Privacy Policy

This Privacy Policy explains how Mr Punter, operated via the online platform at mr-punters.com, collects, uses, discloses and protects personal data of players and website visitors from the United Kingdom and other relevant regions. It is important that you read this document so you understand what data we process, why we process it, and what rights you have.

This Privacy Policy applies to all visitors to mr-punters.com, to registered customers using Mr Punter casino and betting services, and to individuals who contact us by email, live chat or through any other channel linked to mr-punters.com. By using the Website or opening an account, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy is effective from 6 November 2025 and is designed to comply with applicable data protection laws, including the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, relevant EU GDPR principles where applicable, and, for Mexican residents, the Mexican Federal Law on Protection of Personal Data Held by Private Parties and related regulations.

Who We Are

For the purposes of data protection law, the data controller responsible for processing your personal data in connection with Mr Punter on mr-punters.com is the company that operates and offers the Mr Punter brand and related online gaming services under an offshore gaming licence.

1. Identity of the Operator

Controller: The Mr Punter brand, including Mr Punter at mr-punters.com, is operated under an Offshore Gaming License issued by the Philippine Amusement and Gaming Corporation ("PAGCOR"). The licence is registered under number 22-0025, with Liernin Enterprises LTD referenced as the licensed entity or owner in the available compliance information. The core gaming platform and infrastructure are provided by Soft2Bet, and certain payment processing activities may be carried out by affiliated or partner entities, including Tilaros Limited in Cyprus or similar processing partners, acting as data processors or joint controllers where applicable.

2. Legal and Postal Address

Registered/Legal Address: The controlling corporate entity is legally established in the Marshall Islands (full registered address not publicly disclosed in the present notice). Due to regulatory and security reasons, detailed registered office information and certain corporate registration data may be provided to competent authorities, regulators, payment partners or, upon justified request, to data subjects in accordance with applicable law.

Operational and payment-processing activities may also involve entities and infrastructure located in the Philippines, Cyprus and other jurisdictions as described in the "International Transfers" and "Disclosure & Sharing" sections of this Privacy Policy.

3. Registration and Licensing Details

Jurisdiction of incorporation: Marshall Islands (legal/ownership jurisdiction)
Primary gaming licence: Philippine Amusement and Gaming Corporation (PAGCOR), Offshore Gaming License No. 22-0025
Regulatory jurisdiction: Philippines (PAGCOR), with Mr Punter operating as a grey-market offering for UK residents (not authorised or licensed by the UK Gambling Commission)
Company registration number / tax ID: Not specified in the available data; details may be made available to supervisory authorities or on request where legally required

The Mr Punter network shares infrastructure with related brands and sites such as Casinia, Wazamba, Rabona and Sportaza, which may be relevant where shared services or common platform components are used. Such relationships are taken into account when applying technical and organisational data protection measures.

4. Data Protection Contact

We have appointed a dedicated data protection contact responsible for overseeing matters related to this Privacy Policy and our compliance with applicable data protection laws. For practical purposes, this role may be performed by a Data Protection Officer (DPO) or by a specialised data protection department.

Email: [email protected] (please indicate "Data Protection" or "Privacy Request" in the subject line)
Website: https://mr-punters.com (including Mr Punter pages and all related sub-pages)
Contact channels: 24/7 live chat support (accessible via the Website), and email as above
Postal contact: Data Protection Officer, Mr Punter, c/o registered office in the Marshall Islands (full mailing address available upon request and in correspondence with competent authorities)

While Mr Punter accepts traffic from the United Kingdom, it is not part of UK self-exclusion schemes such as GamStop, and it is not affiliated with GamCare or Spelpaus. This regulatory context does not alter your data protection rights but may affect the gambling-specific protections available to you under UK gambling law.

What Personal Data We Collect

We collect and process different categories of personal data when you visit mr-punters.com, create or use an account on Mr Punter, contact support, or otherwise interact with our services. Some data is provided directly by you, some is generated by our systems, and some is obtained from third-party partners for verification, payment or security purposes.

1. Identification and Contact Data

Basic identity information: Full name, date of birth, place of residence, nationality, and other identity elements requested during account registration or Know Your Customer (KYC) checks.
Contact details: Email address (for example, the address you use to communicate with us or receive transactional and marketing messages), and any telephone number or alternative contact channels you provide.
Verification documents: Copies or details of identity documents (passport, ID card, driving licence), proof of address (utility bills, bank statements), and similar documentation required for KYC/AML purposes.

