Privacy Policy


At BET ON ALFA LTD, we care about the privacy and security of your personal information and we take measures to ensure that your personal information is properly handled while in our possession and in the possession of others to whom we may disclose it.


This Policy explains when and why we collect personal information about visitors to our website and about natural persons in general, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Policy from time to time. When we do so, we will display a relevant notice about the fact of the change on our homepage inviting you to visit this page and ensure that you are happy with any change. Importantly, by using our website, you agree to this Policy as amended from time to time to the extent relating to information we collect about you in your capacity as a user of our website and/or an online player. As far as information about you we collect in the context of conducting our business in general, whether you have used our website or not, you are welcome to contact our DPO (see immediately below), in case you are not happy with any change to our Privacy Policy.

In compliance with the Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018) in force as of the 31/7/2018 and the EU Data Protection Regulation 2016/679, our company has appointed a Data Protection Officer (DPO). If you have any questions with regards to this Privacy Policy or any question or complaint with regards to how your personal data is handled, you can contact our DPO as follows:

Dr. Christiana Markou, Markou & Co LLC, Address: 2, Amfipoleos street, Marcou Tower, Office 201, 2025 Strovolos, Nicosia, Cyprus, Phone: 22377863, Fax: 22377860, E-mail:  

This Privacy Policy was last updated on the 25th of May 2018.


Who are we?

BET ON ALFA LTD (HE 237951) is a Cypriot company that was founded in 2009 and is licensed with Class A and Class B licenses by the National Betting Authority of Cyprus. The company offers odds for betting on various sports, online but also in stores located all over the Republic of Cyprus. Bet on Alfa Ltd has a wide range of Pre-game and Live bets on most popular sports such as football, basketball, volleyball, tennis, cricket, rugby, formula 1, as well as special bets on events such as the World Cup, European Football Championship, Eurovision Song Contest.


70 Kennedy Ave, 1st floor Nicosia, 1076 Nicosia – Cyprus Tel: 22558589 Fax: 22558503

Email 1: Email2:



How do we collect information from you?

We obtain information about you when you use our website, for example, when you contact us with a request, query or complaint, if you register to receive information from us or to create a player account or if you place bets on our website.

We may also record information about you while you use our website even if you do not do any of the above and simply browse through our website by clicking on links displayed one our website. Such information is automatically recorded in the server logs of your website and/or by cookies as explained below in this Privacy Policy. Your activity on our Facebook page, Instagram and LinkedIn Profile, is also recorded in a similar manner and we also collect information about you when you like, share or comment on our Facebook Page, Instagram and LinkedIn Profile or send us a message on Facebook, Instagram or LinkedIn, or any other means of distance communication.

We also collect information about you offline, specifically, when you lose your coupon or when you bet or win an amount that exceeds the 2000 euros.

We also collect information about you when we have to pay you a winning coupon and when you contact us submitting requests, queries or complaints to us in person or through any means of distant communication.


What type of information is collected from you?

The personal information we collect may include your name, identity card number, date of birth, passport or identity card number, telephone number, address, email address, IP address, a utility bill, IBAN number, copies of passport or identity card and if applicable, of your payment instrument as well as information regarding what pages on our website you have accessed and when and what bets you have placed, what deposit you have made, how much money you have won or withdrew from your player account and more generally, your betting activity on our website.

We may also collect information about you, when you exercise the option of self-exclusion in which case we record this particular fact and the details of your self-exclusion request such as the time to which it applies.

We also collect any other information you provide to us by filling in and submitting web forms on our website, Facebook Page, or Instagram or LinkedIn profiles, such as a query, an order, rating, comment, request or complaint. If you have liked our Facebook Page, follow us on Instagram or connect with us through LinkedIn, we collect your Facebook, Instagram or LinkedIn name as well as any likes, views or comments you make on our Facebook, Instagram or LinkedIn posts, as well as anonymized statistics regarding how users engage with our page and profiles as provided by Facebook, Instagram and LnkedIn.

We also collect any other information you provide by communicating with us as described in the previous section of this Privacy Policy.

When you make a payment on our website, your full payment card or other payment instrument details are not collected or retained by us; we only collect minimum information such the first 4 and last 6 digits of your payment card for identification purposes and customer service. Those are collected by a third party payment service provider with whom we co-operate for this purpose, such as, Cardpay, Ecommpay, Skrill, Neteller, SafeCharge and Paysafe. We believe that these providers are themselves data controllers bound by all the requirements of the General Data Protection Regulation. For more on them and the arrangement between us, please see below in this Privacy Policy.

