Mega Riches Privacy Policy

Valid from Date	Description	Version
May 30, 2024	Creating a document	Version 1.0

Mega Riches Online Casino (“Mega Riches”) accessible on www.megariches.com; or Mega Riches mobile application (“Website”), is operated by:

• Mega Riches Limited (“Mega Riches Ltd”), which is constituted under the laws of Malta and has its registered office at The Space Level 2 & 3, Alfred Craig Street, Pieta, PTA 1320 Malta; or
• Videoslots Limited (“Videoslots Ltd”), which is constituted under the laws of Malta and has its registered office at The Space, Level 2 & 3, Alfred Craig Street, Pieta PTA 1320, Malta

in accordance with the relevant license(s) and jurisdictions as provided here.

Any reference to “We”, “Us”, “Our” or the “Company” in this Privacy Policy shall be construed as reference to Mega Riches Ltd’s or Videoslots Ltd’s operations of Mega Riches and/or the Website as stated above.

The Company values your integrity and privacy immensely and is committed to processing all of your personal data transparently, fairly and lawfully.

This Privacy Policy (together with Our Terms and Conditions and Our Cookie Policy) sets the standard for how the Company collects, stores and uses your personal data when you visit Our Website, as well as what your rights are, how the law protects these rights, and how you can exercise them (“Privacy Policy”).

1. About Us
2. Your Data
3. Sharing of Data
4. Joint Controllers
5. Transfers of Personal Data
6. Automated Decision Making
7. Data Security Measures
8. Data Retention
9. Your Rights

 

---

 

1. ABOUT US

(a) The purpose of the Privacy Policy

This Privacy Policy aims to provide you with a thorough understanding of how We process your personal data collected through your use of this Website, and also includes all data you may have provided in connection with your registration and through your use of Our online casino.

This Website is intended solely for persons over 18 years of age and we do not knowingly collect data related to persons under this age. If it becomes clear to us that We have collected personal data related to persons under the age of 18, for reasons related to the misuse of Our Website, We will do Our utmost to ensure that such data is processed in accordance with applicable law and our policies and procedures. This could not prevent you to assume the consequences due to said misuse or abuse of Our Website in accordance with Our Terms & Conditions.

Unless otherwise stated in this Privacy Policy, the applicable terms herein shall have the same meaning as set forth in the Terms and Conditions.

This Privacy Policy must be read in conjunction with any other confidentiality information We may have given you from time to time. This Privacy Policy is complementary to other such information and is not intended as a substitute for it.

We aim to protect your personal data, and always respect your privacy, in accordance with the highest standards in the industry and applicable law, notably the General Data Protection Regulation (EU) 2016/679 (“GDPR”), as well as any local laws in the countries in which We have a license under which We operate Our online casino.

You are responsible for providing personal data that is correct, and informing Us in writing of any changes that may occur, so that we can use all reasonable means to maintain Our information regarding you correct and up to date. In addition, We can implement data accuracy checks in accordance with the GDPR and ask you to verify your data we hold on you from time to time.

(b) Data Controller

We are data controllers in accordance with the relevant license(s) as provided here, and are therefore responsible for your personal data.

As We take your privacy seriously, We have appointed a data protection officer (“DPO”), whose responsibility is to oversee that the Company (i) acts in accordance with its legal obligations and (ii) is processing your personal data in compliance with applicable rules and regulations. The DPO is your contact person regarding any questions relating to this Privacy Policy. Should you have any queries regarding this policy, including any request to exercise your rights as data subject, please contact our DPO using the information below.

If you are using the services provided by Videoslots Ltd in accordance with the relevant license(s) as provided here, the following shall apply:

Full Name of Legal Entity	Videoslots Ltd (C49090)
Mailing address	The Space, Level 2 & 3, Alfred Craig Street, Pieta, PTA 1320 Malta
Email address	[email protected]

If you are using the services provided by Mega Riches Ltd in accordance with the relevant license(s) as provided here, the following shall apply:

Full Name of Legal Entity	Mega Riches Limited (C93203)
Mailing address	105 Gwardamangia Hill, Pieta, PTA 1313 Malta
Email address	[email protected]

You have the right, at any time, to lodge a complaint either with the supervisory authority in Malta, the Data Protection Commission (“IDPC”), or with the respective data protection authority in the country of your residence listed hereunder:

• The Information Commissioner's Office in the United Kingdom;
• The Datainspektionen heter nu Integritetsskyddsmyndigheten in Sweden;
• The Garante per la protezione dei dati personali in Italy;
• The Datatilsynets in Denmark; or
• Any other applicable data protection authority in the country of your residence.