2. Account and Behavioral Data

Account information: Username, encrypted password or authentication credentials, account settings and preferences, communication preferences (including marketing consent), and account status (active, suspended, closed).
Gaming and betting activity: Betting history, wagers placed, games played (including Book of Dead or other titles), session durations, results, win/loss records, bonus usage, loyalty or VIP status and achievements.
Interaction data: Clickstream data, navigation paths, pages visited, time and duration of visits, interaction with promotional banners, support interactions (live chat transcripts, emails), and responses to surveys or feedback forms.

3. Technical and Device Data

Technical identifiers: IP address, approximate geolocation derived from IP, device identifiers, browser type and version, operating system, language settings, and referral URLs.
Log data: Access logs, login attempts (successful and failed), security and transaction logs, timestamps of key actions (logins, deposits, withdrawals, changes to security settings), and system-generated event identifiers.
Connection and performance data: Information about latency, loading times, error messages and other diagnostic data used to maintain security and performance.

4. Payment and Financial Data

Payment method details: Limited card or payment instrument data (such as cardholder name, masked card number, expiry date), e-wallet identifiers or other payment system references, held and processed in accordance with PCI-DSS and other security standards where applicable.
Transaction data: Deposits, withdrawals, chargebacks, refunds, bonuses and promotional credits, together with timestamps, amounts, currencies and related account balances.
Anti-fraud and AML data: Data relating to the monitoring of unusual or suspicious activity, enhanced due diligence checks, sanctions and politically exposed person (PEP) screening, where applicable and permitted by law.

5. Cookies and Similar Technologies

Cookie identifiers: Unique identifiers stored in cookies, local storage or similar technologies to recognise your browser or device.
Tracking data: Information about your interactions with our Website, gathered through first-party and, where applicable, third-party cookies and tracking scripts for functional, analytical and marketing purposes.
Preference data: Choices you make about language, region, cookie settings, and consent for marketing or analytics.

Where permitted by law, we may combine the above categories of data and create derived or aggregated data (for instance, risk scores, player segments or anonymised statistics) to support responsible operation, security monitoring, analytics and service improvement.

Legal Basis for Processing

We process your personal data only where there is a valid legal basis under UK GDPR and, where relevant, other applicable regulations. Depending on the specific activity, one or more of the following legal grounds may apply.

1. Performance of a Contract

Account creation and management: We need to process identification, contact, account, and technical data to register and maintain your Mr Punter account, verify your eligibility, and provide you with access to games, betting markets and account features available on mr-punters.com.
Payments and withdrawals: We process payment and financial data, as well as some identification and technical data, to execute deposits, withdrawals, refunds and bonus credits in accordance with our Terms and Conditions and with our obligations to payment processors and financial institutions.
Customer support: When you contact us by email or live chat, we process your contact details, account data and the content of your communications to answer your questions, resolve technical issues and handle complaints.

2. Compliance with Legal Obligations

KYC and AML: Our licence and applicable anti-money laundering and counter-terrorist financing laws require us to verify your identity, assess risk and monitor transactions. We process identification documents, address verification, transaction history and related data for this purpose.
Responsible gambling and regulatory reporting: We may process your betting behaviour, session duration and other gaming data to comply with responsible gambling requirements, internal risk policies and obligations set by PAGCOR and other applicable regulators.
Taxation and record-keeping: We retain and process transaction and account data to meet tax, accounting and statutory retention obligations imposed by applicable laws in the Philippines, the Marshall Islands, Cyprus, the UK and other relevant jurisdictions.

3. Legitimate Interests

Service integrity and security: We process technical, behavioural and transactional data to prevent fraud, abuse of bonuses, money laundering, account takeovers, and other misuse of our services, and to protect the security of our systems and players.
Analytics and service improvement: We analyse aggregated and pseudonymised usage data to understand how players use mr-punters.com, improve user experience, optimise game offerings, and resolve technical issues.
Business operations and risk management: We process data in connection with internal audits, corporate governance, regulatory communications, mergers or acquisitions, and enforcement or defence of legal claims, balancing our interests against your fundamental rights and freedoms.

