform analytics, prevent fraud, and, where you consent, deliver personalised marketing or advertising.
  • Communication data: content of messages you send us via e-mail, contact forms, or live chat, along with metadata such as time, date, and channel of communication.
  • Sensitive or high-risk data (limited cases): information you provide in the context of responsible gambling, such as self-exclusion requests, financial affordability concerns, or health-related information you voluntarily disclose to explain problem-gambling issues. We handle this information with heightened care and restrict access to it.

We may also receive information about you from third parties (for example, verification providers, payment providers, or public databases) where this is necessary to comply with legal obligations or protect our legitimate interests, as described below.

Legal Basis for Processing

We process your personal data only when there is a clear and lawful basis to do so. Under the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and applicable Romanian law, as well as, where relevant, Mexican privacy law, our main legal grounds are:

  • Performance of a contract or steps prior to entering into a contract: when you register an account, participate in games, request withdrawals, or contact us for support, we must process identification, contact, account, and transactional data to provide the services, operate your account, pay winnings, and address your requests.
  • Compliance with legal obligations: we are legally required to process certain data under gambling, AML/CFT, tax, accounting, and consumer protection laws, including Romanian ONJN regulations and, where applicable, EU/UK regulations. This includes verifying your identity, monitoring transactions, preventing money laundering and fraud, keeping statutory records, and responding to lawful requests from regulators or law enforcement.
  • Legitimate interests: we process data where necessary for our legitimate interests and where these are not overridden by your rights and interests. These interests include securing our systems and services, preventing abuse and fraud, detecting bonus misuse, ensuring game integrity, improving our products, understanding how the site is used (analytics), defending or exercising legal claims, and managing our business. We use appropriate safeguards and assess any impact on your privacy before relying on this basis.
  • Consent: in specific situations, we rely on your freely given, informed consent. This includes certain marketing communications (such as newsletters or promotional SMS), non-essential cookies and tracking technologies (especially for advertising), and some responsible-gaming or survey-related data you voluntarily provide. You may withdraw your consent at any time, without affecting processing that took place before withdrawal.
  • Vital interests and important public interest (limited cases): in rare circumstances, we may process data to protect vital interests (for example, where there is an imminent risk of serious harm), or to comply with important public interest grounds defined in applicable AML or responsible-gaming laws.
  • Mexican law alignment: for users in Mexico, we align our processing with the legal bases recognised under Mexican data protection legislation (including the Federal Law on Protection of Personal Data Held by Private Parties), particularly where consent, contractual necessity, or legal obligation is required.

Where we ask you to provide personal data, we will indicate where the provision is mandatory (for legal or contractual reasons) and what may happen if you choose not to provide it (for example, we may be unable to open or maintain your account).

Purpose of Processing

We use your personal data only for specified, explicit, and legitimate purposes and do not further process it in a way that is incompatible with those purposes. Our main purposes include:

  • Providing and operating casino services: managing registration and authentication, operating your gaming account, hosting and delivering games, processing deposits and withdrawals, crediting winnings, managing bonuses and promotions, and providing customer support through various channels.
  • Compliance with gambling, AML, and regulatory obligations: performing identity verification and age checks, conducting ongoing monitoring of transactions and gameplay, detecting unusual or suspicious patterns, fulfilling reporting obligations to regulators such as ONJN, and maintaining records required by law.
  • Responsible gambling and player protection: enabling self-exclusion, deposit and loss limits, time-outs and other control tools; monitoring gameplay patterns for signs of harm; and contacting you or imposing limits where we reasonably believe that you may be at risk, in line with applicable regulations and our internal policies.
  • Service improvement and analytics: analysing how the site is used, improving user interfaces, performance, and content, enhancing game offerings, testing new features, and performing statistical and aggregated reporting that does not identify individual users whenever possible.
  • Marketing and promotions: sending you marketing communications about our services, promotions, or tournaments via e-mail, SMS, on-site messaging, or push notifications, in accordance with your preferences and applicable consent requirements. We also use data to personalise and measure the effectiveness of campaigns where allowed by law.
  • Fraud prevention, security, and abuse detection: preventing unauthorised access or use of accounts, stopping multiple-account abuse or bonus fraud, securing transactions, detecting bots or automated behaviour, and protecting the integrity and availability of our systems.
  • Legal defence and business administration: managing disputes, handling complaints, defending or establishing legal claims, carrying out audits, complying with requests from regulators or law enforcement, and supporting business planning and corporate transactions (for example, a merger or acquisition) while applying strong confidentiality safeguards.

