Privacy Policy
At 35bg, your privacy is treated as a core obligation, not an afterthought. This Privacy Policy explains exactly what personal data we collect, why we collect it, how it is stored and protected, and the rights you hold over your own information as a registered player on the 35bg platform.
35bg does not sell, rent, or trade your personal information to any third party for marketing purposes. Your data is collected solely to provide and improve the services you use on the 35bg platform.
All data transmitted between your device and the 35bg servers is protected by industry-standard 256-bit SSL encryption. Sensitive fields such as passwords and payment details are encrypted both in transit and at rest.
Registered 35bg players have the right to access, correct, update, and request deletion of their personal data at any time. Submit a request by emailing [email protected] and our team will respond within 30 calendar days.
35bg collects only the data that is strictly necessary for account operation, identity verification (KYC), payment processing, fraud prevention, and regulatory compliance. We do not request superfluous personal information.
35bg uses essential, functional, and analytical cookies to operate the platform and improve user experience. Cookie purposes are disclosed fully in this Privacy Policy. You can manage non-essential cookies through your browser settings.
Where 35bg engages third-party service providers (such as payment processors, KYC verification partners, and game providers), data sharing is governed by strict contractual obligations. Third parties may not use your data beyond the agreed purpose.
Section 1
Information We Collect
35bg collects personal data through several channels: directly from you when you register or interact with the platform, automatically through your use of the website, and from authorised third-party verification partners. The categories of data we collect are described below.
| Data Category | Specific Data Points | Collection Method |
|---|---|---|
| Identity Data | Full legal name, date of birth, national ID number, passport number, photograph | Registration form, KYC document upload |
| Contact Data | Email address, mobile phone number, residential address | Registration form, account settings |
| Financial Data | Mobile banking account numbers (bKash, Nagad, Rocket, Upay), transaction history, deposit and withdrawal amounts in BDT | Payment processing, transaction logs |
| Account Data | Username, encrypted password, account balance, bonus history, wagering activity, session history | Platform activity, automated logging |
| Technical Data | IP address, device type, operating system, browser type and version, screen resolution, time zone (BST UTC+6) | Automatic collection via cookies and server logs |
| Usage Data | Pages visited, games played, betting patterns, session duration, click paths, search queries within the platform | Automatic collection via analytics tools |
| Communications Data | Support chat transcripts, email correspondence, feedback submissions | Customer support interactions |
35bg does not knowingly collect personal data from individuals under the age of 18. If we become aware that data has been submitted by a minor, it will be deleted promptly and the associated account will be permanently closed. We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, or health information unless explicitly required for responsible gaming compliance purposes, in which case collection is conducted with your express consent.
Section 2
How We Use Your Data
35bg processes personal data for specific, documented purposes only. We do not use your data in ways that are incompatible with the purposes for which it was originally collected. The primary purposes for which your data is processed are set out below.
- Account Registration and Management: To create, maintain, and administer your 35bg player account, including verifying your identity, processing deposits and withdrawals, and communicating account-related updates.
- Payment Processing: To facilitate deposits and withdrawals via bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, BRAC Bank, and City Bank. Transaction data is shared with payment processors only to the extent necessary to complete each transaction.
- Fraud Prevention and Security: To detect, investigate, and prevent fraudulent activity, money laundering, unauthorised account access, bonus abuse, and other forms of financial crime. This includes automated risk-scoring of account behaviour patterns.
- Platform Improvement: To analyse aggregated and anonymised usage data to improve the performance, design, and content of the 35bg platform, including game selection, interface layout, and betting market coverage.
- Marketing Communications: To send you promotional offers, bonus notifications, and platform updates by email or SMS, subject to your communication preferences. You may opt out of marketing communications at any time by contacting [email protected].
- Responsible Gaming: To monitor gameplay patterns for indicators of problem gambling behaviour and to enforce responsible gaming tools such as deposit limits, session time-outs, and self-exclusion requests in accordance with our Responsible Gaming policy.
- Legal and Regulatory Compliance: To meet our obligations under applicable anti-money laundering (AML) regulations, know-your-customer (KYC) requirements, and any lawful request from a competent public authority.
Section 3
Legal Basis for Processing
Every processing activity carried out by 35bg is founded on one or more of the following legal bases. We document the applicable legal basis for each processing purpose and make this information available to players upon request.
- Contractual Necessity: Processing is necessary to perform the contract between you and 35bg — specifically, to register your account, process your transactions, and deliver the gaming and betting services you have requested.
