Privacy Policy

This Privacy Policy explains how Esc Online on the website eskonline.bet ("Esc Online", "we", "us", "our") collects, uses, stores and protects personal data of visitors and registered players. It applies to anyone who visits or uses eskonline.bet, including users accessing the site from the United Kingdom, whether or not they create an account or place bets. Please read it carefully before using our services. By using eskonline.bet you acknowledge that your personal data will be processed as described in this Privacy Policy.

Effective date: 6 November 2025

Who We Are

Esc Online is operated by Estoril Sol Digital, Sociedade Unipessoal, S.A., a company incorporated and registered in Portugal.

Operator and Legal Address

• Legal entity: Estoril Sol Digital, Sociedade Unipessoal, S.A. (Estoril Sol Digital S.A.)
• Registered/Legal address: Rua Melo e Sousa, nº 535, Bloco 2, A, 2765-277 Estoril, Portugal
• Country of establishment: Portugal
• Gambling licences (Portugal): Online casino licence no. 003 and fixed-odds sports betting licence no. 008, issued by Serviço de Regulação e Inspeção de Jogos (SRIJ), the Portuguese online gambling regulator
• Other operations: Online casino operation in Belgium under a licence granted by the Belgian Gaming Commission (licence number not publicly specified in our sources)
• UK regulatory status: Esc Online and Estoril Sol Digital S.A. are not licensed or regulated by the UK Gambling Commission and do not appear on the UKGC public register. The services on eskonline.bet are not targeted at, and should not be used by, players located in the United Kingdom.

Contact Details

• Website: https://eskonline.bet
• Customer support email: apoio@eskonline.bet (primary support channel; typically available in Portuguese and English)
• Live chat: Accessible via the Esc Online platform on eskonline.bet (09:00-24:00 GMT; initial chatbot with escalation to a human agent on request)
• Telephone support: Not available; we currently do not provide telephone support.

Data Protection Contact

For questions about how we process personal data or to exercise your data protection rights, you may contact our data protection contact point:

• Data protection contact / DPO team: Data Protection Team, Estoril Sol Digital S.A.
• Email: apoio@eskonline.bet (please specify "Data Protection / Privacy" in the subject line)
• Postal address: Data Protection Team, Estoril Sol Digital S.A., Rua Melo e Sousa, nº 535, Bloco 2, A, 2765-277 Estoril, Portugal

Depending on your location, Estoril Sol Digital S.A. acts as the "data controller" under applicable data protection laws, including the UK GDPR, the EU GDPR and, where relevant, Mexican data protection law.

What Personal Data We Collect

We collect only the personal data that is necessary for lawful operation of our gaming services, to meet regulatory obligations and to improve the user experience on eskonline.bet. The specific data collected may vary depending on whether you are a visitor or a registered player.

Identity and Contact Data

• Basic identification data: full name, date of birth, nationality, gender.
• Contact details: email address (for example, the address you use to contact apoio@eskonline.bet), residential address, country of residence, mobile/telephone number (if you choose to provide it).
• Verification documents: copies or details of identity documents (ID card, passport, driving licence, residence permit), proof of address (utility bill, bank statement) and, where required by KYC/AML rules, proof of income or source of funds.

Account and Transaction Data

• Account information: username, password (stored in encrypted form), account settings and preferences, communication language, responsible gambling settings (deposit limits, time limits, self-exclusion status).
• Gaming and betting history: details of games played, bets placed, stakes, wins and losses, bonus usage and wagering progress, session duration and timestamps.
• Payment and financial data: partial payment card details (card type and masked card number), bank account identifiers (such as IBAN), e-wallet or payment provider identifiers, transaction amounts, deposits, withdrawals, chargebacks and refunds. We do not store full card details where this is not necessary and rely on PCI-DSS compliant payment processors.

Technical and Usage Data

• Technical identifiers: IP address, device identifiers, browser type and version, operating system, time zone, language settings.
• Usage information: pages viewed, links clicked, navigation paths, session timestamps, login and logout times, response times and error logs.
• Security data: login attempts, authentication logs, verification codes, records of suspicious activities and security-related events.

