bitpkr Privacy Policy —
Your Data, Your Rights, Our Commitment

1.1 For the purposes of applicable data protection law, bitpkr is the Data Controller in respect of all personal data collected and processed through the Platform. bitpkr determines the purposes and means of processing your personal data and bears responsibility for ensuring that processing is carried out in compliance with applicable data protection principles and the requirements of our international gaming licence.

1.2 bitpkr operates the Platform under an internationally recognised gaming licence. Our data protection obligations are governed by both the requirements of that licence and the internationally recognised data protection principles reflected in frameworks such as the General Data Protection Regulation (GDPR), which bitpkr applies as a benchmark for best practice in data handling regardless of the jurisdiction in which individual players are located.

1.3 If you have questions about how bitpkr processes your personal data, or wish to exercise any of the rights described in Section 9, please contact us through the channels set out in Section 13 of this Policy.

2.1 bitpkr collects personal data in the following categories, depending on how you interact with the Platform:

2.2 bitpkr does not collect or process special categories of personal data (such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data) except where strictly required for the purposes of identity verification as part of KYC compliance and then only to the minimum extent necessary.

2.3 Where you provide personal data relating to third parties — for example, a next of kin contact for responsible gaming purposes — you confirm that you have the necessary authority to provide that data and that the individual has been informed of how their data will be used.

3.1 bitpkr processes your personal data for the following purposes:

• Account Administration: Creating, maintaining, and managing your bitpkr Account, including processing login authentication, storing account preferences, and maintaining your PKR wallet balance;
• Identity Verification (KYC): Verifying your identity, age, and payment method ownership as required by our gaming licence and anti-money laundering obligations. KYC verification is required before withdrawals are processed;
• Payment Processing: Processing deposits and withdrawals through JazzCash, EasyPaisa, HBL, UBL, Meezan Bank, and any other payment methods made available on the Platform;
• Service Delivery: Providing access to and operating all gaming, betting, casino, and instant-win products available on the bitpkr Platform;
• Fraud Prevention and Security: Monitoring accounts and transactions for fraud indicators, money laundering activity, prohibited conduct as defined in the Terms & Conditions, and security threats;
• Regulatory Compliance: Meeting all obligations imposed on bitpkr by its international gaming licence, including record-keeping, responsible gaming monitoring, anti-money laundering reporting, and regulatory audit cooperation;
• Responsible Gaming: Monitoring gaming behaviour for indicators of problem gambling and administering self-exclusion, deposit limits, loss limits, and other responsible gaming tools in accordance with the player's instructions and licensing requirements;
• Customer Support: Handling enquiries, complaints, disputes, and account assistance requests through live chat, email, and other support channels;
• Communications: Sending account-related notifications including deposit confirmations, withdrawal notifications, KYC status updates, and responsible gaming alerts — and, where you have given consent, promotional communications about bitpkr products and offers;
• Platform Improvement: Analysing aggregated usage data to identify performance issues, improve the user experience, and develop new features responsive to the needs of Pakistani players.

4.1 bitpkr processes your personal data on the following legal bases, consistent with internationally recognised data protection principles including those reflected in the GDPR:

• Contractual Necessity: Processing is necessary to perform the contract between you and bitpkr as established through your acceptance of the Terms & Conditions. This covers account management, payment processing, game and betting service delivery, and customer support;
• Legal Obligation: Processing is necessary to comply with legal and regulatory obligations applicable to bitpkr as a licensed gaming operator. This covers KYC identity verification, anti-money laundering compliance, responsible gaming monitoring, and cooperation with regulatory authorities;
• Legitimate Interests: Processing is necessary for bitpkr's legitimate business interests where those interests are not overridden by your fundamental rights and freedoms. This covers fraud detection, security monitoring, platform performance analytics, and responsible gaming behavioural monitoring;
• Consent: Processing is based on your specific, informed consent. This applies to marketing communications and any processing activities for which consent is expressly sought. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

5.1 bitpkr does not sell, rent, or trade your personal data to third parties for any commercial purpose. Personal data is shared with third parties only in the following circumstances and to the minimum extent necessary:

