burger icon
Sparkle Slots United Kingdom
Log In

Privacy Policy

This privacy policy explains how Sparkle Slots, operated at sparcleslots.com, collects, uses, discloses, and protects your personal data when you visit our website or use our online casino services. It applies to all website visitors, registered players, and individuals who interact with us through sparcleslots.com in connection with the Sparkle Slots profile. The policy reflects requirements under UK data protection and gambling regulations and is designed to be clear and understandable while remaining legally precise. This privacy policy is effective from 6 November 2025 and replaces all earlier versions.

Who We Are

OBSERVE: Identifying the legal operator, regulatory framework, and contact channels is essential for transparency and accountability under UK GDPR and the Data Protection Act 2018.

EXPAND: We therefore clearly set out our corporate identity, licensing context, and data protection contacts relevant to Sparkle Slots and sparcleslots.com.

REFLECT: This section enables you, regulators, and supervisory authorities to know who is responsible for your data and how to reach us.

Operator and Legal Entity

  • Operator: The Sparkle Slots brand available at sparcleslots.com is operated by ProgressPlay Limited.
  • Legal name: ProgressPlay Limited (a limited company incorporated in Malta).
  • Registered address: Soho Office, 3A, Punchbowl Centre, Elia Zammit Street, St. Julians, STJ3154, Malta.
  • Company registration number: C58305, registered in Malta.
  • Gambling licences:
    • United Kingdom: UK Gambling Commission ("UKGC") licence no. 39335 for remote gambling services to UK players (including Sparkle Slots) - active as of 2025.
    • Malta / MGA markets: Malta Gaming Authority ("MGA") licence no. MGA/B2C/231/2012 - active as of 2025 for certain non-UK markets (e.g. Canada, New Zealand).
  • Relationship to brand: Sparkle Slots is a white-label "skin" running on the ProgressPlay platform, sharing infrastructure, games, payments, and support with other ProgressPlay brands.

Data Controller Status

  • For UK players and visitors: ProgressPlay Limited is the "data controller" for personal data processed via sparcleslots.com under UK GDPR and the Data Protection Act 2018.
  • For non-UK players in MGA-covered markets: ProgressPlay Limited is the data controller under applicable EU/Malta data protection rules to the extent they apply.

Data Protection Contact

  • Primary contact email: [email protected] (please mark emails "FAO Data Protection Officer").
  • Postal contact (data protection): Data Protection Officer, ProgressPlay Limited, Soho Office, 3A, Punchbowl Centre, Elia Zammit Street, St. Julians, STJ3154, Malta.
  • Website: https://sparcleslots.com
  • We may update contact details from time to time; the latest information will always be available on this privacy policy page.

What Personal Data We Collect

OBSERVE: We collect different categories of data so that we can operate an online gambling service safely, legally, and efficiently.

EXPAND: These categories include identification data, contact data, technical identifiers, payment information, behavioural and transactional data, and cookie-based information.

REFLECT: Understanding what we collect allows you to make informed decisions and exercise your rights.

Identification and Contact Data

  • Registration data: Full name, username, title, date of birth, and gender (where provided).
  • Contact details: Email address (for example the address used to contact [email protected]), residential address, country of residence, telephone number (if provided).
  • Verification data (KYC/AML): Copies of identity documents (passport, ID card, driving licence), proof of address, proof of payment method ownership, and Source of Wealth/Source of Funds information where required by UKGC and AML regulations.

Account, Gaming and Behavioural Data

  • Account data: Account settings, language and currency preferences, bonus balances, self-exclusion and responsible gambling settings (including GamStop registration where applicable).
  • Gaming data: Game preferences, bet sizes, stakes, wins and losses, session lengths and time of play, game crashes and errors.
  • Behavioural data: Clicks, navigation paths, time spent on pages, referral sources, and interactions with on-site messages and promotions.

Technical and Device Data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, screen resolution, and language settings.
  • Log data: Access dates and times, login attempts, session tokens, error logs, and other system logs used to secure your account and the platform.

Payment and Financial Data

  • Payment instruments: Limited card details (tokenised or truncated as provided by the payment processor), e-wallet identifiers, bank account information (where required), and "pay by phone" billing references.
  • Transaction data: Deposits, withdrawals, bonus credits, chargebacks, fees, currency, and timestamps.
  • Sensitive card data is processed primarily by our payment providers; we do not store full card numbers or CVV codes.

Cookies and Similar Technologies

  • Cookie identifiers: Unique identifiers linked to your browser or device.
  • Tracking technologies: Cookies, web beacons, pixels, local storage, and similar technologies used for security, functionality, analytics, and marketing (see "Cookies & Tracking Technologies").

Legal Basis for Processing

OBSERVE: UK GDPR requires that each processing activity rests on a clear legal basis.

EXPAND: We rely on different legal grounds depending on the specific purpose and context of the processing.

REFLECT: This section links your data to the corresponding legal bases so you understand why we process it.

Performance of a Contract

  • Creating, managing and operating your Sparkle Slots account on sparcleslots.com.
  • Processing deposits, bets, game play and withdrawals, including "pay via phone" and other payment options.
  • Providing customer support, handling queries to [email protected], and resolving transactional issues.
  • Administering promotions and bonuses in line with our Terms and Conditions and bonus rules.

