Privacy Policy – mbiwin Online Casino Malaysia

1.Introduction

This Privacy Policy ("Policy") describes how mbiwin ("we", "us", "our", "mbiwin") collects, processes, stores, and discloses personal data obtained from users ("you", "your") of the mbiwin platform at mbiwin.com and all associated pages and services (the "Platform").

mbiwin operates as an online casino and sportsbook serving players in Malaysia and takes its obligations under applicable data protection laws seriously. By registering an account or using the Platform in any capacity, you acknowledge that you have read and understood this Policy and consent to the processing of your personal data as described herein.

This Policy should be read alongside our Terms & Conditions, which govern your use of the Platform generally. Capitalised terms used but not defined in this Policy have the meanings given to them in the Terms & Conditions.

2.Personal Data We Collect

mbiwin collects the following categories of personal data from users of the Platform:

• Identity Data: Full legal name, date of birth, gender, nationality, and copies of government-issued identification documents (e.g. MyKad, passport).
• Contact Data: Email address, Malaysian mobile phone number, and residential address.
• Financial Data: Bank account details, eWallet identifiers (Touch n Go, Boost), transaction history, deposit and withdrawal records, and, where applicable, source of funds documentation.
• Account Data: Username, encrypted password, account preferences, bonus history, and responsible gaming tool settings.
• Technical Data: IP address, device identifiers, browser type and version, operating system, time zone, and referring URL.
• Usage Data: Pages visited, features accessed, game sessions, betting history, session duration, and clickstream data.
• Communications Data: Records of live chat conversations, emails, and support interactions with mbiwin.
• KYC Verification Data: Facial image data or liveness check results where required for identity verification, and utility bills or other proof-of-address documentation.

3.How We Collect Your Data

mbiwin collects personal data through the following means:

• Direct Submission: Data you provide when registering an account, completing KYC verification, making deposits or withdrawals, contacting support, or participating in promotions.
• Automated Technologies: Cookies, web beacons, pixel tags, and similar tracking technologies that operate when you access and interact with the Platform.
• Third-Party Sources: Identity verification service providers, fraud prevention agencies, payment processors, and, where permitted by law, publicly available sources used to verify the information you provide.
• Device Data: Technical information automatically transmitted by your device or browser when you access the Platform, including IP address, device type and operating system.

4.How We Use Your Personal Data

mbiwin uses the personal data it holds for the following purposes:

• To create, manage, and administer your mbiwin account, including processing deposits, withdrawals, and bets.
• To verify your identity and age (21+) in compliance with our licensing obligations and applicable law.
• To detect, investigate, and prevent fraud, money laundering, underage gambling, and other prohibited conduct.
• To comply with legal obligations, including anti-money laundering (AML) and know-your-customer (KYC) regulations.
• To provide customer support and respond to your enquiries and complaints.
• To send you transactional communications (account notifications, deposit confirmations, withdrawal updates).
• To send you marketing communications about mbiwin promotions, where you have provided consent or where we have a legitimate interest in doing so. You may opt out at any time.
• To operate, maintain, and improve the Platform, including through analysis of usage patterns and technical performance data.
• To enforce our Terms & Conditions and protect the rights, property, and safety of mbiwin and its users.
• To operate responsible gaming tools and monitor for indicators of problem gambling behaviour, in line with our commitment to player welfare.

5.Legal Basis for Processing

mbiwin processes your personal data on the following legal bases:

• Contractual Necessity: Processing required to create and manage your account and deliver the services you have contracted for through the Terms & Conditions.
• Legal Obligation: Processing required to comply with applicable laws and regulations, including AML, KYC, and responsible gambling obligations.
• Legitimate Interests: Processing for fraud prevention, platform security, abuse detection, and general business operations, where such interests are not overridden by your rights.
• Consent: Processing for marketing communications and certain cookie uses, where your explicit consent has been obtained and can be withdrawn at any time.

6.Sharing Your Personal Data

mbiwin does not sell your personal data to third parties. We may share your data with the following categories of recipients, solely for the purposes described in this Policy:

• Payment Processors and eWallet Providers: Touch n Go, Boost, Maybank, CIMB, Public Bank, and other payment service providers, for the purpose of processing your financial transactions.
• Identity Verification Providers: Third-party KYC and AML compliance service providers who assist in verifying your identity and assessing fraud risk.
• Game Content Providers: Licensed game studios and live casino operators whose games are accessible through the mbiwin Platform, to the extent necessary for game delivery and dispute resolution.
• Technology and Infrastructure Providers: Cloud hosting, content delivery, security, and analytics service providers engaged by mbiwin under appropriate data processing agreements.
• Regulatory and Law Enforcement Authorities: Where disclosure is required by our gaming licence, applicable law, court order, or government authority request.

