Privacy
Policy
cd1111 Data Rights & Protection
At cd1111, your privacy is not an afterthought — it is a core part of how we operate. This Privacy Policy explains exactly what personal data we collect when you use our platform, how we use it, who we share it with, and the rights you hold over your own information. We encourage every cd1111 user to read this document in full.
All data exchanged between your browser and cd1111 is protected by industry-standard TLS/SSL encryption. Your login credentials, payment details, and personal information are never transmitted in plain text across our network.
cd1111 does not sell, rent, or trade your personal data to third-party advertisers or data brokers under any circumstances. Your information is used solely to operate the platform, verify your identity, and improve your gaming experience.
You have the right to access, correct, and request deletion of the personal data cd1111 holds about you. Submit a data request to [email protected] at any time and our team will respond within a reasonable timeframe.
All personal data is stored on secure, access-controlled servers. Passwords are hashed using one-way cryptographic algorithms. Financial transaction records are handled exclusively through PCI-DSS compliant payment partners.
cd1111 uses strictly necessary cookies to keep you logged in and essential analytics cookies to understand how the platform is used. We do not use behavioural advertising cookies or cross-site tracking technologies.
Questions about how your data is handled? Our English-language support team is available 24/7 at [email protected]. For formal data subject requests, include "Data Request" in the subject line for priority handling.
Information We Collect
cd1111 collects personal data from you in three primary ways: information you provide directly during registration and account use, information generated automatically by your interaction with the platform, and information received from third-party service providers such as payment processors and identity verification partners.
Information You Provide Directly
- Registration data: Full legal name, date of birth, email address, and mobile phone number submitted when creating your cd1111 account.
- Identity verification data: Copies of government-issued identification (National ID card, passport, or driving licence) and proof-of-address documents submitted during KYC verification.
- Payment data: Mobile wallet numbers (bKash, Nagad, Rocket, Upay), bank account details where applicable, and USDT wallet addresses used for deposits and withdrawals. Full card numbers for Visa and Mastercard are handled exclusively by our PCI-DSS compliant payment partners — cd1111 never stores raw card numbers.
- Communication data: The content of messages, emails, and chat transcripts you send to our support team.
- Preferences data: Responsible gaming settings such as deposit limits, session time limits, and cooling-off periods that you configure within your account dashboard.
Information Collected Automatically
- Technical data: IP address, device type, operating system, browser name and version, screen resolution, and time zone (Bangladesh Standard Time, UTC+6).
- Session data: Login timestamps, session duration, pages visited, features used, and actions taken within the platform during each visit.
- Gaming data: Game history, bet amounts, wagering patterns, win/loss records, and bonus participation logs associated with your account.
- Cookie data: See the Cookies section of this policy for a detailed breakdown of the cookies used on cd1111.
Information Received from Third Parties
- Payment confirmation data: Transaction references, payment status, and timestamp data received from bKash, Nagad, Rocket, Upay, and card processing networks when you make a deposit or withdraw funds.
- Identity verification outcomes: Pass/fail results and risk scores returned by our KYC verification partners when processing identity documents submitted by you.
- Fraud prevention signals: Device fingerprint risk scores and known fraud indicators provided by third-party fraud detection services to help us protect all users on the platform.
Identity · Contact · Financial · Technical · Gaming · Communication · Preferences. These are the seven data categories cd1111 may hold on a registered user. Each category is collected only to the extent necessary for a clearly stated purpose.
