Privacy Policy — How 999bte Collects, Uses, and Safeguards Your Personal Data
Your privacy matters to us. This Privacy Policy sets out in plain, formal English exactly what personal data 999bte collects from players in Bangladesh, how that data is used, how it is protected, and what rights you hold over your own information. We are committed to handling your data with integrity and transparency.
Our Privacy Commitments
Six Principles That Guide How 999bte Handles Your Data
These cards summarise the foundational principles behind our privacy practices. The full detail of each principle is set out in the sections below.
Data Minimisation
999bte collects only the personal data that is strictly necessary to operate your account, process transactions in Bangladeshi Taka (৳), and comply with identity verification obligations. We do not collect data speculatively.
No Sale of Personal Data
999bte does not sell, rent, or trade your personal information to any third party for marketing or commercial purposes. Your data is yours. We share it only where operationally necessary — and only with trusted, contractually bound partners.
Industry-Grade Security
All data transmitted between your device and the 999bte platform is protected by TLS/SSL encryption. Personal data at rest is stored in encrypted databases with strict access controls. Security configurations are reviewed regularly.
Transparent Purpose
We tell you clearly why we need each type of data before or at the point of collection. We do not repurpose your data for reasons that are materially different from those disclosed in this Privacy Policy without seeking fresh consent.
Your Rights Are Respected
You have the right to access, correct, export, and request deletion of your personal data. Requests are handled within 30 days. A dedicated data enquiry channel is available at [email protected] for all privacy-related matters.
Defined Retention Periods
999bte does not hold your personal data indefinitely. Retention periods are defined by the purpose of collection and applicable regulatory requirements. When data is no longer needed, it is sec urely deleted or anonymised.
Section 1
Introduction & Scope
This Privacy Policy ("Policy") is published by 999bte ("the Platform", "we", "us", "our") and applies to all personal data collected from individuals ("you", "your", "Player", "User") who access, register for, or interact with any service available at 999bte.com, including its online casino games, live dealer tables, sports betting markets, the 999bte Loyalty Program, and all associated financial transaction services.
This Policy is intended to be read alongside the 999bte Terms & Conditions and the Responsible Gaming policy. In the event of any conflict between this Policy and a more specific data-processing notice provided to you at the point of collection, the more specific notice shall take precedence with respect to that specific processing activity.
This Policy applies to personal data collected through the following channels:
- The 999bte website at 999bte.com and any subdomains operated by 999bte
- Any official 999bte mobile application published for Android or iOS
- Customer support interactions via email, live chat, or any other supported communication channel
- Identity verification (KYC) processes initiated during account registration or prior to withdrawal processing
- Payment processing interactions in connection with bKash, Nagad, Rocket, Upay, and bank transfer services
By creating a 999bte account or otherwise using the Platform, you acknowledge that you have read and understood this Policy and consent to the processing of your personal data as described herein. If you do not agree to the terms of this Policy, you must not use the Platform.
Scope Note: This Policy governs data collected directly by 999bte. It does not govern the privacy practices of third-party game studios (such as Evolution Gaming, Pragmatic Play, NetEnt, or Microgaming) or independent payment service providers (such as bKash or Nagad). We encourage you to review the privacy policies of those partners separately where applicable.
Section 2
Data We Collect
999bte collects personal data through three primary channels: data you provide directly, data generated automatically through your use of the Platform, and data received from trusted third parties for verification and fraud-prevention purposes.
