Mega Fortune Privacy Policy

Valid from Date	Description	Version
May 30, 2024	Creating a document	Version 1.0

1. Overview

Mega Fortune accessible on www.megafortune.com (“Website”), is operated by, or on behalf of:

Mega Fortune Limited (“Mega Fortune Ltd”), which is constituted under the laws of Malta and has its registered office at The Space, Level 2 & 3, Alfred Craig Street, Pieta PTA 1320, Malta; or

in accordance with the relevant license(s) and jurisdictions as provided here.

Any reference to “We”, “Us”, “Our” or the “Company” in this Privacy Policy shall be construed as reference to Mega Fortune or Mega Fortune Limited operations of the Website.

The Company values your integrity and privacy immensely and is committed to processing all of your personal data transparently, fairly and lawfully.

This Privacy Policy (together with Our Terms and Conditions and Our Cookie Policy) sets the standard for how the Company collects, stores and uses your personal data when you visit Our Website, as well as what your rights are, how the law protects these rights, and how you can exercise them (“Privacy Policy”).

Overview
About Us
Your Data
Sharing of Data
Joint Controllers
Transfers of Personal Data Outside The EEA
Profiling & Automated Decision Making
Data Security Measures
Data Retention
Your Rights
Changes To The Privacy Policy

2. ABOUT US

(a) The purpose of the Privacy Policy

This Privacy Policy aims to provide you with a thorough understanding of how We process your personal data collected through your use of this Website, and also includes all data you may have provided in connection with your registration and through your use of Our online casino.

This Website is intended solely for persons over 18 years of age and we do not knowingly collect data related to persons under this age. If it becomes clear to us that We have collected personal data related to persons under the age of 18, for reasons related to the misuse of Our Website, We will do Our utmost to ensure that such data is processed in accordance with applicable law and our policies and procedures. This could not prevent you to assume the consequences due to said misuse or abuse of Our Website in accordance with Our Terms & Conditions.

Unless otherwise stated in this Privacy Policy, the applicable terms herein shall have the same meaning as set forth in the Terms and Conditions.

This Privacy Policy must be read in conjunction with any other confidentiality information We may have given you from time to time. This Privacy Policy is complementary to other such information and is not intended as a substitute for it.

We aim to protect your personal data, and always respect your privacy, in accordance with the highest standards in the industry and applicable law, notably the General Data Protection Regulation (EU) 2016/679 (“GDPR”), as well as any local laws in the countries in which We have a license, under which We operate Our online casino.

You are responsible for providing personal data that is correct, and informing Us in writing of any changes that may occur, so that we can use all reasonable means to maintain Our information regarding you correct and up to date. In addition, We can implement data accuracy checks in accordance with the GDPR and ask you to verify your data we hold on you from time to time.

(b) Data Controller

We are data controllers in accordance with the relevant license(s) as provided here, and are therefore responsible for your personal data.

As We take your privacy seriously, We have appointed a data protection officer (“DPO”), whose responsibility is to oversee that the Company

acts in accordance with its legal obligations and
is processing your personal data in compliance with applicable rules and regulations.

The DPO is your contact person regarding any questions relating to this Privacy Policy. Should you have any queries please contact our DPO using the information below.

Full Name of Legal Entity	Mega Fortune
Mailing address	The Space, Level 2 & 3, Alfred Craig Street, Pieta, PTA 1320 Malta
Email address	[email protected]

3. YOUR DATA

(a) What is personal data?

The GDPR defines personal data as follows:

Any information related to an identified or identifiable natural person (the data subject), an identifiable natural person, is one that can be identified directly or indirectly, in particular by means of ID such as name, identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person ".

As a Company customer, you are a "data subject" in relation to this Privacy Policy. In short, all personal data relating to you as a person is protected under the data protection laws, applicable regulation and legislation. However, it does not include data where the identifiers relating to a "data item" have been removed in such a way that the data is rendered anonymous, meaning when the data subject is not or no longer identifiable (i.e. anonymous data).

(b) The important things - what, how and why?

We may collect, use, store and transfer various kinds of personal data. 

The table below provides a clear breakdown of:

(i)  What kind of data we collect.
(ii) How do We collect data
(iii) For which purpose do we collect data

(iv)  What is our legal basis for processing personal data

Legal obligations - It might be necessary to process this data in order to comply with the applicable laws, regulations and legislation.

Legitimate interest - In relation to the legal basis, we process your data to operate and control our company, with the ultimate goal of providing you with the best possible service and experience. Prior to exercising this right, we carefully evaluate the potential impact that such processing may have on you and your rights. As such, we do not employ a method where your rights and interests as a 'data subject' are overridden by our interests in processing data.

