Privacy Policy

1. About This Policy

This Privacy Policy ("Policy") applies to all personal data processed by gembets ("the Company", "we", "us", "our") in connection with the operation of the online gambling platform accessible at https://gembets.net (the "Platform"), including the sportsbook, live casino, slots, lucky bingo, and all associated services.

By registering an account or accessing the gembets Platform, you acknowledge that you have read and understood this Policy and consent to the collection, use, and processing of your personal data as described herein. If you do not agree with this Policy, you should not access or use the Platform.

This Policy should be read alongside the gembets Terms & Conditions and Responsible Gaming Policy, which together form the complete framework governing your use of the Platform.

2. Data Controller

For the purposes of applicable data protection legislation, gembets is the data controller responsible for personal data processed through the Platform. As data controller, gembets determines the purposes and means of processing your personal data and is accountable for ensuring that processing is carried out in compliance with applicable data protection laws and international standards.

Contact details for data protection enquiries are set out in Section 14 (Contact Us) of this Policy.

3. Personal Data We Collect

3.1 Registration & Identity Data

When you create a gembets account, we collect information necessary to establish and verify your identity, including:

• Full legal name as appearing on your government-issued identification
• Date of birth (for age verification purposes)
• Email address and mobile phone number
• Residential address
• Username and hashed account password
• Copies of identity documents submitted during KYC verification (e.g., MyKad, passport)

3.2 Financial Data

To facilitate deposits, withdrawals, and bonus management, gembets collects:

• Payment method identifiers (e.g., masked bank account numbers, eWallet account references)
• Transaction history, including deposit and withdrawal amounts, dates, and payment methods
• Source of funds documentation where required for KYC or AML purposes

3.3 Gameplay & Betting Data

• Betting history, wagering records, game rounds played, and settlement outcomes
• Bonus eligibility, wagering contribution records, and promotional participation history
• Responsible gaming tool settings (deposit limits, session limits, self-exclusion status)

3.4 Technical & Usage Data

• IP address and approximate geolocation at the time of login
• Device type, operating system, browser version, and screen resolution
• Session timestamps, pages viewed, and navigation patterns within the Platform
• Cookie identifiers and similar tracking technology data (see Section 7)

3.5 Communications Data

• Records of live chat conversations, email correspondence, and support tickets
• Marketing communication preferences and opt-in/opt-out records

4. How We Collect Your Data

gembets collects personal data through the following means:

• Directly from you — when you register an account, complete KYC verification, make deposits or withdrawals, contact support, or update your account profile.
• Automatically — through cookies, server logs, and similar technologies when you access or interact with the Platform (see Section 7).
• From third parties — from payment processors and eWallet providers during transaction processing; from identity verification service providers during KYC; and from fraud prevention or regulatory databases where required by law.

5. Purposes & Legal Bases for Processing

gembets processes your personal data for the following purposes, each supported by a corresponding legal basis:

• Account management and service delivery — to create and administer your gembets account, process bets, settle winnings, and manage your balance. Legal basis: performance of a contract.
• Identity verification and age compliance — to verify that you are at least 21 years of age and to fulfil KYC obligations. Legal basis: legal obligation; legitimate interest.
• Payment processing — to facilitate deposits via Touch n Go eWallet, Boost, Maybank, CIMB, Public Bank, GrabPay, and USDT TRC20, and to process withdrawal requests. Legal basis: performance of a contract.
• Fraud prevention and security — to detect and prevent fraudulent transactions, unauthorised account access, bonus abuse, and money laundering. Legal basis: legitimate interest; legal obligation.
• Regulatory compliance — to meet obligations under applicable gaming authority licensing frameworks, anti-money laundering requirements, and other applicable laws. Legal basis: legal obligation.
• Responsible gaming — to monitor gambling behaviour, apply player-requested limits, and identify at-risk players. Legal basis: legitimate interest; legal obligation.
• Customer support — to respond to your enquiries, resolve disputes, and maintain support records. Legal basis: performance of a contract; legitimate interest.
• Marketing communications — to send promotional offers, bonus notifications, and updates where you have opted in to receive them. Legal basis: consent. You may withdraw consent at any time.
• Platform improvement — to analyse usage patterns, identify technical issues, and improve the user experience on gembets. Legal basis: legitimate interest.

6. Disclosure of Personal Data

gembets does not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your personal data with the following categories of recipient, strictly for the purposes described in Section 5:

• Payment service providers — to process deposits and withdrawals (e.g., Touch n Go, Boost, Maybank, CIMB, Public Bank, GrabPay, and USDT TRC20 network processors).
• Game content providers — licensed third-party studios whose games are available on the gembets Platform may receive anonymised or pseudonymised session data for game integrity and RNG audit purposes.
• Identity verification providers — third-party KYC service providers who process identity documents on gembets's behalf under strict data processing agreements.
• Fraud prevention and AML services — screening against regulatory watchlists and fraud databases where required.
• Regulatory and law enforcement authorities — where gembets is legally required to disclose data in response to a lawful request, court order, or regulatory investigation.
• IT and platform infrastructure providers — cloud hosting, database, and security service providers acting as data processors under contractual obligations to handle data only on gembets's instructions.

