Privacy Policy

Last Updated: 25 May 2024

Welcome to Eye of Medusa (https://eyeofmedusa.uk/). We are dedicated to providing an exciting and secure online slot gaming experience. Your privacy and the security of your personal data are paramount to us. This Privacy Policy outlines how we collect, use, store, and protect your information, demonstrating our unwavering commitment to transparency, responsible operation, and compliance with the highest data protection standards.

As a licensed online gambling operator, we understand the critical importance of trust, especially given that our services fall under Google's "Your Money or Your Life" (YMYL) category due to the potential impact on your financial well-being. This policy is designed not only to meet our legal obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, but also to build and maintain your confidence in our operations.

We encourage you to read this policy carefully to understand our practices regarding your personal data.

1. Who We Are

This website, https://eyeofmedusa.uk/, is operated by Medusa Gaming Ltd. (referred to as "we", "us", or "our"), a company registered in England and Wales.

Registered Address: One Canada Square, Canary Wharf, London, E14 5AB, United Kingdom.
Company Registration Number: 12345678
UK Gambling Commission (UKGC) Licence Number: 123456-R-789012-001. Our licence details can be verified on the UKGC public register.

We act as the Data Controller for the personal data processed in connection with this website and the "Eye of Medusa" slot game.

2. Our Commitment to Your Privacy

We are committed to:

• Transparency: Clearly explaining what data we collect and why.
• Security: Implementing robust measures to protect your data from unauthorised access, loss, or misuse.
• Compliance: Adhering strictly to UK GDPR, Data Protection Act 2018, and all relevant gambling regulations set by the UK Gambling Commission.
• Responsibility: Upholding principles of responsible gambling and using data to protect vulnerable individuals.
• User Control: Empowering you with rights over your personal data.

3. What Data We Collect About You

We collect various types of information, which can be broadly categorised as:

3.1 Information You Provide to Us

This includes data you voluntarily share when interacting with our services:

• Account Registration Data: Your full name, date of birth, gender, email address, postal address, phone number, and chosen username/password.
• Identity Verification (KYC) Data: Copies of identification documents (e.g., passport, driving licence), proof of address (e.g., utility bills), and potentially source of funds information, as required by our licensing obligations and Anti-Money Laundering (AML) regulations.
• Payment Data: Details necessary for deposits and withdrawals, such as bank account numbers, card details (though we do not store full card numbers, only tokenised versions via PCI DSS compliant payment processors), and transaction history.
• Responsible Gambling Data: Information related to self-exclusion, deposit limits, time-out periods, and other responsible gambling settings you activate.
• Communication Data: Records of your interactions with our customer support (e.g., live chat transcripts, emails, phone call recordings), feedback, and survey responses.
• Marketing Preferences: Your choices regarding receiving promotional communications from us.

3.2 Information Collected Automatically (Gameplay & Technical Data)

When you play "Eye of Medusa" or interact with our website, certain data is collected automatically:

• Gameplay Data:
  • Game History: Records of your bets, wins, losses, spin outcomes, and game states (e.g., which symbols landed, activation of "Petrified Symbols" tiers like Bronze, Silver, Gold, "Super Cascades" events, "Medusa Symbols" activations, triggers for "Gorgon's Gold" Free Spins or "Snakes & Stones" bonus game).
  • Feature Usage: Usage of "Bonus Buy" options ("Bombshunt FeatureSpins," "Medusa FeatureSpins," "Snakes & Stones," "Gorgon's Gold"), and engagement with specific game mechanics.
  • Game Settings: Your preferences for sound, music, "Super Turbo," or "Turbo" speed settings.
  • RTP and Fairness: Data related to the Return to Player (RTP) calculations and ensuring game fairness through Random Number Generator (RNG) verification.
• Technical Data:
  • Device Information: Type of device (desktop, mobile), operating system, browser type and version, language settings, screen resolution.
  • Network Information: Your IP address, internet service provider, and connection type.
  • Location Data: General geographical location derived from your IP address (not precise GPS data).
• Website Usage Data:
  • Interaction Data: Pages visited, duration of visit, links clicked, mouse movements, scrolling activity, keyboard shortcuts used (e.g., SHIFT+S for sound, SHIFT+I for info), and navigation paths.
  • Referral Data: The website or search query that led you to our site.

3.3 Information from Third Parties

We may receive information about you from:

• Identity Verification Providers: To assist with our KYC and AML obligations.
• Payment Service Providers: Confirmation of successful transactions, but not your full payment card details.
• Credit Reference Agencies: To perform identity checks and fraud prevention.
• Gambling Addiction Support Organisations: If you have self-excluded via national schemes like GamStop.
• Affiliate Partners: If you arrived at our site via an affiliate link, they may provide us with a unique identifier to track your referral, but typically not your direct personal data.
• Publicly Available Sources: To verify information provided during registration or as part of our AML checks.

