Privacy Policy — waja333

01 // Introduction

waja333 ("we," "us," or "the Platform") is committed to protecting the privacy and personal data of all members and visitors. This Privacy Policy applies to all data processing activities conducted in connection with the operation of waja333.club, including account registration, payment processing, customer support, gaming activity, and marketing communications.

This policy is designed to meet the data protection obligations applicable to online gaming platforms operating under international licensing frameworks. Malaysian players are encouraged to read this document in full. If you have questions about how your data is handled, contact our Data Protection team at the address provided in Section 15.

02 // Data Controller

The data controller responsible for personal data processed through the waja333 platform is the entity operating waja333.club under its applicable international gaming licence. For all data-related enquiries, the designated point of contact is:

03 // Data We Collect

waja333 collects personal data in the following categories depending on your interaction with the platform:

3.1 Registration Data

• Full name, date of birth, nationality
• Email address and/or mobile phone number
• Username and hashed password credentials
• Residential address (required for KYC verification)

3.2 Identity Verification (KYC) Data

• Government-issued identification documents (e.g. MyKad, passport)
• Proof of address documentation
• Source of funds documentation where required for anti-money laundering compliance

3.3 Financial Data

• Deposit and withdrawal transaction records including amounts, timestamps, and payment method identifiers
• E-wallet account identifiers (Touch 'n Go, Boost, GrabPay, etc.) where used for transactions
• Cryptocurrency wallet addresses used for USDT TRC20 transactions
• Bank account details where provided for FPX, Maybank2u, CIMB Clicks, Public Bank, or Hong Leong transfers

3.4 Gaming Activity Data

• Game session logs, bet amounts, game outcomes, and session durations
• Sportsbook betting history including markets, odds accepted, and results
• Bonus and promotional activity records

3.5 Technical Data

• IP address, device type, operating system, and browser type
• Session tokens and login timestamps
• Geolocation data (city-level) derived from IP address
• Cookie identifiers and analytics data (see Section 7)

3.6 Communication Data

• Live chat transcripts and support ticket content
• Email correspondence with the waja333 support team
• Voluntary survey or feedback responses

04 // How We Use Your Data

waja333 processes personal data for the following purposes:

• Account management: Creating, maintaining, and securing your waja333 account;
• Identity verification: Meeting Know Your Customer (KYC) and Anti-Money Laundering (AML) regulatory obligations;
• Payment processing: Facilitating deposits and withdrawals via your chosen payment method;
• Service delivery: Providing access to casino games, sportsbook, slots, and fish arcade products;
• Customer support: Responding to enquiries, resolving disputes, and troubleshooting technical issues;
• Responsible gaming: Monitoring gaming patterns to identify at-risk behaviour and applying self-exclusion restrictions where requested;
• Fraud prevention and security: Detecting and preventing fraudulent activity, money laundering, and unauthorised account access;
• Legal compliance: Meeting obligations under applicable gaming, financial, and data protection law;
• Marketing communications: Sending promotional offers and updates to members who have opted in (opt-out available at any time);
• Platform improvement: Analysing aggregated usage data to improve platform performance, user experience, and game offering.

05 // Legal Basis for Processing

waja333 processes personal data on the following legal grounds:

• Contractual necessity: Processing required to perform the contract between waja333 and the Member (account operation, payment processing, service delivery);
• Legal obligation: Processing required to comply with applicable KYC, AML, and gaming regulatory requirements;
• Legitimate interests: Processing for fraud prevention, platform security, and internal analytics that do not override the Member's fundamental privacy rights;
• Consent: Processing for optional marketing communications, where explicit consent has been obtained and can be withdrawn at any time.

06 // Data Sharing & Third Parties

waja333 does not sell, rent, or trade personal data to third parties for commercial marketing purposes. Data may be shared in the following limited circumstances:

• Payment service providers: Transaction data is shared with relevant payment processors (FPX gateway, e-wallet operators, banking institutions, and cryptocurrency network infrastructure) solely for the purpose of executing deposits and withdrawals;
• Game providers: Aggregated session data may be shared with licensed game providers (e.g. Pragmatic Play, Evolution Gaming) for RNG auditing and technical support purposes;
• Regulatory and law enforcement authorities: waja333 will disclose data to competent authorities when required to do so by applicable law, court order, or gaming regulatory directive;
• KYC and AML service providers: Identity verification data is processed by third-party KYC/AML compliance vendors operating under confidentiality obligations;
• Group entities: Personal data may be shared within the waja333 corporate group for internal compliance, audit, and operational purposes.

All third-party data processors engaged by waja333 are bound by data processing agreements requiring them to maintain confidentiality and implement appropriate security measures.

07 // Cookies & Tracking Technologies

waja333 uses cookies and similar tracking technologies to operate the platform and improve your experience. The categories of cookies used are as follows:

• Essential cookies: Required for platform functionality including session authentication, login state persistence, and security token validation. These cannot be disabled without impacting platform usability;
• Performance cookies: Collect anonymised data on page load times, error rates, and navigation patterns to support technical performance optimisation;
• Analytics cookies: Used to understand aggregate user behaviour across the platform. Data is processed in anonymised or pseudonymised form;
• Preference cookies: Store your language, display, and notification preferences to personalise your experience on return visits.

You may control cookie settings through your browser preferences. Note that disabling essential cookies may prevent access to certain platform features including the login function.

08 // Data Retention

waja333 retains personal data for the minimum period necessary to fulfil the purposes for which it was collected, subject to any longer retention periods required by law:

• Account data: Retained for the duration of the account relationship plus a minimum of five (5) years following account closure, in accordance with AML regulatory requirements;
• KYC / identity documents: Retained for a minimum of five (5) years from the date of verification or account closure, whichever is later;
• Transaction records: Retained for a minimum of five (5) years from the date of each transaction;
• Gaming activity logs: Retained for a minimum of three (3) years;
• Support communications: Retained for two (2) years from the date of last interaction;
• Marketing data: Retained until consent is withdrawn or until the account has been inactive for two (2) years, whichever occurs first.

Upon expiry of the applicable retention period, data is securely deleted or anonymised such that it can no longer be attributed to an individual.

09 // Data Security

waja333 implements technical and organisational security measures proportionate to the sensitivity of the data processed. These measures include:

• TLS 1.2 / 1.3 encryption for all data transmitted between your device and waja333 servers;
• Encryption at rest for sensitive personal and financial data stored in waja333 databases;
• Multi-factor authentication controls for administrative access to production systems;
• Regular penetration testing and vulnerability assessments conducted by independent security specialists;
• Access controls limiting data access to authorised personnel on a need-to-know basis;
• Incident response procedures for detecting, reporting, and remediating data security incidents.

10 // Your Data Rights

Subject to applicable law and our regulatory obligations, you have the following rights in respect of your personal data held by waja333:

• Right of access: You may request a copy of the personal data waja333 holds about you;
• Right to rectification: You may request correction of inaccurate or incomplete personal data;
• Right to erasure: You may request deletion of your personal data where there is no lawful basis for its continued retention (note: AML/regulatory retention obligations may limit this right);
• Right to restrict processing: You may request that waja333 restrict processing of your data in certain circumstances;
• Right to data portability: You may request a structured, machine-readable copy of data you have provided to waja333;
• Right to object: You may object to processing based on legitimate interests or for direct marketing purposes;
• Right to withdraw consent: Where processing is based on consent (e.g. marketing emails), you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact the waja333 Data Protection team at [email protected]. We will respond to valid requests within 30 days.

11 // Third-Party Links

The waja333 platform may contain links to game provider content, payment gateway interfaces, or licensing authority pages. waja333 is not responsible for the privacy practices of third-party sites or services. We encourage you to review the privacy policies of any third-party services you access in connection with your use of the waja333 platform.

12 // Children's Privacy

The waja333 platform is strictly for individuals aged 21 and above. We do not knowingly collect personal data from individuals under the age of 21. If we become aware that data has been collected from a person under the minimum age, such data will be deleted immediately and the associated account will be closed. Parents or guardians who believe their child has provided data to waja333 should contact us immediately at [email protected].

13 // Cross-Border Data Transfers

waja333 may transfer personal data to servers or processors located outside of Malaysia in connection with its operational, payment processing, and KYC compliance activities. Where such transfers occur, waja333 ensures that appropriate safeguards are in place — including contractual data protection clauses binding the recipient to equivalent protection standards as those applied within Malaysia.

Cryptocurrency transaction data processed via the USDT TRC20 network is inherently processed on a distributed global blockchain infrastructure. waja333 limits the data transmitted to the blockchain to the minimum necessary (wallet address and transaction amount) and does not transmit identity data to blockchain networks.

14 // Amendments to This Policy

waja333 reserves the right to update this Privacy Policy at any time. Where a material change is made to how we process your personal data, we will notify you via the platform or by email to your registered address. The "last updated" date at the top of this document reflects the most recent revision. Your continued use of the waja333 platform following notification of any amendment constitutes your acceptance of the revised policy.

15 // Contact Us

For any privacy-related enquiries, data subject access requests, or complaints regarding our data processing practices, please contact the waja333 Data Protection team: