Privacy Policy

This Privacy Policy explains how Mr Mega, operated via the website mrmegis.com, collects, uses, discloses and protects your personal data when you visit the site, create an account or use our gambling services. It applies to all visitors and registered players who access the UK-facing version of our services, whether you interact with us on desktop, mobile or other devices.

This Privacy Policy is drafted in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and applicable UK gambling regulations. It is effective from 6 November 2025 and replaces any previous version published on mrmegis.com. Please read it carefully before using our services.

Who We Are

The Mr Mega service, available at mrmegis.com, is operated for customers in the United Kingdom by AG Communications Ltd, which is responsible for your personal data as data controller for UK players.

Operator Details

Legal name of operator: AG Communications Ltd
Registered address: 135, High Street, Sliema SLM 1548, Malta
UK correspondence address: AG Communications Ltd, PO Box 7062, Manchester, M19 1ZH, United Kingdom (for written correspondence relating to Mr Mega and mrmegis.com)
UK gambling licence: AG Communications Ltd is licensed and regulated by the UK Gambling Commission under licence number 39483 to provide remote gambling services to players in Great Britain.
Brand ownership: The Mr Mega brand used on mrmegis.com is owned by Sharp Connection Ltd. Operational control and legal responsibility for Mr Mega rest with AG Communications Ltd.

Data Protection Responsibility

AG Communications Ltd is the primary decision-maker regarding how and why your personal data is processed when you use mrmegis.com in the UK. For data protection queries, you may contact our data protection function using the contact options made available within the "Help" or "Contact Us" sections on mrmegis.com, or by writing to our UK correspondence address marked "Data Protection". Where we identify a designated Data Protection Officer or equivalent privacy contact, we may update this section with their contact details.

What Personal Data We Collect

When you use Mr Mega on mrmegis.com, we collect and process different categories of personal data. The exact data we collect depends on how you interact with us and on our legal obligations as a licensed UK gambling operator.

Identity and Contact Data

Registration and verification data: full name, date of birth, gender (where provided), username, password or authentication credentials.
Contact details: email address, residential address, country of residence, postcode and any other contact information you provide through our support channels or forms.
KYC/AML documentation: copies or data from identity documents (e.g. passport, national ID, driving licence), proof of address (e.g. utility bill, bank statement) and, where required, source-of-funds/source-of-wealth documentation (e.g. payslips, bank statements) in line with UK anti-money laundering requirements.

Technical and Usage Data

Technical data: IP address, device identifiers, operating system, browser type and version, language settings, approximate location derived from IP (e.g. country/region), login timestamps and session identifiers.
Log and activity data: pages visited, clicks, navigation paths, session duration, game launches, error logs and interaction with on-site features such as live chat or forms.

Gaming and Behavioural Data

Account and transactional data: account balance, deposits, withdrawals, bonuses claimed, wagering amounts, wins and losses, self-exclusion status and applied limits.
Betting and gameplay history: games played, stakes, outcomes, frequency and duration of sessions, responsible gambling indicators and risk markers derived from your playing behaviour.
Communication data: copies or summaries of communications with customer support (for example via live chat or email) and notes recorded to manage your requests and to comply with regulatory obligations.

Payment and Financial Data

Payment details: partial payment card data (such as masked card number and expiry date), payment method type (e.g. card, e-wallet, bank transfer), transaction identifiers and payment provider information.
Financial verification data: information collected to meet anti-money laundering and affordability obligations, including income-related information and source-of-funds documentation where required for higher-value play and withdrawals.

Cookies and Similar Technologies

Cookie identifiers: unique identifiers stored on your browser or device that allow us to recognise you between visits.
Analytics and advertising identifiers: identifiers associated with analytics tools and, where permitted, advertising networks for measuring traffic and campaign performance.
Device and browser settings: data about your cookie preferences and consent choices recorded via our cookie banner or preference tools.