Behavioural and Profiling Data

• Player behaviour data: betting patterns, preferred games, volatility of play, frequency and duration of sessions, interactions with promotions and VIP or loyalty programmes.
• Risk and responsible gambling indicators: data used to identify potential problematic gambling behaviour or fraud, such as abrupt changes in stakes, repeated deposit attempts, multiple payment methods or self-exclusion requests.
• Marketing and communication preferences: records of your consent to receive marketing communications, your subscription status for email/SMS/push notifications, and your interactions with such messages (opens, clicks, unsubscribes).

Cookies and Similar Technologies

• Cookie identifiers: unique identifiers stored in cookies or similar technologies that allow us to recognise your browser or device.
• Online identifiers: advertising IDs, user IDs assigned by our analytics tools and tracking technologies implemented by authorised third parties.

We do not intentionally collect information about anyone under the age of 18. If we become aware that we have processed data of a minor, we will take reasonable steps to delete such data and, where relevant, close the account.

Legal Basis for Processing

We process personal data only when we have a valid legal basis under applicable data protection laws, including the UK GDPR, the EU GDPR and, where relevant, Mexican data protection regulations.

Performance of a Contract

• Account creation and management: We need to process your identity, contact and account data to create and maintain your Esc Online account, verify your eligibility to play and provide access to games and betting services.
• Provision of gaming and betting services: We use your data to accept bets, settle wagers, credit winnings, process deposits and withdrawals, and manage bonuses and promotions that form part of our contractual relationship with you.
• Customer support: When you contact us via apoio@eskonline.bet or live chat, we process your data to respond to your queries and resolve issues in relation to your account and use of the platform.

Compliance with Legal Obligations

• Gambling and financial regulations: As a licensed gambling operator in Portugal and Belgium, we are required to perform identity verification, age checks, AML and counter-terrorist financing checks, transaction monitoring, suspicious activity reporting and record-keeping.
• Reporting to regulators and authorities: We may need to provide data to SRIJ, the Belgian Gaming Commission, tax authorities, law enforcement and other public bodies when required by law.
• Accounting and legal retention duties: We retain certain transaction and contractual records for specific periods to meet statutory retention obligations.

Legitimate Interests

• Service improvement and analytics: We analyse how users interact with eskonline.bet to improve performance, usability, game offering and customer support. Where feasible, we use aggregated or pseudonymised data.
• Fraud prevention and security: We process data to prevent misuse of our services, detect hacking, account takeovers, payment fraud and bonus abuse, and to enforce our terms and conditions.
• Business management: We use data to manage our operations, including risk management, internal audits and reporting to management and group entities, while respecting your privacy rights.
• Defence and enforcement of legal claims: We may process relevant personal data when necessary to establish, exercise or defend legal claims, including in disputes with players, regulators or other parties.

Consent

• Marketing communications: We send email, SMS or push marketing messages only when you have given valid consent, or when permitted by law in the context of an existing customer relationship. You may withdraw your consent at any time via your account settings, unsubscribe links or by contacting us.
• Non-essential cookies and tracking: We use analytics and advertising cookies only once you have provided your consent through our cookie banner or settings interface. You can change your cookie choices at any time.
• Special categories of data (if any): In rare cases where we need to process special categories of personal data (for example, health-related information disclosed in connection with responsible gambling tools), we will do so only with your explicit consent or where otherwise legally permitted.

Where we rely on legitimate interests, we perform a balancing test to ensure that our interests do not override your fundamental rights and freedoms. You have the right to object to such processing as explained in the "Your Rights" section.

Purpose of Processing

We process personal data for clearly defined and lawful purposes. We do not use your data for purposes that are incompatible with those described below.

Provision and Management of Our Services

• Operating the eskonline.bet platform: To provide secure access to our website, games, betting products, account management features and support channels.
• Account administration: To set up and manage your profile, verify your identity and age, maintain your preferences and responsible gambling limits, and secure your account.
• Payments and withdrawals: To process deposits, withdrawals, refunds, chargebacks and to keep records of financial transactions.