We have reviewed all our forms to ensure that we only collect and process information that is strictly necessary for the intended purpose specified or being apparent to you or is required by law, thereby avoiding excessive or unnecessary processing.


How is your information used?

We use your information lawfully in accordance with Article 6(a), i.e., for purposes you have consented to, Article 6(b), i.e., as necessary to conclude or perform a contract with you, Article 6(c), i.e., to comply with obligations imposed by law (such as tax legislation, payment of the tax and contribution to the Authority as foreseen by the Betting Law and anti-money laundering legislation) and Article 6(f), i.e., as necessary for legitimate interests we pursue as a business.


We provide more details immediately below to help you understand how exactly we use your information: We use your information in order to:

Article 6(b)

-respond to orders, betting placing, proposals, requests or queries submitted by yourself or communicate with you as explained in more detail immediately below.

-process or examine orders or betting placements submitted by you;

-set up, operating and managing your player account;

-pay any winning bets;

-carry out our obligations arising from any contracts entered into by you and us or take steps to enter into such contract;


Article 6(c)

-confirm your identity, age and email address validity;

-comply with or responding to demands by the National Betting Authority or in general by our obligations under the laws on betting services, money laundering and taxation.


Article 6(f)

-notify you of changes to our services or our privacy policy, if necessary;

-monitor transactions for the purposes of preventing fraud or money laundering or multiple player account opening or spot irregular betting behavior or best serve our customers;

-carry out customer research, surveys and statistics having previously anonymized relevant data;


Article 6(a)

-provide you with information about promotional offers and our products and services, where you have consented to such communications;

-send you communications which you have requested such as a reply to a query or to inform you about any problems with your account or respond to self-exclusion requests.


We will not normally contact you for marketing purposes by post, email, phone or text message unless you have given your prior consent. You can change your marketing preferences and withdraw previously-given consent at any time by contacting our DPO, the details of whom are stated at the beginning of this Privacy Policy. In case you withdraw your consent, there will be no consequences on the lawfulness of the processing occurred prior to withdrawal or any other consequence.

You are welcomed to contact our DPO, the details of whom are stated at the beginning of this Privacy Policy, if you need further explanation on how your information is used. 



Where and how long do we retain your information for?

Your information is mainly stored in electronic form in computer servers situated in Cyprus. In specific cases, such as when there was a problem that had to be resolved, relevant information about you may be stored in physical files kept at our premises in Nicosia, Cyprus.

We only keep information for as long as it is necessary for us to service your player account and effect any payments and as required to comply with legal or regulatory obligations to which we are subject, more specifically, those arising from betting, tax and anti-money laundering legislation, to be able to defend or institute any legal actions against or in the name of our company and to be able to keep a record of cancelled or high risk accounts, thereby ensuring fraud prevention. Personal data will primarily be retained for a period of at least five (5) years from the date of the last transaction and none of the data concerning your account may be destroyed unless the period of five (5) years has expired and upon obtaining the prior approval of the National Betting Authority (section 57). More generally, we keep your information for as long as we have a contractual relationship with you and for up to eight (8) years after such relationship has been terminated or expired.

In case we have obtained your consent to collecting or using information for a particular purpose, such as marketing or commercial communications, we retain that information unless and until you decide to withdraw your consent or you object to its processing.

We retain information we collect about you in your capacity as a mere visitor to our website for one year. Six months is the retention period applying to information we have collected as a result of yourself addressing a query or a comment to us through email or otherwise, when we have never had a contract with you.

In case of a maximum retention period specified by the Commissioner for the Protection of Personal Data applying to the domain of our services, we will immediately adhere to any such specified maximum retention period.

After the lapse of the aforementioned periods of retention, we remove it from our systems by deleting it or we fully anonymize it so that you can no longer be identified from it. In this latter case, we do not delete all of the information but only those pieces of information such as your name, address, email address that reveal that the said information belongs to you.


Who has access to your information?

We will never sell or transmit your information to third parties and we will not share it with third parties for marketing purposes.

We may pass your information to third party service providers. Such third parties may be technical service providers providing us with the software systems (or their maintenance) necessary to contact administrative tasks inherent in the provision of our services to you or in the conducting of our business or messengers and/or delivery companies we use to deliver correspondence. We only disclose to them the personal information that is absolutely necessary to deliver the service or perform the said task and when required by the Regulation, we have a contract in place that requires them to keep your information secure and in accordance with the principles and rules of the General Data Protection Regulation and not to use it for their own direct marketing purposes or for any purposes other than to provide the service or complete the task as explained above.

