Welcome to the Mega Riches Casino privacy policy β your complete guide to how we collect, process, store, and protect your personal data in compliance with UK GDPR and Information Commissioner's Office (ICO) requirements as of 2026. At Mega Riches Casino, we take data protection and player privacy seriously. This policy is structured for clarity and legal precision, combining plain-English summaries with formal legal language to ensure every UK player understands their rights and our obligations.
This privacy policy stands as a standalone legal document and works alongside our terms and conditions, which provide the contractual framework for your use of our platform. For information on how cookies collect your data, please refer to our cookies policy. Should you wish to exercise any of your data rights outlined below, visit our contact page to submit your request.
π Table of Contents
- π Who We Are & Our Data Controller Role
- π What Personal Data Do We Collect?
- βοΈ Legal Basis for Data Processing Under UK GDPR
- π‘οΈ How We Secure & Store Your Data
- π Data Retention Periods
- π₯ Third-Party Data Sharing & International Transfers
- π Your Player Data Rights & How to Exercise Them
- π Children's Data Protection
- β€ Policy Updates & Changes
- π Contact Information & Data Protection Officer
π Who We Are & Our Data Controller Role
Mega Riches Casino is the data controller for all personal information you provide when registering, playing games, or using our platform. We are licensed and regulated in the UK and operate in compliance with all applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our commitment to safeguarding your information is embedded in every aspect of our operations, from account creation to payment processing and customer support.
As your data controller, we are responsible for determining why and how your data is processed. We work with data processors β third-party vendors such as payment providers, hosting services, and analytics platforms β who handle data only on our behalf and under our strict instructions.
π What Personal Data Do We Collect?
We collect personal data in three primary categories, each essential for operating our casino service lawfully and securely.
1. Registration & Account Data
When you create a Mega Riches Casino account, we collect:
- Name and email address β to identify your account and send service communications
- Date of birth β to verify you are 18+ and legally eligible to gamble
- Postal address and phone number β for KYC (Know Your Customer) verification and account recovery
- Username and password β for secure account access
- IP address and device information β to monitor account security and detect fraud
2. Payment & Financial Data
To process deposits, withdrawals, and bonuses, we collect:
- Bank account details or debit/credit card information β processed securely by PCI-DSS compliant payment processors
- Payment method type (e.g., card, e-wallet, bank transfer)
- Transaction history and amounts β for accounting, tax compliance, and anti-money laundering (AML) monitoring
- Source of funds declaration β for regulatory compliance
Important: We do NOT store full card details on our servers. Payment data is encrypted and processed exclusively by certified third-party payment handlers.
3. Gameplay & Behavioral Data
To enhance your gaming experience and ensure responsible gambling, we collect:
- Game selection and play history β which slots, live games, and sports bets you engage with
- Bet amounts and wagering patterns β to calculate bonuses, detect suspicious activity, and offer personalized promotions
- Time and duration of gaming sessions β to monitor for excessive play and trigger responsible gaming tools
- Device type and browser information β to optimize platform performance
- Responsible gaming preferences (deposit limits, self-exclusion status, reality checks) β stored to protect you
For more details on how cookies and tracking technologies collect behavioral data, see our cookies policy.
βοΈ Legal Basis for Data Processing Under UK GDPR
Under UK GDPR Article 6, every processing activity must have a lawful legal basis. The table below outlines how Mega Riches Casino processes your data:
| Data Category | Legal Basis | Purpose |
|---|---|---|
| Registration & verification data | Contract (Article 6.1(b)) + Legal obligation (Article 6.1(c)) | To perform our gambling contract with you; to meet UK gambling licensing requirements and anti-money laundering regulations |
| Payment & financial data | Contract (Article 6.1(b)) + Legal obligation (Article 6.1(c)) | To process payments; to comply with financial regulations and tax law |
| Gameplay data | Contract (Article 6.1(b)) + Legitimate interest (Article 6.1(f)) | To deliver gaming services; to detect fraud and problem gambling; to offer personalized bonuses |
| Marketing & promotional communications | Consent (Article 6.1(a)) | To send newsletters, promotions, and offers (only if you opt-in) |
| Anti-fraud & security monitoring | Legitimate interest (Article 6.1(f)) | To protect player accounts, detect unauthorized access, and prevent criminal activity |
| Responsible gaming monitoring | Legal obligation (Article 6.1(c)) | To ensure compliance with UK gambling legislation and prevent harm to vulnerable players |
Legitimate Interest Balancing Test: Where we rely on legitimate interest, we have assessed that our interest in fraud prevention, security, and service improvement outweighs any privacy impact to you. You have the right to object to processing based on legitimate interest β contact our Data Protection Officer for details.