Regulatory Compliance and Responsible Gambling

• Compliance with gambling laws: To meet the requirements imposed by SRIJ, the Belgian Gaming Commission and other relevant authorities, including anti-money laundering rules and reporting duties.
• Responsible gambling measures: To monitor play patterns and implement tools such as deposit limits, cooling-off periods and self-exclusion, and to contact you where we identify potential indicators of problematic gambling behaviour.

Service Improvement, Analytics and Personalisation

• Usage analytics: To understand how users navigate our site, which games are popular and how our systems perform, so we can improve content, design and functionality.
• Personalised experience: To tailor game recommendations, display relevant promotions and adjust content based on your preferences and behaviour, within the limits permitted by law.
• Testing and optimisation: To develop and test new features, conduct A/B tests and enhance security and reliability.

Marketing and Promotions

• Direct marketing: To send offers, news, competitions and information about our products and services by email, SMS or push notifications, where lawful and based on your consent or a permitted customer relationship.
• Advertising and retargeting: To use cookies and similar technologies (where consented) to measure and improve the effectiveness of our marketing and to show relevant ads on third-party platforms.

Fraud Prevention, Security and Legal Protection

• Security monitoring: To detect and prevent unauthorised access, malware, denial-of-service attacks, misuse of accounts and other security threats.
• Fraud and abuse detection: To identify and combat payment fraud, bonus abuse, match-fixing and any activities that breach our terms or applicable laws.
• Legal obligations and claims: To document and store relevant data for compliance audits, investigations, regulatory communications and the establishment, exercise or defence of legal claims.

Disclosure & Sharing

We treat personal data confidentially and disclose it only to the extent necessary and proportionate for the purposes described in this Privacy Policy, in accordance with applicable laws.

Group Companies and Corporate Structure

• Estoril Sol group: We may share personal data with other entities within the Estoril Sol group where needed for centralised management, risk control, internal reporting, IT support and regulatory compliance, subject to appropriate safeguards.

Service Providers and Business Partners

• Payment service providers and banks: To process deposits, withdrawals and other financial transactions, we share necessary data with licensed payment processors, banks and financial institutions. These entities process your data as independent controllers or as processors, depending on the context.
• Technical and IT providers: We use hosting providers, cloud services, security providers, communication platforms (email, SMS), customer support tools and analytics services that may process your data on our behalf.
• Game suppliers: Certain games may be provided by third-party software suppliers. In some cases, limited data (such as your username, game session identifier and betting outcomes) may be shared with these suppliers to enable game provision and fairness audits.

Regulators, Authorities and Professional Advisors

• Regulators: We may disclose data to SRIJ, the Belgian Gaming Commission and other competent gambling regulators as required by licence conditions and applicable laws.
• Public authorities: We may share data with tax authorities, law enforcement, courts and other public bodies where we are legally obliged to do so or where it is necessary to prevent or detect crime or fraud.
• Professional advisors: Lawyers, auditors, consultants and other professional advisors may access relevant data where necessary to provide their services and subject to confidentiality obligations.

Marketing and Advertising Partners

• Affiliates and partners: If you register with Esc Online through an affiliate link or campaign, we may share limited data (such as registration and tracking identifiers) with the relevant affiliate for performance reporting.
• Advertising networks and analytics providers: With your consent for marketing cookies, your online identifiers and usage data may be shared with advertising networks and analytics providers to measure campaigns and deliver targeted ads.

Corporate Transactions

• Business transfers: In the event of a merger, acquisition, restructuring or sale of all or part of our business, your personal data may be transferred to the acquiring or successor entity, subject to continued protection consistent with this Privacy Policy and applicable laws.

We do not sell your personal data in the sense of transferring it for monetary consideration to third parties for their own independent marketing purposes. Any sharing for marketing is based on your consent and is limited to the purposes described above.

International Transfers

As part of a cross-border online gaming business, your personal data may be transferred to and processed in countries outside your country of residence, including outside the United Kingdom.