If we intend to use your data for any new purpose that is not compatible with the purposes listed above, we will provide you with additional information and, where required, seek your consent before such processing.

Disclosure & Sharing

We treat your personal data as confidential and disclose it only where necessary and lawful. Depending on the services you use and the context, we may share personal data with the following categories of recipients:

  • Internal teams and group entities: authorised employees and departments of Sea Bet S.R.L. who need access for operational, support, compliance, security, or management purposes, subject to strict access controls and confidentiality obligations.
  • Payment service providers and banks: financial institutions and regulated payment service providers who process deposits and withdrawals, perform fraud checks, or verify ownership of payment instruments in accordance with their own regulatory obligations.
  • KYC/AML and risk-management providers: specialised third-party service providers who assist us in identity verification, sanctions screening, PEP checks, document validation, and risk scoring, in line with AML/CFT and gambling legislation.
  • Technical and infrastructure providers: hosting providers, cloud platforms, data centres, content delivery networks, IT security providers, and other technical suppliers who support the operation, security, and maintenance of our platform.
  • Analytics and performance tools: providers of analytics, error tracking, and performance monitoring tools that help us analyse how publicwins.bet is used and improve the service. Where these involve cookies or similar technologies, we do so in accordance with the "Cookies & Tracking Technologies" section and your preferences.
  • Marketing and advertising partners: carefully selected partners, including e-mail and SMS delivery services and, where you have consented, advertising networks or platforms that assist us with campaign management, personalisation, and measurement. We do not sell your personal data.
  • Regulators, supervisory authorities, and law enforcement: gambling regulators (such as ONJN in Romania), data protection authorities, tax authorities, and law enforcement agencies, when we are legally required or permitted to share information, for example in relation to suspected fraud, money laundering, or other offences.
  • Professional advisors and auditors: lawyers, accountants, auditors, and other professional advisors who are subject to confidentiality duties and require access to data for legitimate business, legal, or compliance reasons.
  • Corporate transactions: in connection with any actual or proposed merger, acquisition, asset sale, restructuring, or other corporate event, we may disclose limited data to potential or actual buyers and their advisors, under strict confidentiality conditions. Any successor entity will be bound by privacy commitments at least as protective as those in this Policy.

We do not disclose your personal data to third parties for their own independent marketing purposes without your explicit consent. Whenever we share data with service providers, we do so on the basis of written contracts that oblige them to protect your data and use it only in accordance with our documented instructions and applicable law.

International Transfers

Sea Bet S.R.L. is established in Romania, an EU Member State, and many of our core processing activities take place within the European Economic Area (EEA). However, some of our service providers and partners may process data in other countries. We take care to ensure that any international transfer of personal data takes place in compliance with UK GDPR, EU GDPR, and other applicable laws.

  • Transfers within the EEA/European Union: transfers of personal data within the EEA or EU (for example, between our systems in Romania and other EEA-based providers) benefit from a harmonised level of data protection under the GDPR, and no additional transfer mechanism is required.
  • Transfers from the UK to the EEA/EU and Romania: to the extent that UK-based visitors interact with publicwins.bet for informational purposes, transfers of their personal data from the UK to Romania and other EEA/EU locations are permitted under UK adequacy regulations, which recognise the EU/EEA as providing adequate protection.
  • Transfers outside the UK/EEA: in limited cases, we may rely on providers or partners located in countries outside the UK and EEA, for example for cloud hosting, analytics, anti-fraud tools, or e-mail delivery. Where such transfers occur, we implement appropriate safeguards, including:
    • Standard Contractual Clauses (SCCs) adopted by the European Commission, with any necessary supplementary measures;
    • the UK International Data Transfer Addendum or other transfer tools approved under UK law;
    • robust technical measures such as encryption, pseudonymisation, and strict access controls.
  • Transfers involving Mexico and other non-EEA jurisdictions: if you access the website from Mexico or other non-EEA jurisdictions, your data will typically be processed and stored on servers in the EEA (for example, in Romania). Where additional cross-border transfers are necessary, we apply safeguards recognised under both European and Mexican data protection laws.

