This Privacy Policy applies to all personal data collected and processed by cr999 in connection with your use of the cr999 online casino and sports betting platform, including all pages hosted at cr999.im, any mobile-optimised versions of the site, and all associated customer service communications. By registering a cr999 account, depositing funds, or otherwise using the cr999 platform, you acknowledge that you have read and understood this Privacy Policy and consent to the data practices described herein.
cr999 is the data controller responsible for the personal information collected through this platform. Any questions, concerns, or requests relating to your personal data may be directed to our data protection contact at [email protected].
1. Information We Collect
cr999 collects personal information through several channels: directly from you when you register or interact with the platform, automatically as you navigate the site, and in limited circumstances from third-party sources such as payment processors and identity verification providers. The categories of personal data we collect are described below.
Registration and Account Data
When you create a cr999 account, we collect the following information:
- Full legal name (as it appears on your official identity document)
- Date of birth (to confirm you are aged 18 or above)
- Residential address in Bangladesh (street, city, district, postal code)
- Email address (used for account communications and notifications)
- Mobile number (used for account security and payment verification)
- Username and encrypted password hash
- Preferred currency (Bangladeshi Taka / BDT)
Identity Verification (KYC) Data
As part of our Know Your Customer (KYC) obligations, we may request and store copies of the following documents:
- National Identity Card (NID) — both sides
- Valid passport (photo page)
- Proof of address documents (utility bill, bank statement) dated within 90 days
- Selfie or live photograph for facial verification, where required
KYC documents are processed in strict compliance with applicable data protection principles and are not used for any purpose other than identity verification and anti-money laundering (AML) compliance.
Financial and Payment Data
When you make deposits or request withdrawals, cr999 collects transaction-related data including:
- Mobile money account identifiers (bKash, Nagad, Rocket, Upay wallet numbers — stored in masked form)
- Bank account details for bank transfer transactions (Dutch-Bangla Bank, City Bank, BRAC Bank, and others)
- Transaction amounts, timestamps, and reference numbers
- Deposit and withdrawal history associated with your account
cr999 does not store full card numbers, CVV codes, or mobile banking PINs. Payment credentials are handled directly by our regulated payment processor partners and are never transmitted to cr999 servers in full.
Usage and Behavioural Data
cr999 automatically collects technical and behavioural data as you use the platform. This includes:
- IP address and approximate geolocation (city/district level)
- Browser type, version, and language settings
- Device type, operating system, and screen resolution
- Pages visited, time spent on each page, and navigation path through the site
- Games played, bet amounts, session duration, and game outcomes
- Bonus offers viewed, claimed, and wagering progress
- Customer support interactions, including chat transcripts and email correspondence
Communications Data
When you contact cr999 support at [email protected] or via live chat, we retain records of your communications. This includes the content of your messages, the date and time of contact, and the resolution outcome. These records are used for quality assurance, dispute resolution, and ongoing improvements to our support service.
2. How We Use Your Data
cr999 uses the personal data we collect for the following specific purposes. We do not use your data for purposes beyond those listed here without first obtaining your explicit consent or as otherwise required by applicable law.
| Purpose | Data Categories Used | Legal Basis |
|---|---|---|
| Account creation and management | Registration data, email, mobile number | Contract performance |
| Age and identity verification (KYC) | KYC documents, date of birth, NID data | Legal obligation |
| Payment processing (deposits and withdrawals) | Financial data, payment identifiers | Contract performance |
| Fraud prevention and AML monitoring | Transaction data, IP address, device data | Legal obligation / Legitimate interest |
| Responsible gaming monitoring | Betting history, session data, behavioural data | Legal obligation / Legitimate interest |
| Customer support and dispute resolution | Communications data, account data | Contract performance / Legitimate interest |
| Platform personalisation and improvement | Usage data, game history, preferences | Legitimate interest |
| Promotional communications (where opted in) | Email address, preferences, bonus history | Consent |
| Legal compliance and regulatory reporting | All relevant categories as required | Legal obligation |
Marketing Communications: cr999 will only send you promotional emails or SMS messages if you have explicitly opted in to receive them during registration or through your account settings. You may withdraw your marketing consent at any time by updating your account notification preferences or by contacting [email protected]. Withdrawal of marketing consent does not affect the lawfulness of processing carried out prior to your opt-out.
