Privacy Policy — How cerickex Protects Your Data
At cerickex, your privacy is treated with the same rigour we apply to platform security. This Privacy Policy explains precisely what personal data we collect, why we collect it, how we use and protect it, and what rights you hold as a registered player in Bangladesh.
Data Minimisation
cerickex collects only the personal data that is strictly necessary for the specific purpose for which it is gathered. We do not collect data speculatively or retain it beyond the period required for its stated purpose. If a piece of information is not needed to operate your account or meet a legal obligation, we do not ask for it.
256-bit SSL Encryption
All data transmitted between your device and cerickex servers is protected by 256-bit SSL/TLS encryption — the same standard used by major financial institutions. Data at rest in our systems is stored in encrypted form. Encryption keys are managed under strict access controls with regular rotation schedules.
No Sale of Personal Data
cerickex does not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. Data is shared only with vetted service providers who assist in operating the platform, and only under strict contractual data-processing agreements that prohibit any further use.
Your Rights Are Respected
You have the right to access, correct, export, and request deletion of your personal data held by cerickex, subject to applicable legal and regulatory retention obligations. All such requests are handled within 30 calendar days of receipt, with written confirmation of the action taken.
Defined Retention Periods
cerickex maintains a clear data retention schedule. Financial transaction records and KYC documents are retained for the minimum period required by applicable anti-money laundering regulations. Marketing preferences and behavioural data are reviewed regularly and purged when no longer necessary for the purpose collected.
Marketing Opt-Out
cerickex will only send you marketing communications where you have provided explicit consent, or where a legitimate interest exists under applicable data protection principles. You may withdraw consent or opt out of all marketing communications at any time by updating your account preferences or contacting our support team. Opt-out requests are processed within 5 business days.
1. Data We Collect
cerickex collects personal data through a number of channels, including your account registration form, KYC verification submissions, payment transactions, customer support interactions, and your general use of the platform. The categories of personal data we collect are set out in the table below.
| Category | Specific Data Points | Collection Method |
|---|---|---|
| Identity Data | Full legal name, date of birth, National Identity Card (NID) number, passport or driver's licence details, photograph | Registration form; KYC document upload |
| Contact Data | Email address, mobile phone number, residential address (city, district, division) | Registration form; account settings |
| Financial Data | Deposit and withdrawal amounts, payment method identifiers (bKash/Nagad/bank account reference), transaction history | Cashier; payment provider callback |
| Technical Data | IP address, device type and model, operating system, browser type and version, session timestamps, login history | Automated collection via platform logs |
| Gaming Activity Data | Games played, wager amounts, win/loss records, bonus usage, responsible gaming tool settings | Platform activity logging |
| Communications Data | Support ticket content, live chat transcripts, email correspondence, survey responses | Customer support channels |
| Marketing Preferences | Promotional opt-in/opt-out status, communication channel preferences, bonus preference history | Account settings; consent forms |
cerickex does not knowingly collect special category data (such as racial or ethnic origin, religious beliefs, health data, or political opinions) unless this is directly required for a responsible gaming assessment and is provided voluntarily by the player. We do not collect biometric data beyond what is contained in identity document photographs submitted for KYC purposes.
2. Lawful Basis for Processing
cerickex processes personal data only where a valid lawful basis exists. The primary bases on which we rely are as follows:
- Performance of Contract: Processing your identity, contact, financial, and gaming activity data is necessary to operate your cerickex account, process deposits and withdrawals, deliver gaming services, and administer bonuses. Without this processing, we cannot provide the service.
- Legal Obligation: We are required to collect and retain certain data — particularly identity documents and transaction records — to comply with anti-money laundering (AML) obligations, Know Your Customer (KYC) requirements, and fraud prevention duties. This processing is mandatory and cannot be opted out of while maintaining an active account.
- Legitimate Interests: We process technical data and gaming activity data to maintain platform security, detect and prevent fraud, improve the platform, and conduct internal analytics. We have assessed that these interests do not override your fundamental privacy rights.
- Consent: Where we send marketing communications via email or SMS, we do so only on the basis of your explicit, freely given consent obtained at registration or through your account marketing preferences. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
3. How We Use Your Data
Personal data collected by cerickex is used exclusively for the purposes described in this Privacy Policy. We do not use your data for any purpose that is incompatible with the reason for which it was originally collected. The specific uses to which we put your data are:
3.1 Account Management and Service Delivery
Your identity and contact data are used to create and maintain your cerickex account, authenticate your logins, process deposits and withdrawals through your chosen payment method (bKash, Nagad, Rocket, Upay, or bank transfer), credit bonuses and promotional rewards, and communicate essential account-related information such as transaction confirmations and security alerts.
3.2 Identity Verification and Compliance
cerickex uses identity data and financial data to verify your age and identity during KYC review, to screen transactions for AML compliance, to investigate suspected fraud or account abuse, and to respond to lawful requests from regulatory or law enforcement authorities. This processing is mandatory and forms a non-negotiable condition of maintaining an active account on the platform.
3.3 Platform Security and Fraud Prevention
Technical data — including IP addresses, device fingerprints, and session logs — is analysed to detect unauthorised account access, identify patterns associated with bonus abuse or multi-accounting, monitor for unusual transaction behaviour, and protect the integrity of games and betting markets. This processing is carried out on the basis of cerickex's legitimate interest in maintaining a secure and fair platform environment for all players.
3.4 Responsible Gaming Monitoring
Gaming activity data is used to monitor for behavioural patterns that may indicate problem gambling. Where such patterns are detected, cerickex may proactively reach out to the player with information about responsible gaming tools or, in serious cases, apply protective restrictions to the account. This processing is carried out in accordance with our Responsible Gaming Policy.
3.5 Marketing and Promotions
Where you have provided consent, cerickex uses your contact data and marketing preferences to send personalised promotional offers, bonus notifications, and platform news via email or SMS. Gaming activity data may be used to tailor promotional content to your preferences — for example, sending cricket-related offers to players who regularly bet on BPL or T20 World Cup matches. You can update your preferences or withdraw consent at any time through your account settings or by contacting support@cerickex.
3.6 Platform Improvement and Analytics
Aggregated and anonymised gaming activity data is used to analyse platform performance, identify popular game titles, assess the effectiveness of promotions, and guide product development decisions. This analysis is conducted on data that cannot reasonably be used to identify individual players.
4. Cookies and Tracking Technologies
cerickex uses cookies and similar tracking technologies to operate core platform functions, remember your preferences, analyse usage patterns, and — where you have consented — deliver relevant promotional content. The categories of cookies we deploy are described below.
| Cookie Type | Purpose | Retention |
|---|---|---|
| Strictly Necessary | Session management, authentication tokens, security (CSRF protection), load balancing | Session / up to 24 hours |
| Functional | Language and currency preferences, game lobby layout settings, responsible gaming reminder intervals | Up to 12 months |
| Analytics | Page visit frequency, navigation paths, feature usage rates — used in anonymised, aggregated form only | Up to 24 months |
| Marketing | Tracking promotional campaign effectiveness, frequency capping of promotional messages — only with your consent | Up to 6 months |
Strictly necessary cookies are deployed without requiring your prior consent as they are essential to the operation of the platform. All other cookie categories are activated only where you have provided consent via our cookie preference centre, accessible from your account settings. You may withdraw or modify your cookie consent at any time; however, disabling functional cookies may affect the usability of certain platform features.
cerickex does not use third-party advertising network cookies or sell cookie-derived data to external parties for commercial targeting purposes.
5. Data Sharing and Third Parties
cerickex does not sell, rent, or otherwise commercially exploit your personal data. We share data with third parties only in the following defined circumstances, and only to the minimum extent necessary for the stated purpose:
- Payment Processors: When you make a deposit or request a withdrawal, your payment details are transmitted to the relevant payment provider (e.g., bKash, Nagad, Rocket, Upay, or your bank). These providers receive only the transaction-specific data required to process the payment and are contractually prohibited from using it for any other purpose.
- Identity Verification Services: cerickex may use third-party KYC and identity verification providers to assist in validating the authenticity of identity documents submitted by players. These providers operate under strict data processing agreements and are not permitted to retain your identity documents beyond the verification process.
- Game Software Providers: Game providers such as Pragmatic Play, Evolution Gaming, Spribe, Ezugi, NetEnt, and Microgaming receive session tokens and anonymised player identifiers necessary to load and operate game content within the cerickex platform. These providers do not receive your full identity or contact data.
- Fraud and AML Screening: cerickex may share transaction data with specialist fraud prevention and AML screening services to fulfil its compliance obligations. Any such sharing is governed by data processing agreements and applicable legal requirements.
