Privacy Policy
This Privacy Policy explains how the Company handles digital personal data for users based in India. The framework strictly aligns with the Digital Personal Data Protection Act, 2023, which governs the collection, use, storage, and transfer of personal information under Indian law. Each individual Data Principal holds specific rights over their records, and the Casino addresses those parameters directly within this comprehensive technical document. The provisions detailed below apply across all digital networks and online gaming interfaces available in the region.
Basics of Privacy Practices in India
A standard data notice must outline the administrative personal data handling methods practiced by a designated regulatory entity. Review the structural pillars established by national data protection rules in the summary table below.
| Aspect | Details |
|---|---|
| Covered data | Digital personal data only |
| Processing context | India-based user services |
| User category | Data Principal rights holder |
| Data Fiduciary role | Determines processing purposes |
| Data Principal role | Gives or withdraws consent |
| Consent approach | Free, explicit, unconditional affirmative action |
| Retention rules | Delete after processing purpose ends |
| Sharing rules | Disclose recipient categories to users |
| Grievance details | Active Grievance Officer contact published |
Scope of Data Protection Coverage in India
The structural boundaries of this data notice outline the exact limits under which individual security actions are implemented. The core application boundaries are itemized in the following list:
- Geographic data reach applied systematically across all territories of India;
- All electronic assets and online services covered by the policy;
- Specific digital personal data types processed through incoming streams;
- Physical records that are subsequently converted into digitized formats;
- Comprehensive data protections addressing India-based users;
- All active real-money Casino service users covered by the rules;
- Digital deployment interfaces where this text remains publicly accessible.
Categories of Personal Data Collected in India
The Company identifies the specific parameters gathered from individuals to guarantee complete functional clarity. The processing framework ensures ordinary personal data stays separated from high-risk categories that require heightened administrative protections.
Each individual provides or automatically generates data across several distinct functional classifications:
- Basic identifiers: Full legal name, gender, and verified residential address parameters;
- Contact information: Verified email addresses and active mobile phone numbers;
- Account credentials: Secure usernames, alphanumeric passwords, and linked login details;
- Technical data: Device hardware identifiers, network IP addresses, and operating system types;
- Tracking elements: Automated cookie files, historical session timelines, and comprehensive usage logs;
- Financial instruments: Local bank account records, UPI credentials, and real-money transaction fields;
- Gameplay statistics: Historical bet logs, wagering values, game preferences, and overall win records;
- Verification documents: Clear photographs of Aadhaar cards, PAN cards, or passports used as age proof;
- Parental consent records: Verified authorization logs or identity tokens collected for minors;
- Support communications: Written ticket records, live chat logs, and formal grievance correspondence.
Legal Framework for Data Management in India
The execution of individual tracking systems derives its authority directly from current state legislation. Review the administrative penalties and statutory compliance baselines in the framework table below.
| Element | Detail |
|---|---|
| Main statute | Digital Personal Data Protection Act, 2023 (DPDP Act) |
| Territorial scope | Digitized personal data processed within India or linked to regional users |
| Digital data focus | Restricted strictly to automated or digitized personal data |
| Offering services | India-based consumer channels covered comprehensively |
| Supporting IT Act | Supplemental SPDI Rules apply to sensitive classifications |
| Board role | Data Protection Board of India adjudicates operational breaches |
| Penalty range | Up to ₹250 crore for failing to maintain security safeguards |
| Compliance timeline | Transition adjustments enforced progressively until May 2027 |
User Notice and Consent Practices in India
Data Fiduciaries must present clear itemized text disclosures before gathering any individual data attributes. Platforms enforce the following operational notice protocols to validate incoming user consent chains:
- Present a standalone Privacy Notice to the Data Principal before any data collection begins.
- Specify each separate item of personal data the entity intends to collect.
- State all structural purposes of processing in clear, direct, and accessible terms.
- Indicate all third-party recipients and the exact operational reason for sharing.
- Collect free, specific, informed, and explicit affirmative consent from the Data Principal.
- Store securely dated consent records to satisfy routine independent audits.
- Offer an automated withdrawal option so the Data Principal can revoke consent instantly.
- Update the core Privacy Notice immediately upon any alteration in stated processing purposes.
Purposes of Data Collection and Minimisation
Every gathered data asset must connect directly to an authorized business execution pathway. Review the purpose mappings and minimization constraints established under national legal mandates in the reference table below.
| Purpose Type | Data Category | Minimisation Constraint Note |
|---|---|---|
| Account creation | Name, email address, phone | Basic identification attributes only |
| Service delivery | Residential address, play preferences | Necessary operational details only |
| Payment processing | Bank records or UPI information | Limited transaction-specific financial details |
| Customer support | Support tickets, interactive chat logs | Relevant problem-solving correspondence only |
| Compliance checks | Government ID cards, age proof | Audited validation data only |
| Marketing communication | Email, device identifiers | Consent-based contact data only |
| Analytics | Automated usage patterns | Anonymized aggregate telemetry data only |
Data Retention and Deletion in India Region
The storage lifespan of individual data components is determined strictly by the duration of the authorized purpose. The core retention and disposal mechanisms implemented across the region are outlined below:
- Purpose-based retention schedules applied independently to each unique dataset;
- Legal record retention executed in accordance with mandatory regulatory timelines;
- Minimum one-year log retention enforced following purpose conclusion per DPDP rules;
- Inactive account data deleted permanently after 3 consecutive years of zero interaction;
- Advance text notifications sent to users 48 hours prior to final account deletion;
- Archival processes paired with high-grade data anonymization strategies;
- Secure cryptographic disposal methods applied immediately upon profile closure.