π‘οΈ How We Secure & Store Your Data
Data security is non-negotiable at Mega Riches Casino. We implement multiple layers of protection to ensure your personal information remains confidential and protected against unauthorized access, alteration, or loss.
Security Measures in Place
- SSL/TLS encryption (256-bit) β all data transmitted between your device and our servers is encrypted, indicated by the π padlock icon in your browser
- At-rest encryption β personal data stored in our databases is encrypted using AES-256 encryption
- PCI-DSS compliance β payment card data is processed only by certified Level 1 PCI-DSS compliant service providers
- Firewalls & intrusion detection β our servers are protected by advanced firewall systems and real-time threat monitoring
- Access controls & authentication β staff access to player data is restricted on a need-to-know basis and logged for audit purposes
- Regular security audits β third-party penetration testing and vulnerability assessments conducted quarterly
- Data breach response protocol β in the unlikely event of a breach, we notify affected players and the ICO within 72 hours as required by GDPR Article 33
Our infrastructure is hosted on secure, ISO 27001-certified servers located in the UK and EU. We conduct regular backup procedures to prevent data loss.
π Data Retention Periods
We retain your personal data only as long as necessary for the purposes outlined in this privacy policy. The table below specifies retention periods for each data category:
| Data Category | Retention Period | Rationale |
|---|---|---|
| Account registration data | Duration of account + 6 years post-closure | Legal obligation for tax and fraud investigation purposes under UK gambling regulations |
| Payment & transaction records | Duration of account + 6 years post-closure | UK Money Laundering Regulations 2017 require 6-year retention |
| Gameplay & betting history | Duration of account + 5 years | To support account disputes, bonus claims, and regulatory audits |
| Know Your Customer (KYC) documents | Duration of account + 7 years | Gambling Commission licensing requirements and anti-fraud purposes |
| Marketing consent data | Until withdrawal of consent + 2 years | To respect your preferences and maintain opt-out records |
| Responsible gaming records | Duration of account + 3 years | To enforce self-exclusions and track player protection interventions |
| Website analytics & cookie data | Up to 24 months | See our cookies policy for detailed cookie retention |
After the retention period expires, we securely delete or anonymize your data so it cannot be linked back to you. If you wish to request earlier deletion, you may exercise your right to erasure β see the section below on player rights.
π₯ Third-Party Data Sharing & International Transfers
To operate Mega Riches Casino effectively, we share your personal data with carefully selected third parties who act as data processors or independent controllers. All third-party arrangements are governed by Data Processing Agreements (DPAs) compliant with UK GDPR.
Categories of Third Parties We Share Data With:
- Payment processors & financial institutions (Stripe, PayPal, bank partners) β to process deposits and withdrawals securely
- Identity verification providers (Jumio, Onfido) β to perform KYC checks and prevent fraud
- Anti-money laundering (AML) screening services β to monitor transactions for suspicious activity and comply with UK FCA regulations
- Game developers & software providers (NetEnt, Pragmatic Play, Evolution) β who provide gameplay data for service delivery
- Customer support platforms (Zendesk, Intercom) β to handle your enquiries and support tickets
- Email & marketing platforms (Klaviyo, Mailchimp) β only if you have opted in to marketing communications
- Analytics & fraud detection services (Google Analytics, Keitaro) β to monitor platform performance and detect cheating
- Hosting & cloud infrastructure providers (AWS, Microsoft Azure) β for secure data storage and platform hosting
- Legal & compliance advisors β when required by law or to protect our legal interests
- Gambling Commission & regulatory authorities β when legally required or for licensing compliance
International Data Transfers
Some of our third-party processors are located outside the UK and EU (e.g., USA, India). Where data is transferred internationally, we ensure adequate safeguards are in place:
- UK-EU adequacy decisions β data transferred to jurisdictions with equivalent data protection standards
- Standard Contractual Clauses (SCCs) β for transfers to countries without adequacy decisions, we use SCCs to ensure GDPR-compliant protections
- Binding Corporate Rules (BCRs) β where applicable, our international group entities comply with BCRs
- Your consent β we obtain explicit consent before transferring data to countries with inadequate protection frameworks
You have the right to request a copy of the safeguards in place for any international transfer β contact our DPO at the details provided below.
π Your Player Data Rights & How to Exercise Them
Under UK GDPR, you have a comprehensive suite of rights over your personal data. As a Mega Riches Casino player, you can exercise these rights at any time.
1. Right of Access (Article 15)
What it means: You can request a copy of all personal data we hold about you.
How to exercise it: Submit a Subject Access Request (SAR) via our contact page. We will provide your data in a portable, machine-readable format (typically CSV or PDF) within 30 calendar days. No fee applies unless your request is manifestly unfounded or excessive.
Example: You can request all your gameplay history, payments, account details, and communication records.
