mbi77 Privacy Policy

1 Who We Are

mbi77 ("we," "us," "our") is the operator of the online gaming platform accessible at mbi77.net ("the Platform"). For the purposes of data protection law, mbi77 acts as the data controller in respect of personal data collected from users ("you," "your") through the Platform. This Privacy Policy applies to all services offered under the mbi77 brand, including the mbi77 Casino, sportsbook, slots, crash games, and roulette sections.

This Policy should be read together with our Terms & Conditions, which govern your use of the Platform and are incorporated herein by reference. By registering an account or otherwise using the Platform, you acknowledge that you have read and understood this Privacy Policy.

2 Personal Data We Collect

mbi77 collects personal data that is necessary to provide, secure, and improve the Platform. The categories of personal data we collect include:

• Identity Data: Full legal name, date of birth, nationality, and copies of government-issued identity documents (e.g., MyKad, passport) provided during KYC verification;
• Contact Data: Email address, phone number, and residential address;
• Account Data: Username, encrypted password, account preferences, and communication opt-in status;
• Financial Data: Payment method details (e.g., bank account numbers, e-wallet identifiers for Touch n Go eWallet, Boost, Maybank, CIMB, Public Bank, or cryptocurrency wallet addresses), transaction history, deposit and withdrawal records;
• Usage Data: Login timestamps, IP addresses, device identifiers, browser type, operating system, session duration, pages visited, games played, bets placed, and in-game activity logs;
• Communications Data: Records of your correspondence with mbi77 customer support, including live chat transcripts and email exchanges;
• Responsible Gaming Data: Self-imposed limits, cooling-off periods, and self-exclusion status recorded in your account settings.

3 How We Use Your Personal Data

mbi77 uses the personal data it collects for the following purposes:

• Account Creation & Management: To register and maintain your mbi77 account, verify your identity, and enable access to all Platform features;
• Transaction Processing: To process deposits, withdrawals, and bonuses, and to maintain accurate financial records in compliance with our licensing obligations;
• Identity & Age Verification (KYC/AML): To verify your identity and age (21+), and to comply with anti-money laundering (AML) regulations applicable to licensed gaming operators;
• Fraud Prevention & Security: To detect, investigate, and prevent fraudulent activity, account takeovers, bonus abuse, and other prohibited conduct as defined in our Terms & Conditions;
• Platform Improvement: To analyse usage patterns, diagnose technical issues, and improve the performance, content, and user experience of the mbi77 platform;
• Customer Support: To respond to your enquiries, resolve disputes, and provide assistance with account-related issues;
• Marketing Communications: To send you promotional offers, news, and updates about mbi77 products and services, where you have opted in to receive such communications. You may withdraw this consent at any time;
• Responsible Gaming: To monitor gambling behaviour for indicators of problem gambling and to apply self-imposed limits or escalate safeguarding interventions where appropriate.

4 Legal Basis for Processing

mbi77 processes your personal data on the following legal bases, as applicable under relevant data protection legislation:

• Contractual Necessity: Processing required to perform our obligations under the Terms & Conditions, including account management, transaction processing, and service delivery;
• Legal Obligation: Processing required to comply with applicable law, including KYC/AML obligations imposed by our gaming licence and financial regulations;
• Legitimate Interests: Processing for fraud prevention, platform security, internal analytics, and responsible gaming monitoring, where those interests are not overridden by your privacy rights;
• Consent: Processing for direct marketing communications, where you have provided explicit opt-in consent. Consent may be withdrawn at any time by updating your account preferences or contacting support.

5 Data Sharing & Disclosure

mbi77 does not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your data in the following limited circumstances:

• Service Providers: Third-party vendors who process data on our behalf to deliver Platform services, including payment processors (for Touch n Go eWallet, Boost, Maybank, CIMB, Public Bank, and crypto gateways), KYC verification providers, IT infrastructure providers, fraud detection services, and customer support platforms. All such providers are bound by data processing agreements requiring them to process data only on our instructions and to maintain appropriate security standards;
• Gaming Regulators & Licensing Authorities: Where required by our licensing obligations, we will disclose player data to the relevant international gaming authority upon formal request;
• Law Enforcement & Legal Proceedings: Where we are legally required to disclose data in response to a valid court order, subpoena, or regulatory investigation;
• Corporate Transactions: In the event of a merger, acquisition, or sale of assets, your data may be transferred to a successor entity, subject to equivalent privacy protections.