Transfers Within the EEA and to the UK

• EU/EEA data centres: Many of our core systems and servers are located in Portugal and other European Economic Area (EEA) countries, which benefit from a high level of data protection under the EU GDPR.
• UK-EEA transfers: Transfers between the UK and the EEA currently take place under adequacy decisions which recognise that the respective legal frameworks provide essentially equivalent protection.

Transfers to Third Countries

• Service providers outside the EEA/UK: Some of our processors or partners (for example, cloud or analytics providers) may be located in or may process data from countries that do not have an adequacy decision from the UK or EU authorities.
• Safeguards: Where such transfers occur, we implement appropriate safeguards, such as:
  • Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, by the UK authorities;
  • Additional contractual, technical and organisational measures to address data protection and security risks;
  • Transfer impact assessments to evaluate the legal environment of the destination country.

Your Rights in Relation to Transfers

• Information on safeguards: You may contact us to obtain more information about international transfers and to request a copy of the relevant SCCs or other safeguards, subject to redactions necessary to protect commercial or security interests.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, accounting and reporting obligations. Retention periods may vary depending on the type of data and the applicable law.

General Principles

• Purpose limitation: Data is kept in an identifiable form only for as long as necessary for the purposes described in this Privacy Policy.
• Legal obligations: Where laws or regulations require specific retention periods (for example, gambling or AML regulations), we retain data for at least those periods.
• Anonymisation: After the applicable retention period, we may anonymise data so that it can no longer be linked to an individual, and use such anonymised information for statistical or analytical purposes.

Indicative Retention Periods

• Account and identification data: Typically retained for the duration of the customer relationship and for up to 5-10 years after account closure, depending on local legal requirements, to comply with gambling, AML and accounting obligations and to handle potential disputes.
• Transaction and payment data: Generally retained for at least 5-10 years from the date of the relevant transaction, in line with financial and tax regulations.
• Communication data (emails, chat logs): Retained for up to 5 years after the interaction, or longer where necessary for legal or regulatory purposes.
• Marketing data: Retained until you withdraw your consent or object to processing, and for a short period thereafter (to record your choice and ensure it is respected).
• Technical and log data: Retained for security and operational purposes, typically for up to 2 years, unless a longer period is necessary for the investigation of incidents or legal proceedings.

Deletion and Restriction

• Account closure: When you close your account, we will mark it as closed and retain only the data that we are legally required or allowed to keep, in line with the periods above.
• User requests: Where you exercise your right to erasure or restriction, we will evaluate your request in light of our legal and contractual obligations and apply deletion or restriction where appropriate.

Your Rights

Depending on your location and the applicable law (including the UK GDPR, EU GDPR and, where relevant, Mexican privacy regulations such as the Federal Law on Protection of Personal Data Held by Private Parties), you have a number of rights regarding your personal data. We will respect these rights and respond to requests in a timely and transparent manner.

Access and Portability

• Right of access: You have the right to obtain confirmation as to whether we process your personal data and, if so, to receive a copy of your data and information about how we use it.
• Right to data portability: Where processing is based on consent or contract and carried out by automated means, you may request a machine-readable copy of your data and, where technically feasible, its transmission to another controller.

Rectification and Erasure

• Right to rectification: You may request the correction of inaccurate or incomplete personal data. You can update some of your information directly in your account settings.
• Right to erasure ("right to be forgotten" / cancellation): You may request the deletion of your personal data, particularly when it is no longer needed for the purposes for which it was collected, when you withdraw consent and there is no other legal basis, or when you consider that processing is unlawful. We may retain certain data where necessary to comply with legal obligations or to establish, exercise or defend legal claims.

Restriction and Objection

• Right to restriction of processing: You may request that we restrict processing of your data in certain circumstances (for example, while we verify the accuracy of your data or assess an objection).
• Right to object: You may object to processing based on our legitimate interests (including profiling), in which case we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing is needed for legal claims.
• Right to object to marketing: You can object at any time to the processing of your data for direct marketing, including profiling related to such marketing. In that case, we will stop using your data for marketing purposes.

