1Win Privacy Policy: Safeguarding Your Personal Data

What is Personal Data?

We consider “Personal Data” any information that can be used to identify you. This includes details like your name, email address, phone number, payment information, and even your betting history and chat comments. Once the data is anonymized and cannot be linked back to you specifically, it falls outside the scope of this policy.

Keeping You Informed About Updates

We may need to make occasional changes to this Privacy Policy. If the updates are significant, we’ll take steps to notify you. This might involve posting a notice on our Websites or sending you an email directly.

What Data We Collect and How We Do That

When you visit our Websites or use our Services, we collect and process your Personal Data. The ways we collect this data can be broadly categorized as follows:

Legal Basis for Processing Personal Data

When we collect Personal Data, we ensure that its processing is carried out in accordance with applicable data protection laws and regulations, and only when we have a legal basis to do so. The legal bases for processing Personal Data include:

1. Performance of a Contract: We may process your Personal Data when it is necessary for the performance of a contract. For instance, this occurs when you register on our Website and enter into agreements with us, or when we facilitate transactions related to services provided on our platforms.
2. Legal Obligation: We are obligated to process Personal Data to comply with various legal requirements imposed by laws and regulations. This includes obligations under anti-money laundering legislation, responsible gaming regulations, and the terms of our gambling license.
3. Legitimate Interests: Personal Data may be processed when we, our group companies, or third parties have legitimate business or commercial reasons to do so. This processing is conducted while ensuring that your rights and freedoms are respected.
4. Consent: In certain limited cases, we may process your Personal Data based on your explicit consent. This typically applies when we need to process data for direct marketing purposes, and we obtain your consent beforehand.

These legal grounds ensure that Personal Data is processed responsibly, transparently, and in compliance with relevant legal standards to safeguard your privacy and rights.

How We Use Personal Data

We utilize your Personal Data for various purposes, each supported by specific legal bases:

1. Operation of the 1Win website and services: Ensuring our Websites and Services function properly and delivering the Services you have requested (Performance of a contract, Legitimate interest).
2. Determining Eligibility and Account Management: Verifying your eligibility to use specific Services, such as age and geographic location checks, managing identity verification, and overseeing self-exclusion statuses (Performance of a contract, Legitimate interest).
3. Compliance and Legal Obligations: Fulfilling legal duties, responsibilities, and obligations, including adherence to applicable laws, regulations, and the conditions of our gambling license, and preventing illegal activities like money laundering and match-fixing (Legal obligation).
4. Customer Support: Providing assistance for technical or payment-related issues and other concerns related to our Websites or Services (Performance of a contract).
5. Enhancing User Experience: Improving our Websites and Services, testing and developing new features, and conducting technical analyses to optimize user experience and provide more efficient tools (Legitimate interest).
6. Security and Crime Prevention: Preventing, detecting, and reporting crimes, protecting you, other users, and our platforms by ensuring network and information security, mitigating security risks, detecting and preventing fraud or malicious activities, and ensuring fair usage of our Websites and Services (Legal obligation, Legitimate interest, Performance of a contract).
7. Analytics and Reporting: Analyzing and aggregating data to produce statistics, including aggregated and anonymized analytics and reports used internally or shared with third parties (Legitimate interest).
8. Financial Transactions: Facilitating, managing, and confirming financial transactions (Performance of a contract, Legitimate interest).
9. Fraud Risk Assessment and Verification: Assessing fraud risk and verifying credentials through third-party entities such as financial institutions, identification verification agencies, and credit reference agencies (Legal obligation, Performance of a contract, Legitimate interest).
10. Responsible Gaming: Evaluating your gambling activity to promote responsible gaming practices (Legal obligation, Legitimate interest, Performance of a contract).
11. Risk Management and Odds Monitoring: Monitoring betting activity, managing risk, and adjusting odds (Legitimate interest, Performance of a contract).
12. Enforcement of Rights: Exercising our rights as outlined in agreements or other contractual arrangements with you (Performance of a contract).
13. Internal Administrative Purposes: Sharing information within our group of companies for reorganization or internal administrative purposes (Legitimate interest).
14. Customer Relationship Management: Managing our relationship with you, including operational communications, marketing communications, and providing requested information (Performance of a contract, Legitimate interest, Your consent).

How We Share Your Personal Data

There are occasions when we need to share your Personal Data with third parties. We may disclose your Personal Data to:

• Other companies within our group of companies;
• Third-party service providers and partners who assist us in delivering the Websites and Services you have requested. For example, these may include providers who support website functionality, deliver Services, or help market and promote our offerings;
• Regulators, law enforcement agencies, government bodies, courts, fraud prevention agencies, licensing bodies, eSports self-governing bodies, or other third parties where necessary to comply with applicable laws or regulations, or to exercise, establish, or defend legal rights. Whenever possible and appropriate, we will notify you before such disclosures occur;
• Affiliates and other entities that introduce you to us;
• Other parties with your explicit consent.

These disclosures are made to ensure the proper delivery of our services, compliance with legal obligations, and to protect our legitimate business interests, always with due respect to your privacy and data protection rights.

International Data Transfers

When we process and share data, it may be transferred to and processed in countries outside of your own. These countries may have different laws regarding data protection compared to what you are accustomed to. When Personal Data is processed in another country, we take steps to ensure that your Personal Data remains protected.

For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. When your Personal Data is transferred outside the EEA, it will only be done so to countries where we have implemented compliant transfer mechanisms to protect your Personal Data. This includes adhering to the European Commission’s Standard Contractual Clauses in contracts with entities to whom the data is transferred.

These measures are put in place to safeguard your privacy and ensure that your Personal Data is handled in accordance with applicable data protection laws.

Security

We are dedicated to safeguarding your Personal Data and have implemented appropriate technical and organizational measures, including:

1. Data Encryption: We encrypt all data exchanged between you and us using industry-standard TLS (Transport Layer Security), ensuring the protection of your personal and financial information. Your data is also encrypted when stored on our servers and during transfer between data centers for backup and replication.
2. Limited Access: Access to personal information is restricted to our employees, contractors, and agents who require this information to process it. This ensures that only authorized personnel can access sensitive data.
3. Network Protection: Our environment is secured by multiple layers of security controls, including firewalls, intrusion protection systems, and network segregation. These security services are configured, monitored, and maintained according to industry best practices. We collaborate with leading security vendors to utilize their expertise and global threat intelligence to protect our systems.
4. Secure Data Centers: Our servers are housed within enterprise-grade hosting facilities that implement robust physical security controls to prevent unauthorized physical access. These measures include 24/7/365 monitoring and surveillance, on-site security staff, and regular security audits. We maintain geographically separated data replicas to minimize the risk of data loss or outages.
5. Security Monitoring: Our security team continuously monitors security systems, event logs, notifications, and alerts from all systems to identify and manage threats. This proactive approach ensures that potential security issues are detected and addressed promptly.

Data Retention

We manage data retention in various ways to ensure your data is handled appropriately:

1. User-Controlled Deletion: Some data can be deleted by you at any time. For instance, you can edit your personal information, delete a chat post, or delete your account entirely.
2. Automatic Deletion: Certain data is deleted automatically after a specific period or when it is no longer needed.
3. Retention for Extended Periods: We retain some data for longer periods when necessary, ensuring it is either safely and completely removed from our servers or kept in an anonymized form when deleted.
4. Data Retention in Your Account: Data in your account is retained until you close the account. Additionally, after account closure or your last contact with us, we retain data for up to five years to meet regulatory and legal obligations and to defend against potential claims.

 Your Rights

You have certain rights regarding your Personal Data:

• Access: You have the right to know what Personal Data we hold about you.
• Correction: You can request us to correct any inaccurate Personal Data concerning you.
• Data Portability: You can access your Personal Data and request a copy in a machine-readable format, for example, if you want to back it up.
• Objection to Processing: You can object to our processing of your Personal Data where it is done for our legitimate interests. Please note, we may continue processing your Personal Data if there are other relevant lawful bases or compelling grounds that override your rights, interests, or freedoms.
• Erasure: You can ask us to erase your Personal Data, including deleting your account, if (1) it is no longer necessary for processing, (2) you withdraw your consent where it was the legal basis for processing, (3) you have objected to the processing and there are no overriding legitimate grounds, (4) your Personal Data was unlawfully processed, or (5) erasure is required to comply with a legal obligation. Note that we may retain data if necessary for our legitimate interests, compliance with legal obligations, or for the establishment, exercise, or defense of legal claims.
• Restriction: You can request us to restrict the processing of your Personal Data in certain circumstances.
• Withdrawal of Consent: You can withdraw previously granted consent for processing your Personal Data. Note that we may still process your data where there are other lawful bases to rely on.
• Objection to Direct Marketing: You can object to direct marketing and any related profiling. To stop receiving marketing communications, follow the unsubscribe instructions in the communication or send a request to [email protected].
• Complaints: You have the right to complain to your local data protection authority.

Please note that not all rights listed above are absolute.

You can exercise your rights at any time by adjusting your account settings or emailing us at [email protected]. We may require proof of identity before taking any action on your request.

If you are dissatisfied with our handling of your Personal Data, please let us know by emailing [email protected]. We will investigate and respond within a reasonable timeframe.

Use of Google Analytics

We use Google Analytics to collect information about how you use our Website. Google Analytics collects data such as how often you visit the Website, what pages you visit, and what other sites you used before coming to our Website. Google Analytics only collects your IP address on the date you visit, without associating it with your name or other identifying information. We do not combine Google Analytics data with your Personal Data.

Google Analytics places a permanent cookie on your web browser to identify you as a unique user during future visits. However, only Google can use this cookie. Google’s use and sharing of information collected by Google Analytics about your visits to our Website are governed by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits by disabling cookies in your browser settings.

For more information about Google Analytics, visit Google Analytics. To learn more about how Google uses cookies, visit Google’s Cookie Policy.

SSL Encryption

All critical correspondence between the user and the Website is encrypted using Secure Socket Layer (SSL) technology with a 256-bit key. This ensures that your personal and financial information is securely transmitted and protected from unauthorized access during data exchanges between you and our Website.