zd22 Privacy Policy
At zd22, protecting your personal data is a responsibility we take seriously. This Privacy Policy explains exactly what information we collect, why we collect it, how it is used and stored, and what rights you have over your own data as a player on our platform.
SSL-Encrypted Data Transfer
Every byte of data exchanged between your browser and zd22's servers is protected by industry-standard TLS/SSL encryption, ensuring your personal and financial details cannot be intercepted in transit.
You Control Your Data
Registered players can request access to, correction of, or deletion of their personal data at any time. We honour all valid data rights requests promptly and without unnecessary delay.
No Unnecessary Data Collection
zd22 collects only the data that is strictly necessary for account management, payment processing, regulatory compliance, and platform security. We do not sell your data to advertisers.
Secure Data Storage
Player data is stored in access-controlled, encrypted server environments. Access to personal data is strictly limited to authorised personnel who require it to perform their job functions.
Transparent Cookie Use
We use cookies primarily for session management and platform performance. Strictly optional analytics and preference cookies are documented clearly in Section 4 of this policy.
KYC and AML Compliance
Identity verification data collected during our KYC process is used solely for fraud prevention, age verification, and anti-money-laundering obligations. It is never shared for marketing purposes.
1 Information We Collect
When you interact with the zd22 platform — whether you are browsing as a guest, registering an account, making a deposit, placing a bet, or contacting our support team — we may collect and process various categories of personal information. The information we collect falls into three broad categories: information you provide directly, information collected automatically, and information obtained from third parties.
Information You Provide Directly
| Category | Examples | When Collected |
|---|---|---|
| Identity Data | Full name, date of birth, national ID number, passport number | Registration and KYC verification |
| Contact Data | Email address, mobile phone number, residential address | Registration, KYC, support requests |
| Account Credentials | Username, encrypted password hash | Registration |
| Financial Data | bKash number, Nagad number, Rocket number, bank account details (for withdrawals) | Deposit and withdrawal processing |
| KYC Documents | Scanned government-issued ID, proof of address, payment method confirmation | Account verification on request |
| Communications | Live chat transcripts, email correspondence, support ticket content | When you contact our support team |
Information Collected Automatically
When you visit or use the zd22 platform, our servers and analytics systems automatically collect certain technical data about your device and session. This includes your IP address, browser type and version, operating system, device type (desktop, mobile, tablet), referring URL, pages visited, session duration, and in-platform activity logs such as games played, bets placed, and transactions initiated. This data is used for platform security, fraud detection, performance optimisation, and responsible gaming monitoring.
Information from Third Parties
zd22 may receive limited personal data from third-party payment processors (such as bKash, Nagad, Rocket, and Upay) as part of transaction confirmation workflows. In certain circumstances, we may also receive identity verification data from accredited third-party KYC and anti-fraud service providers. All such data is handled in accordance with this Privacy Policy.
zd22 does not collect sensitive data such as racial or ethnic origin, political opinions, religious beliefs, or health data, except where health-related information is voluntarily provided in the context of a responsible gaming self-exclusion or welfare concern.
2 How We Use Your Data
zd22 uses the personal data we collect for clearly defined, lawful purposes. We do not use your data for any purpose that is incompatible with the reasons for which it was originally collected. The primary purposes for which we process your personal data are set out below:
- Account Management: To create, maintain, and administer your player account, including verifying your identity, processing your login, and enabling access to the platform's features.
- Payment Processing: To facilitate deposits and withdrawals via your chosen payment method (bKash, Nagad, Rocket, Upay, or bank transfer), including reconciling transactions and investigating payment disputes.
- Legal and Regulatory Compliance: To meet our obligations under applicable anti-money-laundering (AML) legislation, Know Your Customer (KYC) requirements, and any other legal obligations to which zd22 is subject, including responding to lawful requests from governmental or regulatory authorities.
- Fraud Prevention and Security: To detect, investigate, and prevent fraudulent activity, money laundering, unauthorised account access, and other prohibited conduct as defined in our Terms & Conditions.
- Responsible Gaming: To monitor player activity for signs of problem gambling behaviour, to apply player-requested deposit limits, loss limits, session time reminders, and self-exclusion measures, and to administer our responsible gaming programme effectively.
- Customer Support: To respond to your enquiries, process complaints, and resolve disputes in a timely and professional manner.
