Privacy Policy — gembets

Introduction

1.1 gembets ("we", "us", "our") is the operator of the online gaming and sports betting platform available at gembets.org. We are committed to protecting the personal data of all individuals who interact with the gembets platform, including registered members, prospective members, and visitors.

1.2 This Privacy Policy governs the collection, use, storage, disclosure, and protection of personal data in connection with your use of the gembets website, mobile browser interface, and all associated services (collectively, the "Platform").

1.3 This Policy should be read in conjunction with the gembets Terms & Conditions, which are available at gembets.org/terms-conditions and are incorporated herein by reference.

1.4 gembets processes personal data in accordance with its obligations under the international gaming authority licence under which it operates, and in accordance with applicable data protection principles including purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality.

Personal Data We Collect

2.1 gembets collects personal data from you in the following categories:

2.1 Identity & Contact Data

• Full legal name and date of birth;
• National Registration Identity Card (NRIC) number or passport number (for KYC verification);
• Residential address, city, and postcode (including Malaysian states and territories);
• Email address and mobile telephone number.

2.2 Account & Transaction Data

• gembets username, encrypted password hash, and account preferences;
• Deposit and withdrawal history, including payment method identifiers (e.g., Touch n Go eWallet reference, bank account last four digits);
• Betting and gaming history, including game type, stake amount, result, and timestamp;
• Bonus and promotional activity linked to your account.

2.3 Technical & Usage Data

• IP address, device type, operating system, and browser type;
• Session start and end times, pages visited, and in-Platform navigation patterns;
• Geolocation data at the country and state level (e.g., Kuala Lumpur, Penang, Johor Bahru, Sabah);
• Error logs and technical diagnostic data generated during your use of the Platform.

2.4 Communications Data

• Content of support chat transcripts, email correspondence, and complaint submissions;
• Records of marketing preference settings and communication opt-in/opt-out history.

How We Use Your Personal Data

3.1 gembets uses your personal data for the following purposes:

3.2 gembets will not use your personal data for any purpose materially different from those listed above without providing you with prior notice and, where required, obtaining your consent.

Legal Basis for Processing

4.1 gembets processes your personal data on the following legal bases:

• Contractual necessity — processing required to perform our contract with you as a registered gembets member, including account management, payment processing, and delivery of gaming services;
• Legal obligation — processing required to comply with obligations under our international gaming authority licence, including KYC, AML, and regulatory reporting requirements;
• Legitimate interests — processing for fraud prevention, platform security, responsible gaming monitoring, and service improvement, where these interests are not overridden by your data protection rights;
• Consent — processing for direct marketing communications, where you have provided explicit opt-in consent. You may withdraw this consent at any time via your gembets Account Settings.

Data Sharing & Disclosure

5.1 gembets does not sell your personal data to third parties. We share personal data only in the following circumstances:

• Licensed payment processors — Touch n Go eWallet, Boost, GrabPay, Malaysian banks, and other payment service providers, for the purpose of processing transactions you initiate;
• Game content providers — licensed RNG and live casino game suppliers who may process bet and result data to deliver game outcomes;
• Identity verification providers — licensed KYC and AML service providers engaged to verify identity documents submitted by members;
• Regulatory authorities — our international gaming authority licensor and any competent law enforcement or regulatory authority where disclosure is required by law or licence condition;
• Technology service providers — cloud infrastructure, cybersecurity, and analytics vendors engaged under strict data processing agreements that prohibit use of data for any purpose other than service delivery to gembets.

5.2 All third-party recipients of gembets member data are contractually bound to process that data only for the specified purpose and to maintain equivalent data protection standards.

Cookies & Tracking Technologies

6.1 gembets uses cookies and similar tracking technologies on the Platform for the following purposes:

• Essential cookies — required for login session management, security token maintenance, and basic Platform functionality. These cannot be disabled without impairing Platform use;
• Analytics cookies — used to understand aggregate usage patterns, page performance, and navigation flows to improve the Platform. Data is anonymised and aggregated;
• Preference cookies — used to remember your language, display, and gameplay preferences across sessions.

