1win Privacy Policy

• Personal data we collect
  • Identity and contact details: name, username, email, phone, address.
  • Age and KYC verification: CNIC or passport details, selfie, proof of address.
  • Transaction and payment records: tokens from payment processors, bank references, wallet identifiers. Full card numbers are not stored.
  • Device and technical information: IP address, device identifiers, operating system, browser, language, time zone.
  • Usage data: account activity, session logs, preferences, support interactions.
  • Cookies and similar technologies for functionality, security, and analytics.
• Why we collect and process this information
  • To provide and maintain the account and services.
  • To process deposits, withdrawals, and resolve payment issues.
  • To verify identity and age, and to meet AML and CFT obligations.
  • To prevent fraud, ensure platform integrity, and manage risk.
  • To improve online performance, user experience, and support.
  • To comply with legal, tax, and regulatory requirements.
• Protection measures
  • Encryption in transit and at rest.
  • Strict access controls, least-privilege policies, and multi-factor authentication.
  • Network monitoring, logging, and incident response procedures.
  • Regular security testing and vulnerability management.
  • Staff training, confidentiality undertakings, and role-based access.
  • Vendor due diligence and data processing agreements.
• User rights
  • Access: request a copy of personal data.
  • Correction: update inaccurate or incomplete information.
  • Deletion: request erasure where permitted by law and contract.
  • Restriction and objection: limit certain processing and opt out of direct marketing.
  • Portability: request transfer of data where technically feasible.
• Legal compliance in Pakistan
  • Processing follows applicable laws of Pakistan, including the Prevention of Electronic Crimes Act 2016, the Anti-Money Laundering Act 2010, and relevant guidance from the State Bank of Pakistan and the Pakistan Telecommunication Authority. The approach aligns to recognised international privacy standards, such as GDPR principles, where relevant.

Personal data is processed lawfully, fairly, and transparently for the following purposes:

• Account servicing and authentication, including password recovery and security alerts.
• Processing payments and payouts, and handling billing queries.
• Customer support and dispute resolution.
• Risk management, fraud prevention, AML and sanctions screening.
• Service improvement, performance monitoring, debugging, and analytics.
• Personalisation of content and settings, subject to cookie choices.
• Marketing communications where consent exists, and honouring opt-out preferences.
• Compliance with legal obligations, regulatory inquiries, audits, and enforcement requests.
• Limited automated decision-making for fraud and KYC, with human review available on request.

• How to access and update
  • Users can review certain profile information in account settings.
  • A request for access, correction, portability, or restriction can be submitted through the contact details published on the website.
• Corrections
  • Inaccurate or incomplete information can be rectified. Supporting documents may be requested to verify changes.
• Deletion
  • A user may request deletion of personal data. Some records must be kept for the period required by law, including AML, taxation, and fraud prevention requirements.
• Security checks and payment processing
  • By using 1win, the user consents to security checks, identity verification, and processing of payment information by payment providers, banks, and anti-fraud partners, in line with this document and applicable law.

• The services are intended for persons aged 18 and above.
• The operator cannot confirm age in all cases without identification documents.
• If a minor’s information is discovered, the account will be suspended and data will be deleted unless retention is required by law.
• A parent or legal guardian may request removal of a minor’s personal data by contacting the privacy contact point shown on the website and providing proof of relationship and identity.

• Personal data may be stored or processed outside Pakistan in locations where service providers or group partners operate.
• Use of the website indicates consent to such cross-border transfers for the purposes described in this Policy.
• Safeguards are applied, including contractual obligations, access controls, encryption, and need-to-know principles.
• All partners handling information are required to maintain confidentiality and implement appropriate security measures.

• This disclaimer may interpret or limit the scope and effect of certain rules in this document to the extent permitted by law.
• Mandatory legal requirements, court orders, or regulatory directions take precedence over any conflicting term in this Policy.
• The disclaimer applies when the user accepts the Policy by signature where applicable, by clicking acceptance during registration, or by accession through continued use of the services.
• Nothing in this Policy limits non-excludable rights under applicable law.

• Definition
  • Cookies are small text files placed on a device by websites to store settings and recognise the user on return visits.
• How cookies are used
  • Statistics and analytics to understand usage and improve performance.
  • Behaviour analysis for security and fraud prevention.
  • Personalisation of content, language, and preferences.
  • Service improvement, including load balancing and error tracking.
• Retention
  • Non-essential cookies are retained for up to 1 year unless removed earlier by the user.
• Choices
  • Browser settings can be used to block or delete cookies. Essential cookies are necessary for core services and may not be disabled through site controls.

• Use of the website and services constitutes full acceptance of this Privacy Policy.
• The most recent version of the Policy published on the website prevails over prior versions.
• The Policy may be updated to reflect changes in law, technology, or operations. Material changes will be indicated by updating the effective date in the document.
• Continued use of 1win after an update indicates acceptance of the revised Policy.

• Sharing of personal data
  • Information may be shared where required by law, to establish or defend legal claims, to resolve disputes, or to perform agreements with service providers.
  • Typical recipients include payment processors, banks, KYC and anti-fraud vendors, analytics and cloud hosting providers, customer support tools, auditors, and competent authorities.
• Transparency
  • The list or categories of key processors and partners is made available on the website. Where a specific party is not listed, users will be informed of the purpose and scope of processing when required by law.
• Consent
  • Providing information for a transaction or verification signifies consent to processing by the relevant third party for that purpose, subject to their own privacy policies and applicable laws.

• The website may contain links to external websites or services that operate under their own privacy practices.
• The operator is not responsible for how such third parties collect, use, or disclose personal data.
• Users should review the privacy policy of any external site and exercise caution when sharing information online.