1win Privacy Policy

Personal data that may be collected

• Account and identity: name, date of birth, nationality, username, verification records, and copies of identification documents for KYC and age checks.
• Contact details: email address, phone number, postal address, and communication preferences.
• Technical information: device identifiers, IP address, browser and operating system data, language settings, cookies, and access logs.
• Financial and transaction data: deposit and withdrawal records, payment instrument details in tokenized or masked form, billing address, and currency.
• Usage and gameplay data: bets, wins and losses, session times, interactions with features, and responsible gaming settings.
• Compliance and risk data: fraud and AML screening results, sanctions checks, security flags, and account status.

Why this information is collected

• To create and manage user accounts and provide services.
• To process payments, verify identity and age, and meet AML and counter-terrorist financing obligations.
• To secure accounts, prevent fraud, detect misuse, and ensure platform integrity.
• To comply with legal duties and respond to regulators or law enforcement.

Protection measures

• Encryption in transit, restricted access, role-based permissions, and multi-factor authentication for administrative access.
• Network segmentation, firewalls, monitoring, and logging for security incident detection.
• Vendor due diligence and contractual data protection obligations for service providers.
• Staff training, confidentiality undertakings, and periodic security reviews.
• Data minimization, retention schedules, and secure deletion or anonymization when no longer needed.

User rights under Japan’s Act on the Protection of Personal Information (APPI)

• Request notification of the purpose of use.
• Request disclosure of retained personal data.
• Request correction or addition where data is inaccurate or incomplete.
• Request suspension of use or deletion where conditions are met.
• Request suspension of third-party provision where conditions are met.

Compliance statement

Processing follows APPI and relevant guidelines of the Personal Information Protection Commission of Japan. International standards, such as data security best practices and applicable privacy norms, are also observed.

How information is used

• Account services: registration, login, account settings, and customer support.
• Transactions: deposits, withdrawals, chargeback management, and payment reconciliation.
• Service improvements: troubleshooting, feature development, quality assurance, and performance analytics.
• Personalization: language and content preferences, responsible gaming tools, and user experience adjustments.
• Marketing and communications: notices about service changes or optional offers, subject to consent or lawful opt-out frameworks.
• Security and integrity: fraud prevention, risk scoring, AML screening, and compliance audits.
• Legal compliance: record-keeping, dispute handling, tax and regulatory reporting.

Processing principles

• Personal information is processed lawfully, fairly, and in a transparent manner for specified purposes.
• Collection is limited to what is necessary, stored for no longer than required, and protected by appropriate safeguards.

How to access, update, or delete data

• Users can review certain account details in profile settings.
• Requests for disclosure, correction, deletion, or suspension of third-party provision can be submitted via in-account support or the privacy contact listed in the website footer.
• Identity verification may be required before actioning a request.
• A response is provided within a reasonable period, subject to legal requirements and verification.

Correction and deletion procedures

• Correction or addition: inaccuracies are rectified after verification and review.
• Deletion or suspension of use: granted where legal grounds apply and retention is not required for compliance or dispute resolution.

Security checks and payment processing

• By using the service, users consent to security checks, identity verification, AML screening, and the processing of payment data by authorized payment providers for transaction purposes.

• The services are for adults aged 18 and over. Registration by minors is not permitted.
• The operator cannot confirm age without appropriate documents and may request verification during onboarding or at any time.
• If a minor’s data is identified, the account is restricted and the personal information is deleted when verified. A parent or legal guardian may contact support to request deletion, subject to verification.

• Personal data may be processed outside Japan where infrastructure providers, verification partners, payment processors, or support teams operate.
• Using the site constitutes consent to cross-border transfers for the purposes described in this policy.
• Partners receiving data are bound by confidentiality, security, and data protection obligations. Contractual safeguards and vendor assessments are used to help ensure an equivalent level of protection.

• This disclaimer clarifies that the policy may be interpreted and applied together with terms of service, applicable laws, and regulatory guidance. It may affect the scope or practical effect of certain rules where required by law.
• The disclaimer applies when the user accepts this policy by registering, ticking an acceptance box, continuing to use the services, or otherwise indicating accession. If any part is invalid under local law, the remaining terms continue to apply to the extent permitted.

What cookies are

• Cookies are small files stored on a device by websites to remember user actions and preferences.

How cookies are used

• Statistics and analytics to understand site performance and usage.
• Behavior analysis to detect anomalies and improve security.
• Personalization such as language settings and content preferences.
• Site improvement through aggregated insights.

Retention and control

• Cookie data is generally retained for up to 1 year, after which it is deleted or refreshed.
• Users can manage cookies in browser settings or via available on-site controls. Disabling certain cookies may affect functionality.

• Using the services constitutes full acceptance of this privacy policy and any future updates.
• If multiple versions exist, the most recent version published on the website prevails from its effective date.

Sharing of personal information

• Personal information may be shared where necessary to comply with law, manage disputes, enforce agreements, prevent fraud, process payments, perform identity checks, provide hosting, or deliver customer support.
• Categories of recipients include payment processors, identity verification providers, analytics services, cloud and security vendors, auditors, dispute resolution bodies, and competent authorities.

Transparency and consent

• Where third parties are listed on the website, the listing explains the purpose and scope of sharing. Where not listed, users are informed of the purpose and scope as required by law.
• Providing personal information to enable these services constitutes consent to such sharing for the stated purposes. Each third party may apply its own privacy policy to the data it processes.

• The website may contain links to external websites that operate under their own privacy policies and security practices.
• The operator is not responsible for how external sites collect, use, or protect personal data.
• Users should review the privacy policies of external websites before providing any information.