- Platform Improvement: To analyse aggregated, anonymised usage data in order to improve our website performance, user experience, game selection, and feature set.
- Marketing Communications: To send you promotional offers, bonus notifications, and news about the zd22 platform — but only where you have given your explicit consent to receive such communications and have not subsequently opted out. You may withdraw your consent to marketing communications at any time by contacting our support team or using the unsubscribe option in any marketing email.
zd22 does not sell, rent, or commercially trade your personal data to any third party for their own marketing or commercial purposes. Your data is your data.
3 Legal Basis for Processing
zd22 processes your personal data only where a valid legal basis exists for doing so. The legal grounds upon which we rely are:
- Contractual Necessity: Processing is necessary to perform the contract between you and zd22 — i.e., to provide you with access to the platform, process your transactions, and administer your account. Without this processing, we cannot deliver our services to you.
- Legal Obligation: Processing is necessary to comply with applicable laws and regulations, including AML obligations, KYC requirements, and any directions from competent authorities. This legal basis applies to identity verification, transaction monitoring, and record-keeping.
- Legitimate Interests: Processing is necessary for zd22's legitimate interests where those interests are not overridden by your rights and interests. This includes fraud prevention, platform security, responsible gaming monitoring, and improving our services through anonymised analytics.
- Consent: Where none of the above grounds apply — primarily in the context of direct marketing communications — we will only process your data where you have given us clear, informed, and freely given consent. You retain the right to withdraw that consent at any time without detriment to your account standing.
Where we rely on legitimate interests as our legal basis, we conduct a balancing test to ensure that our interests do not disproportionately override your right to privacy. Details of our legitimate interests assessments are available upon written request to our support team.
4 Cookies and Tracking Technologies
zd22 uses cookies and similar tracking technologies (including local storage and session storage) to operate the platform efficiently and to understand how our players interact with our services. A cookie is a small text file placed on your device by a website you visit; it enables the website to recognise your device on subsequent visits and to retain certain preferences or session data.
| Cookie Type | Purpose | Required? | Retention |
|---|---|---|---|
| Strictly Necessary | Session management, login authentication, CSRF protection, load balancing | Yes — cannot be disabled | Session / up to 24 hours |
| Functional | Remembering language preferences, game lobby layout settings, responsible gaming tool states | Recommended | Up to 12 months |
| Analytics | Aggregated, anonymised data on page visits, session duration, and feature usage — used to improve platform performance | Optional | Up to 24 months |
| Fraud Prevention | Device fingerprinting tokens used by our security systems to detect suspicious login attempts and unusual activity patterns | Yes — security-critical | Up to 30 days |
You may manage your cookie preferences through your browser settings. Please note that disabling strictly necessary or fraud prevention cookies may impair your ability to log in to or use the zd22 platform correctly. Instructions for managing cookies in common browsers (Chrome, Firefox, Safari, Edge) are available through each browser's official help documentation.
zd22 does not use cookies for cross-site advertising tracking, retargeting, or for building advertising profiles of individual players. Our analytics cookies produce anonymised, aggregated reports only.
5 Data Sharing and Disclosure
zd22 does not sell or rent your personal data to any third party. We may share your data with carefully selected third parties only in the following circumstances and for the following purposes:
- Payment Service Providers: We share the minimum necessary transaction data with payment providers such as bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, City Bank, and BRAC Bank in order to process your deposits and withdrawals. These providers operate under their own privacy policies and applicable financial regulations.
- KYC and Identity Verification Partners: We may share identity document images and personal details with accredited third-party KYC verification services in order to fulfil our age verification and anti-money-laundering obligations. These partners are contractually bound to process data solely for the verification purpose and to maintain equivalent data security standards.
- Game Content Providers: To deliver live casino, slot, and other game content, our platform connects to game servers operated by licensed providers including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. These connections may involve the transmission of your account identifier and bet data to the game provider's servers. These providers are independently licensed and operate under their own data protection frameworks.
- Security and Fraud Prevention Services: We use third-party tools to assist with real-time fraud detection, device fingerprinting, and account security monitoring. These services receive limited technical data (such as IP addresses and device attributes) and are contractually prohibited from using it for any purpose other than security.
- Legal and Regulatory Authorities: We may disclose your personal data to governmental bodies, law enforcement agencies, or regulatory authorities where we are legally compelled to do so, or where we believe disclosure is necessary to prevent fraud, money laundering, or other criminal activity.
