1win Privacy Policy

• Personal data collected
  • Account details: name, date of birth, contact information, location, preferred language.
  • Identity verification: copies or details of government-issued ID (for example, CNIC or passport) and proof of address for KYC and AML checks.
  • Transaction and payment information: payment method, masked card details or payment tokens, deposit and withdrawal records, and billing information.
  • Technical and usage data: device identifiers, IP address, log files, session information, and interaction data from websites and apps.
  • Communications: customer support messages, complaints, and verification correspondence.
• Why this data is collected
  • To create and manage the user account.
  • To verify identity, prevent fraud, and meet anti-money laundering requirements.
  • To process payments, settle transactions, and provide services.
  • To improve user experience, security, and site performance.
  • To meet legal and regulatory obligations in relevant jurisdictions.
• Protection measures
  • Transport Layer Security (TLS) encryption in transit and encryption or tokenisation for sensitive records where feasible.
  • Strict access controls, role-based permissions, and audit logging.
  • Network safeguards, firewalls, intrusion detection, and regular vulnerability testing.
  • Vendor risk reviews and data processing agreements for service providers.
  • Data minimisation, defined retention periods, and secure destruction.
• User rights
  • Access: request a copy of personal information.
  • Correction: update inaccurate or incomplete data.
  • Deletion: request removal of data where permitted by law.
  • Restriction or objection: limit certain processing, including direct marketing.
  • Consent: withdraw consent at any time, without affecting prior lawful processing.
• Compliance note for Pakistan
  • Data handling aligns with principles under the EU GDPR for transparency and security.
  • The service seeks to comply with applicable Pakistan requirements, including the Prevention of Electronic Crimes Act 2016 (PECA), Anti-Money Laundering Act 2010 (AMLA), State Bank of Pakistan security guidance for payment service providers, and relevant Pakistan Telecommunication Authority directives.

Processing is lawful, fair, and transparent. The platform uses personal information to:

• Operate accounts and deliver services, including identity verification and responsible access controls.
• Process deposits, withdrawals, and refunds through authorised payment providers.
• Provide customer support and address complaints or disputes.
• Improve performance, security, and usability through analytics and testing.
• Personalise settings and optimise content based on user preferences.
• Send service notices and, where consented, marketing communications.
• Meet legal obligations such as fraud prevention, AML/CFT, and regulatory reporting.
• Produce aggregated statistics that do not identify an individual.

• How to access and update
  • Users can review or edit key account details in Account Settings.
  • For full access requests, corrections, objections, or portability, contact the Support channel listed on the websites. Identity verification may be required to protect the account.
• Deletion
  • Users may request deletion of personal data where allowed by law and contractual necessities. Certain records must be retained for legal, tax, or AML purposes for a minimum period (for example, at least 5 years after account closure, subject to applicable rules).
• Security checks and payments
  • By using 1win, users consent to reasonable security checks to prevent fraud, verify identity, and confirm eligibility.
  • Users consent to processing of payment data by approved payment providers for transaction execution and compliance.

• Access is restricted to persons aged 18 or above, in line with responsible use rules.
• The operator cannot independently verify age without identity documents.
• If a parent or guardian believes a minor has provided personal information, they should contact Support to request immediate deletion and account closure. Upon verification, related information will be erased, subject to retention required by law.

• Personal data may be stored and processed in other countries where service partners, payment providers, or support teams operate.
• Using the websites and services constitutes consent to international transfers for the purposes described in this policy.
• The platform requires partners to safeguard confidentiality and to use information only as instructed, applying contractual, technical, and organisational protections (for example, standard contractual clauses or equivalent safeguards where relevant).

• A disclaimer in this policy may clarify, limit, or otherwise affect how specific rules apply.
• The disclaimer is effective when the user accepts the policy through signature, click acceptance, or accession while registering or using the services.
• Local law may impose additional obligations that prevail where mandatory.

• Definition
  • Cookies are small text files stored on a device by websites to remember preferences and improve performance.
• How cookies are used
  • Statistics and analytics to understand site usage and detect technical issues.
  • Behaviour analysis to enhance navigation and security.
  • Personalisation of content, language, and settings.
  • Site improvement, load balancing, and fraud prevention.
• Retention
  • Cookie lifetimes vary by type. Non-essential cookies are set for up to 1 year unless deleted earlier by the user.
• Control
  • Users can manage cookies via browser settings or the site’s cookie controls. Blocking some cookies may affect service functionality.

• Use of the services means full acceptance of this Privacy Policy and any related documents referenced here.
• The most current version on the websites prevails over earlier versions.
• Continued use after updates indicates agreement to the revised terms. Users should review the policy periodically.

• Sharing
  • Personal information may be shared with service providers, payment institutions, verification vendors, analytics partners, and professional advisers under binding agreements.
  • Information may be disclosed where required by law, for dispute handling, fraud prevention, or to enforce agreements.
• Transparency
  • Where third parties are listed on the websites, the listing describes purpose and scope. If not listed, users will be informed of the purpose and scope before sharing where required by law.
• Consent
  • Providing data for such services constitutes consent to processing by those parties for the stated purposes, subject to their own privacy notices.

• The websites may contain links to external sites that operate under their own privacy policies.
• The operator does not control how those sites process information and is not responsible for their practices.
• Users should review the privacy notices of any external site before providing personal information.