1win Privacy Policy

What information is collected

• Identification and verification data: full name, date of birth, nationality, address, proof of identity, proof of address
• Contact details: email, phone number, preferred language
• Account and usage data: username, settings, log-in history, responsible gaming preferences, interactions with services
• Transaction and payment data: deposits, withdrawals, payment method details handled by secure processors
• Technical data: device identifiers, IP address, browser type, operating system, cookies, logs
• Compliance and risk data: sanctions screening results, fraud indicators, dispute records

Why the information is collected

• To register accounts, deliver online services, and provide customer support
• To verify age and identity, prevent fraud, and meet anti-money laundering and counter-terrorist financing obligations
• To process payments and handle withdrawals securely
• To operate responsible gaming tools and service limits
• To maintain platform security, diagnose issues, and improve performance
• To comply with legal requirements in Bangladesh and other applicable jurisdictions

Protection measures

• Encryption in transit and at rest, strong TLS, hardened storage
• Strict access controls, role-based permissions, and multi-factor authentication for privileged access
• Data minimisation, segregation, and pseudonymisation where appropriate
• Security monitoring, audit logging, vulnerability scanning, and periodic penetration testing
• Staff training, confidentiality undertakings, and vetted vendors under binding contracts
• Incident response and breach notification processes

User rights

• Access: obtain a copy of personal data
• Correction: update inaccurate or incomplete information
• Deletion: request erasure subject to legal and regulatory retention duties
• Restriction and objection: limit or object to certain processing
• Portability: receive certain data in a structured format
• Consent: withdraw consent for optional uses at any time

Legal framework

Processing aligns with applicable Bangladesh laws, including the Cyber Security Act 2023, relevant rules under the Prevention of Money Laundering framework, and Bangladesh Bank guidance on payment security. International best-practice principles such as transparency, purpose limitation, and data minimisation are followed.

• Account servicing: registration, authentication, account settings, and support
• Transactions: deposits, withdrawals, refunds, chargeback handling, and reconciliation
• Service operation and improvement: performance analysis, troubleshooting, feature development, and quality control
• Marketing and communications: service notices, security alerts, and optional messages based on user consent and preferences
• Analytics and personalisation: aggregated statistics, behaviour analysis, and content relevance while respecting privacy settings
• Compliance and safety: age checks, identity verification, sanctions screening, fraud prevention, dispute management, and regulatory reporting

Processing is lawful, necessary for services or legal obligations, based on legitimate interests, or grounded in consent where required. Users can change preferences in account settings or by contacting support.

How to access, update, or delete data

• Access: submit a request through the Help Centre or the contact details in the website footer; identity verification may be required
• Update: change profile fields in account settings or request assistance from support
• Deletion: request erasure; some records must be kept for legal, taxation, or anti-money laundering purposes for a defined period

Correction and deletion procedures

• The team will review requests, verify identity, and respond within a reasonable timeframe
• If deletion is not possible due to legal retention, the data will be restricted to essential uses only

By using 1win, users consent to necessary security checks, identity verification, and processing of payment data by authorised payment providers to complete transactions.

• Services are intended for adults aged 18 or above
• The operator cannot confirm age without appropriate documents provided during verification
• If a minor’s account or information is discovered, the account will be closed and personal data deleted where permitted by law
• Parents or guardians may request deletion by contacting support and providing proof of relationship and identity

Personal information may be stored or processed in countries where partners, data centres, or service providers operate. Using the site constitutes consent to such transfers. Contractual safeguards, strict confidentiality obligations, and industry-standard security controls are applied to protect information. Where required, appropriate transfer mechanisms such as standard contractual clauses are used.

This disclaimer may narrow or expand how certain rules apply, subject to applicable law and regulatory requirements. It takes effect when the user accepts this policy by signature, electronic acceptance, account creation, or accession through continued use of the services. The disclaimer does not limit non-excludable statutory rights and does not affect mandatory legal duties.

• Cookies are small text files stored on a device to remember preferences and improve websites
• Uses: statistics, behaviour analysis, personalisation, fraud prevention, and site improvement
• Types: essential, performance, functional, and advertising cookies
• Retention: up to 1 year unless a shorter or longer period is needed to meet a specific purpose
• Management: users can control cookies in browser settings; disabling some cookies may affect service features

Use of the services means full acceptance of this Privacy Policy. The current version published on the website prevails over any prior version. Updates may be posted to reflect changes in processing, legal requirements, or technical measures. Continued use after changes indicates consent to the updated document.

Personal data may be shared with third parties where required by law, for dispute resolution, or to fulfil agreements. Typical recipients include payment processors, identity verification providers, fraud prevention partners, analytics services, hosting and security vendors, and competent authorities. Where a public list of processors is not available, the purpose and scope of sharing will be explained before or at the time of processing where required. Providing information constitutes consent to such sharing to the extent allowed by law.

The site may contain links to external websites that have their own privacy policies. 1win is not responsible for how those websites collect, use, or disclose information. Users should review the privacy notices of any external site and proceed with caution when sharing personal details.