1. Who We Are
yestowin ("we," "us," "our") operates the online gaming and sports betting platform accessible at yestowin.net (the "Platform"). yestowin is the data controller for the personal information of Players who use the Platform. For all data-related enquiries, including Subject Access Requests and data deletion requests, please contact us via the details set out in Section 16 of this Policy.
yestowin operates under international online gaming licensing (CuraΓ§ao jurisdiction), which imposes obligations on us in respect of data security, anti-money laundering (AML) compliance, and Know Your Customer (KYC) verification β all of which involve the processing of personal data as further described in this Policy.
2. Personal Data We Collect
yestowin collects personal data in the following categories:
| Category |
Examples |
When Collected |
| Identity Data |
Full legal name, date of birth, gender, nationality |
Registration & KYC verification |
| Contact Data |
Email address, Malaysian mobile number, residential address |
Registration & KYC verification |
| Financial Data |
Payment method details (e-wallet IDs, bank account numbers, USDT wallet addresses), deposit/withdrawal history |
Deposits, withdrawals, KYC |
| Identity Documents |
MyKad number, passport copy, driving licence, proof of address documents |
KYC verification process |
| Gaming Data |
Bet history, game activity, session duration, bonus usage, win/loss records |
Ongoing platform use |
| Technical Data |
IP address, device type, browser version, operating system, session identifiers |
Every Platform visit |
| Communications Data |
Live chat transcripts, support email content, account notifications |
When you contact support |
| Marketing Preferences |
Email/SMS opt-in status, preferred promotional categories |
Account settings |
yestowin does not collect special categories of sensitive personal data (e.g., biometric data, health data, racial or ethnic origin) unless specifically required for age verification or legal compliance in exceptional circumstances.
3. How We Collect Your Data
yestowin collects personal data through the following mechanisms:
- Direct collection: Information you provide when registering an account, completing KYC verification, making deposits or withdrawals, contacting support, or updating your account settings.
- Automated collection: Technical data collected automatically when you access the Platform, including through cookies, server logs, and similar tracking technologies (see Section 9 for full cookie details).
- Third-party sources: Identity verification data from KYC service providers; fraud and AML screening data from licensed compliance partners; payment verification data from e-wallet and banking partners including Touch 'n Go eWallet, Boost, DuitNow, and FPX processors.
- Inferred data: Player behaviour profiles derived from gaming activity data, used for responsible gaming monitoring and personalised service delivery.
4. How We Use Your Personal Data
yestowin uses your personal data for the following purposes:
- Account creation and management: Creating, verifying, and maintaining your yestowin account, including processing login authentication and account security measures.
- Payment processing: Processing deposits via Malaysian payment methods (Touch 'n Go eWallet, Boost, DuitNow, FPX, Maybank2u, CIMB Clicks, and others) and processing withdrawal requests to your verified payment method.
- KYC and AML compliance: Verifying your identity and age as required by our operating licence; conducting anti-money laundering screening to meet our regulatory obligations.
- Platform personalisation: Presenting game recommendations, relevant promotions, and account content tailored to your gaming preferences and history on the yestowin platform.
- Responsible gaming monitoring: Analysing your gaming activity to identify patterns consistent with problem gambling, and triggering intervention notifications or account restrictions in appropriate circumstances.
- Customer support: Responding to your enquiries submitted via live chat or email support at [email protected].
- Marketing communications: Sending promotional emails and SMS messages about yestowin bonuses, new games, and special offers β but only where you have given explicit consent (see Section 11).
- Security and fraud prevention: Monitoring for suspicious account activity, preventing cheating and collusion, and protecting the integrity of the yestowin Platform.
- Legal compliance: Meeting applicable legal obligations, responding to lawful regulatory requests, and enforcing our Terms & Conditions.
5. Legal Basis for Processing
yestowin processes personal data on the following legal bases:
- Contract performance: Processing necessary to deliver the yestowin gaming services you have contracted for, including account operation, payment processing, and game provision.
- Legal obligation: Processing required to comply with AML regulations, KYC obligations under our operating licence, and any lawful demands from regulatory or law enforcement authorities.
