Documentation

Safeguard Policy

Safeguarding and Data Protection Policy

Onmidev Ltd.

Last Updated: December 8, 2025

1. Introduction

1.1 Purpose of the Policy

This Safeguarding and Data Protection Policy outlines Onmidev Ltd.’s commitment to promoting a safe and responsible gambling environment and to protecting personal data handled in the course of its activities. The objectives are to prevent gambling‑related harm, protect children and vulnerable individuals, ensure that operations are conducted fairly and transparently, and comply with applicable data‑protection legislation in all relevant jurisdictions, including Belize and Anjouan.

1.2 Scope and Applicability

This policy applies to:

  • All Onmidev Ltd. employees, officers, contractors, and third‑party partners involved in the provision or support of gambling services.

  • All products and services offered, both online and offline, including websites, apps, and any related platforms.

  • All marketing, advertising, and promotional activities undertaken or commissioned by Onmidev Ltd.

Compliance with this policy is mandatory for all relevant parties and is integrated into internal controls, contractual arrangements, and staff performance requirements.

1.3 Definitions

For the purposes of this policy:

  • Child: An individual under the age defined by applicable gambling and child‑protection laws in the relevant jurisdiction (normally under 18 years; where a lower threshold is set by local law, that standard will apply but Onmidev may adopt stricter internal rules).

  • Young Person: An individual who has reached the minimum legal gambling age set in the jurisdiction but is below 21 years, where additional protections may be appropriate.

  • Vulnerable Person: Someone who, due to personal circumstances (such as mental‑health issues, financial difficulties, addiction history, disability, or other vulnerability), may be at increased risk of gambling‑related harm.

  • Gambling‑Related Harm: Any negative impact resulting from gambling activities on an individual, their family, or the wider community, including financial, psychological, or social harm.

  • Safeguarding: Measures and policies implemented to protect children, young persons, and vulnerable individuals from exploitation or harm related to gambling activities.

  • Personal Data: Any information relating to an identified or identifiable natural person, including customers, employees, and third parties, as defined under applicable data‑protection laws.

  • Special‑Category/Sensitive Data: Personal data subject to heightened protection (for example, health data, biometric data, religious or political views, or information on alleged offences) under relevant data‑protection legislation.

2. Legal and Regulatory Framework

2.1 Gambling, AML, and Responsible‑Gaming Framework

Onmidev Ltd. operates in line with the requirements of the licensing authorities that regulate its gambling activities, including but not limited to:

  • Applicable remote‑gambling and online‑gaming legislation and licence conditions in each jurisdiction where Onmidev holds gaming permissions, including Anjouan where relevant.

  • Anti‑money‑laundering and counter‑terrorist‑financing (AML/CFT) legislation that requires robust customer‑due‑diligence, transaction monitoring, and reporting of suspicious activities.

  • Advertising and consumer‑protection rules that govern how gambling services may be marketed, including prohibitions on targeting minors or vulnerable persons.

Where local regulatory standards exceed Onmidev’s internal controls, the stricter requirement will apply.

2.2 Data‑Protection and Privacy Framework

2.2.1 Belize

Where Onmidev is established in Belize or offers goods or services to individuals in Belize, its processing of personal data is subject to the Belize Data Protection Act 2021 (Act No. 45 of 2021) and related guidance. The Act sets principles for lawful, fair, and transparent processing, establishes data‑subject rights, introduces obligations for data controllers and processors, and regulates cross‑border data transfers and security measures.

2.2.2 Anjouan / Union of Comoros

Activities licensed in Anjouan fall within the wider legal system of the Union of Comoros, where data‑protection and privacy rules are evolving toward international best practice, and where gaming licences expect licensees to apply robust KYC, information‑security, and player‑protection measures. Onmidev applies an internal data‑protection standard for Anjouan operations that mirrors modern, principle‑based regimes (such as GDPR‑style frameworks) to ensure an equivalent level of protection, including rights, security, and breach‑management procedures.

2.2.3 Other and Overlapping Regimes

Where Onmidev processes data in or from other jurisdictions (for example the EEA/UK), it will comply with any applicable privacy regime and ensure that cross‑border transfers between Belize, Anjouan, the EEA/UK, and other locations are governed by adequate safeguards.

3. Safeguarding Principles

3.1 Commitment to Protecting Children and Vulnerable Persons

Onmidev Ltd. is committed to preventing children, young persons, and vulnerable individuals from experiencing gambling‑related harm. This includes proactive measures to prevent underage access, identify vulnerability, and intervene appropriately where risk is identified.

