burger icon
Play Boom United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how personal data is collected and processed when you use the Play Boom version of the Play Boom service provided via pleybooms.com (the "Site"). It applies to all visitors, prospective players, registered account holders, and individuals who contact us or interact with our services, whether or not they are ultimately permitted to gamble due to regional restrictions (including residents of the United Kingdom).

We describe what information we observe about you, how we expand its use for clearly defined purposes, and how we reflect your choices and rights under applicable data protection laws.

This Privacy Policy is effective from 06 November 2025 and reflects our understanding of applicable data protection law as of January 2025, with continued application into 2026 unless replaced or updated. It should be read together with our Terms and Conditions and any other notices displayed on the Site.

Who We Are

Observe: This section identifies the company responsible for your personal data and how you can contact us.

Operator and Data Controller

The Play Boom service available via the Play Boom version of pleybooms.com is operated by:

Hero Gaming Limited
Level 0, Spinola Park,
Triq Mikiel Ang Borg,
St Julians SPK 1000,
Malta

Hero Gaming Limited is a limited company incorporated under the laws of Malta and is the licence holder for online gaming services under the Malta Gaming Authority licence number MGA/B2C/313/2015. Hero Gaming Limited is also the operator of the "Boom Casino" brand and related gamification products.

For the purposes of the UK General Data Protection Regulation ("UK GDPR") and, where applicable, the EU General Data Protection Regulation ("EU GDPR"), Hero Gaming Limited acts as the data controller for personal data processed via pleybooms.com, including the Play Boom version of the Site.

Regulatory Context and UK-Specific Note

As of January 2025, Hero Gaming Limited holds the above-mentioned MGA licence and does not hold an active licence with the UK Gambling Commission ("UKGC"). The United Kingdom is listed as a restricted territory in our Terms and Conditions, and the Site is not intended to be used by persons located in the UK for gambling purposes. Protections that depend on UKGC licensing (such as GamStop, IBAS and UK-specific dispute schemes) do not apply to our gambling services.

However, if we process personal data of individuals located in the UK (for example because they access or visit pleybooms.com, or contact us), we still process that data in line with UK data protection law, including the UK GDPR and the Data Protection Act 2018.

Data Protection Contact

Data Protection Officer (DPO)
Hero Gaming Limited
Email: privacy@pleybooms.com (or any replacement privacy contact email indicated on the Site)
Postal: Hero Gaming Limited, Level 0, Spinola Park, Triq Mikiel Ang Borg, St Julians SPK 1000, Malta

You may also contact us through any customer support or privacy contact forms provided on the Site.

Regulatory and geographic information reflected in this Privacy Policy has been verified against public sources including, as of January 2025, the Malta Gaming Authority licence register, the UKGC public register, and publicly available player reports (e.g. specialist forums and consumer feedback), to ensure accuracy of our licensing and territorial status.

What Personal Data We Collect

Observe: We identify the types of personal data we receive about you when you visit or use the Play Boom version of pleybooms.com.
Expand: We explain how these categories arise from your interactions with our services.
Reflect: This classification helps you understand and exercise control over our use of your data.

Identification and Contact Data

  • Basic personal details: full name, date of birth, nationality, place of residence, and proof of identity (e.g. copy of ID, passport, driving licence).
  • Contact details: email address, telephone number, postal address, and any other contact information you choose to provide.
  • Account information: username, password (stored using secure hashing), security questions, account preferences, language and currency settings.

KYC, AML and Payment Data

  • KYC/verification data: documents or data collected to comply with "Know Your Customer" and anti-money laundering ("AML") rules, including identity documents, proof of address, source of funds or wealth information, and results of checks against sanctions and politically exposed person ("PEP") lists.
  • Payment data: partial payment card details (masked card number, expiry date), bank account information, e-wallet details, payment transaction identifiers, deposits, withdrawals, chargeback information, and related payment provider information. We do not store your full card details if this is handled directly by our payment processors.

