🔐
PICK2WIN — Privacy & Data Protection Policy (UK)
📅 Effective Date: 1 February 2026
🏢 Operator: PICK2WIN Pvt Ltd (UK)
⚖️ Jurisdiction: England & Wales
🎰 Regulated by: UK Gambling Commission (UKGC)
🌍 Website: https://www.pick2win.uk
📨 Contact: privacy@pick2win.uk
🎯 1.
Purpose of This Privacy Policy
This policy explains how PICK2WIN collects, uses, protects, and
stores personal data, and sets out the user’s rights under:
• UK GDPR (2021)
• Data Protection Act 2018
• UKGC Licence Conditions (LCCP)
• Money Laundering Regulations 2017
PICK2WIN collects only the minimum required data to operate a
safe, legal, responsible and fair fantasy platform. No data is ever sold to
third parties.
🔍 2. What
Personal Data PICK2WIN Collects
We collect the following categories of data:
👤 2.1
Identity Data
• Full name, date of birth, gender
• KYC ID (passport, driving licence, BRP, national ID)
Used for age verification, fraud prevention, AML compliance, and to ensure only
legitimate users access prize contests.
🏠 2.2
Address Data
• Residential address
• Proof of address documents (utility bills, bank statements, council tax)
Used to confirm UK eligibility, ensure location compliance, and meet UKGC
requirements.
💳 2.3
Payment & Financial Data
• Card/bank details (tokenised via Stripe)
• Payment method ownership
• Deposit/wallet movement logs
Used to verify payment ownership, prevent fraud, and comply with AML rules.
PICK2WIN never stores full card numbers.
📱 2.4
Device & Technical Data
• IP address, device ID, OS version
• Location checks (non-GPS), risk scoring
• Login timestamps
Used for detecting suspicious behaviour, multi-accounting, bots, or collusion.
🎮 2.5
Gameplay & Behavioural Data
• Contest joins, team selections, configuration patterns
• User Config Teams logs (used only for fair-play audit, not prediction)
• Ranking, winnings, entry frequency
Used to detect fraud and maintain fairness—not to influence strategy.
📝 2.6
Communication Data
• Emails, support requests
• Compliance correspondence (AML/KYC)
Retained for dispute resolution and regulatory reporting.
🎮 3. What
PICK2WIN Does NOT Collect
PICK2WIN does NOT collect:
❌ GPS/real-time location
❌ Phone contacts
❌ Photos except KYC uploads
❌ Microphone/camera data (unless user
explicitly uploads)
❌ Social media accounts
❌ Personal browsing history
We follow a strict data minimisation principle.
⚙️ 4. How
Your Data Is Used
PICK2WIN uses your data only for lawful purposes:
🧪 4.1 To
verify identity (KYC)
Ensures all players are 18+, UK residents, and using legitimate
documents.
🛡 4.2 To
enforce AML & Fraud Prevention
Device matching, deposit behaviour, contest entry patterns,
payment ownership checks.
💳 4.3 To
process deposits, subscriptions & withdrawals
Payment data is tokenised by Stripe—never stored in full by
PICK2WIN.
🎮 4.4 To
run contests & maintain fairness
Team logs and scoring data ensure transparency and prevent
manipulation.
🧠 4.5 To
support responsible gaming
Income-based deposit limits, activity monitoring and cooling-off
compliance.
✉️ 4.6 To
send critical service messages
Including verification alerts, lock timers, contest updates,
compliance warnings.
📊 4.7 To
produce anonymised analytics
Used only for system improvements—not for personalised marketing.
PICK2WIN never uses data for behavioural manipulation or
promoting excessive spending.
🔒 5. Data
Security Measures
PICK2WIN applies banking-grade security protections:
• 🔐 AES-256 encrypted storage
• 🔐 TLS 1.3 secure transmission
• 🔐 Tokenised payment processing via Stripe
(PCI-DSS Level 1)
• 🧱 Firewall-protected servers (UK/EU region)
• 🛡 Automated security audits &
penetration testing
• 🔍 Access restricted to vetted compliance
staff
We also maintain incident logs for UKGC audits.
