pkr38 Privacy Policy
At pkr38, protecting the privacy of our players is a fundamental commitment — not an afterthought. This Privacy Policy explains exactly what personal data we collect, why we collect it, how it is stored and used, and the rights you hold over your information as a pkr38 account holder in Bangladesh.
Minimal Data Collection
pkr38 collects only the personal data strictly necessary to provide you with a safe, compliant, and personalised gaming experience. We do not harvest data for resale.
SSL-Encrypted Storage
All personal and financial data stored on pkr38 systems is protected by 256-bit SSL encryption and AES-256 at-rest encryption. Your information is never stored in plain text.
No Third-Party Ad Sharing
pkr38 does not sell, rent, or share your personal data with third-party advertisers or data brokers. Your profile stays private.
Your Rights, Respected
You have the right to access, correct, or request deletion of your personal data at any time. pkr38 processes all data rights requests within 5 business days of receipt.
Transparent Cookie Use
pkr38 uses only essential and analytics cookies — no third-party tracking pixels. Our cookie policy is fully documented in Section 4 of this Privacy Policy.
KYC Handled With Care
Identity verification documents submitted during the KYC process are stored in an isolated, access-controlled environment and reviewed only by authorised compliance personnel.
01 Data We Collect
pkr38 collects personal data from you through several channels: directly when you register an account, make a deposit, contact our support team, or use Platform features; automatically when you browse or interact with the Platform via cookies and server logs; and from third-party identity verification providers during the KYC process. We do not collect data from social media profiles or purchase data from external list providers.
The categories of personal data we may collect and hold about you are set out in the table below:
| Data Category | Specific Data Points | Collection Method |
|---|---|---|
| Identity Data | Full name, date of birth, National ID number, passport or driver's licence number | Registration form / KYC verification |
| Contact Data | Email address, mobile phone number, residential address | Registration form / account settings |
| Financial Data | bKash / Nagad / Rocket / Upay account numbers, bank account details, transaction history | Deposit and withdrawal processing |
| Account Data | Username, hashed password, account balance, bonus history, wagering history | Platform activity |
| Technical Data | IP address, device type, browser type and version, operating system, session timestamps | Automatic — server logs and cookies |
| Communications Data | Support ticket content, live chat transcripts, email correspondence | Support interactions |
| Usage Data | Game session data, pages visited, features used, click patterns, time on Platform | Automatic — analytics cookies |
1.1 Data We Do Not Collect
pkr38 does not collect or process special categories of sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data (beyond document photographs submitted for KYC), health data, or data concerning sexual orientation. We do not knowingly collect personal data from individuals under the age of 18. If we discover that personal data has been collected from a minor, that account will be suspended immediately and all associated data deleted.
02 How We Use Your Data
pkr38 uses the personal data we hold about you for defined, documented purposes only. We do not use personal data for any purpose that is incompatible with the purposes stated at the time of collection. The primary purposes for which pkr38 processes personal data are:
- Account creation and management: To register your pkr38 account, verify your identity, maintain your player profile, and provide you with access to all Platform features.
- Payment processing: To process deposits and withdrawals via bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, and Visa/Mastercard, and to maintain accurate financial records of all transactions.
- Identity and age verification: To confirm that you meet the 18+ age requirement and to fulfil our KYC/AML obligations. pkr38 is an 18+ only platform and age verification is a non-negotiable requirement.
- Fraud prevention and security: To detect, investigate, and prevent fraudulent activity, money laundering, account takeover attempts, and other security threats to the Platform and to individual player accounts.
- Responsible gaming monitoring: To identify patterns of play that may indicate problem gambling behaviour, to apply deposit limits or cooling-off periods where requested, and to action self-exclusion requests promptly.
- Customer support: To respond to your enquiries, resolve account issues, handle payment disputes, and process responsible gaming requests submitted to [email protected].
- Platform improvement: To analyse aggregate usage patterns and technical data to improve the performance, reliability, and user experience of the pkr38 Platform.
- Marketing communications: To send you promotional offers, bonus notifications, and seasonal promotions (such as BPL cricket specials, Eid bonuses, and Pohela Boishakh promotions) where you have opted in to receive such communications. You may opt out at any time via your account settings or by contacting support.
- Legal and regulatory compliance: To fulfil any obligations imposed by applicable law, including responding to lawful requests from regulatory or law enforcement authorities.
2.1 Automated Decision-Making
pkr38 uses automated systems for certain account decisions, including initial fraud scoring when a new account is registered and automated flagging of transactions that exceed internal risk thresholds. Where an automated decision results in a material impact on your account — such as a withdrawal being placed on hold — you have the right to request human review of that decision by contacting our support team at [email protected]. Human review requests are processed within 2 business days.
03 Data Sharing & Disclosure
pkr38 does not sell, rent, or trade your personal data to any third party for commercial purposes. We share personal data only in the limited circumstances described below, and only to the extent necessary for the stated purpose.