- Legal Obligation: Processing is required to comply with applicable legal obligations, including KYC/AML regulations and responses to lawful requests from law enforcement or regulatory bodies.
- Legitimate Interests: Processing is carried out in pursuit of the legitimate business interests of 35bg, such as fraud prevention, platform security, and service improvement, where those interests are not overridden by your fundamental rights and freedoms.
- Consent: For processing activities that are not strictly necessary for the performance of the contract — such as sending marketing communications and placing non-essential cookies — 35bg relies on your freely given, specific, and informed consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.
Where 35bg relies on legitimate interests as the legal basis for processing, a balancing test is conducted to ensure that your privacy rights are not disproportionately affected. Documentation of these assessments is maintained internally and is available to players upon written request submitted to [email protected].
Section 4
Cookies & Tracking Technologies
The 35bg platform uses cookies and similar tracking technologies (including pixel tags and local storage objects) to operate core platform functionality, remember your preferences, and gather analytical data about how players interact with the site. The table below summarises the categories of cookies in use.
| Cookie Type | Purpose | Can Be Disabled? |
|---|---|---|
| Strictly Necessary | Session management, login authentication, security tokens, load balancing. These are essential for the platform to function correctly. | No — disabling will prevent core functionality |
| Functional | Remembering your language preference, display settings, and recently played games to personalise your experience. | Yes — via browser settings |
| Analytical | Tracking page views, session duration, navigation paths, and feature usage in aggregated, anonymised form to improve platform performance. | Yes — via browser settings |
| Fraud Prevention | Device fingerprinting and behavioural analysis to identify suspicious access patterns and prevent unauthorised account activity. | No — required for platform security |
35bg does not use third-party advertising cookies or cross-site tracking technologies that share your data with external advertising networks. You can manage functional and analytical cookies at any time through your browser's cookie settings. Please note that disabling certain cookies may affect the performance or availability of some platform features. For guidance on managing cookies in your browser, refer to the help documentation provided by your browser vendor.
Section 5
Data Sharing & Disclosure
35bg does not sell, rent, or otherwise transfer your personal data to external parties for their own commercial use. Data is shared with third parties only in the specific circumstances described below, and only to the minimum extent necessary for each purpose.
- Payment Processors: Transaction data (such as your mobile banking reference and the amount transacted) is shared with the relevant payment service provider — bKash, Nagad, Rocket, Upay, or the applicable bank — solely to process and confirm your deposit or withdrawal. Payment processors are bound by their own privacy and security obligations.
- KYC Verification Partners: Identity documents and biometric data submitted for age and identity verification may be processed by authorised third-party KYC verification providers. These providers act as data processors on behalf of 35bg under strict contractual terms and may not use your data for any independent purpose.
- Game Providers: When you play a game supplied by a third-party provider such as Pragmatic Play, Evolution Gaming, Microgaming, NetEnt, Spribe, or Ezugi, certain technical data (including your player session token and game activity) is transmitted to the provider's servers to deliver the game. Game providers do not receive your full personal profile.
- Fraud Prevention Databases: In cases of confirmed fraud or money laundering, 35bg may share relevant data with industry-wide fraud prevention databases and law enforcement agencies in accordance with applicable legal obligations.
- Legal Authorities: 35bg will disclose personal data to competent courts, law enforcement agencies, or regulatory bodies when required to do so by law, a valid court order, or a lawful regulatory demand. We will notify affected players of such disclosures where legally permitted to do so.
- Business Transfers: In the event of a merger, acquisition, or sale of all or part of the 35bg business, your personal data may be transferred to the acquiring entity as part of the transaction. You will be notified of any such transfer and the new entity will be required to honour the commitments made in this Privacy Policy.
All third-party service providers engaged by 35bg are required to implement appropriate technical and organisational security measures and to process personal data solely in accordance with the documented instructions of 35bg. 35bg maintains a register of all active data processing relationships and conducts periodic due-diligence reviews of each provider.
Section 6
Data Retention
35bg retains personal data only for as long as it is necessary to fulfil the purpose for which it was collected, or as required by applicable legal, regulatory, or contractual obligations. The retention periods applied to each category of data are outlined below.
| Data Category | Retention Period | Rationale |
|---|---|---|
| Identity & KYC Documents | 5 years after account closure | AML regulatory compliance obligation |
| Transaction Records | 5 years after account closure | Financial record-keeping and fraud investigation |
| Account & Gaming Activity | Duration of active account + 2 years post-closure | Dispute resolution, responsible gaming monitoring |
| Technical & Usage Data | 13 months from collection | Analytics, platform improvement, security monitoring |
| Support Communications | 3 years from last interaction | Complaint resolution and service quality review |
| Marketing Preferences | Until opt-out is confirmed | Consent management and communication compliance |
When a retention period expires, personal data is securely deleted or anonymised so that it can no longer be associated with any individual. Anonymised and aggregated data may be retained indefinitely for statistical and platform improvement purposes, as it can no longer be used to identify you.