4. Consent

Marketing communications: We send marketing emails, notifications or targeted promotions only where you have given your explicit consent or where permitted under applicable e-privacy and marketing laws. You may withdraw your consent at any time through your account settings or by following the unsubscribe link in our messages.
Cookies and tracking: Non-essential cookies (for example, certain analytics, advertising or social media cookies) are used based on your consent, which you can manage through our cookie banner and settings.
Special categories of data (if any): As a rule, we do not seek to collect special categories of personal data (such as health or biometric data). If in specific circumstances such data is processed (for example, in connection with responsible gambling support), we do so only with your explicit consent or under another applicable legal basis.

Where we rely on legitimate interests, we conduct and document a balancing assessment to ensure that your rights and interests do not override our legitimate business needs. You have the right to object to processing based on legitimate interests as described in the "Your Rights" section.

Purpose of Processing

We use your personal data for clearly defined and lawful purposes. These purposes are closely linked to the provision and improvement of Mr Punter services on mr-punters.com, regulatory compliance, and the security of our platform and players.

1. Provision of Gaming and Betting Services

Account registration and verification: To create and maintain your account, verify your identity and age, and ensure you are not restricted or prohibited from using our services under applicable laws.
Game and betting operations: To enable you to place bets, participate in games, view results, manage your balance, and use all related functionalities (including bonuses, loyalty programmes and promotions).
Payment processing: To process deposits, withdrawals, refunds and chargebacks through our payment partners and financial institutions, and to keep accurate records of your transactions.

2. Compliance, Risk and Fraud Prevention

Regulatory compliance: To comply with licensing conditions, AML/KYC requirements, responsible gambling rules, sanctions screening and other legal obligations in the Philippines, the Marshall Islands, Cyprus, the UK and other relevant jurisdictions.
Fraud and misuse detection: To detect and prevent fraudulent activities, bonus abuse, account sharing, identity theft and other behaviours that may harm our players, our business or third parties.
Security and incident management: To monitor, test and enhance the security of our systems and to investigate, log and report security incidents or suspected breaches.

3. Service Improvement and Analytics

Usage analytics: To analyse how players use mr-punters.com, including which games are popular, how features perform and how users navigate our Website, with the aim of improving usability, content and performance.
Product development: To plan, test and roll out new games, features and promotions that respond to player preferences and market trends.
Quality assurance: To monitor customer support interactions and internal processes to ensure consistency, training and quality improvement.

4. Marketing and Personalisation

Direct marketing: To send you newsletters, promotional offers, bonuses and other marketing communications related to Mr Punter, subject to your consent or to applicable soft opt-in rules.
Personalised content: To tailor offers, recommendations and on-site messages based on your activity, preferences and account profile, where allowed by law and your consent.
Advertising and affiliate programmes: To measure and optimise advertising campaigns, track affiliate performance and prevent affiliate fraud, often using cookies and similar technologies.

5. Dispute Resolution and Legal Claims

Handling complaints: To process and resolve complaints, disputes or queries you raise in accordance with our complaints procedure.
Legal claims and defence: To establish, exercise or defend legal claims, cooperate with law enforcement or regulators, and manage legal risk.
Corporate transactions: To facilitate due diligence and integration activities in the event of a merger, acquisition, restructuring or asset sale involving the Mr Punter business.

Disclosure & Sharing

We treat your personal data as confidential and only disclose it to third parties when there is a lawful basis, a clear purpose and appropriate safeguards. The categories of recipients listed below reflect how Mr Punter operates on the mr-punters.com platform and within its broader corporate and regulatory ecosystem.

1. Intra-Group and Related Entities

Group companies and owners: Liernin Enterprises LTD and other entities involved in the ownership, management or operation of the Mr Punter brand may access personal data where necessary for corporate, operational, compliance or support purposes.
Platform providers: Soft2Bet and other technology providers that host and maintain the gaming platform, game servers and core infrastructure act as data processors or joint controllers, subject to contractual data protection obligations.
Payment and processing entities: Related or partner companies such as Tilaros Limited in Cyprus (and similar entities) may process transaction data, KYC information and anti-fraud signals to facilitate payments and financial reconciliation.

2. Service Providers and Processors

Payment service providers and banks: To process deposits, withdrawals and refunds, we share necessary payment data with card schemes (e.g., Visa, Mastercard), banks, e-wallets and other payment intermediaries.
KYC/AML and risk service providers: Specialist providers may verify identity documents, perform sanctions and PEP screening, monitor transaction patterns and provide risk-scoring services.
IT, security and analytics providers: Hosting companies, content delivery networks, security monitoring services, analytics providers and similar vendors support the operation, security and analysis of our systems.
Customer support tools: Platforms that support live chat, ticketing or email delivery may process your contact information and the content of your communications.

3. Regulators, Authorities and Dispute Bodies

Regulators: PAGCOR and other relevant regulators may receive data for licensing compliance, audits, inspections or investigations.
Law enforcement and public authorities: We may disclose personal data to police, courts, tax authorities or other public bodies where required by law or where necessary to protect our rights or those of others.
Supervisory data protection authorities: Data may be shared with data protection authorities (such as the UK Information Commissioner's Office or, for Mexican residents, the competent Mexican data protection authority) in the course of handling complaints or regulatory enquiries.

4. Marketing, Affiliates and Advertising Partners

Affiliate partners: We may share limited data (such as unique tracking identifiers, aggregated performance statistics and conversion events) with affiliates who refer players to mr-punters.com, subject to contractual safeguards.
Marketing networks and advertising partners: Where you have consented to marketing cookies or tracking, we may work with advertising partners that use cookies and similar technologies to tailor and measure campaigns. Such partners may receive pseudonymised identifiers, device data and event data.
Communication partners: Email and SMS delivery providers may process your contact data to send communications on our behalf.

5. Corporate Transactions and Legal Events

Business transfers: In the event of a merger, acquisition, restructuring or sale of assets involving Mr Punter or the wider Mr Punter business, personal data may be transferred to prospective or actual purchasers and their advisers, subject to confidentiality obligations and applicable law.
Legal advisers and consultants: Lawyers, auditors and other professional advisers may access personal data where reasonably necessary for advice, audits, compliance and dispute resolution.

We do not sell your personal data in the sense prohibited by modern data protection frameworks. Any sharing of data with third parties is governed by written agreements that impose confidentiality, security and data protection obligations consistent with this Privacy Policy and applicable law.

International Transfers

Because Mr Punter operates under an offshore model and relies on infrastructure and partners in multiple countries, your personal data may be transferred internationally, including to countries outside the United Kingdom and the European Economic Area (EEA). We apply appropriate safeguards to ensure a level of protection essentially equivalent to that in the UK.

1. Locations of Processing

United Kingdom and EEA: Some customer-facing services, support operations and technical infrastructure components may be located in or accessed from the UK and EEA member states.
Philippines: As our gaming licence is issued by PAGCOR, certain regulatory, operational and compliance functions may be performed in the Philippines.
Marshall Islands: Corporate and ownership functions may be performed from the Marshall Islands, which is also the legal domicile of the controlling entity.
Cyprus and other jurisdictions: Payment processing and platform-related services may be provided from Cyprus and other countries outside the UK and EEA.

2. Safeguards for International Transfers

Standard Contractual Clauses (SCCs): Where personal data is transferred from the UK or EEA to a country that has not been recognised as providing an adequate level of protection, we implement EU Standard Contractual Clauses together with the UK International Data Transfer Addendum or the UK International Data Transfer Agreement, as applicable.
Contractual and organisational measures: We impose strict confidentiality, security and data protection obligations on all recipients, including robust access controls, data minimisation and audit rights.
Technical safeguards: We use encryption, pseudonymisation and segmentation of data to reduce risks associated with cross-border transfers and to ensure that data remains protected even if intercepted or accessed unlawfully.

3. Information on Specific Transfers

Where legally required, we maintain documentation describing the legal mechanism used for each category of international transfer and conduct risk assessments for key data flows. You may contact us for further information about the specific safeguards applicable to the transfer of your personal data to a particular country or recipient, subject to limitations necessary to protect security and confidentiality.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, regulatory, accounting or reporting requirements, as well as for the establishment, exercise or defence of legal claims. Retention periods may vary depending on the type of data and the jurisdictional obligations that apply.

1. General Retention Principles

Purpose limitation: Data is kept in identifiable form only for as long as needed for the purposes outlined in this Privacy Policy. Thereafter, data is securely deleted, anonymised or aggregated so that it can no longer be linked to you.
Legal and regulatory requirements: Certain laws (such as AML, gambling and financial regulations) require us to retain particular records for minimum periods, which may range from several years after the end of our relationship with you.
Dispute and claim management: We may retain data for longer where necessary in connection with ongoing or potential disputes, investigations or legal claims.

2. Typical Retention Periods

Account and identification data: Generally retained for the duration of your account and normally for up to five (5) years after account closure, to comply with AML and regulatory record-keeping obligations and to manage potential disputes, unless a longer period is required by law.
Transaction and payment data: Typically retained for at least five (5) to seven (7) years from the date of the transaction, to comply with financial and tax regulations and to maintain accurate accounting records.
Gaming and betting history: Retained for the life of the account and usually up to five (5) years after closure, for regulatory reporting, dispute resolution and responsible gambling analysis.
Customer support communications: Support tickets, live chat transcripts and related correspondence are generally stored for up to three (3) years after the issue is resolved, unless needed longer for legal reasons.
Cookies and tracking data: Stored for the lifespan of the individual cookie as specified in our Cookie Policy or cookie banner (for example, from session-only to up to two (2) years), subject to your consent choices and browser settings.

3. Deletion and Anonymisation

When data is no longer required, we apply secure deletion or anonymisation procedures. Anonymised and aggregated data that can no longer be associated with an identifiable individual may be retained indefinitely for statistical, analytical or business planning purposes. If you exercise your right to erasure, we will remove or irreversibly anonymise your personal data, except where retention is necessary under applicable law or for legitimate legal reasons.

Your Rights

As a data subject, you have strong rights over your personal data. These rights arise primarily from the UK GDPR and the Data Protection Act 2018 for UK residents, from the EU GDPR where applicable, and from Mexican data protection laws (including the Federal Law on Protection of Personal Data Held by Private Parties and its Regulations) for Mexican residents. We handle all requests consistently and transparently, subject to legal limitations and verification of your identity.

1. Right of Access

What this means: You may request confirmation as to whether we process your personal data and, if so, obtain a copy of that data along with information about the purposes of processing, categories of data, recipients, retention periods and your related rights.
How to exercise: Submit an access request via email to [email protected] (subject: "Data Access Request") or through live chat. We may ask for additional information to verify your identity and to ensure we do not disclose data to an unauthorised person.

2. Right to Rectification (Correction)

What this means: You have the right to request correction of inaccurate personal data and completion of incomplete data relating to you.
How to exercise: You can update some details directly within your account settings on mr-punters.com. For other corrections, contact our support or data protection contact with clear details of the data to be corrected and supporting documentation if necessary.

3. Right to Erasure (Deletion) and Cancellation

What this means: You may request that we delete your personal data where there is no longer a lawful basis for us to keep it, for example where you have withdrawn consent and we have no other legal ground, or where the data is no longer needed for the original purposes. Under Mexican law, this corresponds to the "cancellation" component of ARCO rights.
Limitations: We may not be able to erase data that we are required to retain under AML, gambling or financial regulations, or that is needed for the establishment, exercise or defence of legal claims.

4. Right to Restriction of Processing

What this means: In certain circumstances (for example, if you contest the accuracy of your data or object to processing), you can ask us to restrict processing of your data so that we only store it and refrain from using it actively until the issue is resolved.
Practical impact: During restriction, some services or features of Mr Punter may be limited or unavailable where they depend on the restricted data.

5. Right to Object

Legitimate interests: Where we process your data based on our legitimate interests (such as fraud prevention, analytics or service improvement), you may object to such processing on grounds relating to your particular situation. We will assess your objection and stop processing unless we have compelling legitimate grounds that override your interests, rights and freedoms or where processing is required for legal claims.
Direct marketing: You have an absolute right to object to the processing of your personal data for direct marketing purposes, including profiling related to such marketing. If you object, we will stop processing for marketing purposes without delay.

6. Right to Data Portability

What this means: You may request that we provide you with personal data that you have provided to us in a structured, commonly used and machine-readable format, and you may ask us to transmit this data directly to another controller where technically feasible and where processing is based on consent or contract and carried out by automated means.

7. Right to Withdraw Consent

What this means: Where processing is based on your consent (for example, for marketing communications or certain cookies), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
How to exercise: Use your account settings, unsubscribe links in emails, the cookie preference panel, or contact us by email or live chat.

