Legal · PDPA 2010 Compliant

Privacy Policy

How FreeCredit Casinos ("we", "us") collects, uses, stores, and protects personal data under the Malaysian Personal Data Protection Act 2010 (Act 709). Plain-English summary at the top; full clauses below.

Effective: 15 August 2022
·
Last updated: 26 May 2026
·
Version: 3.2
TL;DR · Plain English

What this policy actually says

§1Introduction and Scope

This Privacy Policy ("Policy") governs the collection, use, disclosure, and protection of Personal Data by FreeCredit Casinos (operating address: Jalan PJU 5/22, Kota Damansara, Petaling Jaya 47810, Selangor, Malaysia) ("the Operator", "we", "us", "our") in respect of the website freecreditcasinos.net ("the Site").

This Policy is issued in compliance with the Personal Data Protection Act 2010 (Act 709) ("PDPA") and the seven Personal Data Protection Principles set out therein: General, Notice and Choice, Disclosure, Security, Retention, Data Integrity, and Access.

By accessing or using the Site, you ("the User", "you") consent to the collection and processing of your Personal Data as described in this Policy. If you do not consent, you must discontinue use of the Site.

§2Who We Are (Data Controller)

The data controller (as defined under PDPA s.4) for all Personal Data collected via the Site is:

Data Controller

FreeCredit Casinos

Operating address: Jalan PJU 5/22, Kota Damansara, Petaling Jaya 47810, Selangor

Founder / Editor-in-Chief: Marcus Tay Wei Liang

Data Protection contact: privacy@freecreditcasinos.net

General enquiries: editorial@freecreditcasinos.net

Phone: +603-5512 2100 (Mon-Fri 9 AM - 6 PM MYT)

§3Personal Data We Collect

We deliberately collect the minimum data needed to operate the Site and respond to your enquiries. Categories of Personal Data we may collect:

CategoryExamplesHow collectedLawful basis
Contact data Email address, name (optional), phone (optional) When you write to us, subscribe, or fill the contact form Consent
Communication content The text of your email, complaint, tip, or message to us When you submit a message via form or email Contract
Analytics data Pages visited, country, browser type, referrer, session length Automatically via Plausible Analytics (cookieless) Legitimate interest
Technical data IP address (truncated), user-agent string, request timestamps Automatically via Cloudflare (CDN/security) Legitimate interest
Newsletter data Email, subscription date, open/click events When you opt in to the newsletter Consent
Cookie preferences Your consent choices for cookies (stored locally) Via the cookie banner on first visit Legal obligation

Data we explicitly do NOT collect

We are a review site, not a casino operator. We do not collect, request, or accept:

  • Malaysian IC numbers or passport numbers
  • Bank account or payment card details
  • Casino account login credentials or balances
  • Tax File Numbers or any identification documents
  • Biometric data, voice recordings, or facial images

If you accidentally include any of the above in a message to us, we will delete the specific data points within 7 days of receipt and reply asking you not to send such information again.

§4How We Use Your Personal Data (Purposes)

Personal Data is processed only for the following defined purposes:

  1. Responding to your communications — replying to emails, complaints, tips, and contact form submissions.
  2. Delivering the newsletter — sending the monthly editorial digest to subscribers who have opted in.
  3. Operating and securing the Site — serving pages via CDN, blocking abuse traffic, detecting fraud.
  4. Improving editorial content — understanding which guides and reviews readers find useful via aggregated analytics.
  5. Complying with legal obligations — responding to lawful requests from Malaysian regulators (PDP Commissioner, MCMC, MOF) when required.
  6. Investigating editorial complaints — when a brand or third party disputes our coverage, we may use your communications as evidence in the corrections process.

We do not use your data for: behavioural advertising, profiling, automated decision-making, AI training, or any commercial purpose outside the six items above.