2.1 Data You Provide Directly
During account registration, identity verification, and ongoing use of the Platform, you may provide the following categories of personal data:
| Data Category | Specific Data Points | Collection Trigger |
|---|---|---|
| Identity Data | Full legal name, date of birth, gender, nationality | Account registration & KYC verification |
| Contact Data | Email address, mobile phone number, residential address | Account registration |
| Document Data | Bangladesh NID number, passport number, document images | KYC identity verification |
| Financial Data | bKash/Nagad/Rocket mobile wallet numbers, bank account details, transaction history | Deposit & withdrawal processing |
| Support Data | Content of support tickets, chat transcripts, complaint details | Customer support interactions |
| Preference Data | Marketing communication preferences, responsible gaming settings | Account settings & responsible gaming tools |
2.2 Data Collected Automatically
When you access and use the 999bte Platform, certain technical and behavioural data is collected automatically by our systems. This includes:
- Device & Technical Data: IP address, device type, operating system, browser type and version, screen resolution, and device identifiers
- Usage Data: Pages visited, session duration, game titles accessed, betting history, wager amounts, win/loss records, login timestamps, and navigation patterns
- Location Data: Approximate geographic location derived from your IP address, used for fraud prevention and geographic access compliance
- Cookie Data: Data stored via cookies and similar tracking technologies as described in Section 5 of this Policy
2.3 Data Received From Third Parties
999bte may receive personal data about you from the following categories of third party in connection with fraud prevention, identity verification, and payment processing:
- Identity verification service providers who cross-reference the documents you submit against authoritative national databases
- Payment processors (including bKash, Nagad, Rocket, and Upay) who confirm transaction status and flag suspicious payment patterns
- Anti-fraud and anti-money-laundering screening services that check player data against sanctions lists and PEP (Politically Exposed Person) databases
Section 3
How We Use Your Data
999bte processes your personal data only where a lawful basis for processing exists. The table below sets out the primary purposes for which we use your data and the corresponding lawful basis in each case.
| Purpose of Processing | Lawful Basis |
|---|---|
| Creating and managing your 999bte player account | Performance of a contract |
| Processing deposits and withdrawals in Bangladeshi Taka (৳) | Performance of a contract |
| Verifying your identity and age (KYC compliance) | Legal obligation & legitimate interests |
| Detecting and preventing fraud, money laundering, and bonus abuse | Legal obligation & legitimate interests |
| Providing customer support and resolving disputes | Performance of a contract & legitimate interests |
| Sending transactional emails (e.g., withdrawal confirmations, security alerts) | Performance of a contract |
| Sending promotional communications about bonuses and new games | Consent (you may withdraw at any time) |
| Personalising game recommendations and platform content | Legitimate interests |
| Responsible gaming monitoring and intervention | Legal obligation & legitimate interests |
| Improving Platform performance, security, and user experience | Legitimate interests |
We do not use your personal data to make fully automated decisions that produce legal or similarly significant effects on you without human review. Where automated processes flag an account for review (for example, in the context of fraud screening or responsible gaming monitoring), a member of the 999bte team will assess the flag before any consequential action is taken.
Marketing Opt-Out: If you have previously consented to receiving promotional communications from 999bte and wish to withdraw that consent, you may do so at any time by updating your communication preferences in the account settings panel or by emailing [email protected]. Withdrawal of marketing consent does not affect the lawfulness of processing carried out before the withdrawal.
Section 4
Data Sharing & Third Parties
999bte does not sell your personal data to third parties. We share personal data with external parties only where it is necessary to deliver services to you, comply with legal obligations, or protect the integrity of the Platform. All third parties with whom we share personal data are required to handle that data in accordance with contractual data protection obligations consistent with the standards in this Policy.
4.1 Categories of Third-Party Recipients
- Payment Service Providers: bKash, Nagad, Rocket, Upay, and participating banks receive transaction data necessary to process deposits and withdrawals. These providers operate their own privacy policies and are subject to their own regulatory obligations in Bangladesh.
- Identity Verification Providers: Third-party KYC and AML screening services receive identity document data to verify player age and identity and screen against sanctions and PEP databases.
- Game Software Studios: Studios such as Evolution Gaming, Pragmatic Play, NetEnt, Microgaming, Spribe, and Ezugi may receive anonymised or pseudonymised session data necessary to deliver game content. No financial or identity data is passed to game studios beyond what is technically required for game session management.
- Cloud Infrastructure Providers: 999bte uses reputable cloud hosting providers to operate its platform. Data stored on these platforms is encrypted and subject to strict access controls.
- Legal and Regulatory Authorities: We may disclose personal data to law enforcement, regulatory bodies, or other government authorities where we are legally required to do so, or where disclosure is necessary to investigate or prevent fraud, money laundering, or other criminal activity.