Legal Basis for Processing

We process personal data on mrmegis.com only where we have a valid legal basis under the UK GDPR and related UK law. Depending on the context, one or more of the following legal bases will apply:

Performance of a Contract

Account creation and management: we need to process your identity, contact, gaming and transactional data to register your account, allow you to log in, participate in games and manage your balance and withdrawals.
Providing gambling services: we process your bets, wagers, wins, losses, bonuses and related gameplay data to deliver the services you request under our terms and conditions for Mr Mega.
Customer support: we use your contact and communication data to respond to your questions, complaints and requests related to your contract with us.

Compliance with Legal and Regulatory Obligations

UK gambling regulation: as a licensee of the UK Gambling Commission (licence no. 39483), we must carry out age verification, identity checks, affordability assessments, responsible gambling monitoring and record-keeping, including for self-exclusion and safer gambling interactions.
Anti-money laundering and counter-terrorist financing: we process KYC data, transactional data and source-of-funds information to meet obligations under applicable UK AML legislation, including monitoring for suspicious activity and making reports to relevant authorities where required.
Tax, accounting and reporting: we retain certain transactional and account data for statutory reporting, audit and tax purposes.
Data protection obligations: we process limited data to respond to and document your privacy requests, and to cooperate with supervisory authorities such as the UK Information Commissioner's Office (ICO).

Legitimate Interests

Service improvement and analytics: we analyse aggregated and pseudonymised usage and gameplay data to understand performance, detect technical issues and improve games and features on mrmegis.com. We do this in a way that respects your privacy and does not override your rights and freedoms.
Fraud and account security: we monitor account activity, login attempts, payment patterns and device information to detect and prevent fraud, account takeover, bonus abuse and other unlawful or harmful use of our services.
Risk management and compliance monitoring: we use data to test and improve our controls, including responsible gambling and AML measures, taking into account past regulatory findings and sanctions which have led to more robust KYC and source-of-funds checks.
Business operations and reporting: we process limited personal data for internal management, quality assurance and reporting within the AG Communications Ltd group, provided these interests are not overridden by your rights.

Consent

Marketing communications: where required under PECR and the UK GDPR, we obtain your consent before sending direct electronic marketing (such as promotional emails or push notifications). You may withdraw consent at any time using the unsubscribe options provided or your account settings, without affecting the lawfulness of processing before withdrawal.
Non-essential cookies and similar technologies: we rely on your consent for placing or accessing cookies and similar tracking technologies that are not strictly necessary for the operation of mrmegis.com, such as certain analytics and advertising cookies.

Purpose of Processing

We use your personal data for clearly defined purposes that align with our legal obligations and our role as a licensed UK gambling operator. These purposes include:

Providing and Managing Our Services

Operating your account: registering you as a player, enabling login, maintaining your profile, managing your balances, processing deposits and withdrawals and providing access to games on mrmegis.com.
Executing transactions and gameplay: recording bets, wagers, wins, losses and bonus usage, settling games and updating your account to reflect the outcomes.
Customer support and communication: responding to your queries, complaints and feedback through our available support channels and keeping you updated about material changes to our services or policies.

Compliance, Risk Management and Responsible Gambling

Identity, age and verification checks: confirming that you are legally permitted to gamble in the UK and that you are the genuine holder of the payment methods used.
Anti-money laundering monitoring: monitoring gameplay and transactions, performing source-of-funds checks (for example for higher deposits or withdrawals over specific thresholds) and reporting suspicions where required by law.
Responsible gambling: tracking behaviour and applying tools such as deposit limits, reality checks, time-outs and self-exclusion to support safer gambling and to comply with UK Gambling Commission requirements.

Service Improvement, Analytics and Personalisation

Usage analytics: analysing aggregated data on how players use mrmegis.com to improve performance, usability and content, and to fix errors and security issues.
Offering relevant content: tailoring certain aspects of the service (e.g. recommended games or bonuses) in line with your preferences, behaviour and eligibility, while respecting your marketing and responsible gambling settings.

