1win Privacy Policy

• Personal data collected
  • Account and identity: name, date of birth, address, nationality, contact details, and verification documents when required for KYC.
  • Account security: login identifiers and hashed passwords.
  • Transactions: deposits, withdrawals, payment method identifiers, and billing information.
  • Usage and technical: device details, IP address, approximate location, logs, and cookies.
  • Gameplay and responsible gaming: bet history, limits, and self-exclusion preferences.
  • Communications: chats, emails, and support tickets.
• Why this information is collected
  • Provide and secure the account and services.
  • Process payments and resolve billing queries.
  • Comply with legal duties under Indian law and applicable international standards.
  • Prevent fraud, verify age and identity, and support responsible gaming.
  • Improve online performance, user experience, and service quality.
• Protection measures
  • Encryption in transit and at rest for sensitive information.
  • Access controls, multi-factor authentication for staff, and role-based permissions.
  • Secure development practices, vulnerability testing, and audit logging.
  • Segregation of payment data and PCI DSS aligned controls via payment partners.
  • Data minimisation, purpose limitation, and retention schedules.
• User rights under Indian privacy law
  • Access: request a summary of personal information processed.
  • Correction: update inaccurate or incomplete records.
  • Deletion: request erasure where law permits or after consent withdrawal.
  • Consent management: withdraw consent for non-essential processing at any time.
  • Grievance: escalate a complaint to the designated grievance channel.

Compliance is maintained with the Information Technology Act 2000, the IT SPDI Rules 2011, and the Digital Personal Data Protection Act 2023, as notified and applicable. Protections aligned to GDPR are applied where required for relevant users.

• How information is used
  • Account management and service delivery.
  • Payment processing, refunds, and chargeback handling.
  • Age and identity verification, risk scoring, and fraud monitoring.
  • Responsible gaming tools and customer support.
  • Analytics to improve features, performance, and usability of the online services.
  • Personalisation of content and settings where consented.
  • Legal compliance, tax and accounting, dispute resolution, and regulatory inquiries.
• Lawful and transparent processing
  • Processing is based on consent, performance of a contract, legal obligation, or legitimate interests permitted by law.
  • Users are informed about purposes at or before collection, and changes are communicated in this document.

• How to access and update
  • Review or amend account and profile details in the account settings where available.
  • Submit a data request through the Help Centre or the support channel published on the website.
• Correction and deletion procedures
  • Requests may require identity verification to protect the user and the platform.
  • Inaccurate data is corrected as soon as reasonably practicable.
  • Deletion is carried out when no legal obligation requires retention. Backups may retain records until routinely overwritten.
• Security checks and payments
  • By using the platform, the user consents to security reviews, age or identity verification, and screening to prevent fraud.
  • Payment data may be processed by banks, card schemes, and payment service providers that apply equivalent confidentiality and security standards.

• The services are intended for persons aged 18 years and above.
• Age cannot be verified without identity documents. Verification may be requested at registration, before withdrawals, or when required by law.
• If a minor’s information is discovered, access is blocked and data is deleted subject to legal retention duties.
• Parents or guardians may contact support to request deletion of a minor’s account and associated records, subject to verification.

• Personal information may be stored or processed outside India where service partners and infrastructure are located.
• Use of the site indicates consent to such transfers, in line with the Digital Personal Data Protection Act 2023 and any government notifications on cross-border transfers.
• Contractual safeguards are used, including confidentiality obligations, security standards, and audits to ensure protection by all partners.
• For users in regions that require additional measures, recognised transfer mechanisms are applied where applicable.

• This disclaimer may modify how certain rules in this Policy apply in specific situations permitted by law, including compliance, dispute handling, or fraud prevention.
• The disclaimer takes effect when the user accepts the Policy by clicking accept, continuing to use the services, signing an agreement, or joining by accession where applicable.
• If any term conflicts with a mandatory legal requirement, the legal requirement prevails to the extent of the conflict.
• Service availability is subject to applicable state and national laws in India.

• What cookies are
  • Small text files placed on a device to store settings and help recognise the browser.
• How cookies are used
  • Essential operation and security of the website.
  • Statistics and analytics to understand site usage.
  • Behaviour analysis to improve navigation and performance.
  • Personalisation of preferences and content where consented.
• Retention and control
  • Non-essential cookies are retained for up to 1 year unless deleted earlier.
  • Cookie choices can be managed through the cookie banner or browser settings. Essential cookies are necessary for core functions.

• Use of the services amounts to full acceptance of this Privacy Policy.
• The current version of the Policy prevails over any prior versions.
• Updates are published in this document. Continued use after changes indicates acceptance of the revised terms.

• Information may be shared with third parties in the following cases
  • Service providers such as hosting, security, analytics, KYC, and payment processing.
  • Legal requests, dispute resolution, enforcement of terms, or protection of rights and safety.
  • Affiliates and partners for operational purposes consistent with this Policy.
• Transparency and consent
  • Where a detailed list of processors is provided on the website, it should be consulted for purpose and scope.
  • If a specific party is not listed, users will be informed of the purpose and scope before processing when required by law.
  • Providing information and using the services constitutes consent to such sharing where consent is the lawful basis.

• The website may contain links to external websites or services that have their own privacy policies.
• Responsibility for how those websites process information rests with their operators.
• Users should review the privacy notices on external websites before providing any personal data.