Technical and Usage Data

  • Technical identifiers: IP address, approximate location derived from IP, device identifiers, browser type and version, operating system, screen resolution, language settings, and information about the device or connection you use to access pleybooms.com.
  • Log data: access dates and times, pages visited, clicks, referring/exit URLs, errors, session duration, and similar log information.
  • Security and geo-blocking data: data related to suspected use of VPNs, proxies or similar technologies, device fingerprinting elements, signals used to enforce territorial restrictions (for example, the UK being a restricted/geo-blocked territory), and data related to account security reviews.

Behavioral and Gambling-Related Data

  • Gameplay data: game selections, bet amounts, wins and losses, bonus usage, tournament participation, and in-game behaviours (such as frequency and duration of sessions).
  • Interaction data: clicks, navigation paths, response to offers, participation in promotions, and use of responsible gambling tools (e.g. deposit limits, reality checks, self-exclusion, time-outs).

Communications and Customer Support Data

  • Support records: copies of emails, chat logs, support tickets, call recordings where permitted, and other communications with customer support, compliance or the DPO.
  • Complaints and disputes: information you provide when raising a complaint, initiating a dispute, or contacting regulators regarding our services.

Cookies and Similar Technologies

  • Cookies: session cookies, persistent cookies, and first- or third-party cookies set for security, functionality, analytics, and advertising (described in more detail in the Cookies & Tracking Technologies section).
  • Tracking technologies: pixel tags, web beacons, SDKs, and device identifiers used for analytics and marketing (where allowed by law and your consent).

We do not knowingly collect personal data from individuals under 18. If we become aware that an underage person has provided personal data, we will take reasonable steps to delete it and, where relevant, close any related account.

Legal Basis for Processing

Observe: We identify the legal grounds relied upon when processing your personal data.
Expand: We link these bases to typical processing activities on pleybooms.com.
Reflect: Understanding the legal basis helps you assess and exercise your rights.

Performance of a Contract

We process personal data where necessary to enter into and perform a contract with you, including:

  • creating and managing your Play Boom account on pleybooms.com;
  • processing deposits, wagers and withdrawals;
  • providing games, bonuses, promotions and loyalty programmes (where permitted);
  • providing customer support and handling your requests;
  • verifying your identity, age and eligibility where required to provide services.

Compliance with Legal Obligations

We process personal data where necessary to comply with legal and regulatory obligations that apply to Hero Gaming Limited, including under Maltese law, EU/EEA law, and, where applicable, UK law and other local laws:

  • carrying out KYC, AML and counter-terrorist financing checks;
  • verifying your age and preventing underage gambling;
  • maintaining accounting and tax records;
  • complying with requests and orders from regulators, supervisory authorities, law enforcement, courts or other public authorities (for example, the Malta Gaming Authority, the Information Commissioner's Office in the UK, or other competent authorities);
  • complying with record-keeping obligations, including retention of transaction and identification data for specific minimum periods.

Legitimate Interests

We process personal data based on our legitimate interests, carefully balanced against your rights and freedoms. These interests include:

  • Security and fraud prevention: detecting and preventing fraud, abuse of bonuses, money laundering, account takeovers, use of VPNs or proxies to circumvent geo-blocking (including access from restricted countries such as the UK or the USA), and other violations of our Terms and Conditions.
  • Service improvement and analytics: conducting statistical and analytical studies of how pleybooms.com is used, improving our games, site functionality, and user experience.
  • Business operations: managing our business, ensuring continuity, conducting audits, and defending or enforcing legal claims.
  • Personalisation: tailoring content and offers, where allowed by law and your preferences.

Where we rely on legitimate interests, we perform a balancing test and implement safeguards such as data minimisation and access controls.

Consent

In some cases, we rely on your consent, which you may withdraw at any time:

  • sending direct electronic marketing (e.g. emails, SMS, push notifications) where consent is required under applicable law;
  • placing and reading non-essential cookies and similar technologies for personalised advertising and advanced analytics, as described in the Cookies section;
  • collecting or using certain optional data you choose to provide.

Where we request your consent, we will explain what you are consenting to and how you can withdraw it, typically via your account settings, cookie tools, or by contacting us.