6.2 gembets does not use third-party advertising cookies or share cookie data with advertising networks. You may manage cookie preferences through your browser settings, noting that disabling essential cookies will affect Platform functionality.

Data Retention

7.1 gembets retains your personal data for as long as your account remains active and for a minimum period of five (5) years following account closure, in accordance with the record-keeping requirements of our international gaming authority licence and applicable anti-money laundering obligations.

7.2 Transaction records are retained for a minimum of seven (7) years to comply with financial regulatory requirements. Communications data (support transcripts, complaint records) is retained for three (3) years from the date of the relevant interaction.

7.3 Following expiry of the applicable retention period, gembets will securely delete or anonymise your personal data in accordance with its data destruction procedures.

Your Data Rights

8.1 Subject to applicable law and the terms of our gaming licence, you have the following rights with respect to your personal data held by gembets:

• Right of access — you may request a copy of the personal data gembets holds about you;
• Right to rectification — you may request correction of inaccurate personal data;
• Right to erasure — you may request deletion of your personal data, subject to our legal and regulatory retention obligations;
• Right to restriction — you may request that we restrict processing of your personal data in certain circumstances;
• Right to data portability — you may request a machine-readable copy of personal data you have provided to gembets;
• Right to object — you may object to processing based on legitimate interests, including profiling for responsible gaming purposes;
• Right to withdraw consent — where processing is based on consent (e.g., marketing communications), you may withdraw consent at any time without affecting the lawfulness of prior processing.

8.2 To exercise any of the above rights, please contact gembets's data protection team at [email protected]. We will respond to all valid requests within 30 calendar days.

Data Security

9.1 gembets implements industry-standard technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

• 256-bit TLS encryption for all data in transit between your device and gembets servers;
• AES-256 encryption for sensitive data at rest, including identity documents and payment references;
• Role-based access controls restricting staff access to personal data on a need-to-know basis;
• Multi-factor authentication required for all gembets staff accessing production systems;
• Annual third-party penetration testing and continuous automated vulnerability scanning;
• Incident response procedures with mandatory breach notification within 72 hours of discovery.

9.2 Notwithstanding the above, no internet transmission or electronic storage system is completely secure. gembets cannot guarantee the absolute security of your data and you transmit data to the Platform at your own risk. You are responsible for keeping your gembets login credentials confidential.

Children's Privacy

10.1 The gembets Platform is strictly intended for individuals aged 21 and above. gembets does not knowingly collect personal data from any person under the age of 21. If we become aware that personal data has been collected from a person under 21 without valid age verification, we will delete that data and close the associated account immediately.

10.2 If you are a parent or guardian and believe that your minor child has provided personal data to gembets, please contact us immediately at [email protected] and we will take prompt action.

Cross-Border Data Transfers

11.1 gembets may transfer your personal data to service providers and infrastructure partners located outside Malaysia, including within the Asia-Pacific region and other jurisdictions where our technology service providers operate. All such transfers are governed by contractual data processing agreements that require the recipient to maintain data protection standards equivalent to those described in this Policy.

11.2 gembets does not transfer personal data to jurisdictions that do not provide adequate data protection safeguards without implementing appropriate transfer mechanisms.

Policy Amendments

12.1 gembets reserves the right to update this Privacy Policy at any time. The current version will always be published at gembets.org/privacy-policy with the effective date clearly indicated at the top of the document.

12.2 Where we make a material change to this Policy, we will notify active gembets members by email and via an on-Platform notification at least seven (7) days before the change takes effect. Continued use of the Platform following the effective date of any amended Policy constitutes acceptance of the revised terms.

Contact & Complaints

13.1 If you have any questions, concerns, or complaints regarding this Privacy Policy or the way gembets handles your personal data, please contact our Data Protection team:

13.2 If you are not satisfied with gembets's response to your privacy complaint, you may escalate the matter to the relevant data protection authority or the dispute resolution body designated by our international gaming authority licensor.