Privacy Policy

1. Introduction

Welcome to Mega Moolah's Privacy Policy. This policy explains how we collect, use, store, and protect your personal information when you use our website and services.

Mega Moolah is operated by Microgaming Ltd., a company registered in Malta (Company Registration Number: C27663), with registered offices at Level 2, Spinola Park, Triq Mikiel Ang Borg, St Julian's SPK 1000, Malta.

Important: By using our website and services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

1.1 Our Commitment to Privacy

We are committed to protecting your privacy and ensuring the security of your personal information. We comply with:

General Data Protection Regulation (GDPR) - EU Regulation 2016/679
ePrivacy Directive - Directive 2002/58/EC
Malta Data Protection Act - Chapter 586
UK Data Protection Act 2018 (where applicable)

2. Information We Collect

We collect different types of information for various purposes to provide and improve our services to you.

2.1 Personal Information

When you register an account or use our services, we may collect:

Data Category	Examples	Purpose
Identity Data	Full name, username, date of birth, gender	Account creation, age verification
Contact Data	Email address, phone number, postal address	Communication, account recovery
Financial Data	Payment card details, transaction history	Processing payments, fraud prevention
Transaction Data	Deposits, withdrawals, game history	Account management, compliance
Technical Data	IP address, browser type, device ID	Security, fraud prevention
Usage Data	Pages visited, game preferences, session duration	Service improvement, personalization
Marketing Data	Communication preferences, promotional opt-ins	Marketing communications (with consent)

2.2 Verification Documents

To comply with anti-money laundering (AML) and Know Your Customer (KYC) regulations, we may collect:

Government-issued photo ID (passport, driver's license, national ID card)
Proof of address (utility bill, bank statement)
Proof of payment method (credit card scan, e-wallet verification)
Source of funds documentation (if required)

2.3 Automatically Collected Information

We automatically collect certain information when you visit our website:

Log Data: IP address, browser type, pages visited, time spent, referring URLs
Device Data: Device type, operating system, unique device identifiers
Location Data: Approximate geographic location based on IP address
Cookies & Similar Technologies: See Section 5 for details

Legal Basis: We collect this information based on our legitimate interests in operating and improving our services, as well as to comply with legal obligations including gambling regulations and AML/KYC requirements.

3. How We Use Your Data

We use your personal information for the following purposes:

3.1 Account Management

Create and maintain your player account
Verify your identity and age (18+ requirement)
Process deposits and withdrawals
Provide customer support
Manage bonus offers and promotions

3.2 Legal & Regulatory Compliance

Comply with gambling regulations and licensing requirements
Perform KYC (Know Your Customer) and AML (Anti-Money Laundering) checks
Prevent fraud, money laundering, and other illegal activities
Respond to legal requests and court orders
Maintain records as required by law

3.3 Service Improvement

Analyze usage patterns to improve our website and games
Develop new features and functionality
Conduct internal research and analytics
Test and optimize user experience

3.4 Marketing & Communication (With Your Consent)

Send promotional offers and bonus notifications
Provide personalized gaming recommendations
Send newsletters and updates about new games
Run tournaments and competitions

Note: You can opt-out of marketing communications at any time by clicking the "unsubscribe" link in our emails or updating your account preferences.

3.5 Security & Fraud Prevention

Detect and prevent fraudulent activity
Monitor for suspicious transactions
Protect against security breaches
Enforce our Terms and Conditions
Identify and ban problem players (self-excluded, underage, etc.)

3.6 Responsible Gaming

Monitor player behavior for signs of problem gambling
Enforce deposit limits and self-exclusion requests
Provide resources for responsible gaming support
Comply with player protection regulations

4. Data Sharing & Disclosure

We do not sell your personal information. However, we may share your data with the following parties:

4.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our business:

Provider Type	Purpose	Data Shared
Payment Processors	Process deposits and withdrawals	Financial data, transaction details
ID Verification Services	Verify identity and age	Identity documents, personal details
Cloud Hosting Providers	Store and manage data	All account and usage data
Analytics Providers	Analyze website usage	Technical and usage data
Customer Support Tools	Provide customer service	Contact details, support history
Marketing Platforms	Send emails and notifications	Contact details, preferences

All service providers are bound by data processing agreements that require them to protect your data and use it only for specified purposes.

