Cookie Policy

1) What are cookies and similar technologies?

Cookies are small text files placed on a device by a website or an app. They store and retrieve bits of information so pages remember you between visits. We also use several related tools:

Local Storage / Session Storage — browser storage that can keep settings or IDs.
SDKs — software kits inside our mobile apps that work like cookies.
Pixels / Web beacons — tiny image files or code snippets that register when a page or email loads.
Device identifiers and signals — information from your browser or phone that helps with security, fraud prevention, and performance.
Fingerprinting signals — limited and controlled signals used for security and abuse detection.
Server-side cookies — session state held by our servers, referenced by a short ID in your browser.

Cookies set by BinoBet are first-party cookies. Cookies set by other domains are third-party cookies (for example, analytics or anti-fraud partners we use to operate the Platform).

2) Laws and legal bases

Under Dutch ePrivacy rules (Telecommunicatiewet) and the GDPR/AVG:

Strictly necessary cookies can be used without prior consent, though we still disclose them here.
Non-essential cookies (analytics, personalisation, marketing) require your consent. You can give, refuse, or customise consent using our cookie banner and the Consent Management Platform (CMP) found under Account → Privacy → Cookie preferences.
You may withdraw consent at any time through the CMP. Doing so will stop future use of the affected categories. It does not undo lawful processing performed before withdrawal.

We can legally process data acquired by cookies since we have consent for non-essential categories, a contract and legitimate interests for essential functionalities, and a legal duty for some security and fraud-prevention duties.

3) Your choices and controls

You stay in charge. Here’s how:

Cookie banner & CMP. On your first visit we ask for your preferences. Choose “Accept all”, “Reject non-essential”, or Customise categories. You can change your choices at any time in Account → Privacy → Cookie preferences.
Browser settings. Most browsers let you block, delete, or limit cookies. Blocking all cookies can break sign-in and checkout flows.
Mobile OS controls. iOS and Android let you reset advertising IDs, limit ad tracking, and manage app permissions.
Email settings. Images in marketing emails can be disabled by default, which prevents the email open pixel from loading. You can also unsubscribe using the link at the bottom of any marketing email.
Global Privacy Control (GPC) / Do Not Track. Where technically supported, we honour GPC signals for marketing choices in addition to your in-product settings.

Refusing non-essential cookies will not block core features, but some functions (for example, remembering your preferences or measuring performance) may be limited.

4) Categories we use

We assign every cookie or SDK to a single category in the CMP to keep things clear.

4.1 Strictly necessary

These enable core Platform operations: secure login, session continuity, payment flows, load balancing, consent storage, and basic fraud/abuse protection. Without them the site or app cannot function properly.

4.2 Preferences

These remember your choices such as language, region, accessibility options, or whether you dismissed a banner. They make the experience feel personal but are not essential to run the site.

4.3 Performance

These help us understand what works and what breaks. We measure page loads, navigation paths, crashes, and generic audience patterns. Where possible, we use de-identified or aggregated data. You can turn these on or off.

4.4 Personalisation

These tailor content to you—recent games, recommended categories, or a saved lobby layout. They never change game math or odds.

4.5 Advertising/marketing

These measure campaign reach and frequency and show relevant BinoBet messages on our properties. We do not sell personal data, and we suppress marketing for self-excluded users and players listed in CRUKS.

4.6 Security & fraud prevention

These detect bots, account takeovers, or location spoofing (VPN/TOR). Some entries in this class are essential to protect players, our partners, and our licence.

5) Mobile app notes

On iOS and Android, cookies are less common; instead we use SDKs that provide identical functions. We may also create a push notification token so we can send service messages you have opted into (for example, withdrawal status or bonus expiry reminders). You can change app permissions at any time in your device settings. Where the app relies on location to confirm eligibility, your explicit location permission is requested and can be revoked later.

6) Email pixels and link tracking

Some marketing emails have a tracking pixel that records when the email is opened, and links can have a brief token that tells us which campaign worked. You can turn off photos by default in your email client or unsubscribe using the link at the bottom of the page if you want. Tracking pixels are not used in service emails, like those that reset passwords or confirm payments.