- Business Transfers: In the event that zd22 undergoes a merger, acquisition, or sale of assets, your personal data may form part of the transferred assets. In such circumstances, we will provide you with reasonable advance notice and ensure that the acquiring entity commits to honouring this Privacy Policy.
All third parties with whom zd22 shares personal data are required to implement appropriate technical and organisational security measures and to process your data only for the specified, agreed purpose. We do not permit our service providers to use your data for their own commercial or marketing ends.
6 Data Retention
zd22 retains your personal data for as long as is necessary to fulfil the purposes for which it was collected, and for as long as is required by applicable law. Our retention periods are determined by the nature of the data and the purpose for which it is held:
- Active Account Data: All personal data associated with your active player account is retained for the lifetime of the account. This includes identity data, contact data, financial data, and account activity history.
- Closed Account Data: Following the closure of a player account (whether voluntarily or by zd22), we retain identity and transaction records for a minimum of five (5) years from the date of closure in order to comply with AML and KYC record-keeping obligations.
- KYC Document Images: Copies of identity documents submitted during the KYC process are retained for a minimum of five (5) years from the date of submission or the date of account closure, whichever is later.
- Transaction Records: Financial transaction records (deposits, withdrawals, bonus claims, and bet history) are retained for a minimum of five (5) years from the date of the transaction to comply with financial record-keeping requirements.
- Support Communications: Live chat transcripts and email correspondence with our support team are retained for a minimum of two (2) years from the date of the interaction.
- Analytics Data: Anonymised, aggregated analytics data that cannot be used to identify any individual player is retained indefinitely for platform performance analysis and historical reporting purposes.
- Marketing Consent Records: Records of your consent to (or withdrawal from) marketing communications are retained for the duration of your account plus three (3) years, to allow us to demonstrate compliance with consent obligations.
Upon expiry of the applicable retention period, your personal data is securely deleted or irreversibly anonymised in accordance with our internal data disposal procedures. Where a legal hold or ongoing investigation requires us to retain data beyond the standard period, we will do so only for the duration necessary and will notify you where legally permissible.
7 Your Data Rights
As a player on the zd22 platform, you have the following rights in respect of your personal data. You may exercise any of these rights at any time by contacting our support team via live chat or by emailing (plain text — not a link):
- Right of Access: You have the right to request a copy of the personal data we hold about you, together with information about how it is being used and with whom it has been shared. We will fulfil access requests within 30 days of receipt.
- Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it without undue delay. For account-critical data such as your name and date of birth, rectification may require submission of supporting documentation.
- Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you have withdrawn consent (and no other legal basis applies), or where you object to processing on legitimate interests grounds and no overriding interests exist. Please note that this right may be limited where we are required to retain data by law (e.g., AML record-keeping obligations).
- Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, while the accuracy of data is being contested, or while an objection to processing is being assessed.
- Right to Data Portability: Where processing is based on your consent or on contractual necessity, and is carried out by automated means, you have the right to receive a copy of your data in a structured, commonly used, machine-readable format, and to request that it be transmitted directly to another controller where technically feasible.
- Right to Object: You have the right to object to processing of your personal data on the basis of legitimate interests, including profiling, at any time. You also have an absolute right to object to processing for direct marketing purposes; upon such an objection, we will cease processing immediately.
- Rights Related to Automated Decision-Making: If any decision with legal or similarly significant effect is made about you based solely on automated processing, you have the right to request human review of that decision, to express your point of view, and to contest the outcome.
zd22 aims to respond to all data rights requests within 30 calendar days. In complex cases, this period may be extended by a further 60 days, in which case we will inform you within the initial 30-day window and explain the reason for the extension. We do not charge a fee for processing data rights requests unless requests are manifestly unfounded or excessive.
8 Data Security Measures
zd22 takes the security of your personal data seriously. We have implemented a layered set of technical and organisational measures designed to protect your data against unauthorised access, accidental loss, destruction, alteration, or disclosure. Our security framework includes the following controls:
- Transport Layer Security (TLS): All data transmitted between your device and zd22's servers is encrypted using TLS 1.2 or higher. Our SSL certificate is maintained and renewed regularly, and our HTTPS configuration is audited periodically against industry best-practice standards.
- Password Security: Account passwords are never stored in plaintext. zd22 uses a salted hashing algorithm to store password credentials, meaning that even in the event of a data breach, raw passwords cannot be recovered from our stored data.
