Introduction

Wk888 acts as the data controller responsible for the Personal Data collected in connection with the Wk888 services. This Privacy Policy sets out what data we collect, how we use it, when we share it, how we protect it, and the rights you have in relation to your data. It applies to all website visitors and account holders who access, sign up for, or transact through our services. By using our services, you acknowledge and agree that we may process your Personal Data as described in this policy, in accordance with applicable data protection laws including GDPR where those laws apply to our operations.

Data We Collect

  • Personal data you provide to us: full name, date of birth, residential address, email address, telephone number, account username, and payment method identifiers (e.g., last digits of a card or a payment reference) necessary to establish and manage your account.
  • Data collected during account activity: deposit and withdrawal histories, transaction timestamps, payment methods used, device information, IP address, login times, geolocation data (where permitted by law), and usage patterns within our services.
  • Identification and verification data: copies of government-issued identity documents (e.g., passport, national ID) and proofs of address (e.g., utility bill) for identity verification and KYC procedures, plus outcomes of these checks.
  • Communication data: records of correspondence with our support channels, and logs of live chats and calls where applicable.
  • Data from third parties: information obtained from AML/KYC databases, publicly available sources, and affiliates or business partners as necessary to verify identity, assess risk, or enable the provision of services; data transferred in connection with corporate transactions or platform integration.
  • Aggregated or anonymized data: non-identifying data used for statistical analysis, product improvement, and research purposes.

How We Use Your Personal Data

  1. To provide, operate and administer our services: verify your identity, process transactions, manage your account, and communicate important account information.
  2. Identity verification and regulatory compliance: conduct Know Your Customer, anti-money laundering screening, enhanced due diligence where required, and monitor activity for suspicious or illegal activity.
  3. Customer support and security: respond to inquiries, diagnose issues, and protect against fraud, theft, and unauthorized access.
  4. Legal obligations and governance: comply with applicable laws, licensing requirements, regulatory disclosures, and internal recordkeeping obligations.
  5. Communications and account updates: send service-related notices, confirmations, and updates about changes to terms or features; respond to user inquiries.
  6. Marketing and user experience (with consent): where you have opted in, provide information about promotions, products and services; allow targeted messaging and personalization based on your profile and activity (you may withdraw consent at any time).
  7. Analytics and service optimization: perform statistical analyses and continuous improvement of our services, features, and user experience.
  8. Fraud prevention and risk management: detect and prevent fraudulent activity, assess payment risk, and safeguard the integrity of the platform.

Legal Bases for Processing

  • Performance of contract: processing necessary to provide and administer the services you request.
  • Legal obligations: processing required to comply with applicable laws and regulatory obligations including AML and licensing requirements.
  • Consent: where you have given explicit consent for processing such as direct marketing or certain tracking activities.
  • Legitimate interests: processing necessary for security, fraud prevention, and the ongoing improvement of our services, provided such interests do not override your rights and freedoms.

Data Sharing and International Transfers

  • Service providers and partners: we may share data with payment processors, IT services, security and risk-management providers, customer support vendors, and others who perform services on our behalf under confidentiality and data protection obligations.
  • Regulatory and legal requests: we may disclose data to competent authorities, regulatory bodies, or courts as required by law or regulatory obligations.
  • Corporate transactions: in connection with mergers, acquisitions, or asset transfers, your data may be disclosed to prospective buyers or their advisors; reasonable measures will be taken to protect your data in such events.
  • Cross-border transfers: where data is transferred outside the jurisdiction in which you reside, we implement appropriate safeguards to ensure an equivalent level of data protection, including data protection agreements and other lawful transfer mechanisms as required by applicable law.

Data Retention

We retain Personal Data only for as long as necessary to fulfill the purposes described in this policy and to comply with legal, regulatory, and licensing requirements. In general, we retain your data for the duration of your active account and for a minimum of five (5) years from the date of the last transaction or account closure, unless a longer period is required by applicable law or regulatory authority. When retention is no longer required, we will securely delete or anonymize the data or place it in a protected archive if deletion is not feasible due to legal obligations.

Your Rights

  • Right of access: you may request access to your Personal Data held by us and obtain a copy of it, subject to applicable law.
  • Right to rectification: you may correct inaccurate or incomplete data, supported by appropriate documentation where required.
  • Right to erasure: you may request deletion of your Personal Data, limited by legal or contractually obligated retention requirements.
  • Right to restrict processing: you may request restriction of processing under certain circumstances.
  • Right to data portability: you may request a portable copy of your data in a structured, commonly used format where applicable.
  • Right to object: you may oppose processing based on legitimate interests or for direct marketing, subject to exemptions.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.
  • Automated decision-making: you have rights regarding decisions made solely by automated processes that affect you, with human involvement where required by law.

Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our services, tailor content, and analyze usage. Essential cookies enable core functionalities; non-essential cookies may be used for analytics and marketing, subject to your consent where required. You may adjust cookie preferences in your account settings or opt out through the mechanisms we provide within the service.

Data Security

We implement reasonable and appropriate administrative, technical, and physical security measures to protect Personal Data from loss, misuse, unauthorized access, alteration, and destruction. Access to Personal Data is restricted to personnel who need it to perform their duties and are bound by confidentiality obligations. We conduct ongoing reviews of our security practices and maintain incident response procedures to address data breaches promptly.

Data Controller and Contact

The data controller for your Personal Data is Wk888. You may contact us through the official Help Centre within your account for privacy inquiries, data access requests, or to exercise your rights described in this policy. We will respond in accordance with applicable law and within the timeframes required by such law.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated through the service or other appropriate channels. Continued use of our services after such changes constitutes your acceptance of the updated policy.

General Provisions

This policy is intended to be consistent with applicable data protection laws. If you reside in a jurisdiction with specific data protection requirements, to the extent such requirements provide more protection than this policy, those requirements will prevail for the purposes of the processing described herein. Where we rely on consent for processing beyond what is strictly necessary to provide our services, you have the right to withdraw that consent at any time.