Privacy Policy

OBSERVE: A privacy policy explains how personal data is collected and used when you visit or use the services of Zeus Win on zeuswinsi.com. EXPAND: It is required to meet transparency obligations under the UK GDPR and the Data Protection Act 2018, and it helps you understand choices such as marketing preferences and cookie controls. REFLECT: This policy applies to website visitors, registered players, and anyone who communicates with us in relation to an account or support request.

Effective date: 6 November 2025.

Who We Are

OBSERVE: Zeus Win is the brand presentation of Zeus Win operated via zeuswinsi.com. The available source data does not specify the operator's verified legal entity name, registered office address, Companies House (or equivalent) registration number, or UK establishment details. EXPAND: UK privacy law requires you to be told who the data controller is and how to contact the person/team responsible for data protection matters; where these details are not available at time of publication, the controller must provide a functional contact route and commit to updating. REFLECT: Until the operator's formal corporate particulars are published/verified, we provide the operational contact channel below and will update this section once the legal entity identity and registration details are confirmed.

• Data Controller (legal name): Not specified in provided data; to be published/verified by the operator.
• Legal/registered address: Not specified in provided data; to be published/verified by the operator.
• Company registration details: Not specified in provided data; to be published/verified by the operator.

Data Protection Contact (DPO / Privacy Team)

OBSERVE: The available contact email for complaints/disputes is disputes@zeuswinsi.com (noting a legacy reference to disputes@zeuswin.com in source notes). EXPAND: A dedicated privacy contact is best practice; in the absence of a separate DPO mailbox, requests can be routed via the disputes channel and marked for the attention of the Data Protection Department. REFLECT: Use the contact below for privacy queries and rights requests.

• Email: disputes@zeuswinsi.com (please include "Data Protection Request" in the subject line)
• Phone: Not specified
• Online form: Not specified
• Author/contact reference: Oliver Bennett (named contact reference in provided data)

What Personal Data We Collect

OBSERVE: Zeus Win on zeuswinsi.com may collect data you provide directly, data generated by your use of the services, and data obtained from third parties for verification and fraud-prevention purposes. EXPAND: Online gambling services typically require identity and payment checks (KYC/AML), account security, and responsible gambling monitoring; these involve special handling and minimisation. REFLECT: We limit collection to what is relevant for providing the service, meeting legal obligations, and protecting players and the integrity of the platform.

Categories of Data

• Identity & contact data: Full name, date of birth, username, email address, phone number, residential address, country of residence, and communication records with support.
• Account & verification (KYC) data: Copies/records of identity documents, age verification outcomes, proof of address, and results of screening needed to meet anti-money laundering and fraud controls.
• Payment & transaction data: Deposit/withdrawal amounts, transaction timestamps, payment method identifiers, limited card data (e.g., last four digits) where applicable, bank/wallet identifiers, chargeback and payout history. We do not intentionally store full card numbers/CVV; payment processing is typically handled by regulated payment partners.
• Gameplay & behavioural data: Betting history, game sessions, bonus usage, clicks, pages viewed, responsible gambling interactions (e.g., limits, time-outs), and preferences.
• Technical & device data: IP address, approximate location derived from IP, browser type, device identifiers, operating system, login timestamps, security logs, and diagnostic logs.
• Cookies and similar technologies: Cookie identifiers, SDK tags (if used), pixels, and local storage items, depending on your cookie choices.
• Marketing preferences: Your consent status, opt-in/opt-out history, and campaign interaction metrics (e.g., opens/clicks) where permitted.

Legal Basis for Processing

OBSERVE: Under UK GDPR, we must have a lawful basis for each processing activity. EXPAND: Gambling operators commonly rely on multiple bases depending on context (e.g., contract for account services, legal obligation for AML checks, legitimate interests for security). REFLECT: We map processing to the lawful bases below and apply data minimisation and purpose limitation.

• Consent: Where required (e.g., non-essential cookies; certain direct marketing). You can withdraw consent at any time without affecting processing already carried out lawfully before withdrawal.
• Contract performance: To create and administer your account, provide gameplay, process deposits/withdrawals, apply bonuses, and deliver customer support.
• Legal obligation: To comply with applicable laws and regulatory requirements (including identity verification, anti-money laundering controls, record-keeping, and responding to lawful requests from authorities). For UK users, this includes alignment with UK GDPR and the Data Protection Act 2018; gambling-specific obligations may also apply depending on where the operator is licensed and how services are offered.
• Legitimate interests: To secure the platform, prevent fraud and abuse, maintain network and information security, measure performance, and improve user experience (balanced against your rights and expectations).
• Vital interests (rare): If necessary to protect someone's life in an emergency (e.g., serious harm concerns linked to account activity), using the least intrusive means.