We also pass your information as may be contained in our emails to Microsoft, which provides to us a relevant technical service of data processing for the said purposes. We have a contract in place that requires the provider, currently Microsoft, to keep your information secure and in accordance with the principles and rules of the General Data Protection Regulation. You can see the said contract here:

Your information submitted or recorded by our Facebook Page, our Instagram or LinkedIn profiles is also passed to Facebook, Instagram and LinkedIn, providing us with the service enabling us to make available and administer a Facebook Page, or an Instagram or LinkedIn profile. The said providers are data controllers in their own right and bound by all of the obligations of the GDPR. You can view their own privacy policies on their websites.

We may also pass your information to our lawyers and accountants/auditors to the extent necessary to defend or institute legal claims and to comply with legal obligations with regards to financial accounts and tax reasons respectively.

When effect payments on our website, your payment is processed by a third party payment service provider, who specializes in the secure online processing of payment transactions, depending on your choice of the method of payment. As this processing is not performed by us and we do not retain the relevant data, your rights, explained in the next section of this Policy, to the extent referring to payment card details or transactions should be exercised directly with the said payment service provider. In case, you address a relevant request to us, we will take reasonable measures to meet the request to the extent possible. The said providers are, we believe, data controllers in their own right bound by all of the obligations of the GDPR. You can view their own privacy policy on their own websites. In exceptional cases, specifically when a payment service provider blocks the payments of a player upon suspicion of fraud or on other grounds such as on the ground of exceeding maximum transactions per hour, we may pass your information to the said provider if you ask us to assist you in resolving the matter with them.

We may also transfer your personal to our banks in Cyprus, which may request it for compliance purposes with the laws preventing and combating money laundering and more generally because of their security systems, specifically for payment purposes of your earnings and other payments or benefits. Banks processors of personal data themselves and are bound by all obligations of the General Data Protection Regulation and their own privacy policies.

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganization in which case we will take measures to ensure that all data protection principles and related rights as derived by the General Data Protection Regulation are fully complied with, prior, during and after the relevant transfer.

Finally, we may disclose your information to public and/or regulatory authorities (Unit for Combating Money Laundering, FIFA, National Betting Authority, Police), if such disclosure is required by law or an order issued by a court of law or as part of compliance with our licensing conditions imposed by betting law and/or the National Betting Authority.


What are your rights?

You may at any time send us any of the following requests and we will meet them the earliest possible and in any case, within a month from the date of receipt of your request and inform you about the action we have taken. If your request is for any reason complex to examine or meet, we will ask you for an extension before the aforementioned one-month period expires.

If we have legitimate reasons to refuse to satisfy your request, we will inform you accordingly and in this case, you have the right to submit a relevant complaint with the Office of the Commissioner for the Protection of Personal Data at if you believe that our decision is unjustified.


These are the requests you can submit to us:

A request that we permanently delete all or some of your information from our records (right to be forgotten or to erasure), for example when we no longer have reasons to retain it.

A request for you to access your information that we keep in our records (right of access)

A request that we provide you with a copy of your information that exists in our records, in digital or hard copy form. If you require more than one copy, we may charge you a maximum of EUR10,00 as administrative costs. (right to a copy)

A request that we update or correct your information that we keep in our records (right to rectification), for example, in case it is outdated or contains errors or inaccuracies.

A request that we provide you with information of yours we keep in our records in a structured, commonly used and machine-readable format or forward it in such form to another provider of your choice, if such forwarding or transfer is technically possible (right to portability). Please note that this right applies only in relation to data that you yourself has provided to us with and which we process by electronic means.

A request that we stop doing anything with your information without however deleting it from our records (right to restriction of processing)


A request that we stop processing your information for direct marketing purposes or on the basis of legitimate interests pursued by our company as explained under the second question of this Privacy Policy or in the name of the public interest (right to object). In the case of direct marketing, we will stop processing your information. In the rest of the cases, we will do so the same unless we have compelling reasons to refuse to do so, in which case we will inform you accordingly.

If you wish to exercise any of the above rights you will be able to do so by contact our DPO at any of the contact details stated above in this Privacy Policy, preferably by email specifying the type of right you seek to exercise.

Please not that before acting upon any of your above requests, we may require you to prove your identity, if we are in doubt about your true or correct identity. If we cannot identify you, i.e., we do not hold personal data belonging to the person you are saying you are, we will inform you accordingly and we will not act upon your request.