3. Legal Basis for Processing
cr999 processes your personal data under one or more of the following legal bases depending on the specific purpose of processing:
Contract Performance
The majority of data processing by cr999 is necessary for the performance of the contract between you and cr999 — that is, the provision of online casino and sports betting services. This includes account management, payment processing, and game delivery. Without this processing, cr999 cannot provide its services to you.
Legal Obligation
Certain data processing is required by applicable law, including KYC identity verification, age verification, anti-money laundering transaction monitoring, and the retention of financial records for the periods required by law. cr999 cannot waive these obligations, and processing under this basis is not subject to your right to object or to erasure.
Legitimate Interest
cr999 processes certain data on the basis of its legitimate interest in operating a safe, fair, and commercially viable platform. This includes fraud detection, platform security monitoring, responsible gaming risk assessments, and general analytics to improve platform performance. Where cr999 relies on legitimate interest, we have conducted a balancing test and determined that our interests do not override your fundamental data rights.
Consent
Where cr999 relies on your consent — primarily for marketing communications — you have the right to withdraw that consent at any time without affecting any processing that has already taken place.
4. Cookies & Tracking Technologies
cr999 uses cookies and similar tracking technologies to operate the platform, maintain your session, and understand how users interact with our site. The table below summarises the types of cookies used on cr999.im.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Enable core platform functionality: session authentication, security tokens, load balancing | Session / Up to 24 hours |
| Functional | Remember your language and display preferences, maintain your login state between visits | Up to 30 days |
| Analytics | Aggregate, anonymised data on page visits, click-through rates, and navigation paths to improve the cr999 platform | Up to 12 months |
| Performance | Monitor page load times, identify technical errors, and optimise platform responsiveness across devices | Up to 6 months |
Managing Your Cookie Preferences
Strictly necessary cookies cannot be disabled as they are essential to the functioning of the cr999 platform. You may adjust your preferences for functional, analytics, and performance cookies through your browser settings. Most modern browsers allow you to block or delete cookies; however, disabling functional cookies may affect your ability to remain logged in or to have your preferences saved between sessions.
Do Not Track: cr999 respects browser-level Do Not Track (DNT) signals where technically feasible. If your browser has DNT enabled, cr999 will limit non-essential tracking to the extent possible without compromising the security or integrity of your account session.
5. Data Sharing & Disclosure
cr999 does not sell, rent, or trade your personal data to any third party for commercial purposes. We share your data only in the limited circumstances described below, and only to the extent necessary for the specified purpose.
Payment Processors
To process deposits and withdrawals, cr999 shares relevant financial data with our payment processor partners including bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, City Bank, and BRAC Bank. Each of these partners operates under its own privacy policy and applicable financial services regulations. cr999 shares only the minimum data necessary to complete a transaction.
Identity Verification Providers
cr999 may engage third-party KYC and identity verification providers to assist with the processing and validation of identity documents submitted during account verification. These providers operate as data processors on cr999's behalf and are bound by confidentiality obligations and data processing agreements.
Game Providers
The games available on the cr999 platform are supplied by third-party studios including Evolution Gaming, Pragmatic Play, NetEnt, Microgaming, Spribe, and Ezugi. A limited set of session-level data (such as an anonymised player token and stake amounts) is transmitted to game providers in order to operate individual game sessions. Game providers do not receive your full name, NID data, or payment account details.
