spin999 Privacy Policy

1. Data Controller

For the purposes of this Privacy Policy, spin999 (operating at spin999.win) acts as the data controller in respect of all personal data collected from users of the spin999 platform. spin999 is responsible for determining the purposes and means by which your personal data is processed.

If you have any questions or concerns regarding the handling of your personal data, you may contact our dedicated data protection contact point at the details provided in Section 14 of this Policy.

2. Data We Collect

spin999 collects personal data from you directly and automatically through your use of the Platform. The categories of personal data we collect include:

2.1 Data Provided Directly by You

• Identity data: Full legal name, date of birth, nationality, and government-issued identification number (e.g., MyKad number or passport number).
• Contact data: Email address, mobile phone number, and residential or correspondence address (including city, postcode, and state within Malaysia, such as Kuala Lumpur, Selangor, Penang, or Johor).
• Account credentials: Username and encrypted password (passwords are never stored in plaintext).
• KYC verification documents: Copies of identity documents, proof of address documents, and, where applicable, source of funds documentation submitted to satisfy our Know Your Customer obligations.
• Financial data: Payment method details, transaction history, deposit and withdrawal records, and e-wallet identifiers (e.g., Touch n Go eWallet or Boost account references). Full payment card numbers are not stored by spin999; card tokenisation is handled by PCI-DSS compliant payment processors.
• Communications data: Content of correspondence you initiate with spin999 support via live chat, email, or other channels.
• Responsible gaming data: Self-imposed limits, self-exclusion requests, and any disclosures you make to our responsible gaming team.

2.2 Data Collected Automatically

• Technical data: IP address, browser type and version, operating system, device type and identifier, screen resolution, and time zone.
• Usage data: Pages visited, features accessed, game sessions initiated, bets placed, session duration, click patterns, and navigation paths within the spin999 platform.
• Geolocation data: Country and region of access as inferred from IP address, for the purpose of regulatory jurisdiction verification.
• Cookie data: Data collected through cookies and similar tracking technologies as described in Section 8.

3. How We Use Your Data

spin999 uses your personal data for the following purposes:

• Account management: To create, maintain, verify, and administer your spin999 account, including processing your spin999 login sessions and managing your MYR wallet.
• Identity verification (KYC): To verify your identity, age (21+ requirement), and address in accordance with our licensing obligations and anti-money-laundering (AML) compliance requirements.
• Transaction processing: To process deposits, withdrawals, and bonus credits in MYR via your selected payment methods, including Touch n Go eWallet, Boost, Maybank FPX, and CIMB Bank.
• Platform personalisation: To personalise your experience on the spin999 platform, including game recommendations, language preferences, and promotional offers relevant to your activity and preferences.
• Customer support: To respond to your queries, complaints, and support requests through our 24/7 live chat and email support channels.
• Responsible gaming compliance: To monitor your gaming activity for indicators of problem gambling behaviour and to administer any self-imposed limits or self-exclusion requests you have placed on your account.
• Fraud prevention and security: To detect, investigate, and prevent fraudulent activity, money laundering, unauthorised account access, and other forms of abuse of the spin999 platform.
• Regulatory compliance: To comply with our obligations under applicable international gaming authority licensing frameworks, including record-keeping, suspicious activity reporting, and regulatory audits.
• Marketing communications: Where you have provided your consent, to send you promotional offers, bonus notifications, and updates about spin999 products and services. You may withdraw consent at any time as described in Section 10.
• Platform improvement: To analyse aggregated usage data to improve the functionality, performance, and user experience of the spin999 platform.

4. Legal Basis for Processing

spin999 processes your personal data on the following legal bases:

• Contractual necessity: Processing is necessary to perform the contract between you and spin999, including account creation, transaction processing, and platform access.
• Legal obligation: Processing is required to comply with spin999's obligations under applicable law and our international gaming authority licensing framework, including KYC, AML, and responsible gaming obligations.
• Legitimate interests: Processing is in spin999's legitimate interests, including fraud detection, platform security, and product improvement, provided such interests are not overridden by your rights and interests.
• Consent: Processing is based on your freely given, specific, informed, and unambiguous consent, particularly in relation to direct marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. Sharing Your Data

spin999 does not sell, rent, or otherwise commercially transfer your personal data to third parties. We may, however, share your data with the following categories of recipients in the circumstances described:

• Payment service providers: Financial data is shared with our approved payment processing partners (including e-wallet operators and bank FPX gateways) solely for the purpose of processing your transactions. All payment partners are required to process your data in accordance with applicable data protection and financial regulation standards.
• Game software providers: Technical identifiers and gameplay data may be shared with licensed game providers to enable game session functionality, RNG auditing, and dispute resolution.
• KYC and fraud prevention services: Identity and document data may be shared with licensed third-party identity verification and AML screening services as part of our regulatory KYC obligations.
• Regulatory and law enforcement authorities: spin999 may be required to disclose personal data to applicable gaming regulatory authorities, financial intelligence units, or law enforcement agencies in response to lawful requests, court orders, or regulatory obligations. spin999 will not voluntarily disclose your data to authorities beyond what is legally required.
• IT and infrastructure providers: Technical data is processed by our cloud infrastructure, security, and platform operations partners operating under strict data processing agreements.
• Professional advisers: Legal, accounting, or auditing firms engaged by spin999 may have access to relevant data on a strictly confidential, need-to-know basis.

