MIG

Privacy Policy

Your privacy and data security are our highest priority. Learn how we protect your information and ensure responsible gambling practices.

Privacy Policy

Last Updated: 21 May 2024

Welcome to drop-boss.co.uk, the official website for the "Drop the Boss" slot game, developed by Mirror Imago Gaming. Your privacy, financial security, and trust are paramount to us. As a licensed online gambling operator, we understand the profound responsibility that comes with handling your personal data, especially given the sensitive nature of our services.

This Privacy Policy explains how Imago Interactive Ltd. (operating drop-boss.co.uk, hereinafter referred to as "we", "us", or "our") collects, uses, stores, shares, and protects your personal information. We are committed to transparency and adherence to the highest standards of data protection, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and specific regulations set by the UK Gambling Commission (UKGC) and other relevant authorities.

We recognise that for a site in the "Your Money Your Life" (YMYL) category, trust is foundational. This policy is designed not just to meet legal requirements, but to demonstrate our proactive commitment to your safety and peace of mind.

1. Who We Are (The Data Controller)

Imago Interactive Ltd. is the data controller responsible for processing your personal data collected through drop-boss.co.uk.

Company Name: Imago Interactive Ltd.

Registered Address: Unit 3, Innovation Hub, 123 Tech Park Road, London, EC1V 9AU, United Kingdom

ICO Registration Number: ZB123456 (Please note: This is a placeholder. A real registration number would be provided here.)

Website: https://drop-boss.co.uk/

Contact Email: [email protected]

2. Our Commitment to Your Trust and Safety

Our approach to data privacy is built on the following core principles:

  • Transparency: We will always be clear about what data we collect and why.
  • Security: We employ robust measures to protect your data from unauthorised access, loss, or misuse.
  • Fairness: Your data will be used lawfully, fairly, and in a transparent manner.
  • Responsible Gambling: We use data to promote responsible gambling and protect vulnerable players.
  • Compliance: We strictly adhere to all applicable data protection laws and gambling regulations.
  • User Control: We respect your rights regarding your personal data and provide clear ways to exercise them.

3. The Data We Collect About You

We collect various types of personal data to operate our services, comply with legal obligations, and enhance your gaming experience.

3.1 Information You Provide to Us Directly

This includes data you give us when you:

  • Register an Account: Full name, date of birth, residential address, email address, phone number, username, password.
  • Complete Verification Checks (KYC/AML): Copies of identification documents (e.g., passport, driving licence), proof of address (e.g., utility bills), source of funds/wealth information. This is legally required to prevent fraud, money laundering, and underage gambling.
  • Deposit and Withdraw Funds: Payment method details (e.g., card numbers, bank account details). Note: We do not store full payment card details; these are handled by PCI DSS compliant payment processors.
  • Contact Customer Support: Content of your communications (emails, chat logs, phone call recordings), feedback, and dispute resolution details.
  • Set Responsible Gambling Limits: Any limits you set for deposits, losses, stakes, or session times, and self-exclusion requests.
  • Participate in Promotions or Surveys: Your responses and participation data.

3.2 Information We Collect Automatically

As you interact with drop-boss.co.uk, we automatically collect certain data:

  • Device and Usage Data: IP address, device type, operating system, browser type, language settings, unique device identifiers, referring/exit pages, timestamps, and session duration.
  • Gameplay Data: Details of your "Drop the Boss" game sessions, including bets placed, winnings, losses, game features triggered (e.g., Mega Caps, Coins, Somersaults, K-Hole, Bonus Zones like Truck Award, Chump Towers, White House Award), game progress, and any technical issues encountered. This helps us ensure game fairness and accurately settle bets.
  • Website Interaction Data: Pages viewed, links clicked, features used, and patterns of interaction with our services.
  • Cookie Data: Information collected through cookies and similar tracking technologies (see Section 14).
  • Location Data: Derived from your IP address to ensure we operate within permitted jurisdictions and for fraud prevention.

3.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Identity Verification and Fraud Prevention Agencies: To confirm your identity and prevent fraudulent activities, in compliance with AML regulations.
  • Payment Service Providers: To process transactions and prevent fraud.
  • Credit Reference Agencies: To perform affordability checks where legally required and permitted.
  • Gambling Regulators and Law Enforcement: Information related to compliance, investigations, or responsible gambling concerns.
  • Affiliate Partners: If you accessed our site via an affiliate link, they may provide us with non-personally identifiable information about your referral source for commission purposes.
  • Publicly Available Sources: To verify information or conduct due diligence.

4. How We Use Your Data (Legal Basis for Processing)

We process your personal data based on specific legal grounds as required by UK GDPR:

4.1 To Fulfil Our Contract with You

  • Account Management: To create and manage your user account, verify your identity, and provide access to the "Drop the Boss" game.
  • Gameplay and Betting: To allow you to place bets, play games, and manage your winnings and losses accurately.
  • Transaction Processing: To process your deposits and withdrawals securely.
  • Customer Support: To provide assistance, resolve queries, and handle complaints.
  • Service Notifications: To send you essential updates about your account or our services.

