Privacy Policy

This Privacy Policy outlines how we collect, use, store, and protect your personal information when you access and use our online gaming platform. We are committed to maintaining the highest standards of data protection and transparency in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our services, you acknowledge that you have read, understood, and agree to the practices described in this policy. Last updated: January 28, 2026.

1. Information Collection and Data Types

We collect various types of personal information to provide you with a secure and personalised gaming experience. The information we gather falls into several categories, each serving specific purposes related to account management, regulatory compliance, and service enhancement. Understanding what data we collect helps you make informed decisions about your privacy and gaming activities.

Personal identification information forms the foundation of your account security and regulatory compliance. This includes:

Full name, date of birth, and gender for identity verification
Residential address and postal code for location verification
Email address and mobile phone number for account communications
Government-issued identification documents for age verification
Proof of address documents for regulatory compliance
Occupation and source of funds information for responsible gambling measures

Financial information is essential for processing deposits, withdrawals, and maintaining transaction security. We collect payment card details, bank account information, mobile billing authorisation data, and transaction histories. Additionally, we maintain records of all financial activities including deposit amounts, withdrawal requests, bonus utilisation, and betting patterns to ensure compliance with anti-money laundering regulations.

Technical data is automatically collected when you interact with our platform. This encompasses device information such as operating system, browser type, screen resolution, and unique device identifiers. We also track IP addresses, geographical location data, website navigation patterns, game preferences, session duration, and click-stream data to optimise your gaming experience and detect potentially fraudulent activities.

2. Data Processing Purposes and Legal Basis

We process your personal data based on several legal grounds recognised under UK data protection legislation. Each processing activity serves specific purposes that are essential for operating a licensed online gaming platform while ensuring player protection and regulatory compliance.

Contractual necessity forms the primary legal basis for processing your data when you register an account and engage with our gaming services. This includes account creation and management, processing deposits and withdrawals, facilitating gameplay, calculating winnings and losses, and providing customer support. Without this data processing, we cannot deliver the gaming services you have requested.

Legal compliance obligations require us to process certain personal information to meet licensing requirements imposed by the UK Gambling Commission and other regulatory bodies. This encompasses:

Age verification to prevent underage gambling
Identity confirmation for anti-money laundering compliance
Transaction monitoring for suspicious activity detection
Responsible gambling assessments and interventions
Reporting suspicious transactions to relevant authorities
Maintaining detailed audit trails for regulatory inspections

Legitimate interests justify data processing activities that benefit both our business operations and your gaming experience. These include fraud prevention and security monitoring, personalising game recommendations, conducting market research, improving website functionality, and developing new gaming products. We carefully balance these interests against your privacy rights to ensure proportionate processing.

Where required by law, we obtain your explicit consent for specific processing activities such as marketing communications, optional data sharing with trusted partners, and participation in promotional campaigns. You retain the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

3. Data Sharing and Third-Party Disclosures

We may share your personal information with carefully selected third parties who assist us in delivering secure and compliant gaming services. All data sharing arrangements are governed by strict contractual obligations that ensure your information receives appropriate protection and is used only for specified purposes.

Regulatory authorities receive personal data when required by law or licensing conditions. The UK Gambling Commission, Financial Conduct Authority, and National Crime Agency may request access to player information during investigations, compliance audits, or suspicious activity reports. We cooperate fully with these authorities while ensuring that disclosures remain proportionate and legally justified.

Payment processing partners handle your financial data to facilitate deposits and withdrawals. These include traditional payment processors, mobile network operators for pay-by-mobile services, and banking institutions. Each partner operates under stringent security standards and data protection agreements that limit data use to transaction processing and fraud prevention activities.

Technology service providers support various aspects of our platform operations. This encompasses:

Game developers who provide slot machines and casino games
Identity verification services for account validation
Cloud hosting providers for secure data storage
Customer support platforms for communication management
Analytics services for website performance optimisation
Cybersecurity firms for threat detection and prevention

Marketing partners may receive limited personal information when you explicitly consent to promotional communications or participate in affiliate programmes. This data sharing is always optional and you can withdraw consent through your account settings or by contacting customer support.

In exceptional circumstances, we may disclose personal information to law enforcement agencies, legal representatives, or other third parties when required to comply with court orders, respond to legal proceedings, protect our legitimate business interests, or safeguard the safety and security of our players and staff.

4. Data Security and Protection Measures

We implement comprehensive security measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. Our multi-layered security approach combines technical safeguards, administrative controls, and physical protections to maintain the confidentiality and integrity of your data throughout its lifecycle.