Marketing and Promotions

Marketing communications: sending you promotions, offers and news relating to Mr Mega and mrmegis.com where permitted by law and in line with your consent and preferences.
Campaign measurement: using cookies and similar tools to understand how effective our campaigns are, provided you have consented to such tracking where required.

Security, Fraud Prevention and Legal Protection

Fraud prevention and security monitoring: detecting and preventing fraud, misuse, unauthorised access, bonus abuse and violations of our terms and conditions.
Legal claims and defence: using relevant data to handle disputes, enforce our terms, manage regulatory inquiries, and protect our rights, customers and staff.

Disclosure & Sharing

We do not sell your personal data. We may share your data with carefully selected third parties and public authorities where this is necessary and lawful. In all cases we require recipients to protect your data and to use it only for specified purposes.

Service Providers and Business Partners

Payment providers: banks, card schemes, payment processors, e-wallet providers and similar entities that process your deposits and withdrawals. We share identity, transaction and payment-related data as needed to complete payments and detect fraud.
Technical and hosting providers: companies that provide IT infrastructure, hosting, cybersecurity, data storage, live chat and other technical services needed to operate mrmegis.com.
Game providers and platform partners: third-party software providers that supply casino games and related functionalities. Where required, gameplay and technical data may be shared so that these partners can provide and maintain their games and comply with regulatory obligations.
Marketing and analytics partners: subject to your consent where required, we may share limited identifiers and usage data with analytics and marketing providers to measure performance and, where permitted, to deliver or manage marketing communications and campaigns.

Group Companies and Brand Owner

Group entities: other entities within the AG Communications Ltd corporate group may access personal data where necessary for centralised compliance, risk management, reporting, internal audits or IT support.
Brand owner: limited, aggregated or pseudonymised information may be shared with Sharp Connection Ltd as the owner of the Mr Mega brand for reporting and oversight, in line with our contractual arrangements and data protection safeguards.

Regulators, Authorities and ADR Bodies

Regulatory and supervisory authorities: including the UK Gambling Commission and the UK Information Commissioner's Office, to demonstrate compliance or where required by law or licence conditions.
Law enforcement and other public authorities: where we are legally required to disclose data, for example in relation to suspected fraud, money laundering, terrorist financing or other criminal activity.
Alternative Dispute Resolution (ADR): where you refer a gambling-related dispute to our appointed ADR provider, currently the Independent Betting Adjudication Service (IBAS), we may share relevant data necessary for the ADR body to assess and resolve the dispute.

Corporate Transactions

Business transfers: in the event of a merger, acquisition, restructuring or sale of all or part of our business, your data may be disclosed to prospective or actual buyers and their advisers, subject to appropriate confidentiality and data protection safeguards.

Sharing with Your Consent

Consent-based disclosures: where you explicitly ask or consent to us sharing your data with a third party (for example, participation in a co-branded promotion), we will do so on the basis of that consent, which you can withdraw at any time.

International Transfers

Because AG Communications Ltd is based in Malta and uses service providers in various locations, your personal data may be transferred to, and processed in, countries outside the United Kingdom.

Transfers within the EEA and Adequate Countries

EEA processing: much of our core infrastructure and many of our processors are located within the European Economic Area (EEA), including Malta. The UK government currently recognises the EEA as providing an adequate level of data protection.
Other adequate jurisdictions: where we use providers in countries that benefit from UK adequacy regulations, your data is protected by those adequacy decisions.

Transfers to Other Third Countries

Appropriate safeguards: if we transfer personal data to countries that do not have an adequacy decision from the UK, we implement appropriate safeguards such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses or equivalent contractual protections, combined with additional security and compliance measures where necessary.
Limited access: access to your data in such locations is restricted to individuals and organisations who need it for the purposes described in this Privacy Policy and who are bound by contractual obligations to protect it.

