Buzz Group Ltd Privacy Notice

1. About This Privacy Policy

This Privacy Policy explains how we use personal data and your rights under relevant data protection laws.

1.1. Our websites, buzzcasino.com and buzzbingo.com, are operated by Buzz Bingo Digital Limited. Buzz Bingo Digital Limited trades from Suite 2.2, Waterport Place, Europort Road, Gibraltar, GX11 1AA and the Data Protection Officer is registered with the Gibraltar Regulatory Authority.

1.2. Our clubs, badabingo.co.uk, buzzbingojobs.co.uk and buzgroupltd.co.uk are operated by Buzz Group Limited. Buzz Group Limited is incorporated and registered in England and Wales with company number 00794943, and the registered office is Unit 1, Castle Marina Road, Nottingham NG7 1TN. Buzz Group Limited is registered with the ICO under registration number Z8801135.

References throughout this document to ‘Buzz’, ‘we’, ‘our’ or ‘us’ will relate to: (i) in respect of the online services, Buzz Bingo Digital Limited, and (ii) in respect of the retail services, Buzz Group Limited.

2. Contacting Us

For any questions, concerns, comments, or to exercise your data protection rights, please contact our Data Protection Officer at:

By Post:
1 Castle Marina Road
Nottingham
NG7 1TN

By Email:
DPO@buzzbingo.com

3. What Personal Information We Collect

We collect personal information when you interact with us and use our services. This information is provided to us by you when you register for the first time and when you make use of our products or contact us. Sometimes, third parties or publicly available sources provide us with information about you.

3.1. Information you provide or may need to provide to us:

3.1.1. At registration:

  • Your personal details, such as your name, email address, postal address, telephone or mobile number and date of birth.

3.1.2. During the business relationship:

  • Photographic identification and proof of address documents (to conduct due diligence)
  • Banking and financial details (to establish the source of funds where a transaction is involved)
  • Your account login details or club membership details, such as your username and password

3.2. Data We Collect About Third-Party Representatives

We may collect the following categories of personal data relating to employees, officers, authorised signatories and other associated individuals of our merchants and vendors:

  • Work History (including position, department and title history and salary and benefits from previous employment)
  • Education and Training History
  • Criminal Information
  • Military service
  • Nationality
  • Information on government-issued cards (e.g. national identification card, Passport, work permit, driving license, other licenses, etc.)
  • Certificates and Qualifications
  • Signatures
  • Curriculum Vitae (CV)
  • Bank Account Details
  • Business Address
  • Business Email Address
  • Business Telephone number
  • Job title

3.3. Through your use of our services

In the course of using our services, we automatically collect certain information to help us understand how our products are used and to improve your overall experience:

  • Information about how you interact with our products
  • Information about your online browsing behaviour on Buzz websites, mobile apps, and other online content – please see our Cookies Policy for more information
  • Information about any devices you have used to access our Services (such as model, operating system, IP address, browser type, mobile device identifier).

3.4. Recording phone calls and webchat interactions

We monitor and record phone calls and webchat interactions to help us maintain a high standard of service, meet regulatory obligations, and protect both you and our business. Specifically, we do this to:

  • Ensure your instructions are carried out accurately
  • Resolve queries and address any issues
  • Comply with legal and regulatory requirements
  • Improve the quality of our services
  • Support the training and development of our staff
  • Detect and prevent fraud or other criminal activity

3.5. Other sources of personal data

Sometimes, we may collect information about you from other trusted third-party sources to help us personalise your experience, confirm your identity, or meet our legal and regulatory responsibilities. We only collect this information when we have a valid reason, such as our legitimate interest in improving our services or a legal obligation to keep your account secure and compliant.

This may include:

  • Information from third parties (such as your Twitter or Facebook activity) to help us better understand your preferences and provide more tailored services
  • Data from business partners and specialist organisations, including companies that provide identity verification, credit checks, or fraud prevention services
  • Information from publicly available sources, such as postcode lookup tools Please note that this list is not exhaustive. We may request additional information from you when we consider it fair, necessary, and in line with data protection law.

Please note that this list is not exhaustive. We may request additional information from you when we consider it fair, necessary, and in line with data protection law.

4. Purpose and Legal Basis for Processing

At Buzz, we understand that your trust is essential. That’s why we are committed to being transparent about why we collect your personal data and the legal reasons we rely on to do so.