Purpose of Processing

Observe: We identify the main purposes for which personal data is used.
Expand: We link each purpose to relevant data categories and activities.
Reflect: This helps you understand why specific data is needed and how it affects you.

Provision of Services and Account Management

  • Setting up and managing your Play Boom account on pleybooms.com, including the Play Boom version of the Site.
  • Processing deposits, wagers, game play, bonuses and withdrawals.
  • Providing customer support and communicating with you about your account, transactions, security alerts and service updates.

Regulatory Compliance and Risk Management

  • Carrying out KYC/AML checks, age verification and other regulatory checks required under Maltese law, EU/EEA rules, and (where applicable) UK and other local regulations.
  • Detecting and preventing fraud, bonus abuse, money laundering, use of VPNs or other tools to bypass geo-blocking, and other breaches of our Terms and Conditions.
  • Maintaining records to comply with audit, tax, accounting and reporting obligations.

Improvement, Analytics and Personalisation

  • Analysing how visitors and players use pleybooms.com to improve functionality, performance, game selection and user experience.
  • Testing and developing new features, products and services.
  • Customising content, recommendations and offers based on your activity and preferences, where allowed by law and your settings.

Marketing and Promotions

  • Sending marketing communications (such as newsletters, promotional offers and bonus information) by email, SMS, push notifications or on-site messages, where permitted by law and your preferences.
  • Running surveys, competitions, loyalty programmes and promotional campaigns, including tracking participation and outcomes.

Dispute Resolution and Legal Claims

  • Investigating and resolving complaints, disputes, chargebacks and regulatory investigations.
  • Establishing, exercising or defending legal claims, including sharing information with legal advisers, courts, regulators or alternative dispute resolution bodies where necessary.

Disclosure & Sharing

Observe: We identify the main categories of recipients who may receive your personal data.
Expand: We explain when and why data is shared.
Reflect: We describe safeguards to protect your data when it is disclosed.

Group Companies and Operational Partners

  • Group entities: other entities within the Hero Gaming group that help provide, maintain or improve our services, subject to appropriate intra-group data protection arrangements.
  • Payment service providers: banks, card schemes, e-wallet providers and other payment processors who handle deposits, withdrawals and chargebacks. They receive data necessary to process your payment and comply with their own legal obligations.
  • Technical and hosting providers: IT service providers, data centres, cloud hosting providers, customer support platforms, communication tools and security vendors who assist in operating pleybooms.com.

Verification, Analytics and Marketing Providers

  • KYC/AML and verification partners: providers that support identity verification, sanctions screening, fraud prevention and risk scoring.
  • Analytics providers: third-party analytics tools that help us understand site usage patterns and performance, using aggregated or pseudonymised data where possible.
  • Marketing and advertising partners: where permitted by law and your consent, we may share limited data (such as cookie identifiers or hashed contact details) with marketing networks, affiliates and advertising platforms for campaign management and measurement.

Affiliates and Referrers

  • We may share limited information (such as registration or conversion status, country and anonymised identifiers) with affiliate partners who referred you to pleybooms.com, for commission and performance reporting. We do not share your full payment details with affiliates.

Regulators, Authorities and Dispute Bodies

  • Regulators and authorities: the Malta Gaming Authority (MGA), financial intelligence units, tax authorities, law enforcement, data protection authorities (such as the Information Commissioner's Office in the UK or, where relevant, the Mexican data protection authority), and other public bodies may receive data where we are legally obliged to provide it.
  • Dispute resolution bodies: alternative dispute resolution services or regulatory complaint channels, such as the MGA player complaint portal, may receive data when you lodge a complaint or when we need to respond to a dispute.
  • Courts and legal advisers: we may share data with lawyers, auditors and courts where necessary to establish, exercise or defend legal claims.

Corporate Transactions

  • In the event of a merger, acquisition, restructuring, sale of assets or similar corporate transaction involving Hero Gaming Limited or the Play Boom brand, your personal data may be disclosed to prospective or actual buyers and their advisers, subject to appropriate confidentiality and data protection safeguards.