How We Use Your Data
cd1111 uses the personal data we collect for the following specific purposes. Where a purpose requires a particular legal basis, that basis is identified in Section 3.
| Purpose | Data Categories Used | Legal Basis |
|---|---|---|
| Account registration and management | Identity, Contact | Contract performance |
| Age verification and KYC compliance | Identity, Financial | Legal obligation |
| Processing deposits and withdrawals | Financial, Identity | Contract performance |
| Fraud prevention and security monitoring | Technical, Financial, Gaming | Legitimate interest |
| Responsible gaming monitoring | Gaming, Preferences | Legal obligation / Legitimate interest |
| Customer support and dispute resolution | Identity, Communication | Contract performance |
| Platform analytics and improvement | Technical, Session | Legitimate interest |
| Promotional communications (opt-in only) | Contact, Preferences | Consent |
| Anti-money laundering compliance | Identity, Financial | Legal obligation |
cd1111 will not use your personal data for any purpose that is incompatible with the purposes listed above without first obtaining your explicit consent or unless required to do so by law. If you have opted in to receive promotional communications, you may withdraw that consent at any time by contacting [email protected] or adjusting your account notification preferences.
Legal Basis for Processing
cd1111 processes personal data only where a valid legal basis exists for doing so. The four legal bases we rely on are as follows:
- Contract Performance: Processing is necessary to fulfil our contractual obligations to you as a registered user — including account management, payment processing, and game delivery. Without this processing, we cannot provide the services you have registered to use.
- Legal Obligation: Certain processing activities — primarily those related to KYC identity verification, age verification, anti-money laundering checks, and responsible gaming record-keeping — are required by applicable law and regulatory frameworks. We process data for these purposes regardless of your preferences because we are legally required to do so.
- Legitimate Interest: cd1111 has a legitimate interest in processing certain data categories to maintain the security, integrity, and continuous improvement of our platform. This includes fraud detection, platform analytics, network security monitoring, and anti-abuse measures. We apply a balancing test to ensure our legitimate interests do not override your fundamental rights and freedoms.
- Consent: For processing activities that are not required for contract performance or legal compliance — specifically, sending you promotional emails and SMS notifications about bonuses, tournaments, and seasonal offers — we rely on your freely given, specific, informed, and unambiguous consent. You may withdraw consent at any time without penalty by contacting [email protected].
Data Sharing & Disclosure
cd1111 does not sell your personal data. We share your data only in the limited circumstances described below, and only to the extent strictly necessary for the stated purpose.
Payment Processing Partners
To process your deposits and withdrawals, we share relevant financial and identity data with our payment partners including bKash, Nagad, Rocket, Upay, and card processing networks. These partners act as independent data controllers for their own services and are bound by their own privacy policies and applicable financial regulations.
Identity Verification Partners
KYC document verification is performed with the assistance of regulated third-party identity verification service providers. These providers receive copies of identity documents you submit during the verification process and return a verification outcome to cd1111. They are contractually prohibited from using your data for any purpose other than the KYC service they are providing to cd1111.
Game Software Providers
Game providers including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi may receive technical session data (such as an anonymised player ID, bet amounts, and game outcomes) necessary to deliver their games through the cd1111 platform. Personal identity data such as your name and contact details is not shared with game providers.
Fraud Prevention and Security Services
cd1111 uses third-party fraud detection and cybersecurity services that process technical data (IP addresses, device fingerprints, session behaviour) to identify and prevent fraudulent or abusive activity on the platform. This processing is carried out under our legitimate interest legal basis.
Legal and Regulatory Disclosure
cd1111 may disclose your personal data to law enforcement agencies, regulatory bodies, or other authorised third parties where we are legally compelled to do so, or where disclosure is necessary to prevent, detect, or prosecute criminal activity including fraud and money laundering. We will inform you of any such disclosure where we are legally permitted to do so.
Data Retention
cd1111 retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The following retention periods apply to the key data categories we hold:
| Data Category | Retention Period | Reason for Retention |
|---|---|---|
| Account registration data | Duration of account + 5 years post-closure | Anti-money laundering compliance and audit trail |
| KYC identity documents | Duration of account + 5 years post-closure | Regulatory record-keeping requirements |
| Financial transaction records | 7 years from transaction date | Financial audit and AML compliance |
| Gaming activity logs | Duration of account + 3 years post-closure | Responsible gaming monitoring and dispute resolution |
| Support communications | 3 years from last interaction | Dispute resolution and service quality review |
| Analytics and session data | 24 months (rolling) | Platform performance analysis |
| Marketing consent records | Until consent withdrawn + 1 year | Proof of consent for compliance purposes |
When personal data reaches the end of its retention period, cd1111 will securely delete or anonymise it so that it can no longer be associated with an identifiable individual. Anonymised, aggregated data may be retained indefinitely for statistical and analytical purposes, as it no longer constitutes personal data.
