Babu88 Privacy Policy

What personal information is collected

• Identity details: full name, date of birth, government-issued ID details as permitted by law, photographs for KYC, and proof of address.
• Contact details: email address, mobile number, postal address, and account preferences.
• Account and transaction data: username, account settings, deposits, withdrawals, game participation, dispute records, and responsible gaming settings.
• Payment and verification data: payment instrument identifiers processed by payment providers, UPI IDs, card tokens, bank details, and results of verification checks.
• Technical data: device identifiers, IP address, browser type, operating system, app version, log files, and approximate location derived from IP.
• Usage information: pages viewed, time on page, clicks, referral sources, and interactions across websites and apps.
• Cookies and similar technologies: preference cookies, analytics, and advertising identifiers.
• Compliance screening data: fraud risk signals, sanctions screening results, and adverse media checks where required by law.

Why the information is collected

• To create and manage accounts and provide online services.
• To process transactions, verify identity, and meet KYC and anti-fraud requirements.
• To deliver customer support and resolve disputes.
• To improve platform performance, safety, and usability through analytics and testing.
• To personalise content such as language, interface, and responsible gaming tools.
• To comply with applicable laws, regulatory requests, and record-keeping obligations.

Technical and organisational measures

• Encryption in transit and at rest, TLS for data in motion, and tokenisation of sensitive fields.
• Role-based access controls, multi-factor authentication, and least-privilege principles.
• Secure software development lifecycle, vulnerability scanning, and regular penetration testing.
• Network segregation, firewalls, continuous monitoring, and audit logging.
• Vendor due diligence, data processing agreements, and confidentiality obligations for partners.
• Staff training, incident response plans, backups, and disaster recovery.

User rights under India law

• Access: request a copy of personal data and information on its processing.
• Correction: update inaccurate or incomplete details.
• Deletion: request erasure where permitted, such as when consent is withdrawn or retention is not required by law.
• Consent management: withdraw consent for processing that relies on consent, including marketing preferences.
• Grievance redressal and nomination: raise a complaint or nominate an authorised person as permitted under the Digital Personal Data Protection Act, 2023.

Legal compliance

• Processing follows the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000 and applicable rules, and other local requirements.
• Where relevant, practices are aligned to international standards such as GDPR principles for transparency, data minimisation, and security.

Retention

• Personal data is retained for the duration of the account and as needed for services, legal obligations, tax, anti-fraud, and dispute resolution.
• Certain records may be kept for a period typically up to 5 years after account closure, subject to applicable law.

Contacts

• Data Protection Officer and Grievance Officer: [email protected]
• Requests can be submitted through Account Settings or by email. Identity verification may be required.

The platform uses personal data for the following purposes in a lawful and transparent manner:

• Account setup and service delivery: creating accounts, verifying eligibility, and operating games and sportsbook services.
• Transactions: processing deposits, withdrawals, bonuses, chargebacks, and refunds through regulated payment service providers.
• Safety and integrity: detecting fraud, abuse, self-exclusion breaches, and security incidents.
• Customer support: answering queries, troubleshooting, and managing complaints.
• Personalisation and improvement: tailoring interfaces, improving performance, and running A/B tests and analytics for service quality.
• Marketing communications: sending service updates or offers in line with consent and user preferences, with opt-out options.
• Compliance: fulfilling legal duties, handling regulatory inquiries, audits, and enforcing terms of use.

Lawful bases for processing

• Consent provided by the user for specified purposes.
• Performance of a contract for delivering the requested online services.
• Compliance with legal obligations, including identity verification and record keeping.
• Legitimate uses permitted under applicable Indian law, such as fraud prevention and service improvement, balanced against user interests.

How users can access and manage information

• Access: review personal data and account information through Account Settings or by contacting [email protected].
• Update: correct or complete details in profile settings, or send a correction request with supporting documents.
• Deletion: request erasure of personal data where processing is not required for legal, tax, dispute, or security reasons. Certain minimal records may be retained for compliance.

Procedures and timelines

• Requests require verification of identity to protect users.
• A response is provided within timelines prescribed by applicable law, typically within 30 days.
• If a request is refused or limited due to legal obligations, the reason will be explained where lawful to do so.

Security checks and payments

• By using Babu88, users consent to security checks, identity verification, anti-fraud screening, and the processing of payment information by payment service providers for transactions and compliance.

• The services are intended for persons aged 18 years and above.
• The operator cannot verify age without supporting documents. Age verification may be requested during registration, deposit, withdrawal, or at any time.
• If an account is found to belong to a minor, access will be restricted and personal data will be deleted as permitted by law. Limited records may be retained to meet legal obligations.
• Parents or guardians may request deletion of a minor’s data by contacting [email protected] and providing proof of relationship and identity.

• Personal data may be stored or processed outside India in countries where technology, payment, KYC, analytics, or customer support partners are located.
• Use of the site signifies consent to such international transfers for the purposes described in this policy.
• Confidentiality and security are ensured through contracts, access controls, encryption, and audit obligations imposed on all partners handling information.
• When required, appropriate safeguards that reflect global best practices are implemented to protect user information during transfer.

• A disclaimer may change the scope or effect of certain rules in this policy, such as limits on responsibilities of the operator or clarifications on the use of services.
• The disclaimer applies when the user accepts this policy by signature, click-acceptance, or accession through continued use of the services.
• Nothing in this section removes rights granted by applicable law. Where a conflict arises, mandatory legal protections prevail over this policy document.

• Cookies are small text files stored on a device by websites to remember a user and understand how the site is used.
• Cookies and similar technologies are used for statistics, behaviour analysis, personalisation, security, and site improvement.
• Retention: cookies set by the platform or its partners typically remain for up to 1 year unless deleted earlier by the user.
• Users can manage cookies through browser settings or the preference centre. Some essential cookies are necessary for core functions and cannot be disabled through the site.

• Using this website, apps, or related services means full acceptance of this Privacy Policy and any related documents referenced here.
• The current version posted on the site prevails over earlier versions. Updates will be published with an effective date, and continued use after changes indicates acceptance.
• Users who do not agree should discontinue use and request account closure and deletion where permitted.

• Personal data may be shared with third parties when required by law, for dispute resolution, to perform agreements, or to deliver requested services. Examples include payment processors, KYC verification partners, cloud hosting, analytics providers, and customer support vendors.
• A list of key processors and partners is maintained on the site. Where a partner is not listed, users will be informed of the purpose and scope of sharing to the extent permitted by law.
• Providing personal information for these purposes constitutes consent to share it with the relevant third party. Such parties may process data as independent controllers or processors under their own privacy policies.
• Court orders, law enforcement requests, regulatory bodies, or potential acquirers in a corporate transaction may also receive information where legally justified.

• The site may include links to external websites and services that are not operated by the platform.
• Those websites follow their own privacy policies and practices. The operator is not responsible for how such third parties collect, use, or disclose information.
• Users should review the privacy policy of any external site visited and exercise caution before sharing personal data.