Purpose of Processing

OBSERVE: We use personal data to operate Zeus Win on zeuswinsi.com. EXPAND: Purposes must be specific, explicit, and legitimate; further processing must be compatible or separately justified. REFLECT: The main purposes are listed below to help you understand how your data is used.

• Service delivery: Register accounts, authenticate logins, provide games and platform features, manage bonuses, and administer deposits/withdrawals.
• Customer support and communications: Respond to enquiries, handle disputes/complaints, notify you of service messages, and maintain support records.
• Compliance and due diligence: Identity checks, age verification, AML screening, transactional monitoring, and responding to regulatory/lawful requests.
• Security and fraud prevention: Detect suspicious activity, prevent account takeover, investigate chargebacks, enforce terms, and protect players and the platform.
• Analytics and product improvement: Diagnose issues, understand usage patterns, and improve performance and usability (using aggregated/anonymised data where feasible).
• Marketing (where permitted): Send promotional communications and tailor offers based on preferences, subject to your consent/opt-out rights and applicable law.

Disclosure & Sharing

OBSERVE: We may share personal data with third parties to operate the service and meet compliance duties. EXPAND: UK GDPR requires transparency about recipients and mandates contracts with processors, confidentiality, and security commitments. REFLECT: We share data only on a need-to-know basis and, where required, under written data processing agreements.

• Payment partners: Banks, payment gateways, card processors, and wallet providers to process deposits/withdrawals, manage reversals/chargebacks, and prevent fraud.
• Verification and compliance vendors: Identity/age verification providers, AML screening tools, fraud-scoring services, and risk monitoring partners.
• IT and hosting providers: Cloud hosting, security monitoring, customer support tooling, and email delivery services that act as processors under our instructions.
• Regulators, authorities, and law enforcement: Where required by law, court order, or to establish, exercise, or defend legal claims.
• Affiliates and advertising networks: Only where you have given consent for advertising cookies/trackers or where another valid lawful basis applies; you can change cookie settings at any time.
• Corporate transactions: If ownership or assets are transferred (e.g., merger, acquisition, restructuring), subject to confidentiality and continued protection of your rights.

Regional compliance note (UK): Where processing relates to UK users, we apply UK GDPR standards for processor controls, confidentiality, security, and transparency, regardless of where service providers are located.

International Transfers

OBSERVE: The provided data indicates regulatory connections outside the UK (e.g., PAGCOR/Philippines and Anjouan references), and service providers for hosting, payments, and fraud prevention may also be located outside the UK. EXPAND: Transfers of UK personal data outside the UK require appropriate safeguards (e.g., UK International Data Transfer Agreement (IDTA), UK Addendum to EU SCCs, adequacy regulations) and risk assessments. REFLECT: Where we transfer UK personal data internationally, we use legally recognised safeguards and apply additional technical and organisational measures where needed.

• Possible destinations: The Philippines, Comoros (Anjouan), the European Economic Area (EEA), the United States, and other jurisdictions where our vendors or corporate operations may be based.
• Safeguards we may use:
  • UK adequacy regulations: Transfers to jurisdictions recognised as providing adequate protection where applicable.
  • Contractual protections: UK IDTA and/or the UK Addendum to the EU Standard Contractual Clauses with relevant service providers and group entities.
  • Supplementary measures: Encryption in transit and at rest, access controls, and data minimisation to reduce transfer risks.
• Legacy frameworks: References to "Privacy Shield" may appear in older materials; it is not relied upon as a standalone safeguard for UK transfers.

Data Retention

OBSERVE: We must not keep personal data for longer than necessary, but gambling-related services often require extended retention for legal compliance, fraud prevention, and dispute handling. EXPAND: Retention periods should be defensible, documented, and linked to purpose; deletion may be restricted where legal obligations apply. REFLECT: We apply the retention framework below, subject to holds for legal claims, regulatory requests, or ongoing investigations.