Your Privacy Rights
As a user of cd1111, you have the following rights in relation to the personal data we hold about you. To exercise any of these rights, contact us at [email protected] with the subject line "Data Request" and clearly identify the right you wish to exercise.
- Right of Access: You have the right to request a copy of the personal data cd1111 holds about you, including information about how it is used and with whom it has been shared.
- Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. You may also update certain account details directly through your account dashboard.
- Right to Erasure: In certain circumstances, you have the right to request deletion of your personal data. This right is subject to exceptions — particularly where retention is required by law (such as AML and KYC record-keeping obligations described in Section 6).
- Right to Restrict Processing: You have the right to request that cd1111 restricts the processing of your personal data in specific situations — for example, while a data accuracy dispute is being resolved, or while a legitimate interest balancing assessment is being reviewed.
- Right to Data Portability: Where processing is based on your consent or on contract performance, and is carried out by automated means, you may request that we provide your personal data to you in a structured, commonly used, machine-readable format.
- Right to Object: You have the right to object to processing based on our legitimate interests. We will assess the objection and cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
- Right to Withdraw Consent: Where processing is based on your consent (primarily marketing communications), you may withdraw that consent at any time without affecting the lawfulness of prior processing.
cd1111 will respond to all verified data rights requests within a reasonable timeframe. In complex cases, we may require up to 30 days. We may request proof of identity before processing a data rights request to ensure we do not disclose or delete data belonging to a different individual.
Email us at [email protected] with the subject "Data Request". Include your registered email address and a clear description of the right you wish to exercise. We may ask you to verify your identity before processing the request. Expected response time: up to 30 days for complex requests.
Data Security
cd1111 implements a multi-layered approach to information security designed to protect your personal data against unauthorised access, accidental loss, alteration, disclosure, or destruction. Our key security measures include:
- TLS/SSL Encryption: All data in transit between your device and our servers is encrypted using current industry-standard TLS protocols. Our platform enforces HTTPS across every page and API endpoint.
- Password Hashing: Account passwords are never stored in plain text. We use strong one-way cryptographic hashing algorithms so that even in the unlikely event of a data breach, passwords cannot be reverse-engineered.
- Access Controls: Access to personal data within cd1111's systems is restricted on a strict need-to-know basis. Staff members are granted only the minimum level of data access required to perform their specific job function.
- Two-Factor Authentication: cd1111 encourages all users to enable two-factor authentication (2FA) on their accounts for an additional layer of login security beyond the username and password combination.
- Infrastructure Security: Our servers are hosted in secure data centres with physical access controls, network-level firewall protection, and intrusion detection systems. Regular vulnerability assessments and penetration testing are conducted to identify and remediate security weaknesses.
- PCI-DSS Compliant Payment Processing: All card payment data is handled exclusively by our PCI-DSS certified payment processing partners. cd1111 does not store raw card numbers, CVV codes, or card expiry dates on our own systems.
- Session Management: User sessions are automatically terminated after a period of inactivity to reduce the risk of unauthorised access from unattended devices. Session tokens are cryptographically signed and invalidated upon logout.
While cd1111 takes all reasonable and commercially practicable steps to protect your personal data, no system of data transmission or storage can be guaranteed to be 100% secure. You are responsible for maintaining the confidentiality of your account credentials and for ensuring that unauthorised persons do not gain access to your device. If you suspect your account has been compromised, contact [email protected] immediately.
Third-Party Links & Services
The cd1111 platform integrates third-party game software from providers including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. These providers deliver their game content directly within the cd1111 interface. While cd1111 selects its game partners carefully and requires them to operate under contractual data protection obligations, each provider maintains its own privacy practices for data generated within their game engines.
cd1111 does not include outbound links to external websites for commercial or promotional purposes. Any third-party service referenced on this platform — such as payment partners bKash, Nagad, Rocket, Upay, Visa, and Mastercard — operates as an independent service. When you interact with a payment partner's service, that interaction is governed by the payment partner's own terms and privacy policy in addition to this cd1111 Privacy Policy.
cd1111 does not integrate social media login buttons, social sharing widgets, or any social network tracking pixels on our platform. Your use of cd1111 is not linked to or disclosed to your social media profiles unless you choose to share information publicly on those platforms yourself.
Children's Privacy
cd1111 is an online gambling platform intended exclusively for adults aged 18 years and above. We do not knowingly collect, store, or process personal data from any individual under the age of 18. Our registration process includes an age declaration step, and our KYC verification process requires submission of a government-issued identity document to confirm that every verified account holder is of legal gambling age.
If cd1111 becomes aware that personal data has been collected from a person under the age of 18, we will take immediate steps to delete that data and permanently close the associated account. Any deposits made by an underage user will be returned via the original payment method after deducting any applicable processing fees, in accordance with our Terms & Conditions.
We also actively support responsible gaming tools that help adults manage their own gambling activity. For information about deposit limits, cooling-off periods, and self-exclusion options, please visit our Responsible Gaming page.
Updates to This Policy
cd1111 reserves the right to update or revise this Privacy Policy at any time to reflect changes in our data practices, platform features, applicable law, or regulatory requirements. The effective date displayed at the top of this document will be updated whenever a revision is made. We encourage you to review this policy periodically.
For material changes — those that significantly affect how we collect, use, or share your personal data, or that affect your privacy rights — cd1111 will notify registered users by email to the address associated with their account at least seven days before the changes take effect. Non-material changes such as typographic corrections, structural reorganisation, or clarifications of existing practices that do not change their substance do not require advance notice.
Your continued use of the cd1111 platform after a revised Privacy Policy has been posted constitutes your acknowledgement of the updated policy. If you do not agree with the revised policy, you should discontinue use of the platform and contact [email protected] to request account closure and withdrawal of any remaining balance.
Contact & Data Requests
If you have any questions, concerns, or requests relating to this Privacy Policy or to the personal data cd1111 holds about you, please contact our support team using the details below. All privacy-related enquiries are handled by our data protection team and are treated with strict confidentiality.
General Privacy Enquiries
For general questions about this policy, how your data is used, or to report a privacy concern, contact us at:
Email:
Subject Line: Privacy Enquiry
Response Time: Within 2 business days for general enquiries
Formal Data Subject Requests
To formally exercise your data rights (access, rectification, erasure, portability, restriction, or objection), contact us at:
Email:
Subject Line: Data Request
Required Information: Your registered email address, the specific right you wish to exercise, and any relevant context
Response Time: Up to 30 days for complex requests; we will acknowledge receipt within 3 business days
Underage Account Reports
If you believe a person under 18 has registered an account on cd1111, contact us urgently at [email protected] with the subject line "Underage Account Report". We will prioritise these reports and respond within one business day.
cd1111 is committed to handling all privacy communications promptly, professionally, and in accordance with our obligations under applicable data protection principles. We aim to resolve all concerns at the first point of contact wherever possible.
All privacy and data protection queries:
[email protected]
Subject: "Privacy Enquiry" or "Data Request"
Available 24/7 in English.
General enquiries: 2 business days
Data subject requests: Up to 30 days
Underage reports: 1 business day
Security incidents: Without undue delay
Questions About Your cd1111 Data?
Our support team is available around the clock in English. Review our FAQ for quick answers, explore our Responsible Gaming tools, or read our full Terms & Conditions.