Details of the specific safeguards used for international transfers (including copies of relevant contractual clauses, where required) may be made available upon request, subject to redactions for commercial confidentiality and security.

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, to comply with legal and regulatory requirements, and to protect our legitimate interests (for example, in relation to disputes or investigations). When determining retention periods, we consider the nature of the data, the risks associated with processing, and our legal obligations in Romania, the EU/UK, and other relevant jurisdictions.

  • Account and identification data: as a general rule, we keep core account, identification, and KYC/AML data for the duration of your relationship with us and for up to five (5) years after your account has been closed or your last transaction, in order to comply with AML, gambling, and record-keeping obligations. In some cases, this period may be extended where local law requires longer retention.
  • Transactional and betting data: detailed transactional records (including bets, game results, deposits, and withdrawals) are retained for at least five (5) years from the relevant transaction date, or longer where needed for accounting, tax compliance, or dispute resolution.
  • Responsible gambling data: information relating to self-exclusion, limits, and player protection measures is stored for the duration of the relevant measure and for an additional period (typically up to five (5) years) to comply with legal obligations and to ensure that appropriate restrictions remain effective.
  • Technical logs and security data: server logs, security events, and fraud-related data are retained for shorter periods (usually between six (6) months and three (3) years), unless a longer retention is required for security investigations or legal proceedings.
  • Marketing data: information about your marketing preferences and consent is kept for as long as you remain subscribed and for a reasonable period thereafter (usually up to two (2) years) to demonstrate compliance with consent requirements. If you opt out, we retain a minimal suppression record to ensure you are not contacted again.
  • Cookies and similar identifiers: cookies are stored on your device for periods that vary depending on their type and purpose, typically from the duration of your session up to two (2) years for persistent cookies, unless you delete them sooner via your browser or our cookie tools.
  • Complaints and dispute files: records of complaints, legal claims, and regulatory communications are generally kept for up to ten (10) years after closure of the matter, in line with applicable limitation periods and regulatory expectations.

When data is no longer required, we will either securely delete or irreversibly anonymise it. Where deletion is not possible (for example, in backup archives), we will isolate the data and protect it from further use until deletion becomes feasible.

Your Rights

Depending on your place of residence and the laws that apply to you (including the UK GDPR, EU GDPR, Romanian law, and Mexican privacy law), you may have a number of rights in relation to your personal data. We respect these rights and provide mechanisms to exercise them efficiently and free of charge, subject to legal limitations.

  • Right of access: you can request confirmation as to whether we process your personal data and receive a copy of such data, together with information about how and why it is processed.
  • Right to rectification: you can ask us to correct inaccurate or incomplete personal data. In many cases, you can update certain details directly in your account settings.
  • Right to erasure ("right to be forgotten"): you can request deletion of your personal data where, for example, it is no longer necessary for the purposes for which it was collected, you withdraw consent (where consent was the legal basis), or you successfully object to processing. This right may be limited where we must retain data to comply with legal obligations (for instance, AML and gambling record-keeping).
  • Right to restriction of processing: you can ask us to restrict the processing of your data in certain circumstances, such as when you contest its accuracy, when processing is unlawful and you prefer restriction to deletion, or when we no longer need the data but you require it for legal claims.
  • Right to object: you can object at any time to processing based on our legitimate interests, including profiling for fraud prevention or analytics, on grounds relating to your particular situation. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for legal claims. You also have an unconditional right to object to direct marketing, including profiling related to such marketing.
  • Right to data portability: for certain data you have provided to us and which we process by automated means based on your consent or a contract, you can request to receive it in a structured, commonly used, and machine-readable format and to have it transmitted to another controller where technically feasible.
  • Rights related to automated decision-making: if we use automated decision-making (including profiling) that produces legal effects or similarly significantly affects you, you have the right to obtain human intervention, express your point of view, and contest the decision, subject to applicable legal frameworks.
  • Marketing and consent withdrawal: where processing is based on your consent (for example, for certain marketing communications or non-essential cookies), you may withdraw your consent at any time via account settings, unsubscribe links, cookie tools, or by contacting us. Withdrawal does not affect the lawfulness of processing before the withdrawal.
  • Mexican ARCO rights: if you are in Mexico, you benefit from additional rights under Mexican data protection legislation, commonly known as ARCO rights: Access, Rectification, Cancellation, and Opposition. You may also request that your data not be used for specific purposes, such as marketing, and you can limit the use or disclosure of your personal data in accordance with local rules.

