win28 Privacy Policy

1. Who We Are

win28 operates the online gaming platform accessible at win28.co, offering sports betting, live casino, slot games, Toto 4D, and Lottery 4D to eligible players. In this Privacy Policy, references to "win28", "we", "us", or "our" refer to the win28 platform and its operating entity. References to "you" or "your" refer to any individual who accesses, registers for, or uses the win28 Platform.

win28 acts as the data controller in respect of personal data collected through the Platform. We are committed to handling your personal data responsibly, in accordance with applicable data protection laws and our obligations under the gaming authority framework under which we operate.

2. Data We Collect

win28 collects personal data from you in the following categories:

Registration and Identity Data

• Full legal name, date of birth, and gender.
• Malaysian identity card number (MyKad) or passport number for age and identity verification purposes.
• Residential address, city, state, and postcode.
• Email address and Malaysian mobile phone number.
• Username and encrypted password credentials.

Financial and Transaction Data

• Payment method details including Touch n Go eWallet account reference, Boost account reference, FPX bank selection, and other eWallet or banking identifiers used for deposits and withdrawals. win28 does not store full card numbers or banking login credentials.
• Deposit history, withdrawal history, and wallet transaction records in MYR.
• Bet history, game participation records, and gaming session data.

Technical and Usage Data

• IP address, device type, operating system, and browser type.
• Pages visited on win28.co, time spent, click paths, and feature interactions.
• Login timestamps, session duration, and geographic location derived from IP address.
• Cookies and similar tracking technology data as described in Section 6.

Communications Data

• Records of customer support interactions including live chat transcripts and support ticket history.
• Feedback, complaints, and dispute correspondence submitted to win28.
• Responses to promotions, surveys, or voluntary player communications.

3. How We Use Your Data

win28 uses your personal data for the following purposes:

• Account creation and management: To register your win28 account, verify your identity and age (21+ requirement), and manage your ongoing account relationship with us.
• Payment processing: To facilitate deposits to and withdrawals from your win28 Wallet via Touch n Go eWallet, Boost, FPX, and other supported Malaysian payment methods.
• Service delivery: To provide access to the sportsbook, live casino, slots, and 4D lottery products, and to personalise your experience based on your usage patterns and preferences.
• Security and fraud prevention: To detect and investigate suspicious activity, unauthorised account access, money laundering, or other fraudulent or prohibited conduct.
• Legal and regulatory compliance: To fulfil our obligations under applicable gaming authority requirements, anti-money laundering regulations, and data protection laws, including the retention of records as required by law.
• Responsible gaming: To monitor player activity for signs of problem gambling, apply deposit limits or self-exclusion measures, and comply with responsible gaming obligations.
• Customer support: To respond to queries, resolve disputes, and improve the quality of the win28 support service.
• Marketing communications: To send you promotional offers, bonus notifications, and platform updates where you have consented to receive such communications. You may opt out at any time via your account settings.
• Platform improvement: To analyse aggregate usage data and improve the functionality, content, and performance of the win28 Platform.

4. Legal Basis for Processing

win28 processes your personal data on the following legal bases:

• Contractual necessity: Processing required to register your account, process transactions, and deliver the services you have requested from win28.
• Legal obligation: Processing necessary to comply with anti-money laundering laws, gaming regulatory requirements, and data retention obligations under applicable Malaysian and international law.
• Legitimate interests: Processing carried out for fraud prevention, platform security, responsible gaming monitoring, and service improvement, where such interests are not overridden by your data protection rights.
• Consent: Processing of data for direct marketing communications and non-essential cookies, where you have given your explicit consent. You may withdraw consent at any time.

5. Data Sharing and Disclosure

win28 does not sell your personal data to third parties. We may share your personal data with the following categories of recipients, strictly for the purposes described in this policy:

• Payment service providers: Touch n Go eWallet, Boost, GrabPay, DuitNow, FPX, Maybank2u, CIMB Clicks, Public Bank, and Hong Leong Connect — solely to process your deposits and withdrawals.
• Identity verification providers: Third-party KYC (Know Your Customer) services used to verify your identity and age as required by gaming authority regulations.
• Game software providers: Licensed game studios and RNG certification bodies that supply and audit the games available on the win28 Platform. These providers may receive limited anonymised session data for game performance and audit purposes.
• Regulatory and law enforcement authorities: Where win28 is legally required to disclose data to gaming regulatory bodies, tax authorities, anti-money laundering bodies, or law enforcement agencies in response to lawful requests.
• IT and cloud infrastructure providers: Hosting and technology service providers who process data on win28's behalf under contractual data processing agreements and are subject to equivalent data protection obligations.