What security measures do we apply to protect your information?

When you give us personal information, we take organizational and technical measures to ensure to keep it secure and protected against unauthorized disclosure, alteration, accidental loss or other violation. We list herein below some of the technical and organizational measures we apply:

  1. We take reasonable endeavours to avoid a situation whereby files or documents containing personal data are allowed on open view without reason. All such documents/files are securely kept in file cabinets to which access is limited to authorized personnel of our company.


  1. We apply a strict permission policy according to which our personnel have access only to such parts of our software or systems as strictly necessary to perform their work tasks and duties. We have specified all relevant roles and permissions in a written security policy and we follow procedures through which access is interrupted or blocked should the need arises, such as when a personnel member leaves our company.


  1. We are implementing a procedure for an automated recording of operations on servers and network equipment, while daily supervision of the operations performed is taking place in the data processing system. Maintenance is being done on a weekly basis, during which, data protection is ensured through supervision during third party interventions.


  1. We follow an effective procedure of data destruction ensuring that all documents no longer necessary are effectively destroyed, specifically a shredder machine.


  1. We do not engage into an excessive or unnecessary use of the function of email copying (cc).


  1. Our personnel save all documents and work directly on our servers, thereby ensuring that no personal data remains on the disks of our computers.


  1. Access to all computer terminals of our company is protected by a strong-security password known only by the member of our personnel to whom a given working station is assigned. An automated locking system is applied to all computer terminals.


  1. Access to all software of our company and to corporate email is password-protected, all passwords are kept securely and are updated periodically.


  1. We do not store documents containing personal data on cloud data storage applications and we prohibit the storage of any personal data on the personal devices of our personnel.


  1. We apply effective anti-virus and firewall software and we engage in systematic updates of the said security software.


  1. We ensure that back-up copies of all of the data we store and process are obtained daily and we store the said copies in a secure environment at a location different from where the primary data exists. We have ensured there is a disaster unit covering the data stored in our main data processing software system. We also make daily back-up copies of the software we use for data processing following the guidelines of the provider.


  1. The support service of our data processing software is offered on site under supervision or remotely through a secure VPN.


  1. Access to the Internet through our computers has been limited so that the possibility of access to unsecure or illegal websites presenting a risk to the security of our systems is reduced.


  1. Access to our data processing software is not possible remotely, except by specific members of our personnel through secure VPN and a two-step authentication process.


  1. Activity on our data processing software is restricted so that only managers can edit or delete data.


  1. Remote access to corporate email through personal devices of our personnel is possible but we are notified every time a new device has gained access to email so that we can readily verify that it belongs to authorized personnel. In the event that a personal device is lost or stolen, we have taken measures enabling us to remotely disable or prevent access to corporate email from the said device or delete all content, in the event it appears that contrary to our policy, the personal device has been used to store personal data of our customers.


  1. The possibility of using external data transfer and storage devices such as USBs and external disks has been disabled on the computers of our company and is enabled only on specific stations under the control of the management of the company.


  1. We have a fire protection system in operation on our premises aiming at protecting the physical files with personal data we maintain.


  1. The servers supporting our systems and databases are not used as working stations and are situated in server rooms to which access is restricted.


  1. When you use the forms on our websites to submit personal data to us, your information is encrypted and protected through the use of 256 Bit encryption on SSL. This means that what you send and receive from the website is encrypted, which makes it difficult for anyone else to see, read or take possession of this data. You know that your information is encrypted, when you see a lock icon appearing in address bar of your web browser before the URL of the web page you are on.


  1. We have trained our personnel with regards to how they should handle personal data in accordance with the requirements of the General Data Protection Regulation and we have signed contracts with the parties who process data together with us or on our behalf which oblige the said parties to keep your data private and secure and process it in accordance with the requirements of the General Data Protection Regulation.


  1. Where we have provided you with a password which enables you to access certain parts of our website, you are responsible for keeping this password secure and confidential and avoid to share it with any third party.


Use of Cookies

Please click here to read our Cookies Policy.

Transferring your information outside the European Union

We do not transfer your information outside the European Union. If we ever have to transfer your personal information to a country that is not a Member State of the EU, we will make sure that your personal information will be given analogous and/or appropriate respect and protection, specifically by signing with parties based outside the EU, data sharing or a ‘controller-to-processor’ agreements that meet the requirements of the Regulation, particularly Article 46, if the country is one about which there is no EU Commission Decision of Sufficiency as per Article 45 of the Regulation.