1win Privacy Policy

The platform collects personal data that users provide during registration and use of the services. This may include:

• Basic profile details such as name, date of birth and nationality
• Contact information such as email address, mobile number and residential address
• Account data such as username, password and security details
• Know Your Customer (KYC) documents like PAN, Aadhaar, passport or other ID proof where required by law or for verification
• Transaction and payment information routed through payment service providers
• Technical information such as IP address, device identifiers, browser type, operating system, access dates and times
• Behavioural and usage information about how the user interacts with the websites, applications and services

Personal information is collected for purposes such as:

• Creating and managing user accounts
• Fulfilling betting, gaming and payment requests
• Verifying age, identity and location for responsible gaming and compliance
• Preventing fraud, money laundering and unauthorised use of the services
• Providing customer support and responding to communications
• Improving, testing and maintaining the platform, user interface and user experience
• Meeting legal, accounting and regulatory obligations under Indian and international standards

Technical and organisational measures are used to protect personal data, including:

• Encryption of data in transit using industry standard protocols where appropriate
• Secure storage systems and restricted access based on role and need-to-know
• Internal policies on data minimisation, password rules and access control
• Regular monitoring for suspicious activity and potential security incidents
• Use of reputable third-party data centres and payment processors that apply security safeguards

Users have the following rights, subject to applicable law and technical feasibility:

• Right to request access to personal information held about them
• Right to request correction of inaccurate or incomplete personal data
• Right to request deletion or anonymisation of certain information, provided that data is not required to comply with legal or regulatory requirements or to resolve disputes
• Right to withdraw or modify consent for certain types of processing, where processing is based on consent

The operator aims to align practices with Indian data protection norms, including information technology and privacy rules applicable in India, and recognises principles similar to those in international standards such as purpose limitation, data minimisation, security and accountability.

Personal data is used only for lawful and specified purposes connected to providing online gaming and betting services. Main uses include:

• Account setup, login, authentication and account administration
• Processing deposits, withdrawals, bonuses, bets and game participation
• Calculation and settlement of winnings and losses
• Verification of age, identity, address and source of funds where required
• Detection and investigation of fraud, misuse, match-fixing, money laundering and other prohibited activities
• Enforcing terms and conditions, responsible gaming policies and legal obligations
• Providing technical support, responding to help requests and handling complaints
• Improving platform performance, features, security and reliability based on aggregated usage data and analytics
• Customising content, language, display options and service settings based on user preferences and previous interactions
• Conducting analytics and statistics regarding traffic, performance, user behaviour and service performance on websites and applications

In certain cases, and only in accordance with applicable law and user consent where required, information such as contact details and usage patterns may be used:

• To provide service-related notifications, policy updates and security alerts
• To send optional product or service information related to gaming and betting, which the user can opt out of at any time

All processing of personal information is based on one or more lawful grounds, such as user consent, performance of a contract, compliance with legal obligations, protection of legitimate interests like security and fraud prevention, or protection of vital interests in rare situations. Processing practices are designed to be transparent, limited to the stated purposes and proportionate to the needs of the services.

Users can request access to their personal data held by the platform, subject to verification of identity. Typical ways to exercise this right include:

• Logging into the account to review certain profile, contact and account information directly
• Submitting a written request to customer support to obtain a summary of stored personal data where feasible

If a user believes that stored information is inaccurate, incomplete or outdated, they may request correction. The operator may ask for supporting documents to validate updates, particularly for legal name, identity and address information.

Users may request deletion or restriction of processing of certain personal data. Deletion may not be possible for:

• Records required to comply with applicable law, tax rules, anti-money laundering obligations or regulatory reporting
• Data needed to resolve outstanding disputes, chargebacks, investigations or enforcement actions
• Information required for legitimate business interests such as security logs, kept for a limited retention period

When a deletion request is granted, data will be deleted or anonymised within a reasonable period, in line with technical capabilities and legal obligations.

By creating an account and using the services, the user consents to:

• Security checks and verification procedures, including identity, age, location and payment risk checks performed directly by the operator or through authorised third-party providers
• Processing of payment information by payment gateways, banks, card schemes and other financial service providers involved in handling deposits and withdrawals

Such checks are intended to protect users, maintain integrity of gaming and betting activities and enable compliance with Indian and international financial and gaming regulations.

The services are intended only for users who are at least 18 years old or the higher age required by local law for participation in online betting and gaming in India. Registration, deposits and gameplay by persons below the legal age are not permitted.

The operator relies on information provided by users at the time of registration and during KYC checks and cannot independently verify age or identity without official documents or additional verification steps. Users must ensure that login details are not shared with minors and that access to devices is controlled.

If it is discovered that personal data of a minor has been collected by mistake or through misrepresentation, the account may be blocked and any such data will be deleted or anonymised as soon as reasonably practical, subject to legal retention requirements.

Parents or legal guardians who believe that a child under the legal age has provided personal information or created an account should contact customer support. After appropriate verification, the operator will take steps to:

• Close the relevant account
• Remove or anonymise personal data that is not required for legal or regulatory reasons
• Provide information about steps taken to protect the child’s privacy

Personal data of users in India may be processed and stored not only in India but also in other countries where the operator, group companies, hosting providers, game providers, payment processors or other service partners are located. These jurisdictions may have different data protection laws compared to India.

By using the websites, mobile applications and related services, the user consents to such international transfer, storage and processing of personal information. Transfers are carried out for purposes such as hosting, customer support, payment services, game delivery, analytics and fraud prevention.

The operator seeks to ensure that all partners handling personal data apply confidentiality and security safeguards appropriate to the sensitivity of the information and in line with contractual obligations. Measures may include:

• Written data protection and confidentiality clauses in service agreements
• Limiting data access to what is necessary for providing the requested services
• Use of technical safeguards such as encryption, secure networks and controlled facilities

When required by applicable laws, additional safeguards or standard contractual protections may be used to support international transfers of personal data.

This Privacy Policy is intended to describe how personal data is collected, used, stored and disclosed in relation to the services. It does not create contractual rights for users beyond those already existing under applicable law and the general terms and conditions.

In the event of any conflict between this Privacy Policy and mandatory provisions of applicable Indian law, the legal provisions will prevail to the extent of such conflict. To the extent allowed by law, the operator reserves the right to limit its liability relating to processing of personal information in line with its terms and conditions and any specific agreements concluded with users.

Certain disclaimers contained in this document or in the general terms may alter the scope or effect of particular rules concerning collection and use of information, retention periods, access rights or international transfers, within the boundaries permitted by law.

The Privacy Policy becomes binding on the user when the user indicates acceptance, including through actions such as ticking a box online, selecting an acceptance button during registration, proceeding to use the services after being notified of the policy, or any other form of accession recognised under applicable law. Continued use of the services after any update of this document signifies acceptance of the updated version.

Cookies are small text files that are stored on the user’s device by the browser when visiting websites or using mobile applications. Similar technologies may include pixels, tags, local storage or software development kits in mobile apps.

Cookies and similar tools are used for purposes such as:

• Enabling basic functionality, including login, session management and security features
• Remembering language settings, preferences and interface choices
• Collecting statistics about visits, traffic sources and performance of services
• Analysing browsing patterns and user behaviour on the websites and applications
• Personalising the display of content and improving navigation and overall user experience

Information obtained through cookies may be combined with other data that the user provides or that is generated through use of the services, in order to support analytics, security checks and service optimisation.

Cookie data is generally retained for up to 1 year, unless a longer or shorter period is required for technical, security or legal reasons. Some cookies are deleted when the browser is closed, while others remain for the defined retention period.

Users may manage cookie settings through their browser or device settings, including disabling some or all cookies. However, blocking certain categories of cookies may impact the functionality of the services, including access to secure areas and features.

By registering an account, accessing the websites, installing or using the mobile applications, or using any related services, the user confirms that they have read, understood and agreed to this Privacy Policy.

If the user does not agree to the collection, use, processing and disclosure of personal data as described in this document, they should not create an account or should discontinue use of the services and request closure of any existing account, subject to legal and contractual obligations.

The operator may update this Privacy Policy from time to time to reflect changes in law, regulatory guidance, technology or service features. The version published on the official website at the time of use is the version that applies to that use. In case of any difference between translated versions and the primary version designated by the operator, the primary version will prevail to the extent permitted by law.

Personal data may be shared with third parties in limited circumstances and only for lawful purposes connected to the services. Typical categories of recipients include:

• Payment service providers, banks, card schemes and financial institutions processing deposits and withdrawals
• Identity verification, KYC and anti-money laundering service providers
• Game suppliers, sportsbook data providers and technology partners that enable betting and gaming operations
• Analytics, security and fraud prevention service providers
• Professional advisers such as auditors, lawyers and consultants subject to confidentiality duties
• Government authorities, regulators, law enforcement agencies and courts when required by law or for the purpose of responding to legal claims or investigations

The names or categories of key partners may be indicated on the websites or in related documents. If information must be shared with a party that is not listed, the sharing will be limited to the extent necessary for the stated purpose, such as completing a payment, performing a verification or handling a dispute.

Personal data may be disclosed:

• To comply with legal obligations, court orders or lawful requests by public authorities
• To establish, exercise or defend legal claims or to handle disputes
• To enforce terms and conditions, investigate potential breaches and protect rights, property or safety of users and third parties
• In connection with corporate transactions such as mergers, acquisitions or restructuring, subject to appropriate confidentiality measures

By providing personal information and using the services, the user consents to such sharing where it is necessary for performance of the contract, compliance with law or protection of legitimate interests, in line with this Privacy Policy and applicable regulations.

The websites and mobile applications may include links, banners or integrations directing users to third-party websites, applications or services that are not operated or controlled by the operator.

Such external websites and services have their own privacy policies, terms and data protection practices. The operator is not responsible for how these third parties collect, use, store or share personal information once the user leaves the official environment.

Users are encouraged to:

• Review the privacy policies and terms of use of any external websites or applications before providing personal data or making payments
• Be cautious when entering sensitive information on third-party platforms and verify that the connection is secure
• Contact the third party directly for any questions or concerns related to their handling of personal information

The presence of a link to a third-party website or service does not imply endorsement or responsibility for that party’s data practices.