mygm2u Privacy Policy — How We Handle Your Personal Data

1 Definitions

In this Privacy Policy:

• "mygm2u," "we," "us," "our" refers to the mygm2u platform operator and its authorised representatives.
• "Platform" means the mygm2u website (mygm2u.app), mobile applications, and all associated services.
• "Member," "you," "your" refers to any registered account holder or visitor of the Platform.
• "Personal Data" means any information that identifies or could reasonably identify a living individual, directly or in combination with other data.
• "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
• "Third-Party Service Provider" means any entity engaged by mygm2u to perform services on its behalf, including payment processors, game providers, and KYC verification services.

2 Personal Data We Collect

mygm2u collects Personal Data through multiple channels as part of providing the Platform's services. The categories of Personal Data collected include:

mygm2u does not intentionally collect Special Category Data (as defined under applicable data protection laws) unless disclosure of such data is initiated voluntarily by the Member (for example, in the context of a responsible gaming self-exclusion request that references a medical condition).

3 How We Use Your Personal Data

mygm2u processes Personal Data for the following purposes and on the following legal bases:

• Account management and authentication: To create, maintain, and secure your mygm2u account, including verifying your identity at login and during KYC processes.
• Transaction processing: To process deposits, withdrawals, and bonus credits, and to maintain an accurate record of your financial transactions on the Platform.
• Regulatory compliance: To fulfil obligations under applicable anti-money laundering (AML), counter-terrorist financing (CTF), and data protection regulations, including the Personal Data Protection Act 2010 (PDPA) of Malaysia.
• Fraud and security monitoring: To detect, investigate, and prevent fraudulent activity, account compromises, and violations of the mygm2u Terms and Conditions.
• Responsible gaming: To monitor gaming activity patterns for indicators of problem gambling and to administer self-exclusion, deposit limits, and session controls where requested.
• Personalised promotions: To send you relevant bonus offers, reload promotions, and VIP programme updates that are tailored to your activity profile, where you have not opted out of marketing communications.
• Platform improvement: To analyse aggregated usage data in order to improve game selection, user interface design, and support quality.
• Legal proceedings: To establish, exercise, or defend legal claims involving mygm2u or its Members.

4 Cookies and Tracking Technologies

4.1 Use of Cookies. The mygm2u Platform uses cookies and similar tracking technologies (including web beacons and session tokens) to operate core Platform functionality, maintain your authenticated session, and gather aggregated analytics data about how Members use the Platform.

4.2 Types of Cookies. mygm2u employs the following categories of cookies:

• Strictly Necessary Cookies: Required for the Platform to function. These include session authentication tokens and security cookies. They cannot be disabled without causing significant degradation to Platform functionality.
• Functional Cookies: Remember your preferences such as language settings, preferred game lobby view, and deposit method selections across sessions.
• Analytics Cookies: Collect anonymised data on how Members navigate the Platform, which pages are visited most frequently, and where technical errors occur. This data is used internally to improve the Platform.

4.3 Managing Cookies. You may adjust your browser settings to block or delete cookies at any time. Note that disabling strictly necessary cookies may prevent you from logging in or using certain Platform features. mygm2u does not use third-party advertising cookies or behavioural tracking cookies that serve advertisements on external websites.

5 Disclosure of Personal Data

5.1 Third-Party Service Providers. mygm2u shares Personal Data with Third-Party Service Providers who are engaged to perform specific services on our behalf. These providers are contractually obligated to process Personal Data only as instructed by mygm2u and to maintain appropriate security standards. Categories of service providers include:

• Payment processors and e-wallet operators (e.g., those facilitating Touch n Go eWallet, Boost, GrabPay, and bank transfer transactions).
• KYC and identity verification service providers.
• Game content providers (who receive pseudonymised gaming activity data necessary to resolve game disputes and calculate RTP).
• Cloud infrastructure and data hosting providers.
• Customer support platform operators.

5.2 Regulatory and Law Enforcement Disclosures. mygm2u may disclose Personal Data to regulatory authorities, law enforcement agencies, or courts of competent jurisdiction where required to do so by law, court order, or regulatory direction. mygm2u will, where legally permissible, notify affected Members of such disclosures.