- Legitimate interests: Processing for fraud prevention, platform security, responsible gaming monitoring, and improving the yestowin user experience β where such interests are not overridden by your fundamental rights.
- Consent: Marketing communications and certain non-essential cookies, where your explicit consent has been obtained and can be withdrawn at any time.
6. Data Sharing & Third Parties
yestowin does not sell your personal data to third parties. We may share your data with the following categories of recipients, strictly for the purposes described in this Policy:
- Payment service providers: Touch 'n Go eWallet, Boost, GrabPay, DuitNow FPX, Maybank, CIMB, Public Bank, Hong Leong Bank, and USDT processing partners β for transaction processing purposes only.
- KYC and identity verification providers: Third-party KYC service providers who verify identity documents on yestowin's behalf. These providers are contractually bound to process data only for verification purposes and to apply equivalent data security standards.
- Game providers: Licensed game software providers (such as Evolution Gaming, PG Soft, Pragmatic Play, and others) receive necessary session data to deliver games β no personally identifiable data beyond a pseudonymous player identifier is shared.
- AML screening partners: Licensed compliance screening services used to meet our anti-money laundering obligations under our operating licence.
- Regulatory and law enforcement authorities: Where required by lawful regulatory demand, court order, or legal process applicable to yestowin's jurisdiction of operation.
- IT infrastructure providers: Cloud hosting and server infrastructure providers operating under data processing agreements that bind them to equivalent data protection standards.
yestowin requires all third-party data processors to implement appropriate technical and organisational security measures, and prohibits them from using your personal data for any purpose beyond the specific service they provide to yestowin.
7. Data Retention
yestowin retains personal data for the following periods:
- Active accounts: All personal data is retained for the lifetime of your active yestowin account plus a minimum of 5 years following account closure, to meet AML record-keeping obligations under our operating licence.
- KYC documentation: Identity documents and verification records are retained for a minimum of 5 years following account closure, as required by applicable AML and licensing regulations.
- Financial transaction records: Deposit and withdrawal records are retained for a minimum of 5 years following each transaction for financial compliance purposes.
- Gaming activity logs: Bet history and game session data are retained for 2 years following account closure for responsible gaming monitoring and dispute resolution purposes.
- Support communications: Live chat and email support transcripts are retained for 2 years from the date of the communication.
- Marketing data: Retained until you withdraw consent to receive marketing communications, after which it is deleted within 30 days.
At the end of the applicable retention period, personal data is securely deleted or anonymised. Anonymised aggregate data may be retained indefinitely for statistical and platform improvement purposes.
8. Data Security
yestowin implements technical and organisational measures to protect your personal data against unauthorised access, accidental loss, disclosure, or destruction:
- 256-bit SSL/TLS encryption on all data transmission between your device and the yestowin Platform β the same standard used by major Malaysian banks for online banking.
- Encrypted data storage for all personally identifiable fields in our databases, including financial data and identity documents.
- Access controls: Employee access to personal data is restricted on a strict need-to-know basis, with role-based access controls and audit logging of all data access events.
- Two-factor authentication available on all yestowin player accounts and mandatory for internal staff systems.
- Regular security audits and penetration testing of the yestowin Platform infrastructure.
- Incident response: In the event of a data breach affecting your personal data, yestowin will notify affected players and, where required, the relevant supervisory authority within applicable regulatory timeframes.
9. Cookies & Tracking Technologies
yestowin uses cookies and similar technologies to operate and improve the Platform. The categories of cookies we use are:
- Strictly necessary cookies: Required for the Platform to function correctly, including session management, login authentication, and security. These cannot be disabled.
- Functional cookies: Remember your preferences (language, display settings, responsible gaming notification status) to personalise your yestowin experience.
- Analytics cookies: Collect anonymised data about how players navigate the Platform to help yestowin improve user experience. No individually identifiable data is collected for analytics purposes.
- Marketing cookies: Used only where you have given consent, to deliver relevant promotional offers from yestowin. No third-party advertising network cookies are used.