Any third party receiving personal data from win28 is contractually required to handle it in accordance with applicable data protection standards. win28 does not transfer personal data to jurisdictions that do not provide an adequate level of data protection without implementing appropriate safeguards.

6. Cookies and Tracking Technologies

win28 uses cookies and similar technologies on the Platform. Cookies are small text files stored on your device that help us deliver a functional and personalised experience.

win28 uses the following categories of cookies:

• Strictly necessary cookies: Essential for the Platform to function. These include session authentication cookies, login tokens, and security cookies. These cannot be disabled.
• Functional cookies: Remember your preferences such as language, display settings, and recently played games to improve your experience on return visits.
• Analytics cookies: Collect aggregated, anonymised data about how players use the Platform — pages visited, features used, and session patterns — to help win28 improve performance and content. win28 uses first-party analytics only.
• Marketing cookies: Used to deliver relevant promotional content and measure the effectiveness of win28 campaigns, where you have consented to receive such communications.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the win28 Platform.

7. Data Retention

win28 retains your personal data for as long as your account remains active and for a period thereafter as required by our legal and regulatory obligations. Specifically:

• Account registration and identity data is retained for a minimum of 5 years following account closure, in compliance with anti-money laundering regulatory requirements.
• Financial transaction records, including bet history and payment records, are retained for a minimum of 5 years from the date of the transaction.
• Customer support communications are retained for 3 years from the date of the interaction.
• Technical and usage data is retained for 13 months from collection for analytics purposes.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in accordance with win28's data destruction procedures.

8. Data Security

win28 takes the security of your personal data seriously. We implement and maintain a range of technical and organisational security measures, including:

• TLS 1.3 with 256-bit AES encryption for all data transmitted between your device and the win28 Platform — the same standard used by Malaysian banks for online banking.
• Salted cryptographic hashing of all account passwords. win28 never stores passwords in plain text and cannot retrieve your password — only reset it.
• Access controls limiting win28 staff access to personal data on a strict need-to-know basis, with all access logged and auditable.
• Regular security assessments and penetration testing by independent third parties.
• Anomaly detection and rate-limiting on login attempts to prevent brute-force attacks on player accounts.

Despite these measures, no system is entirely immune to security incidents. In the event of a data breach that is likely to result in a risk to your rights, win28 will notify affected players and relevant regulatory authorities as required by applicable law.

9. Your Rights

Subject to applicable data protection laws, you have the following rights in respect of your personal data held by win28:

• Right of access: To request a copy of the personal data win28 holds about you.
• Right to rectification: To request correction of inaccurate or incomplete personal data.
• Right to erasure: To request deletion of your personal data, subject to win28's legal retention obligations.
• Right to restriction: To request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability: To receive your personal data in a structured, commonly used, machine-readable format where processing is based on consent or contract.
• Right to object: To object to the processing of your personal data for direct marketing purposes at any time, and to processing based on legitimate interests in certain circumstances.
• Right to withdraw consent: Where processing is based on your consent, to withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact win28 customer support via the in-platform live chat or by email at: [email protected]. win28 will respond to all verified requests within 30 days. We may require identity verification before processing your request.

10. Children's Privacy

The win28 Platform is strictly intended for adults aged 21 years and above. win28 does not knowingly collect personal data from persons under the age of 21. If win28 becomes aware that personal data has been collected from an individual under 21, the relevant account will be immediately suspended, the data deleted, and any funds in the account returned subject to verification.

If you believe that a person under the age of 21 has registered for a win28 account, please contact our support team immediately at: [email protected].

11. Changes to This Privacy Policy

win28 may update this Privacy Policy from time to time to reflect changes in our data practices, legal obligations, or the services we offer. Where changes are material, win28 will notify registered players via in-platform notification or email at least 14 days before the changes take effect. Continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated policy.

The date of the most recent revision is displayed at the top of this page. We encourage you to review this policy periodically to stay informed about how win28 handles your personal data.

12. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data held by win28, please contact us through the following channels:

• Live chat: Available 24/7 via the win28 Platform at win28.co — the fastest way to reach our support team.
• Email: [email protected] (displayed as plain text — not a clickable link).

For account-specific data requests, please have your registered username and mobile number available to assist with identity verification. win28 is committed to responding to all privacy-related enquiries promptly and thoroughly.