1win Privacy Policy

This section describes the personal information collected, the reasons for collection, and the safeguards used to protect users.

Personal data the website may collect

Depending on the services used, the website may collect:

• Identity and contact details: full name, date of birth, phone number, email address, residential address
• Account details: username, password (stored in protected form), account preferences, language and settings
• Verification information: copies of National Registration Card, passport, driving licence, and proof of address for age and identity checks
• Transaction information: deposit and withdrawal records, payment method identifiers, bank or mobile money details as required for payouts
• Technical data: IP address, device identifiers, browser type, operating system, time zone, log files, and crash reports
• Usage information: pages visited, betting activity records, session details, and interaction history on the website
• Communications: messages to customer support, call records where permitted by law, and dispute related correspondence

Why the website collects this information

The website collects and processes data to:

• Create and manage user accounts
• Verify age, identity, and eligibility to use gambling services
• Process deposits, withdrawals, and chargeback management
• Prevent fraud, account takeover, money laundering, and prohibited use
• Maintain platform security, integrity, and service continuity
• Meet legal and regulatory obligations applicable in Zambia, including requirements connected to gambling operations and responsible gaming

Security measures used

The operator applies technical and organisational measures designed to protect personal data, including:

• Encrypted connections for data transmission where appropriate
• Access controls, role based access, and staff confidentiality obligations
• Monitoring for suspicious activity and security incidents
• Secure storage practices and retention controls
• Vendor due diligence and contract controls for service providers that handle information

No security method eliminates risk completely. Users also have responsibilities, such as keeping login credentials confidential and using secure devices.

User rights

Subject to applicable law and verification requirements, users may request:

• Access to personal data held about the user
• Correction of inaccurate or incomplete information
• Deletion of personal data when retention is no longer required for legal, regulatory, dispute, or security purposes

Requests are handled through the procedures in the Access to Information section.

The operator uses collected information in a lawful and transparent manner for the following purposes:

• Account services: registration, login, customer support, account administration, and responsible gaming controls
• Transactions: processing deposits and withdrawals, verifying payment instructions, and managing refunds and chargebacks
• Compliance and risk control: age and identity checks, anti fraud screening, anti money laundering checks, sanctions screening where applicable, and enforcement of terms
• Service improvement: debugging, performance monitoring, service reliability, and feature optimisation based on usage information
• Analytics: aggregated reporting, statistical analysis, and internal audits to understand how users interact with the online platform
• Marketing preferences: sending service messages and marketing communications only when consent is present or when permitted by law, with opt out controls where applicable
• Legal protection: establishing, exercising, or defending legal claims, handling disputes, and responding to lawful requests by competent authorities

Personal data is processed only for purposes compatible with this document or as required by law.

Users can request access to, update, or delete personal information linked to their account.

Access and updates

Users can review and update certain details through account settings. Some changes may require verification to protect the user and prevent fraud.

Correction requests

If a user believes stored information is inaccurate or incomplete, the user can submit a correction request through customer support. The operator may ask for supporting documents to confirm accuracy.

Deletion requests

Users can request deletion of personal data. Deletion may be limited where retention is required for:

• Gambling compliance and audit obligations
• Anti fraud and anti money laundering checks
• Payment processing records and financial reconciliation
• Dispute handling and enforcement of agreements

If deletion cannot be completed immediately, the operator restricts use of the information to legal and compliance purposes.

Security checks and payment processing consent

Use of the website includes consent to reasonable security checks related to identity verification, fraud prevention, and responsible gaming. Use of deposit and withdrawal services includes consent for payment data processing by payment providers, banks, and mobile money operators involved in transactions, as needed to complete payments and meet compliance obligations.

The website is intended for users aged 18 years and above. Accounts registered by minors are not permitted.

The operator cannot confirm a user’s age with certainty without official documents and may request age and identity verification information at registration or later in the customer relationship.

If a parent or guardian believes that a minor has shared personal data or created an account, the operator will take steps to investigate and delete the minor’s information where appropriate, and will close the account. Proof of relationship or authority may be requested to protect the child’s privacy and prevent unauthorised requests.

Personal data may be processed outside Zambia where the operator, group companies, or partners and service providers operate, including providers of hosting, security, analytics, customer support, identity verification, and payment processing.

Use of the website indicates consent to such cross border processing when required to deliver the online services.

The operator requires partners to apply confidentiality and security controls appropriate to the nature of the information, and to process data only for agreed purposes and in line with this document.

This document sets out general rules for personal data handling and is intended to be read together with the website Terms and Conditions and related notices.

If any part of this Privacy Policy is found to be invalid or unenforceable under applicable law, the remaining parts remain in effect. The operator may limit or adjust the application of certain rules to the extent required by law, regulatory direction, or valid court orders.

This Privacy Policy applies when the user accepts it through a website acceptance action, account registration, continued use of the services, or any other form of accession recognised by applicable law.

Cookies are small text files stored on a user’s device when visiting websites. The website uses cookies and similar technologies to support essential functions and to improve service quality.

Cookies may be used for:

• Statistics and aggregated reporting
• Behaviour analysis to understand how users navigate the website
• Personalisation, such as remembering preferences and language
• Security controls, fraud prevention, and session management
• Improving website performance and reliability

Retention: cookies used by the website may remain on the device for up to 1 year, unless deleted earlier by the user through browser settings. Some cookies may expire sooner based on their purpose.

Users can manage cookies in browser settings. Disabling certain cookies can affect website functionality, including login and transaction features.

Use of the website and related online services indicates full acceptance of this Privacy Policy.

If the user does not agree with the terms of this document, the user should stop using the services.

The version published on the website at the time of use applies and takes precedence over earlier versions.

The operator may share personal data with third parties in limited cases, such as:

• Compliance with applicable law, lawful requests, or regulatory obligations
• Dispute resolution, chargeback handling, and investigation of prohibited activity
• Agreements with suppliers that support the services, including identity verification, payment processing, hosting, security, analytics, and customer support

If specific third parties are listed on the website or within related notices, the operator will identify them there. If no list is displayed, the operator will still share information only when the purpose and scope are necessary for service delivery, compliance, or security.

Submission of personal information through the website indicates consent to sharing required to provide services, complete transactions, and meet compliance requirements. Third parties must process data under contractual duties and confidentiality obligations consistent with this document.

The website may include links to external websites, plug ins, or services operated by third parties. Those websites have their own privacy policies and practices.

The operator is not responsible for the collection, processing, or use of information by external websites. Users should read the relevant privacy documents before submitting personal data on third party websites.