We do not sell your personal data for monetary consideration. Any sharing for marketing or analytics is done under strict contracts and, where required, is based on your consent and subject to opt-out mechanisms.

International Transfers

Observe: We explain where personal data may be processed geographically.
Expand: We set out the safeguards used when data leaves your jurisdiction.
Reflect: We provide assurance that your data remains protected internationally.

Transfers Within the EEA/UK

Hero Gaming Limited is established in Malta, which is a member of the European Economic Area (EEA). When personal data of individuals in the UK is transferred between the UK and Malta or other EEA states, such transfers are generally permitted on the basis of adequacy decisions and equivalent data protection laws (EU GDPR and UK GDPR). We maintain appropriate contracts and technical measures to protect this data.

Transfers to Countries Outside the EEA/UK

Some of our service providers, technical partners, support teams or group entities may be located in, or may process personal data from, countries outside the EEA and the UK that may have different levels of data protection. In such cases, we implement safeguards required by law, including:

  • Standard Contractual Clauses ("SCCs"): using EU and/or UK-approved SCCs with additional protections where necessary.
  • UK Addendum or IDTA: where UK data is transferred, we apply the UK International Data Transfer Addendum or the International Data Transfer Agreement as appropriate.
  • Technical and organisational measures: encryption in transit and at rest, strict access controls, and data minimisation.

Regional Compliance Note

International transfers are assessed in light of current guidance from regulators (including the ICO in the UK and the European Data Protection Board). Where Mexican data protection law applies (for example, for users located in Mexico), we will also consider Mexican cross-border transfer requirements and ensure that equivalent levels of protection are provided, including by contract and technical safeguards.

Data Retention

Observe: We identify how long different categories of data are kept.
Expand: We explain the legal or business reasons for these periods.
Reflect: Retention limits help ensure that data is not kept longer than necessary.

General Principles

We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including to meet legal, accounting, regulatory or reporting requirements. When determining appropriate retention periods, we consider the nature and sensitivity of the data, potential risk of harm, our contractual and legal obligations, and your expectations.

Illustrative Retention Periods

  • Account and identification data: generally kept for the duration of your account and, after closure, typically for up to 5 years (or longer where required) to meet AML, regulatory and record-keeping obligations and to defend legal claims.
  • Transaction and payment data: usually retained for at least 5 years after the relevant transaction and, in some cases, longer where required by tax, accounting or AML laws.
  • Technical and log data: kept for shorter periods, typically from a few months up to 2 years, unless required for ongoing security investigations or legal claims.
  • Marketing data: retained while you remain subscribed to marketing communications and for a limited period (e.g. up to 2 years) after you unsubscribe, solely to maintain suppression lists and demonstrate compliance.
  • Complaint and dispute data: retained for the duration of the complaint or dispute and for as long as necessary thereafter (often up to 5 years or longer if legally required) to establish, exercise or defend legal claims.

Deletion and Anonymisation

When personal data is no longer needed, we will either delete it securely or anonymise it so it can no longer be linked to you. You may also request deletion in specific circumstances (see "Your Rights"). If we are legally obliged to retain certain data, we will restrict its use to the fulfilment of those obligations only.

Your Rights

Observe: We set out the rights that you have over your personal data.
Expand: We explain how UK GDPR, EU GDPR and, where applicable, Mexican law frame these rights.
Reflect: We describe how you can exercise these rights and how we respond.

Rights Under UK and EU Data Protection Law

If you are located in the UK or the EEA, or if UK/EU data protection law otherwise applies to our processing of your personal data, you have the following rights (subject to conditions and legal limitations):

  • Right of access: to obtain confirmation whether we process your personal data and to receive a copy of it.
  • Right to rectification: to request correction of inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): to request deletion of your personal data where there is no valid reason for us to continue processing it (for example, where it is no longer needed for the purposes for which it was collected, or where you have withdrawn consent and there is no other legal basis), subject to retention obligations.
  • Right to restriction of processing: to request that we restrict the processing of your data in specific circumstances (e.g. while we verify its accuracy or assess an objection).
  • Right to object: to object to processing based on our legitimate interests, including profiling, and to object to direct marketing at any time.
  • Right to data portability: to receive personal data you provided to us in a structured, commonly used and machine-readable format and to request that we transmit it to another controller where technically feasible.
  • Right to withdraw consent: where processing is based on your consent (for example, marketing or non-essential cookies), you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

Additional Alignment with Mexican Privacy Law

If you are located in Mexico and Mexican data protection law applies, you may also have rights under the Federal Law on the Protection of Personal Data Held by Private Parties and related regulations, including "ARCO" rights:

  • Access: to know what personal data we hold about you and the conditions of its processing.
  • Rectification: to request correction of inaccurate or incomplete data.
  • Cancellation: to request that we stop processing and delete your data in certain circumstances, subject to legal retention duties.
  • Opposition: to object to specific processing activities, particularly where they are not necessary for our relationship or required by law.

We will consider Mexican-specific requirements (for example, where express consent is required) in addition to UK/EU standards when they apply to you.

How to Exercise Your Rights

You can exercise your rights by:

  • contacting our DPO at privacy@pleybooms.com; or
  • using any dedicated privacy or contact forms available on pleybooms.com.

To protect your data, we may need to verify your identity before responding to your request. We aim to respond within one month (30 days) of receiving a valid request. This period may be extended by up to two further months for complex or multiple requests, in which case we will inform you of the extension and the reasons for it.

Exercising your rights is generally free of charge. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, especially where they are repetitive.

Cookies & Tracking Technologies

Observe: We describe the types of cookies and similar technologies used on pleybooms.com.
Expand: We explain their purposes and how they interact with your personal data.
Reflect: We outline how you can manage your preferences.

Types of Cookies

  • Session cookies: temporary cookies that remain on your device only while your browser is open. They enable core functionality such as staying logged in and navigating between pages.
  • Persistent cookies: cookies that remain on your device for a defined period or until you delete them. They support features such as remembering your preferences and login details.
  • First-party cookies: cookies set directly by pleybooms.com for essential and functional purposes.
  • Third-party cookies: cookies set by external providers (such as analytics services or advertising networks) to provide analytics, security or marketing functionality.

Purposes of Cookies and Tracking

  • Strictly necessary/functional: required for the Site to operate, including security, page navigation, session management, and features such as language and region selection.
  • Analytics and performance: help us understand how visitors use the Site (pages visited, time spent, technical performance) so we can improve functionality and content.
  • Advertising and personalisation: used, where permitted by law and your consent, to deliver and measure personalised offers and marketing communications, and to avoid showing you the same adverts repeatedly.

Managing Cookies and Preferences

  • You may manage your cookie preferences through any cookie banner or settings tool provided on pleybooms.com, where you can consent to or reject specific categories (other than strictly necessary cookies).
  • You can also adjust your browser settings to block or delete cookies. However, blocking certain cookies may affect the functionality or performance of the Site.
  • Some third-party advertising and analytics providers offer their own opt-out mechanisms; we may provide links to these in our cookie interfaces or on the Site where relevant.

Data Security

Observe: We recognise the sensitivity of the data processed via pleybooms.com.
Expand: We describe technical and organisational measures implemented to protect it.
Reflect: We aim to continually assess and improve our security posture.

Technical Security Measures

  • Encryption in transit: data transmitted between your browser and our servers is protected using TLS 1.2 or higher (HTTPS) to reduce the risk of interception.
  • Encryption at rest: sensitive data fields are stored using strong encryption or hashing algorithms, with keys managed according to industry best practices.
  • Access control: internal access to systems and databases is restricted based on role and "need to know" principles, using strong authentication mechanisms and, where appropriate, multi-factor authentication.
  • Network and system security: firewalls, intrusion detection/prevention systems, anti-malware controls and regular security patching are used to reduce vulnerabilities.