Your Information and Cross-Border Rights

Where required, we will provide you with additional information about specific international transfers that concern your data, including how to obtain a copy of the relevant safeguards. You may request further details using the contact methods described in the "Complaints & Contacts" section.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal and regulatory obligations, and to resolve disputes. Retention periods may differ depending on the category of data and the applicable law.

General Principles

Operational necessity: data is kept for as long as your account is active and reasonably afterwards for record-keeping, queries and dispute handling.
Legal and regulatory requirements: UK gambling, AML and tax regulations often require us to retain certain records for a specified minimum period after the end of your relationship with us.
Data minimisation: when data is no longer needed, we either securely delete it or irreversibly anonymise it so that it can no longer be associated with you.

Illustrative Retention Timeframes

Account and identity data: typically retained for the duration of your account and, in many cases, for up to five (5) years after account closure, in line with AML and gambling regulatory requirements, unless a longer period is required for legal claims or investigations.
Transactional and gameplay data: generally retained for at least five (5) years from the date of the relevant transaction or activity, or longer where required by applicable law or necessary to deal with complaints or regulatory inquiries.
Customer support communications: stored for as long as necessary to handle your request and for an appropriate period afterwards (usually up to five (5) years) for quality assurance, evidence and compliance purposes.
Marketing data: information about your marketing preferences is kept while you remain opted in and for a short period afterwards (for example, to evidence your consent or withdrawal) in line with applicable limitation periods.
Cookies: cookie data is retained according to the type of cookie and our cookie policy; session cookies expire when you close your browser, while persistent cookies are stored for a defined period, typically between a few days and two years, unless you delete them earlier.

Where you exercise your rights to erasure or restriction, we will assess your request in light of these retention obligations. We may retain restricted copies of data where required to comply with legal or regulatory requirements or to establish, exercise or defend legal claims.

Your Rights

As a data subject, you have a number of rights over your personal data under the UK GDPR and the Data Protection Act 2018. We are committed to handling these rights transparently and within the applicable legal timeframes. Where relevant, we also seek to align our practices with comparable principles under other privacy frameworks, such as the Mexican Federal Law on Protection of Personal Data Held by Private Parties, although this Privacy Policy is primarily governed by UK law.

Core Data Protection Rights

Right of access: you can request confirmation as to whether we process your personal data and obtain a copy of that data, together with information about how we use it.
Right to rectification: you can ask us to correct inaccurate or incomplete personal data. In many cases, you can update core details directly within your mrmegis.com account.
Right to erasure: you can request deletion of your personal data in certain circumstances, for example where it is no longer needed for the purposes for which it was collected or where you withdraw consent and there is no other legal basis for processing. This right is subject to important exceptions where we must retain data to comply with legal or regulatory obligations (such as AML and gambling law) or to defend legal claims.
Right to restriction: you can request that we limit the processing of your data in specific situations, for example while we verify its accuracy or assess an objection.
Right to object: you may object to processing based on our legitimate interests, including profiling related to those interests, on grounds relating to your particular situation. We will stop the processing unless we demonstrate compelling legitimate grounds which override your interests, rights and freedoms, or where the processing is needed for legal claims.
Right to data portability: where processing is based on consent or on a contract and carried out by automated means, you can request to receive certain data in a structured, commonly used and machine-readable format and have it transmitted to another controller where technically feasible.
Rights related to automated decision-making: if we use automated decision-making, including profiling, that produces legal or similarly significant effects for you (for example in certain risk or affordability assessments), you have the right to obtain human intervention, to express your point of view and to contest the decision.

Marketing and Cookie Choices

Withdrawal of marketing consent: you can withdraw your consent to direct marketing at any time by using the unsubscribe link in our emails or by adjusting your preferences in your mrmegis.com account, where available. This will not affect service-related communications or our lawful processing for other purposes.
Cookie preferences: you can manage your cookie and tracking preferences through our cookie banner or settings tools, as well as through your browser settings, as described in the "Cookies & Tracking Technologies" section.