4.2 Legal & Regulatory Authorities

We may disclose your information to:

Gambling regulators (Malta Gaming Authority, UK Gambling Commission, etc.)
Law enforcement agencies in response to valid legal requests
Tax authorities as required by law
Courts and tribunals in legal proceedings
Financial crime agencies for AML/CTF compliance

4.3 Business Transfers

If we undergo a merger, acquisition, or sale of assets, your personal information may be transferred to the new owner. We will notify you before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information with other parties when you have given us explicit consent to do so.

Important: We never share your personal information with third parties for their own marketing purposes without your explicit consent.

5. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to track activity on our website and store certain information.

5.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and improve your browsing experience.

5.2 Types of Cookies We Use

Cookie Type	Purpose	Examples	Duration
Essential Cookies	Required for the website to function	Session management, authentication	Session
Functional Cookies	Remember your preferences	Language, currency, display settings	1 year
Analytics Cookies	Understand how you use the site	Google Analytics, page views, bounce rate	2 years
Marketing Cookies	Show relevant advertisements	Retargeting, ad performance tracking	1 year

5.3 Managing Cookies

You can control cookies through:

Browser Settings: Most browsers allow you to block or delete cookies
Our Cookie Consent Tool: Manage your cookie preferences on our website
Opt-Out Links: Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout

Note: Blocking essential cookies may prevent certain features of our website from functioning properly.

5.4 Third-Party Tracking

We use the following third-party analytics and tracking services:

Google Analytics: Website usage analytics
Hotjar: User behavior tracking and heatmaps
Facebook Pixel: Ad performance and retargeting

6. Your Privacy Rights

Under GDPR and other data protection laws, you have the following rights:

6.1 Right to Access

You have the right to request a copy of the personal information we hold about you. This is commonly known as a "Data Subject Access Request" (DSAR).

6.2 Right to Rectification

You can request that we correct any inaccurate or incomplete personal information we hold about you.

6.3 Right to Erasure ("Right to be Forgotten")

You can request that we delete your personal data in certain circumstances, such as:

The data is no longer necessary for the purposes it was collected
You withdraw consent (where consent was the legal basis)
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed

Important: We may not be able to delete your data if we are legally required to retain it (e.g., for gambling regulation compliance, financial records, or ongoing legal proceedings).

6.4 Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations, such as while we verify the accuracy of data you have challenged.

6.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

6.6 Right to Object

You can object to:

Processing based on legitimate interests
Direct marketing at any time
Automated decision-making and profiling

6.7 Right to Withdraw Consent

Where we rely on your consent to process your data, you have the right to withdraw that consent at any time.

6.8 How to Exercise Your Rights

To exercise any of these rights, please contact us:

Email: [email protected]
Online Form: Available in your account settings
Postal Mail: Data Protection Officer, Microgaming Ltd., Level 2, Spinola Park, St Julian's SPK 1000, Malta

We will respond to your request within 30 days. There is no charge for making a request, unless your request is clearly unfounded or excessive.

6.9 Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority:

Malta: Office of the Information and Data Protection Commissioner (IDPC) - https://idpc.org.mt
UK: Information Commissioner's Office (ICO) - https://ico.org.uk
EU: Your local data protection authority

7. Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it.

7.1 Technical Security Measures

Encryption: All data transmissions use TLS/SSL 256-bit encryption
Secure Storage: Personal data is stored in encrypted databases
Firewalls: Multi-layer firewall protection on all servers
Access Controls: Role-based access with multi-factor authentication
Regular Security Audits: Annual penetration testing and vulnerability assessments
Intrusion Detection: 24/7 monitoring for suspicious activity

7.2 Organizational Security Measures

Employee Training: All staff undergo data protection training
Need-to-Know Basis: Data access limited to authorized personnel only
Confidentiality Agreements: All employees and contractors sign NDAs
Incident Response Plan: Procedures in place for data breach notification
Regular Backups: Encrypted backups stored in secure offsite locations

7.3 Payment Security

All payment transactions are processed by PCI-DSS certified payment processors. We do not store your full credit card details on our servers.

