eb222 Privacy Policy
Your privacy matters to us. This Policy explains exactly what personal data eb222 collects, why we collect it, how it is stored and protected, and what rights you hold over your own information.
Our Commitment
How eb222 Protects Your Privacy
eb222 is committed to handling your personal information with transparency, integrity, and care. The following cards summarise our core privacy principles. Full details for each area follow in the sections below.
Minimal Data Collection
eb222 collects only the personal information that is strictly necessary to operate your account, process payments in BDT, verify your identity, and comply with our responsible gaming obligations. We do not collect data for its own sake.
Secure Storage
All personal data stored by eb222 is protected using industry-standard encryption at rest and in transit. Access to personal data is restricted to authorised eb222 personnel and vetted third-party processors who are contractually bound to the same security standards.
Your Rights Are Respected
You have the right to access, correct, and request deletion of your personal data held by eb222. You can also object to certain types of processing and withdraw consent at any time, subject to the limitations described in the Your Rights section below.
No Data Selling
eb222 does not sell, rent, or trade your personal information to any third party for marketing purposes. Data shared with our partners is strictly limited to what is required to deliver the service — for example, sharing a mobile number with bKash or Nagad solely to process a deposit transaction.
Transparent Cookie Use
eb222 uses cookies and similar tracking technologies to keep your session active, remember your preferences, and analyse aggregate platform usage. We explain every category of cookie in plain English so you can make informed choices about your browser settings.
Breach Notification
In the unlikely event of a data security breach that poses a risk to your rights, eb222 will notify affected players promptly by email and take all reasonable steps to contain the incident, assess its impact, and prevent recurrence. We do not conceal security incidents.
Section 1
Information We Collect
eb222 collects personal data in three principal ways: information you provide to us directly, information generated automatically by your use of the platform, and information received from trusted third-party partners such as payment service providers.
1.1 Information You Provide Directly
When you register an eb222 account, interact with our support team, or complete a financial transaction, you may provide us with the following categories of personal data:
- Identity data: Full legal name, date of birth, and, where required for KYC verification, a copy of your national identity card, passport, or other government-issued document.
- Contact data: Email address, mobile phone number, and city of residence within Bangladesh (for example, Dhaka, Chittagong, Sylhet, Khulna, Rajshahi, Barisal, Rangpur, or Mymensingh).
- Account credentials: Your chosen username and a hashed (never plain-text) version of your password.
- Financial data: Your preferred BDT payment method details, including bKash or Nagad account numbers, Rocket wallet identifiers, or bank account information (Dutch-Bangla Bank, City Bank, BRAC Bank, or other supported institutions). eb222 does not store full debit or credit card numbers.
- Communications data: Records of any messages, emails, live chat transcripts, or support tickets you exchange with the eb222 team.
- KYC documents: Scanned or photographed identity documents submitted for account verification purposes. These are stored in encrypted form and accessed only by authorised compliance personnel.
1.2 Information Collected Automatically
When you access and use the eb222 platform, certain data is collected automatically through standard web and mobile technologies:
| Data Category | Examples | Purpose |
|---|---|---|
| Device & technical data | IP address, browser type and version, operating system, device model, screen resolution | Platform security, fraud detection, technical optimisation |
| Usage data | Pages visited, games launched, bet amounts, session duration, click paths, deposit and withdrawal timestamps | Responsible gaming monitoring, product improvement, personalisation |
| Session data | Login timestamps, session tokens, Bangladesh Standard Time (BST, UTC+6) log entries | Security, session management, dispute resolution |
| Geolocation data | Country and, where permitted, approximate city (derived from IP address) | Eligibility verification, regulatory compliance |
| Cookie & tracker data | Session cookies, preference cookies, analytics cookies (see Section 4) | Session continuity, user experience, aggregate analytics |
1.3 Information Received from Third Parties
In certain circumstances eb222 may receive personal data about you from third-party partners. This includes transaction confirmation data from bKash, Nagad, Rocket, and Upay when you initiate a deposit or withdrawal; identity verification results from KYC screening services; and fraud-risk signals from payment security providers. eb222 uses this data solely for the purposes described in Section 2 and does not combine it with unrelated data sets.
