Personal data we collect:

• Identity and verification details: name, date of birth, nationality, address, ID documents, proof of address.
• Contact and account information: email, phone, username, preferences.
• Financial and transaction information: payment tokens, bank details, deposits, withdrawals, bets, wins and losses.
• Device and technical data: IP address, device identifiers, operating system, browser, network information.
• Usage data: log-ins, session activity, games played, responsible gaming interactions, support communications.

Why we collect and process data:

• To deliver and manage accounts and services, including online casino and sportsbook features.
• To verify age and identity, prevent fraud, and meet anti-money laundering and sanctions screening obligations.
• To process payments, resolve disputes, and provide customer support.
• To personalize content, run analytics, and improve quality, safety, and performance.

Protection measures:

• Encryption in transit and at rest, network segmentation, and secure key management.
• Role-based access controls, multi-factor authentication for staff, and logging.
• Security testing, vulnerability management, and an information security program aligned to ISO 27001.
• Vendor due diligence, confidentiality agreements, and secure development lifecycle practices.
• Data minimization, pseudonymization where feasible, and retention schedules followed by secure destruction.

User rights:

• Europe: access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Complaints may be filed with a supervisory authority.
• United States: rights to know, delete, correct, and opt out of sale or sharing under state privacy laws such as CCPA/CPRA.
• Asia-Pacific: rights under local laws including PDPA, PIPEDA-equivalent regimes, and other applicable frameworks.

Compliance

The operator follows GDPR and UK GDPR, ePrivacy rules, CCPA/CPRA, LGPD, PIPEDA, and relevant Asian privacy statutes, as well as gambling and AML/CTF regulations.

Contact

Questions or requests: [email protected].

We use personal information for lawful, fair, and transparent purposes:

• Account creation, account management, and delivery of online services.
• Identity checks, due diligence, risk scoring, and responsible gaming interventions.
• Payment authorization, processing of deposits and withdrawals, chargeback handling, and tax reporting.
• Customer support, dispute resolution, and service communications.
• Personalization, A/B testing, and analytics to improve quality and safety.
• Marketing according to preferences and consent, including email, in-product messages, and cookies.
• Compliance monitoring, audit logs, sanctions screening, and statutory reporting.

Legal bases

Processing relies on user consent, performance of a contract, compliance with legal obligations, protection of vital interests, and legitimate interests balanced against user rights.

How to access, update, or delete data:

• Review and update profile details in account settings when available.
• Submit a request to [email protected]. Identity verification may be required.
• Response times: within one month under GDPR, extendable where permitted by law.

Correction and deletion procedures:

• Incorrect or incomplete information can be corrected upon request or through self-service tools.
• Deletion will be honored unless retention is required for contractual duties, AML/CTF, security, chargeback defense, dispute resolution, or statutory archiving.
• When deletion is not possible, data will be restricted and retained only for the necessary period.

Consent to checks

By using WinWin, the user consents to security checks, identity verification, fraud prevention, and processing of payment data by payment providers, banks, and screening services that support the platform.

The services are intended for individuals aged 18 and over, or the legal age required in the user’s jurisdiction, whichever is higher. The operator cannot determine a person’s age without appropriate documents. If personal data of a minor is discovered, the account will be closed and the information will be deleted or anonymized subject to legal retention requirements. Parents or legal guardians can request deletion by contacting [email protected] and providing proof of guardianship.

Personal data may be processed in countries outside the user’s location, including places where partners, processors, payment providers, and support teams operate. Use of the websites and services constitutes consent to cross-border transfers in line with applicable law. Safeguards include EU Standard Contractual Clauses, adequacy decisions, intra-group agreements, and contractual commitments to confidentiality and security. All partners are required to protect information, limit use to documented instructions, and notify of incidents without undue delay.

This section clarifies that any disclaimer contained in this policy may modify the scope or effect of specific rules, provided it is lawful in the relevant jurisdiction. The disclaimer becomes effective when the user accepts this policy through signature, electronic acceptance, or accession in the service interface. Nothing in this document excludes or limits rights that cannot be excluded by law, including statutory consumer and privacy rights. Local gambling, AML/CTF, and privacy laws prevail where they impose stricter requirements.

Cookies are small files stored on a device by a browser. They help remember preferences and enable functions.

Purposes

• Statistics and analytics to understand usage and improve services.
• Behavior analysis and fraud prevention.
• Personalization such as language, odds format, and remembered settings.
• Site improvement, performance, and error diagnostics.

Retention

• Non-essential cookies are retained for up to 1 year unless deleted earlier.
• Strictly necessary cookies operate for core functions and may have shorter lifespans.

Control

• Users can manage cookies in browser settings or through the on-site consent tools. Non-essential cookies are used only when consent is provided.

Use of WinWin indicates full acceptance of this Privacy Policy and any referenced documents. The most current version published on the websites and in the product prevails over prior versions. Continued use after changes take effect constitutes agreement to the updated terms, subject to statutory notice and consent requirements.

Personal data may be shared with third parties for purposes that include legal compliance, dispute resolution, fraud prevention, payment processing, KYC/AML checks, customer support, and performance of agreements. The categories of recipients and, where applicable, a list of key providers are available on the site. When a party is not listed, the purpose and scope of sharing will be communicated before or at the time of processing if required by law. Providing data for these services constitutes consent to such sharing, subject to contractual and legal safeguards. Each third party has its own privacy practices.

The services may contain links to external websites, apps, or platforms that are operated by third parties and have their own privacy policies. The operator is not responsible for how those parties collect or use information. Review the privacy documentation on any external site before providing personal data. Use caution when following links and sharing sensitive details.