bp8 Privacy Policy

1. Introduction

This Privacy Policy ("Policy") describes how bp8 ("bp8", "we", "us", "our") collects, uses, discloses, stores, and protects personal data in connection with your use of the bp8 online gaming platform, accessible at bp8.lat and any associated web or mobile interfaces (collectively, the "Platform").

bp8 is committed to handling personal data responsibly and in compliance with applicable data protection legislation. This Policy is intended to provide you with clear, transparent information about our data practices so that you can make informed decisions about your use of the Platform.

By registering an account on bp8 or continuing to use the Platform, you acknowledge that you have read and understood this Policy. This Policy should be read in conjunction with our Terms & Conditions, which govern your use of the Platform generally.

2. Personal Data We Collect

2.1 Information You Provide Directly

When you register for and use a bp8 account, we collect personal data that you provide directly to us, including:

• Identity Data: Full legal name, date of birth, nationality, and government-issued identification document details (for KYC/AML verification purposes);
• Contact Data: Email address, mobile phone number, and residential address (including postcode and state in Malaysia);
• Financial Data: Payment method details including e-wallet account identifiers (Touch n Go, Boost, GrabPay), bank account details where provided, and transaction history on the Platform;
• Account Credentials: Username and encrypted password. bp8 does not store passwords in plaintext;
• Communications: Records of your communications with bp8 support, including live chat transcripts and email correspondence.

2.2 Information Collected Automatically

When you access the bp8 Platform, we automatically collect certain technical and usage data, including:

• Device and Technical Data: IP address, device type, operating system, browser type and version, screen resolution, and device identifiers;
• Usage Data: Pages visited, game titles accessed, session duration, clickstream data, login timestamps, and Platform navigation patterns;
• Transaction Logs: Detailed records of all deposits, withdrawals, wagers, wins, and losses associated with your account.

2.3 Information from Third Parties

We may receive personal data about you from third parties in limited circumstances, including: identity verification service providers during the KYC process; payment processors in connection with transaction processing; fraud detection and anti-money laundering screening services; and, where applicable, gaming regulatory authorities.

3. How We Use Your Personal Data

bp8 uses the personal data we collect for the following purposes:

• Account Management: To register your account, verify your identity, authenticate your login sessions, and manage your account settings and preferences;
• Service Delivery: To provide access to Platform products including casino games, live dealer tables, poker, and sportsbook; to process deposits and withdrawals; and to deliver customer support;
• Legal and Regulatory Compliance: To meet our obligations under applicable anti-money laundering (AML), counter-terrorism financing (CTF), and gaming regulatory requirements, including identity verification and transaction monitoring;
• Fraud Prevention and Security: To detect, investigate, and prevent fraudulent activity, security incidents, and violations of our Terms & Conditions;
• Responsible Gaming: To monitor gameplay patterns for signs of problem gambling and to enforce responsible gaming tools including deposit limits, session reminders, and self-exclusion;
• Platform Improvement: To analyse usage patterns, identify technical issues, and improve Platform performance, content, and user experience;
• Communications: To send you transactional communications related to your account activity, including deposit confirmations, withdrawal notifications, and security alerts;
• Marketing (with Consent): To send promotional communications about bp8 bonuses, offers, and new products, where you have provided explicit consent for such communications. You may withdraw this consent at any time.

4. Legal Basis for Processing

bp8 processes your personal data on the following legal bases:

• Contractual Necessity: Processing required to perform our contractual obligations to you under the Terms & Conditions, including account management, payment processing, and service delivery;
• Legal Obligation: Processing required to comply with applicable laws, including AML/CTF obligations, gaming regulatory requirements, and tax reporting obligations;
• Legitimate Interests: Processing carried out in pursuit of bp8's legitimate business interests, including fraud prevention, platform security, and service improvement, where those interests are not overridden by your data protection rights;
• Consent: Processing based on your explicit consent, including marketing communications. Where consent is the legal basis, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. Data Sharing and Disclosure

bp8 does not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your personal data with the following categories of recipients, strictly for the purposes described in this Policy:

• Service Providers: Third-party vendors who provide services to bp8, including identity verification (KYC) providers, payment processors, fraud detection services, customer support platforms, and cloud hosting providers. These parties process data on bp8's behalf under contractual data processing agreements;
• Game Providers: Certified game studios and live dealer operators whose titles are hosted on the bp8 Platform. These providers may receive limited technical and gameplay data necessary to deliver their games;
• Regulatory Authorities: Gaming regulatory bodies, financial intelligence units, and law enforcement agencies, where disclosure is required by applicable law or regulatory order;
• Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of bp8's assets, your personal data may be transferred to the successor entity. You will be notified of any such transfer;
• Professional Advisors: Legal counsel, auditors, and financial advisors, where disclosure is necessary in connection with legal proceedings, regulatory compliance, or audit requirements.

