Privacy Policy — How 35bdt Protects Your Data
At 35bdt, we take your privacy seriously. This Privacy Policy explains what personal information we collect when you use our platform, how that information is used, who it may be shared with, and the choices you have regarding your data. We are committed to handling your information transparently and securely.
Your Privacy, Our Priority
These six principles summarise how 35bdt approaches data protection. Full details for each area are provided in the legal sections below.
256-bit SSL Encryption
Every connection to the 35bdt platform is protected by industry-standard 256-bit SSL/TLS encryption. This ensures that all data transmitted between your device and our servers — including login credentials and financial details — is fully encrypted in transit.
No Data Selling
35bdt does not sell, rent, or trade your personal information to third parties for their own marketing purposes. Your data is used solely to operate and improve the 35bdt platform and to comply with legal obligations.
Data Minimisation
We collect only the personal information that is strictly necessary to provide our services, verify your identity, process payments, and comply with anti-money laundering requirements. We do not collect data beyond what is required for these stated purposes.
Your Control & Rights
You have the right to access, correct, or request deletion of your personal data at any time. You can also object to certain types of processing or request that your data be transferred to another service provider. Contact our support team to exercise any of these rights.
Defined Retention Periods
35bdt does not keep your personal data indefinitely. Retention periods are determined by legal obligations (such as anti-money laundering record-keeping requirements), the nature of the data, and operational necessity. Data is securely deleted or anonymised when no longer required.
Responsible Third-Party Sharing
Where data must be shared with third-party partners — such as payment processors like bKash and Nagad, identity verification providers, or game studios — we ensure those partners are contractually bound to protect your information and use it only for the agreed purpose.
01 Information We Collect
1.1 Information You Provide Directly
When you register for a 35bdt account, make a deposit, request a withdrawal, contact our support team, or otherwise interact with the platform, you provide us with personal information. The categories of information collected in this context include:
- Identity information: Full legal name, date of birth, gender, and nationality.
- Contact information: Email address, mobile phone number (including bKash or Nagad registered number), and residential address (including district, city, and postal code within Bangladesh).
- Identity verification documents: Copies of your Bangladesh National ID card, passport, or driving licence, and any supporting proof-of-address documents submitted during KYC verification.
- Payment information: Mobile wallet identifiers (bKash, Nagad, Rocket, Upay account numbers), bank account details (Dutch-Bangla Bank, City Bank, BRAC Bank, Islami Bank, Sonali Bank), and transaction records. Note: 35bdt does not store full card numbers or mobile banking PINs — these are handled exclusively by your payment provider's secure infrastructure.
- Communications: Records of your interactions with 35bdt customer support via email or live chat, including the content and timestamps of those communications.
1.2 Information Collected Automatically
When you access the 35bdt platform, certain information is automatically collected by our servers and analytics systems. This includes:
- Device and technical data: IP address, device type, operating system, browser type and version, screen resolution, and unique device identifiers.
- Usage data: Pages visited, time and duration of sessions, game history, betting activity, click-stream data, and navigation paths through the platform.
- Location data: Approximate geographic location derived from your IP address. We use this to ensure compliance with jurisdictional access restrictions. We do not collect precise GPS coordinates.
- Cookie and tracking data: Information collected via cookies, web beacons, and similar technologies as described in Section 5 of this policy.
1.3 Information from Third Parties
35bdt may receive information about you from third-party sources in the following circumstances:
- Identity verification providers: Third-party KYC and anti-money laundering (AML) service providers may return verification status results and risk scores associated with your submitted documents.
- Payment processors: Our payment partners (bKash, Nagad, Rocket, Upay, and banking partners) may provide transaction confirmation data, including the status and timestamp of deposits and withdrawals.
- Fraud and risk screening services: We use third-party fraud detection services that may provide signals about the risk profile of an account based on device fingerprinting, behavioural patterns, and known fraud indicators.
02 How We Use Your Data
35bdt uses the personal information it collects for the following purposes:
| Purpose | Data Used |
|---|---|
| Account registration and management | Name, email, phone number, date of birth, residential address |
| Identity verification (KYC/AML) | ID documents, proof of address, payment method details |
| Processing deposits and withdrawals | Payment account identifiers, transaction history |
| Providing gaming and betting services | Usage data, betting history, game session records |
| Responsible gaming monitoring | Betting patterns, deposit frequency, session duration |
| Fraud detection and security | IP address, device data, behavioural signals, transaction patterns |
| Customer support | Communications history, account data, transaction records |
| Platform improvement and analytics | Aggregated and anonymised usage data, click-stream data |
| Promotional communications (with consent) | Email address, phone number, game preferences |
| Legal and regulatory compliance | All categories as required by applicable law |
35bdt does not use your personal data for automated decision-making that produces legal or similarly significant effects without human review. Where automated systems flag an account for risk or compliance review, a qualified member of the 35bdt team manually evaluates the case before any consequential action is taken.
