max39 Privacy Policy

📜 1. Introduction

This Privacy Policy ("Policy") is published by max39 ("max39", "we", "us", "our") and applies to all personal data collected through the max39 website at max39.club and all associated services, features, and communications (collectively, the "Platform").

max39 is committed to protecting the privacy of all individuals who interact with our Platform. We process personal data in accordance with applicable data protection legislation and in a manner that is transparent, fair, and lawful. By registering an account or using the max39 Platform, you acknowledge that you have read and understood this Policy.

This Policy should be read together with our Terms & Conditions and our Responsible Gaming policy, both of which form part of the agreement governing your use of max39.

📋 2. Data We Collect

max39 collects personal data in the following categories, depending on the nature of your interaction with the Platform:

• Identity Data: Full name, date of birth, nationality, and copies of identity documents (e.g., MyKad, passport) collected as part of our Know Your Customer (KYC) and age verification processes.
• Contact Data: Email address, phone number, and residential address provided during registration or account management.
• Financial Data: Payment method details, transaction history, deposit and withdrawal records, and account balance information. max39 does not store full card numbers or banking credentials — payment processing is handled by certified payment service providers.
• Technical Data: IP address, browser type and version, device identifiers, operating system, time zone settings, and pages visited on the Platform. This data is collected automatically when you access max39.
• Usage Data: Information about how you use the Platform, including games played, betting history, session duration, bonus usage, and login timestamps.
• Responsible Gaming Data: Any limits, self-exclusion requests, or responsible gaming preferences that you set through your max39 account settings.
• Communications Data: Records of your communications with max39 customer support, including live chat transcripts and email correspondence.

max39 does not knowingly collect special category personal data (such as health data, racial or ethnic origin, or political opinions) unless specifically required for regulatory compliance purposes and with your explicit consent.

🎯 3. How We Use Your Data

max39 uses the personal data we collect for the following purposes:

• Account Management: To create, verify, and manage your max39 account, process your max39 login credentials securely, and maintain accurate account records.
• Service Delivery: To provide access to games, live casino, sportsbook, and all other Platform features; to process deposits and withdrawals; and to administer bonuses and promotions.
• Identity Verification & KYC: To verify your identity, confirm your age (21+ requirement), and comply with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations applicable to our licensed operations.
• Fraud Prevention & Security: To detect, investigate, and prevent fraudulent activity, account misuse, and security breaches on the max39 Platform.
• Customer Support: To respond to your queries, resolve complaints, and provide assistance through our 24/7 support channels.
• Responsible Gaming: To monitor betting patterns, apply responsible gaming limits you have set, and intervene where we identify signs of problem gambling behaviour in line with our obligations as a licensed operator.
• Legal & Regulatory Compliance: To comply with our obligations under applicable laws and the requirements of our gaming authority licence, including record retention and regulatory reporting.
• Platform Improvement: To analyse usage data in aggregate (not individually identifying) form to improve Platform performance, game selection, and user experience.
• Marketing Communications: To send you promotional offers, bonus notifications, and Platform updates, subject to your communication preferences. You may opt out of marketing communications at any time through your account settings.

⚖️ 4. Legal Basis for Processing

max39 processes your personal data on the following legal bases:

• Contractual Necessity: Processing required to perform our contract with you — providing gaming services, processing payments, and managing your account.
• Legal Obligation: Processing required to comply with applicable laws, including KYC, AML, CTF regulations, and requirements imposed by our gaming authority licence.
• Legitimate Interests: Processing carried out for max39's legitimate business interests, including fraud prevention, Platform security, and service improvement, where such interests are not overridden by your data protection rights.
• Consent: Where you have provided explicit consent, including for marketing communications. Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

🤝 5. Data Sharing & Disclosure

max39 does not sell your personal data to third parties. We may share your personal data with the following categories of recipients only where necessary and in compliance with this Policy:

• Payment Service Providers: To process deposits and withdrawals, we share necessary transaction data with our payment partners, including providers supporting Touch 'n Go eWallet, Boost, Maybank, CIMB, Public Bank, and FPX. These providers are contractually bound to process your data securely and only for the purpose of facilitating your transactions.
• Game Software Providers: Certified game studios and live casino operators may receive limited data (such as a pseudonymous player ID and session data) necessary to deliver game services through the max39 Platform.
• Identity Verification Services: Third-party KYC and AML screening providers may process identity and financial data to assist in regulatory compliance verification.
• Regulatory & Law Enforcement Authorities: max39 will disclose personal data to regulators, law enforcement agencies, or gaming authorities where required by law or where we are legally compelled to do so.
• IT & Infrastructure Providers: Cloud hosting and technical service providers who process data on our behalf under strict data processing agreements that prohibit independent use of your data.

All third parties with whom max39 shares data are required to implement appropriate technical and organisational security measures and to process personal data only in accordance with our instructions.

