Privacy Policy
garpwin
At garpwin, your privacy is fundamental to how we operate. This Privacy Policy explains precisely what personal data we collect, why we collect it, how we use and protect it, and what rights you hold over your information as a user of our Bangladesh-based online gaming platform.
SSL Encryption
All data transmitted between your device and garpwin is protected by industry-standard 256-bit SSL encryption, ensuring your personal and financial information cannot be intercepted in transit.
Strict Access Controls
Your account data is accessible only to authorised garpwin personnel with a legitimate operational need. All internal data access is logged, audited, and subject to our data governance policy.
No Data Selling
garpwin does not sell, rent, or trade your personal information to any third party for commercial marketing purposes. Your data is used solely to operate and improve the Platform.
Your Data, Your Control
You have the right to access, correct, export, and request deletion of the personal data garpwin holds about you. Submit a data subject request at any time via support@garpwin.
Transparent Cookie Use
We clearly document every category of cookie and tracking technology in use on garpwin, along with the purpose of each and the data it collects. No hidden trackers are deployed on our Platform.
Defined Retention Periods
Personal data is held only for as long as operationally or legally necessary. Retention periods for each data category are published in Section 6 of this Policy so you always know how long your data is stored.
Data Controller
garpwin acts as the data controller for all personal data collected through the Platform. As data controller, garpwin determines the purposes for which personal data is processed and the means by which that processing is carried out. All data processing activities described in this Privacy Policy are conducted by garpwin or by carefully vetted third-party processors operating under binding data processing agreements.
For all privacy-related enquiries, data subject requests, or complaints, you may contact our Data Protection team directly using the contact details provided in Section 11 of this Policy.
| Detail | Information |
|---|---|
| Platform Name | garpwin |
| Role | Data Controller |
| Primary Market | Bangladesh |
| Contact Email | support@garpwin |
| Support Hours | 00:00–24:00 BST (UTC+6) daily |
| Policy Language | English (prevailing version in all interpretations) |
Data We Collect
garpwin collects personal data in three primary ways: directly from you when you register or interact with the Platform, automatically as you use the Platform, and from third parties such as payment providers and identity verification services. The categories of data we collect are described below.
2.1 Data you provide directly:
- Registration data: Full legal name, date of birth, email address, mobile phone number, residential address, and chosen username and password.
- Identity verification (KYC) data: Copies of government-issued identity documents (National Identity Card, passport, or driving licence), selfie photographs for liveness checks, and utility bills or bank statements for address verification.
- Payment data: Mobile financial service account numbers (bKash, Nagad, Rocket, Upay), bank account details for Dutch-Bangla Bank, City Bank, BRAC Bank, Islami Bank, Sonali Bank, and other supported institutions, and transaction reference numbers. Full card numbers (if applicable) are processed exclusively by our PCI-DSS compliant payment processor and are never stored on garpwin servers.
- Support communications: Messages, attachments, and records of all interactions you have with our support team via live chat, email (support@garpwin), or WhatsApp (+880 1700 000000).
- Responsible gaming preferences: Self-exclusion requests, deposit limit settings, session time limit configurations, and cooling-off period selections that you submit voluntarily.
- Promotional participation data: Bonus codes redeemed, promotion opt-in confirmations, and feedback submitted in response to promotional surveys.
2.2 Data collected automatically:
- Technical and device data: IP address, device type, operating system, browser type and version, screen resolution, and time zone setting.
- Usage and behavioural data: Pages visited, time spent on each page, navigation paths, games launched, bet amounts, game round outcomes, and session start and end times (recorded in BST, UTC+6).
- Log data: Server access logs, error logs, and security event logs that record interactions between your device and our infrastructure.
- Cookie and tracking data: Data collected via cookies, local storage, and similar technologies as described in Section 4.
2.3 Data received from third parties:
- Identity verification providers: Enhanced identity match scores, document authenticity assessments, and watchlist screening results (PEP, sanctions lists) provided by our KYC partner services.
- Payment processors: Transaction confirmation data, payment status updates, and fraud signals from bKash, Nagad, Rocket, Upay, and banking partners.
- Fraud and AML screening services: Risk scores and alerts generated by third-party financial crime prevention systems that monitor for unusual transaction patterns indicative of money laundering or fraud.
- Game providers: Game session data, round results, and RTP-related statistical aggregates shared by Pragmatic Play, Evolution Gaming, Spribe, Ezugi, NetEnt, Microgaming, and other integrated game studios for settlement and dispute resolution purposes.
How We Use Your Data
garpwin processes personal data only for clearly defined, lawful purposes. We do not use your data in ways that are incompatible with the purpose for which it was originally collected. The table below maps each processing activity to its legal basis.
| Processing Purpose | Legal Basis |
|---|---|
| Account creation and management | Contract performance — necessary to provide the service you have requested. |
| Identity and age verification (KYC) | Legal obligation — required to verify that users are 18 years or older and to comply with AML regulations. |
| Processing deposits and withdrawals | Contract performance — necessary to execute financial transactions on your behalf. |
| Bonus and promotion administration | Contract performance — necessary to honour the promotional terms you have accepted. |
| Customer support and dispute resolution | Contract performance and legitimate interests — necessary to resolve issues and maintain service quality. |
| Fraud prevention and AML compliance | Legal obligation and legitimate interests — required to detect and prevent financial crime. |
| Platform security and abuse prevention | Legitimate interests — necessary to protect the integrity of the Platform and all users. |
| Analytics and Platform improvement | Legitimate interests — used in aggregated, anonymised form to improve user experience and game performance. |
| Responsible gaming monitoring | Legal obligation and legitimate interests — necessary to identify and support players showing signs of problem gambling. |
| Marketing communications (opted-in users only) | Consent — sent only to users who have explicitly opted in to receive promotional emails or SMS messages from garpwin. |
Cookies & Tracking Technologies
garpwin uses cookies and similar tracking technologies (including local storage and session storage) to operate the Platform, remember your preferences, analyse usage patterns, and deliver a personalised experience. This section explains each category of technology in use.
Strictly Necessary Cookies
Required for the Platform to function. These include your session authentication token, CSRF protection cookies, and load-balancing identifiers. They cannot be disabled without breaking core functionality. No consent is required for these cookies under applicable law.
Analytics Cookies
Used to understand how users navigate the Platform — which pages are visited most, how long sessions last, and where users encounter errors. Data is aggregated and anonymised before analysis. These cookies are activated only with your consent.
Preference Cookies
Store your interface preferences such as display language, last-visited game category, and notification settings so your experience is consistent across sessions. These are activated only with your consent.
Security Cookies
Support our fraud detection and account protection systems by recording session fingerprints that help identify unusual login patterns or automated bot activity. These are strictly necessary for the safety of your account and the Platform.
garpwin does not use third-party advertising cookies or behavioural targeting cookies from ad networks. We do not participate in cross-site tracking consortiums or sell cookie data to advertisers.
Data Sharing & Third Parties
garpwin does not sell, rent, or share your personal data with third parties for their own commercial purposes. We share data with third parties only in the specific circumstances described below, and only to the minimum extent necessary for the stated purpose.
- Payment service providers: We share transaction-level data (amount, timestamp, account reference) with bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, and other payment partners for the sole purpose of processing deposits and withdrawals on your behalf. These providers are contractually prohibited from using your data for any purpose other than executing the transaction.
- Identity verification providers: Your KYC documents and biometric data submitted during verification are shared with our accredited identity verification partner for document authenticity checks and age confirmation. Verification data is processed and stored by the provider under their own ISO-certified data security standards.
- Game providers and studios: Player session identifiers and bet/result data are shared with Pragmatic Play, Evolution Gaming, Spribe, Ezugi, NetEnt, Microgaming, and other integrated game studios for game round settlement, RTP reporting, and dispute resolution. Game providers do not receive your full identity or financial data.
- Fraud and AML screening services: Transaction data and account activity signals are shared with our financial crime prevention partners to detect and flag suspicious behaviour. This sharing is a legal obligation under applicable AML regulations.
- Analytics providers: Anonymised, aggregated usage statistics are shared with our analytics platform for Platform performance monitoring and UX improvement. No personally identifiable information is included in analytics data exports.
- Legal and regulatory authorities: garpwin will disclose personal data to law enforcement agencies, financial intelligence units, or other competent authorities when legally required to do so, or when disclosure is necessary to protect the rights, safety, or property of garpwin, our users, or the public.
- Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of the assets of garpwin, your personal data may be transferred to the acquiring entity. You will be notified via email at least 30 days before any such transfer, and the acquiring entity will be required to honour this Privacy Policy.
Data Retention
garpwin retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, to comply with legal and regulatory obligations, and to resolve disputes or enforce our agreements. The following retention schedule applies to the primary categories of personal data we hold.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | AML/KYC regulatory obligations and dispute resolution. |
| KYC identity documents | Duration of account + 5 years after closure | Mandatory AML record-keeping requirements. |
| Transaction records | 7 years from transaction date | Financial record-keeping and tax compliance. |
| Game session and bet history | 3 years from session date | Dispute resolution, RTP auditing, and responsible gaming monitoring. |
| Support communications | 3 years from last interaction | Quality assurance, dispute evidence, and training. |
| Marketing consent records | 3 years from last consent event | Proof of consent and opt-out history. |
| Cookie / analytics data | 13 months from collection | Platform analytics and performance optimisation. |
| Security and access logs | 12 months from creation | Fraud detection, account security investigation. |
| Self-exclusion records | Duration of exclusion + 7 years | Re-registration prevention and responsible gaming compliance. |
Upon expiry of the applicable retention period, personal data is permanently deleted or irreversibly anonymised in accordance with our internal data disposal procedures. Anonymised data (where no individual can be identified or re-identified) may be retained indefinitely for statistical and research purposes.
Data Security
garpwin implements a layered information security programme to protect your personal data against unauthorised access, accidental loss, disclosure, alteration, and destruction. Our security measures include both technical controls and organisational policies.
- 256-bit SSL/TLS encryption: All data in transit between your device and garpwin servers is encrypted using TLS 1.3. Our SSL certificates are issued by a trusted certificate authority and are renewed automatically before expiry.
- Encrypted data at rest: Personal data stored on garpwin servers, including KYC documents and payment references, is encrypted at rest using AES-256. Encryption keys are managed separately from the encrypted data.
- Network segmentation: Our production environment is segmented from development and administrative systems. Access between network zones is restricted by firewall rules and subject to continuous monitoring.
- Role-based access control: Access to personal data is restricted to staff members whose role requires it. All internal access is authenticated via multi-factor authentication and logged in our audit trail system.
- Vulnerability management: garpwin conducts regular penetration testing, automated vulnerability scanning, and dependency auditing to identify and remediate security weaknesses before they can be exploited.
- Incident response: garpwin maintains a documented data breach response plan. In the event of a confirmed breach affecting personal data, affected users will be notified within 72 hours of our becoming aware of the incident, along with details of the data affected and the steps we are taking to contain and remediate the breach.
Your Privacy Rights
As a user of garpwin, you hold meaningful rights over the personal data we process about you. These rights are described below. To exercise any of these rights, please contact our support team at support@garpwin with the subject line "Data Subject Request — [Right Type]". We will acknowledge your request within 48 hours and aim to fulfil it within 30 calendar days.
- Right of access: You have the right to request a copy of all personal data garpwin holds about you, along with information about how it is being used, who it is shared with, and how long it will be retained.
- Right to rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it without undue delay. For changes to core identity fields, re-verification may be required.
- Right to erasure ("right to be forgotten"): You may request that we delete your personal data where it is no longer necessary for the purpose for which it was collected, where you have withdrawn consent, or where the data has been unlawfully processed. Note that this right is subject to our legal obligations to retain certain data (e.g., AML records) for defined minimum periods as outlined in Section 6.