• Payment Service Providers: Financial institutions and payment processors including JazzCash, EasyPaisa, HBL, UBL, and Meezan Bank receive the transaction data necessary to process your deposits and withdrawals. These providers are subject to their own regulatory and data protection obligations;
• Game and Technology Providers: Software providers whose games are hosted on the bitpkr Platform receive the session and game data necessary to deliver and audit those games. These providers are bound by confidentiality and data protection obligations in their agreements with bitpkr;
• Identity Verification Services: Third-party KYC verification providers may receive identity document data and personal details for the purpose of fulfilling age and identity verification requirements under bitpkr's gaming licence;
• Regulatory and Licensing Authorities: bitpkr's licensing authority and relevant regulatory bodies may require access to player data as part of compliance audits, licence renewal processes, or investigation of regulatory concerns. bitpkr cooperates fully with such requirements;
• Law Enforcement Agencies: Where required by law, court order, or regulatory directive, bitpkr will disclose personal data to law enforcement agencies or government authorities. bitpkr will notify affected players of such disclosures where legally permitted to do so;
• Professional Advisers: Legal counsel, auditors, and other professional advisers engaged by bitpkr may have access to personal data where strictly necessary for the provision of their professional services, subject to professional confidentiality obligations.

5.2 bitpkr requires all third parties with whom personal data is shared to implement appropriate technical and organisational security measures and to process personal data only for the specific purposes for which it was disclosed.

6.1 bitpkr retains personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable legal and regulatory obligations. The following indicative retention periods apply:

• Account and Identity Data: Retained for the duration of the Account relationship plus a minimum of 5 years following Account closure, as required by anti-money laundering regulations and gaming licence record-keeping obligations;
• Financial Transaction Records: Retained for a minimum of 5 years from the date of the transaction, in compliance with anti-money laundering legislation and gaming licence requirements;
• KYC Documentation: Retained for the duration of the Account relationship plus a minimum of 5 years following Account closure, or longer if required by regulatory direction;
• Gaming and Betting Records: Retained for the duration of the Account relationship plus a minimum of 5 years, to support dispute resolution, audit requirements, and regulatory compliance;
• Customer Support Communications: Retained for a minimum of 3 years from the date of the communication, to support complaint resolution and regulatory audit;
• Marketing Consent Records: Retained for the duration of the marketing relationship and for 3 years following consent withdrawal, as evidence of consent management compliance;
• Technical and Session Data: Retained for a rolling period of 13 months for fraud detection and security purposes, after which it is anonymised or deleted.

6.2 Where personal data is no longer required beyond the applicable retention period, bitpkr will securely delete or anonymise that data in a manner that prevents reconstruction or re-identification.

7.1 bitpkr implements a comprehensive set of technical and organisational security measures designed to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

• Encryption in Transit: All data transmitted between your device and bitpkr infrastructure is encrypted using TLS 1.2 or higher with 256-bit encryption, rendering intercepted data unreadable;
• Encryption at Rest: Sensitive personal data categories, including identity documentation, financial records, and authentication credentials, are encrypted at rest using industry-standard symmetric encryption;
• Password Security: All account passwords are processed through a one-way cryptographic hash function. No bitpkr system, employee, or administrator can view or retrieve a player's password in plain text;
• Access Controls: Internal access to personal data is granted on a strict need-to-know basis. Staff members can only access the categories of personal data necessary for their specific role. All internal access is logged and auditable;
• Infrastructure Security: bitpkr's server infrastructure is hosted in data centres with physical security controls, redundant connectivity, and 24/7 monitoring. Regular penetration testing and vulnerability assessments are conducted;
• Incident Response: bitpkr maintains a data breach incident response plan. In the event of a data breach that poses a risk to players, bitpkr will notify affected individuals and, where required, the relevant regulatory authority within the timeframes mandated by applicable law.

7.2 While bitpkr implements robust security measures, no data transmission over the internet or electronic storage system can be guaranteed as completely secure. Players are responsible for maintaining the security of their own Account credentials and for notifying bitpkr immediately at [email protected] if they suspect unauthorised access to their Account.

8.1 The bitpkr Platform uses cookies and similar tracking technologies to provide, maintain, and improve Platform functionality, to ensure security, and — where you have consented — to personalise your experience and deliver relevant promotional content. A cookie is a small text file stored on your device by your browser when you visit a website.

8.2 The following categories of cookies are used on the bitpkr Platform:

8.3 You may manage cookie settings through your browser settings. Please be aware that disabling essential cookies will impair Platform functionality and may prevent you from logging in or accessing your Account. Detailed browser-level cookie management instructions are available through the help documentation of your specific browser.

9.1 As a bitpkr player, you have the following rights in relation to your personal data. These rights are subject to applicable exceptions, particularly where processing is required for legal compliance or legitimate interests that override individual privacy interests.

9.2 To exercise any of the rights listed above, please contact bitpkr's data protection team at [email protected] with the subject line "Data Protection Rights Request". Please include sufficient information to identify your Account. bitpkr will acknowledge your request within 5 business days and respond substantively within 30 days. Where a request requires additional time due to complexity or volume, bitpkr will notify you within the initial 30-day period and provide an estimated completion date.

10.1 The bitpkr Platform is strictly restricted to individuals aged 21 years and above. bitpkr does not knowingly collect, process, or retain personal data relating to individuals under the age of 21. All registration processes include age declaration requirements and bitpkr employs KYC verification procedures to confirm player age.

10.2 If bitpkr becomes aware — through KYC review, fraud detection, third-party report, or any other means — that personal data of an individual under 21 has been collected, bitpkr will immediately suspend the associated Account and permanently delete or irreversibly anonymise all personal data associated with that Account, except where retention of specific data categories is required by regulatory or law enforcement obligations.

10.3 Parents and guardians are encouraged to use parental control software to prevent minors from accessing gaming platforms. If you believe that a minor has registered an Account on bitpkr, please contact bitpkr support immediately at [email protected] so that the matter can be investigated and resolved.

11.1 As an internationally licensed gaming platform, bitpkr may process and store personal data on servers and systems located in jurisdictions outside Pakistan. This may include jurisdictions where data protection laws differ from those in Pakistan.

11.2 Where personal data is transferred outside the country of collection, bitpkr ensures that appropriate safeguards are in place to protect personal data to a standard consistent with the principles set out in this Policy. These safeguards may include contractual protections with receiving parties (such as standard data protection clauses), adequacy determinations, or binding corporate rules.

11.3 Personal data transferred to third-party service providers, including game providers and payment processors, is subject to contractual data protection obligations that require those providers to implement equivalent security and privacy standards.

11.4 By using the bitpkr Platform and accepting this Policy, you acknowledge and consent to the international transfer of your personal data where necessary for the operation of the Platform, subject to the protections described in this section.

12.1 bitpkr reserves the right to update, revise, or replace this Privacy Policy at any time to reflect changes in our data processing practices, changes in applicable law, or changes in regulatory requirements. Where material changes are made, bitpkr will notify players through one or more of the following channels: email notification to the registered address, in-Platform notification, or a prominent notice on the Privacy Policy page.

12.2 The effective date of the current version of this Policy is displayed at the top of this document. Players are encouraged to review this Policy periodically. Your continued use of the bitpkr Platform following the publication of a revised Policy constitutes your acceptance of the updated terms.

12.3 Where a revised Policy introduces material changes to the way in which bitpkr processes personal data that require fresh consent under applicable law, bitpkr will seek that consent proactively before applying the new processing activities to your data.

13.1 For all enquiries, requests, and correspondence relating to this Privacy Policy or bitpkr's processing of your personal data, please contact us through the following channels:

13.2 bitpkr's customer support team handles data rights requests in both English and Urdu. Pakistani players may correspond in either language and will receive a response in the same language.

13.3 If you are not satisfied with bitpkr's handling of a privacy complaint or data rights request, you may have the right to escalate the matter to the data protection supervisory authority applicable under bitpkr's international gaming licence. Contact details for the applicable supervisory authority are available from bitpkr customer support upon request.