Privacy Policy – happy918

1. Who We Are

happy918 is the operator of the online gaming platform accessible at happy918.club ("Platform"). For the purposes of data protection law, happy918 acts as the data controller in respect of personal data collected from Members and visitors to the Platform. References to "happy918", "we", "us", or "our" in this Privacy Policy refer to the legal entity operating the Platform under international gaming authority licensing.

If you have any questions about how your personal data is handled, you may contact our support team via live chat (available 8AM–2AM MYT daily) or by email at [email protected]. Email addresses are displayed as plain text and are not clickable links.

2. Data We Collect

happy918 collects the following categories of personal data from Members and, in some cases, from visitors who have not registered an account:

2.1 Identity Data

• Full legal name as it appears on a government-issued identification document (Malaysian MyKad or passport);
• Date of birth (used for age verification — Members must be 21 years of age or older);
• Gender (where provided voluntarily);
• Copies of identity documents submitted for KYC (Know Your Customer) verification.

2.2 Contact Data

• Malaysian mobile number registered to the account;
• Email address (where provided during registration or account management);
• State or city of residence (e.g., Kuala Lumpur, Penang, Johor Bahru, Petaling Jaya) — collected as part of responsible gaming regional analysis, not used for marketing segmentation.

2.3 Financial Data

• Transaction references for FPX deposits and DuitNow transfers (bank account numbers are not stored by happy918 — they are processed directly through the FPX network and participating bank interfaces);
• eWallet identifiers for Touch 'n Go eWallet and Boost where used for deposits or withdrawals;
• Deposit and withdrawal history, transaction amounts, and Wallet balance at time of transaction.

2.4 Technical & Usage Data

• IP address and device type at time of login and during active sessions;
• Browser type and version, operating system;
• Pages visited within the Platform, games launched, session duration, and bet history;
• Login timestamps and geolocation data (country-level, not precise GPS coordinates).

3. How We Collect Data

happy918 collects personal data through the following means:

• Direct submission: Data you provide when registering an account, completing identity verification, contacting support, or submitting a withdrawal request.
• Automated collection: Technical and usage data collected automatically when you access the Platform, including through session cookies, server logs, and analytics tools operated by happy918 (not third-party advertising networks).
• Payment network data: Transaction reference data passed back to happy918 by the FPX interbank network, DuitNow, or eWallet providers upon confirmation of a successful deposit or withdrawal. happy918 does not receive or store raw bank account credentials.
• Identity verification providers: Where happy918 uses a third-party KYC service to verify your identity, that provider transmits a verification outcome (pass/fail) and document metadata to happy918. Full document images may be retained by happy918 for compliance purposes.

4. How We Use Your Data

happy918 uses your personal data for the following purposes:

• To create, verify, maintain, and manage your Member account;
• To process deposits, withdrawals, and wagering transactions denominated in MYR;
• To verify your age (21+) and identity in compliance with licensing obligations;
• To detect and prevent fraud, money laundering, account takeover, and other prohibited activities;
• To enforce the happy918 Terms and Conditions, including the single-account rule;
• To provide customer support and respond to account queries;
• To administer responsible gaming tools including deposit limits, loss limits, session timers, and self-exclusion;
• To send you transactional communications (deposit confirmations, withdrawal updates, security alerts) via SMS or registered contact details;
• To send promotional communications where you have consented, or where permitted under applicable law and licensing requirements — you may opt out at any time by contacting support;
• To comply with legal obligations under happy918's international gaming authority licence, including transaction reporting and audit requirements.

happy918 does not use your personal data for automated decision-making that produces legal effects, except for fraud detection scoring which triggers a manual review process rather than an automatic account action.

5. Legal Basis for Processing

happy918 processes personal data on the following legal bases:

• Contract performance: Processing necessary to provide the Platform services under the Member Agreement, including account management, payment processing, and game access;
• Legal obligation: Processing required under happy918's licensing obligations, including KYC, AML (anti-money laundering) transaction monitoring, and age verification;
• Legitimate interests: Processing for fraud prevention, platform security, and responsible gambling monitoring, where these interests are not overridden by your data protection rights;
• Consent: Where you have provided explicit consent, including for the receipt of optional promotional communications. Consent may be withdrawn at any time without affecting the lawfulness of processing prior to withdrawal.

6. Data Sharing & Disclosure

happy918 does not sell your personal data to third parties. We may share your data with the following categories of recipients:

• Payment service providers: FPX network operators, DuitNow, Touch 'n Go eWallet, and Boost — solely to facilitate your requested payment transaction;
• Identity verification providers: Third-party KYC services engaged to verify documents submitted during account activation;
• Game content providers: Software providers whose games are hosted on the Platform may receive anonymised session data (e.g., game outcome logs) for game integrity auditing — no personally identifiable data is shared with game providers;
• Licensing authority: happy918's international gaming authority may require access to account and transaction data as part of licence compliance audits;
• Law enforcement and regulators: Where required by a valid legal order, court order, or regulatory directive, happy918 may be required to disclose Member data. happy918 will notify the affected Member where legally permitted to do so prior to disclosure.

