Privacy Policy – How spinggo Handles Your Personal Data

1 Data Controller

1.1 spinggo is the data controller in respect of the personal data collected through the spinggo Platform. As data controller, spinggo determines the purposes and means of processing your personal data.

1.2 spinggo operates the Platform under an international gaming authority licence. Our data processing practices are subject to the data protection requirements imposed by our licensing jurisdiction as well as applicable data protection principles.

1.3 Where spinggo engages third-party service providers to process personal data on its behalf (for example, KYC verification providers, payment processors, and fraud prevention services), those parties act as data processors under a written data processing agreement and are not permitted to use your data for any purpose other than the provision of services to spinggo.

2 Personal Data We Collect

2.1 spinggo collects personal data in the categories set out below. We collect only information that is necessary for the stated purpose.

Registration & Identity Data

• Full legal name as per government-issued identification
• Date of birth (required to verify the 21+ age requirement)
• Residential address
• Nationality
• Email address and mobile phone number
• Username chosen at registration

KYC Verification Data

• Copy of Malaysian Identity Card (MyKad) or Passport
• Proof of address documentation where required
• Source of funds documentation for enhanced due diligence cases

Financial & Transaction Data

• Deposit and withdrawal transaction records
• Payment method identifiers (e.g., masked bank account numbers, e-wallet identifiers)
• Account balance history
• Betting and game transaction records

Technical & Usage Data

• IP address and approximate geolocation derived from IP
• Device type, operating system, and browser information
• Session logs, login timestamps, and access records
• Clickstream and navigation data within the Platform

Communications Data

• Records of support communications via Live Chat
• Email correspondence with spinggo support or compliance teams
• Records of responsible gaming tool usage and self-exclusion requests

2.2 spinggo does not collect special category data (such as racial or ethnic origin, health data, or biometric data) except where expressly required for identity verification purposes under KYC obligations, in which case such data is handled with heightened security controls and deleted once verification is complete.

3 How We Use Your Personal Data

3.1 spinggo uses the personal data collected for the following purposes:

3.2 spinggo does not use Member personal data for profiling for advertising purposes, nor does spinggo use personal data to make automated decisions that produce legal or similarly significant effects on Members without human oversight.

4 Legal Basis for Processing

4.1 spinggo processes personal data on the following legal bases:

• Contractual necessity: Processing required to perform the contract between spinggo and the Member — including account management, game provision, and payment processing.
• Legal obligation: Processing required to comply with applicable law and our Gaming Licence obligations, including KYC, AML, and responsible gaming requirements.
• Legitimate interests: Processing for fraud prevention, Platform security, and service improvement, where those interests do not override the Member's rights and freedoms.
• Consent: Where consent is the basis for processing (for example, optional marketing communications), Members may withdraw consent at any time without affecting the lawfulness of prior processing. spinggo does not make account registration conditional on consent to optional processing.

5 Data Sharing & Disclosure

5.1 spinggo shares personal data with third parties only where necessary and under appropriate legal safeguards. Categories of recipients include:

• KYC & Identity Verification Providers: To verify Member age and identity as required under our Gaming Licence.
• Payment Processors: Including Maybank, CIMB, Touch 'n Go eWallet, Boost, GrabPay, and FPX gateway operators, to process deposits and withdrawals.
• Fraud Prevention & AML Services: To detect and prevent fraudulent activity and money laundering in accordance with our regulatory obligations.
• Gaming Licensing Authority: As required under our Gaming Licence for regulatory reporting, audits, and investigation of player complaints.
• IT Infrastructure Providers: Including cloud hosting and content delivery providers, who process data as data processors under contractual obligation.
• Legal and Law Enforcement Authorities: Where required by applicable law, court order, or regulatory instruction.

5.2 spinggo does not share Member personal data with third-party marketers, data brokers, or social media platforms.

6 Cookies & Tracking Technologies

6.1 spinggo uses cookies and similar tracking technologies on the Platform for the following purposes:

• Essential cookies: Required for the Platform to function, including session management, login state, and security tokens. These cannot be disabled without preventing use of the Platform.
• Functional cookies: Store Member preferences such as language settings and game display preferences to improve usability.
• Analytics cookies: Collect anonymised data about how Members navigate the Platform to enable spinggo to improve the user experience. No personally identifiable data is included in analytics reports.

6.2 spinggo does not use third-party advertising cookies or retargeting pixels. Members may manage non-essential cookie preferences through the cookie settings tool available on the Platform.