However, we would really appreciate the opportunity to resolve your issues before contacting the respective authority, so please contact us in the first instance.

2. YOUR DATA

(a) What is personal data?

The GDPR defines personal data as follows:

Any information related to an identified or identifiable natural person (the data subject), an identifiable natural person, is one that can be identified directly or indirectly, in particular by means of ID such as name, identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person ".

As a Company customer, you are a "data subject" in relation to this Privacy Policy. In short, all personal data relating to you as a person is protected under the data protection laws and legislation. However, it does not include data where the identifiers relating to a "data item" have been removed in such a way that the data is rendered anonymous, meaning when the data subject is not or no longer identifiable (i.e. anonymous data).

(b) The important things - what, how and why?

We may collect, use, store and transfer various kinds of personal data. In this section We will explain the following:

(i)  What kind of data we collect.

(ii) How we collect data - Do We get data directly from you? Do We get it from other sources?

(iii) For what purpose do we collect data? - How and why do We use data.

(iv)  What our legal basis for data processing is - The possible legal bases that could justify it are:

1. Legal obligations - Is it required by law or regulations to process this data? Do We need to process this data to fulfil a legal obligation?
2. Legitimate interest - Regarding the legal basis, this means that We process your data in order to operate and control Our Company, in order to ultimately provide you with the best service and experience We can in any way. Before We exercise this right, We ensure that We assess the potential impact such treatment may have on you and your rights. Therefore, We do not use a method where your rights and interests as a "data subject", override Our interests in processing data.
3. Execution of the contract - Processing of personal data is necessary to fulfil the contractual obligations We enter into with you and of which you are a part (i.e. terms and conditions).
4. Consent - Your consent is used as a legal reason for processing your data, We only process your data as long as We have your consent to do so. If at any time you feel that you no longer wish to have your data processed, We will no longer do so. However, this does not affect any processing of personal data that We have performed with your consent before you have cancelled your consent. Please see section 8 of this Privacy Policy for more information on how to cancel your consent. 