All third parties with whom happy918 shares personal data are contractually required to process that data only for the specified purpose and in accordance with data protection principles.

7. Payment Data & FPX / DuitNow

7.1  happy918 uses the FPX (Financial Process Exchange) interbank network as its primary payment infrastructure. When you initiate an FPX deposit, you are redirected to your bank's own secure online banking interface (e.g., Maybank2u, CIMB Clicks, or Public Bank Online). Your bank login credentials are entered on your bank's own servers and are never transmitted to or seen by happy918.

7.2  Upon completion of an FPX transaction, your bank transmits a transaction reference number and approval status to happy918. This reference number (not your account number) is stored in our transaction records for reconciliation and dispute resolution purposes.

7.3  DuitNow transfers and DuitNow QR payments follow a similar architecture. The DuitNow identifier (mobile number or national ID number registered to your bank account) is processed by the participating bank and PayNet — not stored by happy918 in its raw form.

7.4  For Touch 'n Go eWallet and Boost deposits, only the transaction reference and amount are retained by happy918. Your eWallet account credentials are managed exclusively within those respective applications.

8. Cookies & Tracking

8.1  happy918 uses session cookies and persistent cookies to operate the Platform. Session cookies are temporary and are deleted when you close your browser. Persistent cookies remain on your device for a defined period and are used to remember your login state and language preferences.

8.2  happy918 does not use third-party advertising cookies or cross-site tracking technologies. Cookies placed on your device originate from happy918's own domain (happy918.club) and are not shared with advertising networks.

8.3  You may manage cookie preferences through your browser settings. Disabling cookies may affect the functionality of the Platform — in particular, session management features that keep you logged in may not function correctly without session cookies.

9. Data Retention

9.1  happy918 retains personal data for as long as your account is active and for a period of at least five (5) years following account closure, in compliance with anti-money laundering record-keeping requirements under happy918's licensing obligations.

9.2  Identity verification documents (MyKad copies, passport scans) are retained for the mandatory period required by the licensing authority and then securely deleted.

9.3  Technical and usage data (server logs, session records) is retained for 12 months and then deleted or anonymised.

9.4  Where you have consented to marketing communications and subsequently withdrawn that consent, your contact details will be removed from active marketing lists within 14 days. However, transactional records referencing those contact details may be retained for compliance purposes.

10. Data Security

10.1  All data transmitted between your device and the happy918 Platform is encrypted using 256-bit SSL/TLS — the same encryption standard used by major Malaysian banking platforms including Maybank2u and CIMB Clicks.

10.2  Member passwords are stored in hashed form using a modern cryptographic algorithm. happy918 does not store passwords in recoverable plain text form. Our support staff cannot retrieve your password — only reset it through a verified identity challenge.

10.3  Access to Member personal data within happy918's systems is restricted to authorised personnel on a need-to-know basis, enforced through role-based access controls and audit logging.

10.4  happy918 maintains an incident response plan for data breaches. In the event of a breach that is likely to result in a risk to your rights and freedoms, happy918 will notify affected Members and the relevant supervisory authority within the timeframe required by applicable law.

10.5  Notwithstanding the foregoing, no data transmission or storage system is entirely free from risk. You should use a strong, unique password for your happy918 account, avoid logging in on public Wi-Fi networks, and contact support immediately if you suspect unauthorised access to your account.

11. Your Rights

Subject to applicable law and the terms of happy918's licensing obligations, you have the following rights in respect of your personal data:

• Right of access: You may request a copy of the personal data happy918 holds about you;
• Right to rectification: You may request correction of inaccurate or incomplete personal data;
• Right to erasure: You may request deletion of your personal data in certain circumstances — note that AML and licensing record-keeping obligations may prevent complete erasure until the mandatory retention period has elapsed;
• Right to restriction: You may request that happy918 restrict processing of your data in certain circumstances while a dispute or correction request is outstanding;
• Right to data portability: Where processing is based on your consent or a contract, you may request your data in a structured, commonly used, machine-readable format;
• Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of prior processing;
• Right to object: You may object to processing based on legitimate interests, including direct marketing.

To exercise any of these rights, contact the happy918 support team via live chat or at [email protected]. We will respond to verified requests within 30 days.

12. Children's Privacy

The happy918 Platform is strictly for adults aged 21 and above. happy918 does not knowingly collect personal data from individuals under the age of 21. If you believe that a minor has registered an account or provided personal data to happy918, please contact us immediately at [email protected] and we will take prompt action to investigate and, if confirmed, close the account and delete the associated data.

13. Changes to This Policy

happy918 may update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or licensing requirements. Material changes will be communicated to Members via the mobile number or email address registered to their account, and/or via a notice on the Platform, with at least 7 days' advance notice before the revised policy takes effect. Your continued use of the Platform after the effective date constitutes acceptance of the updated Privacy Policy.

14. Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or happy918's data practices, please contact our support team:

• Live Chat: Available on the Platform, daily 8AM–2AM MYT
• Email: [email protected] (plain text — not a clickable link)

We aim to respond to all privacy-related enquiries within five (5) business days. Complex requests involving data access or erasure may take up to 30 days to fully process.