How to exercise your rights. You can exercise your rights by contacting our DPO or privacy contact using the details provided in the "Complaints & Contacts" section, clearly stating your identity, the rights you wish to exercise, and relevant information to locate your data.

Response times and cost. We will respond to your request without undue delay and, in principle, within one (1) month of receipt. This period may be extended by up to two further months where necessary, taking into account the complexity and number of requests; in such cases, we will inform you of the extension and reasons. Exercising your rights is free of charge, unless requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act, as permitted by law.

Cookies & Tracking Technologies

publicwins.bet uses cookies and similar technologies to ensure the website functions correctly, to remember your preferences, to perform analytics, and, where permitted, to deliver personalised content and marketing. Cookies are small text files placed on your device when you visit a website.

Types of cookies we use

  • Strictly necessary (session) cookies: these cookies are essential for the operation of the site and to provide services you request, such as logging in, maintaining your session, and securing your account. They are usually session-based and expire when you close your browser. You cannot disable these cookies without affecting basic functionality.
  • Functional and preference cookies: these cookies remember your choices and settings (such as language, region, and display preferences) to provide a more personalised experience. They may be session-based or persistent, and they help us improve usability.
  • Analytics and performance cookies: these cookies collect information about how visitors use the site, such as which pages are visited most often, error messages, and loading times. We use this information in aggregated form to improve the performance and design of publicwins.bet. Where analytics tools are not strictly necessary, we seek your consent in accordance with applicable law.
  • Advertising and targeting cookies: where allowed and subject to your consent, we may use first-party or third-party cookies, pixels, and similar technologies to deliver relevant promotions, measure campaign effectiveness, and avoid showing the same adverts repeatedly. These cookies may track your browsing across different websites and may be used by advertising networks according to their own privacy policies.

Managing cookies and choices

  • Cookie banner and settings: when you first visit publicwins.bet, you may be presented with a cookie banner or preferences panel that allows you to accept or reject certain categories of cookies (for example, analytics and advertising). You can adjust your choices at any time through the cookie settings link or panel available on the site, where implemented.
  • Browser and device controls: most browsers allow you to view, delete, or block cookies, and to set preferences for certain websites. Instructions are usually available in your browser's help or settings menu. Please note that blocking all cookies may impact the functionality and performance of publicwins.bet.
  • Third-party opt-outs: for some third-party services (such as analytics or advertising networks), additional opt-out mechanisms may be available on their websites or via industry opt-out platforms. We provide information about key third-party tools in our cookie notices where relevant.

For more detailed information about specific cookies and lifetimes used on publicwins.bet, please consult any dedicated cookie policy or cookie list that we may provide alongside this Privacy Policy.

Data Security

We take the security of your personal data very seriously and implement technical and organisational measures designed to protect it against unauthorised access, alteration, disclosure, or destruction. Our information security management system is aligned with recognised international standards, including an ISO 27001-certified framework for information security.

  • Encryption in transit and at rest: data transmitted between your device and our servers is protected using modern encryption protocols such as TLS 1.2 or higher. We also apply encryption, pseudonymisation, and logical separation of data at rest where appropriate.
  • Access controls and authentication: access to personal data is limited to authorised personnel who require it for their duties, based on role-based access controls and the principle of least privilege. Strong authentication mechanisms, including multi-factor authentication for administrative accounts, are used to reduce the risk of unauthorised access.
  • Secure infrastructure and monitoring: we host our systems in secure environments with physical and logical safeguards, including firewalls, intrusion detection and prevention systems, anti-malware tools, and regular log monitoring. We perform vulnerability management, patching, and security configuration reviews.
  • Regular audits and testing: we periodically review our security measures and may conduct internal audits, external assessments, and penetration tests to evaluate the effectiveness of our controls. Where we use third-party service providers, we take into account their security certifications (such as ISO 27001 or SOC 2) and require appropriate contractual safeguards.
  • Policies, training, and confidentiality: employees and contractors are subject to confidentiality obligations and must comply with internal policies on data protection, information security, and acceptable use. We provide training and awareness programmes to ensure that staff understand their responsibilities when handling personal data.
  • Incident response and breach notification: we maintain procedures for detecting, responding to, and resolving security incidents. In the event of a data breach affecting your personal data, we will assess the risks and, where required by UK GDPR, EU GDPR, Mexican law, or other applicable regulations, notify the relevant supervisory authority and affected individuals without undue delay.