All third-party service providers engaged by gembets are required to implement appropriate technical and organisational safeguards to protect your personal data and are contractually prohibited from using it for any purpose beyond the specified service.

7. Cookies & Tracking Technologies

gembets uses cookies and similar tracking technologies (including web beacons and local storage) to operate and improve the Platform. Cookies are small text files placed on your device when you visit the gembets website.

7.1 Types of Cookies Used

• Strictly necessary cookies — required for the Platform to function, including session authentication, security tokens, and login state management. These cannot be disabled.
• Functional cookies — remember your preferences (e.g., language settings, odds display format) to personalise your experience on gembets.
• Analytics cookies — collect anonymised information about how visitors use the Platform, including pages visited and session duration, to help improve site performance.
• Security cookies — assist in fraud detection and prevention by identifying anomalous browsing patterns or login behaviour.

You may manage your cookie preferences through your browser settings. Disabling non-essential cookies will not prevent you from using core gembets Platform features, but may affect certain personalisation or analytics functions.

8. Data Retention

gembets retains personal data for as long as is necessary to fulfil the purposes for which it was collected, subject to any longer retention period required by applicable law or regulation. The following general retention periods apply:

• Account and identity data — retained for the duration of the account relationship and for a minimum of five (5) years following account closure, in accordance with standard anti-money laundering record-keeping requirements.
• Transaction and financial records — retained for a minimum of five (5) years from the date of each transaction.
• Gameplay and betting records — retained for a minimum of three (3) years from the date of each session.
• Support and communications records — retained for three (3) years from the date of the last communication.
• Marketing preferences — retained until you withdraw consent or close your account, whichever is earlier.

Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised.

9. Data Security

gembets implements a layered security architecture to protect your personal data against unauthorised access, disclosure, alteration, or destruction. Security measures in place include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and the gembets Platform
• Encryption of sensitive data at rest within gembets databases
• Password hashing using industry-standard cryptographic algorithms (passwords are never stored in recoverable plain text)
• Two-factor authentication (2FA) available for all player accounts
• Role-based access controls limiting internal access to personal data on a strict need-to-know basis
• Regular security audits, vulnerability assessments, and penetration testing
• Login anomaly detection triggering automated alerts for suspicious account access

10. International Data Transfers

gembets operates globally and may transfer your personal data to service providers or infrastructure located outside of Malaysia. Where such transfers occur, gembets ensures that appropriate safeguards are in place, which may include:

• Data processing agreements incorporating standard contractual clauses
• Transfers to jurisdictions that have been recognised as providing adequate levels of data protection
• Technical and organisational security measures appropriate to the risk profile of the data being transferred

By using the gembets Platform, you acknowledge that your personal data may be transferred to and processed in jurisdictions outside Malaysia. gembets will at all times seek to ensure that such transfers are conducted in compliance with applicable data protection requirements.

11. Your Rights & Choices

Subject to applicable law, you have the following rights in respect of your personal data held by gembets:

• Right of access — you may request a copy of the personal data gembets holds about you.
• Right to rectification — you may request correction of inaccurate or incomplete personal data.
• Right to erasure — you may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to gembets's legal retention obligations.
• Right to restrict processing — you may request that gembets restrict processing of your data in certain circumstances (e.g., while a rectification request is pending).
• Right to data portability — you may request that gembets provide your personal data in a structured, machine-readable format where technically feasible.
• Right to withdraw consent — where processing is based on your consent (e.g., marketing communications), you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to object — you may object to processing carried out on the basis of legitimate interest where your individual circumstances justify such an objection.

To exercise any of these rights, please contact gembets using the details provided in Section 14. gembets will respond to all data subject requests within a reasonable timeframe and in any event no later than thirty (30) days from receipt of a valid request. Identity verification may be required before a request is actioned.

12. Children's Privacy

The gembets Platform is strictly intended for users aged 21 years or older. gembets does not knowingly collect personal data from individuals under the age of 21. If gembets becomes aware that personal data has been collected from an underage individual, the relevant account will be closed immediately, any associated balances returned via the original payment method, and the personal data securely deleted.

If you are a parent or guardian and believe that your child has registered an account on the gembets Platform, please contact us immediately using the details in Section 14.

13. Changes to This Policy

gembets reserves the right to update or amend this Privacy Policy at any time. Where changes are material, gembets will notify registered players via the Platform or by email to the registered account address prior to the changes taking effect. The effective date displayed at the top of this document reflects when the current version came into force.

Your continued use of the gembets Platform following notification of any changes constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically to stay informed about how gembets protects your personal data.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise any of your data subject rights, or have a concern about how gembets processes your personal data, please contact us using the following details:

gembets aims to resolve all data protection enquiries within thirty (30) days of receipt. Where a query cannot be resolved within this timeframe, gembets will notify you of the expected resolution date.