🍪 6. Cookies & Tracking Technologies

The max39 Platform uses cookies and similar tracking technologies to enhance your experience, maintain your session after max39 login, and collect analytics data. The following categories of cookies may be used:

• Strictly Necessary Cookies: Essential for the Platform to function, including session management, security tokens, and load balancing. These cannot be disabled.
• Functional Cookies: Remember your preferences (such as language settings and display options) to personalise your experience.
• Analytics Cookies: Collect aggregate, anonymised data about how users interact with the Platform, used solely to improve performance and user experience. No individual profiling is conducted.
• Marketing Cookies: Used, with your consent, to present relevant promotional content within the max39 Platform.

You may manage cookie preferences through your browser settings. Disabling strictly necessary cookies may impair Platform functionality. max39 does not use third-party advertising cookies to track your activity across external websites.

🗄️ 7. Data Retention

max39 retains personal data for no longer than is necessary for the purposes for which it was collected, subject to the following retention principles:

• Active Accounts: Personal data is retained for the duration of your account relationship with max39, plus any legally required retention period thereafter.
• Regulatory Retention: Transaction records, KYC documentation, and AML-related data are retained for a minimum of five (5) years from the date of the relevant transaction or account closure, in compliance with our regulatory obligations.
• Responsible Gaming Records: Self-exclusion and responsible gaming records are retained for a minimum of the duration of the exclusion period plus five (5) years to ensure compliance and prevent re-registration during active exclusion periods.
• Support Communications: Customer support records are retained for three (3) years from the date of the last interaction, unless a longer period is required for dispute resolution.
• Marketing Data: Where you have opted out of marketing, a suppression record is maintained indefinitely to ensure you are not contacted in future.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised so that it can no longer be associated with any individual.

🔒 8. Data Security

max39 implements technical and organisational security measures designed to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and the max39 Platform, including during max39 login and all financial transactions.
• Encryption at rest for sensitive personal and financial data stored on max39 servers.
• Access controls ensuring that personal data is accessible only to max39 staff and authorised third parties who require it for legitimate operational purposes.
• Regular security assessments and penetration testing of the Platform infrastructure.
• Multi-factor authentication options for Player accounts to reduce the risk of unauthorised access.

Despite these measures, no data transmission or storage system is entirely immune to security risks. In the event of a data breach that is likely to result in a risk to your rights and freedoms, max39 will notify affected individuals and the relevant regulatory authority in accordance with applicable breach notification requirements.

🧑‍⚖️ 9. Your Data Rights

Subject to applicable law, you have the following rights in respect of the personal data max39 holds about you:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate or incomplete personal data.
• Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to our legal retention obligations.
• Right to Restriction: You may request that we restrict processing of your personal data in certain circumstances, such as while a dispute is being resolved.
• Right to Portability: Where processing is based on consent or contract, you may request a copy of your data in a structured, machine-readable format.
• Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes at any time.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting prior lawful processing.

To exercise any of these rights, please contact max39 at [email protected] (plain text — not a clickable link). We will respond to all valid requests within 30 days.

🌐 10. International Data Transfers

max39 may transfer personal data to service providers or group entities located outside of Malaysia. Where such transfers occur, max39 ensures that appropriate safeguards are in place to protect your data, including the use of standard contractual clauses, data processing agreements, and transfers only to entities in jurisdictions that provide an adequate level of data protection.

max39 does not transfer personal data to jurisdictions that lack adequate data protection frameworks without implementing compensating measures to ensure the security and integrity of your data.

👶 11. Children's Privacy

The max39 Platform is strictly intended for individuals aged 21 years and above. max39 does not knowingly collect, solicit, or process personal data from individuals below the age of 21. If we become aware that personal data has been collected from a minor, we will take immediate steps to delete that data and close the associated account.

If you have reason to believe that a minor has registered an account on the max39 Platform, please contact us immediately at [email protected].

✏️ 12. Updates to This Policy

max39 may update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or regulatory requirements. The "Last Updated" date at the top of this page will reflect the date of the most recent revision. Where changes are material, max39 will notify registered Players via email or via a prominent notice on the Platform prior to the changes taking effect.

Your continued use of the max39 Platform following publication of an updated Policy constitutes your acceptance of the revised terms. We encourage you to review this Policy periodically to stay informed about how max39 handles your personal data.

📬 13. Contact & Complaints

If you have any questions about this Privacy Policy, wish to exercise your data rights, or wish to make a complaint regarding how max39 has handled your personal data, please contact us through the following channels:

• Email: [email protected] — plain text only, not a clickable link
• Live Chat: Available 24/7 via the max39 Platform. Average response time: 3–5 minutes.

If you are not satisfied with how max39 has handled your complaint, you may have the right to escalate your complaint to the relevant data protection authority or gaming regulatory body applicable in your jurisdiction.