7.4 Account Security - Your Responsibility

You can help keep your account secure by:

Using a strong, unique password
Enabling two-factor authentication (2FA)
Never sharing your login credentials
Logging out after each session on shared devices
Keeping your contact information up to date
Reporting any suspicious activity immediately

Data Breach Notification: In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay (within 72 hours of becoming aware of the breach).

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal requirements.

8.1 Retention Periods

Data Type	Retention Period	Reason
Account Information	Duration of account + 5 years	Gambling regulation compliance
Transaction Records	5 years from transaction date	AML/KYC legal requirements
KYC Documents	5 years after account closure	Regulatory compliance
Marketing Data	Until consent withdrawn	Consent-based processing
Game History	5 years from last activity	Dispute resolution
Support Communications	3 years from last contact	Quality assurance
Self-Exclusion Records	Indefinitely	Player protection

8.2 Account Closure

When you close your account, we will:

Deactivate your access immediately
Retain your data for the required regulatory period (5 years)
Anonymize or delete your data after the retention period expires
Stop sending marketing communications (unless you re-consent)

Note: Even after account closure, we may retain certain data if required by law or if needed to resolve disputes, enforce our agreements, or protect our legal rights.

9. International Data Transfers

Your personal information may be transferred to and processed in countries other than your country of residence.

9.1 Where We Transfer Data

We may transfer your data to:

European Economic Area (EEA): Our primary servers are located in Malta
United States: Some of our service providers (e.g., cloud hosting) are based in the US
Other Countries: Where necessary for providing our services

9.2 Safeguards for International Transfers

When we transfer data outside the EEA, we ensure adequate protection through:

EU-US Data Privacy Framework: For transfers to US companies
Standard Contractual Clauses (SCCs): EU Commission-approved contracts
Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
Binding Corporate Rules: For transfers within our corporate group

You can request a copy of the safeguards we have in place by contacting us at [email protected].

10. Children's Privacy

18+ Only: Our services are strictly for individuals aged 18 years or older. We do not knowingly collect or process personal information from anyone under 18.

10.1 Age Verification

We take the following steps to prevent underage gambling:

Mandatory age verification during registration
ID document verification for all players
Third-party age verification services
Monitoring for suspicious activity that may indicate underage access
Immediate account suspension if underage use is suspected

10.2 If We Discover Underage Use

If we discover that we have collected information from someone under 18:

We will immediately close the account
We will delete all personal information
We will return any deposits (minus any winnings)
We will report the incident to relevant authorities if required

If you become aware of underage gambling on our platform, please contact us immediately at [email protected].

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

11.1 How We Notify You of Changes

Website Notice: Prominent notice on our homepage for 30 days
Email Notification: Email to your registered address for material changes
Account Alert: In-app notification when you next log in
Updated Date: "Last Updated" date at the top of this policy

11.2 Material Changes

For significant changes that materially affect your rights, we will:

Provide at least 30 days' notice before the changes take effect
Seek your explicit consent if required by law
Offer you the option to close your account if you disagree with the changes

11.3 Review History

You can request previous versions of this Privacy Policy by contacting [email protected].

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

12.1 Data Protection Officer

📧 Contact Information

Email: [email protected]
Email (DPO): [email protected]

Postal Address:
Data Protection Officer
Microgaming Ltd.
Level 2, Spinola Park
Triq Mikiel Ang Borg
St Julian's SPK 1000
Malta

Phone: +356 2131 3131
Response Time: We aim to respond within 5 business days

12.2 Regulatory Contact

We are licensed and regulated by the Malta Gaming Authority:

License Number: MGA/B2C/106/2000
Website: https://www.mga.org.mt
Complaints: [email protected]

📑 Table of Contents