Section 2
How We Use Your Data
eb222 processes your personal data only where there is a clear and lawful basis for doing so. The primary purposes for which we use your data are set out below, together with the legal basis that justifies each type of processing.
- Account creation and management: We use your identity and contact data to create and maintain your eb222 account, verify your eligibility (including the 18+ age requirement), and provide you with access to the platform's gaming and sportsbook services. Legal basis: contractual necessity.
- Payment processing: We share the minimum necessary financial data with your chosen BDT payment provider (bKash, Nagad, Rocket, Upay, or your bank) to process deposits and withdrawals denominated in Bangladeshi Taka. Legal basis: contractual necessity and legal obligation.
- Identity verification (KYC): We process identity documents to comply with our anti-money-laundering and responsible gaming obligations. Legal basis: legal obligation and legitimate interest.
- Responsible gaming monitoring: We analyse your usage data — including session length, bet frequency, and deposit patterns — to identify signs of potential problem gambling and, where appropriate, proactively reach out with support resources or apply protective account limits. Legal basis: legitimate interest and legal obligation.
- Customer support: We use your contact and communications data to respond to support tickets, resolve disputes, and investigate complaints. Legal basis: contractual necessity and legitimate interest.
- Security and fraud prevention: We process device data, IP addresses, and session logs to detect suspicious activity, prevent account takeovers, and protect the financial integrity of the platform. Legal basis: legitimate interest and legal obligation.
- Platform improvement and analytics: Aggregated and anonymised usage data helps our product and engineering teams understand which features players find most valuable and where the platform experience can be enhanced. Legal basis: legitimate interest.
- Marketing communications: With your explicit consent, we may send you promotional emails about new games, seasonal bonus offers (for example, BPL cricket promotions, Eid bonuses, or Pohela Boishakh special events), and platform updates. You may withdraw this consent at any time by clicking the unsubscribe link in any marketing email or by contacting support. Legal basis: consent.
- Legal and regulatory compliance: Where required by applicable law, regulation, court order, or lawful government request, eb222 may process and disclose personal data to the relevant authority. In all such cases eb222 will limit disclosure to the minimum data necessary. Legal basis: legal obligation.
eb222 will not use your personal data for any purpose that is incompatible with the purposes listed above without first notifying you and, where required, obtaining your renewed consent.
Section 3
Data Sharing & Third Parties
In order to operate the eb222 platform and deliver the services you have contracted for, we work with a number of trusted third-party processors and partners. Each of these parties has access only to the personal data they need to perform their specific function and is bound by strict data processing agreements that prohibit further use or disclosure.
Payment Service Providers
When you make a deposit or withdrawal, eb222 shares the transaction-relevant data (such as your mobile wallet number or bank account identifier) with your chosen payment provider — bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, City Bank, or BRAC Bank. These providers process the transaction in accordance with their own privacy policies, over which eb222 has no control. We recommend reviewing your payment provider's privacy documentation.
Game Studio Partners
eb222 integrates games from third-party studios including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. When you launch a game from one of these studios, your account identifier and session token are shared with that studio's servers to authenticate and maintain your game session. These studios do not receive your full identity data, payment details, or KYC documents.
Identity Verification (KYC) Providers
For the purpose of age and identity verification, eb222 may use a third-party KYC screening service. In such cases, a copy of the document you submit is shared with the screening provider's secure infrastructure solely for verification purposes. Results are returned to eb222 as a pass/fail determination; the document image is not retained by the screening provider beyond the verification window.
Analytics and Infrastructure
eb222 uses reputable cloud infrastructure and analytics service providers to host the platform and generate aggregate, anonymised usage reports. These providers process data on eb222's behalf and are not permitted to use it for their own purposes. All analytics data used internally by eb222 is aggregated and does not identify individual players.