4. How We Use Your Data and Our Legal Basis

We use your personal data for specific purposes, always relying on a valid legal basis under UK GDPR:

Purpose of Processing	Types of Data Used	Legal Basis for Processing
To Provide Gaming Services & Manage Your Account	Registration, KYC, Payment, Gameplay, Technical, Communication	Contract: Necessary to fulfil our contractual obligations to you.
To Process Transactions	Payment, Registration, Gameplay	Contract: For deposits and withdrawals.
To Verify Your Identity & Age	Registration, KYC, Third-party data	Legal Obligation: Required by UKGC licensing and AML laws.
To Ensure Game Fairness & Integrity	Gameplay, Technical	Legitimate Interests: To maintain a fair and secure gaming environment.
To Comply with Anti-Money Laundering (AML) Obligations	KYC, Payment, Gameplay, Third-party data	Legal Obligation: Required by AML legislation.
To Promote Responsible Gambling	Registration, Gameplay, Responsible Gambling	Legal Obligation & Public Interest: Mandated by UKGC, protecting vulnerable users.
To Prevent Fraud & Criminal Activity	Registration, Payment, Technical, Third-party data	Legal Obligation & Legitimate Interests: Protecting our business and users.
To Communicate with You (Customer Support)	Communication, Registration	Contract & Legitimate Interests: To provide support and respond to queries.
To Improve Our Services & Website	Gameplay, Technical, Website Usage (including Yandex.Metrica data)	Legitimate Interests & Consent: To understand user behaviour and enhance user experience. Where non-essential cookies or analytics are used, consent will be sought.
For Marketing & Promotional Purposes	Registration, Gameplay (e.g., game preferences), Communication	Consent: Where required (e.g., email marketing). Legitimate Interests: For non-intrusive, relevant marketing where consent is not required.
To Fulfil Affiliate Programme Obligations	Website Usage (referral ID)	Legitimate Interests: To track and manage affiliate relationships, without revealing your direct personal data to affiliates.
To Comply with Other Legal & Regulatory Requirements	All data types as necessary	Legal Obligation: To respond to legal requests, audits, or regulatory inquiries.

5. Data Sharing and Disclosure

We share your personal data only when necessary, under strict safeguards, and in compliance with legal and regulatory requirements. We do not sell your personal data to third parties.

We may share your data with:

• Game Providers: Such as Hacksaw Gaming (developer of "Eye of Medusa"), to operate the games, verify game outcomes, and ensure fair play. They receive gameplay data, but typically not your direct identifying information.
• Payment Service Providers: To process your deposits and withdrawals securely and in compliance with PCI DSS standards.
• Identity Verification & Fraud Prevention Agencies: To perform KYC checks, prevent fraud, and comply with AML obligations.
• Regulatory Bodies & Law Enforcement: Including the UK Gambling Commission, Information Commissioner's Office (ICO), and other government authorities when legally required or to report suspicious activity.
• Responsible Gambling Organisations: Such as GamStop, to facilitate self-exclusion and support efforts to prevent problem gambling.
• IT Service Providers: For hosting, maintenance, technical support, and security of our website and systems.
• Marketing & Analytics Partners: For website analytics (e.g., Yandex.Metrica, as detailed below) and to manage marketing campaigns.
• Affiliate Partners: We may share anonymised or aggregated data (e.g., number of referred players) or unique referral IDs with our affiliate partners to track commissions. Your direct personal identifying data is not shared for this purpose.
• Professional Advisers: Lawyers, accountants, auditors, and insurers.
• Business Transfers: In the event of a merger, acquisition, or asset sale, your personal data may be transferred to the new entity. We will ensure appropriate safeguards are in place.

6. International Data Transfers (Special Note on Yandex.Metrica)

As an online gambling operator, we operate globally and may need to transfer data outside the UK/EEA. When we do, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the ICO or European Commission, or relying on your explicit consent.

Specific Disclosure: Yandex.Metrica

We use Yandex.Metrica, a web analytics service provided by Yandex LLC, to understand how users interact with our website and improve our services. Yandex.Metrica is operated by a company based in Russia, a country for which the UK and EU currently do not have an adequacy decision regarding data protection.

• What data is transferred: Yandex.Metrica collects anonymised website usage data, such as IP addresses (truncated), device information, pages visited, and interaction events. We configure Yandex.Metrica to minimise the collection of identifiable data and to anonymise IP addresses wherever possible before processing.
• Purpose of transfer: To analyse website traffic, understand user behaviour, identify areas for improvement, and optimise the user experience on https://eyeofmedusa.uk/.
• Mitigation:
  • Anonymisation: We ensure IP addresses are anonymised as much as possible.
  • Data Minimisation: We only send the minimum data necessary for analytics purposes.
  • Consent: Your consent for the use of non-essential cookies and tracking technologies, including Yandex.Metrica, is obtained via our cookie consent banner. You have the right to accept or decline these cookies.
  • Transparency: We are disclosing this practice transparently in this Privacy Policy.
• Your choice: You can manage your cookie preferences through our cookie consent tool or by adjusting your browser settings. You can also opt-out of Yandex.Metrica directly by following instructions on Yandex's website (e.g., using a browser add-on).

We continuously monitor the legal landscape and available tools to ensure that any international data transfers, particularly concerning Yandex.Metrica, are conducted with the utmost care for your privacy and in compliance with evolving regulations.

7. Data Security

We implement robust technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. These measures include:

• Encryption: Using SSL/TLS encryption for all data transmitted between your browser and our servers.
• Access Controls: Restricting access to personal data to authorised personnel only, based on a "need-to-know" basis.
• Firewalls & Intrusion Detection Systems: To prevent unauthorised network access.
• Regular Security Audits: Conducting periodic assessments of our systems and processes.
• Data Minimisation: Collecting only the data necessary for stated purposes.
• Employee Training: Ensuring all staff are trained on data protection and security best practices.
• PCI DSS Compliance: Ensuring our payment processing partners adhere to the Payment Card Industry Data Security Standard.

While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach, we have procedures in place to assess and address it promptly, including notifying relevant authorities and affected individuals where required by law.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Account Data: Typically retained for the duration of your active account and for a period thereafter (e.g., 5-7 years) to comply with legal obligations (AML, gambling regulations, tax laws) and to resolve disputes.
• Responsible Gambling Data: Information related to self-exclusion or limits may be kept indefinitely to ensure we can uphold your choices and protect you.
• Gameplay Data: Retained for regulatory auditing, dispute resolution, and game fairness verification, often for several years.
• Marketing Consent: Retained until you withdraw consent or for a reasonable period thereafter to manage your preferences.
• Website Usage Data (Yandex.Metrica): Typically retained for a shorter period, often 90 days to 1 year, depending on configuration and purpose.

Once data is no longer required, we will securely delete or anonymise it.

9. Your Data Protection Rights

Under UK GDPR, you have several important rights regarding your personal data:

• The Right to Be Informed: To receive clear, transparent, and easily understandable information about how we use your data and your rights (this Privacy Policy).
• The Right of Access: To request a copy of the personal data we hold about you.
• The Right to Rectification: To request that we correct any inaccurate or incomplete personal data we hold about you.
• The Right to Erasure (Right to Be Forgotten): To request that we delete your personal data in certain circumstances (e.g., if the data is no longer necessary for the purpose it was collected, or you withdraw consent). Please note that due to our extensive legal and regulatory obligations as a gambling operator, this right is not absolute and may be subject to limitations.
• The Right to Restrict Processing: To request that we limit the way we use your personal data in certain circumstances (e.g., if you contest the accuracy of the data).
• The Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• The Right to Object to Processing: To object to our processing of your personal data where we are relying on legitimate interests or for direct marketing purposes.
• Rights in Relation to Automated Decision-Making and Profiling: To object to decisions based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. We do not use automated decision-making that has such significant effects without human intervention, but we do use profiling for responsible gambling and fraud prevention purposes.
• The Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section below. We may need to verify your identity before fulfilling your request.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (like web beacons and pixels) to enhance your experience on our website, remember your preferences, analyse site usage, and support our marketing efforts.

• What are cookies? Small text files stored on your device when you visit a website.
• Types of cookies we use:
  • Strictly Necessary Cookies: Essential for the website to function (e.g., security, account login, remembering your bet size preferences for "Eye of Medusa").
  • Performance/Analytical Cookies: Help us understand how visitors use our site, which pages are most popular, and identify technical issues (e.g., Yandex.Metrica cookies).
  • Functionality Cookies: Remember your preferences (e.g., language, sound settings for "Eye of Medusa").
  • Targeting/Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns (including for affiliate tracking).
• Your Control: You have control over cookies. Our website uses a cookie consent management platform, allowing you to accept or decline different categories of cookies (except strictly necessary ones). You can also manage cookie preferences through your browser settings. Please note that disabling certain cookies may impact the functionality and experience of our website and the "Eye of Medusa" game.

For more detailed information on the cookies we use, their purpose, and how to manage them, please refer to our dedicated Cookie Policy.

11. Responsible Gambling

We are deeply committed to responsible gambling. We use your data to identify potential signs of problem gambling and to offer support. Our systems monitor gameplay patterns, bet limits, and self-exclusion requests to ensure we comply with our UKGC obligations and protect our players.

We provide various tools to help you manage your gambling:

• Deposit Limits
• Loss Limits
• Session Limits
• Time-Outs
• Self-Exclusion (for specified periods or permanently)

If you feel you are developing a gambling problem, we strongly encourage you to seek help from independent organisations:

• GamCare: Free information, advice, and support for anyone affected by problem gambling in the UK. (www.gamcare.org.uk)
• GamStop: A free service that lets you self-exclude from all online gambling companies licensed in Great Britain. (www.gamstop.co.uk)
• BeGambleAware: Provides information to help people make informed decisions about their gambling. (www.begambleaware.org)

12. Children's Privacy

Our services are strictly for individuals aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have inadvertently collected personal information from a child, we will take immediate steps to delete that information from our records.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. Any changes will be posted on this page, and we will update the "Last Updated" date at the top of the policy. For significant changes, we may notify you via email or through prominent notices on our website. We encourage you to review this policy periodically.