368gem Privacy Policy

1. Introduction

1.1 368gem is committed to protecting the privacy and security of its members' personal data. We recognise that the players who trust the 368gem platform with their personal information — including Malaysian MyKad details, banking information, and gaming history — deserve to know precisely how that information is handled.

1.2 This Privacy Policy has been drafted in plain, accessible English to ensure that our members across Kuala Lumpur, Penang, Johor Bahru, Petaling Jaya, and throughout Malaysia can understand it fully without requiring a legal background.

1.3 This Policy should be read alongside the 368gem Terms & Conditions. In the event of any inconsistency between this Privacy Policy and the Terms & Conditions on matters of data processing, this Privacy Policy shall prevail.

1.4 368gem processes personal data in accordance with the Malaysian Personal Data Protection Act 2010 (PDPA) and other applicable data protection laws. We are committed to the seven principles of the PDPA: General, Notice and Choice, Disclosure, Security, Retention, Data Integrity, and Access.

2. Personal Data We Collect

2.1 368gem collects personal data in several ways: directly from you during registration and account use, automatically through your interaction with our platform, and from third parties where permitted by law.

2.1 Data You Provide Directly

• Full legal name (as it appears on your Malaysian MyKad or passport);
• Date of birth (to verify you are 21 years of age or older);
• Email address and contact phone number;
• Home or mailing address;
• MyKad number or passport number (for KYC identity verification);
• Bank account details or e-wallet identifiers (Touch 'n Go, Boost, GrabPay, DuitNow, FPX, Maybank2u, CIMB Clicks, Public Bank, Hong Leong Connect) for the processing of deposits and withdrawals;
• Copies of identity documents and proof of address submitted during the KYC verification process;
• Communications you send to the 368gem customer support team via live chat or email.

2.2 Data Collected Automatically

• IP address and approximate geolocation derived from IP;
• Device type, operating system, and browser version;
• Session timestamps, login history, and session duration;
• Game play history, bet amounts, wagering activity, and transaction records;
• Cookie and tracking data in accordance with Section 6 of this Policy.

2.3 Data From Third Parties

• Identity verification results from third-party KYC service providers;
• Fraud screening results from payment processors and anti-money-laundering (AML) screening services;
• Publicly available data used to fulfil regulatory compliance obligations.

3. How We Use Your Personal Data

368gem uses the personal data it collects for the following purposes:

• Account Creation and Management: To create, maintain, and secure your 368gem member account, including verifying your identity and age (21+) during registration and KYC processes;
• Transaction Processing: To process your MYR deposits, credit winnings to your account, and execute withdrawal requests to your registered payment method;
• Platform Delivery: To deliver casino games, sportsbook services, poker, Fisher Game, and all other 368gem gaming products to your device;
• Customer Support: To respond to your enquiries, resolve disputes, and provide technical assistance;
• Legal and Regulatory Compliance: To comply with anti-money-laundering (AML) requirements, responsible gaming obligations, regulatory reporting, and law enforcement requests;
• Security and Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, account takeovers, bonus abuse, and other unauthorised activity on the 368gem platform;
• Platform Improvement: To analyse aggregate, anonymised usage patterns to improve game selection, platform performance, and user experience;
• Marketing Communications: To send you promotional offers, bonus notifications, and platform updates where you have given consent to receive such communications. You may opt out at any time by contacting [email protected].

4. Legal Basis for Processing

368gem processes your personal data on the following legal bases under the Malaysian Personal Data Protection Act 2010 and applicable international data protection frameworks:

• Contractual Necessity: Processing necessary to perform our obligations under the 368gem Terms & Conditions — including account management, payment processing, and game delivery;
• Legal Obligation: Processing required by Malaysian law, including PDPA, AML legislation, and gaming regulatory requirements;
• Legitimate Interests: Processing carried out for 368gem's legitimate business interests, including fraud prevention, platform security, and responsible gaming monitoring, where these interests are not overridden by your rights;
• Consent: Processing based on your freely given, specific, and informed consent — primarily in relation to direct marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. Data Sharing & Third-Party Disclosure

5.1 368gem does not sell, rent, or trade your personal data to unaffiliated third parties for their own marketing purposes.

5.2 368gem may share your personal data with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate data protection safeguards:

• Payment Processors and E-Wallet Providers: Sharing necessary data with Touch 'n Go, Boost, GrabPay, DuitNow, FPX, Maybank, CIMB, Public Bank, and Hong Leong Connect to process your financial transactions;
• KYC and Identity Verification Services: Sharing identity documents with licensed third-party verification providers to satisfy regulatory age and identity verification requirements;
• Gaming Software Providers: Sharing minimal session data with our licensed game providers (e.g., Pragmatic Play, Evolution Gaming, PG Soft) necessary to deliver and log game rounds;
• Fraud Prevention and AML Services: Sharing transaction data with fraud screening and AML compliance platforms as required by our regulatory obligations;
• Regulatory and Law Enforcement Authorities: Disclosing data to gaming regulators, financial intelligence units, and law enforcement agencies where required by applicable law or court order;
• Professional Advisers: Sharing data with our lawyers, auditors, and insurers in the course of professional services, under binding confidentiality obligations.

