Effective Date: 19 May 2026 & onwards Last Reviewed: 19 May 2026 Document Version: 2026.05 Applies to: The Official Bengalwin Casino & all Bengalwin services, mobile app, and customer support channels.
Why This Page Exists
Every time you register at Bengalwin (বেঙ্গলউইন), deposit through bKash, place a cricket bet, or send a message to support, data about you is created. Some of it you give us directly — your name, date of birth, and mobile number. Some of it is generated by your activity on the platform — which games you played, how much you deposited, and what device you used. And a small amount comes from third parties like our payment partners and identity verification providers.
This Privacy Policy explains, in plain language, what data Bengalwin collects, why we collect it, who we share it with, how long we keep it, and what rights you have over it. We are a licensed online casino operating under Curaçao eGaming, and we are legally required to handle personal data carefully — but more importantly, we want you to trust the platform you are playing on.
If you have already read our Terms and Conditions, AML and KYC Policy, & Cookie Policy, this page is the next piece of the puzzle. Together, those four documents describe how Bengalwin operates as a legitimate, regulated business — not a clone site, not an offshore middleman.
The fundamental rule: Bengalwin will never sell your personal data. We collect only what we need to run the casino, comply with the law, pay your withdrawals to bKash or Nagad, and keep your account secure. Everything else is off limits.
Who We Are (Data Controller)
Bengalwin is the trading name of the licensed operator of the website at https://www.bengalwin.asia/. For data protection law, Bengalwin acts as the data controller of personal data collected through the platform. This means we decide what data is collected, how it is processed, and how long it is retained — and we are accountable to you for those decisions.
You can contact us about any privacy matter through the Contact Us page, the 24/7 live chat on the website, or by writing to our Data Protection Officer through the email address listed in §13 below.
Table of Contents
What Personal Data We Collect
We collect three categories of data: data you give us, data we generate from your activity, and data we receive from third parties.
2.1 Data You Provide Directly
When you register an account, deposit funds, or contact support, you provide:
- Identity data: Full legal name (as it appears on your NID or passport), date of birth, gender, nationality
- Contact data: Mobile number, email address, residential address in Bangladesh
- Account credentials: Username, password (stored as a one-way cryptographic hash — never readable, even by us), security questions
- Financial data: BKash, Nagad, Rocket, or Upay mobile wallet number, deposit and withdrawal amounts, transaction history
- KYC documents: A copy of your National ID (NID) or passport, a selfie or short video for liveness verification, and sometimes a recent utility bill or bank statement for proof of address
KYC data is required by our AML and KYC Policy and is the same standard used by every regulated bank in Bangladesh. If you do not provide it, we cannot legally process withdrawals.
2.2 Data Generated by Your Activity
The moment you log in, the platform begins recording activity data — this is unavoidable for any online casino:
- Games played, bets placed, wins, losses, session duration
- Deposit and withdrawal timestamps and amounts
- IP address, approximate geographic location (city level)
- Device type, operating system, browser, screen resolution
- Login times, logout times, and failed login attempts
- Chat transcripts with customer support
- Bonus claims and wagering progress (Welcome Bonus, Free Credits, Daily Wheel, etc.)
This data is used to run the casino — without it, we cannot credit your account when you win, detect fraud, or improve game fairness. The same data is also what we hand over when a regulator audits us.
2.3 Data From Third Parties
A small portion of data comes from outside Bengalwin:
- Payment providers (Bkash, Nagad, Rocket, Upay) share transaction confirmations and, where required, the name registered on your mobile wallet
- KYC verification partners validate that the NID or passport you uploaded is genuine
- Game studios (JILI, Evolution Gaming, Pragmatic Play, NetEnt, FA Chai, Spribe, JDB, and others listed on our providers pages) provide round histories and outcomes for the games you play on their software
- Fraud detection services flag suspicious devices, repeat bonus abuse, and known multi-accounting patterns
Why We Collect This Data (Legal Basis)
Data protection law requires us to have a specific legal reason for each type of processing. Bengalwin relies on four lawful bases:
Contractual necessity — We cannot give you an account, accept deposits, run games, or pay withdrawals without processing identity and financial data. This is the basis for the bulk of routine operations.