We collect your personal information primarily to:

  • Deliver the services and products you’ve signed up for
  • Personalise and enhance your experience with us
  • Communicate important updates or respond to your requests
  • Comply with legal or regulatory requirements

Under data protection law, we must always have a lawful basis to process your personal data. The lawful basis we use depends on the specific activity and how we interact with you.

We rely on different lawful bases for different purposes, including:

4.1. Contractual

We process your personal data when it is necessary to fulfil a contract that you have entered into with us. This includes the agreement you accepted when registering for our services, which outlines what we offer and what you can expect.

We rely on this lawful basis to:

  • Make our services available to you as part of our contract
  • Provide gaming and betting services, online content, and related information
  • Handle your enquiries and respond to your requests
  • Manage essential service-related communications—such as password reminders, maintenance updates, and changes to our Privacy Policy, Cookies Policy, or Terms of Use
  • Let you know if your account has become dormant and check if you'd like to reactivate it before closure
  • Process your transactions securely and efficiently

4.2. Under Legitimate Interests

We may process your personal data when it is necessary for our legitimate business interests, provided that those interests are not overridden by your own rights, freedoms, or interests.

Before relying on this basis, we carefully consider factors such as:

  • What we told you at the time you provided your data
  • Your reasonable expectations of how your data would be used
  • The type and sensitivity of the data involved
  • The potential impact of the processing on you

This lawful basis allows us to run our business effectively while respecting your privacy rights. Examples of how we rely on legitimate interests are provided below:

4.2.1. To Personalise Your Experience

  • To offer a more relevant, tailored service, for instance, we could use your playing history to provide personalised recommendations and products
  • If you are signed in or subscribed to our marketing offers, you will receive a personalised service. If you don’t want to receive these services, you can unsubscribe from marketing offers, or disable personalisation by contacting our help centre or by email at CustomerServices@buzzbingo.com

4.2.2. To improve our services and products

  • To provide you with the most user-friendly online navigation experience
  • For analysis and research purposes, so that we may improve the services offered by Buzz
  • Testing new systems and checking upgrades to existing systems
  • Evaluating the effectiveness of marketing, and for market research and training
  • Customer modelling, statistical and trend analysis, with the aim of developing and improving products and services

4.2.3. To contact and interact with you

  • Contact customers about our services, for example by phone, email or post or social media
  • Manage promotions and competitions you choose to enter
  • Invite you to take part in and manage customer surveys, questionnaires and other market research activities carried out by Buzz and by other organisations on our behalf
  • We carry out market research to improve our services; however, if we contact you about this, you do not have to take part in the activities. If you tell us that you do not want us to contact you for market research, we will respect this choice, and this will not affect your ability to use our services
  • Responding to your queries and complaints

4.2.4. To make your game safer and more enjoyable

  • To deter, prevent or detect the use of third-party software in peer-to-peer gambling
  • To deter, prevent, or detect any activities conducted in breach of the Buzz Terms and Conditions
  • To determine where you are accessing the services from

4.2.5. For Recruitment and Human Resources Purposes

  • Documenting information collected from job applicants as part of the application process, authentication and verification
  • Contacting purposes
  • Evaluating the respective suitability of applicants
  • Contact job applicants about their application, for example by phone, email or post or social media.
  • Evaluating job applicants/ candidates for their qualification for a particular job, and background screening (if you are offered a position with us)
  • Defining a salary and other basic contract information for a new hire
  • To communicate with employee contacts in case of an emergency

4.3. To Meet Legal Requirements

We process your personal data when it is required to comply with our legal obligations under UK, EU, or other applicable laws.

This includes obligations that ensure we operate fairly, responsibly, and in line with regulatory requirements. For example, we may process your data to:

  • Confirm that we only provide services to eligible individuals
  • Comply with anti-money laundering and counter-terrorist financing obligations
  • Detect, prevent, and report crime, including money laundering and fraud
  • Verify your identity and check the source of funds for transactions
  • Conduct anti-fraud checks using trusted third-party identity providers (These checks will not affect your credit rating)
  • Support safer gambling measures, including identifying harmful patterns of play. These actions are a legal requirement and part of our commitment to maintaining a safe, fair, and responsible gambling environment, protecting our customers and the integrity of our services.

4.4. Under Your Consent

In certain situations, we rely on your explicit consent to process your personal data. This typically applies to optional services, such as receiving marketing communications or taking part in recruitment activities. Where consent is the lawful basis, you have the right to withdraw it at any time, for example, by updating your marketing preferences. However, withdrawing consent won’t affect the data we process under other lawful bases.