§5Disclosure to Third Parties

Personal Data may be disclosed only to the following classes of third party, and only to the extent necessary:

Data Processors (our service providers)

  • Cloudflare, Inc. (US/global) — CDN, DDoS protection, edge caching. Receives truncated IP and request metadata.
  • Plausible Insights OÜ (Estonia/EU) — privacy-respecting analytics. Cookieless, no fingerprinting, IP is hashed and not stored.
  • Brevo / Sendinblue SAS (France/EU) — newsletter delivery. Receives your email and engagement events only.
  • Hostinger International Ltd. (Cyprus/EU) — web hosting. Server-level access to logs and database.
  • ProtonMail AG (Switzerland) — encrypted email storage for editorial mailboxes.

Each of the above is bound by its own data protection commitments (GDPR/Swiss FADP for EU/CH processors). We maintain a Data Processing Agreement with each.

Disclosure for legal compliance

We may disclose Personal Data to Malaysian law enforcement, the PDP Commissioner, MCMC, the courts, or other competent authorities when required by a lawful written request, court order, or statutory obligation. We will notify you of any such disclosure unless legally prohibited from doing so.

Disclosure in editorial complaints

If a casino brand or other party formally disputes our coverage and the dispute requires reference to your communication with us (e.g. a complaint you submitted), we will redact identifying information before sharing the substance with the other party, unless you have given us prior written permission to share unredacted.

What we never do

We do not sell, rent, trade, or share your Personal Data with advertisers, data brokers, casino operators (other than as redacted complaints described above), or any third party for marketing purposes.

§6Affiliate Links and Tracking

Several pages on the Site contain affiliate links to casino brands. When you click an affiliate link:

  • Your browser passes a referral code (e.g. ?ref=fcmy) to the destination brand.
  • The brand's tracking software (which we do not control) sets cookies on the brand's domain to attribute any subsequent sign-up.
  • No Personal Data is passed from us to the brand. The referral mechanism is anonymous on our side.
  • If you sign up at the brand and become a depositing player, the brand may pay us a commission. Your identity in that transaction is between you and the brand; we receive only aggregated, anonymised conversion counts.

§7Cross-Border Data Transfers

Some of our data processors are based outside Malaysia (EU, US, Switzerland). Under PDPA s.129, we may only transfer Personal Data outside Malaysia where one of the following applies:

  • The destination jurisdiction is specified by the PDP Commissioner as having adequate protection (EU, UK, Switzerland qualify).
  • You have explicitly consented to the transfer (e.g. by submitting the newsletter form, which discloses Brevo's EU location).
  • The transfer is necessary to perform a contract you've entered into with us.
  • The Operator has taken all reasonable precautions and exercised due diligence to ensure the data is not processed inconsistently with the PDPA.

We rely primarily on the third basis (necessity for contract performance) supplemented by contractual safeguards (Data Processing Agreements) with each overseas processor.

§8Data Retention

We retain Personal Data only for the duration necessary to fulfil the purpose for which it was collected:

Data categoryRetention periodTrigger for deletion
Contact form submissions24 monthsAuto-deleted from mailbox after 24 months
Newsletter subscriber dataUntil unsubscribeRemoved from Brevo within 7 days of unsubscribe
Analytics data (Plausible)24 monthsPlausible auto-purges after 24 months
Cloudflare logs30 daysRolling 30-day window
Editorial complaint records7 yearsRequired for editorial accountability and corrections log
Cookie consent records12 monthsRe-prompt after 12 months

§9Security Measures

We implement the following technical and organisational measures to protect Personal Data:

  • Encryption in transit: TLS 1.3 on all pages; HSTS enforced via Cloudflare.
  • Encryption at rest: ProtonMail (zero-knowledge encryption) for editorial mailboxes.
  • Access control: Multi-factor authentication on all admin accounts (founder + 2 senior reviewers).
  • Least privilege: Only the founder has access to the full subscriber and complaint database.
  • Backup and recovery: Daily encrypted backups retained for 30 days in Hostinger EU data centre.
  • Incident response: Documented breach procedure; affected users and the PDP Commissioner notified within 72 hours of confirmation per PDPA notification requirements.