How to Exercise Your Rights

Submitting a request: you may exercise your rights by contacting us through the "Help" or "Contact Us" section of mrmegis.com or by writing to our UK correspondence address marked "Data Protection - Privacy Request".
Identity verification: we may need to request additional information to verify your identity before responding, particularly where the request concerns sensitive data or high-risk actions (such as access to full account records or erasure of specific data).
Response timeframe: we aim to respond to your request within one (1) month of receipt, as required by the UK GDPR. In complex cases or where we receive multiple requests from you, we may extend this period by up to a further two months, and we will inform you if this is necessary.
Cost: we generally handle requests free of charge. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, in line with the UK GDPR.
Users in other jurisdictions: if you are located outside the UK, including in Mexico, you may have similar rights under your local law. While this Privacy Policy is drafted under UK law, we will consider such requests in line with applicable legal obligations and the principles described here.

Cookies & Tracking Technologies

We use cookies and similar technologies on mrmegis.com to operate the site, enhance your experience, analyse usage and, where permitted, support marketing activities. Cookies are small text files stored on your device when you access the site.

Types of Cookies We Use

Strictly necessary (session and persistent) cookies: these cookies are essential for the operation of mrmegis.com and enable core functions such as login, navigation, security, preventing fraudulent use of accounts, and remembering your basic settings. They are usually set in response to actions you take and cannot be switched off in our systems.
Functional cookies: these enhance functionality and personalisation, for example by remembering your preferences (such as language or display settings) and improving your user experience. If you do not allow these cookies, some services may not function properly.
Analytics and performance cookies: these help us understand how visitors use mrmegis.com (for example, which pages are visited most often and whether users encounter error messages). The information is typically aggregated and used to improve site performance and usability.
Advertising and targeting cookies: where permitted and subject to your consent, these cookies may be set by us or by our advertising partners to build a profile of your interests and show you relevant adverts on our site or on other sites, as well as to measure the effectiveness of marketing campaigns.

Managing and Disabling Cookies

Cookie banner and settings: when you first visit mrmegis.com (and periodically thereafter), you may be presented with a cookie banner or settings tool that allows you to accept or reject non-essential cookies and to adjust your preferences.
Browser controls: you can also manage or delete cookies through your browser settings by blocking all cookies, limiting them to certain sites, or deleting existing cookies. Please note that blocking certain cookies may affect your ability to use some features of mrmegis.com.
Do Not Track and similar signals: our response to browser-based "Do Not Track" signals may vary depending on technical and legal considerations; we will update our practices as standards evolve.

For more detailed information about specific cookies used on mrmegis.com, including names, providers and lifespans, we may provide a dedicated cookie policy or cookie table accessible via the cookie banner or a link in the site footer.

Data Security

We take the security of your personal data seriously and implement a combination of technical and organisational measures designed to protect it against unauthorised access, loss, misuse, alteration or disclosure. While no system can be completely secure, we continually review and improve our safeguards in light of technological developments and regulatory expectations.

Technical Security Measures

Encryption in transit and at rest: data transmitted between your browser and mrmegis.com is protected using modern encryption protocols such as TLS 1.2 or higher. Where appropriate, sensitive data is also encrypted or pseudonymised when stored.
Access controls and authentication: we restrict access to personal data to authorised personnel and service providers who need it for legitimate business purposes, using role-based access controls and authentication mechanisms. We encourage strong passwords and may implement additional security features, such as multi-factor authentication, where appropriate.
Network and infrastructure security: we use firewalls, intrusion detection and prevention systems and other security tools to help protect our systems from unauthorised access and attacks.