Execution of the contract - Processing of personal data is necessary to fulfil the contractual obligations We enter into with you and of which you are a part (i.e. terms and conditions).

Consent - The legal basis for processing your data is your consent. We will process your data only as long as we have your consent to do so. If you decide to withdraw your consent, we will stop processing your data. Please note that any processing of personal data that we have already carried out with your consent before you withdrew it will not be affected. 

(Please see section 9 of this Privacy Policy for more information on how to cancel your consent.)

Data collected	How do we collect your data?	Purpose of collection	Legal basis for data processing
Identification data – e.g.: name & surname, selected username, date of birth, gender.	Requested upon registration.	(1)Identify the customer and create a unique customer profile. (2)Verify the customer for Anti-Money Laundering (AML). (3)Identify the customer when the contract is performed.	(1)Execution of contract. (2)Legal obligation. (3)Execution of contract / Legitimate interest.
Contact details - e.g.: email address, home address, mobile number.	Requested upon registration.	(1)Identify the customer and create a unique customer profile. (2)To be able to contact the customer. (3)Dissemination of marketing materials.	(1)Execution of contract. (2)Execution of contract. (3)Consent.
Necessary data for verification purposes -  e.g.: your ID document, proof of address, and possibly proof of income, proof of wealth.	To be uploaded on the player profile upon request, can be requested either via a pop-up message on the website or via email.	(1)Verification of the player's identity. (2)Necessary for us to comply with AML legislation.	(1)Legal obligation. (2)Legal obligation.
Financial data - e.g.: this includes the financial data related to your chosen deposit and withdrawal method, therefore your bank details, credit card details and all relevant details related to the chosen payment method.	Collected upon deposit or withdrawal from the player's account. Can also be requested via email / chat / phone calls.	(1)Required in order to offer a service (e.g. deposit into the player's account). (2)Required for Know-Your-Customer ("KYC") reasons. (3)Required, for cybercrime check. (4)Required, to ensure a "closed-loop" policy.	(1)Execution of contract. (2)Legal obligation. (3)Legitimate interest. (4)Legal obligation.
Transaction details - e.g. payments made to and received from your account.	Automatically generated when placing deposits and requesting withdrawals.	(1)Required, in order to offer you the service. (2)Required, to comply with AML law and gaming license requirements. (3)Required, to track your activity for social responsibility reasons.	(1)Execution of contract. (2)Legal obligation. (3)Legal obligation / Legitimate interest.
Game data - e.g.: this includes details related to the games you play on our Website (your game activity).	Automatically generated by game activity.	(1)Required, in order to offer you the service. (2)Required, to comply with Remote Gaming legislation.	(1)Execution of contract. (2)Legal obligation.
Data related to your communication with us (via email, live chat, phone calls).	When you contact Us via Email correspondence and live chat. Telephone calls may be recorded to meet registration requirements.	(1)Required, in order to provide you with service (for customer inquiries, answering questions).	(1)Execution of contract.
Profile data - data related to your gaming habits and preferences.	Automatically generated by game activity or by the use of cookies, to capture preferences.	(1)Will possibly be used in an aggregated and anonymized format, to improve the service. (2)Will possibly be used, to create a more personal user experience. (3)Segmentation purpose - to place you in different groups based on different factors such as your gaming activity, etc. This is mainly so that we improve our product and service, by understanding our customers better. (4)Segmentation purpose for AML and social responsibility. (5)Targeted marketing.	(1) Legitimate interest - data in anonymised format is not personal data. (2)Consent. (3)Legitimate interest. (4)Legitimate interest. (5)Consent.
Technical data - e.g.: your internet protocol (IP) address, your login information, browser type and version, time zone, location and location, system and platform. User data - include data related to how you use our Website.	Cookie data.	(1)Location data / IP used to ensure that customers are not from a blocked country, or a high-risk country. (2)Location data / IP address is also used to ensure customers do not use a proxy or VPN, to ensure that they do not misuse bonuses or fraud when registering. (3)All other data (including location and IP) is used to improve the functionality of the website, solve technical problems and create more roducts for different platforms.	(1)Execution of contract. (2)Legitimate interest. (3)Legitimate interest.
My RTP data - e.g.: number of bets, total number of spins, overall RTP of your account, your own RTP compared to the game's RTP, highest win in specific games, and the bet placed, to achieve that win.	Automatically generated by games.	(1)You can see your own RTP based on your game activity - this is a feature that should give you a better game service. Our goal is to enhance the transparency for players, while ensuring compliance with consumer protection laws.	(1)Legal obligation / Legitimate interest.
Marketing and communication data - includes your preferences regarding receiving marketing messages from us and other 3rd parties (as affiliates), and your communication preferences.		(1)Own marketing via various communication channels. (2)Marketing through affiliates.	(1)Consent (granular - per channel). (2)Consent.
Cookie data - please see our Cookie Policy for further information about how and for what purpose we collect your Cookies.