7 Data Retention

7.1 spinggo retains personal data for as long as is necessary for the purposes for which it was collected, subject to the following minimum retention periods imposed by our Gaming Licence and applicable law:

• Account registration and KYC documentation: minimum 5 years from account closure
• Financial transaction records: minimum 5 years from the date of transaction
• Betting and game records: minimum 3 years from the date of the transaction
• Customer support communications: minimum 2 years from the date of the communication

7.2 Upon expiry of the applicable retention period, personal data is securely deleted or anonymised. Anonymised data may be retained indefinitely for aggregate statistical analysis and does not constitute personal data.

7.3 Where a Member has requested account closure, their data is retained for the minimum periods stated above rather than deleted immediately, in order to comply with legal and regulatory obligations.

8 Your Data Protection Rights

8.1 Subject to applicable data protection law and the limitations of our Gaming Licence record-keeping obligations, Members have the following rights in relation to their personal data:

• Right of Access: You may request a copy of the personal data spinggo holds about you.
• Right to Rectification: You may request correction of inaccurate or incomplete personal data.
• Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.
• Right to Restriction: You may request that spinggo restrict the processing of your data in certain circumstances.
• Right to Data Portability: Where processing is based on contract or consent, you may request that your data be provided in a machine-readable format.
• Right to Object: You may object to processing based on legitimate interests where your particular circumstances give grounds to do so.

8.2 To exercise any of these rights, please contact spinggo support via Live Chat after logging in. Requests will be acknowledged within 5 business days and responded to within 30 calendar days.

8.3 spinggo will not charge a fee for processing reasonable data subject requests. Where requests are manifestly unfounded or excessive, spinggo reserves the right to charge a reasonable administrative fee or decline to respond.

9 Children's Privacy

9.1 The spinggo Platform is strictly intended for individuals aged 21 years and above. spinggo does not knowingly collect personal data from individuals under the age of 21. Age verification is conducted as part of the mandatory KYC process for all Members.

9.2 If spinggo becomes aware that personal data has been collected from an individual below the minimum age, the relevant account will be immediately suspended, all data will be deleted as soon as permissible under legal obligations, and any deposits will be returned to the source payment method.

10 Security Measures

10.1 spinggo implements technical and organisational measures appropriate to the risk level of the personal data processed. These measures include:

• TLS encryption for all data transmitted between Members' devices and the spinggo Platform
• Encryption at rest for personal data and sensitive financial records stored in spinggo's databases
• Role-based access controls limiting internal access to personal data to authorised personnel only
• Two-factor authentication available for all Member accounts and mandatory for internal staff systems
• Regular security assessments and penetration testing by independent third parties
• Incident response procedures for the detection, containment, and notification of data security events

10.2 While spinggo employs stringent security practices, no online platform can guarantee absolute security. Members are encouraged to use strong, unique passwords and to enable two-factor authentication on their spinggo accounts.

11 International Data Transfers

11.1 In the course of providing its services, spinggo may transfer personal data to service providers located outside the country in which the Member resides. Such transfers occur where necessary for the provision of KYC verification, payment processing, fraud prevention, and infrastructure hosting services.

11.2 Where personal data is transferred internationally, spinggo ensures that such transfers are conducted under appropriate safeguards including standard contractual clauses, data processing agreements, or transfers to jurisdictions recognised as providing an adequate level of data protection.

12 Updates to This Privacy Policy

12.1 spinggo may update this Privacy Policy from time to time to reflect changes in our data processing practices, changes in applicable law, or changes in our Gaming Licence requirements. The "Last Updated" date at the top of this page reflects the date of the most recent revision.

12.2 Where changes to this Policy are material, spinggo will notify Members via the registered email address and/or an in-platform notification at least 7 days before the changes take effect. Continued use of the Platform after the effective date of revised Policy terms constitutes acceptance of those changes.

12.3 The current version of this Privacy Policy is always accessible at spinggo.club/privacy-policy.

13 Contact & Complaints

13.1 For all data protection enquiries, requests to exercise your rights, or concerns about how spinggo handles your personal data, please contact spinggo's support team via the Live Chat function available after logging in to your account. You may also write to us at the email address displayed in the footer of this page (plain text, not a clickable link).

13.2 spinggo takes all data protection complaints seriously. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 calendar days. Where we are unable to resolve your complaint to your satisfaction, you have the right to escalate your complaint to the relevant data protection supervisory authority in your jurisdiction.