4.4.1. Cross-Platform Consent

As part of our services offered under a single licence, we may invite you to receive promotional offers for both our Bingo and Casino products. We will only send you marketing communications for a product (e.g., Bingo or Casino) if you have explicitly opted in to receive such communications. This approach applies to customers logging in for the first time on or after 1st May 2025. You can update your marketing preferences at any time via your account settings.

4.4.2. Marketing and Market Research

If you’ve given us your permission, we may contact you with news, special offers, promotions, and updates about our products and services. We may do this via email, SMS, phone calls, post, or through targeted advertising on social media.

When you first register with us, we’ll ask whether you’d like to receive marketing communications. You can change your preferences or withdraw your consent at any time—either through your account settings, by contacting our customer support team, or by writing to us.

We may use information which we hold about you to show you relevant advertising on third-party sites (e.g. Facebook, Google, Instagram, Snapchat and Twitter). If you would prefer not to see targeted ads from us on social media, many platforms (like Facebook, Instagram, or Google) allow you to opt out of specific advertisers through your ad settings. For guidance, organisations such as GambleAware have published helpful instructions on how to manage gambling-related content on these platforms.

We may also occasionally invite you to take part in market research to help us improve our services. Participation is entirely optional, and choosing not to take part will never affect your ability to use our products.

4.4.3. Recruitment and Human Resources

We may rely on your explicit consent to process your personal data for certain activities related to recruitment and human resources. This typically applies when the data processing goes beyond what is required by law or contract and gives you more control over how your information is used.

This may include:

  • Collecting and retaining information during the recruitment process, such as your CV, qualifications, background checks, and interview notes, for the purposes of evaluating your suitability for employment
  • Managing data necessary for the initiation or fulfilment of an employment agreement, including records of your application, pre-employment screening, and any documentation required before an offer is finalised
  • Providing employment references to third parties (such as prospective employers or recruitment agencies), but only when you’ve specifically asked us to do so
  • Processing your personal data in accordance with the terms of any future consent you provide—this might relate to optional training, wellness programmes, or initiatives that involve the collection of special category data (e.g. health information)

You can withdraw your consent at any time, where it is the basis for processing. This will not affect any processing that took place before consent was withdrawn, or any processing we carry out under another lawful basis (such as legal obligation or contract)

4.4.4. Special Categories of Data

At Buzz, we may sometimes need to collect what’s known as “special category personal data.” This refers to sensitive types of information that require extra protection under data protection laws. Examples include details about your health, biometric data, or information about your racial or ethnic origin, religious beliefs, or sexual orientation.

In our case, the most relevant type of special category data is health-related information, which may help us meet our safer gambling responsibilities—for example, identifying signs of gambling harm or supporting self-exclusion and player protection measures.

We will only collect, use, or share this kind of data if:

  • You have provided your explicit consent,
  • We are legally required or permitted to do so, for example, under UK Gambling Commission regulations or applicable data protection laws or;
  • There is expectation from the regulators to do so in line with guidance / best practice.

Because this type of data is particularly sensitive, we apply strict security and confidentiality measures to protect it. This includes secure systems, access restrictions, and policies to ensure that only trained and authorised staff can access your data, and only when necessary to support your wellbeing and our regulatory obligations.

We will only process such data if one or more of the following applies:

  • You have given us your explicit consent
  • It is necessary for the purposes of conducting the obligations and exercising specific rights of Buzz or of the data subject in the field of employment and social security, and social protection law
  • We are legally required or permitted to do so, for example, under UK Gambling Commission regulations or applicable data protection laws or;
  • There is expectation from the regulators to do so in line with guidance / best practice.
  • It relates to personal data which you have made public
  • It is necessary for the establishment, exercise or defence of legal claims
  • It is necessary for reasons of substantial public interest, on the basis of European Union or Member State law, as applicable to us.
  • It is necessary for the purpose of our regulatory requirements.

5. Use of Artificial Intelligence (AI) and Behavioural Analytics

We use Artificial Intelligence (AI) and behavioural analytics as part of our ongoing efforts to ensure a safe, fair, and responsible gambling environment. These tools support key functions such as customer interaction monitoring, fraud detection, game integrity analysis, and safer gambling interventions.

Where AI systems process personal data, including behavioural data to profile player activity or assess potential harm, we ensure that all processing is fair, lawful, and transparent, in accordance with the UK General Data Protection Regulation (UK GDPR). We conduct Data Protection Impact Assessments (DPIAs) where processing is likely to result in high risk to individuals' rights and freedoms and implement necessary technical and organisational measures, including:

  • Regular audits to monitor algorithmic fairness, accuracy, and unintended bias.
  • Appropriate safeguards where automated decisions could significantly affect individuals, such as the right to request human intervention and challenge outcomes.
  • Enhanced transparency about how profiling is used to support decisions related to affordability, account limitations, or responsible gambling measures.

Where our AI or analytics systems infer or process special category data (e.g., health-related indicators or self-exclusion signals), such processing is subject to additional protections under Article 9 UK GDPR, including reliance on explicit consent or substantial public interest conditions under Schedule 1 of the Data Protection Act 2018.

We are also required by the Gambling Commission to identify and interact with players who may be experiencing harm or risk of harm. Our systems are designed to support this objective while respecting your privacy rights. You have the right to object to profiling and request further information about the logic and impact of AI-based decisions. For more details or to exercise your rights, please contact our Data Protection Officer at dpo@buzzbingo.com.

6. Cookies and Similar Technologies

Buzz websites and mobile apps use cookies and similar technologies to support core functionality and enhance your user experience.

6.1. Cookies

Cookie technologies help us:

  • Remember your language preferences, so your chosen language is automatically selected the next time you visit
  • Ensure that your bets are correctly associated with your account and betting history
  • Ensure that bonuses and promotions you're eligible for are properly applied to your account
  • Analyse website traffic and user behaviour to help us improve the functionality and performance of our services

For more detailed information on the types of cookies we use, how they work, and how you can manage your preferences, please refer to our full Cookie Policy.

6.2. Push Notifications (Mobile App Users)

Our mobile applications may send you push notifications. These are short messages that appear on your device to keep you informed about updates, offers, and relevant account information.

6.2.1. What Are Push Notifications

We use push notifications to:

  • Notify you about new features and updates
  • Share promotional offers and discounts
  • Send reminders and alerts related to your account or your use of our services
  • Managing Your Notification Preferences

6.2.2. Managing Push Notifications

You have full control over the notifications you receive. At any time, you can:

  • Enable or disable push notifications through your device settings
  • When you first install the app, you’ll be asked whether you wish to opt in to receive push notifications. If you change your mind later, simply update your preferences in your device’s settings menu.

6.2.3. Data Handling and Privacy

Any information we collect through push notifications is processed in accordance with our Privacy Policy. We do not share your personal information with third parties without your consent, except where required by law.

6.3. Microsoft Clarity

We use Microsoft Clarity to help us understand how visitors interact with our websites and improve user experience. Microsoft Clarity provides insights through features such as session replays, heatmaps, and behavioural analytics. This information helps us optimise our site and services.

Microsoft Clarity collects data using first-party and third-party cookies and other tracking technologies. The data may include information about your device, browser, and interactions with our site (such as clicks, scrolls, and page views). This data is used for analytics, site performance improvements, fraud prevention, and advertising purposes.

For more information on how Microsoft collects and uses data, please visit: https://www.microsoft.com/en-gb/privacy/privacystatement

You can manage your cookie preferences through our cookie settings or opt out of Clarity tracking by following the instructions provided in the Microsoft Privacy Statement.

7. Sharing Your Personal Information

We do not share your personal information with third parties outside the Buzz Group for marketing purposes. However, there are specific situations where we may need to share your personal data with:

  • Other companies within the Buzz Group
  • Third-party service providers acting on our behalf
  • Regulatory authorities, or where required to meet legal obligations
  • In the context of business transfers or re-organisation

In all cases, we ensure that your data is used only for the purposes outlined in this Privacy Policy and that appropriate safeguards are in place.