Our own marketing activities -

In accordance with the applicable laws and on the basis of Our legitimate interest or Your consent, We may also use your personal data to send you marketing material and notifications by email or text messages.

 We aim to offer you the highest level of control over the marketing material that you receive from us or from third-party data processors who process your data on our behalf and follow our instructions.

You may access and modify your marketing preferences in the Privacy section of your account. If you wish to have more control over the marketing material that we send you, we kindly request that you contact our DPO using the provided contact information. In the event that you choose to withdraw your consent, please be aware that it may take up to 48 hours for us to ensure that the changes have been implemented in our system and in the systems of our marketing partners. During this time, you may still receive emails or information from us.

Consent Withdrawal - You can withdraw your consent at any time via the Privacy section located on "Your Account" on the Website. In addition, you can withdraw your consent from marketing through the ‘opt-out’ unsubscribe button provided in the email you receive from us.

Marketing activities of our business partners - we never share your personal data with our business partners for their own marketing activities without your consent.
AML and Social Responsibility - The Company is committed to providing you with the safest gaming environment We can create in any way. For that reason, We may process certain personal data that relates to you to a level that exceeds the legal requirements slightly but is done for your safety and peace of mind. We have a legitimate interest in doing so, as We feel responsible for your online security. Our checks are designed to be minimally invasive and respect your rights and freedoms as a data subject.

Your personal data will only be processed for the purposes for which it was collected. In the event that we need to process it for any other purpose, we will conduct a compatibility assessment to ensure that the new purpose is compatible with the original purpose for which the data was collected. We will then inform you of the new purpose and provide you with all necessary information. Should the new purpose not be compatible with the original purpose, we will ask for your consent.

As part of our operations, we may collaborate with various business partners, suppliers, and service providers who play a key role in the functioning of our Website, Games, and other services. These third parties may process your personal data on our behalf for the purposes outlined in this privacy policy.

This processing is conducted under our direction, ensuring that your data is handled in accordance with applicable data protection laws and our commitment to safeguarding your privacy. We are committed to ensuring the security of your personal data. Therefore, we require all third parties with whom we share your data to uphold the same standards of security and to comply with applicable data protection laws.

Our third-party service providers are prohibited from using your personal data for their own purposes unless legally permitted or required. They may only process your personal data for specific purposes that align with our instructions. To ensure compliance and security, we conduct thorough vetting of our partners and enter into stringent data processing agreements as necessary. This ensures that your data is handled appropriately and safeguarded throughout the processing lifecycle.

Game Providers- At times, Our game providers will need access to selected data (such as username and IP address) in order to provide us with the games you play on Our Website.
Sportsbook Providers & Sports Governing Bodies - We may share your personal data with our sportsbook provider to facilitate the delivery of sportsbook services and for risk management purposes.
Payment Providers and Related Service Providers - Similarly, We may share some of your personal information with the payment provider you use to make deposits and withdrawals on Our Website.
Marketing Partners - When you consent to us sending you marketing and promotions, We may share your contact information (such as email address or postal address) with our marketing partners who are responsible for sending Our marketing material to you. By agreeing (‘Opt in’) to receive marketing and promotional material from us, you acknowledge that your contact information, such as your email, phone number or postal address, will be shared with our marketing partners who will be responsible for sending the material to you.
Client communication software - Third-party software is used to facilitate communication with you. This software enables us to send emails and engage with you via live chat should you have any queries. We use 3rd party software to help us communicate with you. This software allows us to send emails to you and talk to you on Our Live Chat whenever you have any questions.
AML and anti-fraud tools - We use third party software to perform certain AML and fraud verification checks, which in this case are necessary to comply with Our legal obligation.
Professional advisers - e.g. lawyers, auditors and other third parties as necessary.
Government or Regulatory Authorities We may, if necessary or authorized by law, provide your personal data to law enforcement agencies, government or regulatory organizations, courts or other public authorities. We strive to keep our customers informed about legal requirements regarding their personal information, unless prevented by legislation, courts, or emergency situations. While we reserve the right to contest requests that we believe are disproportionate, unclear, or lack proper authority, we cannot guarantee that we will challenge every request.
Cloud Service Providers - We may engage cloud service providers to offer cloud-based solutions, including but not limited to storage and hosting of certain software and data.

Intra-Group Sharing

To effectively manage and enhance our services, companies within our corporate group may share and access customer data as needed to support the Controller in specific functions. This intra-group sharing enables us to provide consistent and high-quality service across all brands and operations, allowing us to offer certain services, support essential functions, and ensure alignment in key areas of our business.

5. JOINT CONTROLLERS

The Company may act as a joint controller when, together with one or more organizations, it jointly determines the purpose and means of processing personal information. In such cases, the joint controllers shall enter into a joint-controllership arrangement setting out the obligations and responsibilities of each party, and you will be notified of this agreement in a timely manner.

6. TRANSFERS OF PERSONAL DATA outside the European Economic Area (‘EEA’)

SSome of the service providers mentioned in section 3 above may be based in countries that are not part of the European Economic Area (“EEA”). This may mean that your data may be processed in a location outside the EEA. Whenever a transfer of your personal data is made to a data processor or a data controller based outside the EEA, We always ensure that your data is protected in the same way as it stays in the EEA. To ensure the protection of your data, We will implement at least one of appropriate safeguards determined by the EU Commission

Adequacy basis - We ensure that We transfer your personal data to countries that provide an adequate level of data protection in accordance with the European Commission decision(s).
Standard Contractual Clauses- When a data processor or data controller is not based in a country benefiting from an adequacy decision, We may use special contracts, known as standard contractual clauses, which are model contracts approved by the European Commission. These contracts also ensure that personal data is afforded the same protection as it is in the EEA. In accordance with the Court of Justice of the European Union Schrems II case law, we shall implement complementary measures (technical, contractual or organisational), in addition to the Standard Contractual Clauses, if necessary and/or where relevant.

7. Profiling & AUTOMATED DECISION MAKING

In certain instances, automated systems are employed to facilitate the generation of decisions based on personal information. This approach enables us to streamline the decision-making process, ensuring that our decisions are timely, impartial, efficient, and accurate. Therefore, the implementation of automated decision-making might influence the products, services, or features that we may offer you in the present or future, as well as the capacity to utilise our services.

We may use automated decision making in the following situations:

Opening account: When you open an account with us, we check that the product or service is relevant for you, based on our knowledge. Furthermore, we verify that you meet the conditions required to open an account in accordance with our Customer Acceptance Policy. This may include verifying the age, residency, nationality or financial position of the applicant.
Fraud detection: We use your personal information to help us decide and detect if your account may be being used for fraud or money laundering. If we believe there is a risk of fraud, we may block or suspend the account.
To assess betting risk: An automated system may be used to evaluate the associated risk of your bet in accordance with our Betting Rules. This system is used by many betting operators to help them make fair and informed decisions about betting. Betting scoring takes account of information provided by the customer at registration and throughout the use of our services.
To assess AML & RG risk: Automated profile risk assessment includes scoring of several risk factors for each customer account. The risk factors of which the system keeps track are scored and averaged to create a profile risk score and classification.

Based on this information, We make an impartial and informed decision on whether the customer falls within our risk appetite and/or will continue with our business agreement, in accordance with our internal policies and legal responsibilities.

It is your right not to be subject to a decision, including profiling, when it is based on the automated processing of your personal information, and it has a legal effect or a similarly significant effect on you.

Please note that the right does not apply when the processing is:

necessary for entering into or for the performance of a contract with you; or
authorised by law; or
based on your explicit consent.

Should you have any queries or concerns regarding this section, please direct them in writing to our Data Protection Officer.

8. DATA SECURITY MEASURES

The Company will always endeavour to ensure that your personal information is secure, both in our hands and in the hands of any third parties to whom we may have disclosed your personal information.

Internally, we have implemented a number of technical, contractual and organisational measures to ensure that your personal information is not accidentally lost, used, accessed, altered or disclosed in an unauthorised manner. This protection shall follow a defence in depth strategy through continuous investment in technology, processes and other resources in line with best industry practices. We also ensure that access to your personal information is determined on a "need-to-know" basis, which means that only individuals who have a direct need to know your personal information have access to it. In addition, anyone who has access to your personal information is bound by a duty of confidentiality. We also have procedures in place to deal with any suspected or actual personal data breaches. We will inform both you as a "data subject" and the regulatory authority affected by such data security breaches when it is legally necessary to do so, and we will maintain a list of any such breaches.

It is of the utmost importance that our customers remain vigilant and adhere to the standard information security precautions. Therefore:

It is imperative that you never disclose your account credentials, personal information and other confidential account data.
It is crucial that you never allow someone to take control of your computer or other device.
It is essential that you never assume that a mobile call, email or SMS is genuine. Always check via a trusted source before carrying out any operation.