Legal and Regulatory Disclosures
eb222 may disclose personal data to law enforcement agencies, regulatory bodies, or courts when required to do so by a lawful order or where eb222 reasonably believes that disclosure is necessary to prevent fraud, money laundering, or serious harm. eb222 will notify the affected player of such a disclosure where it is legally permissible to do so.
Business Transfers
In the event that eb222 undergoes a merger, acquisition, or sale of all or a substantial portion of its business assets, your personal data may be transferred to the acquiring entity as part of that transaction. eb222 will notify registered players by email at least 30 days before any such transfer takes effect and will ensure that the new data controller is bound by privacy obligations at least as protective as those described in this Policy.
Section 5
Data Retention
eb222 retains your personal data only for as long as is necessary to fulfil the purposes described in this Policy, to maintain the contractual relationship with you, or to comply with applicable legal and regulatory retention obligations. The following table summarises our standard retention periods by data category.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account identity data | Duration of account + 5 years after closure | AML regulatory requirement; dispute resolution |
| KYC documents | Duration of account + 5 years after closure | Regulatory compliance; fraud prevention |
| Transaction records | 7 years from date of transaction | Financial regulatory obligation; audit trail |
| Responsible gaming records | Duration of account + 5 years after closure | Regulatory duty of care obligations |
| Customer support records | 3 years from last interaction | Dispute resolution; service quality |
| Analytics / usage data | 24 months (aggregated, anonymised) | Product improvement; no individual identification |
| Marketing consent records | Until consent is withdrawn + 1 year | Evidence of lawful basis for marketing |
When the applicable retention period expires, eb222 will securely delete or irreversibly anonymise the relevant personal data. Secure deletion means overwriting data so that it cannot be recovered; anonymisation means removing all identifiers so that the data can no longer be linked to any individual.
If you request deletion of your account and personal data before the expiry of a mandatory retention period, eb222 will restrict processing of your data to the minimum necessary to fulfil the outstanding legal obligation and will delete all data that falls outside those obligations promptly.
Section 6
Data Security
eb222 takes the security of your personal data seriously and implements a comprehensive set of technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction.
Technical Measures
- Encryption in transit: All communication between your device and eb222's platform is encrypted using TLS 1.2 or higher. This includes all web pages, API calls, payment flows, and live chat sessions.
- Encryption at rest: Sensitive personal data — including KYC documents, financial data, and password hashes — is stored using AES-256 encryption on eb222's database infrastructure.
- Password hashing: User passwords are never stored in plain text. eb222 uses a strong cryptographic hashing algorithm with per-account salting so that even in a theoretical breach scenario, raw passwords cannot be recovered.
- Access controls: Access to personal data within eb222's systems is restricted to personnel with a documented need to access it. All internal access is logged, and access rights are reviewed regularly.
- Intrusion detection: eb222's infrastructure is monitored continuously for anomalous access patterns, automated scanning activity, and potential intrusion attempts. Security alerts are triaged by a dedicated team around the clock.
- Penetration testing: eb222 commissions independent security assessments of its platform on a periodic basis to identify and remediate vulnerabilities before they can be exploited.
Organisational Measures
- Staff training: All eb222 employees and contractors who handle personal data receive data protection training as part of their onboarding and on a refresher basis annually.
- Data processing agreements: Every third-party vendor that processes personal data on eb222's behalf is required to sign a data processing agreement that sets out their security obligations in contractually binding terms.
- Incident response plan: eb222 maintains a documented data breach response procedure. In the event of a confirmed breach affecting personal data, eb222 will act within 72 hours to contain the incident and will notify affected players without undue delay.
Your Role in Security
While eb222 takes extensive steps to protect your data, the security of your account also depends on the steps you take. We strongly recommend using a unique, strong password for your eb222 account that is not shared with your bKash, Nagad, or online banking credentials. Never share your login details with another person. If you suspect your account has been compromised, contact eb222 support immediately at [email protected].