8. ARCO Rights and Mexican Law Alignment

Access, Rectification, Cancellation and Opposition (ARCO): For Mexican residents, we recognise and support ARCO rights as set out under the Federal Law on Protection of Personal Data Held by Private Parties and related regulations. These rights align closely with the UK/EU data protection rights described above.
Procedures and forms: You may exercise ARCO rights using the same channels as other data protection rights (email or live chat). We will accommodate any additional procedural requirements mandated by Mexican regulations where applicable.

9. Procedures, Timeframes and Cost

How to submit a request: Send an email to [email protected] with a clear description of your request and proof of identity, or contact us via live chat and ask to submit a privacy request.
Response timeframe: We aim to respond to all valid requests within one (1) month (30 days) of receipt. In complex cases or where multiple requests are made, this period may be extended by up to two (2) additional months, in which case we will notify you of the extension and the reasons.
Cost: Requests are handled free of charge. We may charge a reasonable fee or refuse to act on manifestly unfounded or excessive requests, particularly where they are repetitive.

Cookies & Tracking Technologies

Mr Punter on mr-punters.com uses cookies and similar technologies to ensure the proper functioning of the Website, to improve user experience, to perform analytics and, where permitted, to support marketing activities. Cookies are small text files stored on your device when you visit our Website.

1. Types of Cookies We Use

Session cookies: Temporary cookies that are deleted when you close your browser. They are used to maintain your session, keep you logged in, and ensure secure navigation between pages.
Persistent cookies: Cookies that remain on your device for a specified period or until you delete them. They help us remember your preferences (such as language and region) and understand how you use the Website over time.
First-party cookies: Cookies placed directly by mr-punters.com to support core functionalities, security, preferences and basic analytics.
Third-party cookies: Cookies set by third-party service providers, such as analytics or advertising partners, that support website analytics, performance monitoring and, subject to your consent, targeted advertising.

2. Purposes of Cookies

Strictly necessary and functional cookies: Required for the operation of the Website, including enabling logins, processing bets, maintaining sessions, preventing fraudulent use of user accounts, and remembering your preferences.
Analytics and performance cookies: Help us understand how visitors interact with mr-punters.com, which pages are most popular, and how users move around the site, enabling us to improve performance and user experience.
Advertising and marketing cookies: Used, where you consent, to deliver relevant advertising, measure the effectiveness of campaigns, avoid showing the same ads repeatedly, and support affiliate tracking.

3. Managing and Disabling Cookies

Browser settings: Most web browsers allow you to manage cookies, including blocking or deleting them, through the browser's settings or preferences. However, disabling essential cookies may prevent the Website from functioning properly.
Cookie banner and preferences: On your first visit (and periodically thereafter), you will see a cookie banner allowing you to accept or manage non-essential cookies. You can change your choices at any time via the cookie settings panel available on mr-punters.com.
Third-party opt-outs: Certain third-party providers may offer additional opt-out mechanisms for their cookies and tracking. These can usually be found in their privacy or cookie policies.

Your consent choices regarding cookies can be modified at any time, and we will respect the most recent expression of your preferences.

Data Security

We take the security of your personal data seriously and implement technical and organisational measures designed to protect it against unauthorised access, accidental loss, destruction or damage. Our security framework reflects recognised industry standards and is continuously updated to address emerging threats.

1. Technical Security Measures

Encryption in transit: Data transmitted between your browser and mr-punters.com is protected using Transport Layer Security (TLS) version 1.2 or higher, helping to prevent interception and tampering.
Encryption at rest: Sensitive data, including passwords and certain financial and identification details, is stored using strong encryption and hashing algorithms, with keys managed under strict access controls.
Network and system protection: Firewalls, intrusion detection and prevention systems, anti-malware tools and vulnerability management processes are used to protect infrastructure and detect suspicious activity.
Access controls and logging: Access to personal data is strictly limited to authorised personnel and service providers on a need-to-know basis, and critical actions are logged for audit and incident investigation purposes.

2. Organisational and Procedural Measures

Security policies: We maintain internal policies covering information security, data protection, acceptable use, access management and incident response, which are regularly reviewed and updated.
Staff training: Employees and contractors with access to personal data receive training on data protection obligations, security best practices, confidential handling and incident reporting procedures.
Vendor due diligence: We assess the security posture of key third-party service providers, require appropriate contractual safeguards and monitor their compliance with our security and data protection standards.

