Privacy Policy

Last updated: 17 May 2026 · Operator: Grand Poker Arena (GPA), Bengaluru

Grand Poker Arena (“GPA”, “we”, “us”) respects your privacy. This policy explains what personal information we collect when you visit grandpokerarena.com or our premises in HSR Layout, Bengaluru, how we use it, who we share it with, how long we keep it, and the rights you have. We process your data in accordance with India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”) and applicable Karnataka regulations.

1. Information We Collect

1.1 Information you give us

Contact form submissions — name, email address, phone number, and the message you send via our contact page. Submissions are processed via a third-party form provider (Web3Forms) and delivered to GPA staff by email.
Membership applications — full name, date of birth, government-issued photo ID (Aadhaar, PAN, Passport, or Driving Licence), photograph, and contact details, collected on-premises or via WhatsApp at the time of KYC.
Game-play transactions — buy-ins, settlements, and prize disbursements linked to your KYC-verified bank account.
WhatsApp messages sent to our number (+91 89515 24449) for enquiries, bookings, or member services.

1.2 Information collected automatically

Site analytics — Google Analytics 4 (measurement ID G-B43ZZV9RV0) records pages visited, approximate location (city level), device type, browser, referrer, and aggregated usage patterns. Analytics cookies are only set after you grant consent via our cookie banner.
Server logs — our hosting provider (Amazon Web Services) records IP address, request time, and user-agent for security and abuse prevention.
CCTV footage — for the safety and security of all players, our premises are under continuous CCTV surveillance.

2. How We Use Your Information

To respond to enquiries you send through the contact form, WhatsApp, or email.
To verify identity and age (18+) as required for lawful skill-gaming operations under Karnataka law.
To process buy-ins, settlements, and tournament winnings.
To comply with our statutory obligations (TDS under Section 194B of the Income Tax Act, PMLA cash-handling limits, KYC record-keeping).
To improve our website, content, and on-premises experience using aggregated analytics.
To send service-related communications about tournaments, member events, or operational updates (only where you have asked us to).

3. Cookies & Tracking

We use the following categories of cookies and similar technologies. You can review, grant, or withdraw consent at any time using the “Preferences” button in our cookie banner.

Essential cookies — required for the site to function (session, security, your cookie-consent choice). These cannot be disabled.
Analytics cookies — set by Google Analytics 4 to measure aggregate usage. Off by default.
Marketing cookies — reserved for any future advertising integrations. Off by default; none are currently active.
Social cookies — only set if you choose to embed or interact with social-media widgets. Off by default.

By default, optional cookies are denied via Google Consent Mode v2 until you grant permission.

4. Who We Share Data With

We do not sell your personal information. We share limited data only with:

Google Analytics (Google LLC) — only when you have granted analytics consent.
Web3Forms (form processor) — only the fields you submit through the contact form.
Amazon Web Services — our hosting infrastructure.
Banking partners — for settlement of winnings to your KYC-verified account.
Statutory authorities — where disclosure is required by law (tax, anti-money-laundering, court order).

5. Data Retention

Contact-form submissions: kept for up to 24 months after the last interaction, then deleted.
KYC records: retained for 5 years after your last visit, as required under PMLA.
Game-play and settlement records: retained for the period required by the Income Tax Act and applicable accounting rules.
CCTV footage: retained for 30 days on rolling overwrite unless flagged for an incident.
Analytics data: retained per Google’s default GA4 settings (currently 14 months).

6. Your Rights Under the DPDP Act

As a data principal, you have the right to:

Request access to a summary of the personal data we hold about you.
Request correction of inaccurate or outdated personal data.
Request erasure of personal data, subject to our statutory retention obligations.
Withdraw consent for analytics, marketing, or social cookies at any time via the cookie banner.
Nominate a person to exercise your rights in case of incapacity or death.
Lodge a grievance with the Data Protection Board of India if you are not satisfied with our response.

Grievance Officer

To exercise any of these rights or raise a concern, write to us at info@gpaentertainment.in with the subject “Privacy Request”. We aim to respond within 30 days.

7. Security

We use industry-standard technical and organisational safeguards — HTTPS transport encryption, restricted access to KYC records, on-premises physical security, and 24/7 CCTV. No system is perfectly secure; if you suspect unauthorised access to your account or data, contact us immediately.

8. Children

GPA is an 18+ only venue. We do not knowingly collect personal data from anyone under 18. If you believe we hold data about a minor, contact us and we will delete it.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be highlighted on the site, and the “Last updated” date above will be revised.

10. Contact

Grand Poker Arena — 3rd Floor, 153 Outer Ring Road, Jakkasandra, 1st Sector, HSR Layout, Bengaluru 560102, Karnataka, India.
Email: info@gpaentertainment.in · Phone: +91 89515 24449

View Terms of Service →