• Account profile and core identifiers: Kept while your account is active and, as a general rule, up to 5 years after account closure (extended into 2025+ as needed for compliance and dispute resolution).
• KYC/AML and verification records: Typically retained 5 years after the end of the customer relationship or longer if required by applicable AML/record-keeping rules or an active investigation.
• Payment and transaction records: Typically retained 5 - 7 years to meet accounting, audit, AML, and chargeback dispute requirements.
• Gameplay and behavioural logs: Retained for operational integrity, fraud prevention, responsible gambling monitoring, and dispute handling, usually up to 5 years after account closure unless a longer period is required for legal claims.
• Technical logs and security events: Generally retained from 90 days up to 24 months depending on risk, security needs, and incident investigation requirements.
• Marketing records: Kept until you opt out/withdraw consent, then retained only as a suppression record to ensure we respect your preferences.

Deletion Criteria

• User request: We will delete or anonymise data where deletion is appropriate and lawful, unless we must retain it for legal obligations or legitimate interests such as fraud prevention.
• Purpose expiry: When the purpose for processing ends, we delete, anonymise, or securely archive with restricted access.
• Legal holds: If litigation, regulatory enquiries, or fraud investigations are ongoing, we may retain relevant data until the matter is resolved.

Your Rights

OBSERVE: If you are in the UK, the UK GDPR and the Data Protection Act 2018 grant specific rights over your personal data. The section specification also requires alignment references to Mexican privacy law standards. EXPAND: While Zeus Win on zeuswinsi.com targets UK context here, we can additionally acknowledge rights concepts under Mexico's Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP), including ARCO rights, for users who may interact from Mexico; where laws conflict, we apply the framework that is applicable to the user and processing context. REFLECT: The rights below describe how you can control your data, how we verify identity, and the timelines and cost rules we follow.

Your UK GDPR Rights

• Right of access: Request confirmation of whether we process your data and obtain a copy, plus related information.
• Right to rectification: Correct inaccurate or incomplete data (e.g., contact details).
• Right to erasure: Request deletion where applicable (not absolute; may be limited by AML, fraud-prevention, and legal retention duties).
• Right to restrict processing: Ask us to limit processing in certain cases (e.g., you contest accuracy).
• Right to object: Object to processing based on legitimate interests; object to direct marketing at any time.
• Right to data portability: Receive certain data you provided in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
• Right to withdraw consent: Where we rely on consent (e.g., marketing, non-essential cookies), you can withdraw it at any time.

Mexican Privacy Law Alignment (ARCO and Consent Principles)

• ARCO rights: Rights of Access, Rectification, Cancellation (deletion where applicable), and Opposition, aligned with LFPDPPP concepts.
• Consent framework: We seek consent where required for marketing and non-essential tracking; you may revoke consent, subject to lawful bases and mandatory retention requirements.

How to Exercise Your Rights

1. Submit your request: Email disputes@zeuswinsi.com with "Data Protection Request" in the subject line. Include your username, the email on the account, and the right you want to exercise.
2. Identity verification: We may request additional information to verify you (to prevent unauthorised disclosure or deletion). We will only request what is necessary for verification.
3. Clarification (if needed): If your request is broad, we may ask you to narrow it to speed up our response.
4. Response timeframe: We aim to respond within 30 days. If a lawful extension is needed due to complexity/volume, we will explain why and provide an updated timeline.
5. Fees: Requests are generally handled free of charge. We may charge a reasonable fee or refuse requests only where permitted by law (e.g., manifestly unfounded or excessive requests), and we will explain our decision.

Important limitation: If you request erasure or restriction, we may still retain and process some data to meet legal obligations (e.g., AML/KYC record-keeping), to prevent fraud, or to establish/defend legal claims.

Cookies & Tracking Technologies

OBSERVE: Zeus Win on zeuswinsi.com uses cookies and similar technologies to operate the site and (where permitted) measure performance and deliver advertising. EXPAND: Under UK rules (including the Privacy and Electronic Communications Regulations (PECR) alongside UK GDPR), non-essential cookies generally require consent. REFLECT: We separate cookies by purpose and provide methods to control them.

Types of Cookies

• Session cookies: Temporary cookies used to keep you logged in and maintain session integrity; typically removed when you close your browser.
• Persistent cookies: Stored for longer to remember preferences (e.g., language, settings) and improve user experience.
• Third-party cookies: Set by service providers (e.g., analytics or advertising partners) where enabled by your choices.

Cookie Purposes

• Strictly necessary/functional: Security, authentication, load balancing, and core site functionality. These are required for the service to work.
• Analytics/performance: Understanding usage and improving site performance (where feasible, using aggregated reporting).
• Advertising/marketing: Measuring campaigns and delivering personalised advertising, typically requiring your consent.