🚫 6. Data
We Never Sell or Share for Profit
PICK2WIN will never:
❌ Sell personal data
❌ Rent or distribute user lists
❌ Share data with advertisers
❌ Use data for marketing manipulation
❌ Use data to push deposits or encourage
spending
User data is protected under strict “ethical use only” rules.
📤 7. When
PICK2WIN Shares Data
Data is shared ONLY when legally required:
|
Recipient |
Purpose |
|
🏛 UK
Gambling Commission (UKGC) |
Compliance investigations & audits |
|
🏦
Financial Conduct Authority (FCA) |
Payment compliance |
|
🕵
National Crime Agency (NCA) |
Suspicious Activity Reports (SAR) |
|
👮
Police/Law Enforcement |
Criminal investigations |
|
🧾 HMRC |
Fraud or tax-related investigations |
|
🪪 SumSub |
Identity verification |
|
💳 Stripe |
Payment tokenisation |
No unnecessary sharing occurs.
📁 8. Data
Retention Periods
Under UKGC, FCA, GDPR, and AML law:
• KYC, transaction & AML data → 5 years
• Gameplay logs → minimum 5 years
• Financial records → 5–7 years
• User support messages → 2 years
• Deleted accounts → data kept only as legally required (mostly AML
5-year retention rule)
After expiry, all data is securely destroyed or anonymised.
🧠 9. User
Rights Under UK GDPR
Users have the right to:
📌 9.1
Access
Receive a copy of all personal data we hold.
📌 9.2
Rectification
Correct inaccurate or outdated information.
📌 9.3
Erasure (“Right to be Forgotten”)
Applicable only after legal retention periods end.
📌 9.4
Restrict Processing
For non-regulatory uses.
📌 9.5
Object
Users may object to specific uses not required by law.
📌 9.6 Data
Portability
Receive data in a structured, machine-readable format.
All requests processed within 30 days via privacy@pick2win.uk,
unless law requires extensions.
🛑 10.
Circumstances Where We Cannot Delete Data
We cannot delete user data when:
• Required for AML or fraud investigations
• Required for UKGC audits
• Part of financial transaction logs
• Linked to Suspicious Activity Reports
• Linked to an unresolved dispute or chargeback
• Within legally mandated retention periods
This is a legal obligation, not an operator choice.
🔁 11.
Cookies & Tracking
PICK2WIN uses ONLY essential cookies:
|
Cookie Type |
Purpose |
|
🔧 Session
Cookies |
Keep users logged in securely |
|
🔍
Security Cookies |
Detect fraud, bots, unusual sessions |
|
📊
Analytics Cookies |
Anonymous system performance metrics |
We do not use marketing, ad-targeting, or third-party
advertising cookies.
🎮 12. UCT
(User Configuration Teams) & Data Privacy
To maintain fairness:
• UCT selections, mandates, CVC choices, and team logs are stored
securely
• Logs are used only for internal audit and anti-collusion detection
• No user can view or access another user's configuration ever
• PICK2WIN does not use UCT data to influence gameplay or rankings
This data is never used for marketing or personalised suggestions.
🧱 13.
Behavioural Protection & Responsible Gaming Data
We may use:
• Deposit frequency
• Time of day patterns
• High-risk behaviour indicators
• Affordability data
• Cooling-off / self-exclusion logs
This is strictly to protect user well-being and comply with UKGC
requirements.
We never use this data to push more spending or promote contests.
📜 14. Legal
Basis for Processing (Article 6 UK GDPR)
Legal bases include:
• Legal Obligation (KYC, AML, UKGC reporting)
• Contractual Necessity (running contests, processing payments)
• Legitimate Interest (fraud prevention, system security)
• User Consent (optional cookies, some analytics)
🛡 15. Data
Breach Handling Procedure
PICK2WIN follows a strict breach protocol:
All breaches are logged and audited.
💖 16.
Ethical Data Statement
PICK2WIN follows a strong ethical stance:
• Data is collected only to protect users and comply with law.
• No behavioural manipulation, no addictive design, no dark patterns.
• No selling or commercialisation of user data ever.
• User privacy is central to platform design.
This aligns with our Founder’s message and core safety principles.
☎️ 17.
Contact Information
For data protection requests:
📧 privacy@pick2win.uk
🕘 9 AM – 9 PM GMT (7 days a week)
DPO (Data Protection Officer) available upon request.