7.1. Sharing Within the Buzz Group

We may share your personal information with other companies within the Buzz Group to:

  • Provide and manage our products and services
  • Notify you about important changes or developments
  • Respond to enquiries and complaints
  • Administer promotions, offers, and competitions
  • Facilitate secure access to online platforms
  • Update, consolidate, and maintain the accuracy of our records
  • Perform transaction and risk analysis
  • Assess and prevent problem gambling
  • Test new systems and carry out system upgrades
  • Detect and prevent fraud or other criminal activity
  • Ensure compliance with regulatory requirements and our Terms & Conditions
  • Evaluate marketing effectiveness and conduct market research, and training
  • Carry out statistical modelling and trend analysis to improve our services

7.2. Sharing with Third Parties

We may share your personal data with trusted third parties in the following circumstances:

7.2.1. Regulatory and Legal Obligations:

  • When required by a regulator or under applicable laws
  • If instructed, we may authorise financial institutions to disclose relevant account information to regulatory bodies
  • To establish, exercise, or defend our legal rights

7.2.2. Fraud Detection and Prevention:

We may transfer your personal data to third parties, including but not limited to so-called Address Verification System service providers, Payment Service Providers, Financial Institutions and credit reference agencies such as Transunion, which will leave a “soft” footprint on your credit file; more details: Privacy Centre | An Information & Insights Company.

7.2.3. Suspicious or irregular activity:

We reserve the right to disclose the Account Holder’s personal data to relevant parties where Buzz has reasonable grounds to suspect irregularities involving a Buzz Account with:

  • Service delivery partners

With service providers to enable us to provide our services, such as companies that help us with technology services, storing and combining data, recruitment management and processing payments or providing relevant online advertising for our products and services

  • Auditing and compliance

With external auditors conducting independent checks as part of our regulatory or accreditation requirements

  • Player protection and safer gambling

With the self-exclusion service provider GAMSTOP to match the identities of customers who are attempting to register and/or access a pre-existing account while being registered as self-excluded. For more information, visit GAMSTOP.

With Operator Enforced Exclusion provider GAMPROTECT to match the identities of customers who are registered to GAMPROTECT and to place customers on the GAMPROTECT register. For more information, visit YOUR DATA | GAMPROTECT.

7.3. Business Transfers and Successor Organisations

We may transfer your personal data to another organisation if we sell or transfer part or all of our business, or if we enter into negotiations to do so. This includes the transfer of any rights or obligations we hold under an agreement with you.

If such a sale or transfer takes place, the receiving organisation will be permitted to use your personal data for the same purposes set out in this Privacy Policy, based on our legitimate interests in facilitating the business transaction.

We may also share your personal data with any successor organisation that assumes responsibility for our business operations or services.

In accordance with data protection law, we will notify you of any material changes to how your personal data is used through a notice on our website or by direct communication, so you remain fully informed.

8. International Data Transfers

The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers. For instance, the computer servers used to host a website could be located outside the EEA – this is not unusual, given that the internet is a global environment.

Your personal information could be held at a destination which offers a different level of data protection than in the EEA, including Australia, Serbia, India, US. To ensure your personal information remains safe when transferred like this, we will take all reasonable steps to maintain a suitable level of protection in line with this Policy and our obligations under data protection laws.

Where any of our processing activities require your personal data to be transferred outside of the EEA, we will only make that transfer if:

  • We have put in place appropriate safeguards to protect your personal data, such as the contractual Model Clauses adopted by the European Commission or a relevant data protection authority; or
  • The country to which the personal data is to be transferred has an adequacy decision from the European Commission, confirming that the third country provides adequate protection for your personal information; or
  • You explicitly consent to the transfer; or
  • The transfer is necessary for one of the reasons specified in the data protection laws, such as the performance of a contract with you.

8.1. Compliance with Schrems II Ruling and ICO IDTA

8.1.1. Data Transfers Outside the UK and EEA

In light of the Schrems II ruling, we have implemented additional measures to ensure that any data transfers outside the UK and EEA are lawful and compliant.

8.1.2. Lawful Basis for Data Transfers

We rely on the following mechanisms to ensure the legality of data transfers:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Binding Corporate Rules (BCRs) where applicable.
  • Adequacy decisions by the European Commission for certain countries.
  • ICO International Data Transfer Agreement (IDTA) and Addendum, which provide a framework for ensuring the adequacy of third countries for international transfers under UK GDPR.

8.1.3. ICO International Data Transfer Agreement (IDTA)

The ICO IDTA is a key document that we use to establish where we can transfer data to. It includes:

  • Transfer Agreement Templates: Standard templates that outline the terms and conditions for data transfers.
  • Addendum Templates: Additional clauses that may be required to address specific transfer scenarios.
  • Risk Assessment Tool: A tool to assess the risks associated with international data transfers and ensure compliance with UK GDPR.