03 Legal Basis for Processing
35bdt processes your personal data on the following legal grounds:
- Contractual necessity: Processing is required to fulfil the contract between you and 35bdt — specifically, to register your account, verify your identity, process payments, and deliver gaming services. Without this processing, we cannot provide the platform to you.
- Legal obligation: Certain data processing activities are required by law. This includes maintaining transaction records and identity verification documentation for anti-money laundering (AML) and counter-terrorism financing (CTF) compliance purposes.
- Legitimate interests: 35bdt processes some data on the basis of its legitimate business interests, including fraud detection, platform security, abuse prevention, and the improvement of our services. We carry out a balancing assessment to ensure our interests do not override your rights.
- Consent: Where processing is not required by contract or law — for example, sending you optional marketing communications — we obtain your explicit consent before processing begins. You may withdraw consent at any time without affecting the lawfulness of prior processing.
04 Data Sharing & Third Parties
4.1 Categories of Third-Party Recipients
35bdt shares personal data only where necessary and only with the following categories of recipients. All third-party data processors are contractually required to implement appropriate data security measures and to use your data solely for the purposes authorised by 35bdt.
- Payment processors: bKash, Nagad, Rocket (Dutch-Bangla Bank), Upay, BRAC Bank, City Bank, Islami Bank, and Sonali Bank receive the transaction details necessary to process your deposits and withdrawals. These providers operate under their own privacy policies and regulatory frameworks.
- Identity verification services: Third-party KYC/AML providers receive copies of identity documents submitted during account verification. These providers are engaged solely to verify the authenticity of documents and to screen against sanctions and politically exposed persons (PEP) lists.
- Game studios and content providers: Where you play games provided by third-party studios (such as Pragmatic Play, Evolution Gaming, Spribe, or Ezugi), those providers may receive session-level data such as your player ID, bet amounts, and game outcomes. This is necessary for game delivery and dispute resolution.
- Analytics and platform security providers: Anonymised or pseudonymised usage data may be shared with analytics service providers to help us understand platform performance and user behaviour in aggregate.
- Legal and regulatory authorities: 35bdt will disclose personal data to law enforcement agencies, courts, financial intelligence units, or regulatory authorities where required to do so by applicable law or a valid legal order.
4.2 International Data Transfers
Some of the third-party service providers engaged by 35bdt may process data outside of Bangladesh. Where such transfers occur, 35bdt ensures that appropriate safeguards are in place — including contractual data protection clauses with the receiving organisation — to maintain a level of protection equivalent to that applied within Bangladesh.
4.3 Business Transfers
In the event that 35bdt undergoes a merger, acquisition, restructuring, or sale of all or part of its assets, personal data held about registered users may be transferred to the acquiring entity as part of that transaction. In such circumstances, 35bdt will notify affected users via their registered email address prior to the transfer taking place and will ensure that the receiving entity agrees to honour this Privacy Policy or provides notice of any material changes.
05 Cookies & Tracking Technologies
5.1 What Are Cookies?
Cookies are small text files placed on your device by a website when you visit it. They allow the website to recognise your device on subsequent visits, remember your preferences, and collect information about how you use the site. The 35bdt platform uses cookies and similar technologies including web beacons and local storage.
5.2 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Enable core platform functions: user authentication, session management, fraud prevention, and secure payments. Cannot be disabled. | Session / up to 30 days |
| Functional | Remember your preferences such as language settings and last visited game category to improve your experience on return visits. | Up to 12 months |
| Performance / Analytics | Collect anonymised data about page views, navigation paths, and error events to help us improve platform performance and user experience. | Up to 24 months |
| Marketing (with consent) | Track interactions with promotional content to measure campaign effectiveness. Only deployed with your explicit consent. | Up to 12 months |
5.3 Managing Cookies
You can control and delete cookies through your browser settings. Most modern browsers allow you to refuse all cookies, accept only certain types, or delete cookies after each session. Please note that disabling strictly necessary cookies will impair platform functionality and may prevent you from logging in or completing transactions. Instructions for managing cookies in common browsers are available through the browser's built-in help documentation.
06 Data Retention
35bdt retains personal data for as long as is necessary to fulfil the purposes for which it was collected, subject to the following specific retention periods:
- Account data and identity verification documents: Retained for the duration of your account relationship with 35bdt and for a minimum of five (5) years following account closure, in accordance with anti-money laundering record-keeping obligations.
- Transaction and financial records: Retained for a minimum of five (5) years from the date of each transaction, as required by applicable financial regulations.
- Customer support communications: Retained for three (3) years from the date of the most recent interaction, to support dispute resolution and service quality review.
- Marketing consent records: Retained for the duration of your consent and for two (2) years after consent is withdrawn, to demonstrate compliance with consent obligations.
- Usage and analytics data: Aggregated and anonymised analytics data may be retained indefinitely as it no longer constitutes personal data. Raw usage logs are retained for twelve (12) months.