5.3 Any third party with whom 368gem shares personal data is required to handle that data in accordance with this Privacy Policy and applicable data protection law. 368gem enters into data processing agreements with all relevant third-party processors.

6. Cookies & Tracking Technologies

6.1 The 368gem platform uses cookies and similar tracking technologies to improve your experience, maintain your login session, and collect aggregate usage analytics. Cookies are small text files stored on your device by your browser.

6.2 368gem uses the following categories of cookies:

• Strictly Necessary Cookies: Required for the 368gem platform to function. These include session authentication cookies and security tokens. These cannot be disabled without impairing platform functionality;
• Functional Cookies: Remember your preferences (e.g., language settings, remembered username) to provide a personalised experience;
• Analytics Cookies: Collect anonymised data about how the 368gem platform is used — which games are most popular, which pages have high bounce rates — to support platform improvement;
• Marketing Cookies: Used, where consented, to show you relevant 368gem promotional content. You may opt out of marketing cookies via your browser settings.

6.3 You can manage or delete cookies through your browser settings at any time. Disabling non-essential cookies will not prevent you from using the core 368gem gaming platform, but may affect the personalisation features available to you.

7. Data Retention

7.1 368gem retains your personal data for as long as your account is active and for a period thereafter as required by applicable law — including AML record-keeping obligations, which typically require a minimum retention period of five (5) years following account closure under Malaysian anti-money-laundering regulations.

7.2 KYC identity verification documents are retained in accordance with our regulatory licence requirements and applicable law. After the mandatory retention period has expired, documents are securely deleted or anonymised.

7.3 Transaction records are retained for a minimum of seven (7) years for financial audit and regulatory purposes.

7.4 Customer support communications (live chat and email records) are retained for three (3) years from the date of the last interaction, after which they are deleted unless retention is required for ongoing legal proceedings.

8. Your Data Rights

Under the Malaysian Personal Data Protection Act 2010 and applicable international data protection principles, you have the following rights in relation to your personal data held by 368gem:

• Right of Access: You may request a copy of the personal data 368gem holds about you;
• Right to Correction: You may request the correction of any inaccurate or incomplete personal data we hold;
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing;
• Right to Limit Processing: You may request that we restrict the processing of your personal data in certain circumstances;
• Right to Object: You may object to processing based on legitimate interests or direct marketing;
• Right to Data Portability: Where technically feasible and permitted by law, you may request a structured, machine-readable copy of your data.

To exercise any of the above rights, contact the 368gem data protection team at [email protected]. We will respond to all verified data subject requests within thirty (30) calendar days. Identity verification may be required before we action your request.

9. Data Security

9.1 368gem implements appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and the 368gem servers;
• Encryption at rest for sensitive data fields including identity document images and payment method details;
• Role-based access controls limiting staff access to personal data on a strict need-to-know basis;
• Regular security audits and penetration testing of the 368gem platform;
• Two-factor authentication options for member accounts;
• Suspicious login detection and automatic account protection triggers.

9.2 In the event of a personal data breach that is likely to result in a risk to your rights, 368gem will notify affected individuals and relevant regulatory authorities in accordance with applicable law and without undue delay.

10. Children and Minors

10.1 The 368gem platform is strictly intended for individuals aged twenty-one (21) years and above. 368gem does not knowingly collect personal data from persons under the age of 21.

10.2 If 368gem becomes aware that personal data has been collected from a person under the age of 21, that account will be suspended immediately, all associated data will be deleted, and any funds in the account will be returned to the depositing payment method subject to applicable legal requirements.

10.3 If you believe that a minor has created a 368gem account, please notify us immediately at [email protected].

11. Changes to This Privacy Policy

11.1 368gem may update this Privacy Policy from time to time to reflect changes in our data processing practices, platform features, or applicable law. Material changes will be communicated to registered members via email to the address associated with their 368gem account and/or through a notice on the platform, no less than fourteen (14) days before the change takes effect.

11.2 The current version of the 368gem Privacy Policy is always available at https://368gem.net/privacy-policy. The "Last Updated" date at the top of this document indicates when the most recent revision was made.

11.3 Your continued use of the 368gem platform after the effective date of any amendment constitutes your acknowledgement of the revised Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data by 368gem, please contact us: