Privacy Policy

1. Introduction

1.1 harta33 ("harta33", "we", "us", "our") operates the online gambling platform accessible at harta33.win. In the course of operating this platform for Malaysian and international players, harta33 collects and processes personal data relating to registered users and website visitors.

1.2 This Privacy Policy ("Policy") describes the categories of personal data harta33 collects, the purposes for which that data is used, the legal bases on which processing is conducted, and the rights available to data subjects.

1.3 This Policy applies to all products and services offered by harta33, including the live casino, RNG games, slot machines, sportsbook, and any promotional products. It should be read alongside the harta33 Terms & Conditions, which govern your overall use of the platform.

1.4 By registering an account with harta33, you acknowledge that you have read and understood this Policy and consent to the collection and use of your personal data as described herein.

2. Data We Collect

2.1 Registration Data. When you create a harta33 account, we collect: full legal name, date of birth, email address, mobile phone number, and country of residence. This data is required to create and administer your account.

2.2 Identity Verification Data (KYC). To comply with anti-money laundering obligations and to verify that players meet the minimum age requirement of 21 years, harta33 collects government-issued identification documents (such as a Malaysian MyKad or passport) and, where applicable, proof of payment method. These documents are processed solely for verification purposes.

2.3 Financial Data. harta33 collects data relating to deposits, withdrawals, and transaction history associated with your account. Payment method details (such as eWallet account identifiers or bank account details) are collected to process MYR transactions. harta33 does not store full card numbers or CVV codes; card payment processing is handled by PCI-DSS compliant third-party processors.

2.4 Usage and Behavioural Data. harta33 collects data about how you interact with the platform, including: pages visited, games played, bet history, session durations, login timestamps, and device and browser information. This data is used for platform improvement, fraud detection, and responsible gaming monitoring.

2.5 Technical Data. We collect IP address, device type, operating system, browser type and version, and connection data. This information is used for security monitoring, geographic access controls, and technical support.

2.6 Communications Data. When you contact harta33 via live chat, email, or any other channel, we retain records of those communications for quality assurance, dispute resolution, and compliance purposes.

3. How We Use Your Data

3.1 harta33 uses the personal data described above for the following purposes:

• Account creation and administration — to register, maintain, and secure your harta33 account;
• Identity and age verification — to confirm you meet the 21+ age requirement and to satisfy KYC obligations under applicable regulations;
• Payment processing — to receive MYR deposits via Touch n Go eWallet, Boost, GrabPay, Maybank, CIMB, Public Bank, USDT TRC20, and 7-Eleven CLiQQ, and to process withdrawals to your nominated account;
• Fraud prevention and security — to detect, investigate, and prevent fraudulent activity, multi-accounting, bonus abuse, and other prohibited conduct;
• Regulatory compliance — to meet anti-money laundering (AML), counter-terrorism financing (CTF), and responsible gaming obligations;
• Platform improvement — to analyse usage patterns and improve the functionality, performance, and content of the harta33 platform;
• Responsible gaming — to monitor gambling behaviour for indicators of problem gambling and to apply player protection measures where appropriate;
• Customer support — to respond to queries, resolve disputes, and provide technical assistance;
• Marketing communications — to send promotional offers and platform updates to players who have opted in to receive such communications. Marketing communications can be opted out of at any time by contacting support.

4. Legal Basis for Processing

4.1 harta33 processes personal data on the following legal bases:

• Contract performance — processing necessary to fulfil our obligations under the Terms & Conditions you have entered into, including account management and payment processing;
• Legal obligation — processing required to comply with applicable laws and regulations, including KYC verification, AML reporting, and responsible gaming requirements;
• Legitimate interests — processing for fraud prevention, platform security, and service improvement, where such interests are not overridden by your rights and freedoms;
• Consent — where harta33 has obtained your explicit consent, such as for marketing communications. Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

5. Cookies & Tracking Technologies

5.1 harta33 uses cookies and similar tracking technologies to enable essential platform functionality, maintain login sessions, prevent fraud, and analyse platform usage.

5.2 The following categories of cookies are used:

• Strictly necessary cookies — required for the platform to function. These cannot be disabled without impairing core functionality such as login sessions and game state;
• Analytics cookies — used to collect aggregated, anonymised data about how visitors interact with the platform. This data is used solely to improve platform performance;
• Preference cookies — used to remember your language, currency, and display preferences between sessions;
• Security cookies — used to detect and prevent fraudulent or abusive activity.

5.3 You may manage cookie preferences through your browser settings. Disabling strictly necessary cookies will impair your ability to use the harta33 platform. harta33 does not use third-party advertising cookies.

6. Data Sharing & Third Parties

6.1 harta33 does not sell, rent, or trade personal data to third parties for their own marketing or commercial purposes.

6.2 harta33 shares personal data with third parties only in the following limited circumstances:

• Payment processors — to process MYR deposits and withdrawals via Touch n Go eWallet, Boost, GrabPay, Maybank, CIMB, Public Bank, and other accepted payment methods. These processors operate under strict contractual data protection obligations;
• Game providers — licensed game software providers (such as Pragmatic Play, PG Soft, Habanero) may receive anonymised session data necessary for game delivery and RNG certification;
• KYC and AML service providers — identity verification and document authentication is conducted through certified third-party services operating under applicable data protection standards;
• Regulatory and law enforcement authorities — where required by applicable law, court order, or competent regulatory authority. harta33 will disclose only the minimum information necessary to satisfy the legal requirement;
• Fraud prevention services — anonymised behavioural and technical data may be shared with industry fraud prevention networks to protect the platform and its users.

6.3 All third-party service providers engaged by harta33 are required to process personal data only on documented instructions from harta33 and to implement appropriate technical and organisational security measures.

7. Data Retention

7.1 harta33 retains personal data for as long as your account remains active and for a period thereafter as required by applicable legal, regulatory, or contractual obligations.

7.2 Transaction records, KYC documentation, and account data are retained for a minimum of five (5) years following account closure, in accordance with standard AML record-keeping requirements.

7.3 Communications records (live chat transcripts, support emails) are retained for a maximum of three (3) years for quality assurance and dispute resolution purposes.

7.4 Where personal data is no longer required for any permitted purpose, it will be securely deleted or anonymised in accordance with harta33's internal data management procedures.

8. Data Security

8.1 harta33 implements industry-standard technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, and destruction. These measures include:

• 256-bit SSL/TLS encryption on all data in transit between your device and the harta33 platform;
• Encryption of sensitive data at rest, including KYC documents and financial data;
• Role-based access controls limiting internal access to personal data on a strict need-to-know basis;
• Regular security assessments and penetration testing of the platform infrastructure;
• Automated anomaly detection for unusual login patterns and suspicious account activity.

8.2 Notwithstanding the measures described above, no data transmission over the internet can be guaranteed to be entirely secure. harta33 cannot warrant the absolute security of data transmitted to the platform. You transmit data at your own risk.

8.3 In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, harta33 will notify affected individuals without undue delay in accordance with applicable data breach notification obligations.

9. Your Rights

9.1 Subject to applicable law, you have the following rights in relation to your personal data held by harta33:

• Right of access — you may request a copy of the personal data harta33 holds about you;
• Right to rectification — you may request correction of any inaccurate or incomplete personal data;
• Right to erasure — you may request deletion of your personal data, subject to harta33's legal retention obligations;
• Right to restriction of processing — you may request that harta33 restricts processing of your data in certain circumstances;
• Right to data portability — you may request a structured, machine-readable copy of data you have provided to harta33;
• Right to object — you may object to processing based on legitimate interests, including direct marketing;
• Right to withdraw consent — where processing is based on consent, you may withdraw that consent at any time.

9.2 To exercise any of the above rights, please contact harta33 via live chat support or the support email address displayed in the footer of this page. harta33 will respond to valid requests within thirty (30) days of receipt.

10. Children's Privacy

10.1 harta33 takes the protection of minors seriously. If harta33 becomes aware that personal data has been collected from a person under the age of 21 without verified parental consent, that data will be deleted and the associated account closed immediately.

10.2 If you believe that a minor has registered an account with harta33, please contact our support team immediately via live chat or the email address provided in the Contact section of this Policy.

11. Third-Party Links

11.1 The harta33 platform may contain references to third-party services (such as payment providers). harta33 is not responsible for the privacy practices of any third party. We encourage you to review the privacy policies of any external service you access in connection with using harta33.

12. Changes to This Policy

12.1 harta33 reserves the right to update or amend this Privacy Policy at any time. Material changes will be communicated to registered players via email or in-platform notification prior to the amended Policy taking effect.

12.2 The "Last updated" date at the top of this Policy indicates when the most recent revision was made. Your continued use of the harta33 platform following notification of changes constitutes your acceptance of the revised Policy.

13. Contact Us

13.1 For any questions, concerns, or requests relating to this Privacy Policy or to the personal data harta33 holds about you, please contact our support team via live chat (available 24/7 on the platform) or by writing to the support email address displayed in the footer of this page.

13.2 harta33 will acknowledge written data subject requests within 5 business days and provide a substantive response within 30 days. Complex requests may require an extension, in which case you will be notified.