Section 7
Your Rights & Choices
As a player on the eb222 platform, you hold a number of rights with respect to your personal data. eb222 is committed to honouring these rights promptly and transparently. To exercise any of the rights described below, please contact our privacy team at [email protected] with the subject line "Privacy Rights Request", your account username, and a description of your request.
Right of Access
You have the right to request a copy of the personal data that eb222 holds about you. We will provide this information in a structured, commonly used format within 30 calendar days of receiving a valid request. Where the volume of data is substantial, we may request that you specify the categories of data you require.
Right to Rectification
If any personal data that eb222 holds about you is inaccurate or incomplete, you have the right to request that it be corrected. For account details such as your email address or city of residence, you may be able to update these directly within your account settings. For identity data that has been verified through the KYC process, corrections may require re-submission of supporting documentation.
Right to Erasure ("Right to be Forgotten")
You may request that eb222 delete your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent (for consent-based processing), or where you object to processing and eb222 has no overriding legitimate grounds to continue. Note that eb222 is not able to erase data that it is legally required to retain — for example, transaction records and KYC documents subject to mandatory retention periods as described in Section 5.
Right to Restriction of Processing
In certain circumstances — for example, while a rectification request is being assessed, or where you have objected to processing and eb222 is considering whether its legitimate interests override your rights — you may request that eb222 restrict processing of your data to storage only. During a restriction period, eb222 will not actively use the restricted data other than to maintain it securely.
Right to Data Portability
Where processing is based on your consent or on contractual necessity, and is carried out by automated means, you have the right to receive your personal data in a structured, machine-readable format and to request that it be transmitted directly to another data controller where technically feasible. eb222 will provide data portability exports in JSON or CSV format upon request.
Right to Object
You have the right to object at any time to processing of your personal data for direct marketing purposes (including profiling for marketing). Upon receipt of such an objection, eb222 will cease marketing communications immediately. You may also object to processing based on legitimate interests, in which case eb222 will assess whether its interests are overridden by your rights and interests.
Right to Withdraw Consent
Where processing is based solely on your consent (for example, receiving promotional email communications), you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. To unsubscribe from marketing emails, click the unsubscribe link in any eb222 marketing email or contact support.
Response Timeframes
eb222 will acknowledge all privacy rights requests within 5 business days and will provide a substantive response within 30 calendar days. In cases of particular complexity, eb222 may extend this period by a further 30 days, in which case we will notify you of the extension and the reason for it. eb222 does not charge a fee for processing privacy rights requests unless they are manifestly unfounded or excessive.
Section 8
Policy Updates & Contact
eb222 reviews this Privacy Policy periodically and will update it when our data processing practices change, when new services are introduced, or when required to reflect changes in applicable law. The effective date at the top of this page indicates when the current version was last reviewed and published.
Where changes to this Policy are material — meaning they significantly affect how your personal data is collected, used, or shared — eb222 will notify registered players by email at the address on file at least 14 calendar days before the updated Policy takes effect. For minor updates (such as clarifications of existing language, correction of typographical errors, or improvements to readability that do not alter the substance of our practices), eb222 will update the page without prior individual notification.
Your continued use of the eb222 platform after a revised Policy has been published and the notice period has elapsed constitutes your acceptance of the updated terms. If you do not agree with a revised Policy, you should stop using the platform and contact our support team to request account closure before the updated Policy comes into effect.
Contact Our Privacy Team
For any questions, concerns, or requests relating to this Privacy Policy or eb222's data processing practices, please contact us using the details below. Our support team will route your enquiry to the appropriate privacy contact.
- Email: [email protected] (subject line: "Privacy Enquiry")
- Response time: Within 1–4 hours by email; live chat available 24/7 on the platform.
- Language of correspondence: English.
eb222 is committed to resolving any privacy concern you raise in good faith and in a timely manner. If after contacting us you remain unsatisfied with our response, you may refer your concern to an independent dispute resolution body as described in the eb222 Terms & Conditions.
Ready to Play at eb222?
Your data is protected. Now explore our games, sports betting, and exclusive bonuses — all in BDT.