- Right to restriction of processing: You may request that we limit the processing of your personal data in certain circumstances — for example, while the accuracy of your data is being contested, or while you have raised an objection to our processing of it.
- Right to data portability: You have the right to receive a copy of the personal data you have provided to garpwin in a structured, commonly used, machine-readable format (CSV or JSON), and to transmit that data to another data controller of your choosing.
- Right to object: You may object at any time to the processing of your personal data where that processing is based on legitimate interests or is for direct marketing purposes. Marketing objections take effect immediately. Objections to legitimate-interest processing will be assessed on a case-by-case basis.
- Rights related to automated decision-making: garpwin uses automated systems for fraud detection and responsible gaming monitoring. Where an automated decision produces a significant effect on you (such as account suspension), you have the right to request human review of that decision by our Compliance team.
- Right to withdraw consent: Where processing is based on your consent (e.g., marketing communications, non-essential cookies), you may withdraw that consent at any time without affecting the lawfulness of processing that occurred before the withdrawal.
Children's Privacy
Age verification is a mandatory component of our registration and KYC process. All account holders are required to confirm that they are 18 years of age or older at the point of registration, and to provide documentary evidence of age as part of the identity verification process. Accounts that cannot be verified as belonging to an adult aged 18 or above will be suspended and any funds held in the account will be returned to the originating payment method.
If garpwin becomes aware that personal data has been collected from a user who is under the age of 18, we will take immediate steps to delete that data from our systems, close the associated account, and return any deposited funds. If you are a parent or guardian and believe that your child has registered an account or submitted personal data to garpwin without your knowledge, please contact us immediately at support@garpwin so that we can act without delay.
We strongly encourage parents and guardians to make use of parental control software to prevent minors from accessing online gambling platforms. Tools such as device-level content filtering and browser-based age restriction controls can provide an additional layer of protection in the household environment.
Changes to This Policy
garpwin reserves the right to update or revise this Privacy Policy at any time in response to changes in applicable law, evolving data protection standards, new Platform features, or changes in our data processing practices. The effective date displayed at the top of this document will be updated with each revision so you can always confirm when the Policy was last changed.
- Notification of material changes: Where a change is material — meaning it significantly affects your rights or the way we process your data — garpwin will notify registered account holders by email at least 7 days before the revised Policy takes effect. Please ensure your registered email address is current and that emails from garpwin are not filtered to your spam folder.
- Continued use constitutes acceptance: Your continued use of the Platform after the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms. If you do not accept the revised Policy, you should close your account and cease using the Platform before the revised Policy takes effect.
- Version history: Previous versions of this Privacy Policy are archived and available on request by emailing support@garpwin. We maintain a complete version history for a minimum period of 5 years.
- Minor updates: Non-material changes such as typographical corrections, updated contact details, or formatting improvements may be made without advance notice. These changes will still be reflected in an updated effective date.
Contact & Complaints
If you have any questions about this Privacy Policy, wish to exercise any of your data subject rights, or want to raise a concern about how garpwin handles your personal data, please use the contact details below. Our Data Protection team is available to assist you every day of the year.
| Contact Method | Details |
|---|---|
| support@garpwin — use subject line "Privacy Request" for data subject enquiries | |
| Live Chat | Available 24/7 directly on-site — average response time under 90 seconds |
| +880 1700 000000 — available 00:00–24:00 BST (UTC+6) daily | |
| Response Time | Privacy requests acknowledged within 48 hours; fulfilled within 30 calendar days |
Complaints procedure: If you are not satisfied with how garpwin has handled a privacy concern or data subject request, you may escalate your complaint by replying to your original support ticket and requesting escalation to our Data Protection Officer. We will issue a formal written response within 7 business days of receiving an escalated complaint.
garpwin is committed to resolving all privacy complaints fairly and promptly. We treat every data subject request with the same priority as a financial or account-security concern, because we recognise that your personal data is as important to you as your account balance.
Have Questions About Your Privacy?
Our support team is available around the clock to help with privacy requests, data subject rights, or any questions about how garpwin protects your information.