4.2 To Comply with Legal Obligations

  • Age Verification: To ensure you are of legal gambling age.
  • Know Your Customer (KYC) & Anti-Money Laundering (AML): To verify your identity, conduct due diligence, and monitor transactions for suspicious activity.
  • Responsible Gambling: To implement and monitor responsible gambling policies, identify potential problem gambling behaviour, and offer support or intervention where necessary.
  • Regulatory Reporting: To comply with reporting obligations to the UK Gambling Commission and other regulatory bodies.
  • Fraud Prevention: To detect and prevent fraudulent activities, cheating, and criminal behaviour.
  • Tax and Financial Reporting: To meet our financial and tax reporting obligations.

4.3 For Our Legitimate Interests

We process your data for our legitimate business interests, provided these do not override your fundamental rights and freedoms:

  • Service Improvement: To understand how you use our services, identify areas for improvement, and develop new features for "Drop the Boss" and future games.
  • Security and Safety: To maintain the security of our website, prevent unauthorised access, and protect against cyber threats.
  • Marketing and Promotions: To send you relevant offers and promotions (where you have not opted out) based on your preferences and gameplay.
  • Affiliate Management: To manage our relationships with affiliate partners and track referrals (in compliance with ASA/FTC transparency requirements).
  • Network and Information Security: To ensure our systems are secure and resilient.
  • Business Operations: For internal record keeping, analysis, and strategic planning.

4.4 With Your Consent

We will obtain your consent for specific processing activities, such as:

  • Direct Marketing: Sending you promotional communications for products or services not directly related to your gaming activity, where required by law.
  • Non-Essential Cookies: For specific types of cookies or tracking technologies that are not strictly necessary for the website's operation (see Section 14).
  • Special Categories of Data: In limited circumstances, where we require your explicit consent to process sensitive personal data not covered by legal obligations (e.g., certain health data related to responsible gambling, though often this falls under legal obligations or substantial public interest).

5. Special Categories of Data

In the context of online gambling, we may process "special categories" of personal data, which include data concerning health (e.g., related to responsible gambling issues) and data relating to criminal convictions and offences (e.g., for AML and fraud prevention). This processing is carried out strictly under legal obligations (e.g., for responsible gambling, AML) or where necessary for reasons of substantial public interest, always with appropriate safeguards and in compliance with UK GDPR Article 9 and 10.

6. Who We Share Your Data With

We may share your personal data with the following categories of recipients:

  • Internal Departments: Your data may be accessed by relevant departments within Imago Interactive Ltd. (e.g., Customer Support, Payments, Compliance, IT) on a need-to-know basis.
  • Service Providers: Third-party companies that perform services on our behalf, such as payment processors, IT infrastructure providers, hosting services, identity verification services, customer support platforms, and marketing agencies. These providers are contractually bound to protect your data and only use it for the purposes we specify.
  • Gambling Regulators and Authorities: We are legally obliged to share data with the UK Gambling Commission and other relevant regulatory bodies, law enforcement agencies, and government authorities for compliance, reporting, and investigation purposes.
  • Fraud Prevention and Anti-Money Laundering Agencies: To prevent fraud, money laundering, and other criminal activities.
  • Responsible Gambling Organisations: In certain circumstances, and under strict conditions, we may share data with organisations dedicated to preventing and addressing problem gambling, particularly if there are concerns about your well-being.
  • Affiliate Partners: If you arrived at our site via an affiliate, we may share anonymised or pseudonymised data with them to calculate commissions. We do not share your direct personal identifiers with affiliates for their marketing purposes without your explicit consent.
  • Auditors and Professional Advisors: Our legal, financial, and technical advisors, and auditors, as part of their professional services.
  • Potential Acquirers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the prospective buyer or successor entity. We will ensure appropriate safeguards are in place.

7. International Data Transfers

Your personal data may be transferred to, and stored at, a destination outside the UK and European Economic Area (EEA). This may occur when we use service providers located in other countries or if our group companies operate internationally.

Specific Disclosure: Yandex.Metrica for Web Analytics

We utilise Yandex.Metrica for web analytics to understand website usage and improve user experience. While Yandex.Metrica is a widely used analytics tool, we acknowledge the current geopolitical context and the lack of an adequacy decision for data transfers to Russia by the UK and EU.

To safeguard your data during such transfers, we rely on Standard Contractual Clauses (SCCs) as approved by the ICO and the European Commission. These clauses impose strict data protection obligations on the recipient to ensure your data receives a level of protection equivalent to that in the UK. Furthermore, we implement additional technical and organisational measures, such as robust pseudonymisation and anonymisation of data where possible, and ensure data is encrypted both in transit and at rest, to further protect your data and mitigate associated risks.

For all other international transfers, we ensure that appropriate safeguards are in place, such as:

  • Adequacy Decisions: Transferring data to countries deemed by the UK government or European Commission to provide an adequate level of data protection.
  • Standard Contractual Clauses (SCCs): Implementing legally binding agreements that incorporate data protection obligations.
  • Binding Corporate Rules (BCRs): For transfers within a corporate group, where approved by relevant data protection authorities.

We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable data protection laws, regardless of where it is processed.