- Access Controls: Access to systems containing personal data is governed by the principle of least privilege. Staff members are granted access only to the data they require to perform their specific job function. All administrative access is logged and subject to regular review.
- Two-Factor Authentication: Players are encouraged to enable 2FA on their accounts. Internal staff accounts with access to player data are required to use 2FA as a mandatory control.
- Intrusion Detection and Monitoring: Our platform operates continuous real-time monitoring for unusual access patterns, potential intrusion attempts, and anomalous transaction behaviour. Security events are triaged and escalated according to a defined incident response procedure.
- Data Breach Response: In the event of a personal data breach that poses a risk to your rights and freedoms, zd22 will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and will inform affected players without undue delay where the breach is considered high-risk.
No data transmission over the internet or method of electronic storage is 100% secure. While we work continuously to protect your data, we cannot guarantee absolute security. We encourage all players to use a strong, unique password for their zd22 account and to enable two-factor authentication.
9 Third-Party Services and Links
The zd22 platform integrates with a number of third-party service providers in order to deliver its full feature set. While we carefully select and contractually bind all third-party processors to data protection standards consistent with this Policy, each of these providers also maintains their own privacy policy governing their processing activities. zd22 is not responsible for the privacy practices of third-party providers operating under their own independent data controller status.
The main categories of third-party services integrated with the zd22 platform include:
- Game Content Providers: Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. When you play a game hosted by these studios, your session data (player ID, stake, game outcome) is processed by the studio's game servers. These studios are independently regulated and maintain their own privacy frameworks.
- Payment Gateways: bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, City Bank, and BRAC Bank. These providers receive transaction data necessary to process your deposits and withdrawals. Please review each provider's privacy policy for details of how they handle your financial data.
- Analytics Providers: We use privacy-respecting, first-party analytics tools to monitor platform performance. Where third-party analytics libraries are used, they are configured to anonymise IP addresses and to avoid cross-site tracking.
- Security and Fraud Prevention: Specialist fraud prevention services may process technical device data (IP, browser fingerprint, device identifiers) to identify and prevent fraudulent activity. These services do not receive your full personal profile.
The zd22 website may contain links to informational third-party resources. zd22 has no control over the content or privacy practices of external websites, and we are not responsible for their policies. We recommend reviewing the privacy policy of any third-party website you choose to visit.
10 Changes to This Privacy Policy
zd22 reserves the right to amend or update this Privacy Policy at any time. We will notify you of material changes to this Policy by posting a prominent notice on the zd22 platform homepage and, where we hold a valid email address for you, by sending a notification to your registered email address, at least seven (7) days before the revised Policy takes effect.
Minor amendments — such as typographical corrections, clarifications that do not alter the substance of our data processing practices, or updates required by changes to applicable law — may be made without advance notice and will be reflected in the "Last Updated" date at the top of this page.
Your continued use of the zd22 platform after a revised Privacy Policy has come into effect constitutes your acknowledgement of the updated terms. If you do not agree with any material change to this Policy, you are entitled to close your account and request deletion of your personal data (subject to our legal retention obligations) by contacting our support team before the effective date of the change.
The version of this Privacy Policy currently published at zd22.my/privacy-policy supersedes all previous versions. We recommend bookmarking this page and checking it periodically, particularly if you are a regular player on the platform.
All previous versions of this Privacy Policy are available upon written request to (plain text — not a link). We maintain an internal version history for governance and accountability purposes.
11 Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or to the way in which zd22 processes your personal data, please do not hesitate to get in touch with our support team. We are available 24 hours a day, 7 days a week, every day of the year, including public holidays observed in Bangladesh.
- Email: (plain text — not a link)
- Live Chat: Available directly on the platform after login, 24/7
- WhatsApp: Available after login to your player account
- Support Hours: 24/7, Bangladesh Standard Time (UTC+6)
When contacting us regarding a data rights request, please include your registered account username, the email address associated with your account, a clear description of your request, and any supporting information that may help us locate your data promptly. We may need to verify your identity before actioning any data rights request in order to protect the security of your account.
zd22 is committed to resolving all privacy-related queries fairly and efficiently. If you are not satisfied with our response to your data rights request, you have the right to escalate the matter to the relevant data protection authority in your jurisdiction.
Ready to Play on zd22?
Now that you understand how we protect your data, explore our games and promotions — or log in to your account to get started.