Privacy Policy
1win processes personal data to deliver betting services while complying with data protection laws. Policy applies to website, apps, and all user interactions. Major updates notify users via email or site banner.
Data Collection Sources
The company gathers personal information through three distinct channels during registration, gameplay, and support interactions. Direct inputs include identity documents while automatic collection captures technical usage data. Third-party sources validate provided information against public records.
| Collection Method | Data Examples |
|---|---|
| User-provided | Name, email, phone, payment details, verification documents, support tickets |
| Automatic | IP address, device type, browser settings, transaction history, crash reports |
| Third-party | Payment processor data, public records for validation |
Legal Processing Bases
Company processes data only under specific legal grounds required by applicable legislation. Contract performance covers account operations while legal obligations handle compliance requirements. Legitimate interests support security and service improvements.
| Legal Basis | Application Examples |
|---|---|
| Contract Performance | Registration, transactions, service delivery |
| Legal Obligation | AML verification, responsible gaming checks |
| Legitimate Interests | Fraud prevention, analytics, service optimization |
| Consent | Marketing communications (optional) |
Primary Data Uses
Personal data enables core platform functions from account verification through payout processing. Legal bases determine each specific use case while ensuring compliance requirements. Company prioritizes data minimization principles throughout operations.
| Processing Purpose | Governing Basis |
|---|---|
| Account setup/verification | Contract + Legitimate interest |
| Fraud prevention/AML | Legal obligation |
| Service delivery/payments | Contract performance |
| Technical support | Contract |
| Security monitoring | Legal obligation + Legitimate interest |
Data Sharing Recipients
Company discloses information only to necessary third parties under strict contractual protections. Regulatory bodies receive data for compliance, while service providers operate under confidentiality agreements. User consent required for additional sharing beyond operational needs.
| Recipient Category | Disclosure Purpose |
|---|---|
| Group companies | Internal administration |
| Service providers | Payment processing, hosting, analytics |
| Regulators/law enforcement | Legal compliance, investigations |
| Affiliates | User referrals |
| Marketing partners | Consent-based only |
Security Protection Measures
Multiple-layered defenses protect data throughout the collection, storage, and transmission phases. Industry-standard encryption secures all communications while access controls limit internal exposure. Continuous monitoring detects and responds to potential threats immediately.
| Security Layer | Implementation Details |
|---|---|
| Data Encryption | TLS transmission + at-rest server encryption |
| Access Controls | Role-based employee restrictions |
| Network Defense | Firewalls, intrusion detection systems |
| Physical Security | Secure data centers with 24/7 monitoring |
| Threat Monitoring | Real-time security operations center |
Data Retention Schedule
Company deletes data immediately when purposes complete except where legal requirements mandate retention. Account data persists five years post-closure for compliance while self-exclusion records maintain longer periods. User-initiated deletions process instantly where legally permitted.
| Data Category | Retention Period |
|---|---|
| Active account data | Until deletion + 5 years |
| Self-exclusion records | Extended responsible gaming period |
| Transaction history | 5-7 years financial regulations |
| Marketing preferences | Until withdrawal |
| Technical logs | 30-90 days operational needs |
User Rights Summary
Individuals exercise eight core rights over personal data processing activities. Account settings handle routine requests while complex matters route through support email. Identity verification required before fulfilling data access or deletion requests.
| Right | Exercise Method |
|---|---|
| Access data copy | Account dashboard or [email protected] |
| Correct inaccuracies | Profile update |
| Request deletion | Support ticket with justification |
| Object to processing | Email notification |
| Withdraw consent | Marketing unsubscribe |
| Restrict processing | Support request |
| Portability | Structured format download |
| Lodge complaint | Local data protection authority |
Cookie Categories Deployed
1win deploys four cookie categories to maintain platform operations and enhance user functionality. Each type serves distinct technical purposes from essential access through performance tracking. Users control non-essential cookies through browser settings while necessary types remain active for core service delivery.
| Cookie Type | Duration | Purpose |
|---|---|---|
| Necessary | Session | Login authentication, secure transactions, navigation |
| Functional | Persistent | Language preferences, interface layout, user settings |
| Analytical | 2 years | Usage statistics via Google Analytics (anonymous) |
| Marketing | Persistent | Targeted advertising, behavior tracking |
International Transfer Safeguards
Data processing occurs across multiple jurisdictions with varying protection levels. EEA transfers utilize Standard Contractual Clauses ensuring equivalent protection standards. All international processors sign binding data protection agreements.
Policy Amendment Process
Company updates policy based on regulatory changes or operational requirements. Significant modifications trigger user notifications through multiple channels. Continued platform usage constitutes acceptance of revised terms automatically.