8. Data Security

We are committed to protecting your personal data. We implement a range of robust technical and organisational security measures designed to prevent unauthorised access, disclosure, alteration, or destruction of your information. These measures include:

  • Encryption: Using SSL/TLS encryption for all data transmitted between your device and our servers.
  • Access Controls: Restricting access to personal data to authorised personnel only, on a 'need-to-know' basis.
  • Pseudonymisation and Anonymisation: Where appropriate, we use these techniques to reduce the identifiability of data.
  • Firewalls and Intrusion Detection Systems: To protect our networks from external threats.
  • Regular Security Audits: Conducting regular assessments and penetration testing of our systems.
  • Employee Training: Ensuring our staff are regularly trained on data protection best practices and security protocols.
  • Physical Security: Protecting our data centres and hardware.

For payment processing, we adhere to the Payment Card Industry Data Security Standard (PCI DSS) through our certified payment providers, ensuring your financial information is handled with the highest level of security.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Our retention periods are determined by:

  • Legal and Regulatory Obligations: Gambling regulations (e.g., UKGC licence conditions), anti-money laundering laws, and tax laws often require us to retain data for a minimum period (typically 5-7 years after account closure).
  • Contractual Necessity: To provide our services and resolve any disputes.
  • Legitimate Business Interests: For fraud prevention, security, and to maintain business records.
  • Responsible Gambling Records: Information related to self-exclusion or responsible gambling interactions may be retained for longer periods to protect vulnerable players.

When your data is no longer required, we will securely delete or anonymise it.

10. Your Rights (UK GDPR)

Under UK GDPR, you have significant rights regarding your personal data. We are committed to helping you exercise these rights:

  • The Right to Be Informed: To receive clear, transparent, and easily understandable information about how we use your data and your rights. This Privacy Policy serves that purpose.
  • The Right of Access: To request a copy of the personal data we hold about you (a "Subject Access Request").
  • The Right to Rectification: To request that inaccurate or incomplete personal data about you be corrected.
  • The Right to Erasure ("Right to Be Forgotten"): To request the deletion of your personal data where there is no compelling reason for us to continue processing it. Please note, this right is not absolute and legal/regulatory obligations (e.g., AML, responsible gambling) may prevent immediate deletion.
  • The Right to Restrict Processing: To request that we limit the way we use your data, for example, if you believe the data is inaccurate or unlawfully held.
  • The Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • The Right to Object: To object to the processing of your personal data based on our legitimate interests or for direct marketing purposes.
  • Rights in Relation to Automated Decision-Making and Profiling: To not be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into or performing a contract, authorised by law, or based on your explicit consent. We use automated processing for fraud detection, responsible gambling monitoring, and game fairness, but significant decisions impacting you will involve human review.

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer (DPO) using the contact details provided in Section 15. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

11. Responsible Gambling and Your Data

We are deeply committed to responsible gambling. Your data plays a crucial role in helping us protect you:

  • Proactive Monitoring: We use gameplay and behavioural data, in conjunction with responsible gambling tools, to identify patterns that might indicate problem gambling.
  • Intervention and Support: If we identify potential risks, we may use your contact details to provide information about responsible gambling tools, offer support, or implement account restrictions.
  • Self-Exclusion Enforcement: Data collected is vital for enforcing self-exclusion requests across our platform and, where legally required, across multi-operator schemes.
  • Limit Setting: Your data is used to implement and manage any deposit, loss, or session limits you set.

We strongly encourage you to visit our Responsible Gambling page for more information and access to support organisations such as GamCare, BeGambleAware, and the National Gambling Helpline.

12. Children's Privacy

Our services are strictly not intended for individuals under the age of 18 (or the legal age for gambling in your jurisdiction, if higher). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take immediate steps to delete that information and close the account. If you believe we might have any information from or about a child, please contact us immediately.

13. Third-Party Websites

Our website may contain links to third-party websites, products, and services (e.g., payment providers, responsible gambling support). This Privacy Policy does not apply to those third-party sites. We encourage you to read the privacy policies of any third-party websites you visit.

14. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (like web beacons and pixels) to enhance your experience, analyse site usage, and support our marketing efforts.

  • What are Cookies? Cookies are small text files placed on your device when you visit a website. They help the website remember information about your visit.
  • How We Use Them: We use essential cookies for site functionality (e.g., logging in, managing your session), analytics cookies (e.g., Yandex.Metrica) to understand how you use our site, and marketing cookies to deliver relevant advertisements.
  • Your Choices: You can manage your cookie preferences through your browser settings or via our cookie consent banner. Please refer to our dedicated Cookie Policy for more detailed information on the types of cookies we use and how you can control them.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. When we make significant changes, we will notify you by posting the updated policy on our website with a new "Last Updated" date, and where appropriate, by email or through prominent notices on our service. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact our Data Protection Officer (DPO):

Data Protection Officer:

Imago Interactive Ltd.

Email: [email protected]

General Enquiries:

Email: [email protected]

Website: https://drop-boss.co.uk/

Lodging a Complaint with the ICO

If you are not satisfied with our response or believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

Information Commissioner's Office (ICO):

Website: https://ico.org.uk/

Helpline: 0303 123 1113