1xbet
Nhận thưởng

Đặt cược
VN

Personal Data Processing Policy

This Personal Data Processing Policy (hereinafter — the “Policy”) governs the collection, use, storage, transfer and protection of personal data of users accessing the website operated by Caecus N.V. (hereinafter — the “Operator”, “we”, “us”). The Policy applies to users resident in Nigeria and South Africa and is issued in compliance with the Nigeria Data Protection Act, 2023 (NDPA) and the Protection of Personal Information Act 4 of 2013 (POPIA).

By registering an account or otherwise using the Site, the user acknowledges that they have read and understood this Policy and consents to the processing of their personal data as described herein.

1. Operator Identity and Contact Details

The data controller responsible for the processing of personal data described in this Policy is Caecus N.V., operating the Site under the brand 1xBet. All enquiries relating to personal data processing shall be directed through the contact mechanisms available in the “Support” or “Contact Us” section of the Site.

1.1 Data Protection Officer (DPO) / Information Officer

In accordance with NDPA 2023 and POPIA Section 56, the Operator has appointed a Data Protection Officer (for Nigerian users) and an Information Officer (for South African users). Users may address data-related requests and complaints to the responsible officer via the dedicated privacy contact form or email address indicated in the “Contact Us” section of the Site. The Operator does not publish officer personal names in this document; contact is facilitated through official channels only.

2. Scope and Applicable Law

This Policy applies to all natural persons who interact with the Site from Nigeria or South Africa. The applicable legal frameworks are:

  • Nigeria: Nigeria Data Protection Act, 2023 (NDPA); NITDA Act 2007; National Lottery Regulatory Commission (Establishment) Act, 2005.
  • South Africa: Protection of Personal Information Act 4 of 2013 (POPIA); Electronic Communications and Transactions Act 25 of 2002 (ECTA); National Gambling Act 7 of 2004; Financial Intelligence Centre Act (FICA).

3. Categories of Personal Data Collected

The Operator collects and processes the following categories of personal data, depending on the user’s jurisdiction and the nature of their interaction with the Site:

Category Examples Applicable Jurisdiction
Identity data Full name, date of birth, national ID or passport number NG, ZA
Contact data Email address, phone number, residential address NG, ZA
Financial data Payment method details, transaction history, account balance NG, ZA
Device and technical data IP address, browser type, operating system, device identifiers NG, ZA
Location data Geolocation derived from IP address or device GPS (where permitted) NG, ZA
Gameplay and betting data Bet history, game history, session duration, wager amounts NG, ZA
Biometric data Facial recognition data used for identity verification (where applicable) ZA

4. Legal Bases for Processing

The Operator processes personal data on the following legal grounds:

  • Performance of a contract: Processing is necessary to provide the services offered on the Site, including account management, placement of bets and processing of withdrawals.
  • Legal obligation: Processing is required to comply with applicable laws, including anti-money laundering obligations, FICA due diligence (ZA), and financial record-keeping requirements under NDPA and POPIA.
  • Legitimate interests: The Operator processes data to prevent fraud, ensure platform security, and protect the rights of all users, provided such interests are not overridden by the data subject’s rights.
  • Consent: Where no other legal basis applies, processing is carried out on the basis of the user’s freely given, specific and informed consent, which may be withdrawn at any time without affecting the lawfulness of prior processing.

5. Purposes of Processing

Personal data is collected and used exclusively for the following purposes:

  1. Registration and maintenance of user accounts.
  2. Verification of identity and age (18+ requirement) in accordance with NLRC requirements (NG) and FICA and POPIA obligations (ZA).
  3. Processing of deposits, withdrawals and other financial transactions.
  4. Detection and prevention of fraud, money laundering and other prohibited activities.
  5. Compliance with regulatory and legal obligations, including reporting to the Nigeria Data Protection Bureau (NDPB) and the Information Regulator of South Africa.
  6. Responsible gambling monitoring, including enforcement of deposit limits, self-exclusion and session controls.
  7. Communication with users regarding account status, security alerts and service updates.
  8. Analysis of platform performance and improvement of user experience through anonymised or aggregated data.

6. Data Retention Periods

Personal data is retained only for as long as necessary to fulfil the purposes set out in this Policy, and in any case for no longer than permitted by applicable law:

  • Nigeria: Financial records are retained for a minimum of six (6) years in accordance with NDPA 2023 and Central Bank of Nigeria guidelines. Other personal data is erased or anonymised as soon as it is no longer necessary for the original purpose of collection.
  • South Africa: Financial records are retained for a minimum of five (5) years in accordance with POPIA and FICA requirements. Other categories of data are deleted or anonymised when no longer required for the specified purpose.

Upon expiry of the applicable retention period, personal data is securely destroyed or irreversibly anonymised.

7. Transfer of Data to Third Parties

The Operator does not sell personal data to third parties. Disclosure to third parties occurs only in the following circumstances:

  • Service providers: Payment processors, identity verification providers, IT infrastructure providers and anti-fraud solution suppliers acting as data processors under binding data processing agreements.
  • Regulatory authorities: Disclosure to the NDPB (NG), the Information Regulator (ZA), the NLRC (NG), provincial gambling boards (ZA) or law enforcement agencies where required by law.
  • Group companies: Where processing is carried out by affiliated entities within the Operator’s corporate group, subject to equivalent data protection standards.