Organisational and Procedural Measures

  • Security policies and training: staff are subject to confidentiality obligations and receive training on data protection, security and responsible handling of customer data.
  • Vendor due diligence: third-party service providers who process personal data on our behalf are required to implement appropriate security measures and are bound by data processing agreements.
  • Regular audits and testing: we carry out internal reviews, and may engage external experts, to test our systems and processes, benchmarked against recognised standards such as ISO 27001 or SOC 2 where applicable.
  • Incident response: we maintain procedures for identifying, assessing and responding to suspected personal data breaches. Where required by law, we will notify relevant authorities and affected individuals without undue delay.

While no system can be guaranteed as completely secure, we take reasonable and appropriate steps to protect your personal data, continuously reviewing our measures in light of evolving threats and regulatory expectations.

Complaints & Contacts

Observe: We recognise that you may wish to raise questions, concerns or complaints.
Expand: We define clear channels and procedures for doing so.
Reflect: We outline escalation options to supervisory authorities.

Contacting Us or Our DPO

If you have questions about this Privacy Policy or our handling of your personal data, or if you wish to exercise your rights, you can contact:

Data Protection Officer (DPO)
Hero Gaming Limited
Email: privacy@pleybooms.com
Postal: Hero Gaming Limited, Level 0, Spinola Park, Triq Mikiel Ang Borg, St Julians SPK 1000, Malta

You may also use any customer support or privacy-specific contact forms available on pleybooms.com.

Internal Complaint Procedure

  1. Submission: Send your complaint or query (including relevant details and any supporting evidence) to our DPO or via the Site's contact mechanisms.
  2. Acknowledgement: We aim to acknowledge receipt of your complaint within a reasonable period, typically within a few working days.
  3. Investigation: We will investigate your concerns, which may require us to request additional information from you to clarify the facts.
  4. Response: We aim to provide a substantive reply within one month (30 days) of receiving a complete complaint. For complex matters, this period may be extended in line with applicable law, and we will inform you of any extension.
  5. Resolution and follow-up: We will explain the outcome and any steps we will take. Where we do not fully uphold your complaint, we will inform you of your further options.

Escalation to Supervisory Authorities

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that your data protection rights have been infringed.

  • United Kingdom: If UK data protection law applies to your case, you may contact the Information Commissioner's Office (ICO):
    Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
    Website: https://ico.org.uk
    Telephone (UK): +44 303 123 1113
  • European Economic Area: If EU GDPR applies, you can lodge a complaint with your local data protection authority. A list is available from the European Data Protection Board at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
  • Mexico: If Mexican privacy law applies to you, you may contact the Mexican data protection authority, the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI):
    Website: https://home.inai.org.mx

For matters specifically related to gambling services under our Malta Gaming Authority licence, you may use the MGA's player complaint portal:

Malta Gaming Authority - Player Complaints
Website: https://mga.org.mt/player-hub/lodge-a-complaint/

Updates

Observe: Our services, regulatory landscape and data practices may evolve.
Expand: We explain how and when this Privacy Policy may change.
Reflect: We describe how you will be informed and your options.

Policy Changes and Version Control

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, regulatory guidance, or technical developments affecting pleybooms.com. The "Last updated" date at the end of this Policy indicates the most recent revision.

Where changes are material (for example, significantly altering how we use your data, introducing new processing purposes, or affecting your rights), we will:

  • notify you by email to the address associated with your account (where available);
  • display a prominent notice on the Site (such as a banner or pop-up); and/or
  • provide alerts within your account dashboard, where relevant.

Notice Period and Your Choices

For material changes that materially affect your rights or the way we process your data, we will, where practicable, provide at least 30 days' advance notice before the new version takes effect, unless immediate implementation is required by law or regulatory instruction.

If you do not agree with a revised Privacy Policy, you may choose to stop using the Play Boom version of pleybooms.com and, where applicable, request account closure and deletion or restriction of your data in accordance with applicable law. Continued use of the Site after the effective date of any update will be taken as your acknowledgement of the updated Policy, to the extent permitted by law.

Last updated: 06 November 2025.