3. Audits, Standards and Incident Response

Audit and assessment: Our systems and controls are subject to internal audits and, where applicable, external assessments aligned with recognised security frameworks (such as ISO/IEC 27001 or SOC 2) or equivalent controls, even if formal certification may not always be publicly disclosed.
Incident response: We maintain procedures to identify, manage and remediate security incidents. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected data subjects without undue delay.
User responsibilities: You are responsible for keeping your login credentials confidential, using strong passwords, enabling any available security features, and informing us promptly if you suspect unauthorised use of your account.

Complaints & Contacts

We encourage you to contact us directly if you have any questions, concerns or complaints about how your personal data is handled in connection with Mr Punter on mr-punters.com. We aim to resolve issues quickly and transparently, but you also have the right to escalate matters to the appropriate supervisory authorities.

1. How to Contact Us About Privacy

Email: For privacy-related questions or requests, contact us at [email protected] with "Privacy" or "Data Protection" in the subject line.
Live chat: Use the 24/7 live chat available on mr-punters.com and indicate that your enquiry relates to data protection or privacy. Our support team will route your request to the appropriate specialists.
Postal mail: You may direct written complaints to the Data Protection Officer, Mr Punter, at the registered office in the Marshall Islands (full mailing details will be provided upon request or as required in our correspondence).

2. Internal Complaint Procedure

Submission: Submit your complaint or enquiry using one of the channels above, providing as much detail as possible, including your account identifier (if applicable), relevant dates and any supporting evidence.
Acknowledgement: We will acknowledge receipt of your complaint, usually within a few working days, and may request additional information to clarify or verify your identity.
Investigation: A dedicated member of our data protection or compliance team will review your complaint, consult relevant internal stakeholders, and assess whether any corrective or remedial actions are required.
Response: We aim to provide a substantive response within one (1) month (30 days) of receiving a complete complaint. Where the matter is particularly complex, we may extend this timeframe by up to two (2) additional months, informing you of the reasons for the delay.
Outcome and follow-up: We will explain the outcome of our investigation and any steps we are taking. If you are not satisfied, you may request further clarification or escalate your complaint to a supervisory authority.

3. Escalation to Supervisory Authorities

United Kingdom - Information Commissioner's Office (ICO): If you are located in the UK and believe that we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the ICO:
Website: https://ico.org.uk
Mexico - Data Protection Authority: Mexican residents may lodge complaints with the competent Mexican data protection authority responsible for enforcing the Federal Law on Protection of Personal Data Held by Private Parties and its Regulations. Information is available on the authority's official website.
EEA and other jurisdictions: Where EU or other national data protection laws apply, you may also have the right to contact the relevant supervisory authority in your country of residence, place of work or place of the alleged infringement.

We always recommend that you contact us first so that we can attempt to resolve your concerns directly before you involve a supervisory authority, but you are not obliged to do so.

Updates

Data protection law, regulatory expectations and our own processes evolve over time. We may update this Privacy Policy to reflect changes in our practices, technologies, services, legal requirements or regulatory guidance affecting Mr Punter and mr-punters.com.

1. How We Will Inform You

Website publication: The latest version of this Privacy Policy will always be available on mr-punters.com. We include a "Last updated" date at the end of the document.
Email notifications: For material changes that significantly affect your rights or the way we process your data, we will notify you via email to the address associated with your account, where such communication is feasible.
On-site notices: We may display banners, pop-ups or dashboard alerts within your account to highlight important changes and direct you to the updated Policy.

2. Advance Notice and Your Options

Advance notice: Where we make material changes that require your awareness or consent, we will, where practicable, provide at least thirty (30) days' advance notice before the changes take effect, especially if they involve new purposes of processing or significantly different data uses.
Your choices: If you do not agree with updated terms of this Privacy Policy, you may choose to stop using Mr Punter, adjust your privacy or marketing settings, withdraw consent where applicable, or request account closure and, where permitted, deletion of your personal data.
Continued use: Continued use of mr-punters.com and Mr Punter services after the effective date of significant changes will normally be treated as your acceptance of the updated Privacy Policy, subject to any specific consent requirements.

Last updated: November 2025. Previous versions of this Privacy Policy may be made available upon request for reference and transparency.