Lucky Star Privacy Policy India – Data Protection for Indian Players
- 1. Introduction and Scope
- 2. Data We Collect From Indian Players
- 3. How We Use Your Information
- 4. Lawful Grounds Under the DPDP Act 2023
- 5. Third-Party Sharing and Data Recipients
- 6. Cookies and Tracking Technologies
- 7. Data Retention Periods
- 8. Your Rights as a Data Principal
- 9. Cross-Border Data Transfers
- 10. Data Security Measures
- 11. Children's Privacy and Age Verification
- 12. Policy Updates
- 13. Grievance Officer and Contact
- 14. Final Thoughts
1. Introduction and Scope
Lucky Star operates as a licensed online gaming platform under 1win N.V., registered in Curacao with licence number 8048/JAZ 2018-040. Moreover, this Privacy Policy explains how we collect, process, and safeguard personal information belonging to our Indian players. Specifically, the document aligns with the Digital Personal Data Protection Act 2023 (DPDP Act), which governs data handling across India. Furthermore, it covers every interaction on lucky-star.co, including registration, deposits, gameplay, and customer support.
As a Data Fiduciary under Indian law, we treat every Data Principal with transparency and respect. Therefore, the policy sets out lawful grounds, retention rules, and grievance mechanisms that Indian residents can rely on. In addition, it describes how UPI transactions, Aadhaar details, and PAN records receive enhanced protection. Consequently, players gain a clear view of their rights before creating an account on our platform.
2. Data We Collect From Indian Players
We gather only the information necessary to operate the service, verify identity, and meet regulatory duties. Furthermore, each category below reflects a specific processing purpose tied to Indian compliance standards.
2.1 Personal Identification Data
During registration, we request your full name, date of birth, residential address, mobile number, and email ID. In addition, we may ask for your preferred state within India and language choice. Specifically, this data establishes that you meet the legal age of 18 and reside in a jurisdiction where access is permitted. Therefore, accuracy at sign-up prevents verification delays later.
2.2 Financial and KYC Data
Financial processing requires documentation that Indian regulators recognise for anti-money-laundering checks. Moreover, the following items fall into this category:
- UPI handle and VPA: Captured when you deposit or withdraw via PhonePe, Paytm, Google Pay, or BHIM.
- Aadhaar reference: Collected for KYC where masked, and encrypted according to UIDAI guidelines.
- PAN card details: Required for withdrawals exceeding statutory thresholds under Indian tax law.
- Bank account particulars: Processed for IMPS or NEFT payouts through authorised channels.
- Transaction history: Logged in INR for audit and dispute resolution purposes.
2.3 Technical Data
Technical signals help us defend the platform from fraud and abuse. For example, we record your IP address, device fingerprint, browser version, operating system, and connection type. In addition, crash reports and latency metrics support stability improvements across Indian telecom networks. Consequently, your gaming experience remains smooth on both Jio and Airtel connections.
2.4 Behavioural Data
Gameplay analytics inform responsible gaming tools and personalised promotions. Specifically, we observe session duration, wager amounts, game preferences, and bonus activity. Moreover, this information helps the responsible gaming team detect unusual patterns early. As a result, we can suggest cooling-off periods or deposit limits when indicators arise.
3. How We Use Your Information
Every processing activity maps to a defined purpose. Furthermore, the list below shows why your data travels through our systems:
- Account operation: To create profiles, validate logins, and manage settings.
- Payment processing: To credit deposits and release withdrawals via Indian banking rails.
- Regulatory reporting: To satisfy Curacao licensing duties and Indian tax authorities.
- Fraud prevention: To detect bonus abuse, chargebacks, and unauthorised access attempts.
- Customer support: To resolve queries raised through chat, email, or the grievance channel.
- Marketing communication: To share promotions, tournaments, and bonus offers where you consent.
4. Lawful Grounds Under the DPDP Act 2023
Indian law requires a valid basis for every processing activity. Therefore, we rely on the grounds listed below, each matched to a specific situation:
- Consent: Freely given when you tick agreement boxes during registration or marketing opt-in.
- Contractual necessity: Processing needed to deliver the gaming service you requested.
- Legal obligation: Retention and reporting duties imposed by Indian tax and AML rules.
- Legitimate uses: Fraud monitoring and account security as permitted under Section 7 of the DPDP Act.
- Public interest: Compliance with lawful requests from competent Indian authorities.
5. Third-Party Sharing and Data Recipients
We never sell personal data. However, trusted partners assist with payments, verification, and regulatory tasks. In addition, the table below summarises the categories of recipients involved with Indian player information.
| Recipient Category | Examples | Purpose | Data Shared |
|---|---|---|---|
| Indian Payment Processors | Razorpay, Cashfree, PayU India | UPI and card settlements | VPA, amount, reference ID |
| International Processors | Skrill, Neteller | Alternative withdrawals | Email, amount, currency |
| KYC Partners | Authorised Aadhaar verifiers | Identity and age confirmation | Name, DOB, masked Aadhaar |
| Gaming Regulators | Curacao Gaming Control Board | Licence oversight and audits | Account logs, transaction data |
| Tax Authorities | Indian Income Tax Department | TDS reporting on winnings | PAN, withdrawal totals |
| Cloud Infrastructure | Certified ISO 27001 providers | Secure hosting and backups | Encrypted account databases |
6. Cookies and Tracking Technologies
Cookies allow the site to remember your preferences and improve navigation. Moreover, we apply different categories for different purposes, as outlined below:
- Strictly necessary cookies: Enable login sessions, balance display, and security tokens.
- Functional cookies: Save language preference and remember your selected INR currency.
- Analytical cookies: Measure feature usage across Indian regions to guide improvements.
- Marketing cookies: Display relevant offers when you consent through the banner prompt.
You can adjust cookie preferences inside your browser at any time. However, disabling strictly necessary cookies may prevent gameplay from loading correctly.
7. Data Retention Periods
Retention windows follow Indian regulatory timelines rather than arbitrary choices. For example, financial records stay for seven years under Reserve Bank of India guidance and the Income Tax Act. In addition, KYC documents remain on file for at least five years after account closure, as AML rules require. Consequently, we keep only what the law mandates, nothing more.
Gameplay logs and marketing preferences follow shorter cycles. Specifically, session analytics are anonymised after twenty-four months, while marketing consent records expire when you withdraw consent. Therefore, historical data gradually reduces in line with genuine business need. Moreover, retention reviews run twice each year to remove obsolete entries.
8. Your Rights as a Data Principal
The DPDP Act 2023 grants Indian players meaningful control over personal data. Furthermore, you may exercise the rights listed below by contacting the Grievance Officer:
- Right to access: Request a summary of the data we hold about you.
- Right to correction: Update inaccurate or outdated information in your profile.
- Right to erasure: Ask for deletion once legal retention periods expire.
- Right to grievance redressal: Raise complaints and receive a response within statutory timelines.
- Right to nominate: Appoint a nominee who can act on your behalf in specific situations.
- Right to withdraw consent: Revoke previously granted permissions at any time.
We respond to verified requests within thirty days. Moreover, escalation to the Data Protection Board of India remains available if you feel the outcome is unsatisfactory.
9. Cross-Border Data Transfers
Because our platform operates from Curacao, some processing happens outside India. However, transfers comply with Section 16 of the DPDP Act, which permits cross-border movement to countries not restricted by the Central Government. In addition, we apply contractual safeguards with every overseas processor, covering encryption, access control, and breach notification. Therefore, your information travels only through channels that meet strict security standards.
European partners involved in analytics and hosting operate under GDPR safeguards. Consequently, Indian players benefit from layered protection that combines domestic rules with international best practice. Furthermore, data flows are logged and reviewed during annual audits.
10. Data Security Measures
Security engineering sits at the heart of our operations. For example, every connection to lucky-star.co uses TLS 1.3 encryption, while payment pages conform to PCI DSS Level 1 standards. Moreover, Aadhaar references are tokenised and stored in an isolated vault that only authorised staff can access. As a result, even internal systems cannot read masked identifiers without explicit authorisation.
Additional controls include multi-factor authentication, role-based access, intrusion detection, and continuous vulnerability scanning. Furthermore, penetration tests run quarterly against all customer-facing services. Consequently, weaknesses are identified and patched before they can affect Indian players. In addition, staff undergo mandatory data protection training every year.
11. Children’s Privacy and Age Verification
Lucky Star welcomes adults aged 18 and above only. Therefore, underage access is strictly prohibited on every page of the platform. Specifically, registration requires a valid date of birth, and KYC checks confirm the declared age through Indian identity documents. Moreover, any account suspected to belong to a minor is frozen immediately and the associated data is deleted.
12. Policy Updates
Privacy rules evolve as legislation changes and new technologies appear. Consequently, we may revise this document to reflect amendments to the DPDP Act or Curacao licensing requirements. In addition, we publish the revision date at the top of the page and notify registered users through email when material changes occur. Therefore, checking the policy regularly keeps you informed about your rights.
13. Grievance Officer and Contact
Indian players enjoy a dedicated grievance channel under the DPDP Act. Furthermore, the appointed Grievance Officer handles complaints about data processing, consent withdrawal, and rights requests. You may reach the team through the following options:
- Primary email: [email protected] for all privacy-related matters.
- Response window: Acknowledgement within forty-eight hours and resolution within thirty days.
- Regulatory escalation: Curacao Gaming Control Board for licensing concerns.
- Indian escalation: Data Protection Board of India when grievances remain unresolved.
Consent Manager integrations will be added once the Indian framework fully publishes technical specifications. Moreover, updates will appear in this section as soon as registration becomes available.
14. Final Thoughts
Protecting personal information remains a core promise that Lucky Star makes to every Indian player. Therefore, this Privacy Policy reflects the spirit and letter of the DPDP Act 2023, combining transparent data practices with robust technical safeguards. Moreover, by outlining retention periods, lawful grounds, and grievance channels, we give Data Principals a clear path for exercising their statutory rights. In addition, the encrypted handling of Aadhaar, PAN, and UPI details ensures that sensitive identifiers never circulate beyond authorised systems.
We encourage players from Mumbai, Delhi, Bengaluru, Chennai, and every other Indian city to review this policy before playing. Furthermore, any question about data collection, storage, or sharing can reach our Grievance Officer at [email protected]. As a result, you receive a timely answer aligned with Indian legal timelines. Finally, remember that informed consent and responsible gaming walk hand in hand, because understanding how your data flows empowers smarter choices at the table and on the reels.
