icon Free Money!
Bonuses & Promo icon
App for Window

Visit the site from your smartphone, install the application right now and get $100 to the bonus account!

en English

Hot

20

Popular

238

Privacy Policy

Effective date: March 2025

This policy uses plain language because legal boilerplate that nobody reads doesn’t actually protect anyone. If you register at UWIN33, this document describes every category of personal data we hold on you, why we hold it, and who else — if anyone — can access it.

Questions before or after reading: contact us at [email protected] or via live chat at u-win-33.my.

1. Who Is Responsible for Your Data

UWIN33 (the operator of u-win-33.my and its associated domains) is the data controller for all personal information collected through the platform. UWIN33 operates under a Curacao eGaming licence, which imposes specific data retention and player identification obligations.

Our servers are hosted in certified data centres operating under ISO/IEC 27001 information security standards. Physical server access is restricted; logical access to player data requires role-based authentication with audit logging.

2. Data We Collect — Broken Down by When

When you register

  • Phone number — your primary account identifier. Used for OTP delivery, account recovery, and marketing SMS (with consent only).
  • Date of birth — required to verify you are 18+. Stored against your account permanently.
  • Password — stored as a salted cryptographic hash. We cannot read or recover your actual password. If you forget it, it must be reset.
  • Referral or voucher code (if entered) — used to attribute your registration to an ambassador or campaign for bonus purposes.

When you complete KYC

  • Government-issued ID — MyKad front and back, or passport. Used for identity matching only; processed by a third-party KYC provider under a data processor agreement.
  • Selfie with ID — facial comparison against the submitted document.
  • Payment method screenshot — confirms you own the account you’re withdrawing to. Bank name and account number stored; full account details are not retained beyond the verification event.

KYC compliance is required by our licence. For context on why licensed gambling platforms conduct identity verification, eCOGRA’s responsible gambling framework explains the player protection rationale.

During gameplay and transactions

  • Transaction records — every deposit and withdrawal: amount, method, timestamp, status. Retained for a minimum of 5 years under our licence conditions.
  • Betting and gameplay data — games played, bet amounts, session duration. Required for anti-money-laundering (AML) monitoring and responsible gambling intervention triggers.
  • Device and IP data — operating system, device model, IP address per session. Used to detect multiple accounts, suspicious login patterns, and regional access compliance.
  • eWallet identifiers — TnG, GrabPay, MAE account references used to process transactions. Not full account credentials — reference IDs only.

When you contact support

  • Full contents of live chat conversations, including file attachments
  • Email correspondence if you contact us by email
  • Support ticket history — visible to agents handling your account

3. Legal Basis for Processing Each Data Type

We don’t collect data without a documented justification:

  • Phone number, password, DOB → contractual necessity (operating your account)
  • KYC documents → legal obligation (Curacao eGaming licence, AML regulation)
  • Transaction and gameplay records → legal obligation + contractual necessity
  • Device and IP data → legitimate interest (fraud prevention, account security)
  • eWallet identifiers → contractual necessity (payment processing)
  • Support communications → legitimate interest (service delivery and improvement)
  • Marketing SMS → consent only — opt-in at registration, revocable at any time in account settings

4. Who Else Has Access

UWIN33 does not sell player data. Sharing occurs only where operationally necessary:

  • Payment processors — local banks (Maybank, CIMB, RHB, Public Bank), eWallet operators (TnG, GrabPay, Boost, MAE), and crypto gateway providers receive only the transaction data required to process each payment.
  • KYC verification provider — receives your ID documents under a data processor agreement. They process and discard; they do not build a persistent record of your identity.
  • Game studios — Pragmatic Play, Evolution Gaming and others receive anonymised session tokens to run certified games. They do not receive your name, phone number, or financial data.
  • Curacao eGaming — our licensing authority has audit rights over player records as a condition of the licence.
  • Law enforcement and regulators — we comply with lawful orders from Malaysian or international authorities. We notify you where legally permitted.
  • UWIN33 ambassador network — ambassadors receive only your registration status (confirmed/pending) when you use their referral link. No personal data is shared.

5. Retention Periods — How Long We Keep What

  • Active account data — held for the duration of your account
  • KYC documents — minimum 5 years from account closure
  • Transaction records — minimum 5 years from each transaction date
  • Gameplay records — 2 years from each session
  • Support records — 2 years from last contact
  • Device/IP logs — 12 months rolling
  • Marketing consent records — held until consent is withdrawn, then deleted within 30 days

Data past its retention period is either permanently deleted or irreversibly anonymised. We do not retain personal data ‘just in case’.

6. Security

Data protection at UWIN33 operates across multiple layers:

  • Encryption in transit — 256-bit TLS on all connections. Publicly verifiable at SSL Labs
  • Encryption at rest — AES-256 on stored personal data and financial records
  • Role-based access — support agents see account data; finance team sees transactions; development has no production data access
  • Staff 2FA — all internal system access requires two-factor authentication
  • Annual penetration testing — conducted by an independent security firm
  • Breach notification — if a breach creates risk for your rights, we notify you within 72 hours

Our security practices align with OWASP security guidelines for online platforms handling financial accounts.

7. Cookies

We use three categories of cookies on UWIN33 domains:

  • Essential — session management, CSRF protection, login state. Cannot be disabled without breaking the platform.
  • Analytics — Google Analytics 4 with IP anonymisation. Page-level traffic analysis. No personally identifiable data captured.
  • Marketing — ad effectiveness measurement. Set only with your consent, revocable via the cookie preference centre.

For a plain-language explanation of cookie rights under Malaysian and international frameworks, the UK ICO’s cookie guidance is a clear reference applicable to these principles.

8. Your Rights

  • Access — request a copy of all data we hold. Response within 30 days.
  • Rectification — correct inaccurate data. Most account fields editable in your profile.
  • Erasure — request deletion. Regulatory retention requirements (KYC, transactions) prevent early deletion of those specific records.
  • Restriction — pause processing during a dispute.
  • Portability — receive your data in CSV or JSON format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw marketing consent — takes effect within 24 hours via account settings or by emailing [email protected].

To exercise any right: email [email protected] with the subject line ‘Data Rights Request’ and your registered phone number. We respond within 30 days.

9. Minors

UWIN33 does not accept players under 18. Date of birth is collected at registration and verified at KYC. If an underage account is identified, it is suspended, all funds returned, and data deleted. If you believe a minor has registered using falsified details, contact us immediately at [email protected].

10. Policy Updates

When this policy changes in a material way — meaning something that affects how we use your data beyond what you’ve previously consented to — we send an SMS notification to your registered number and display an in-app alert. Minor updates (clarifications, formatting) take effect without notice.

Continued use of UWIN33 after a material update constitutes acceptance. If you don’t accept the changes, you can close your account and request data deletion.

11. Contact