When retention periods expire, personal data is securely deleted from 35bdt's systems or irreversibly anonymised so that it can no longer be associated with any identifiable individual. Physical document copies (where applicable) are destroyed using secure shredding procedures.
07 Your Privacy Rights
As a user of the 35bdt platform, you have the following rights with respect to your personal data. To exercise any of these rights, please contact us at [email protected]. We will respond to all requests within 30 calendar days of receipt.
- Right of access: You have the right to request a copy of the personal data that 35bdt holds about you, along with information about how it is being used and with whom it has been shared.
- Right to rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected. Minor account details (such as contact information) can be updated directly within your account settings panel.
- Right to erasure ("right to be forgotten"): In certain circumstances, you may request that 35bdt delete all personal data held about you. This right is subject to exceptions — for example, where retention is required by law or where the data is needed to resolve an outstanding dispute.
- Right to restrict processing: You may ask 35bdt to restrict the processing of your personal data in certain circumstances, such as while we verify the accuracy of data you have contested.
- Right to data portability: Where processing is based on your consent or on a contract with you, you may request that 35bdt provide your personal data in a structured, commonly used, machine-readable format so that it can be transferred to another service provider.
- Right to object: You have the right to object to the processing of your personal data where 35bdt relies on legitimate interests as the legal basis for that processing. You also have an unconditional right to object to direct marketing at any time.
- Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
08 Data Security Measures
35bdt implements a comprehensive set of technical and organisational security measures designed to protect your personal data against unauthorised access, disclosure, alteration, or destruction. Key measures include:
- Encryption in transit: All data transmitted between your device and 35bdt servers is protected by 256-bit SSL/TLS encryption. Our platform enforces HTTPS across all pages and API endpoints.
- Encryption at rest: Sensitive data stored in 35bdt databases — including identity document records and payment details — is encrypted at rest using AES-256 encryption.
- Access controls: Access to personal data within 35bdt's internal systems is restricted on a strict need-to-know basis. All staff with access to personal data receive data protection training and are bound by confidentiality obligations.
- Two-factor authentication: 35bdt supports two-factor authentication (2FA) for all registered accounts. We strongly encourage all users to enable 2FA from within their account settings to provide an additional layer of protection.
- Regular security audits: 35bdt's technical infrastructure is subject to periodic internal security reviews and vulnerability assessments to identify and address potential weaknesses before they can be exploited.
- Incident response: In the event of a data security incident that poses a risk to the rights and freedoms of affected users, 35bdt will notify impacted account holders via their registered email address within 72 hours of becoming aware of the incident, where feasible.
While 35bdt takes all reasonable steps to secure your personal data, no system is completely immune to security threats. You also play an important role in keeping your account secure: use a strong, unique password, enable two-factor authentication, and never share your credentials with anyone.
09 Minors & Child Privacy
If you are a parent or guardian and believe that your child has registered a 35bdt account or provided personal data to 35bdt without your consent, please contact us immediately at [email protected]. We will take prompt action to verify the account holder's age and, if the account holder is confirmed to be under 18, will close the account and delete all associated data within five (5) business days of receiving your report.
35bdt encourages parents and guardians to use parental control software and internet filtering tools to prevent minors from accessing online gambling platforms. Resources on child internet safety are available from organisations such as the Bangladesh Telecommunication Regulatory Commission (BTRC).
10 Policy Updates & Contact
10.1 Changes to This Policy
35bdt may update this Privacy Policy from time to time to reflect changes in our data practices, changes in applicable law, or improvements to our platform. When material changes are made, we will post the updated policy on this page and update the "Last Updated" date at the top of this document. Where changes are significant and affect your rights, we will provide notice via your registered email address at least fourteen (14) days before the changes take effect.
We encourage you to review this Privacy Policy periodically. Your continued use of the 35bdt platform following the publication of an updated policy constitutes your acceptance of the revised terms. If you do not agree with a material change to this policy, you may close your account in accordance with Section 8.2 of the Terms & Conditions before the effective date.
10.2 Data Protection Contact
If you have any questions, concerns, or requests relating to this Privacy Policy or to 35bdt's data processing practices, please contact our data protection team using the details below. We are committed to resolving all privacy enquiries promptly and professionally.
Email: [email protected]
Subject line: "Privacy Enquiry" or "Data Rights Request"
Support hours: 24 hours a day, 7 days a week (Bangladesh Standard Time, UTC+6)
10.3 Links to Third-Party Sites
The 35bdt platform may contain references to third-party payment providers and game studios. This Privacy Policy applies only to the 35bdt platform itself. 35bdt is not responsible for the privacy practices of third-party services, and we encourage you to review the privacy policies of any third-party providers with whom you interact through or in connection with the 35bdt platform.
Questions About Your Privacy?
Our support team is available around the clock to address any privacy concerns. You can also explore 35bdt's games, read our FAQ, or review our Responsible Gaming policy.
By using 35bdt you confirm you are 18 or older and agree to our Terms & Conditions and this Privacy Policy.