Cross-border transfers of personal data are conducted only where:

  • The recipient country has been subject to an adequacy determination; or
  • Binding corporate rules or standard contractual clauses are in place as required by NDPA 2023, Section 42 (NG) and POPIA Section 21 (ZA).

8. Rights of Data Subjects

8.1 Rights under NDPA 2023 (Nigeria)

Users resident in Nigeria are entitled to exercise the following rights under NDPA 2023, Sections 34–38:

  • Right of access: To obtain confirmation of whether personal data is being processed and to receive a copy of such data.
  • Right to rectification: To request correction of inaccurate or incomplete personal data.
  • Right to erasure: To request deletion of personal data where it is no longer necessary, processed unlawfully or based on withdrawn consent.
  • Right to restriction: To request that processing be restricted in specified circumstances.
  • Right to data portability: To receive personal data in a structured, commonly used and machine-readable format.

8.2 Rights under POPIA (South Africa)

Users resident in South Africa are entitled to exercise the following rights under POPIA, Sections 5, 11 and 18–24:

  • Right of access: To request access to personal information held by the Operator.
  • Right to correction or deletion: To request correction of inaccurate, irrelevant, excessive, outdated or misleading information, or its deletion.
  • Right to object: To object to the processing of personal information on reasonable grounds.
  • Right to data portability: To receive personal data in a portable format where technically feasible.

8.3 How to Exercise Rights

Requests to exercise any of the above rights must be submitted through the privacy request form or dedicated contact channel available in the “Contact Us” or “Privacy” section of the Site. The Operator will respond within thirty (30) calendar days of receiving a verified request, in accordance with NDPA 2023 (NG) and POPIA Section 18 (ZA). The Operator may request additional information to verify the identity of the requestor before processing the request.

9. Cookie Policy

9.1 Categories of Cookies Used

The Site uses the following categories of cookies:

Category Purpose Consent Required
Strictly necessary Essential for the Site to function; enable login, session management and security features No
Performance / Analytics Collect anonymised data on how users interact with the Site to improve functionality Yes
Functionality Remember user preferences such as language, currency and region Yes
Targeting / Advertising Deliver relevant promotional content based on browsing behaviour Yes

9.2 Legal Basis for Cookies

The use of non-essential cookies requires prior, freely given and informed consent in accordance with NDPA 2023, Sections 24–27 (NG) and POPIA read together with ECTA Section 45 (ZA). Consent is obtained through the cookie banner displayed upon the user’s first visit to the Site.

9.3 Withdrawal of Consent

Users may withdraw consent for non-essential cookies at any time using the one-click cookie management mechanism accessible via the cookie settings link displayed on the Site. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal. Strictly necessary cookies cannot be disabled as they are essential for the Site to operate.

10. Security Measures

The Operator implements appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction or disclosure. These measures include, but are not limited to:

  • SSL/TLS encryption for all data transmitted between the user’s device and the Site.
  • Two-factor authentication (2FA) available for user accounts.
  • Segregation of player funds from operational accounts.
  • Anti-fraud monitoring systems operating on a continuous basis.
  • Access controls limiting personal data access to authorised personnel only.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of data subjects, the Operator will notify the relevant supervisory authority and affected users in accordance with applicable law.

11. Responsible Gambling and Data Processing

Personal data, including gameplay history, transaction records and session data, is processed for responsible gambling purposes, including enforcement of self-exclusion, deposit limits and loss limits. This processing is conducted in fulfilment of legal obligations and the Operator’s legitimate interest in protecting users from harm arising from gambling activity.

  • Nigeria: The Operator operates in accordance with requirements of the National Lottery Regulatory Commission and applicable state authorities. Self-exclusion registrations are processed and respected as required by state-level responsible gambling programmes. The mandatory notice applies: Gambling can be addictive. Only for persons 18 years and older.
  • South Africa: The Operator supports the National Responsible Gambling Programme (NRGP). Users may register for self-exclusion via the NRGP at responsiblegambling.org.za. FICA verification is completed prior to any withdrawal. The mandatory notice applies: Gambling can be addictive. Only for persons 18 years and older.

12. Complaints Procedure

If a user believes that their personal data has been processed in a manner inconsistent with this Policy or applicable law, they should first submit a formal complaint through the internal complaints mechanism available in the “Contact Us” section of the Site. The Operator will acknowledge receipt and respond within thirty (30) days.

If the user is not satisfied with the Operator’s response, they may escalate the complaint to the relevant supervisory authority:

  • Nigeria: Nigeria Data Protection Bureau (NDPB) — ndpb.gov.ng — [email protected]
  • South Africa: Information Regulator (South Africa) — justice.gov.za/inforeg — [email protected]

13. Minors

The Site is strictly prohibited for persons under 18 years of age. The Operator does not knowingly collect or process personal data of minors. Age verification is conducted during the registration process. Where the Operator becomes aware that personal data of a minor has been collected, such data will be deleted without delay.

14. Changes to This Policy

The Operator reserves the right to update or amend this Policy at any time in order to reflect changes in applicable law, regulatory requirements or internal data processing practices. Material changes will be communicated to registered users via email or a prominent notice on the Site. Continued use of the Site following notification of amendments constitutes acceptance of the revised Policy.

Date of last revision: July 3, 2026

1xbet
1xbet

Cược World Cup 2026: nhận thưởng đến 1.

1xbet
Tham gia ngay
Nhận thưởng Đặt cược
Lên đầu trang