8.1.4. Additional Safeguards

To further protect your data, we have implemented additional safeguards, including:

  • Regular assessments of the legal environment in the destination country by our Data Protection Officer.
  • Encryption of data during transit and at rest.
  • Robust access controls and monitoring to prevent unauthorised access.

8.1.5. Commitment to Data Protection

We are committed to maintaining the highest standards of data protection. Our practices ensure that the level of data protection is equivalent to that guaranteed within the EU, even when your data is transferred outside the UK and EEA

9. Data Retention

We will only retain your information for as long as it is reasonably necessary to carry out the purposes outlined above and to satisfy our legal obligations. While you are a customer, we will usually need to retain your information to meet our legal and contractual requirements. However, when you cease using Buzz services, we will normally still retain your personal information for a period of time:

  • Typically, we will store your personal information for a period of 6 years after you cease being a customer of Buzz, beginning at the date your account is closed.
  • Meanwhile, for job applicants, we will hold data for a period of 12 months. There are several reasons why we retain your information, these include:
  • To comply with legal obligations under EU/local laws (for example, anti-money laundering regulations, or licensing regulations)
  • To establish or defend legal claims (for example, negligence claims) which could be made against us.

10. Your Rights

We appreciate that by law and subject to certain conditions, you have several rights concerning the personal information we hold about you. If you wish to exercise these rights, you should contact our Data Protection Officer at DPO@buzzbingo.com. These rights include:

  • the right to access, amend and erase the personal information we hold about you
  • the right to object to the processing of your data
  • the right to withdraw consent and;
  • the right to data portability
  • You also have the right to complain to the data protection authority if you are concerned about how we process your information. In addition, you have certain rights relating to automated decision-making and ‘profiling.’
  • Further information and advice about your rights can be obtained from the UK data protection authority (the Information Commissioner’s Office or “ICO”) or from your country’s data protection regulator.

10.1. Right to access and rectify the information we hold about you

According to GDPR and DPA 2018, customers are permitted to make Data Subject Access Requests (DSARs). These requests can be made when you would like to gain access to all of the information we hold about you. In order to process this request, we will require a valid form of ID. This is a safety measure designed to ensure that personal data is disclosed to the correct individual.

  • You can make a DSAR via our form here or directly with our Data Protection Officer.

When you submit this request, all personal data that we hold about you will be shared with you directly.

There are some exceptions and conditions under which DSARs can be refused. In such cases, you will be notified of the decision and justification.

10.2. Right to delete your data

In some circumstances, you can ask us to erase personal information we hold about you (‘the right to be forgotten’). This includes when:

  • The information is no longer necessary in relation to the purpose for which it was collected (as explained in our privacy policy)
  • If you previously gave consent to the use of your information, but decide to withdraw it, and we cannot justify another legal ground for using it under data protection law
  • We process your information based on our legitimate interests, and we cannot demonstrate overriding legitimate grounds to continue processing the information
  • We don’t have a lawful ground under data protection law to process your information
  • The data has to be erased to comply with a legal requirement
  • This right is subject to mandatory retention periods under EU/local laws.

10.3. Right to restrict processing

You have the right to ask us to restrict (‘block’ or ‘suppress’) the processing of your personal information. When processing is restricted, we can still store your information, but we will not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in the future. This right is available to you when:

  • You dispute the accuracy of the personal information (while we verify matters).
  • The processing is unlawful, and you object to the erasure of the information and request that we restrict processing instead
  • We no longer need the data, but you require it to establish, exercise or defend a legal claim; and
  • We process your information for our legitimate business interests, but you object (i.e. while we verify the grounds for continued processing).

10.4. Right to Data Portability

You have the right to receive personal information you provide to us, in a ‘commonly used machine-readable format.’ This allows you to obtain and reuse your information for your own purposes across different services. For example, if you decide to switch to a different provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability. This is not a general right, however, and only arises when the processing of your information is:

  • based on your consent or where it is necessary for the performance of a contract, and
  • when the information is processed solely by automated means.

10.5. Right to object

Based on your particular situation, you can object to the processing of your personal information, which is:

  • based on our legitimate business interests (including profiling); or
  • done for research and statistical purposes.
  • You also have the right to object to the use of your personal information for direct marketing purposes (including profiling), such as when you receive emails from us notifying you about other Buzz services which we think will be of interest to you.