3.1 Service Providers
We share data with carefully selected third-party service providers who assist us in operating the Platform. These include:
- Payment processors: bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, and Visa/Mastercard acquiring partners receive the financial data necessary to process your transactions. Each provider operates under its own privacy policy and applicable financial regulations.
- Identity verification providers: Third-party KYC and document verification services receive copies of identity documents you submit during the verification process. These providers are contractually bound to process data solely for verification purposes and to apply equivalent data security standards to those used by pkr38.
- Game software providers: Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, Ezugi, and other integrated providers receive session and gameplay data necessary to deliver their games and resolve any technical disputes. Game providers do not receive your identity or financial data beyond what is required for game delivery.
- Hosting and infrastructure providers: Cloud hosting and content delivery partners host Platform data in secure, access-controlled environments. These partners are prohibited from accessing, using, or disclosing pkr38 player data for any purpose other than providing the contracted infrastructure service.
3.2 Legal Disclosure
pkr38 may disclose personal data to law enforcement agencies, regulatory bodies, or other governmental authorities where we are required to do so by applicable law, by a valid court order, or where disclosure is necessary to protect the rights, property, or safety of pkr38, our players, or the public. We will always seek to provide you with notice of any such disclosure where we are legally permitted to do so.
04 Cookies & Tracking Technologies
pkr38 uses cookies and similar tracking technologies to operate the Platform effectively, remember your preferences, and understand how players interact with our service. A cookie is a small text file placed on your device by a website. Cookies cannot execute programmes or deliver viruses to your device; they are used solely for the purposes described in this section.
4.1 Categories of Cookies We Use
| Cookie Type | Purpose | Duration | Can Be Disabled? |
|---|---|---|---|
| Strictly Necessary | Maintain your login session, enable secure account access, process payments, prevent fraud | Session / up to 24 hours | No — required for Platform operation |
| Functional | Remember your language preference, game lobby layout, deposit method preference | Up to 30 days | Yes — via browser settings |
| Analytics | Understand aggregate player behaviour, measure page performance, identify technical errors | Up to 12 months | Yes — opt out via account settings |
4.2 Third-Party Cookies
pkr38 does not permit third-party advertising networks or social media platforms to place tracking cookies on the Platform. Game software providers (such as Pragmatic Play and Evolution Gaming) may set their own functional cookies within their embedded game frames solely for the purpose of delivering their game software correctly. These provider-level cookies are governed by the respective provider's own cookie policies and are not within pkr38's direct control, though we contractually restrict their scope of use.
4.3 Managing Cookies
You may control cookie settings through your web browser's built-in privacy controls. Most modern browsers allow you to block all cookies, block third-party cookies only, or delete cookies already stored on your device. Please note that disabling strictly necessary cookies will prevent you from logging in to your pkr38 account. Disabling analytics cookies will not affect your ability to use any Platform feature. For detailed instructions on managing cookies in your specific browser, refer to your browser's help documentation.
05 Data Retention & Storage
pkr38 retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable legal, regulatory, tax, or accounting obligations. The retention periods we apply to different categories of data are set out below.
- Account and identity data: Retained for the duration of your active account relationship with pkr38, plus a minimum of 5 years following account closure. This retention period supports our KYC/AML compliance obligations and our ability to respond to any regulatory or legal enquiries relating to your account.
- Financial transaction data: Retained for a minimum of 7 years following each transaction, in compliance with standard financial record-keeping requirements applicable to payment processing.
- Support communications: Retained for 3 years following the resolution of each support case, enabling us to provide context in the event of a follow-up enquiry or dispute.
- Technical and usage data (logs): Retained for up to 12 months, after which server logs and session data are automatically deleted or anonymised. Anonymised aggregate analytics data may be retained indefinitely as it contains no personal identifiers.
- Marketing preference data: Retained until you withdraw consent or request deletion. Following a withdrawal of consent, we will retain a suppression record (your contact details only, flagged as "do not contact") for 3 years to ensure we do not inadvertently re-add you to marketing lists.
- KYC documents: Retained for the duration of your account plus 5 years. Physical document scans are stored in encrypted, isolated storage with strict access controls. Access logs for KYC document storage are audited quarterly.
5.1 Secure Deletion
When personal data reaches the end of its retention period, pkr38 securely deletes or anonymises it in a manner that makes re-identification impossible. Digital records are overwritten using industry-standard data erasure protocols. Paper records (where any exist) are shredded using cross-cut shredders. Deletion requests submitted by players under Section 6 are processed within 30 days, subject to any overriding retention obligations that prevent earlier deletion.
06 Your Privacy Rights
As a pkr38 player, you have a number of rights in relation to the personal data we hold about you. pkr38 is committed to honouring these rights promptly and without unnecessary barriers. To exercise any of the rights described below, please contact our privacy team at [email protected] with the subject line "Privacy Rights Request", including your full name, registered email address, and a description of the right you wish to exercise.
- Right of Access: You have the right to request a copy of all personal data pkr38 holds about you. We will provide this in a structured, commonly used, machine-readable format (typically PDF or CSV) within 5 business days of verifying your identity.
- Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it. You may update basic account information (email address, phone number, address) directly in your account settings at any time without needing to contact support.
- Right to Erasure ("Right to Be Forgotten"): You may request that pkr38 delete your personal data where: (a) the data is no longer necessary for the purposes for which it was collected; (b) you withdraw consent and there is no other lawful basis for processing; or (c) the data has been unlawfully processed. Erasure requests are subject to our retention obligations — data we are legally required to retain cannot be deleted ahead of the applicable retention period.
- Right to Restrict Processing: You may request that we restrict the processing of your personal data in certain circumstances, for example while a rectification request is being assessed, or while you contest the lawfulness of our processing.
- Right to Data Portability: Where pkr38 processes your data by automated means on the basis of your consent or a contract, you have the right to receive that data in a portable format and to request that it be transferred directly to another service provider where technically feasible.
- Right to Object to Marketing: You have an absolute right to object to the processing of your personal data for direct marketing purposes at any time. To opt out of all marketing communications from pkr38, update your communication preferences in account settings or email [email protected].
- Right to Withdraw Consent: Where pkr38 processes data on the basis of your consent (for example, analytics cookies or marketing communications), you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
07 Data Security Measures
pkr38 implements a comprehensive, layered approach to data security designed to protect personal and financial data against unauthorised access, alteration, disclosure, or destruction. Our security measures include both technical controls and organisational policies.
7.1 Technical Safeguards
- 256-bit SSL/TLS encryption on all data in transit between your device and the pkr38 Platform. All Platform pages are served exclusively over HTTPS.
- AES-256 encryption at rest for all databases containing personal and financial data. Encryption keys are managed using hardware security modules (HSMs) with strict access controls.
- Bcrypt password hashing with unique per-account salts. pkr38 never stores passwords in plain text or reversible encrypted form. Even in the event of a database breach, stored password hashes cannot be reversed to recover plain-text passwords.
- Two-factor authentication (2FA) is available for all player accounts and is strongly recommended. Enabling 2FA significantly reduces the risk of unauthorised account access even if your password is compromised.
- Intrusion detection and real-time monitoring systems alert pkr38's security team to unusual access patterns, potential brute-force attempts, or other anomalous activity 24 hours a day, 7 days a week.
- Regular penetration testing conducted by independent security researchers to identify and remediate vulnerabilities before they can be exploited.
7.2 Organisational Safeguards
Access to personal data within pkr38 is restricted on a strict need-to-know basis. Staff with access to personal or financial data undergo background checks prior to employment and receive mandatory data protection training on joining and annually thereafter. Access permissions are reviewed quarterly and revoked immediately upon any change in employment status. All data access is logged and auditable.
7.3 Data Breach Response
In the event of a personal data breach that poses a risk to the rights and freedoms of affected players, pkr38 will notify affected individuals without undue delay and, in any event, within 72 hours of becoming aware of the breach. Notification will be sent to your registered email address and will include: a description of the nature of the breach, the categories and approximate number of records affected, the likely consequences, and the measures pkr38 has taken or proposes to take to address the breach.
08 Policy Updates & Contact
pkr38 reviews this Privacy Policy at least annually and following any significant change to the way we process personal data, a change in applicable law, or a material change to our Platform or services. When we update this Privacy Policy, we will revise the "Last Updated" date at the top of this document and, where the change is material, provide you with a prominent notice via a Platform notification or an email to your registered address.
Your continued use of the pkr38 Platform following the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms. If you do not accept the revised Privacy Policy, you should cease using the Platform and may request account closure in accordance with the Terms & Conditions. We encourage you to review this page periodically to stay informed about how pkr38 protects your personal data.
8.1 Children's Privacy
The pkr38 Platform is strictly intended for adults aged 18 and above. We do not knowingly collect personal data from anyone under the age of 18. If a parent or guardian believes that their child has provided personal data to pkr38, they should contact us immediately at [email protected] with the subject line "Minor Account Report". Upon verification, we will promptly suspend the account, delete all associated personal data, and reverse any financial transactions where possible.
8.2 Contact Our Privacy Team
For all privacy-related enquiries, data rights requests, or concerns about how pkr38 handles your personal data, please contact us using the details below. All privacy enquiries are handled by our dedicated compliance and support team and are responded to in English:
- Email: [email protected] (subject line: "Privacy Enquiry")
- Data Rights Requests: [email protected] (subject line: "Privacy Rights Request")
- Security Reports: [email protected] (subject line: "Security Report")
- Response Language: English
- Response Time: Within 5 business days for standard enquiries; within 24 hours for security reports
- Time Zone: Bangladesh Standard Time (BST, UTC+6)
Questions About Your Privacy?
Our support team is available around the clock to handle any privacy enquiries, data rights requests, or account security concerns. Reach us at [email protected].
18+ only. Gambling involves financial risk. Please play responsibly. Self-exclusion tools are available in your account settings.