Section 7
Your Privacy Rights
As a registered player on the 35bg platform, you hold the following rights in relation to your personal data. These rights may be exercised at any time by submitting a written request to [email protected]. 35bg will respond to all verified requests within 30 calendar days.
- Right of Access: You have the right to request a copy of all personal data that 35bg holds about you, along with information about how it is being used, the categories of recipients with whom it has been shared, and the applicable retention periods.
- Right to Rectification: If any personal data held by 35bg is inaccurate or incomplete, you have the right to request that it be corrected or updated without undue delay. You may update certain data fields directly through your account settings.
- Right to Erasure: In certain circumstances — for example, where the data is no longer necessary for the purpose for which it was collected — you may request that 35bg delete your personal data. Note that this right is subject to overriding legal retention obligations described in Section 6.
- Right to Restriction: You may request that 35bg restrict the processing of your personal data while a dispute regarding its accuracy or the lawfulness of processing is being resolved.
- Right to Data Portability: Where processing is based on your consent or contractual necessity and is carried out by automated means, you may request that 35bg provide your personal data in a structured, commonly used, machine-readable format.
- Right to Object: You have the right to object to the processing of your personal data where 35bg relies on legitimate interests as its legal basis, or where your data is used for direct marketing purposes. Objections to direct marketing will always be honoured without question.
- Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
Section 8
Data Security Measures
35bg implements a layered security architecture to protect personal data against unauthorised access, accidental loss, destruction, and disclosure. Our security framework incorporates both technical controls and organisational procedures, reviewed and updated on a regular basis.
- Encryption: All data transmitted between your device and 35bg servers is encrypted using TLS 1.3 with 256-bit AES encryption. Passwords are stored as salted cryptographic hashes and are never stored or transmitted in plain text.
- Access Controls: Access to personal data within the 35bg organisation is restricted on a strict need-to-know basis. Staff members are granted the minimum level of access required to perform their designated role and are subject to confidentiality obligations.
- Intrusion Detection: 35bg employs automated intrusion detection and prevention systems that continuously monitor platform traffic for anomalous patterns indicative of cyberattacks, data breach attempts, or credential stuffing activity.
- Data Backups: Player data is backed up regularly to geographically separated secure servers to ensure availability and resilience in the event of a hardware failure or disaster scenario.
- Staff Training: All 35bg staff who handle personal data are required to complete data protection and security awareness training. Policies governing the handling of personal data are reviewed annually and updated as necessary.
In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, 35bg will notify affected players without undue delay and will take all reasonable steps to contain and remediate the breach. Where required by applicable law, the relevant regulatory authority will also be notified within the prescribed timeframe.
Section 9
Contact & Complaints
If you have any questions, concerns, or requests relating to this Privacy Policy or the way in which 35bg processes your personal data, please contact our support team using the details below. All privacy-related enquiries are handled by staff trained in data protection practices.
- Email: [email protected] — Please include "Privacy Enquiry" in the subject line for faster routing.
- Live Chat: The 35bg live chat service is available 24 hours a day, 7 days a week. Privacy requests submitted via live chat will be escalated to the data protection team within 1 business day.
- Response Time: 35bg will acknowledge all privacy-related requests within 3 business days (Bangladesh Standard Time, UTC+6) and will provide a full response within 30 calendar days of the date the request is received.
If you are not satisfied with the way 35bg has handled a privacy concern, you have the right to escalate your complaint to the relevant data protection authority or regulatory body in your jurisdiction. 35bg will cooperate fully with any such regulatory investigation.
35bg reserves the right to update this Privacy Policy from time to time to reflect changes in data processing practices, legal requirements, or platform functionality. The effective date at the top of this document will be updated whenever a material change is made. Registered players will be notified of significant changes via the email address on file at least 7 calendar days before the change takes effect.
Continue Exploring 35bg
Play Safely on 35bg
Your data is protected — now explore the full 35bg experience. From live cricket betting and 1,000+ slots to a premium live casino, everything is built for Bangladeshi players. Have more questions? Our FAQ has you covered.