Privacy Policy – How easy13 Protects Your Data

1. Who We Are

easy13 ("the Platform", "we", "us", "our") operates the online gaming website accessible at easy13.org and is the data controller responsible for the personal data processed in connection with the Platform's operations. easy13 holds a licence issued by an international gaming authority and processes personal data in accordance with its licensing obligations as well as applicable international data protection standards.

For the purposes of this Privacy Policy, "Member" refers to any individual who has registered an Account on easy13, and "Visitor" refers to any individual who accesses easy13.org without registering an Account. This Policy applies to both Members and Visitors. References to "you" and "your" encompass both unless specifically distinguished.

2. Data We Collect

2.1 Registration & Identity Data

When you register an Account on easy13, we collect the following personal information:

• Full legal name as it appears on your government-issued identity document;
• Date of birth (for age verification — all Members must be 21 years of age or older);
• Email address (primary communication channel);
• Mobile phone number;
• Residential address;
• Username and password (password is stored in hashed, salted form — never in plain text).

2.2 KYC & Verification Documents

To comply with our licensing authority's anti-money laundering (AML) and know-your-customer (KYC) requirements, easy13 collects:

• Copies of government-issued photo identification (Malaysian IC / MyKad, passport, or equivalent);
• Proof of address documentation (utility bill, bank statement, or equivalent dated within the past 3 months);
• Source of funds documentation where required for high-volume accounts or at the Platform's compliance discretion;
• Selfie or liveness verification images as required by the identity verification process.

2.3 Financial & Transaction Data

• Deposit and withdrawal transaction records including amounts, timestamps, and payment method identifiers;
• Payment method details as necessary for transaction processing (e.g., masked bank account numbers, eWallet identifiers — full payment card numbers are never stored by easy13);
• Bonus and promotional credit history;
• Running Wallet balance history.

2.4 Gaming Activity Data

• Game session logs including game type, wager amounts, outcomes, session start/end times;
• Sportsbook betting history including event selections, stake amounts, and settlement outcomes;
• Responsible gaming limit settings and self-exclusion records.

2.5 Technical & Device Data

• IP address at login and during sessions;
• Device type, operating system, and browser type;
• Session duration and navigation data within the Platform;
• Cookie and tracking technology data as described in Section 9.

3. How We Collect Data

easy13 collects personal data through the following channels:

• Directly from you — through the Account registration form, KYC document submission, customer support interactions, and any other forms or inputs you complete on the Platform;
• Automatically — through cookies, server logs, session tracking, and device fingerprinting technologies as you use the Platform;
• From third parties — including identity verification service providers, payment processors, fraud prevention services, and our licensed gaming software providers, where such third parties provide data to easy13 in connection with the services you use.

4. How We Use Your Data

easy13 uses the personal data it collects for the following purposes:

• Account Management: Creating and maintaining your Account, verifying your identity, and ensuring the security and integrity of your Account;
• Service Delivery: Processing your wagers, managing your Wallet, processing deposits and withdrawals, and providing access to all games and services on the Platform;
• Regulatory Compliance: Fulfilling our obligations under international gaming authority licensing requirements, including KYC verification, AML monitoring, and transaction reporting;
• Fraud Prevention & Security: Detecting and preventing unauthorised access, account fraud, bonus abuse, money laundering, and other prohibited conduct;
• Responsible Gaming: Monitoring gaming patterns to identify potential problem gambling indicators and administering self-exclusion and limit settings;
• Customer Support: Responding to your enquiries and resolving account issues;
• Platform Improvement: Analysing aggregated, anonymised usage data to improve the Platform's features, performance, and user experience;
• Marketing Communications: Sending promotional communications to Members who have opted in to receive them — you may unsubscribe from marketing emails at any time via the unsubscribe link in any such email or by updating your communication preferences in Account Settings.

5. Legal Basis for Processing

easy13 processes personal data on the following legal bases:

• Contract Performance: Processing necessary to perform our contractual obligations to you as a Member under the Terms & Conditions, including operating your Account and processing transactions;
• Legal Obligation: Processing required to comply with applicable laws and our gaming authority licensing requirements, including KYC, AML, and transaction record-keeping obligations;
• Legitimate Interests: Processing for fraud prevention, security monitoring, and Platform improvement, where our interests in maintaining a safe and functional platform are not overridden by your privacy rights;
• Consent: Processing for marketing communications, where we rely on your explicit opt-in consent, which you may withdraw at any time without affecting the lawfulness of prior processing.

6. Data Sharing & Disclosure

easy13 does not sell, rent, or trade your personal data to third parties for their own commercial purposes. We share personal data only in the following limited circumstances:

• Service Providers: We share data with carefully selected third-party service providers who assist in operating the Platform, including payment processors (e.g., Touch 'n Go, Boost, DuitNow network operators), identity verification providers, cloud hosting and infrastructure providers, customer support software providers, and fraud prevention services. All service providers are contractually obligated to process data only for the specified purpose and to maintain confidentiality and security standards consistent with this Policy;
• Gaming Software Providers: Game session data is shared with our licensed game providers (e.g., Evolution, Pragmatic Play, PG Soft) to the extent necessary to operate and audit game sessions. These providers are licensed and regulated entities subject to independent data protection obligations;
• Regulatory & Legal Authorities: We disclose personal data to our licensing authority and to law enforcement or regulatory bodies as required by law, court order, or valid regulatory demand. We will notify you of such disclosure where legally permitted to do so;
• Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of the Platform's assets, your data may be transferred to the successor entity, subject to that entity assuming the obligations of this Privacy Policy.