3.2 Promoting Socially Responsible Gambling

Onmidev promotes gambling as an adult leisure activity, not as a source of income or solution to financial problems, and implements customer tools, information, and support mechanisms to encourage safe play. Participation in industry initiatives and collaboration with specialist organisations support ongoing improvement in safer‑gambling standards.

4. Roles and Responsibilities

4.1 Management Responsibilities

Senior management is responsible for setting the tone from the top, approving and reviewing this policy, allocating appropriate resources, and ensuring that safeguarding and data‑protection obligations are embedded in all business processes.

4.2 Employee Responsibilities

All staff must follow the policy, complete mandatory training, stay alert to signs of harm or data‑privacy risk, and escalate concerns promptly through defined channels. Staff performance, appraisals, and disciplinary procedures will take adherence to safeguarding and data‑protection duties into account.

4.3 Designated Safeguarding Lead and Data‑Protection Lead

Onmidev appoints:

  • A Designated Safeguarding Lead (DSL) to oversee safeguarding policies, respond to concerns, and liaise with regulators and support organisations.

  • A Data‑Protection Lead or Data Privacy Officer (DPO), where required by law or internal policy, to coordinate compliance with data‑protection laws (including Belize and Anjouan standards), handle data‑subject requests, advise on impact assessments, and act as contact point for supervisory authorities.

5. Risk Assessment and Management

5.1 Identifying Potential Risks

Onmidev regularly identifies and documents risks relating to underage gambling, problem gambling, fraud and AML, information‑security threats, system misuse, regulatory non‑compliance, and privacy or confidentiality breaches.[7][8][9][11][1][3][12][6][10]

5.2 Implementing Control Measures

Controls include robust KYC and age‑verification, transaction monitoring, configurable responsible‑gambling tools, secure systems, access controls, segregation of duties, and clear procedures for handling safeguarding and data‑protection incidents.

5.3 Regular Review and Monitoring

Risk assessments and controls are reviewed on a scheduled basis and after material changes (such as new products, markets, or technologies), with input from the DSL, Data‑Protection Lead, Compliance, and other key stakeholders.

6. Policies and Procedures

6.1 Preventing Underage Gambling

Onmidev deploys robust age‑verification at registration and before the release of funds, including third‑party checks where available, and enforces clear rules prohibiting the use of accounts by anyone below the legal age. Staff are trained to recognise and respond to indications that an account may in fact be controlled by a minor.

6.2 Preventing Gambling‑Related Harm

Tools such as deposit/loss limits, reality‑checks, cooling‑off periods, and self‑exclusion are provided, with proactive monitoring to identify patterns consistent with escalating risk. Interventions may include personalised messaging, temporary restrictions, requests for contact, or permanent account closure where necessary.

6.3 Customer Interaction and Support

Customer‑facing teams are trained to respond sensitively to signs of distress, to signpost to external support organisations, and to follow scripts that balance customer welfare with regulatory obligations. All interactions relating to safeguarding concerns are logged and escalated appropriately.

6.4 Self‑Exclusion Programs

Self‑exclusion schemes allow customers to exclude themselves for defined periods or permanently; once activated, systems prevent login, deposits, and marketing communications in line with regulatory expectations, and re‑entry (where permitted) follows a structured process with appropriate checks.

7. Training and Awareness

7.1 Staff Training Programs

All staff receive induction and refresher training covering safeguarding responsibilities, AML, responsible‑gaming measures, data‑protection principles, and incident‑reporting procedures, with additional specialist training for high‑risk roles.

7.2 Raising Awareness Among Customers

Onmidev provides clear information on site about safer‑gambling tools, age limits, privacy practices, use of personal data, and how to exercise rights or raise concerns.

7.3 Collaboration with External Organizations

The company engages with charities, treatment providers, regulators, and industry bodies to refine safeguards and to stay current with best practice, including in the areas of data protection and privacy‑by‑design.

8. Reporting and Responding to Concerns

8.1 Reporting Procedures

Staff and, where appropriate, customers and partners are encouraged and required to report suspicions or allegations of harm, abuse, criminal behaviour, or misuse of personal data via designated channels, including confidential mechanisms and whistleblowing lines.

8.2 Handling and Investigating Concerns

All concerns are assessed promptly by authorised personnel, with proportional investigation, documentation, and where necessary escalation to regulators or law‑enforcement agencies.

8.3 Confidentiality and Protection of Personal Data

8.3.1 Purpose and scope

Safeguarding records and related personal data are processed strictly for the purposes of preventing and responding to harm, complying with legal obligations, and managing risks.

8.3.2 Legal bases for processing

Processing is undertaken only where at least one lawful basis applies, such as legal obligation, performance of a contract, vital interests, or legitimate interests balanced against data‑subject rights, and, where required, consent or explicit consent for specific activities (for example, certain marketing or sensitive‑data processing).

8.3.3 Data‑minimisation, accuracy, and retention

Data collected is limited to what is necessary, kept accurate and up‑to‑date, and retained only for documented periods consistent with regulatory, limitation, and business‑need requirements, after which it is securely deleted or anonymised.

8.3.4 Security and access control

Onmidev implements technical and organisational measures (including access controls, encryption where appropriate, logging, and secure development practices) to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.[9][11][1][3][4]

8.3.5 Confidentiality and “need‑to‑know” sharing

Safeguarding and personal‑data information is shared internally only with those who need it for their role and externally only where necessary and lawful (for example with regulators, law‑enforcement, banks, payment providers, or support services), subject to appropriate safeguards and documentation.

8.3.6 Special‑category and children’s data

Additional protections apply where data relates to children or concerns sensitive categories; this includes stricter access restriction, enhanced logging, and, where required under Belizean law or other regimes, completion of a data‑protection impact assessment.

8.3.7 Cross‑border transfers

Personal data may be transferred between Belize, Anjouan, the EEA/UK, and other locations used for hosting or support services; such transfers will occur only where there is an adequate level of protection or appropriate safeguards and where individuals can effectively exercise their rights.

8.3.8 Record‑keeping and breach notification

Onmidev keeps records of data‑processing activities and will investigate any suspected personal‑data breach without delay, documenting findings and implementing remedial actions; where legally required, it will notify the relevant data‑protection authority and affected individuals within statutory timeframes (for example within 72 hours under Belize‑style rules where there is risk to individuals).

8.3.9 Data‑subject rights

Onmidev has procedures to facilitate rights such as access, rectification, erasure, restriction, portability, and objection to certain processing, subject to applicable legal exemptions and the need to protect third parties and ongoing investigations. Requests are logged and handled within statutory deadlines.

9. Partnerships and Collaboration

Onmidev collaborates with regulators, industry bodies, technology providers, and support organisations to strengthen both safeguarding and data‑protection practices, including through joint initiatives, audits, and information‑sharing subject to appropriate safeguards.

10. Monitoring and Review

The policy is reviewed at least annually and sooner where there are material legal or operational changes, including updates to the Belize Data Protection Act 2021 framework, Anjouan licensing conditions, or AML/gambling laws that impact safeguarding or privacy obligations. Feedback from staff, customers, regulators, and partners is taken into account in revisions.

11. Policy Implementation and Enforcement

This policy is implemented through internal procedures, system controls, contractual requirements, training, and monitoring, and is enforced via disciplinary measures where necessary, including in cases of non‑compliance with safeguarding or data‑protection duties. Breaches may also trigger regulatory reporting or external enforcement action, particularly under Belizean data‑protection law or Anjouan gaming licence conditions.

Annex A – Data‑Protection Framework: Belize

  • Onmidev acknowledges the territorial reach and standards of the Belize Data Protection Act 2021 where it is established in Belize or targets Belizean data subjects.

  • Governance includes appointment of a suitable privacy lead, adoption of written policies, maintenance of records of processing, and integration of privacy‑by‑design into systems.

  • Key principles (lawfulness, fairness, transparency, purpose limitation, data‑minimisation, accuracy, storage limitation, integrity, confidentiality, accountability) inform all processing activities.

Annex B – Data‑Protection Framework: Anjouan / Union of Comoros

  • Onmidev commits to applying an equivalent privacy standard for Anjouan‑licensed operations, aligned with emerging Comorian data‑protection norms and international best practice.

  • Controls include strong KYC, AML, information‑security, and player‑protection measures, as well as internal procedures for data‑subject rights and incident response.

  • The company cooperates with competent authorities in relation to supervision, audits, or investigations involving data‑protection or safeguarding matters.

Email: [email protected]
Address: Onmidev Ltd., Sea Urchin Street, San Pedro, Ambergris Caye, Belize

Last Updated: December 8, 2025

Effective Date: December 8, 2025

© 2025 Onmidev Ltd. All rights reserved.