Consent Management

• Right to withdraw consent: Where processing is based on your consent (for example, marketing communications, non-essential cookies or certain responsible gambling support), you may withdraw your consent at any time. This will not affect the lawfulness of processing carried out before withdrawal.

Mexican ARCO Rights (Where Applicable)

• Alignment with ARCO rights: For users protected by Mexican privacy law, we align our practices with the rights of Access, Rectification, Cancellation and Opposition (ARCO). You may request access to your data, rectification of inaccuracies, cancellation where appropriate, or oppose certain processing, subject to applicable legal limitations.

How to Exercise Your Rights

• Submitting a request: You can exercise your rights by contacting us at apoio@eskonline.bet and clearly stating:
  • Your full name and contact details;
  • The right you wish to exercise;
  • Relevant details to help us locate your data (for example, username, account number, approximate dates).
• Identity verification: For security reasons, we may ask you to provide additional information to confirm your identity before acting on your request.
• Response time: We aim to respond to all valid requests within 30 days of receipt. Where requests are complex or numerous, we may extend this period in line with applicable law, and will inform you of any extension and the reasons for it.
• Fees: Requests will generally be handled free of charge. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, particularly because of their repetitive character, as permitted by law.

Cookies & Tracking Technologies

We use cookies and similar technologies on eskonline.bet to ensure proper functioning of the website, improve performance, provide a personalised experience and support marketing activities, in accordance with applicable laws and your preferences.

Types of Cookies We Use

• Strictly necessary cookies (session and persistent): These cookies are essential for the operation of the site and enable core functions such as page navigation, secure login, account management, bets placement and transaction processing. The site cannot function properly without these cookies.
• Functional cookies: These cookies remember your choices, such as language preferences, login details (where you choose "remember me") and display settings, to provide a more personalised experience.
• Analytics and performance cookies: These cookies collect aggregated information about how visitors use the site (for example, which pages are visited most often, error rates) to help us improve performance and usability. Data is generally processed in an aggregated or pseudonymised form.
• Advertising and targeting cookies: These cookies may be set by us or third-party partners to build a profile of your interests and show you relevant advertisements on our site or on other websites and apps. They rely on uniquely identifying your browser and device.
• Third-party cookies: Our partners (such as analytics and advertising providers, social media platforms and game suppliers) may set cookies to provide their services, subject to their own privacy policies and in accordance with your consent choices.

Managing Cookies

• Consent banner and settings: When you first visit eskonline.bet, you will be presented with a cookie banner that allows you to accept or manage non-essential cookies. You can change your preferences at any time through our internal cookie settings panel (accessible from the website footer or your account area).
• Browser settings: Most browsers allow you to block or delete cookies via their settings. However, blocking all cookies (including strictly necessary cookies) may affect the functionality of the site and may prevent you from logging in or placing bets.
• Opt-out tools: Some third-party providers offer separate opt-out mechanisms (for example, for interest-based advertising). These are subject to the terms and policies of the relevant providers.

More Information

For more detailed information about our use of cookies and similar technologies, including the specific cookies used and their lifetimes, please refer to our dedicated cookie information made available on eskonline.bet.

Data Security

We are committed to protecting personal data against unauthorised access, disclosure, alteration and destruction. We implement a combination of technical and organisational measures appropriate to the risks associated with online gambling services.

Technical Security Measures

• Encryption in transit: Data transmitted between your browser and our servers is protected using industry-standard Transport Layer Security (TLS) protocols (TLS 1.2 or higher), helping to prevent interception or tampering.
• Encryption at rest: Sensitive data, including passwords and certain financial information, is stored using strong cryptographic techniques. Passwords are hashed and not stored in plain text.
• Access controls: Access to production systems and databases is restricted on a need-to-know and least-privilege basis, protected by strong authentication mechanisms and logged for audit purposes.
• Network security: Firewalls, intrusion detection and prevention systems, and other security controls are used to protect our infrastructure from unauthorised access and attacks.