7) Examples of cookies and identifiers we set

The live list in your CMP panel is the authoritative register; it shows names, providers, purposes, type, expiry, and category. The table below illustrates the kinds of entries you may see:

Name	Provider	Category	Purpose	Expiry	Type
bb_session	BinoBet	Strictly necessary	Keeps you logged in securely	Session	HTTP cookie
bb_csrf	BinoBet	Strictly necessary	Protects forms from CSRF attacks	Session	HTTP cookie
bb_consent	BinoBet	Strictly necessary	Stores your CMP choices	12 months	Local Storage
bb_locale	BinoBet	Preferences	Saves language/region	6 months	HTTP cookie
bb_ab_variant	BinoBet	Personalisation	Shows A/B test variant	30 days	HTTP cookie
bb_perf_id	BinoBet	Performance	Anonymous visit ID for load timings	24 hours	HTTP cookie
analytics_id	[Analytics vendor]	Performance	Usage stats & crash diagnostics	13 months	SDK/cookie
fraud_token	[Security vendor]	Security	Device signals for bot/abuse detection	12 months	HTTP cookie
cmp_cache	CMP	Strictly necessary	Syncs consent across subdomains	6 months	HTTP cookie

Bracketed entries are placeholders because the partner list can change. Your CMP screen always has the current details.

8) Third-party providers and data sharing

We rely on reputable partners to help operate the Platform. They fall into these groups:

Analytics and performance (load times, navigation, crash reporting)
Security and anti-fraud (device intelligence, bot detection, risk scoring)
Payments (processing deposits and withdrawals, chargebacks)
Game studios and content platforms (to run games and game events)
Customer support (chat, helpdesk)
Marketing tools and CMP (consent storage, notifications)
Content delivery networks (CDNs) (fast, secure content)

Where a partner processes data on our behalf, it acts as a processor under written contract and follows our instructions. Where a partner decides how to use data (for example, aggregated benchmarking or independent analytics), it acts as an independent controller and provides its own privacy notice.

9) International transfers

Some partners store or access data outside the EEA/UK. When we transfer personal data internationally, we use legal safeguards, such as:

Adequacy decisions (where the destination is recognised as providing appropriate protection),
Standard Contractual Clauses (SCCs), and
additional technical measures (encryption, access controls, pseudonymisation) where appropriate.

You can contact our DPO for more information about transfer safeguards; we may redact parts to protect security or commercial confidentiality.

10) Retention and consent logs

Session cookies are deleted when you log out or close your browser.
Persistent cookies last from minutes to years depending on purpose.
We keep CMP consent logs long enough to demonstrate compliance with the Telecommunicatiewet and GDPR accountability rules.
In the app, SDK identifiers are rotated periodically; push tokens are deleted when you disable notifications or uninstall the app.

11) Children and protected users

BinoBet is for adults (18+). We do not knowingly set non-essential cookies for minors. We also suppress marketing and certain personalisation categories for people registered in CRUKS or those who have self-excluded.

12) Security measures

We take security seriously:

TLS encryption protects data in transit.
Access to cookie/SDK data is limited to people who need it to do their jobs.
We avoid storing sensitive data (such as full card numbers or passwords) in cookies or local storage.
We run regular security testing and review third-party practices.

Even with strong measures, no method is perfect. If we ever face a security incident affecting cookies or SDK data, we follow our incident response plan and notify you where required by law.

13) How to manage cookies in popular browsers

Steps change from time to time, but these pointers help:

Chrome: Settings → Privacy and security → Cookies and other site data.
Safari (macOS/iOS): Settings/Preferences → Privacy → Block All Cookies / Manage Website Data.
Firefox: Settings → Privacy & Security → Cookies and Site Data.
Edge: Settings → Cookies and site permissions.

Deleting cookies may sign you out and reset saved preferences. For the latest steps, see your browser’s help pages.

14) Managing identifiers on iOS and Android

iOS: Settings → Privacy & Security → Tracking (to control app tracking prompts); Settings → [App] to change permissions such as Location or Notifications.
Android: Settings → Privacy → Ads (reset advertising ID, opt out of ad personalisation); Settings → Apps → BinoBet to change Location and Notifications.

You can use the app without enabling marketing-related identifiers. Location is only required where local rules demand we confirm you are in an eligible region when you play.