While no system can guarantee absolute security, we continuously work to strengthen our defences and reduce risks to a level that is appropriate in light of the nature of the data and the threats faced.

Complaints & Contacts

We encourage you to contact us first if you have any questions, concerns, or complaints about how we handle your personal data. We will do our best to resolve issues fairly and promptly.

How to contact us

  • Privacy and DPO contact: you can reach our Data Protection Officer or privacy team via the contact or support channels provided on publicwins.bet, clearly indicating that your request relates to "Privacy" or "Data Protection". Where a dedicated e-mail address is listed on the site (for example, a "privacy@" or "dpo@" address), you may use that address directly.
  • Postal address: Data Protection Officer, Sea Bet S.R.L., Bucharest, Romania. Please include sufficient details to identify your account or interactions with publicwins.bet.

Complaint handling procedure.

  1. You submit your request or complaint via one of the contact channels described above, providing your identity details and a clear description of the issue.
  2. We acknowledge receipt of your complaint as soon as reasonably possible and, where feasible, within seven (7) business days.
  3. We investigate the matter, which may involve reviewing logs, consulting relevant departments, and, where appropriate, requesting additional information from you.
  4. We provide a substantive response without undue delay and usually within one (1) month of receiving your completed complaint. If the issue is particularly complex or we receive numerous requests, this period may be extended by up to two additional months, in which case we will inform you of the delay and reasons.
  5. If you remain dissatisfied with our response, you may escalate your complaint to the relevant supervisory authority as described below.

Supervisory authorities and external recourse

  • EU/Romanian data protection authority: because Sea Bet S.R.L. is established in Romania, our main supervisory authority under the EU GDPR is the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP). Website: https://www.dataprotection.ro. You may lodge a complaint with ANSPDCP if you believe your data protection rights have been infringed.
  • UK Information Commissioner's Office (ICO): if you are located in the United Kingdom, you may also contact the Information Commissioner's Office. Website: https://ico.org.uk; telephone (general enquiries): +44 303 123 1113. Please note that while we are not licensed by the UK Gambling Commission, data-protection-related complaints can still be examined by the ICO.
  • Mexican data protection authority (INAI): users in Mexico may contact the National Institute for Transparency, Access to Information and Personal Data Protection (INAI). Website: https://home.inai.org.mx. INAI oversees compliance with Mexican data protection regulations and can provide guidance and handle complaints.
  • Other EU/EEA authorities: you may also lodge a complaint with your local supervisory authority in the EU/EEA, particularly in the Member State of your habitual residence, place of work, or where the alleged infringement took place. Contact details are available on the European Data Protection Board (EDPB) website.

You are not required to contact us before approaching a supervisory authority, but we strongly encourage you to allow us the opportunity to address your concerns directly.

Updates

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal obligations, regulatory guidance, or technological developments. When we make material changes, we will take appropriate steps to inform you in advance and give you the opportunity to review the updated information.

  • Notification methods: we may notify you of updates via e-mail (where you have provided an address and are an active account holder), by displaying prominent banners or notices on publicwins.bet, and/or via messages in your account dashboard or inbox, where available.
  • Advance notice for significant changes: for material changes that could significantly affect your rights or how we use your data (for example, new purposes of processing or new categories of recipients), we will, where reasonably practicable, provide notice at least thirty (30) days before the changes take effect.
  • Your options: if you do not agree with the updated Policy, you may choose to close your account (if you hold one) and stop using publicwins.bet. Where processing is based on consent, you may withdraw your consent through the mechanisms described in this Policy. Continued use of the website after the effective date of an update will generally be taken as your acknowledgment of the changes, to the extent permitted by law.
  • Version control: each version of this Privacy Policy will be identified by an effective date and, where appropriate, a version number. The current version is identified at the top of the Policy as "Last updated: November 2025". Upon request, we may provide information about key historical changes.

We recommend that you review this Privacy Policy periodically to stay informed about how publicwins.bet, operated by Sea Bet S.R.L. for the Public Win brand and its Public Win presentation, protects your personal data.