You can manage your cookie preferences through your browser settings. Disabling non-essential cookies will not affect your ability to use the core yestowin gaming services, though certain preference features may not function as expected.
10. Your Data Rights
Subject to applicable law and yestowin's legal obligations, you have the following rights in respect of your personal data:
- Right of access: Request a copy of all personal data yestowin holds about you (Subject Access Request).
- Right to rectification: Request correction of inaccurate or incomplete personal data. You may update most account data directly via your account settings.
- Right to erasure: Request deletion of your personal data, subject to our right to retain data required for legal compliance (AML record-keeping obligations may prevent full erasure of certain records).
- Right to restriction: Request that yestowin restricts processing of your data in certain circumstances, e.g., while a dispute is under investigation.
- Right to data portability: Request your personal data in a structured, machine-readable format where technically feasible.
- Right to object: Object to processing based on legitimate interests, including profiling for direct marketing purposes.
- Right to withdraw consent: Withdraw any previously given consent to marketing communications or non-essential cookies at any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, contact yestowin's data team via live chat support or at [email protected]. We will respond within 5 business days and action requests within 30 days of receipt, extended to 60 days for complex requests.
11. Marketing Communications
yestowin will only send you marketing communications (email, SMS, or in-platform notifications about promotions, bonuses, and new games) where you have explicitly consented to receive such communications at registration or through your account settings.
You may withdraw consent to marketing communications at any time by:
- Updating your marketing preferences in your yestowin account settings (immediate effect);
- Clicking the unsubscribe link in any marketing email (effective within 5 business days); or
- Contacting live chat support to request removal from all marketing lists.
Withdrawal of marketing consent does not affect your ability to use the yestowin Platform or receive transactional communications (such as deposit confirmations, withdrawal notifications, and account security alerts), which are sent as part of the service contract.
12. Children's Privacy
The yestowin Platform is strictly for adults aged 21 years and above. yestowin does not knowingly collect personal data from individuals under the age of 21. If we become aware that personal data has been submitted by a person under 21, that account will be immediately suspended and the data deleted, subject to any AML record-keeping obligations.
If you believe a person under 21 has registered a yestowin account, please notify us immediately via live chat support so we can investigate and take appropriate action.
13. Third-Party Links
The yestowin Platform does not contain links to external third-party websites for commercial purposes. Where game providers' environments are embedded within the Platform, those providers' own privacy notices may apply to data processed within their game environments. yestowin is not responsible for the privacy practices of third-party game providers beyond the data processing agreements in place between yestowin and those providers.
14. International Data Transfers
As yestowin operates under Curaçao licensing, your personal data may be processed and stored on servers located outside Malaysia. Where data is transferred internationally, yestowin ensures that appropriate safeguards are in place, including contractual data protection clauses equivalent to applicable international data transfer standards.
KYC verification data may be processed by service providers located in Singapore, the European Union, or other jurisdictions with adequate data protection frameworks. yestowin's cloud infrastructure providers operate under data processing agreements that enforce equivalent security and privacy standards globally.
15. Changes to This Privacy Policy
yestowin may update this Privacy Policy from time to time to reflect changes in applicable law, our business operations, or data processing practices. Material changes will be communicated to Players via the registered email address at least 7 days before the revised Policy takes effect.
The current version of this Privacy Policy is always available at yestowin.net/privacy-policy. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of the yestowin Platform following the effective date of any update constitutes acceptance of the revised Policy.
16. Contact & Complaints
For all data protection enquiries β including Subject Access Requests, data deletion requests, or concerns about how yestowin handles your personal information β please contact us through the following channels:
Data Enquiries β yestowin Support
Live chat: Available 24/7 on the yestowin Platform (recommended for urgent matters)
Email contact (plain text β not a clickable link):
[email protected]
Please include "Privacy Request" in the subject line. Responses within 5 business days.
If you are not satisfied with yestowin's response to a data-related complaint, you may raise your concern with the relevant data protection authority or yestowin's licensing supervisory authority in Curaçao. yestowin takes all privacy complaints seriously and will cooperate fully with any supervisory investigation.