- Legal and Regulatory Authorities: cerickex will disclose personal data to law enforcement agencies, courts, or regulatory bodies where required to do so by applicable law, a valid court order, or other lawful authority. We will, where permitted by law, notify you of such a disclosure.
- Corporate Transactions: In the event of a merger, acquisition, or transfer of cerickex's business or assets, player data may be transferred to the successor entity. You will be notified of any such transfer and the privacy terms applicable to your data under the new arrangement.
All third parties with whom cerickex shares personal data are required to maintain appropriate technical and organisational security measures and to process the data solely for the purposes for which it was shared. cerickex remains responsible for ensuring that data sharing arrangements comply with applicable data protection principles.
6. Data Retention
cerickex retains personal data only for as long as is necessary for the purpose for which it was collected, or as required by applicable legal and regulatory obligations. The following retention periods apply:
- Account and Identity Data: Retained for the duration of your account's active status and for a minimum of five (5) years following permanent account closure, in accordance with AML record-keeping requirements.
- Financial Transaction Records: Retained for a minimum of five (5) years from the date of each transaction, as required under applicable financial regulations.
- KYC Documentation: Identity documents submitted for KYC verification are retained for the period required by AML obligations and are securely deleted thereafter. Copies are not retained beyond the required minimum period.
- Customer Support Records: Correspondence and support ticket records are retained for three (3) years from the date of the last interaction, to enable resolution of subsequent queries and disputes.
- Marketing Consent Records: Records of your marketing consent or opt-out are retained for the duration of your account and for three (3) years following account closure, to demonstrate compliance with marketing regulations.
- Technical and Log Data: Server logs, IP address records, and session data are retained for twelve (12) months for security monitoring and fraud investigation purposes, after which they are anonymised or deleted.
Following the expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised. cerickex maintains a formal data retention schedule reviewed annually by our compliance team to ensure that retention periods remain appropriate and proportionate.
7. Your Privacy Rights
As a player on cerickex, you hold a number of rights in relation to your personal data. These rights are described below. To exercise any of these rights, please contact our Data Protection team at support@cerickex with the subject line "Privacy Rights Request". We will acknowledge your request within 5 business days and provide a substantive response within 30 calendar days.
Please note that some rights are subject to limitations — for example, we cannot delete data that we are legally required to retain under AML regulations, and we cannot provide access to data that would reveal information about another individual. Where we are unable to fulfil a request in full, we will explain the reason in our response.
8. Data Security Measures
cerickex implements a layered set of technical and organisational security measures designed to protect your personal data against unauthorised access, accidental loss, alteration, disclosure, or destruction. Key elements of our security framework include:
- Transport Encryption: All data transmitted between your browser or app and cerickex servers is encrypted using TLS 1.2 or higher with 256-bit cipher suites. HTTP connections are automatically redirected to HTTPS.
- Data-at-Rest Encryption: Personal data stored in cerickex databases is encrypted at rest using AES-256 encryption. Encryption keys are stored separately from the data they protect and are subject to access controls and rotation policies.
- Access Controls: Access to systems containing personal data is restricted to cerickex staff who require it to perform their specific job functions. Access is governed by role-based permissions, multi-factor authentication, and comprehensive access audit logging.
- Penetration Testing: cerickex engages independent security specialists to conduct regular penetration testing and vulnerability assessments of its platform infrastructure. Critical findings are remediated on a prioritised basis.
- Incident Response: cerickex maintains a formal data breach incident response procedure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected players without undue delay and take all necessary remedial steps.
- Staff Training: All cerickex employees and contractors with access to personal data receive mandatory data protection training covering their obligations, safe data handling procedures, and the correct process for reporting suspected security incidents.
While cerickex takes all reasonable and proportionate steps to protect your data, no digital system can guarantee absolute security. You also have a role to play: please use a strong, unique password for your cerickex account, enable two-factor authentication where available, and never share your login credentials with any third party. If you suspect your account has been compromised, contact support@cerickex immediately.
For all privacy-related enquiries, data subject access requests, or complaints, please contact our Data Protection team at support@cerickex with the subject line "Privacy Rights Request". We aim to acknowledge all requests within 5 business days and resolve them within 30 calendar days.
Have Questions About Your Privacy?
Our support team is available around the clock. You can also review our full Terms & Conditions or explore the cerickex casino platform.