6. Cookies and Tracking Technologies

6.1 Types of Cookies Used

bp8 uses cookies and similar tracking technologies on the Platform for the following purposes:

• Strictly Necessary Cookies: Required for the Platform to function correctly, including session management, authentication, and security features. These cannot be disabled without impairing Platform functionality;
• Performance and Analytics Cookies: Used to collect aggregated, anonymised information about how users interact with the Platform, enabling us to identify performance issues and improve the user experience;
• Functional Cookies: Used to remember your preferences, such as language settings and responsible gaming tool configurations.

6.2 Cookie Management

You may manage cookie preferences through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. Note that disabling strictly necessary cookies may prevent certain Platform features from functioning correctly. bp8 does not use advertising or cross-site tracking cookies.

7. Data Retention

bp8 retains personal data for as long as necessary to fulfil the purposes for which it was collected, including:

• Active Account Data: Retained for the duration of your account's active status plus a minimum of five (5) years following account closure, in compliance with AML/CTF record-keeping obligations;
• Transaction Records: Retained for a minimum of seven (7) years in accordance with financial regulatory requirements;
• Support Communications: Retained for three (3) years from the date of the relevant interaction;
• Marketing Consent Records: Retained for the duration of your consent and for a reasonable period thereafter to demonstrate compliance.

Where personal data is no longer required for its original purpose and there is no legal obligation to retain it, bp8 will securely delete or anonymise the data.

8. Data Security

bp8 implements appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

• TLS/SSL encryption for all data transmitted between your device and the Platform;
• Encryption at rest for sensitive personal data including payment information and identity documents;
• Strict access controls limiting data access to authorised bp8 personnel on a need-to-know basis;
• Regular security assessments and penetration testing of Platform infrastructure;
• Two-factor authentication available for all player accounts and required for administrative access.

Notwithstanding these measures, no data transmission over the internet or electronic storage system is completely secure. bp8 cannot guarantee the absolute security of your personal data, and you transmit data to us at your own risk. If you become aware of a security incident affecting your bp8 account, you must notify us immediately.

9. Your Data Protection Rights

Subject to applicable law, you have the following rights in relation to your personal data held by bp8:

• Right of Access: You may request a copy of the personal data bp8 holds about you;
• Right to Rectification: You may request correction of inaccurate or incomplete personal data;
• Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to applicable legal retention obligations;
• Right to Restriction: You may request that bp8 restrict the processing of your personal data in certain circumstances;
• Right to Data Portability: Where processing is based on consent or contract and carried out by automated means, you may request a copy of your data in a structured, commonly used, machine-readable format;
• Right to Object: You may object to processing carried out on the basis of legitimate interests or for direct marketing purposes;
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact bp8 at [email protected]. bp8 will respond to verified requests within a reasonable timeframe, typically within 30 calendar days. bp8 reserves the right to verify your identity before processing a data subject request.

10. Children's Privacy

The bp8 Platform is strictly restricted to individuals aged 21 years and above. bp8 does not knowingly collect personal data from persons under the age of 21. Age verification is mandatory at the time of account registration. If bp8 becomes aware that personal data has been collected from a person under 21 years of age, we will take immediate steps to delete that data and close the associated account. If you have reason to believe that a minor has accessed or registered on the Platform, please notify us immediately at [email protected].

11. Third-Party Links

The bp8 Platform does not contain links to third-party websites or platforms for commercial or affiliation purposes. Any links present on the Platform are for informational or operational purposes only. bp8 is not responsible for the privacy practices or content of any third-party websites or services. If you navigate to a third-party site from the Platform, you do so at your own risk and subject to that site's privacy policy.

12. Cross-Border Data Transfers

bp8 may transfer your personal data to countries outside of Malaysia in connection with the provision of Platform services, including to countries where bp8's cloud infrastructure, KYC service providers, or game content providers are based. Where such transfers occur, bp8 ensures that appropriate safeguards are in place to protect your personal data to a standard equivalent to the protections afforded under applicable Malaysian data protection law, including the use of contractual data protection clauses with third-party recipients.

13. Changes to This Policy

bp8 reserves the right to update or amend this Privacy Policy at any time. Where changes are material, bp8 will notify registered players by email or by prominent notice on the Platform prior to the changes taking effect. The date of the most recent revision is indicated at the top of this document. Your continued use of the Platform following notification of material changes constitutes acceptance of the revised Policy.

We encourage you to review this Policy periodically to stay informed about how bp8 protects your personal data.

14. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or bp8's data processing practices, please contact our Data Protection team:

Email: [email protected]

bp8's customer support team is available 24/7 via live chat on the Platform for general enquiries. Data subject requests submitted by email will receive an initial acknowledgement within two (2) business days and a substantive response within thirty (30) calendar days, subject to identity verification requirements.