Privacy policy
1win’s privacy policy applies to all websites and services, including online and mobile products. We protect privacy, process data transparently, and comply with applicable data protection laws. The Policy may be updated with notifications via website or email when changes are significant. Personal data collected depends on the services requested and agreed in each case.
What data is collected
We collect Personal Data through three methods: direct user input, automatic tracking, and third-party sources.
- Information provided directly – contact details and documents submitted during registration, verification, anti-money laundering procedures, anti-fraud checks, or support requests;
- Information collected automatically – IP address, operating system, device and browser type, crash reports, system activity, date/time stamps, and referrer URLs through cookies, tracking technologies, and tools like Google Analytics to understand usage and improve experience;
- Information from third parties – data obtained from publicly available materials, trusted partners, and payment providers to supplement records, personalize Services, and validate user-provided information.
Legal bases for processing
We process Personal Data only when we have a legal basis under applicable data protection laws. The Policy lists these bases:
- Performance of a contract: Processing needed to provide Services, including when users register and enter agreements, and when transactions are facilitated on the Websites;
- Legal obligation: Processing required to comply with laws and regulations, including anti-money laundering requirements, responsible gaming rules, and gambling license conditions;
- Legitimate interests: Processing necessary for business or commercial reasons of the company, its group companies, or third parties;
- Consent: In limited situations, such as where required for direct marketing purposes.
How Personal Data is used
Personal Data may be used for the following purposes, aligned to the legal bases described in the Policy.
- To operate the Websites, ensure Services function as intended, and deliver Services requested by users;
- To determine eligibility for certain Services, including checks of age, geographic location, identity, and self-exclusion status, and to set up and operate user accounts;
- To meet legal, regulatory, and licensing obligations, and to prevent illegal activity (including money laundering and match-fixing);
- To provide customer support and help resolve technical, payment, or other service-related issues;
- To improve and develop the Websites and Services, test new features, and conduct technical analysis to optimize user experience;
- To prevent, detect, and report crime; protect users and the company; maintain network and information security; mitigate security risks; and detect and prevent fraudulent or malicious activity so that use remains fair and consistent with agreements;
- To analyze and aggregate data and produce anonymized statistics, analytics, and reports that may be used internally or shared publicly or with third parties;
- To facilitate, manage, and confirm financial transactions;
- To assess fraud risk and verify credentials with third parties (including financial institutions, identity verification agencies, and credit reference agencies);
- To assess gambling activity for responsible gaming purposes, and to monitor betting activity to manage risk and odds;
- To exercise rights under agreements, and to share information within the group for internal administrative purposes or following a restructure;
- To manage relationships and communicate with users, including operational messages (changes to Services, security updates, help using Services), and marketing communications where permitted and/or based on consent.
Sharing Personal Data
Personal data may be disclosed to third parties when necessary for platform operations, legal compliance, and service improvement. The company shares information with authorized entities while maintaining security standards and user privacy protection.
Authorized Recipients
The 1win platform shares user data with specific entities for operational, legal, and security purposes. Disclosure occurs only when necessary for service provision and regulatory compliance.
- Other companies within the same corporate group for operational coordination;
- Service providers and partners supporting platform functionality and marketing activities;
- Affiliates introducing new users to the platform;
- Regulatory authorities and law enforcement agencies for legal compliance;
- Government agencies, courts, and fraud prevention organizations when establishing or protecting legitimate rights;
- Licensing authorities and esports self-governing bodies as required by regulations.
International Transfers
Personal data may be transferred and processed in countries outside your jurisdiction with different legal frameworks. The platform uses protective measures including standard contractual provisions of the European Commission for transfers outside the EEA, ensuring data security during international processing.
Security
Technical and organizational measures protect personal data through multiple security layers and restricted access protocols.
Encryption Protocols
The platform employs multi-layer encryption to protect data during transmission, storage, and inter-system transfers.
- TLS protocol encryption for data transmission;
- Encryption of stored data in secure databases;
- Encryption for data transfers between data centers during backup and replication.
Access Control and Infrastructure
Physical and digital security measures protect data through restricted access protocols and redundant infrastructure systems.
- Restricted access limited to authorized employees, contractors, and agents;
- Layered network security including firewalls and intrusion protection systems;
- Secure data centers with physical monitoring, surveillance, and security personnel;
- Geographically separated replicas reducing failure and data loss risks;
- Continuous system and log monitoring for threat detection.
Retention
Data retention periods vary based on account status, legal requirements, and business necessity. Users control certain data through account settings while the platform maintains other information for compliance purposes.
User-Controlled Data
Users manage specific data categories directly through account interface without requiring support assistance.
- Profile information editable at any time through account settings;
- Chat messages deletable by users directly;
- Account deletion available upon request with complete data removal.
Mandatory Retention Periods
Legal and regulatory requirements determine minimum storage durations for different data categories regardless of user preferences.
| Data Type | Retention Period | Purpose |
|---|---|---|
| Active account data | Duration of account activity | Service provision and support |
| Closed account data | 5 years after closure | Legal compliance and claim protection |
| Self-exclusion records | Extended period | Responsible gambling enforcement |
| Financial records | Per tax regulations | Anti-money laundering compliance |
| Fraud investigation data | As legally required | Abuse prevention and legal proceedings |
Your Rights
Users maintain comprehensive rights regarding personal data management and processing control. Exercise these rights through account settings or by contacting support at [email protected] with identity verification.
- Know what personal data the platform holds about you;
- Correct inaccurate or outdated personal information;
- Access your data and request a machine-readable copy;
- Object to processing based on legitimate interests (processing may continue where other lawful bases exist);
- Request data erasure in specific circumstances (exceptions apply for legal obligations and overriding legitimate interests);
- Request restriction of processing for certain data categories;
- Withdraw consent where processing relies on consent basis;
- Object to direct marketing and related profiling activities;
- Complain to your local data protection authority regarding privacy concerns.
Google Analytics, SSL, and Cookies
The platform uses tracking technologies to enhance user experience, secure communications, and analyze usage patterns.
Google Analytics Implementation
Google Analytics collects usage information including visit frequency, pages viewed, and referring sites through IP addresses without combining data with personally identifiable information. This analytics tool helps improve platform functionality and user experience.
SSL Encryption
Critical correspondence receives encryption through SSL protocol with ×256-bit key strength, protecting sensitive communications between users and platform servers.
Cookie Usage and Management
With user consent, the platform stores cookies and Flash cookies to record preferences, track usage patterns, and display relevant advertising without accessing device information.
| Cookie Type | Purpose | User Control |
|---|---|---|
| Necessary cookies | Enable navigation and transaction processing | Required for basic functionality |
| Registration cookies | Recognize returning customers and maintain sessions | Managed through account settings |
| Analytical cookies | Track usage patterns and improve services | Adjustable via browser settings |