Legal obligation — Anti-money laundering rules, age verification requirements, and tax reporting are imposed on us by law. KYC checks under our AML Policy, and the under-18 ban under our Age Verification Policy sit here.
Legitimate interests — Fraud prevention, platform security, fair-play monitoring under the Fair Play and RNG Certification, debugging, and protecting the business against abuse. We balance these interests against your privacy in every case.
Consent — Marketing communications, optional cookies, and any non-essential profiling. You can withdraw consent at any time through your account settings or by replying STOP to any marketing message.
How We Use Your Data
We use personal data only for the purposes listed below. There are no hidden uses.
| Purpose | What This Involves |
|---|---|
| Running your account | Registration, login, balance updates, game session management |
| Processing payments | Deposits via Bkash, Nagad, Rocket, or Upay; 1–3 hour withdrawals |
| Verifying identity (KYC) | Age check, fraud check, ownership confirmation of the bKash/Nagad number |
| Legal compliance | AML reporting, source-of-funds checks on large deposits, suspicious activity reports |
| Security | Detecting account takeover, blocking bot traffic, protecting against DDoS |
| Customer support | Handling your tickets, chat conversations, and complaints |
| Bonus administration | Crediting the 130% Welcome Bonus, free ৳20 credits, daily login rewards, rescue bonus, and referral commissions |
| Responsible gaming | Monitoring play patterns and applying limits requested under our Responsible Gaming Policy |
| Marketing (with consent) | Promotional offers via SMS, email, or push notifications — you control this |
| Service improvement | Aggregated analytics on which games are popular, which payment methods are used most, where the platform can be faster |
We never use your data to train external AI models. We never share your Bkash number, NID, or play history with advertisers. We never enrich your profile by buying data from third-party data brokers.
Who We Share Your Data With
Bengalwin shares data only with parties we cannot operate without. These fall into four narrow groups:
Payment processors. Bkash, Nagad, Rocket, and Upay receive the minimum data they need to settle a transaction — your wallet number, the amount, and a transaction reference. They do not see what games you played or how much you have wagered.
Regulators and law enforcement. Where the Curaçao Gaming Control Board, the Bangladesh Financial Intelligence Unit, or any other authority with proper jurisdiction issues a lawful request, we comply. We do not hand over data on informal demand.
KYC and fraud-detection vendors. These third parties verify NIDs and flag fraud patterns. They are bound by confidentiality agreements and process data only on our instructions.
Game providers. Studios like Evolution Gaming and Pragmatic Play see the round you played on their software — your username, bet amount, and outcome. They do not receive your KYC documents or Bkash number.
We do not share data with affiliate marketers without your explicit consent. We do not list your account on any public registry. We do not “sell” data in any sense the word can carry.
International Data Transfers
Bengalwin operates infrastructure across multiple jurisdictions, and some of our service providers are based outside Bangladesh. When personal data is transferred internationally, we ensure equivalent protection through one of three mechanisms:
- The receiving country has an adequacy decision (recognised as having equivalent data protection law)
- Standard contractual clauses are in place between Bengalwin and the receiving party
- The transfer is necessary for the performance of your contract with us (for example, processing a withdrawal)
All transfers are encrypted in transit using TLS 1.3 or higher. No data sits unprotected on a network at any point.
How Long Do We Keep Your Data
Retention is not optional — gambling regulators require us to keep certain records for years after an account closes. Here is exactly how long each category is held:
| Data Type | Retention Period | Reason |
|---|---|---|
| KYC documents and identity data | 7 years after account closure | AML law requirement |
| Transaction history (deposits, withdrawals, bets) | 7 years after the transaction | AML law + tax compliance |
| Account and profile data | Active account + 7 years after closure | Dispute resolution, regulator audits |
| Customer support tickets | 3 years after resolution | Quality assurance, dispute resolution |
| Marketing consent records | Until consent is withdrawn + 2 years | Proof of lawful consent |
| Server logs (IP, device data) | 12 months | Security investigation |
| Cookies | See Cookie Policy for individual cookie durations |
After the retention period ends, data is either permanently deleted or irreversibly anonymised so it can no longer be linked to you.