10.6. Right to withdraw consent

When we rely on your consent as the basis to process your personal information, such as for sales and marketing communications, you have the right to withdraw your consent at any time. We’ll always strive to make it easy for you to withdraw consent by choosing an “unsubscribe” option in every communication you receive from us. If you find this isn’t the case, then just contact our Data Protection Officer in the ways outlined above in Section 2, and we’ll try to fix things ASAP.

10.7. Rights related to automated decision-making, including profiling

We sometimes use systems to make automated decisions based on your personal information. This helps us to make sure our decisions are quick, fair, efficient and correct, based on what we know. These automated decisions can affect the products, services or features we may offer you now or in the future, or the ability to use our services.

We may use automated decision-making in the following situations:

  • tailoring products and services – we may place you in groups with similar customers (segments) to study and learn about preferences and your needs, and offer a more tailored experience for you.
  • detecting fraud - we use your personal information to help decide and detect if your account may be being used for fraud or money laundering. If we think there is a risk of fraud, we may block or suspend the account.
  • opening account - when you open an account with us, we check that the product or service is relevant for you, based on what we know. We also check that you meet the conditions needed to open the account. This may include checking age, residency, nationality or financial position.
  • To meet our regulatory obligations in respect of the protection of customers and the prevention of criminality.

Data protection laws seek to safeguard individuals against harm that may arise from decision-making, including profiling, that takes place without human intervention. You have the right not to be subject to a decision, including profiling, when it is based on the automated processing of your personal information and it has a legal effect or a similarly significant effect on you.

Please note that the right does not apply when the processing is:

  • necessary for entering into or for the performance of a contract with you; or
  • when it is authorised by law; or
  • when it is based on your explicit consent.

11. Data Security

Buzz is committed to protecting the personal information you entrust to us. We take all reasonable steps to ensure that all information collected through our websites is handled securely and in line with this Policy and strict data protection standards. Accordingly, we have adopted robust procedures and technologies to protect your data from unauthorised access and improper use.

11.1. Encryption

All information sent to and from Buzz sites is encrypted using 256-bit Transport Layer Security (TLS) technology.

11.2. PCI-DSS

Your card details are encrypted and sent only to our PCI DSS-compliant Payment Service Provider. Buzz is dedicated to protecting our customers' confidential information and, as part of doing so, Buzz is certified towards the Payment Card Industries Data Security Standard.

11.3. Monitoring

The security of Buzz’s systems and applications is tested several times per year by third-party security experts. Furthermore, Buzz has an Intrusion Detection System that monitors all network traffic 24/7 for signs of attacks or intrusions.

11.4. Fraud Detection

Buzz has a dedicated fraud department and advanced systems in place to detect and prevent suspicious activity, to ensure that Buzz's websites remain a secure playing field. Any account involved in suspicious activity will be suspended and investigated to the fullest extent. Should you have any doubts about any activity on your account, such as unrecognised transactions in the transaction history or surprising changes in the balance, please contact us immediately using the contact details in section 2.

12. Complaints

If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated by contacting our Data Protection Officer, using the contact details in section 2.

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the UK data protection authority, the Information Commissioner’s Office, the “ICO,” or your national data protection regulator.

13. Data Protection Officer

Buzz has an appointed Data Protection Officer (DPO). The Data Protection Officer (DPO) has key responsibilities that include informing and advising the controller or processor on data protection obligations, monitoring compliance with data protection regulations, providing advice on data protection impact assessments, cooperating with the Commissioner, and acting as a contact point for data subjects and the Information Commissioner, The DPO can be contacted at DPO@buzzbingo.com.

14. Changes to this Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes in the way we process your information or the way in which our data processing is regulated, so you may wish to check it each time you submit personal information to us. The date of the most recent revisions will appear on this page. If you do not agree to these changes, please do not continue to submit personal information to Buzz or use Buzz services in any way. Otherwise, by continuing to do this, you will be deemed to have accepted the changes to the Privacy Policy. You can also delete your Buzz account at any time.

If significant changes are made to the Privacy Policy, for instance affecting how we would like to use your personal information, we will provide a more prominent notice (including, for certain services, notification of Privacy Policy changes by email).

Last updated: 10 November 2025

The Buzz Group

Buzz Bingo
Buzz Casino
Bada Bingo
The Slots Room at Buzz Bingo
Buzz Presents
Buzz Group Awards

Navigation

Information

Buzz Group

© 2026 Buzz Group Ltd - All Rights Reserved.

Scroll to the top