2. Right to Rectification (Article 16)
What it means: If your personal data is inaccurate or incomplete, you can ask us to correct it.
How to exercise it: Contact us at contact page and specify which data is incorrect. Examples: wrong address, misspelled name, outdated contact number. We will correct the data and confirm the change within 30 days.
3. Right to Erasure (Article 17) β 'The Right to Be Forgotten'
What it means: You can request deletion of your personal data under certain circumstances.
How to exercise it: Submit an erasure request via contact page. Important limitations: We may retain data if required by law (e.g., tax records, fraud investigation, 6-year anti-money laundering retention). We cannot erase data if you have an active account balance or ongoing disputes.
Example: Once your account is fully closed and all legal retention periods have expired, you can request deletion of non-essential marketing data.
4. Right to Restrict Processing (Article 18)
What it means: You can limit how we use your data without deleting it.
How to exercise it: Contact us to request restrictions. For example, you can ask us to stop processing your data for marketing while continuing to process it for account management and regulatory compliance.
5. Right to Data Portability (Article 20)
What it means: You can obtain your data in a structured, portable format and transfer it to another service provider.
How to exercise it: Request a data portability export via contact page. We will provide your data (account details, gameplay history, preferences) in CSV or JSON format within 30 days, free of charge. This right applies to data you provided and data generated from your interactions.
6. Right to Object (Article 21)
What it means: You can object to processing based on legitimate interest or for direct marketing.
How to exercise it: Contact us to object. For marketing: Simply click the 'unsubscribe' link in any promotional email. For other processing: We will stop processing unless we can demonstrate compelling reasons to continue (e.g., fraud prevention, legal obligations).
7. Rights Related to Automated Decision-Making & Profiling (Article 22)
What it means: You have rights if we make decisions about you solely using automated processing (e.g., automated account closure due to suspected fraud).
How to exercise it: If you believe a decision affecting you was made solely by automated means, contact our DPO. You have the right to human review and can request explanation of the decision logic.
Example: If your account is flagged by our anti-fraud system, you can request human verification of the decision before permanent closure.
How to Submit a Data Rights Request
All data rights requests should be submitted to our Data Protection Officer via:
- π§ Email: Submit via our contact form
- π± Post: Mega Riches Casino, Data Protection Officer, Registered Office Address (see contact details below)
- π¬ Live Chat: Available 24/7 on our platform
Response Timeline: We will acknowledge your request within 3 business days and provide a substantive response within 30 calendar days (extendable by 60 days for complex requests).
No Fee: Most requests are free. We only charge a reasonable fee if you submit multiple identical or manifestly unfounded requests.
π Children's Data Protection
Mega Riches Casino is strictly for adults aged 18+. We do not knowingly collect data from children under 18. Our age verification checks at registration are designed to prevent underage access. If we become aware that a child's data has been collected, we will immediately delete it and investigate how it occurred.
Parents or guardians: If you believe your child has registered with us, please contact us immediately via contact page.
For more on responsible gaming and player protection, visit our responsible gaming page.
β€ Policy Updates & Changes
We may update this privacy policy to reflect changes in our practices, technology, legal requirements, or other factors. Any material changes will be communicated to you:
- π§ Via email notification to your registered address
- π By prominent notice on our homepage
- β With a clear indication of the effective date of changes
Your continued use of Mega Riches Casino after we post an updated policy constitutes acceptance of the new terms. Last updated: 2026. Check this page regularly for the most current version.
π Contact Information & Data Protection Officer
For any questions regarding this privacy policy, your data rights, or our data protection practices, contact:
- Data Protection Officer: [email protected]
- General Enquiries: Use our contact page
- Live Chat Support: Available 24/7 on our platform
- Postal Address: Mega Riches Casino, Compliance Department, [Registered Office], United Kingdom
Response Time: We aim to respond to all data protection enquiries within 3-5 business days.
Your Right to Lodge a Complaint
If you are unhappy with how we have handled your data, you have the right to lodge a formal complaint with the Information Commissioner's Office (ICO) β the UK's independent authority for data protection.
- Website: www.ico.org.uk
- Phone: 0303 123 1113
- Email: [email protected]
You do not need to contact us first β you can complain directly to the ICO. However, we welcome the opportunity to resolve your concerns, so please reach out to us first if possible.
Additional Resources
For more information on your GDPR rights and data protection responsibilities:
- π ICO Guide to GDPR: www.ico.org.uk/for-organisations/guide-to-data-protection
- π‘οΈ UK GDPR Legislation: www.legislation.gov.uk
- π° Gambling Commission Licensing: www.gamblingcommission.gov.uk
At Mega Riches Casino, your trust is our priority. We are committed to transparent, lawful, and ethical data handling practices. Thank you for playing with us.