Your Privacy Rights
You have the following rights over your personal data. To exercise any of them, contact us through live chat or email the Data Protection Officer. We respond within 30 days.
Right to access — Request a copy of all personal data we hold about you.
Right to rectification — Correct any inaccurate or outdated information (a new mobile number, a name spelling fix on KYC).
Right to erasure — Ask us to delete your data. Important caveat: where AML law requires us to retain records, we cannot delete them before the legal retention period expires. We will delete everything that is not legally locked.
Right to restrict processing — Pause certain uses of your data while a dispute or correction is investigated.
Right to data portability — Receive a machine-readable copy of the data you have given us, so you can take it elsewhere.
Right to object — Object to processing based on legitimate interests, including direct marketing. Marketing objections are honoured immediately and without exception.
Right to withdraw consent — Where processing is based on your consent (marketing, optional cookies), you can withdraw it at any time without affecting the lawfulness of past processing.
Right to complain — If you believe we have mishandled your data, contact us first — we want the chance to fix it. If you are still not satisfied, you can escalate to the Curaçao Gaming Control Board.
Security Measures
Protecting your data is not a checkbox exercise. Bengalwin uses the following safeguards as standard:
- Encryption in transit: TLS 1.3 for every connection between your device and our servers
- Encryption at rest: AES-256 for KYC documents and sensitive account data
- Password hashing: Bcrypt or Argon2 — your password is never stored in readable form
- Two-factor authentication is available for all accounts and is recommended for VIP Members
- Access controls: Staff can only see the data they need to do their job; sensitive data access is logged
- Penetration testing on the platform infrastructure annually
- DDoS protection via enterprise-grade traffic filtering
- Segregated player funds — your balance is held separately from operational funds
- 24/7 security monitoring with automated alerts on suspicious access patterns
No system is perfect, and if a data incident affecting your personal data occurs, we will notify you and the relevant regulator within 72 hours of becoming aware of it.
Cookies and Tracking
Cookies are governed by their own document — see the full Cookie Policy for the complete list, categories (essential, analytics, marketing), and how to control them through your browser or our cookie banner.
In summary: essential cookies (login session, security) are always on because the site cannot function without them. Analytics and marketing cookies require your consent and can be switched off at any time without affecting your ability to play.
Children and Underage Users
Bengalwin is strictly an adult platform. Nobody under 18 may register, deposit, or play under any circumstances. Our Age Verification Policy explains the safeguards in detail.
If we discover that a person under 18 has somehow created an account, we will close it immediately, refund any deposits to their source of payment, void any winnings, and delete the data we are not legally required to retain. Parents or guardians who suspect a minor has accessed the platform can contact us at once through Contact Us, and we will act the same day.
Bangladesh-Specific Privacy Context
Bengalwin is built for Bangladeshi players, and several aspects of our data practices reflect that:
Mobile wallet data. When you deposit via Bkash, Nagad, Rocket, or Upay, the wallet provider shares the name registered on the number. We use this to confirm the wallet belongs to you — a critical anti-fraud check given how widely shared phones are in Bangladesh.
NID verification. The Bangladesh National ID is the primary KYC document. We store the NID image with the same protections as a passport — encrypted at rest, access-logged, and never used for anything other than verifying your age and identity.
Bengali-language support. Privacy requests submitted in Bengali receive the same priority and 30-day response time as English requests. Our Data Protection Officer reviews requests in both languages.
BDT-only transactions. Because we operate in BDT only, no currency conversion data is collected or shared with foreign exchange providers.
Local law context. While Bangladesh does not yet have a single comprehensive data protection statute, we voluntarily apply GDPR-aligned standards because they represent international best practice for handling player data.