7. International Data Transfers

As an internationally licensed gaming platform, easy13 may process and store personal data on servers located outside of Malaysia. Where data is transferred to a country that does not provide an equivalent level of data protection to that applicable in your jurisdiction, easy13 will ensure appropriate safeguards are in place, which may include standard contractual clauses, binding corporate rules, or reliance on the recipient's certification under a recognised data protection framework.

By registering an Account on easy13, you acknowledge that your data may be transferred to and processed in jurisdictions outside of Malaysia in connection with the Platform's operations, subject to the safeguards described in this Section.

8. Data Retention

easy13 retains personal data for as long as is necessary to fulfil the purposes for which it was collected, including satisfying legal, regulatory, and contractual obligations. The following retention guidelines apply:

• Active Account Data: Retained for the duration of the Member's Account and for a period of at least five (5) years following Account closure, in accordance with standard AML record-keeping requirements;
• KYC Documentation: Retained for a minimum of five (5) years following the conclusion of the business relationship, or such longer period as required by applicable regulatory requirements;
• Transaction Records: Retained for a minimum of five (5) years following the date of each transaction;
• Marketing Consent Records: Retained until you withdraw consent and for a reasonable period thereafter to evidence the withdrawal;
• Technical & Log Data: Typically retained for twelve (12) months, unless a longer period is required for an ongoing investigation or legal matter.

When data is no longer required, it is securely deleted or anonymised in accordance with our data disposal procedures.

9. Cookies & Tracking Technologies

easy13 uses cookies and similar tracking technologies on easy13.org for the following purposes:

• Essential Cookies: Necessary for the Platform to function — these include session authentication cookies and security tokens. These cannot be disabled without affecting your ability to use the Platform;
• Functional Cookies: Store your preferences such as language settings, preferred game categories, and responsible gaming limit configurations;
• Analytics Cookies: Collect aggregated, anonymised data about how Visitors and Members use the Platform to improve performance and user experience. easy13 uses privacy-respecting analytics tools that do not identify individual users by name;
• Security Cookies: Used for fraud detection, bot mitigation, and session integrity verification.

easy13 does not use third-party advertising cookies or cross-site tracking technologies. You may manage cookie preferences through your browser settings; however, disabling essential cookies will prevent you from logging in to your Account.

10. Your Rights

Subject to applicable law and our regulatory obligations, you have the following rights in relation to your personal data held by easy13:

• Right of Access: To request a copy of the personal data easy13 holds about you;
• Right to Rectification: To request correction of inaccurate or incomplete personal data;
• Right to Erasure: To request deletion of your personal data, subject to our overriding legal and regulatory retention obligations (note that AML and licensing requirements may prevent immediate or full erasure of certain data categories);
• Right to Restriction: To request that we restrict processing of your data in certain circumstances;
• Right to Data Portability: To receive your personal data in a structured, machine-readable format and to transmit it to another controller, where technically feasible;
• Right to Object: To object to processing based on legitimate interests, including profiling for responsible gaming monitoring;
• Right to Withdraw Consent: To withdraw consent for marketing communications at any time without affecting prior processing.

To exercise any of these rights, please contact the easy13 support team via live chat or by email at the address in the website footer. We will respond to all valid requests within 30 days.

11. Security Measures

easy13 implements comprehensive technical and organisational security measures to protect personal data against unauthorised access, accidental loss, alteration, or disclosure. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and easy13 servers;
• Encryption of sensitive data fields (including KYC documents and payment identifiers) at rest;
• Password hashing using industry-standard algorithms — easy13 never stores passwords in plain text;
• Role-based access controls limiting staff access to personal data to those with a legitimate operational need;
• Regular security assessments and penetration testing by independent security professionals;
• Multi-factor authentication required for staff access to systems holding personal data;
• Segregation of player funds in bank accounts separate from operational funds.

In the event of a personal data breach that presents a risk to your rights and freedoms, easy13 will notify the relevant regulatory authority and affected Members in accordance with applicable requirements and without undue delay.

12. Children & Minors

easy13 is strictly an adults-only platform. Access is limited to individuals who are at least 21 years of age. easy13 does not knowingly collect personal data from any person under the age of 21. If we discover that an Account has been opened by or is being operated by a person under 21, we will immediately close the Account, return any funds, and securely delete the personal data collected in connection with that Account.

Parents and guardians who believe that a person under 21 in their care may have accessed easy13 are encouraged to contact our support team immediately via live chat.

13. Changes to This Policy

easy13 may update this Privacy Policy from time to time to reflect changes in our data practices, regulatory requirements, or Platform features. Material changes will be communicated to Members via email to the registered address or by a prominent notice on the Platform prior to the change taking effect. The effective date of the current version is displayed at the top of this page. Continued use of the Platform following notification of a material update constitutes your acceptance of the revised Policy.

14. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or the personal data easy13 holds about you, please contact the easy13 Data Protection team through any of the following channels:

• Live Chat: Available 24/7 from any page on easy13.org — the fastest way to reach us;
• Email: [email protected] — please include "Privacy Request" in the subject line for data rights enquiries;

We are committed to resolving all privacy enquiries promptly and transparently. If you are unsatisfied with our response to a privacy concern, you have the right to lodge a complaint with the relevant data protection supervisory authority.