Privacy Policy – gemebet

gemebet ("we", "us", "our") is committed to protecting the privacy and personal data of all individuals who access or use the gemebet Platform at gemebet.org. This Privacy Policy describes our data processing practices in plain but legally accurate terms, consistent with our obligations under applicable international data protection standards and the personal data protection framework relevant to our operating jurisdiction.

By registering an Account or using any feature of the gemebet Platform, you consent to the collection, processing, storage, and use of your personal data as described in this Policy. If you do not agree with any part of this Policy, you should not create an Account or use the Platform.

1. Definitions

• "Personal Data" means any information that identifies or could reasonably identify a natural person, directly or indirectly.
• "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.
• "Player" / "you" means any individual who registers an Account or accesses the gemebet Platform.
• "Platform" means the gemebet website at gemebet.org and all services accessible therein.
• "Third-Party Providers" means game suppliers, payment processors, fraud detection services, and other entities with whom gemebet shares data as described in this Policy.

2. Data Controller

gemebet is the data controller in respect of Personal Data collected from Players through the Platform. For all privacy-related enquiries, Players may contact gemebet's data protection contact via the email address published in Section 15 of this Policy. gemebet will respond to substantiated privacy requests within a reasonable timeframe consistent with applicable legal obligations.

3. Categories of Personal Data We Collect

gemebet collects the following categories of Personal Data from Players, either directly or through automated means:

• Identity Data: Full legal name, date of birth, nationality, and government-issued identification document details (NRIC, passport, or equivalent).
• Contact Data: Email address, Malaysian mobile phone number, and residential address.
• Financial Data: Payment method details, bank account or e-wallet identifiers, transaction history in MYR, deposit and withdrawal records.
• Account Data: Username, hashed password, account settings, session history, login timestamps, and IP addresses used to access the Platform.
• Gaming Data: Bet history, game session records, bonus usage, wager amounts, wins, losses, and responsible gaming tool settings.
• Technical Data: Device type, operating system, browser type and version, screen resolution, and referring URL.
• Communications Data: Records of live chat conversations, email exchanges, and support tickets submitted to gemebet.
• Verification Data: Copies of identity documents and proof of address submitted during the account verification process.

4. How We Collect Personal Data

gemebet collects Personal Data through the following channels:

• Direct submission: Information you provide when registering an Account, completing identity verification, making deposits or withdrawals, contacting support, or participating in promotions.
• Automated collection: Technical and gaming data collected automatically when you access the Platform, including via cookies, server logs, and session tracking technologies.
• Third-party sources: Identity verification data received from licensed Know Your Customer (KYC) service providers, and fraud risk signals from payment processing partners.

5. Purpose and Legal Basis for Processing

gemebet processes Personal Data for the following purposes, each supported by an identified legal basis:

• Account Registration and Service Delivery — Processing is necessary for the performance of the contract between gemebet and the Player (i.e., providing access to Gaming Services).
• Identity Verification and KYC Compliance — Processing is necessary to comply with legal obligations under our gaming authority licence, including anti-money laundering (AML) and know your customer (KYC) requirements.
• Payment Processing — Processing is necessary for the performance of the contract and to comply with financial regulatory obligations.
• Fraud Prevention and Security — Processing is necessary for the legitimate interests of gemebet in protecting the integrity of the Platform and the security of all Players.
• Responsible Gaming Compliance — Processing is necessary to comply with gaming authority requirements relating to player protection, including age verification, self-exclusion monitoring, and problem gambling identification.
• Marketing Communications — Processing is based on your consent, which may be withdrawn at any time by contacting gemebet support or updating your Account communication preferences.
• Platform Improvement and Analytics — Processing is based on legitimate interests in understanding how the Platform is used and improving service quality. No gaming decisions are made solely on the basis of automated profiling.
• Legal Proceedings and Regulatory Obligations — Processing may be necessary to comply with a legal obligation or to establish, exercise, or defend legal claims.

6. Sharing of Personal Data

gemebet does not sell, rent, or trade your Personal Data to third parties for their own marketing purposes. We share Personal Data only in the following circumstances and only to the extent necessary:

• Game Providers: Certified gaming software and live casino providers receive session data necessary to deliver the game experience. These providers operate under independent regulatory licences and are contractually bound to data protection standards consistent with this Policy.
• Payment Processors: Payment service providers (including Touch 'n Go, DuitNow, Maybank, CIMB, and others) receive transaction data necessary to process deposits and withdrawals. These providers maintain their own privacy and security frameworks.
• KYC and Fraud Detection Services: Licensed identity verification and anti-fraud service providers may receive identity and financial data to perform verification checks required under gemebet's gaming licence.
• Regulatory and Legal Authorities: gemebet may disclose Personal Data to regulators, law enforcement agencies, or courts where required by law, court order, or regulatory direction. Players will be notified of such disclosure where legally permissible.
• Corporate Transactions: In the event of a merger, acquisition, or sale of all or substantially all of gemebet's assets, Personal Data held by gemebet may be transferred to the acquiring entity, subject to the same data protection obligations as this Policy.