Technical security measures form the backbone of our data protection strategy. All personal information is encrypted using industry-standard SSL/TLS protocols during transmission and advanced encryption algorithms when stored in our databases. We maintain secure server environments with regular security updates, intrusion detection systems, and continuous monitoring for suspicious activities. Access controls ensure that only authorised personnel can access personal data, with all access attempts logged and regularly audited.

Administrative safeguards complement our technical protections through comprehensive policies and procedures. All employees receive regular data protection training and sign confidentiality agreements before accessing customer information. We conduct thorough background checks on staff members who handle sensitive data and implement role-based access controls that limit data exposure to job-relevant information only.

Physical security protections secure our data centres and office premises where personal information may be processed or stored. These include:

Restricted access controls with biometric authentication systems
24/7 security monitoring and surveillance systems
Environmental controls to prevent data loss from natural disasters
Secure destruction procedures for physical documents and storage media
Regular security assessments and penetration testing
Incident response procedures for potential security breaches

Despite our robust security measures, no system is completely immune to security risks. In the unlikely event of a data breach that poses risks to your rights and freedoms, we will notify you and relevant supervisory authorities within the timeframes required by UK data protection legislation. Our incident response procedures ensure rapid containment, assessment, and remediation of any security incidents.

5. Data Retention and Deletion Policies

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this privacy policy, comply with legal obligations, resolve disputes, and enforce our agreements. Our data retention practices balance your privacy rights with regulatory requirements and legitimate business needs.

Account information is retained for the duration of your active account plus an additional seven years following account closure to meet UK Gambling Commission record-keeping requirements. This includes personal identification details, financial transaction records, gameplay history, and customer communications. The extended retention period supports regulatory compliance, dispute resolution, and responsible gambling monitoring obligations.

Financial records require extended retention periods due to anti-money laundering regulations and tax obligations. Transaction details, source of funds documentation, and suspicious activity reports are maintained for seven years from the date of the last transaction. Payment method information is typically retained for shorter periods unless required for ongoing investigations or dispute resolution.

Marketing and communication data is retained based on your consent and engagement levels. Active marketing subscribers receive communications indefinitely until consent withdrawal, while inactive subscribers are typically removed after two years of non-engagement. Communication logs for customer support interactions are retained for three years to maintain service quality and resolve potential disputes.

Technical data such as IP addresses, device information, and website analytics are generally retained for shorter periods unless connected to fraud investigations or security incidents. Standard log files are typically purged after 12-18 months, while security-related data may be retained longer when necessary for ongoing protection measures.

When personal information reaches the end of its retention period, we employ secure deletion procedures that render data irretrievable. This includes overwriting electronic storage media, physical destruction of hard copy documents, and removal from backup systems. Some anonymised data may be retained indefinitely for statistical analysis and business intelligence purposes.

6. Your Rights and Contact Information

Under UK data protection legislation, you possess several important rights regarding your personal information. We are committed to facilitating the exercise of these rights through clear procedures and reasonable response timeframes. Understanding your rights empowers you to maintain control over your personal data and ensure its appropriate use.

You have the right to access personal information we hold about you, including details about processing purposes, data categories, recipients, and retention periods. Data portability rights enable you to receive your personal data in a structured, commonly used format and transmit it to other service providers where technically feasible. These rights support your ability to make informed decisions about your gaming activities and data sharing preferences.

Rectification rights allow you to request corrections to inaccurate or incomplete personal information. This includes updating contact details, correcting identification information, and amending financial data. We encourage you to maintain accurate account information through your online profile settings or by contacting customer support for assistance with complex corrections.

Erasure rights, commonly known as the “right to be forgotten,” enable you to request deletion of personal information under specific circumstances. This includes situations where data is no longer necessary for original processing purposes, consent has been withdrawn, or information has been unlawfully processed. However, erasure requests must be balanced against our legal obligations to retain certain records for regulatory compliance.

Processing restriction rights allow you to limit how we use your personal information while maintaining the data in our systems. This may be appropriate when you contest data accuracy, object to processing activities, or require data retention for legal proceedings. Restricted processing typically permits storage and limited use for specific purposes such as legal compliance or dispute resolution.

To exercise your data protection rights or raise privacy-related concerns, please contact our Data Protection Officer using the following methods:

Email: [email protected]
Post: Data Protection Officer, Mobile Gaming Services Ltd, 45 Moorgate, London EC2R 6BH, United Kingdom
Online form: Available through your account settings under “Privacy Controls”
Telephone: +44 203 876 5432 (Monday-Friday, 9:00 AM – 5:00 PM GMT)

We aim to respond to all data protection requests within one month of receipt, though complex requests may require additional time with appropriate notification. If you remain dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office, the UK’s supervisory authority for data protection matters. Regular reviews of this privacy policy ensure continued compliance with evolving regulations and industry best practices, with material changes communicated through prominent website notices and direct communications to registered users.