5.3 No Sale of Personal Data. mygm2u does not sell, rent, or trade Personal Data to third-party advertisers or data brokers under any circumstances.

5.4 Business Transfers. In the event of a merger, acquisition, or sale of all or substantially all of mygm2u's assets, Personal Data held by mygm2u may form part of the transferred assets. Members will be notified of any such transfer and of any resulting change to this Privacy Policy.

6 Data Security

6.1 mygm2u implements and maintains technical and organisational security measures designed to protect Personal Data against unauthorised access, disclosure, alteration, loss, or destruction. These measures include, but are not limited to:

• 256-bit SSL/TLS encryption for all data transmitted between your device and the Platform.
• Encryption of sensitive data fields (including payment information and identity document references) at rest.
• Role-based access controls ensuring that internal personnel access only the Personal Data necessary for their specific function.
• Regular penetration testing and vulnerability assessments conducted by independent security professionals.
• Segregation of Member Funds from operational accounts.
• Multi-factor authentication enforced for all internal administrative access to production systems.

6.2 Data Breach Response. In the event of a Personal Data breach that is likely to result in a risk to affected Members, mygm2u will notify affected Members without undue delay by email to the registered address on file. mygm2u maintains a documented incident response procedure for handling data security events.

7 Data Retention

7.1 mygm2u retains Personal Data for as long as is necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by applicable law.

7.2 Active Account Data: Retained for the duration of the Member relationship plus a minimum of five (5) years following account closure, in compliance with Malaysian AML/CTF legislative requirements and to support dispute resolution.

7.3 Financial Transaction Records: Retained for a minimum of seven (7) years from the date of each transaction, in line with financial record-keeping obligations.

7.4 KYC Documents: Retained for a minimum of five (5) years following the termination of the Member relationship.

7.5 Marketing Preferences: Retained until you withdraw consent or opt out of marketing communications, after which your preference is recorded and retained to prevent inadvertent re-marketing.

7.6 When Personal Data is no longer required for any lawful purpose, mygm2u will securely delete or anonymise it in accordance with its data disposal procedures.

8 Your Rights

Subject to applicable law, you have the following rights in respect of your Personal Data held by mygm2u:

• Right of Access: You may request a copy of the Personal Data mygm2u holds about you.
• Right of Correction: You may request that inaccurate or incomplete Personal Data be corrected.
• Right of Erasure: You may request deletion of your Personal Data where it is no longer necessary for the purpose for which it was collected, subject to mygm2u's legal retention obligations.
• Right to Restrict Processing: You may request that mygm2u limit the processing of your Personal Data in certain circumstances.
• Right to Withdraw Consent: Where processing is based on consent (e.g., marketing communications), you may withdraw that consent at any time without affecting the lawfulness of processing conducted prior to withdrawal.
• Right to Opt Out of Marketing: You may opt out of receiving promotional communications from mygm2u at any time by contacting support or using the unsubscribe mechanism in any marketing email.

To exercise any of these rights, please contact mygm2u at [email protected]. mygm2u will respond to requests within 30 calendar days. Where a request is complex or numerous, this period may be extended by a further 30 days, of which you will be notified.

Please note that certain rights may be limited where mygm2u has a legal obligation to retain the relevant data (for example, AML record-keeping requirements).

9 Children and Minors

The mygm2u Platform is strictly intended for adults aged 21 and above. mygm2u does not knowingly collect Personal Data from persons under the age of 21. If mygm2u becomes aware that Personal Data has been collected from a person below the minimum age, that data will be deleted without delay and the associated account will be permanently closed. If you believe a person under the age of 21 has provided Personal Data to mygm2u, please contact support immediately.

10 Changes to This Privacy Policy

mygm2u reserves the right to update or amend this Privacy Policy at any time. Material changes will be communicated to registered Members by email to the address on file and will be posted on this page with a revised effective date. Your continued use of the Platform after the effective date of any amendment constitutes acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

11 Contact and Data Enquiries

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your Personal Data by mygm2u, please contact:

• Email: [email protected]
• Live Chat: Available 24/7 via the Platform (post-login).

mygm2u does not operate a postal address for data subject requests. All Personal Data requests must be submitted via the contact channels above. For identity verification purposes, mygm2u may ask you to provide proof of identity before processing a data access or erasure request.