9. DATA RETENTION

The Company will only retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected. Some purposes may include satisfying any legal, accounting or reporting requirements.

When determining how long a retention period is appropriate for your personal data, We take into account various factors, such as the nature and sensitivity of the personal data, the potential risk of unauthorized use or disclosure of such data, the purpose We collected and processed such data for and applicable laws and/or legal requirements imposed on Us.

For example, in Malta, We are required by Anti Money Laundering law to store your personal data for a minimum period of five (5) years after Our business relationship is terminated. In the UK, in accordance with the Ordinary code provision 3.5.4 of the LCCP, your personal shall be retained for AML purposes for seven (7) years. The termination of Our business relationship takes effect on the day your account with Us is officially closed.

Another example, the accounting and financial documents should be kept for ten (10) years in accordance with the Companies Act - Article 163(5) (Malta).

You are welcome to contact our DPO using the contact information provided further up for further information about Our retention periods.

10. YOUR RIGHTS

Data protection law gives you, as a "data subject", certain rights under certain circumstances. In accordance with the law, you have the right to:

(I) Request Access to Your Personal Data - This means that you have the right to request a copy of the personal data We hold about you free of charge.

We will do our utmost to respond to all legitimate requests within a one-month timeframe from the submission of a request. If your request is particularly complex, or if you have made multiple requests in a certain period, it may take us a little longer. In such a case, we will notify you of this extension which, in accordance with the GDPR can be for additional two (2) month after the first one-month period.

(II) Request for Correction of Your Personal Data - This means that if any of the personal information We hold about you is incomplete or incorrect, you have the right to have it corrected. Keep in mind, however, that We may need you to provide proof and documentation (such as your ID documentation or proof of address) in order to comply with your request.

(III) Request to have your personal data deleted - This means that you can request to have your personal data deleted if We no longer have a legal reason to continue to process or store it. Please note that this right is not guaranteed - in the sense that We do not have the ability to comply with your request if We are subject to a legal obligation to store your data or if We have the reason that it that necessary to store your personal data, in order to defend ourselves in a legal dispute.

(IV) Object to the processing of your personal data where We rely on Our legitimate interest (or a third party legitimate interest) to process your personal data and you feel that We process your data in such a way that it violates your fundamental rights and freedoms. However, in some cases, We may be able to demonstrate that We have a compelling legitimate ground to process your data which may override your rights and freedoms. You may submit your objections to the processing of your personal data on the grounds of the above-mentioned legitimate company interests by contacting our DPO.

(V) Request a Restriction on the Processing of Your Personal Data - You may ask Us to temporarily suspend the processing of your personal data in one of the following cases: (a) When you want Us to determine the accuracy of your data, (b) when Our use of your data is not in accordance with the law, but you do not want Us to delete it, (c) when you need Us to store your personal data, even when it is no longer necessary for Us to establish, exercise or defend legal claims, or (d) when you have objected to the processing of your personal data, but We need to verify whether We have overriding legitimate reasons for disregarding your request.

(VI) Request Transfer of Your Personal Data (i.e. data portability) - This means that you may request us to transfer certain data about you that We have processed to a third party. This right only applies to data acquired through automated sources that you originally gave Us consent to use, or where We used your data, to perform Our obligations under a contract with you.

(VII) Withdraw your consent at any time when we rely on your consent to process your personal data - Termination or withdrawal of your consent will not affect the legality of the processing We have performed until the time you withdrew your consent. Withdrawal of your consent means that in the future you no longer want to have your data treated in the same way. This means that you can no longer give us permission to provide certain services (e.g. Marketing). Should you wish to withdraw your consent at any time, you may do so via the Privacy section located on "Your Account" on the Website. Furthermore, you can withdraw your consent from marketing by clicking the 'opt-out' unsubscribe button provided in the email you receive from us.

(VIII) File a complaint with a supervisory authority -

You have the right, at any time, to lodge a complaint either with the supervisory authority in Malta, the Data Protection Commission (“IDPC”), or with the respective data protection authority in the country of your residence listed hereunder:

The Information Commisioner’s office (ICO) in UK;
Any other applicable data protection authority in the country of your residence.

However, we would really appreciate the opportunity to resolve your issues before contacting the respective authority, so please contact us in the first instance.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. You can exercise your rights through the following channels:

Our Customer Support Live Chat
By sending us the request via email:[email protected]
By contacting our DPO: [email protected]

11. CHANGES TO THE PRIVACY POLICY

We reserve the right, at our complete discretion, to change, modify, add and/or remove portions of this Privacy Policy at any time. If you are an existing client with whom we have a contractual relationship, you will be informed of any changes made to this Privacy Policy.