Sharing with Third Parties and Cross-Border Data Use
External data transmissions must respect explicit user instructions and contractually verified protective agreements. Review the recipient categories and mandatory transfer conditions in the data sharing table below.
| Recipient Category | Purpose | Transfer Condition |
|---|---|---|
| Affiliated Entities | Internal service fulfillment support across subsidiaries | Explicit user consent obtained prior to transfer |
| Payment Providers | Real-money transaction processing and settlement | Direct contractual necessity under financial rules |
| Verification Vendors | Mandatory age verification and identity checks | Statutory compliance requirement before funding |
| Analytics Processors | Aggregated usage data analysis and performance tuning | Consent requirement managed through settings |
| Regulators and Courts | Official law enforcement order response | Mandatory government specification or legal demand |
Rights of Data Principals in India
The legal framework empowers local citizens with strong administrative tools to manage their digital profiles. The core individual privileges available to every data principal are listed below:
- Access summary right regarding the personal data being processed;
- Right to know and identify all third-party fiduciaries and processors with whom data is shared;
- Right to demand the correction of inaccurate or misleading information;
- Right to complete incomplete profile data fields instantly;
- Right to enforce absolute erasure after processing purposes conclude;
- Right to execute consent withdrawal commands at any chosen time;
- Right to seek grievance redressal within prescribed legal intervals;
- Right to nominate specific individuals to manage rights in the event of death.
Handling of Children Data in India
Processing records linked to individuals under eighteen years of age requires implementing enhanced platform safeguards. Review the strict rules governing minor data protection under current statutory guidelines in the table below.
| Aspect | Rule Under India Law |
|---|---|
| Child age threshold | Restricted to individuals under 18 years of age |
| Parental consent requirement | Verifiable consent from a parent or legal guardian is mandatory |
| Verification mechanisms | Identity age checks via government documents or specialized tokens |
| Allowed processing contexts | Restricted to basic introductory account services only |
| Profiling limitations | Behavioral monitoring and tracking are strictly prohibited |
| Targeted messaging restrictions | No direct child targeting or customized promotional ads allowed |
| Breach notice focus | Negative impact on children highlighted first in emergency reports |
| Minor access restrictions | Complete online gaming access blocked automatically by filters |
Grievance Redressal and Contact Information
Users can submit formal inquiries to resolve data-handling issues directly with the corporate administration. Follow these sequential steps to initiate and track a formal data complaint:
- Locate the official Grievance Officer’s name, designation, and contact details inside the platform footer.
- Submit a written complaint via email with a comprehensive description of the data concern.
- Provide valid identification documents and account details to verify profile ownership.
- Request explicit access to or immediate correction of the stored data components.
- Monitor the response status within the prescribed corporate timeline.
- Seek immediate escalation to a senior officer if the initial reply is unsatisfactory.
- File a formal escalation complaint before the Data Protection Board of India if unresolved within 30 days.
Obligations of Data Fiduciaries and Processors
Accountability requirements demand that processing platforms ensure absolute accuracy and operational security. The following compliance duties apply to every authorized data fiduciary:
- Implement reasonable security safeguards to eliminate data breach vulnerabilities;
- Manage role-based access controls to prevent unverified internal entry;
- Ensure absolute data accuracy across all active processing layers;
- Maintain accurate consent logs and historical authorization records;
- Keep comprehensive data processing logs for legal monitoring;
- Supervise third-party processor agreements through strict data contracts;
- Appoint an independent Data Protection Officer (DPO) based in India;
- Cooperate with the Data Protection Board during routine administrative reviews.
Online Gaming and Casino Privacy Clauses
Specialized interactive entertainment systems follow specific guidelines concerning transaction recording and account inactivity. Review the sector-specific parameters configured for local users in the table below.
| Sector Feature | Detail | User Impact |
|---|---|---|
| Gameplay data collection | Complete tracking of betting statistics and interaction history | Stored securely per user session |
| Betting outcomes logs | Systematic logging of gaming results and win records | Maintained on server lines for audit compliance |
| Transaction recording | Real-money payments processed in Indian Rupees (₹) | Logged per transaction to satisfy financial audits |
| Significant user threshold | Exceeding 5,000,000 registered users grants special status | Stricter rules and annual impact assessments apply |
| Inactivity deletion timeline | Three-year inactivity threshold triggers profile erasure | Notice sent 48 hours prior to removal |
| Contextual notifications | Tailored notices issued specifically for online gaming environments | Players informed directly about real-time tracking features |
| Breach response protocols | Notification delivered to affected individuals and the Board | Disclosed promptly within 72 hours without undue delay |
Conclusion on Data Protection Standards
Overall, this policy establishes a transparent standard for data processing under the Digital Personal Data Protection Act, 2023. The key elements ensuring systematic consumer safety are summarized in the following points:
- Absolute clarity for users regarding their administrative rights;
- Lawful, purpose-limited data collection protocols only;
- Controlled, contract-backed sharing arrangements with third-party vendors;
- Clearly defined retention lifespans and automated deletion mechanisms;
- Effective, rapid grievance resolution channels available at all times.