6. Data Retention

spin999 retains your personal data for as long as necessary to fulfil the purposes set out in this Privacy Policy, subject to the following retention standards:

• Active accounts: Personal data is retained for the duration of your active spin999 account relationship.
• Closed accounts: Following account closure, spin999 retains transaction records, identity verification documents, and KYC data for a minimum of five (5) years in accordance with AML compliance and gaming regulatory record-keeping requirements.
• Support and communications records: Support interaction records are retained for a minimum of two (2) years from the date of the last interaction.
• Marketing data: Marketing consent records and associated contact data are retained until you withdraw consent, after which only a record of the withdrawal is retained for compliance purposes.

At the expiry of applicable retention periods, personal data is securely deleted or anonymised in accordance with our internal data lifecycle management procedures.

7. Security Measures

spin999 implements a comprehensive suite of technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction:

• Encryption: All data transmitted between your device and the spin999 platform is encrypted using industry-standard TLS (Transport Layer Security) protocols. Data stored at rest is encrypted using AES-256 encryption.
• Access controls: Access to personal data is restricted on a strict need-to-know basis. All internal access to production data systems is logged and audited.
• Payment security: spin999 does not store full payment card numbers. Card transactions are processed through PCI-DSS Level 1 compliant payment gateways.
• Penetration testing: spin999's platform undergoes regular third-party security penetration testing and vulnerability assessments.
• Incident response: spin999 maintains a documented data breach response procedure. In the event of a data breach affecting your rights and freedoms, spin999 will notify affected users and applicable regulatory authorities within the timeframes required by law.

While spin999 takes reasonable steps to secure your data, no digital platform can guarantee absolute security. You are encouraged to maintain strong spin999 login credentials and enable two-factor authentication on your account.

8. Cookies & Tracking Technologies

spin999 uses cookies and similar tracking technologies (including web beacons and local storage) on the spin999 platform. These technologies serve the following purposes:

• Strictly necessary cookies: Required for the spin999 platform to function, including session management and spin999 login authentication. These cannot be disabled without preventing you from using the platform.
• Performance cookies: Collect anonymised data about how users interact with the spin999 platform for the purpose of identifying errors and improving performance. These do not identify you personally.
• Functional cookies: Remember your preferences (e.g., language, game lobby filters, last-used payment method) to personalise your experience on return visits.
• Analytics cookies: Used by spin999's internal analytics systems to understand aggregate usage patterns, popular game categories, traffic sources, and platform engagement metrics.

You may manage cookie preferences through your browser settings. Disabling non-essential cookies may affect certain personalisation features of the spin999 platform but will not prevent core platform access.

9. Your Data Rights

Subject to applicable data protection law and our regulatory obligations, you have the following rights in relation to your personal data held by spin999:

• Right of access: You may request a copy of the personal data spin999 holds about you.
• Right to rectification: You may request correction of inaccurate or incomplete personal data we hold about you. Some data may be updated directly through your spin999 account settings.
• Right to erasure: You may request deletion of your personal data in certain circumstances. Note that spin999 may be required to retain certain data for regulatory compliance purposes as described in Section 6, notwithstanding a deletion request.
• Right to restriction: You may request that we restrict processing of your personal data in certain circumstances, for example while a rectification request is being assessed.
• Right to object: You may object to processing of your personal data where spin999 relies on legitimate interests as the legal basis, subject to spin999's overriding legitimate interests or legal obligations.
• Right to data portability: You may request a machine-readable copy of personal data you have provided to spin999, where technically feasible.
• Right to withdraw consent: Where processing is based on consent (e.g., marketing communications), you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of the above rights, please contact spin999 using the details in Section 14. spin999 will respond to all verified data subject requests within 30 days.

10. Marketing Communications

spin999 may send you promotional emails, SMS notifications, or in-platform messages regarding bonuses, new games, sportsbook promotions, and other spin999 offers where you have provided your consent to receive such communications at the time of registration or subsequently through your account settings.

You may opt out of marketing communications at any time by:

• Clicking the "Unsubscribe" link in any marketing email from spin999;
• Updating your communication preferences in your spin999 account settings dashboard; or
• Contacting spin999 support directly with an opt-out request.

Opting out of marketing communications does not affect transactional communications related to your account, such as deposit confirmation, withdrawal processing updates, KYC verification requests, or security alerts.

11. Children & Minors

The spin999 platform is strictly restricted to individuals aged 21 years and above. spin999 does not knowingly collect personal data from individuals under the age of 21. If spin999 becomes aware that a minor has registered an account or provided personal data, the account will be immediately suspended and all associated data will be deleted.

If you are a parent or guardian and believe that a minor under your care has registered with spin999, please contact our support team immediately.

12. International Data Transfers

spin999 is primarily operated for and targeted at Malaysian users. However, as an online platform with internationally distributed infrastructure and third-party service providers, your personal data may be transferred to and processed in jurisdictions outside Malaysia. Where such transfers occur, spin999 ensures that appropriate safeguards are in place — including contractual protections such as standard data protection clauses — to maintain protection of your personal data at a level equivalent to that provided under applicable data protection standards.

13. Changes to This Privacy Policy

spin999 may update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or regulatory requirements. Where changes are material, spin999 will provide advance notice via email or on-platform notification before the updated Policy takes effect. The date of the most recent revision is displayed at the top of this page.

Your continued use of the spin999 platform following the effective date of any update constitutes your acceptance of the revised Privacy Policy. If you do not accept the updated Policy, you should cease using the platform and contact support to close your account.

14. Contact & Complaints

If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or wish to raise a complaint about spin999's data handling practices, please contact our support team:

spin999 takes all privacy complaints seriously and will investigate and respond to all complaints in good faith and within a reasonable timeframe. Where you are not satisfied with spin999's response to a privacy complaint, you may have the right to escalate the matter to the applicable data protection or gaming regulatory authority.