Data collected	How do we collect your data?	Purpose of collection	Legal basis for data processing
Identification data - this includes name, selected username, date of birth, gender.	Requested upon registration.	(1)Identify the customer and create a unique customer profile. (2)Verify the customer for Anti-Money Laundering (AML). (3)Identify the customer when the contract is performed.	(1)Execution of contract. (2)Legal obligation. (3)Execution of contract / Legitimate interest.
Contact details - this includes email address, home address, mobile number.	Requested upon registration.	(1)Identify the customer and create a unique customer profile. (2)To be able to contact the customer. (3)Dissemination of marketing materials.	(1)Execution of contract. (2)Execution of contract. (3)Consent.
Necessary data for verification purposes - this includes your ID document, proof of address, and possibly proof of income, proof of wealth.	To be uploaded on the player profile upon request, can be requested either via a pop up message on the website or via email.	(1)Verification of the player's identity. (2)Necessary for us to comply with AML legislation.	(1)Legal obligation. (2)Legal obligation.
Financial data - this includes the financial data related to your chosen deposit and withdrawal method, therefore your bank details, credit card details and all relevant details related to the chosen payment method.	Collected by deposit or withdrawal from the player's account. Can also be requested via email / chat / phone calls.	(1)Required in order to offer a service (eg deposit into the player's account). (2)Required for Know-Your-Customer ("KYC") reasons. (3)Required, for cybercrime check. (4)Required, to ensure a "closed-loop" policy.	(1)Execution of contract. (2)Legal obligation. (3)Legitimate interest. (4)Legal obligation.
Transaction details - this includes details that relate to payments to and from you.	Automatically generated when making deposits and withdrawals.	(1)Required, in order to offer you the service. (2)Required, to comply with AML law and gaming license requirements. (3)Required, to track your activity for social responsibility reasons.	(1)Execution of contract. (2)Legal obligation. (3)Legal obligation / Legitimate interest.
Game data - this includes details related to the games you play on our Website (your game activity).	Automatically generated by game activity.	(1)Required, in order to offer you the service. (2)Required, to comply with Remote Gaming legislation.	(1)Execution of contract. (2)Legal obligation.
Data related to your communication with us (via email, live chat, phone calls).	Email correspondence and live chat when contacted. Telephone calls may be recorded to meet registration requirements.	(1)Required, in order to provide you with service (for customer inquiries, answering questions).	(1)Execution of contract.
Profile data - data related to your gaming habits and preferences.	Automatically generated by game activity or by the use of cookies, to capture preferences.	(1)Will possibly be used in an aggregated and anonymized format, to improve the service. (2)Will possibly be used, to create a more personal user experience. (3)Segmentation purpose - to place you in different groups based on different factors such as your gaming activity, etc. This is mainly so that we improve our product and service, by understanding our customers better. (4)Segmentation purpose for AML and social responsibility. (5)Targeted marketing.	(1) Legitimate interest - data in anonymised format is not personal data. (2)Consent. (3)Legitimate interest. (4)Legitimate interest. (5)Consent.
Technical data - this may include your internet protocol (IP) address, your login information, browser type and version, time zone, location and location, system and platform. User data - include data related to how you use our Website.	Cookie data.	(1)Location data / IP used to ensure that customers are not from a blocked country, or a high-risk country. (2)Location data / IP address is also used to ensure customers do not use a proxy or VPN, to ensure that they do not misuse bonuses or fraud when registering. (3)All other data (including location and IP) is used to improve the functionality of the website, solve technical problems and create more roducts for different platforms.	(1)Execution of contract. (2)Legitimate interest. (3)Legitimate interest.
My RTP data - may include your number of bets, total number of spins, overall RTP of your account, your own RTP compared to the game's RTP, highest win in specific games, and the bet placed, to achieve that win.	Automatically generated by game.	(1)You can now see your own RTP based on your game activity - this is a feature that should give you a better game service. We do this to improve the transparency of you as a player protected under consumer law.	(1)Legal obligation / Legitimate interest.
Marketing and communication data - includes your preferences regarding receiving marketing messages from us and other 3rd parties (as affiliates), and your communication preferences.		(1)Own marketing via various communication channels. (2)Marketing through affiliates.	(1)Consent (granular - per channel). (2)Consent.
Cookie data - please see our Cookie Policy for further information about how and for what purpose we collect your Cookies.

You can find further information below about how We process your data for the following reasons:

• Our own marketing activities - We do our best to ensure that you have the greatest control over what kind of marketing material you receive from Us or from third parties who act as data processors to us, processing your data on our behalf and following our instructions. You can view and change your marketing related choices in Our Privacy section of your account. If you feel that you would like more control over which marketing material We send to you, then you are welcome to contact our DPO using the contact information provided above. Should you wish to withdraw your consent, it may take up to 48 hours before We can be assured that the changes have been implemented in our system and in the systems of our marketing partners (and for this reason, you may receive emails or information from us within the 48 hours). Section 8 explains exactly how you can withdraw your consent.
• Marketing activities of our business partners - We never share your personal data with our business partners for their own marketing activities without your consent.
• AML and Social Responsibility - The Company is committed to providing you with the safest gaming environment We can create in any way. For that reason, We may process certain personal data that relates to you to a level that exceeds the legal requirements slightly but is done for your safety and peace of mind. We have a legitimate interest in doing so, as We feel responsible for your online security, and We can assure you that none of the checks We perform are unnecessarily invasive of your rights and freedoms as a "data subject".

Your personal data will not be processed for purposes other than those for which they were collected. Should further processing be required, We shall perform compatibility assessment (to confirm that any such further purpose is compatible with the initial purpose for which data was collected) and you will be informed of that purpose and provided with all necessary information. For your information, further processing for statistical purposes should be considered to be compatible lawful processing operation.

3. SHARING OF DATA

Due to the nature of Our service, in order to process your data as explained in section 2 of this Privacy Policy, We may need to share your personal data with a number of trusted third parties. These 3rd parties include:

(i) Game Providers - At times, Our game providers will need access to selected data (such as username and IP address) in order to provide us with the games you play on Our Website.