15) Social plugins and embedded media

Other services, such as social media widgets or instructional videos, may embed content on our website. These other services may also generate their own cookies. Our website may contain embedded content from other services. These kinds of components are loaded only when they are absolutely essential and, whenever it is possible, only after your involvement (click-to-play). If you want to learn more, you should read the cookie and privacy policies of the supplier.

16) How we use analytics

Analytics tell us what’s slow, what crashes, and what features you use most. We look at aggregates first. When we do look at individual events (for example, to debug an error), we try to limit the scope and duration. IP addresses may be used to derive coarse location (country/city) for capacity planning and fraud detection, then truncated or removed according to the vendor’s design.

You can turn analytics on or off in the CMP at any time.

17) Personalisation rules

Personalisation in our Platform is experience-level only: recent games, relevant categories, and shorter navigation paths. We do not change game probabilities, RTP, or odds based on personal data. Game outcomes remain random (for RNG titles) or driven by the live studio and physical equipment (for live casino).

18) Advertising and measurement

We mostly talk to players on our own channels: the site, the app, and email. If we run external brand campaigns, we use aggregate measurement where possible. When marketing cookies are disabled, we do not load tracking tags that require consent. You can still receive essential service messages even if you opt out of marketing.

19) Interplay with the Privacy Policy

This Policy focuses on cookies and SDKs. It doesn’t repeat everything in our Privacy Policy, which covers:

what personal data we process and why,
our legal bases,
the partners we rely on,
security measures,
how long we keep data, and
your rights under the GDPR.

If the two documents seem to differ, the stricter rule on consent applies.

20) Your rights

Under GDPR/AVG you may have rights to access, rectify, erase, restrict, object, and port certain data. For cookies and SDKs, the fastest way to exercise your choice is the CMP. For broader rights, contact our DPO. We will respond without undue delay and within one month, extendable in complex cases.

21) Updates to this Cookie Policy

We may update this Policy to reflect legal changes, guidance from the Kansspelautoriteit or the Autoriteit Persoonsgegevens, or technical changes to the Platform. When the changes are material, we will show a notice and, where necessary, ask you to review choices again. Historic versions are available on request.

If you are not satisfied with our response, you can lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).

22) Template: full cookie register fields

Your live CMP panel lists the current entries. If you need to publish a register in your help centre, use the fields below:

Name	Provider	Domain	Purpose	Category	Type	Expiry	Data shared	Lawful basis	Controller/Processor
bb_session	BinoBet	.binobet.example	Authenticated session	Strictly necessary	HTTP	Session	none	Contract	Controller
bb_consent	BinoBet	.binobet.example	Stores consent state	Strictly necessary	Local Storage	12 months	none	Legal obligation	Controller
analytics_id	[Vendor]	[vendor domain]	Performance metrics	Performance	SDK	13 months	Aggregated stats	Consent	Processor
fraud_token	[Vendor]	[vendor domain]	Device risk signals	Security	HTTP	12 months	Risk indicators	Legitimate interests / Legal obligation	Processor
ab_variant	BinoBet	.binobet.example	A/B variant	Personalisation	HTTP	30 days	none	Consent	Controller
cmp_cache	CMP	.binobet.example	Consent sync across subdomains	Strictly necessary	HTTP	6 months	Consent state	Legal obligation	Controller

Replace bracketed placeholders with your actual providers and domains.

23) Glossary

CMP (Consent Management Platform): the in-product tool where you set cookie choices.
CSRF: a web attack that tricks a browser into sending unwanted actions; we use a CSRF token to block it.
Device fingerprinting: reading a limited set of device and browser signals to prevent fraud or abuse.
GPC: Global Privacy Control, a browser signal that expresses a user’s preference to limit certain data use.
HTTP cookie: a tiny text file saved by your browser and sent back to the site with each request.
Local Storage: browser storage that remains until cleared by you or by the site.
SDK: a software component embedded in a mobile app that provides features similar to cookies.
Session cookie: a cookie that disappears when you close your browser.

24) Short notice for app stores and onboarding screens

We use essential cookies/SDKs to run the service and optional ones for analytics, personalisation, and marketing. You can manage choices any time in Account → Privacy → Cookie preferences. For details, read this Cookie Policy and our Privacy Policy.