How to Manage Cookies

• Browser settings: You can block or delete cookies via your browser controls. Note that blocking strictly necessary cookies may affect site functionality.
• On-site controls: If a cookie banner or settings panel is available on zeuswinsi.com, you can adjust preferences there at any time.
• Opt-out of marketing: Use unsubscribe links in marketing emails or contact disputes@zeuswinsi.com.

Data Security

OBSERVE: We must protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. EXPAND: Online gambling platforms are high-risk targets for account takeover and payment fraud, requiring layered security controls and documented incident response aligned with recognised standards. REFLECT: We use technical and organisational measures designed to protect Zeus Win users on zeuswinsi.com, while acknowledging that no method is 100% secure.

• Encryption in transit: Use of TLS 1.2+ for data transmitted between your device and our services.
• Encryption at rest: Where appropriate, sensitive data is encrypted when stored, with controlled key management.
• Access controls: Role-based access, least-privilege principles, and logging/monitoring of administrative access.
• Account protections: Password standards and, where available, multi-factor authentication (MFA) and additional verification for sensitive actions (e.g., withdrawals).
• Operational security: Segmentation of environments, secure configuration management, and vulnerability/patch management.
• Security audits and testing: Periodic assessments and testing; where applicable, controls may be aligned to recognised frameworks such as ISO/IEC 27001 or SOC 2 practices (scope may vary by vendor and system).
• Staff training: Data protection and security awareness training, including phishing and incident handling.
• Incident response: Documented procedures to investigate, contain, remediate, and notify relevant parties where required by law (including notification to the UK ICO where applicable).

Complaints & Contacts

OBSERVE: Users must have clear channels to raise privacy concerns and escalate to supervisory authorities. The provided dataset includes an email for disputes/complaints: disputes@zeuswinsi.com; phone, postal address, and contact form are not specified. EXPAND: UK GDPR requires informing users of the right to complain to the ICO; the section specification also requires escalation details for Mexican and EU authorities where applicable. REFLECT: We provide a step-by-step complaint process and regulator contacts; we will update postal/phone details when published by the operator.

Contact Channels

• Email (privacy, complaints, disputes): disputes@zeuswinsi.com
• Phone: Not specified
• Online feedback/contact form: Not specified
• Postal address: Not specified

Complaint Procedure

1. Step 1 - Submit: Email disputes@zeuswinsi.com with "Privacy Complaint" in the subject line, describing the issue and relevant dates/screenshots (if available).
2. Step 2 - Acknowledgement: We aim to acknowledge within 7 days and may request more information to investigate.
3. Step 3 - Investigation: We review account records, system logs (where relevant), and vendor involvement, applying confidentiality and least-privilege access.
4. Step 4 - Outcome: We aim to provide a substantive response within 30 days. If more time is required due to complexity, we will explain the reason and provide an updated timeframe.
5. Step 5 - Escalation: If unresolved, you may escalate to the relevant supervisory authority below.

Supervisory Authorities

• United Kingdom (ICO):
  • Website: https://ico.org.uk/
  • Make a complaint: https://ico.org.uk/make-a-complaint/
  • Phone (ICO helpline): +44 (0)303 123 1113 (public contact as published by ICO)
• Mexico (INAI):
  • Authority: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI)
  • Website: https://home.inai.org.mx/
• EU/EEA (where applicable):
  • Find your authority: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Updates

OBSERVE: Privacy notices must remain accurate; changes must be communicated in a way that users can understand, especially where changes are material. EXPAND: Material changes (new purposes, new recipients, significant international transfer changes, or changes affecting rights) should be announced with advance notice where feasible; users should have meaningful options such as adjusting settings or closing accounts. REFLECT: We apply version control, provide notice channels, and give at least 30 days' notice for significant changes introduced from 2025 onward.

• Last updated: November 2025
• How we notify you:
  • Email notice: Sent to the email associated with your Zeus Win account on zeuswinsi.com where the change is significant.
  • Website banner: A prominent notice on zeuswinsi.com for material updates.
  • Account dashboard alert: Where available, an in-account message highlighting key changes.
• Advance notice for significant changes: At least 30 days before material changes take effect, unless a shorter period is required for security or legal reasons (in which case we will explain).
• Your options: You may object to certain processing (where applicable), change marketing/cookie preferences, or close your account before the effective date of a significant change.

Changelog of Material Changes

• November 2025: Initial version published for Zeus Win on zeuswinsi.com; added detailed rights request procedure (30-day response target), international transfer safeguards overview, and retention framework.