Privacy Policy

This Privacy Policy explains how the Company handles digital personal data for users based in India. The framework strictly aligns with the Digital Personal Data Protection Act, 2023, which governs the collection, use, storage, and transfer of personal information under Indian law. Each individual Data Principal holds specific rights over their records, and the Casino addresses those parameters directly within this comprehensive technical document. The provisions detailed below apply across all digital networks and online gaming interfaces available in the region.

Basics of Privacy Practices in India

A standard data notice must outline the administrative personal data handling methods practiced by a designated regulatory entity. Review the structural pillars established by national data protection rules in the summary table below.

AspectDetails
Covered dataDigital personal data only
Processing contextIndia-based user services
User categoryData Principal rights holder
Data Fiduciary roleDetermines processing purposes
Data Principal roleGives or withdraws consent
Consent approachFree, explicit, unconditional affirmative action
Retention rulesDelete after processing purpose ends
Sharing rulesDisclose recipient categories to users
Grievance detailsActive Grievance Officer contact published

Scope of Data Protection Coverage in India

The structural boundaries of this data notice outline the exact limits under which individual security actions are implemented. The core application boundaries are itemized in the following list:

  • Geographic data reach applied systematically across all territories of India;
  • All electronic assets and online services covered by the policy;
  • Specific digital personal data types processed through incoming streams;
  • Physical records that are subsequently converted into digitized formats;
  • Comprehensive data protections addressing India-based users;
  • All active real-money Casino service users covered by the rules;
  • Digital deployment interfaces where this text remains publicly accessible.

Categories of Personal Data Collected in India

The Company identifies the specific parameters gathered from individuals to guarantee complete functional clarity. The processing framework ensures ordinary personal data stays separated from high-risk categories that require heightened administrative protections.

Each individual provides or automatically generates data across several distinct functional classifications:

  • Basic identifiers: Full legal name, gender, and verified residential address parameters;
  • Contact information: Verified email addresses and active mobile phone numbers;
  • Account credentials: Secure usernames, alphanumeric passwords, and linked login details;
  • Technical data: Device hardware identifiers, network IP addresses, and operating system types;
  • Tracking elements: Automated cookie files, historical session timelines, and comprehensive usage logs;
  • Financial instruments: Local bank account records, UPI credentials, and real-money transaction fields;
  • Gameplay statistics: Historical bet logs, wagering values, game preferences, and overall win records;
  • Verification documents: Clear photographs of Aadhaar cards, PAN cards, or passports used as age proof;
  • Parental consent records: Verified authorization logs or identity tokens collected for minors;
  • Support communications: Written ticket records, live chat logs, and formal grievance correspondence.

Legal Framework for Data Management in India

The execution of individual tracking systems derives its authority directly from current state legislation. Review the administrative penalties and statutory compliance baselines in the framework table below.

ElementDetail
Main statuteDigital Personal Data Protection Act, 2023 (DPDP Act)
Territorial scopeDigitized personal data processed within India or linked to regional users
Digital data focusRestricted strictly to automated or digitized personal data
Offering servicesIndia-based consumer channels covered comprehensively
Supporting IT ActSupplemental SPDI Rules apply to sensitive classifications
Board roleData Protection Board of India adjudicates operational breaches
Penalty rangeUp to ₹250 crore for failing to maintain security safeguards
Compliance timelineTransition adjustments enforced progressively until May 2027

User Notice and Consent Practices in India

Data Fiduciaries must present clear itemized text disclosures before gathering any individual data attributes. Platforms enforce the following operational notice protocols to validate incoming user consent chains:

  1. Present a standalone Privacy Notice to the Data Principal before any data collection begins.
  2. Specify each separate item of personal data the entity intends to collect.
  3. State all structural purposes of processing in clear, direct, and accessible terms.
  4. Indicate all third-party recipients and the exact operational reason for sharing.
  5. Collect free, specific, informed, and explicit affirmative consent from the Data Principal.
  6. Store securely dated consent records to satisfy routine independent audits.
  7. Offer an automated withdrawal option so the Data Principal can revoke consent instantly.
  8. Update the core Privacy Notice immediately upon any alteration in stated processing purposes.

Purposes of Data Collection and Minimisation

Every gathered data asset must connect directly to an authorized business execution pathway. Review the purpose mappings and minimization constraints established under national legal mandates in the reference table below.

Purpose TypeData CategoryMinimisation Constraint Note
Account creationName, email address, phoneBasic identification attributes only
Service deliveryResidential address, play preferencesNecessary operational details only
Payment processingBank records or UPI informationLimited transaction-specific financial details
Customer supportSupport tickets, interactive chat logsRelevant problem-solving correspondence only
Compliance checksGovernment ID cards, age proofAudited validation data only
Marketing communicationEmail, device identifiersConsent-based contact data only
AnalyticsAutomated usage patternsAnonymized aggregate telemetry data only

Data Retention and Deletion in India Region

The storage lifespan of individual data components is determined strictly by the duration of the authorized purpose. The core retention and disposal mechanisms implemented across the region are outlined below:

  • Purpose-based retention schedules applied independently to each unique dataset;
  • Legal record retention executed in accordance with mandatory regulatory timelines;
  • Minimum one-year log retention enforced following purpose conclusion per DPDP rules;
  • Inactive account data deleted permanently after 3 consecutive years of zero interaction;
  • Advance text notifications sent to users 48 hours prior to final account deletion;
  • Archival processes paired with high-grade data anonymization strategies;
  • Secure cryptographic disposal methods applied immediately upon profile closure.