All third-party service providers engaged by mbiwin are contractually required to maintain the confidentiality and security of your personal data and to use it only for the purposes for which it was shared.

7.Data Retention

mbiwin retains your personal data for as long as your account remains active and for such further period as is necessary to fulfil the purposes described in this Policy or to comply with applicable legal obligations. Specifically:

• Account and transaction records are retained for a minimum of five (5) years following account closure, in compliance with AML and gaming regulatory requirements.
• KYC documentation is retained for the same five-year minimum period, and longer where required by applicable law or ongoing regulatory proceedings.
• Marketing preferences and consent records are retained for the duration of your account and for twelve (12) months following withdrawal of consent.
• Technical and usage data may be retained in aggregated and anonymised form beyond the above periods for analytical purposes.

8.Cookies & Tracking Technologies

mbiwin uses cookies and similar technologies on the Platform for the following purposes:

• Strictly Necessary Cookies: Required for the Platform to function correctly, including maintaining your logged-in session and security tokens. These cannot be disabled.
• Functional Cookies: Remember your preferences such as language settings and responsible gaming tool configurations.
• Analytics Cookies: Collect aggregated, anonymised data about how users interact with the Platform to help us improve performance and usability.
• Marketing Cookies: Used to deliver relevant promotional content within the mbiwin Platform, subject to your consent preferences.

You may manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Platform. mbiwin does not place third-party advertising tracking cookies on behalf of external advertisers.

9.Data Security

mbiwin implements industry-standard technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, and destruction. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and the Platform.
• Encrypted storage of all sensitive account and financial data at rest.
• Strict access controls and role-based permissions limiting internal access to personal data to authorised personnel on a need-to-know basis.
• Regular security assessments, penetration testing, and vulnerability management.
• Incident response procedures for prompt detection, containment, and notification of any data security breach.

While mbiwin takes all reasonable steps to protect your data, no system is entirely immune to risk. You are responsible for maintaining the security of your own account credentials and for notifying mbiwin support immediately if you suspect unauthorised access to your account.

10.Your Data Rights

Subject to applicable law, you have the following rights in relation to your personal data held by mbiwin:

• Right of Access: You may request a copy of the personal data mbiwin holds about you.
• Right to Rectification: You may request correction of inaccurate or incomplete personal data.
• Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.
• Right to Restrict Processing: You may request that mbiwin restrict the processing of your data in certain circumstances.
• Right to Object: You may object to processing based on legitimate interests, including the use of your data for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of the above rights, please contact the mbiwin Data team via the live chat on the Platform or at [email protected]. mbiwin will respond to all valid requests within thirty (30) days.

11.Children's Privacy

The mbiwin Platform is strictly for persons aged 21 years and above. 21+ mbiwin does not knowingly collect or process personal data from persons under the age of 21. If mbiwin becomes aware that personal data has been collected from an underage individual, the relevant account will be immediately closed, all data associated with that account will be deleted to the extent legally permissible, and the matter will be escalated as required by our licensing obligations.

Parents and guardians who believe their child has registered on the Platform are encouraged to contact mbiwin support immediately at [email protected].

12.Changes to This Privacy Policy

mbiwin may update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or business operations. When material changes are made, we will notify registered players by email to their registered address and/or by a prominent notice displayed on the Platform.

The date at the top of this Policy indicates when it was last revised. Your continued use of the Platform following publication of an updated Policy constitutes acceptance of the revised terms. If you do not accept a revised Policy, you must close your account and cease using the Platform.

13.Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or mbiwin's data practices, please contact us through any of the following channels:

• Live Chat: Available 24/7 on the Platform
• Email: [email protected]
• Support Hours: 24 hours a day, every day including Malaysian public holidays (MYT)

mbiwin aims to acknowledge all privacy-related enquiries within 48 hours and to resolve them within 30 days. For unresolved concerns, you may also contact the relevant data protection authority or mbiwin's international gaming authority licence regulator.