(ii) Payment Providers and Related Service Providers - Similarly, We may share some of your personal information with the payment provider you use to make deposits and withdrawals on Our Website.

(iii) Marketing Partners - When you consent to us sending you marketing and promotions, We may share your contact information (such as email address or postal address) with our marketing partners who are responsible for sending Our marketing material to you.

(iv) Government or Regulatory Authorities - We may, if necessary or authorized by law, provide your personal data to law enforcement agencies, government or regulatory organizations, courts or other public authorities. We try to always inform our customers about legal requirements for their personal information, unless We are prevented from doing so due to legislation or courts or when the request is an emergency. We may contest such claims if We believe the requests are disproportionate, unclear or lack the proper authority, but We do not promise to challenge any request.

(v) Client communication software - We use 3rd party software to help us communicate with you. This software allows us to send emails to you and talk to you on Our Live Chat whenever you have any questions.

(vi) AML and anti-fraud tools - We use third party software to perform certain AML and fraud verification checks, which in this case are necessary to comply with Our legal obligation.

We always ensure that a third party who has access to your personal data is obliged to respect the security of your personal data, and always process it in a lawful manner, as well as in accordance with our Privacy Policy and strict contractual provisions. We do not allow any third party service provider to use your personal data for their own purposes, except when your personal data is shared with yet another data controller, such as for example, the governmental and regulatory authorities who could request your personal data to fulfil the public tasks they are entrusted to.

Should your personal data be shared with third parties who are Our data processors in the sense of the GDPR, such sharing is solely carried out for the specific purposes and in accordance with Our instructions as Data Controller and on Our behalf, and such third parties may only use your personal data to the extent to which We ourselves are entitled. Furthermore, in all cases, We strive to ensure that We do not share more data than is necessary for the service providers to carry out the processing activities in accordance with Our instructions.

4. JOINT CONTROLLERS

The Company can act as a joint controller when, together with one or more organizations, it jointly determines the purpose and means of processing personal information. In such cases, the joint controllers shall enter into a joint-controllership arrangement setting out the obligations and responsibilities of each party, and you will be informed about this arrangement in due time.

5. TRANSFERS OF PERSONAL DATA

SSome of the service providers mentioned in section 3 above may be based in countries that are not part of the European Economic Area (“EEA”). This may mean that your data may be processed in a location outside the EEA. Whenever a transfer of your personal data is made to a data processor or a data controller based outside the EEA, We always ensure that your data is protected in the same way as it stays in the EEA. To ensure the protection of your data, We will implement at least one of the following safeguards:

(i) Adequacy basis - We ensure that We transfer your personal data to countries that provide an adequate level of data protection in accordance with the European Commission decision(s).

(ii) Standard Contractual Clauses - When a data processor or data controller is not based in a country benefiting from an adequacy decision, We may use special contracts, known as standard contractual clauses, which are model contracts approved by the European Commission. These contracts also ensure that personal data is afforded the same protection as it is in the EEA. In accordance with the Court of Justice of the European Union Schrems II case law, we shall implement complementary measures (technical, contractual or organisational), in addition to the Standard Contractual Clauses, if necessary and/or where relevant.

6. AUTOMATED DECISION MAKING

When establishing and implementing our business relationships, We do not use automated decision making. If We use this method in individual cases, i.e. only when the processing activities based on automated decision-making are permissible under the exceptions within the GDPR, these operations shall be subject to suitable safeguards to protect your rights and freedoms. Most importantly, you will be provided (i) the appropriate information, (ii) the right to obtain human intervention on the part of the controller, (iii) the right to express your point of view, (iv) the right to obtain an explanation of the decision reached after such assessment and (v) the right to contest the decision, unless prohibited by applicable law.

7. DATA SECURITY MEASURES

The Company always strives to ensure that your personal data is secure, both in Our hands and in the hands of any third party to whom we may have passed on your personal data. Internally, We have implemented a number of technical, contractual, as well as organizational measures, to ensure that your personal data is not accidentally lost, used, accessed in an unauthorized manner, altered or disclosed. We also ensure that access to your personal information is determined on a "need-to-know" basis, which means that only people with direct needs to access your personal data will have access to them. In addition, anyone who has access to your personal data has a duty of confidentiality.