Organisational and Procedural Measures

Policies and training: we maintain internal policies and procedures on data protection, information security, acceptable use and incident management. Staff who handle personal data receive training appropriate to their role, including in the context of UK gambling and AML obligations.
Vendor due diligence: we select service providers carefully and require them to implement appropriate data protection and security measures, including through written data processing agreements.
Monitoring and audits: we monitor our systems and may carry out internal or external audits and assessments to evaluate the effectiveness of our controls, taking into account industry standards such as those reflected in ISO 27001 or SOC 2, where relevant.

Incident Response and Breach Notification

Incident handling: we have processes in place to identify, assess and respond to potential data security incidents. Where we become aware of a personal data breach, we act promptly to contain and investigate it.
Notifications: where required by law, we will notify the relevant supervisory authorities (such as the ICO in the UK) and affected individuals without undue delay, providing information on the nature of the breach and the measures taken to mitigate possible adverse effects.

Complaints & Contacts

If you have questions, concerns or complaints about how we handle your personal data when you use Mr Mega on mrmegis.com, you have several ways to contact us and to escalate your concerns.

Contacting Us

Online contact: you can contact us via the support options made available on mrmegis.com, such as live chat or online forms, typically accessible through the "Help" or "Contact Us" sections of the site.
Written correspondence: you may write to us at: AG Communications Ltd, PO Box 7062, Manchester, M19 1ZH, United Kingdom, marking your correspondence "Data Protection" or "Privacy Complaint" as appropriate.

Internal Complaint Procedure

Initial query: submit your question or complaint through one of the contact methods above, describing your concerns and including relevant details (such as your username and any reference numbers).
Acknowledgement: we will acknowledge receipt of your complaint and, where possible, indicate the next steps and expected timelines.
Investigation: we will review your complaint, which may involve liaising with relevant internal departments (such as customer support, compliance or security) to gather information.
Response timeframe: we aim to respond to privacy-related complaints and rights requests within one (1) month of receipt, in line with the UK GDPR. For more complex issues, we may need extra time; if so, we will inform you and explain why.

Escalation to Supervisory Authorities

UK data protection authority (ICO): if you are not satisfied with our response or believe that we are processing your personal data in breach of data protection law, you have the right to lodge a complaint with the Information Commissioner's Office:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF, United Kingdom
Website: https://ico.org.uk
Other data protection authorities: if you are located outside the UK, you may have the right to lodge a complaint with your local data protection authority. For example, individuals in Mexico may raise concerns with the competent authority responsible for overseeing personal data protection in the private sector, subject to its jurisdiction and procedures.

Gambling-Related Disputes and ADR

Customer service and internal escalation: gambling-related disputes (for example about game outcomes, bonuses or account decisions) should first be raised with our customer support team, who will follow our internal complaint and escalation processes.
Alternative Dispute Resolution (ADR): if a gambling dispute cannot be resolved through our internal process, you may be entitled to refer it to our appointed ADR entity, currently the Independent Betting Adjudication Service (IBAS)

Lodging a complaint with the ICO or another authority does not affect any other administrative or judicial remedies that you may have.

Updates

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal or regulatory developments, industry best practices or changes to our services on mrmegis.com.

How We Notify You of Changes

On-site notice: we will publish the updated Privacy Policy on mrmegis.com and change the "Last updated" date at the bottom of the policy.

Direct communication: for material changes that significantly affect how we process your personal data or your rights, we will take additional steps to inform you, which may include email notifications, account messages or prominent banners on the site.

Advance notice: where feasible and where the change is material (for example, involving new types of processing or changes to our legal bases), we will provide notice at least 30 days before the new version takes effect, so that you can review the updated terms.

Your Choices When the Policy Changes

Continued use: if you continue to use mrmegis.com after the updated Privacy Policy takes effect, this will normally indicate your acknowledgement of the changes, to the extent permitted by applicable law.

Account management: if you do not agree with a material change, you may choose to adjust your privacy settings, withdraw certain consents (such as marketing consent) or request account closure, subject to our legal and regulatory obligations to retain certain data.

Last updated: November 2025