6 Cookies & Tracking Technologies

The mbi77 platform uses cookies and similar tracking technologies to operate the Platform effectively and to improve your experience. The categories of cookies we use include:

• Essential Cookies: Required for core Platform functionality, including session management, authentication, and security. These cannot be disabled without impairing Platform operation;
• Performance Cookies: Used to collect aggregated, anonymised data about how users interact with the Platform, helping us identify and resolve performance issues;
• Functional Cookies: Used to remember your preferences, such as language settings and game lobby layout, to personalise your mbi77 experience;
• Analytics Cookies: Used to analyse traffic patterns and user behaviour on the Platform using privacy-respecting analytics tools. Data collected is aggregated and does not identify individual users.

You may manage your cookie preferences through your browser settings. Disabling non-essential cookies will not prevent you from using the mbi77 Platform, though certain preference-based features may be affected.

7 Data Retention

mbi77 retains your personal data for as long as necessary to fulfil the purposes for which it was collected, subject to the following minimum retention periods:

• Account Data: Retained for the duration of your active account and for a minimum of five (5) years following account closure, in compliance with AML and gaming licence record-keeping requirements;
• Financial & Transaction Records: Retained for a minimum of seven (7) years from the date of the transaction, in accordance with financial regulations applicable to licensed gaming operators;
• KYC Documentation: Retained for a minimum of five (5) years following the end of the business relationship;
• Support Communications: Retained for two (2) years from the date of the last interaction, unless a longer period is required for an active dispute or legal proceeding;
• Marketing Consent Records: Retained for three (3) years from the date of consent or withdrawal of consent, whichever is later.

Upon expiry of applicable retention periods, data is securely deleted or anonymised in accordance with our internal data lifecycle management procedures.

8 Data Security

mbi77 implements industry-standard technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. Our security infrastructure includes:

• SSL/TLS encryption for all data transmitted between your device and mbi77 servers;
• AES-256 encryption for sensitive data stored at rest, including financial records and identity documents;
• Role-based access controls limiting staff access to personal data to those with a documented operational need;
• Multi-factor authentication requirements for administrative access to systems holding personal data;
• Regular penetration testing and security audits conducted by independent third parties;
• 24-hour security monitoring with automated alerting for anomalous access patterns.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, mbi77 will notify affected users and, where required, the relevant supervisory authority within the timeframes prescribed by applicable law.

9 Your Rights

Subject to applicable data protection law, you have the following rights in respect of your personal data held by mbi77:

• Right of Access: To request a copy of the personal data mbi77 holds about you;
• Right to Rectification: To request correction of inaccurate or incomplete personal data;
• Right to Erasure: To request deletion of your personal data, subject to our legal retention obligations;
• Right to Restriction: To request that we temporarily cease processing your data in certain circumstances;
• Right to Data Portability: To receive a structured, machine-readable copy of the data you provided to us, where technically feasible;
• Right to Object: To object to processing based on legitimate interests, including direct marketing;
• Right to Withdraw Consent: Where processing is based on your consent, to withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact our support team at [email protected]. We will respond to all valid requests within 30 calendar days. We reserve the right to verify your identity before processing any data subject request.

10 Children & Minors

11 International Data Transfers

mbi77 operates globally and may transfer your personal data to service providers located in jurisdictions outside Malaysia. Where such transfers occur, mbi77 ensures that appropriate safeguards are in place to protect your data, including contractual protections equivalent to those required under applicable data protection law. By using the mbi77 platform, you acknowledge and consent to such transfers where necessary for the operation of the Platform and the provision of the services you have requested.

12 Amendments to This Policy

mbi77 reserves the right to update or amend this Privacy Policy at any time. Material changes will be communicated to registered users by email or via a prominent notice on the Platform prior to the changes taking effect. The "Last Updated" date at the top of this page will always reflect the most recent revision. We encourage you to review this Policy periodically. Continued use of the mbi77 platform after the effective date of any amendment constitutes your acceptance of the revised Policy.

13 Contact & Complaints

If you have any questions, concerns, or complaints regarding this Privacy Policy or the way mbi77 handles your personal data, please contact our Data Protection team:

• Email: [email protected]
• Live Chat: Available 24/7 via the Platform

mbi77 aims to address all privacy-related enquiries within five (5) business days. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction.