GDPR

Information for EEA/UK visitors about GDPR rights.

About this page

Although our main audience is Malaysia, we provide this GDPR information for visitors from the EEA/UK. This page explains what personal data we process, why, on what legal bases, how long we keep it, and how you can exercise your rights.

Controller & contact details

Controller: Highlands Gold Room
Address: Suite 18-02, Menara UOA Bangsar, No. 5 Jalan Bangsar Utama 1, 59000 Kuala Lumpur, Malaysia
Telephone: +60 3 9771 6240
Email: support@highlandsgoldroom.my

Data Protection Officer (DPO): You can contact our DPO via support@highlandsgoldroom.my with “DPO” in the subject line.

Categories of data we may process

  • Technical and usage data: server logs (IP address, user-agent, URLs, timestamps), basic device data.
  • Cookie data: strictly necessary cookies (to remember age/non-age access and security); optional analytics/marketing cookies only if you consent. See our Cookie Policy.
  • Support communications: content of messages you send via email or the support form (name, email, message body).

Purposes & legal bases

Purpose Examples Legal basis (GDPR)
Provide and secure the service Age overlay, load balancing, security logs Art. 6(1)(f) legitimate interests (running a secure service)
Consent management Store your cookie preferences Art. 6(1)(c) compliance (where required) and Art. 6(1)(f) legitimate interests
Analytics (optional) Aggregate usage metrics Art. 6(1)(a) consent
Marketing attribution (optional) Measure campaigns Art. 6(1)(a) consent
Support Respond to requests and issues Art. 6(1)(f) legitimate interests (customer support)

Retention

  • Server logs: typically up to 30–90 days unless needed longer for security or legal reasons.
  • Cookie preferences: up to 6 months.
  • Support communications: up to 24 months after resolution, unless longer retention is required by law or to establish/defend legal claims.

International transfers

We may process data on servers outside the EEA/UK. Where applicable, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) and implement supplementary safeguards (encryption in transit and at rest where feasible, access controls).

Your GDPR rights

  • Right of access, rectification, and erasure.
  • Right to restriction and objection to processing.
  • Right to data portability (where applicable).
  • Right to withdraw consent at any time (for optional cookies/analytics/marketing).

How to exercise your rights

Email support@highlandsgoldroom.my with the subject “GDPR request”. We may ask you to verify your identity. We aim to reply within one month (Art. 12(3)).

Children

Our service is for adults 21+. We do not knowingly process children’s data.

Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects under Art. 22 GDPR.

Supervisory authorities

You have the right to lodge a complaint with your local supervisory authority in the EEA or with the UK Information Commissioner’s Office (ICO). You can also contact us first and we will do our best to resolve your concern.

Updates

This page may be updated from time to time. Last updated: .

Summary (plain language)

We run a play-for-fun entertainment site. We keep the minimum necessary data to operate securely; anything optional (analytics/marketing) runs only with your consent. You’re always in control of your choices and rights.

GDPR FAQ

Do you sell my data?

No. We do not sell or rent personal data.

How do I change my cookie choice?

Clear your cookies in the browser or revisit the Cookie Policy and update preferences. Optional cookies only run with consent.

Will gameplay affect my credit score?

No. There is no real-money gambling and no reporting to credit agencies.