4.2 International Data Transfers
Some of the third parties with whom we share data may process data outside of Bangladesh. Where international transfers occur, 999bte takes appropriate steps to ensure that adequate data protection safeguards are in place — including contractual clauses that bind the recipient to data protection standards equivalent to those described in this Policy. If you have questions about the specific safeguards in place for any particular transfer, please contact us at [email protected].
No Data Sales — Ever: 999bte will never sell, rent, or otherwise commercially transfer your personal data to advertisers, data brokers, or any other party for profit. If you are ever contacted by a third party claiming to have obtained your data from 999bte for marketing purposes, please notify us immediately — this would represent an unauthorised disclosure that we would treat with the utmost seriousness.
Section 5
Cookies & Tracking Technologies
999bte uses cookies and similar tracking technologies (collectively "cookies") to operate the Platform, maintain your session, analyse usage patterns, and — where you have given consent — deliver personalised content. A cookie is a small text file placed on your device when you visit a website. Cookies do not directly identify you by name, but they may be associated with your account or browser profile.
5.1 Types of Cookies We Use
| Cookie Type | Purpose | Basis |
|---|---|---|
| Strictly Necessary | Maintain your logged-in session, enable secure transactions, prevent CSRF attacks, remember language and currency settings | Required — cannot be disabled without breaking Platform functionality |
| Functional | Remember your game preferences, responsible gaming settings, and display preferences | Legitimate interests |
| Analytical | Measure page views, session lengths, game popularity, and Platform performance via aggregated, anonymised data | Legitimate interests (data is anonymised before analysis) |
| Marketing | Deliver personalised bonus offers and game recommendations based on your play history | Consent — only applied where you have opted in to personalised marketing |
5.2 Managing Your Cookie Preferences
You may manage non-essential cookie preferences through your browser settings at any time. Most modern browsers allow you to refuse cookies, delete existing cookies, or receive a notification when a cookie is set. Please note that disabling strictly necessary cookies will prevent you from logging into your 999bte account and using core Platform functionality. Disabling analytical or marketing cookies will not affect your ability to play games or process transactions.
For detailed guidance on managing cookies in your specific browser, consult your browser provider's official help documentation. If you use the 999bte mobile application, cookie-equivalent preferences may be managed through your device's application privacy settings.
Section 6
Data Security Measures
999bte applies a layered approach to data security designed to protect your personal information against unauthorised access, accidental loss, disclosure, alteration, or destruction. Our security programme includes the following measures:
- Encryption in Transit: All data exchanged between your device and the 999bte Platform is transmitted over TLS 1.2 or TLS 1.3 encrypted connections. This includes login credentials, financial transaction data, and personal information submitted during KYC verification.
- Encryption at Rest: Sensitive personal data, including identity documents, payment account details, and account credentials, is stored using AES-256 encryption in secured database environments.
- Access Controls: Access to personal data within 999bte's internal systems is governed by role-based access control (RBAC). Only personnel who require access to personal data to perform their specific job function are granted that access. Access logs are maintained and reviewed regularly.
- Two-Factor Authentication: 999bte supports and strongly recommends two-factor authentication (2FA) for all player accounts. 2FA is mandatory for internal staff accounts that have access to player data.
- Regular Security Reviews: The Platform's security configuration is reviewed on a scheduled basis. Vulnerability assessments and penetration testing are carried out periodically to identify and remediate potential weaknesses.
- Incident Response: 999bte maintains a documented data breach response procedure. In the event of a security incident that affects your personal data, we will notify affected players and take immediate remediation steps in accordance with our incident response plan.
While 999bte takes all reasonable and practicable steps to protect your personal data, no security system is entirely impenetrable. You also play a role in keeping your data safe: use a strong, unique password for your 999bte account, enable 2FA, and never share your login credentials with any third party. If you believe your account security has been compromised, contact our support team at [email protected] immediately.
Section 7
Data Retention
999bte retains your personal data only for as long as it is necessary to fulfil the purpose for which it was collected, or as required by applicable legal or regulatory obligations. The following default retention periods apply:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account & Identity Data | Duration of active account + 5 years after closure | AML regulatory compliance and dispute resolution |
| KYC Documents | Duration of active account + 5 years after closure | Identity verification audit trail and regulatory requirements |
| Transaction Records | 7 years from transaction date | Financial record-keeping and AML obligations |
| Support Correspondence | 3 years from last interaction | Dispute resolution and service quality review |
| Analytical & Usage Data | 24 months (anonymised after 12 months) | Platform improvement and responsible gaming monitoring |
| Marketing Preferences | Until consent is withdrawn or account is closed | Consent management compliance |
When personal data reaches the end of its applicable retention period, it is either securely and permanently deleted from all active and backup systems, or it is anonymised such that it can no longer be associated with an identifiable individual. Anonymised data may be retained indefinitely for statistical and analytical purposes.
Account Closure and Retention: Closing your 999bte account does not immediately trigger deletion of all personal data. Certain categories of data — particularly those related to financial transactions and identity verification — must be retained for the periods specified above to comply with anti-money-laundering regulations and to enable investigation of any disputes that may arise after closure.
Section 8
Your Privacy Rights
As a 999bte player, you hold a number of rights over your personal data. These rights are summarised below. To exercise any of these rights, please submit a written request to [email protected] from the email address registered to your account. We will acknowledge your request within 5 business days and aim to fulfil it within 30 calendar days. Complex or high-volume requests may require an extension, in which case we will notify you.
Right of Access
You have the right to request a copy of the personal data that 999bte holds about you, along with information about how it is being used. This is sometimes called a Subject Access Request (SAR).
Right to Rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected. Some corrections (e.g., legal name changes) require supporting documentation.
Right to Erasure
You may request that we delete your personal data where it is no longer necessary for the purpose for which it was collected, or where you withdraw consent. This right is subject to our legal retention obligations.
Right to Restrict Processing
In certain circumstances, you may ask us to restrict how we process your data — for example, while the accuracy of the data is being contested or while an objection to processing is being considered.
Right to Data Portability
Where processing is based on consent or contract and is carried out by automated means, you may request a copy of your personal data in a structured, commonly used, machine-readable format for transfer to another service.
Right to Object
You have the right to object to processing carried out on the basis of legitimate interests, including profiling for personalisation purposes. You may also object to direct marketing at any time with immediate effect.
Identity Verification for Rights Requests: To protect your privacy, 999bte will verify your identity before fulfilling any rights request. We will not action a request from an unverified requester, as doing so could result in your personal data being disclosed to or deleted by an unauthorised party. Verification is typically completed by confirming details from the registered account.
Section 9
Contact & Data Enquiries
If you have any questions, concerns, or complaints about how 999bte processes your personal data — or if you wish to exercise any of your privacy rights — please contact our data enquiries team using the details below.
| Enquiry Type | Contact Method |
|---|---|
| General Privacy Questions | [email protected] — reference "Privacy Query" in your subject line |
| Subject Access Requests (SAR) | [email protected] — reference "SAR Request" in your subject line |
| Data Deletion Requests | [email protected] — reference "Data Deletion Request" in your subject line |
| Suspected Data Breach Reports | [email protected] — reference "Security Incident" and include as much detail as possible |
| Marketing Opt-Out | Via account settings panel or email to [email protected] referencing "Marketing Opt-Out" |
We aim to respond to all privacy-related enquiries within 5 business days (Bangladesh Standard Time, UTC+6). For Subject Access Requests and other formal rights requests, we aim to fulfil the request within 30 calendar days of identity verification being completed. If a request is particularly complex or if you have submitted multiple simultaneous requests, we may extend this period by a further 30 days, in which case we will inform you in advance.
999bte reserves the right to update this Privacy Policy from time to time to reflect changes in our data practices, changes to the services we offer, or to comply with new legal or regulatory requirements. When material changes are made, we will publish the updated Policy on this page with a revised effective date and, where the changes are significant, notify registered players by email at least 14 days before the changes take effect.
Your continued use of the 999bte Platform following the publication of an updated Privacy Policy constitutes your acceptance of the revised terms. If you do not accept the revised Policy, you must stop using the Platform and contact us to request account closure.
Questions About Your Data or Account?
Our support team is available around the clock to help with any privacy concern. You can also review our full Terms & Conditions or explore the Platform with confidence.