Privacy Policy – cita88 Online Casino Malaysia

256-bit SSL Encryption

All data transmitted between your device and cita88 servers is encrypted using industry-standard SSL — the same protection used by Malaysian banks.

No Data Selling

cita88 does not sell, rent, or trade your personal data to third-party marketers under any circumstances, ever.

Your Data Rights

You can request access to, correction of, or deletion of your personal data held by cita88 at any time by contacting our support team.

Minimal Collection

cita88 collects only the data necessary to operate the Platform, process payments, and comply with regulatory KYC obligations.

Cookie Control

Non-essential cookies are only placed with your consent. You can review and adjust cookie preferences at any time through Platform settings.

Clear Retention Limits

Personal data is retained only for as long as required by law or Platform operations — and then securely deleted or anonymised.

1 Introduction

cita88 ("we", "us", "our") operates the online gaming platform accessible at cita88.app, offering sports betting, live casino, online slots, esports wagering, and poker to registered players. We are committed to protecting the privacy of all users of the Platform, with particular attention to the rights of Malaysian residents under applicable data protection law.

This Privacy Policy describes what personal data cita88 collects, the purposes for which we use it, the circumstances under which it may be shared, and the rights available to you in relation to your data. It applies to all current and former Account holders, visitors to the Platform, and any individual whose data we process in connection with the provision of our services.

This Policy should be read alongside the cita88 Terms and Conditions, which govern your use of the Platform as a whole.

By registering an Account or using the Platform, you acknowledge that you have read and understood this Privacy Policy.

2 Data We Collect

cita88 collects personal data through several channels: directly from you when you register, deposit, or contact support; automatically through the operation of the Platform; and from third parties such as payment processors and identity verification providers.

Category	Examples	Source
Identity Data	Full name, date of birth, MyKad or passport number, nationality	Registration form; KYC submission
Contact Data	Email address, Malaysian mobile number, correspondence address	Registration form; support communications
Financial Data	Payment method identifiers (e.g. last 4 digits of card, e-wallet account reference), deposit and withdrawal records	Payment processor; Platform transaction logs
Technical Data	IP address, device type, browser type, operating system, session duration, login timestamps	Platform automatically on access
Gaming Data	Bet history, game activity, session records, responsible gaming tool settings	Platform automatically during play
Communications Data	Live chat transcripts, support email correspondence, dispute records	Direct interaction with cita88 support

cita88 does not collect special category data (such as health information, political opinions, or biometric data) unless it is strictly required for regulatory compliance and you have provided explicit consent.

3 How We Use Your Data

cita88 processes personal data for the following purposes:

Account Administration: Creating and managing your cita88 Account, processing login requests, and maintaining account security.
Service Delivery: Processing bets, settling winnings, crediting bonuses, and providing access to all Platform features including sportsbook, live casino, slots, esports, and poker.
Payment Processing: Facilitating deposits via Touch n Go eWallet, Boost, Maybank, CIMB, Public Bank, FPX, Visa, and Mastercard, and processing withdrawal requests to your registered payment method.
Identity Verification (KYC): Verifying your identity and age in compliance with international gaming authority requirements before withdrawals are permitted.
Fraud Prevention and Security: Detecting, investigating, and preventing fraud, money laundering, identity theft, and other prohibited conduct on the Platform.
Responsible Gaming: Monitoring gaming activity to identify patterns consistent with problem gambling and to administer self-exclusion and limit requests.
Communications: Sending transactional notifications (deposits, withdrawals, bet confirmations), responding to support queries, and — where you have opted in — promotional communications about offers relevant to your gaming preferences.
Legal Compliance: Meeting obligations under applicable law including data protection, anti-money laundering, and gaming regulations.
Platform Improvement: Analysing anonymised or aggregated usage data to improve Platform performance, identify technical issues, and develop new features.

4 Legal Basis for Processing

cita88 processes personal data on one or more of the following legal bases:

Contractual Necessity: Processing required to fulfil our obligations under the Terms and Conditions — including Account management, bet settlement, and payment processing.
Legal Obligation: Processing required to comply with applicable law — including KYC verification, anti-money laundering record-keeping, and regulatory reporting.
Legitimate Interests: Processing conducted in pursuit of our legitimate business interests — including fraud detection, Platform security, and anonymised analytics — where such interests are not overridden by your rights and freedoms.
Consent: Processing conducted on the basis of your explicit consent — principally marketing communications. You may withdraw consent at any time by contacting support or updating your Platform notification preferences.

5 Data Sharing & Disclosure

cita88 does not sell your personal data. We share personal data with third parties only in the following circumstances:

Payment Processors: We share necessary financial data with licensed payment service providers (including FPX, Touch n Go, and card processing networks) to facilitate deposits and withdrawals. These providers are contractually prohibited from using your data for any purpose other than payment processing.
Identity Verification Providers: We share identity document data with licensed KYC and AML verification service providers to fulfil our regulatory obligations.
Game Providers: Anonymised session identifiers may be shared with third-party game studios to enable game functionality and support dispute resolution. No personally identifiable information is shared beyond what is strictly necessary.
Legal and Regulatory Authorities: We will disclose personal data to law enforcement agencies, regulatory bodies, or courts where we are legally compelled to do so, or where disclosure is necessary to protect the safety, rights, or property of cita88 or others.
Professional Advisers: Lawyers, auditors, and compliance consultants who are bound by strict confidentiality obligations.