Sharing with Third Parties and Cross-Border Data Use

External data transmissions must respect explicit user instructions and contractually verified protective agreements. Review the recipient categories and mandatory transfer conditions in the data sharing table below.

Recipient CategoryPurposeTransfer Condition
Affiliated EntitiesInternal service fulfillment support across subsidiariesExplicit user consent obtained prior to transfer
Payment ProvidersReal-money transaction processing and settlementDirect contractual necessity under financial rules
Verification VendorsMandatory age verification and identity checksStatutory compliance requirement before funding
Analytics ProcessorsAggregated usage data analysis and performance tuningConsent requirement managed through settings
Regulators and CourtsOfficial law enforcement order responseMandatory government specification or legal demand

Rights of Data Principals in India

The legal framework empowers local citizens with strong administrative tools to manage their digital profiles. The core individual privileges available to every data principal are listed below:

  • Access summary right regarding the personal data being processed;
  • Right to know and identify all third-party fiduciaries and processors with whom data is shared;
  • Right to demand the correction of inaccurate or misleading information;
  • Right to complete incomplete profile data fields instantly;
  • Right to enforce absolute erasure after processing purposes conclude;
  • Right to execute consent withdrawal commands at any chosen time;
  • Right to seek grievance redressal within prescribed legal intervals;
  • Right to nominate specific individuals to manage rights in the event of death.

Handling of Children Data in India

Processing records linked to individuals under eighteen years of age requires implementing enhanced platform safeguards. Review the strict rules governing minor data protection under current statutory guidelines in the table below.

AspectRule Under India Law
Child age thresholdRestricted to individuals under 18 years of age
Parental consent requirementVerifiable consent from a parent or legal guardian is mandatory
Verification mechanismsIdentity age checks via government documents or specialized tokens
Allowed processing contextsRestricted to basic introductory account services only
Profiling limitationsBehavioral monitoring and tracking are strictly prohibited
Targeted messaging restrictionsNo direct child targeting or customized promotional ads allowed
Breach notice focusNegative impact on children highlighted first in emergency reports
Minor access restrictionsComplete online gaming access blocked automatically by filters

Grievance Redressal and Contact Information

Users can submit formal inquiries to resolve data-handling issues directly with the corporate administration. Follow these sequential steps to initiate and track a formal data complaint:

  1. Locate the official Grievance Officer’s name, designation, and contact details inside the platform footer.
  2. Submit a written complaint via email with a comprehensive description of the data concern.
  3. Provide valid identification documents and account details to verify profile ownership.
  4. Request explicit access to or immediate correction of the stored data components.
  5. Monitor the response status within the prescribed corporate timeline.
  6. Seek immediate escalation to a senior officer if the initial reply is unsatisfactory.
  7. File a formal escalation complaint before the Data Protection Board of India if unresolved within 30 days.

Obligations of Data Fiduciaries and Processors

Accountability requirements demand that processing platforms ensure absolute accuracy and operational security. The following compliance duties apply to every authorized data fiduciary:

  • Implement reasonable security safeguards to eliminate data breach vulnerabilities;
  • Manage role-based access controls to prevent unverified internal entry;
  • Ensure absolute data accuracy across all active processing layers;
  • Maintain accurate consent logs and historical authorization records;
  • Keep comprehensive data processing logs for legal monitoring;
  • Supervise third-party processor agreements through strict data contracts;
  • Appoint an independent Data Protection Officer (DPO) based in India;
  • Cooperate with the Data Protection Board during routine administrative reviews.

Online Gaming and Casino Privacy Clauses

Specialized interactive entertainment systems follow specific guidelines concerning transaction recording and account inactivity. Review the sector-specific parameters configured for local users in the table below.

Sector FeatureDetailUser Impact
Gameplay data collectionComplete tracking of betting statistics and interaction historyStored securely per user session
Betting outcomes logsSystematic logging of gaming results and win recordsMaintained on server lines for audit compliance
Transaction recordingReal-money payments processed in Indian Rupees (₹)Logged per transaction to satisfy financial audits
Significant user thresholdExceeding 5,000,000 registered users grants special statusStricter rules and annual impact assessments apply
Inactivity deletion timelineThree-year inactivity threshold triggers profile erasureNotice sent 48 hours prior to removal
Contextual notificationsTailored notices issued specifically for online gaming environmentsPlayers informed directly about real-time tracking features
Breach response protocolsNotification delivered to affected individuals and the BoardDisclosed promptly within 72 hours without undue delay

Conclusion on Data Protection Standards

Overall, this policy establishes a transparent standard for data processing under the Digital Personal Data Protection Act, 2023. The key elements ensuring systematic consumer safety are summarized in the following points:

  • Absolute clarity for users regarding their administrative rights;
  • Lawful, purpose-limited data collection protocols only;
  • Controlled, contract-backed sharing arrangements with third-party vendors;
  • Clearly defined retention lifespans and automated deletion mechanisms;
  • Effective, rapid grievance resolution channels available at all times.