Organisational Security Measures

• Policies and training: We maintain internal policies on information security, data protection and acceptable use, and provide regular training to staff to ensure they understand their responsibilities regarding personal data.
• Vendor management: Service providers that process personal data on our behalf are selected carefully and are subject to contractual obligations to implement appropriate security measures and to process data only according to our instructions.
• Risk management and audits: We conduct risk assessments and may carry out internal or external security reviews and audits to evaluate the effectiveness of our controls. Where relevant, we seek to align our practices with recognised standards such as ISO 27001 and SOC 2 principles, without implying formal certification unless explicitly stated elsewhere.

Incident Response

• Monitoring and detection: We monitor our systems for suspicious activity and potential security incidents.
• Response procedures: We have procedures to investigate, contain and remediate security incidents. Where a personal data breach occurs that is likely to result in a risk to individuals' rights and freedoms, we will notify the relevant supervisory authority and, where required by law, the affected individuals without undue delay.

While we take appropriate measures to protect personal data, no online service can be completely secure. You are responsible for keeping your login credentials confidential and for using strong, unique passwords and up-to-date devices and software.

Complaints & Contacts

If you have concerns about how we process your personal data, we encourage you to contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with a supervisory authority.

Contacting Us

• Customer support: For general questions or issues, please contact our support team at apoio@eskonline.bet or via live chat on eskonline.bet.
• Data protection requests and complaints: For privacy-related queries, rights requests or complaints, contact our data protection team at apoio@eskonline.bet and specify "Data Protection / Privacy" in the subject line.

Internal Complaint Procedure

1. Step 1 - Submission: Send your complaint or request, including relevant details and any evidence, to apoio@eskonline.bet.
2. Step 2 - Acknowledgement: We will acknowledge receipt of your complaint within a reasonable time, usually within a few business days.
3. Step 3 - Investigation: We will review your complaint, gather necessary information and, where appropriate, involve relevant departments (for example, security, compliance, customer support).
4. Step 4 - Response: We aim to provide a substantive response within 30 days of receiving your complaint or request. If we cannot respond within this period, we will inform you of the delay and the reasons.
5. Step 5 - Follow-up: If you are not satisfied with our response, you may contact us again with additional information or escalate the matter to a supervisory authority.

Supervisory Authorities

• United Kingdom - Information Commissioner's Office (ICO): If you are in the UK, you may lodge a complaint with the ICO:
  • Website: https://ico.org.uk
• Portugal - Comissão Nacional de Proteção de Dados (CNPD): As our main establishment is in Portugal, you may also contact the Portuguese Data Protection Authority:
  • Website: https://www.cnpd.pt
• Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI): For users protected by Mexican data protection law, you may contact INAI:
  • Website: https://home.inai.org.mx
• Other EU/EEA authorities: You may also lodge a complaint with the data protection authority in your habitual residence, place of work or place of the alleged infringement, if applicable.

Updates

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements or technical developments. When we make changes, we will update the "Last updated" date and, where appropriate, provide additional notice.

Notification of Changes

• Minor updates: For non-material changes (for example, clarifications, corrections or updates to contact details), we may simply publish the revised Privacy Policy on eskonline.bet.
• Material changes: For significant changes that affect how we process your data or your rights, we will provide more prominent notice, which may include:
  • Email notifications to the address registered on your account;
  • Messages in your account area or notifications within the platform;
  • Website banners or pop-up notices.

Advance Notice and Your Options

• Advance notice: Where feasible and required by law, we will provide at least 30 days' notice of material changes before they take effect, so that you can review the updated terms.
• Continued use: If you continue to use eskonline.bet after the effective date of the updated Privacy Policy, your use will be deemed acceptance of the changes, to the extent permitted by law.
• Right to object or close your account: If you do not agree with the updated Privacy Policy, you may object to certain processing where permitted by law or close your account. We will continue to process personal data as necessary to comply with legal obligations and to resolve outstanding matters.

Last updated: November 2025