§10Your Rights Under the PDPA

As a Data Subject under the PDPA, you have the following rights:

Right 1

Access

Request a copy of your Personal Data held by us (PDPA s.30). Response within 21 days.

Right 2

Correction

Request correction of inaccurate, incomplete, or outdated Personal Data (PDPA s.34).

Right 3

Withdraw Consent

Withdraw consent to processing at any time. We will cease processing within 14 days.

Right 4

Prevent Direct Marketing

Opt out of any direct marketing (including the newsletter) via the unsubscribe link in every message.

Right 5

Erasure

Request deletion of your Personal Data, subject to our legal retention obligations (e.g. complaints records).

Right 6

Complaint

Lodge a complaint with the PDP Commissioner if we fail to respond appropriately to your data subject request.

To exercise any of these rights, email privacy@freecreditcasinos.net with the subject line "Data Subject Request" and a description of your request. We may require proof of identity (a government-issued ID, redacted of sensitive numbers) to prevent unauthorised disclosure.

If you are dissatisfied with our response, you may lodge a complaint with:

Personal Data Protection Commissioner (Pesuruhjaya Perlindungan Data Peribadi)

Department of Personal Data Protection, Ministry of Communications

Aras 6, Kompleks Kementerian Komunikasi dan Multimedia, Lot 4G9, Persiaran Perdana, Presint 4

62100 Putrajaya, Malaysia

Website: www.pdp.gov.my

Email: aduan@pdp.gov.my

§11Cookies and Similar Technologies

The Site uses a minimal set of cookies and local storage entries. Full disclosure is provided in our separate Cookie Policy. By summary:

  • Strictly necessary: session cookies for the cookie consent banner and admin login (no consent required under PDPA).
  • Functional: local storage for your guide reading progress and self-assessment checklist state (consent required).
  • Analytics: none. Plausible Analytics is cookieless.
  • Advertising/tracking: none on our domain. Affiliate links set cookies only on the destination brand's domain after you click.

§12Children's Privacy

The Site contains content related to gambling and is intended for adults aged 18 and over. We do not knowingly collect Personal Data from any person under the age of 18. If we become aware that we have collected Personal Data from a person under 18, we will delete it immediately and notify the parent or guardian where contact information is available.

If you are a parent or guardian and believe your child has provided Personal Data to us, please contact privacy@freecreditcasinos.net for immediate deletion.

§13Third-Party Links

The Site contains links to third-party websites (casino brands, regulators, news sources, helplines). This Privacy Policy does not apply to those external sites. We are not responsible for the privacy practices or content of any third party. Before submitting Personal Data to any linked site, please review its own privacy policy.

§14Data Breach Notification

In the event of a Personal Data breach that is likely to result in significant harm to affected individuals:

  1. We will notify the PDP Commissioner within 72 hours of becoming aware of the breach.
  2. We will notify affected individuals by email (where contact details are available) without undue delay, with a description of the breach, the data involved, the likely consequences, and the steps we are taking.
  3. We will publish a public notice on the Site if the breach affects a large number of unidentifiable individuals.

§15Changes to This Policy

We may amend this Privacy Policy from time to time to reflect changes in law, our practices, or our service providers. Material changes will be communicated by:

  • An updated "Last Updated" date and incremented version number at the top of this page.
  • A notice on the Site homepage for 30 days following any material change.
  • An email to current newsletter subscribers where the change affects their data.

The current version always supersedes prior versions. A full changelog of past versions is available on request.

§16Contact Us

For any question, request, or complaint regarding this Privacy Policy or your Personal Data:

Privacy Contact

Email: privacy@freecreditcasinos.net

Postal: Jalan PJU 5/22, Kota Damansara, Petaling Jaya 47810, Selangor, Malaysia

Phone: +603-5512 2100 (Mon-Fri 9 AM - 6 PM MYT)

Response time: Within 21 days as required by PDPA s.30

This document is published in English. A Bahasa Malaysia version is available on request at privacy@freecreditcasinos.net. In the event of any inconsistency between language versions, the English version prevails.