Contact Us About Privacy
For any question, request, or complaint relating to your data:
- Live chat: 24/7 from any page on https://www.bengalwin.asia/
- Contact form: https://www.bengalwin.asia/contact-us/
- Data Protection Officer: dpo@bengalwin.asia
- Postal: Available on request via live chat (Curaçao registered office)
We answer privacy requests within 30 days. If your request is complex, we may extend the response window by another 30 days and will let you know why.
Changes to This Policy
Privacy law and platform features evolve, and this policy will be updated periodically. When material changes occur, we will:
- Update the Effective Date and Document Version at the top of this page
- Notify registered users by email or in-app notice for significant changes
- Keep prior versions available on request for transparency
Continued use of the platform after a material change means you accept the revised policy. If you disagree with a change, you can close your account at any time — see §8 above on the right to erasure for what happens to your data afterwards.
Relationship to Other Policies
This Privacy Policy works together with these other Bengalwin documents:
- Terms and Conditions — your full contract with Bengalwin
- AML and KYC Policy — identity verification and source-of-funds rules
- Cookie Policy — detailed cookie list and consent
- Age Verification Policy — 18+ enforcement
- Responsible Gaming Policy — limits, self-exclusion, and player protection
- Fair Play and RNG Certification — game integrity and audit standards
Together, these documents describe how Bengalwin operates as a transparent, regulated, player-first platform.
❓ Frequently Asked Questions (FAQ’S) About Bengalwin’s Privacy Policy
Does Bengalwin sell my personal data?
No. Bengalwin will never sell your personal data to advertisers, data brokers, or any third party. We only share data with payment partners like Bkash & Nagad, KYC verification vendors, and regulators when legally required. Marketing data is shared only with your explicit consent, which you can withdraw at any time.
What personal data does Bengalwin collect?
Bengalwin collects identity data (name, date of birth, NID), contact data (mobile number, email), financial data (Bkash, Nagad, Rocket, or Upay wallet number, transaction history), KYC documents, and activity data (games played, login times, IP address). All collections are tied to a specific legal basis — contract, legal obligation, legitimate interest, or your consent.
How long does Bengalwin keep my data?
KYC documents and transaction history are kept for 7 years after account closure, as required by anti-money laundering law. Support tickets are kept for 3 years, server logs for 12 months. Marketing consent records are kept for 2 years after you withdraw consent. After these periods, data is deleted or irreversibly anonymised.
Can I ask Bengalwin to delete my account and data?
Yes — you have the right to erasure. Submit the request through live chat or the Contact Us page. We will delete everything not legally required to retain. Records covered by AML retention (7 years) cannot be deleted before that period expires, but they are locked from all other use.
How does Bengalwin protect my bKash and NID information?
Your Bkash, Nagad, Rocket, and Upay wallet details are encrypted at rest with AES-256 and transmitted only over TLS 1.3 connections. NID documents are stored with the same encryption, access is logged, and only KYC-approved staff can view them. Bengalwin never shares these with advertisers or unrelated third parties.
What rights do I have over my data at Bengalwin?
You have 8 rights: access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and the right to complain. Submit any request via live chat or dpo@bengalwin.asia, and you will receive a response within 30 days. These rights are honoured regardless of where you are based.
Does Bengalwin share my data with anyone outside Bangladesh?
Some service providers (cloud infrastructure, game studios like Evolution Gaming and Pragmatic Play, fraud detection vendors) are based outside Bangladesh. Standard contractual clauses or adequacy decisions protect international transfers, and all data is encrypted in transit. Your data is never sold across borders.
How is my Bengalwin data protected from hackers?
Bengalwin uses TLS 1.3 encryption for all connections, AES-256 encryption for stored sensitive data, Bcrypt/Argon2 password hashing, mandatory two-factor authentication options, role-based staff access controls, annual penetration testing, 24/7 security monitoring, and DDoS protection. If a data breach affects you, we will notify you and the regulator within 72 hours.