Legal and Regulatory Authorities
cr999 may disclose personal data to competent regulatory authorities, law enforcement agencies, or courts where required to do so by applicable law, in response to a lawful order, or where disclosure is necessary to protect the safety of any person or to prevent fraud or financial crime.
Business Transfers
In the event that cr999 undergoes a merger, acquisition, or sale of all or a substantial part of its assets, personal data held about registered users may be transferred to the acquiring entity as part of that transaction. In such circumstances, cr999 will notify affected users via their registered email address prior to any transfer of data, and the acquiring entity will be required to honour the terms of this Privacy Policy.
No Data Sales: cr999 has never sold user data and has no plans to do so. Your personal information is used exclusively to operate the cr999 platform, comply with legal obligations, and improve your user experience. It is never monetised through resale to advertising networks, data brokers, or any other commercial third parties.
6. Data Retention
cr999 retains your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following retention periods apply to the main categories of personal data we hold:
| Data Category | Retention Period | Basis for Retention |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | Legal obligation / AML compliance |
| KYC identity documents | Duration of account + 5 years after closure | Legal obligation |
| Financial transaction records | 7 years from transaction date | Financial records law |
| Betting and game history | Duration of account + 3 years | Legitimate interest / Dispute resolution |
| Customer support communications | 3 years from date of last contact | Legitimate interest / Dispute resolution |
| Marketing consent records | Until consent is withdrawn + 1 year | Consent accountability |
| Analytics and usage data | 13 months on a rolling basis | Legitimate interest |
When your data is no longer required, cr999 will securely delete or anonymise it in accordance with industry-standard data destruction procedures. Anonymised data that cannot be re-linked to any individual may be retained for statistical and research purposes beyond the periods set out above.
7. Your Data Rights
As a cr999 user, you have the following rights with respect to the personal data we hold about you. To exercise any of these rights, please contact our data protection team at [email protected]. We will respond to all valid requests within 30 days.
Limitations on Erasure: The right to erasure is not absolute. cr999 is required by applicable law to retain certain categories of data — particularly financial transaction records and KYC documents — for defined minimum periods even after account closure. Where erasure of specific data is not possible due to a legal retention obligation, cr999 will inform you of the reason and the applicable retention period.
8. Data Security
cr999 takes the security of your personal data seriously and implements a comprehensive range of technical and organisational measures to protect it against unauthorised access, accidental loss, destruction, or disclosure.
Technical Safeguards
- 256-bit SSL/TLS Encryption: All data transmitted between your browser or device and cr999 servers is encrypted using industry-standard 256-bit SSL/TLS protocols. Look for the padlock icon and "https://" prefix in your browser's address bar when using cr999.im.
- Password Hashing: User passwords are never stored in plain text. cr999 uses modern cryptographic hashing algorithms to store password credentials in a non-reversible form.
- Access Controls: Access to databases containing personal data is restricted to authorised cr999 personnel on a strict need-to-know basis. All internal access is logged and audited.
- Firewalls and Intrusion Detection: cr999 servers are protected by enterprise-grade firewalls and continuous intrusion detection systems that monitor for unusual access patterns.
- Data Minimisation at Rest: Payment credentials (mobile wallet numbers, bank account details) are stored in masked or tokenised form. Full account numbers are never stored on cr999 servers.
Organisational Safeguards
- All cr999 staff who handle personal data receive mandatory data protection training.
- Third-party data processors are vetted and required to meet cr999's security standards before being granted access to any user data.
- cr999 conducts periodic internal security reviews and vulnerability assessments.
- In the event of a data breach that poses a risk to users, cr999 will notify affected users via their registered email address within a reasonable timeframe and will take immediate steps to contain the breach.
Your Role in Security: While cr999 takes every reasonable measure to protect your data, account security is a shared responsibility. You must keep your cr999 login credentials confidential, use a strong unique password, and contact [email protected] immediately if you suspect unauthorised access to your account. cr999 will never ask you for your password via email, chat, or any other channel.
9. Third-Party Services
The cr999 platform integrates with a range of third-party services to deliver a complete gaming experience. Each of these partners operates independently and maintains its own privacy policy governing the data it processes. cr999 is not responsible for the data practices of third-party service providers beyond the scope of the data processing agreements we maintain with them.
Game Providers
Games available on cr999 are supplied by leading studios including Evolution Gaming, Pragmatic Play, NetEnt, Microgaming, Spribe, and Ezugi. These providers may receive anonymised session tokens and stake data for the purpose of operating individual game rounds. They do not receive personally identifiable information beyond what is technically required for game delivery.
Payment Partners
All payment transactions on cr999 are processed via the infrastructure of regulated payment partners (bKash, Nagad, Rocket, Upay, and partner banks). These providers process your payment credentials under their own data protection obligations and applicable financial services regulations in Bangladesh.
Analytics and Infrastructure
cr999 may use server-side analytics tools and cloud infrastructure providers to monitor platform performance and improve reliability. Any data shared with infrastructure providers is processed under strict data processing agreements that prohibit use of the data for any purpose beyond infrastructure provision.
External Links
The cr999 website does not contain links to external third-party websites. All navigation links within cr999.im point exclusively to internal pages of the cr999 platform. cr999 is not responsible for the privacy practices of any website you may visit independently of the cr999 platform.
10. Policy Updates
cr999 reserves the right to update or revise this Privacy Policy at any time to reflect changes in our data practices, applicable law, or the features and services offered on the cr999 platform. When material changes are made to this Privacy Policy, cr999 will:
- Update the "Last Updated" date at the top of this page.
- Notify registered users via their registered email address, where the change is significant.
- In some cases, request renewed consent where required by applicable law.
Your continued use of the cr999 platform following the publication of any revised Privacy Policy constitutes your acceptance of the updated terms. It is your responsibility to review this page periodically. If you do not agree to any updated version of this Privacy Policy, you must discontinue use of the cr999 platform and may request account closure by contacting [email protected].
Previous versions of this Privacy Policy are archived by cr999 and available upon written request to our data protection contact.
If you have any questions, concerns, or requests regarding this Privacy Policy or the personal data cr999 holds about you, please contact our data protection team at [email protected]. We aim to respond to all data-related enquiries within 30 calendar days. For complex requests, we will acknowledge receipt within 5 business days and provide a full response within 30 days.
Data Enquiries
Questions about your data? Our team responds to all privacy requests within 30 calendar days.
SSL Secured
All cr999 sessions are protected by 256-bit SSL encryption. Your account and payment data are always secure.
Play Responsibly
cr999 provides deposit limits, session controls, and self-exclusion tools for all players aged 18 and above.
Responsible Gaming →Related Policies
Review our full legal framework including Terms & Conditions and Responsible Gaming policy.
Terms & Conditions →Your Data, Our Responsibility
How cr999 Protects Your Privacy
256-bit SSL Encryption
Every session on cr999.im is protected by industry-standard SSL/TLS encryption. Your personal data, login credentials, and payment details are transmitted securely at all times.
Strict KYC Verification
cr999 verifies the identity of every registered player to prevent fraud and underage gambling. KYC data is stored securely and used only for compliance purposes — never shared commercially.
No Data Selling
cr999 has a strict no-sale policy on user data. Your personal information is never sold, rented, or traded to advertising networks, data brokers, or any other commercial third party.
Masked Payment Data
Payment credentials including bKash, Nagad, and bank account details are stored in masked or tokenised form. Full account numbers and PINs are never retained on cr999 servers.
Full Data Rights Control
You can request access, correction, deletion, or portability of your personal data at any time by contacting our data protection team. We process all valid requests within 30 calendar days.
Regular Policy Reviews
cr999 reviews this Privacy Policy regularly to keep it aligned with current data protection best practices and any changes to applicable regulations governing online gaming in Bangladesh.