All third-party service providers engaged by cita88 are required to implement data security standards consistent with or exceeding those described in this Policy.

6 Cookies & Tracking Technologies

cita88 uses cookies and similar tracking technologies to operate the Platform effectively. Cookies are small text files stored on your device that enable the Platform to recognise your session, remember your preferences, and maintain security.

Essential Cookies: Required for login sessions, security tokens, and core Platform functionality. These cannot be disabled without impairing your ability to use the Platform.
Functional Cookies: Used to remember your language preferences, display settings, and responsible gaming tool configurations.
Analytics Cookies: Used to collect anonymised data about how players navigate the Platform, allowing us to identify and fix usability issues. Placed only with your consent.
Marketing Cookies: Used to measure the effectiveness of promotional campaigns. Placed only with your explicit consent and can be withdrawn at any time.

You may review and manage your cookie preferences through your browser settings or the cita88 Platform preference panel. Disabling essential cookies will affect Platform functionality.

7 Data Retention

cita88 retains personal data only for as long as is necessary for the purpose for which it was collected, or as required by applicable law. The following general retention periods apply:

Account and identity data: Retained for the duration of your Account and for a minimum of five (5) years following Account closure, to satisfy anti-money laundering and gaming regulatory requirements.
Financial transaction records: Retained for a minimum of seven (7) years following the date of the transaction, in accordance with financial record-keeping obligations.
Support communications: Retained for three (3) years from the date of the final communication, or longer if relevant to an unresolved dispute.
Technical and session data: Retained for up to twelve (12) months for security and fraud detection purposes, after which it is anonymised or deleted.
Marketing preferences: Retained until you withdraw consent or for two (2) years following your last interaction with cita88 marketing communications, whichever is earlier.

Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised. Anonymised data may be retained indefinitely for statistical and analytical purposes.

8 Data Security

cita88 implements technical and organisational measures designed to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. These measures include:

256-bit SSL/TLS encryption for all data in transit between your device and cita88 servers;
Encryption of sensitive data fields (including identity document references and payment identifiers) at rest;
Role-based access controls limiting staff access to personal data to those with a legitimate operational need;
Regular penetration testing and security audits conducted by independent third parties;
Multi-factor authentication requirements for all administrative access to production systems;
Incident response procedures for the detection, containment, and notification of data security incidents.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, cita88 will notify affected players and the relevant regulatory authority in accordance with applicable data protection law and within prescribed timeframes.

You are responsible for keeping your own cita88 login credentials confidential. cita88 will never ask you for your full password via email, live chat, or phone.

9 Your Data Protection Rights

Subject to applicable law, you have the following rights in relation to personal data that cita88 holds about you:

Right of Access: You may request a copy of the personal data cita88 holds about you.
Right to Rectification: You may request correction of inaccurate or incomplete personal data.
Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to our legal retention obligations.
Right to Restriction: You may request that we restrict our processing of your personal data in certain circumstances.
Right to Data Portability: You may request a machine-readable copy of personal data you have provided to cita88, for transfer to another controller.
Right to Object: You may object to processing based on legitimate interests at any time; we will cease such processing unless we can demonstrate compelling legitimate grounds.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of the above rights, please contact cita88 at [email protected]. We will respond within 30 calendar days. We may need to verify your identity before actioning your request.

10 Children and Minors

The cita88 Platform is strictly for adults aged 21 years and above. We do not knowingly collect personal data from individuals under 21 years of age. Age verification is a mandatory step in the cita88 Account registration and KYC process.

If cita88 becomes aware that personal data has been collected from a person under the age of 21 without appropriate verification, that Account will be suspended immediately, all associated Funds will be frozen pending investigation, and the data will be deleted in accordance with this Policy.

If you believe a minor has accessed the Platform, please notify us immediately at [email protected] so we can take immediate action.

11 International Data Transfers

cita88 operates servers and engages service providers that may be located outside Malaysia. Where personal data is transferred outside your country of residence, cita88 ensures that appropriate safeguards are in place — including contractual data processing agreements incorporating standard data protection clauses — to ensure your data receives a level of protection consistent with applicable data protection law.

Transfers are made only to service providers and jurisdictions that cita88 has assessed as providing adequate data protection standards. You may request details of specific transfer safeguards applicable to your data by contacting support.

12 Changes to This Privacy Policy

cita88 reserves the right to update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or Platform services. Material changes will be communicated to registered Account holders via the email address or mobile number on their Account no fewer than fourteen (14) calendar days before the revised Policy takes effect.

The effective date of this Policy is displayed at the top of the page. The version in force at any given time is accessible at cita88.app/privacy-policy. Continued use of the Platform following the effective date of a revised Policy constitutes acceptance of the changes.

We encourage you to review this Policy periodically to remain informed about how cita88 protects your personal data.

13 Contact & Complaints

For any questions, requests, or concerns relating to this Privacy Policy or cita88's handling of your personal data, please contact our Data Protection team through the following channels:

Email: [email protected]
Live Chat: Available 24/7 within the cita88 Platform after login
Response Time: Within 30 days for formal data rights requests; within 1 hour for general support queries

If you are dissatisfied with our response to a data protection complaint and believe your rights under applicable law have been violated, you may lodge a complaint with the relevant data protection authority in your jurisdiction. Malaysian residents may refer matters to the Department of Personal Data Protection Malaysia (PDPA).

cita88 Privacy Policy