Scope and purpose of this privacy statement

Personal information collected

• Account details: name, date of birth, nationality, address, phone, email, username, security credentials.
• Identity and verification data: ID documents, selfies, proof of address, source of funds where required for responsible gambling and AML checks.
• Transaction and payment information: deposits, withdrawals, payment method details routed through approved providers, account balance, betting and gaming records.
• Technical and device data: IP address, device identifiers, browser type, operating system, language, time zone, app version, log files.
• Location signals: approximate location inferred from IP or device settings where permitted by the user or required for compliance.
• Communications: chat, emails, calls, and support tickets.
• Preferences and responsible gambling settings: limits, exclusions, session reminders, marketing choices.

Why the information is collected

• To create and manage the user account and provide online services.
• To process payments and transactions and to resolve queries.
• To verify identity, prevent fraud, and comply with anti-money laundering and counter‑terrorist financing obligations under Zambian law.
• To support responsible gambling measures and legal age checks.
• To improve user experience, website performance, and service quality.

Technical and organisational protection measures

• Encryption in transit and at rest for sensitive data, access controls, role-based permissions, and segregation of systems.
• Vendor due diligence, contractual confidentiality, and ongoing monitoring of processors.
• Staff training, background checks where appropriate, and strict need-to-know access.
• Incident response procedures and audit logging.
• Data minimisation and retention schedules tied to legal and regulatory requirements.

User rights under Zambian law

• Access: request a copy of personal data and information about processing.
• Correction: ask to rectify inaccurate or incomplete data.
• Deletion: request erasure where the law allows, including where consent is withdrawn and no other lawful basis applies.
• Restriction and objection: limit or object to certain processing.
• Portability: receive certain data in a portable format where feasible.
• Withdraw consent: at any time, affecting future processing only.
• Complaint: lodge a complaint with the Office of the Data Protection Commissioner in Zambia.

Paripesa aligns its practices with the Data Protection Act, 2021 of Zambia and recognised international privacy principles.

• Account service and operations: to register, authenticate, provide user support, and run online services.
• Transactions: to process deposits, withdrawals, refunds, and chargeback management.
• Responsible gambling: to apply user limits, time-outs, self-exclusions, and related safeguards.
• Security and fraud prevention: to perform risk scoring, device fingerprinting, and identity checks.
• Service improvement and analytics: to measure performance, fix errors, and enhance features.
• Marketing and personalisation: to send updates and tailor content where the user has consented or where permitted by law, with opt-out options.
• Legal compliance: to meet obligations under taxation, AML and CTF rules, dispute handling, and requests from competent authorities.

Processing is based on consent, performance of a contract, legal obligation, or legitimate interests, applied in a transparent manner.

How to exercise rights

• Access and update: use account settings where available or contact support to request copies or updates to personal information.
• Correction: provide supporting details so inaccurate data can be rectified promptly.
• Deletion: submit a request for erasure. Some information may be kept where required by law, regulatory obligations, or to establish, exercise, or defend legal claims.
• Verification: the operator may request proof of identity before actioning any request to protect user accounts.

By using Paripesa services, the user consents to security checks, identity verification, and processing of payment information by approved payment providers for transactions and fraud prevention.

• Services are intended for adults aged 18 and above, in line with Zambian gambling laws.
• The operator cannot confirm age without identification documents provided by the user.
• If personal data of a minor is found on the system, it will be deleted once a verified parent or legal guardian notifies support and provides sufficient proof.

Personal information may be processed in other countries where service providers and partners operate. Use of the website constitutes consent to such international transfers. All partners are required to keep the data confidential and to apply appropriate security measures. Contractual safeguards and standard protections are applied to maintain a level of protection consistent with Zambian law and recognised international standards.

A legal disclaimer may qualify or limit the scope or effect of certain rules in this policy, to the extent permitted by law. The disclaimer and policy apply once the user accepts them through a signed document, a click-acceptance, or accession during registration or use. If any clause is invalid under applicable law, the remaining terms continue to apply. Where there is a conflict between this policy and mandatory law, the law prevails.

What cookies are

Cookies are small text files stored on a device by websites to remember user preferences and improve online services.

How cookies are used

• Statistics and analytics to understand site performance and usage.
• Behaviour analysis to detect errors and improve navigation.
• Personalisation to remember preferences such as language and login state.
• Security and fraud prevention related to account protection.

Retention and control

• Standard cookie retention is up to 1 year unless the user clears them earlier or the law requires a different period.
• Users can manage cookies through browser or device settings. Disabling some cookies may affect certain features.

Using the website and services signifies full acceptance of this Privacy Policy. The current version published on the site takes precedence over any earlier versions and applies to all ongoing collection and processing of personal information.

Personal information may be shared where necessary to provide services, comply with the law, or protect rights. Typical recipients include payment processors, banks, KYC and identity verification providers, fraud prevention services, analytics vendors, customer support platforms, marketing service providers where consent exists, auditors, regulators, law enforcement, and dispute resolution bodies.

A list of key processors or partners may be provided on the website or during the relevant transaction. If not listed, the user will be informed of the purpose and scope of sharing where required by law. Providing data for a transaction constitutes consent to share it for that purpose and any related legal or compliance needs.

The website may include links to third-party websites or services that have their own privacy policies. The operator is not responsible for how those sites collect or use information. Users should review the privacy statements of external websites and exercise caution when sharing personal details.