7. International Data Transfers

As a platform serving Malaysian players, gemebet's primary data processing infrastructure is operated within its licensed jurisdiction. Where Personal Data is transferred to third-party service providers operating in other jurisdictions — including game providers or KYC services with international infrastructure — gemebet ensures that appropriate safeguards are in place, including contractual data protection clauses consistent with applicable data protection standards. By using the Platform, you acknowledge that your data may be processed in jurisdictions outside Malaysia.

8. Data Retention

gemebet retains Personal Data for as long as is necessary for the purposes for which it was collected, or as required by applicable legal and regulatory obligations:

• Account and Gaming Data is retained for a minimum of five (5) years following the closure of a Player's Account, consistent with gaming authority record-keeping requirements.
• Financial and Transaction Data is retained for a minimum of seven (7) years to comply with anti-money laundering legislation and financial audit obligations.
• Identity and Verification Documents are retained for the duration of the account relationship and for five (5) years thereafter.
• Communications Data (support tickets, live chat logs) is retained for three (3) years from the date of the communication.

When Personal Data is no longer required, gemebet will securely delete or anonymise it in accordance with industry-standard data destruction practices.

9. Cookies and Tracking Technologies

The gemebet Platform uses cookies and similar tracking technologies to support Platform functionality, maintain your session state, and collect analytics data. The categories of cookies used include:

• Strictly Necessary Cookies: Required for the Platform to function, including session authentication and security tokens. These cannot be disabled without impairing Platform functionality.
• Functional Cookies: Store your preferences such as language settings, responsible gaming tool configurations, and display preferences.
• Analytics Cookies: Collect aggregate, anonymised data about how Players navigate the Platform. This data is used to improve usability and content — it does not identify individual players.

gemebet does not use advertising or third-party retargeting cookies. You may manage cookie settings through your browser; however, disabling strictly necessary cookies will prevent you from accessing your Account.

10. Your Data Rights

Subject to applicable law, Players have the following rights in respect of their Personal Data held by gemebet:

• Right of Access: You may request a copy of the Personal Data gemebet holds about you.
• Right to Rectification: You may request correction of inaccurate or incomplete Personal Data.
• Right to Erasure: You may request deletion of your Personal Data where retention is no longer necessary, subject to gemebet's legal retention obligations.
• Right to Restriction: You may request that gemebet restrict processing of your data in certain circumstances, such as while a dispute about accuracy is being resolved.
• Right to Data Portability: Where processing is based on consent or contract, you may request your data in a structured, commonly used, machine-readable format.
• Right to Withdraw Consent: Where processing is based on consent (e.g., marketing communications), you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
• Right to Object: You may object to processing based on legitimate interests, including direct marketing.

To exercise any of these rights, contact gemebet's support team. gemebet will respond to substantiated requests within thirty (30) days. Requests that are manifestly unfounded or excessive may be refused or subject to an administrative fee consistent with applicable law.

11. Security Measures

gemebet implements appropriate technical and organisational security measures to protect your Personal Data against unauthorised access, disclosure, alteration, or destruction. These measures include Transport Layer Security (TLS) encryption for all data in transit, hashed storage of Account passwords using industry-standard algorithms, two-factor authentication (2FA) available to all Players, access controls limiting data access to authorised personnel, and regular security assessments of Platform infrastructure.

No system is completely immune to security threats. In the event of a data breach that is likely to result in a risk to Player rights, gemebet will notify affected Players in accordance with applicable notification obligations.

12. Children and Minors

The gemebet Platform is strictly prohibited for use by individuals under the age of 21. gemebet does not knowingly collect Personal Data from individuals under 21. If gemebet becomes aware that Personal Data has been collected from an individual below the minimum age, that data will be deleted and the associated Account closed immediately. If you believe a minor has registered on the Platform, please contact gemebet support immediately.

13. Third-Party Links

The gemebet Platform does not contain links to third-party websites. Where game providers' interfaces are embedded within the Platform, those interfaces are governed by the respective provider's own terms and privacy practices. gemebet is not responsible for the privacy practices of third-party game providers, and Players are encouraged to review the privacy documentation of any third-party software they interact with through the Platform.

14. Amendments to This Policy

gemebet reserves the right to amend this Privacy Policy at any time. Material amendments will be communicated to registered Players via Account notification or email at least seven (7) days before the effective date. The most current version of this Policy is always published at gemebet.org/privacy-policy with the effective date clearly displayed. Continued use of the Platform following the effective date of any amendment constitutes acceptance of the revised Policy.

15. Contact Us

For all privacy-related enquiries, data subject requests, or concerns about how gemebet processes your Personal Data, please contact our support team:

• Email: [email protected]
• Live Chat: Available daily via the Platform, 9AM – 1AM MYT
• Response Time: gemebet will acknowledge data subject requests within five (5) business days and provide a full response within thirty (30) days

gemebet takes all privacy concerns seriously. If you are not satisfied with gemebet's response to a privacy complaint, you may be entitled to escalate the matter to the relevant gaming authority or data protection supervisory body in your jurisdiction.