MogoBet Privacy Policy

Last updated: 18 April 2026

This Privacy Policy explains how MogoBet (operated by ProgressPlay Limited) collects, uses, stores, discloses and protects personal data about you when you use our website, mobile applications and related services (the “Services”). It also describes your rights and how to exercise them.

By registering for an account, using the Services or otherwise providing personal data to us, you consent to the collection and use of your information in accordance with this Policy.

1. Who we are and how to contact us

• Controller: ProgressPlay Limited (trading as MogoBet), a company incorporated in Malta. Registered office: Soho Office, 3A, Punchbowl Centre, Elia Zammit Street, St. Julians STJ3154.
• UK Gambling Commission account: 39335.
• For privacy, data protection or GDPR-related enquiries (including to exercise your rights), contact us:
  • Email: [email protected]
  • Postal: Data Protection Officer, ProgressPlay Limited (MogoBet), Soho Office, 3A, Punchbowl Centre, Elia Zammit Street, St. Julians STJ3154, Malta.

2. Data we collect We collect personal data necessary to provide the Services, comply with legal obligations (including anti-money laundering and gambling regulations), maintain security, and improve our product. Categories include:

• Identity and age verification: name, date of birth, gender, government-issued ID (passport, driving licence, national ID), photographic ID, and other KYC documentation.
• Contact details: email address, telephone number, postal address.
• Account and login data: username, encrypted password, security questions, two-factor authentication details (if enabled).
• Financial and payment data: payment card details, bank account information, e-wallet identifiers (e.g., PayPal, Skrill, Neteller), transaction history, deposits, withdrawals, billing information and payment processor references (including information processed by third-party payment providers such as Babaloo Limited and others).
• Transactional and gameplay data: bets placed, stakes, wins/losses, game history, casino play details, bet history, loyalty/bonus activity.
• KYC, AML and screening data: source of funds, occupation, proof of address documents, sanctions screening results and related compliance records.
• Technical and device data: IP address, device and browser type, operating system, mobile identifiers, connection data, geolocation (where permitted), log files, crash reports, cookie and tracking data.
• Communications: correspondence with customer support (including live chat transcripts, emails), marketing preferences and consents.
• Marketing and profile data: preferences, offer and promotion responses and interactions, survey responses.
• Behavioural and risk data: behavioural patterns, responsible gambling indicators and risk scores, self-exclusion or limit settings, fraud and security screening results.

3. How we collect data

• Information you provide directly (registration, deposits, withdrawals, KYC uploads, support enquiries).
• Automatically when you use our Services (cookies, server logs, device identifiers, geolocation where permitted).
• From third parties: identity verification and KYC providers, payment and e‑wallet processors (e.g., Babaloo Limited), analytics providers, advertising partners, GamStop (for UK self-exclusion), regulatory authorities, credit reference agencies and fraud prevention databases.
• From publicly available sources and social media where relevant for identity verification and fraud prevention.

4. Purposes and lawful bases for processing We process your personal data for the following purposes and on the following lawful bases:

• To provide and operate the Services, perform our contract with you and administer your account (performance of contract).

  • Examples: account registration, authentication, processing bets and casino play, deposits and withdrawals, bonus application, delivering game content and customer support.

• To comply with legal and regulatory obligations (legal obligation).

  • Examples: KYC/AML checks, record-keeping for regulators, age verification and obligations under the UK Gambling Commission and Malta Gaming Authority rules.

• For fraud prevention, security and risk management (legitimate interests).

  • Examples: detecting, preventing and investigating fraud, money laundering, and other unlawful activity; maintaining platform integrity.

• For responsible gambling and player protection (legal obligation / legitimate interests).

  • Examples: monitoring play for problem gambling indicators, administering deposit/loss/session limits, enforcing self‑exclusion (including GamStop), providing support and signposting to treatment organisations.

• To send marketing communications where you have consented (consent) or where we rely on legitimate interests and provide an opt-out (legitimate interests).

  • Examples: promotional offers, news and personalised offers. You can withdraw consent or opt out at any time.

• To improve our Services, analytics and product development (legitimate interests).

  • Examples: aggregated analytics, A/B testing, product improvements and performance optimisation.

• To respond to requests, investigations or legal claims (legal obligation / legitimate interests).

  • Examples: disclose information to regulators, law enforcement, or in response to a court order; enforce our terms and conditions.

Where we rely on legitimate interests, we ensure that those interests are balanced against your rights and freedoms and that processing is necessary and proportionate.

5. Cookies and similar technologies We and our third-party partners use cookies, web beacons, local storage and similar technologies to:

• Enable the functioning of the Services (essential cookies).
• Remember preferences and login status.
• Analyse usage and performance (analytics).
• Provide personalised advertising and marketing (advertising/tracking cookies).

You can manage cookie preferences by using our cookie management tool on the site, by adjusting your browser settings or by disabling cookies via your device. Note that disabling essential cookies may prevent you from using the Services.

6. Sharing and disclosure of personal data We may share personal data with the following categories of recipients:

• Service providers and sub‑processors: payment processors (including Babaloo Limited and other card, bank and e‑wallet providers), KYC/identity verification vendors, hosting providers, analytics and marketing platforms, CRM and email providers, fraud and risk management providers, CRM providers, live-chat and support platform providers, game studios and live‑casino studios for gameplay delivery.
• Regulators and law enforcement: UK Gambling Commission, Malta Gaming Authority and other lawful requests from regulatory or law enforcement bodies.
• GamStop and national self‑exclusion services for enforcing exclusions.
• Financial institutions and payment schemes for the processing and settlement of payments.
• Professional advisers and auditors where necessary for legal or compliance obligations.
• Affiliated entities and sister brands operated by ProgressPlay Limited for operational, compliance and marketing purposes.
• In connection with corporate transactions: if we sell, merge, restructure or otherwise reorganise our business, customer information may be transferred to a successor entity as permitted by applicable law.

We require all third parties to maintain appropriate security and confidentiality and to process personal data only on our instructions and in accordance with applicable law. Where data is disclosed outside the EEA/UK we ensure appropriate safeguards (see Section 8).

7. International transfers and safeguards As a company operating under Maltese and UK licences, your data may be processed in Malta, the UK and by service providers in other countries. Where personal data is transferred outside the UK/European Economic Area (EEA) to jurisdictions without an adequacy decision, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms and technical and organisational measures to protect your data.

If you would like specific details about the transfer mechanism used for transfers to a particular service provider or country, contact [email protected].

8. Security of your data We use industry-standard organisational, technical and administrative measures to protect personal data including:

• 256‑bit SSL/TLS encryption for data in transit;
• storage encryption and access controls for data at rest;
• strong authentication and optional two‑factor authentication for accounts;
• restricted personnel access and staff training;
• regular security testing and monitoring.

While we take all reasonable measures to protect your personal data, no method of transmission or storage is 100% secure. You must also maintain the confidentiality of your account credentials and notify us immediately if you suspect unauthorised access.

9. Data retention We retain personal data for as long as necessary to provide the Services and to comply with legal, regulatory and contractual obligations, to resolve disputes and enforce our agreements. Typical retention periods:

• Account and transactional records: retained for the duration of your account and for a period of up to 7 years after account closure (or longer where required by law) to satisfy AML, tax and regulatory requirements.
• KYC/AML documents and screening results: retained for regulatory and compliance obligations for up to 7 years after end of the business relationship.
• Marketing consents and preferences: retained until you withdraw consent or opt out.
• Anonymised or aggregated data: may be retained indefinitely for analytical, statistical and product development purposes.

If you request deletion and we are not legally required to retain certain records, we will delete or anonymise your personal data within a reasonable timeframe.

10. Your rights Depending on applicable laws (for example the UK GDPR), you may have the right to:

• Access and obtain a copy of your personal data.
• Rectify inaccurate or incomplete personal data.
• Request erasure (“right to be forgotten”) subject to legal and regulatory retention obligations.
• Restrict or object to processing (including for direct marketing).
• Data portability for personal data you have provided in a structured, commonly used, machine-readable format where processing is based on consent or contract.
• Withdraw consent where processing is based on consent (this will not affect the lawfulness of processing prior to withdrawal).
• Lodge a complaint with a supervisory authority (for UK residents: the Information Commissioner’s Office — ico.org.uk).

To exercise your rights or make a privacy request, contact [email protected]. We may need to verify your identity before responding. We aim to respond to legitimate requests within applicable legal timeframes.

11. Automated decision‑making and profiling We use automated systems and profiling to:

• Monitor play patterns and behaviour to identify problem gambling, self‑exclusion triggers and to promote responsible gambling.
• Detect fraud, money laundering and security threats.
• Personalise offers and promotions.

Automated decisions that have a legal or similarly significant effect are limited. Where significant automated decisions are based solely on automated processing, you have the right to request a human review and to challenge the decision — contact [email protected].

12. Children You must be at least 18 years old to open an account and use the Services. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will take steps to delete it immediately subject to applicable law.

13. Marketing communications and choices We will only send marketing communications where we have your consent or where permitted by law and you have not objected. You may opt out at any time by:

• Using the unsubscribe link in marketing emails.
• Amending your account preferences.
• Contacting [email protected].

Even if you opt out of marketing, we may still send you service-related communications regarding your account or required by law.

14. Third‑party websites and services Our Services may contain links to third‑party websites, social media services and game providers. Those websites have their own privacy policies and practices for which we are not responsible. We recommend you review their privacy notices before providing personal data.

15. Legal disclosures and cooperation with authorities We will disclose personal data where we have a legal obligation to do so, including in response to lawful requests from regulators, tax authorities, courts or law enforcement agencies. We also cooperate with regulatory and public bodies in matters of compliance, auditing and investigation.

16. Changes to this Policy We may update this Privacy Policy to reflect changes in the law, our Services or business practices. Material changes will be posted with a new effective date and, where required by law, we will provide notice prior to the change. Continued use of the Services after changes constitutes acceptance of the updated Policy.

17. Complaints and supervisory authority If you believe we are processing your personal data unlawfully, please contact us at [email protected] so we can investigate and remedy any issues. You also have the right to lodge a complaint with the competent supervisory authority:

• United Kingdom: Information Commissioner’s Office (ICO) — https://ico.org.uk
• Malta: Information and Data Protection Commissioner — https://idpc.org.mt

18. Contact and further information For any questions about this Privacy Policy, data subject requests, or to request copies of documents relating to our data processing, contact:

• Email: [email protected]
• Postal: Data Protection Officer, ProgressPlay Limited (MogoBet), Soho Office, 3A, Punchbowl Centre, Elia Zammit Street, St. Julians STJ3154, Malta.

Annex — Key points at a glance

• Controller: ProgressPlay Limited (MogoBet).
• Regulatory licences: UK Gambling Commission (account 39335) and Malta Gaming Authority.
• Security: 256‑bit SSL, account controls and optional two‑factor authentication.
• Retention: account and transactional records retained while account active and typically up to 7 years after closure for regulatory purposes.
• Rights: access, rectification, erasure, restriction, portability, objection and complaint to supervisory authority.
• Contact for privacy queries: [email protected].

By using MogoBet you confirm that you have read and accept this Privacy Policy.