We also have procedures in place to deal with any suspected or actual personal data breaches. We will inform both you as a "data subject" and the regulatory authority affected by such data security breaches when it is legally necessary to do so, and we will maintain a list of any such breaches.

8. DATA RETENTION

The Company will only retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected. Some objectives may include the satisfaction of any legal, accounting or reporting requirements.

When determining how long a retention period is appropriate for your personal data, We take into account various factors, such as the nature and sensitivity of the personal data, the potential risk of unauthorized use or disclosure of such data, the purpose We collected and processed such data for and applicable laws and/or legal requirements imposed on Us.

For example, in Malta, We are required by Anti Money Laundering law to store your personal data for a minimum period of five (5) years after Our business relationship is terminated. In the UK, in accordance with the Ordinary code provision 3.5.4 of the LCCP, your personal shall be retained for AML purposes for seven (7) years. The termination of Our business relationship takes effect on the day your account with Us is officially closed.

Another example, the accounting and financial documents should be kept for ten (10) years in accordance with the Companies Act - Article 163(5) (Malta).

You are welcome to contact our DPO using the contact information provided further up for further information about Our storage periods.

9. YOUR RIGHTS

Data protection law gives you, as a "data subject", certain rights under certain circumstances. In accordance with the law, you have the right to:

(i) Request Access to Your Personal Data - This means that you have the right to request a copy of the personal data We hold about you free of charge.

(ii) Request for Correction of Your Personal Data - This means that if any of the personal information We hold about you is incomplete or incorrect, you have the right to have it corrected. Keep in mind, however, that We may need you to provide proof and documentation (such as your ID documentation or proof of address) in order to comply with your request.

(iii) Request to have your personal data deleted - This means that you can request to have your personal data deleted if We no longer have a legal reason to continue to process or store it. Please note that this right is not guaranteed - in the sense that We do not have the ability to comply with your request if We are subject to a legal obligation to store your data or if We have the reason that it that necessary to store your personal data, in order to defend ourselves in a legal dispute.

(iv) Object to the processing of your personal data where We rely on Our legitimate interest (or a third party legitimate interest) to process your personal data and you feel that We process your data in such a way that it violates your fundamental rights and freedoms. However, in some cases, We may be able to demonstrate that We have a compelling legitimate ground to process your data which may override your rights and freedoms. You may submit your objections to the processing of your personal data on the grounds of the above-mentioned legitimate company interests by contacting our DPO.

(v) Request a Restriction on the Processing of Your Personal Data - You may ask Us to temporarily suspend the processing of your personal data in one of the following cases: (a) When you want Us to determine the accuracy of your data, (b) when Our use of your data is not in accordance with the law, but you do not want Us to delete it, (c) when you need Us to store your personal data, even when it is no longer necessary for Us to establish, exercise or defend legal claims, or (d) when you have objected to the processing of your personal data, but We need to verify whether We have overriding legitimate reasons for disregarding your request.

(vi) Request Transfer of Your Personal Data (i.e. data portability) - This means that you may request us to transfer certain data about you that We have processed to a third party. This right only applies to data acquired through automated sources that you originally gave Us consent to use, or where We used your data, to perform Our obligations under a contract with you.

(vii) Withdraw your consent at any time when we rely on your consent to process your personal data - Termination or withdrawal of your consent will not affect the legality of the processing We have performed until the time you withdrew your consent. Withdrawal of your consent means that in the future you no longer want to have your data treated in the same way. This means that you can no longer give us permission to provide certain services (e.g. Marketing). You can withdraw your consent at any time via the Privacy section located on "Your Account" on the Website. In addition, you can withdraw your consent from marketing through the ‘opt-out’ unsubscribe button provided in the email you receive from us.

(viii) File a complaint with a supervisory authority - As explained in section 1 (b) of this Privacy Policy.

In order to enforce your rights, as explained above, We may need specific information about you that can help Us verify your identity. This is a security measure to ensure that the person We disclose your personal data to is really you.

We will do our utmost to respond to all legitimate requests within a one-month timeframe from the submission of a request. If your request is particularly complex, or if you have made multiple requests in a certain period, it may take us a little longer. In such a case, we will notify you of this extension which, in accordance with the GDPR can be for additional two (2) month after the first one-month period.