Legal Obligations

  • Complying with UK gambling regulations, including UKGC licence conditions and codes of practice, and, where applicable, MGA requirements for non-UK markets.
  • Carrying out identity verification (KYC), age verification, anti-money laundering (AML) checks, and Source of Wealth/Source of Funds assessments.
  • Meeting record-keeping and reporting obligations to regulators, tax authorities, financial intelligence units and law enforcement (for example, in relation to suspicious transactions).
  • Honouring self-exclusion obligations, including integration with GamStop and internal self-exclusion systems.

Legitimate Interests

  • Maintaining and improving our platform, games and services, including troubleshooting and performance optimisation.
  • Preventing, detecting and investigating fraud, abuse, bonus misuse, money laundering, and other prohibited or harmful behaviour.
  • Protecting the integrity and security of our systems, users and business, including risk management and audit functions.
  • Conducting non-intrusive analytics (for example, aggregated statistics on game performance) to improve user experience and product offerings.
  • Defending and enforcing legal claims, managing disputes and regulatory investigations. This includes addressing historical regulatory findings, such as the UKGC settlement in May 2022 relating to social responsibility and AML, and strengthening our controls accordingly.

Consent

  • Sending direct marketing communications (for example, email, SMS or push notifications) where required by law.
  • Placing and reading certain analytics and advertising cookies that are not strictly necessary for the service.
  • Sharing data with selected partners for marketing or personalised advertising where consent is required.

You can withdraw your consent at any time (see "Your Rights"), but this will not affect processing already carried out before withdrawal.

Purpose of Processing

OBSERVE: We use your data for multiple interrelated purposes necessary to run an online casino safely and lawfully.

EXPAND: These purposes range from core service delivery to compliance, analytics and responsible gambling controls.

REFLECT: Each purpose is linked to specific categories of data and legal bases already outlined.

Core Service Delivery

  • Providing access to the Sparkle Slots platform at sparcleslots.com and enabling you to register, log in and play.
  • Processing deposits, wagers, game outcomes and withdrawals, including fees where applicable.
  • Managing your account settings, loyalty or VIP status, bonuses and promotional balances.

Compliance, Risk and Responsible Gambling

  • Verifying your identity, age and location, including geo-blocking restricted countries (for example, the USA, France and Australia).
  • Carrying out ongoing AML monitoring and, where required, early and more frequent Source of Wealth checks (particularly in light of tightened UKGC expectations in 2025).
  • Operating responsible gambling tools, monitoring for markers of harm, and enforcing self-exclusion (including GamStop and group-wide ProgressPlay exclusions).

Service Improvement and Analytics

  • Analysing patterns of play, device information and behaviour to improve games, usability and site stability.
  • Testing new features, games and payment options across the ProgressPlay platform.
  • Compiling anonymised or aggregated statistics for internal reporting and business planning.

Marketing and Personalisation

  • Providing marketing communications where permitted, including targeted offers based on your previous gaming and interaction history.
  • Customising website content (for example, displaying localised offers for UK players) and recommending games you may like.
  • Working with advertising networks and affiliates to track campaign performance, subject to cookie and consent settings.

Security, Disputes and Enforcement

  • Protecting accounts, detecting suspicious logins and preventing unauthorised access.
  • Investigating and resolving complaints, chargebacks, bonus disputes and game errors, including referrals to ADR bodies such as IBAS for gambling-related disputes.
  • Complying with court orders, regulatory investigations, and enforcing our Terms and Conditions.

Disclosure & Sharing

OBSERVE: Operating an online casino involves a controlled ecosystem of partners and authorities.

EXPAND: We share data with carefully selected third parties only where necessary, lawful, and subject to appropriate safeguards.

REFLECT: This section explains who may receive your data and why.

Group and Operational Partners

  • Platform and infrastructure: Internal ProgressPlay entities and trusted IT providers that host and maintain our systems, databases and applications.
  • Game providers: Licensed software providers that supply casino games and may receive limited data (for example, pseudonymous identifiers, game logs) to operate games and investigate technical issues.

Payment and Financial Institutions

  • Banks, card schemes, e-wallet providers, pay-by-phone operators and other payment processors handling deposits, withdrawals and refunds.
  • Payment risk and fraud prevention services, used to detect and prevent unauthorised or illegal transactions.

Service Providers and Professional Advisers

  • Customer support tools and communication platforms used to manage interactions with players.
  • Analytics and security providers helping us monitor system performance and detect incidents.
  • Professional advisers (lawyers, auditors, compliance consultants) who require access for legitimate business, regulatory or legal reasons.

Regulators, Authorities and ADR

  • The UK Gambling Commission and, where applicable, the Malta Gaming Authority in connection with licensing, compliance and reporting.
  • Data protection and supervisory authorities (for example, the UK Information Commissioner's Office and, if relevant, other EU/EEA or Mexican authorities as described later).
  • Law enforcement, courts and other public authorities where required by law or necessary to defend legal claims.
  • Alternative Dispute Resolution (ADR) bodies such as IBAS (https://ibas-uk.com) in the context of gambling disputes.

Affiliates and Marketing Partners

  • Affiliate partners that promote Sparkle Slots and track referrals, usually through pseudonymous identifiers and cookies.
  • Advertising networks and marketing service providers, where permitted by law and your consent settings, for campaign measurement and targeted advertising.

Business Transfers

  • If ProgressPlay Limited restructures, is acquired, or transfers parts of its business, your data may be transferred to a successor entity, subject to equivalent protections and legal requirements.

International Transfers

OBSERVE: Your data may be transferred outside the UK due to our Malta-based incorporation and global infrastructure.

EXPAND: UK GDPR requires additional safeguards for such transfers.

REFLECT: We apply recognised mechanisms to protect your data wherever it is processed.

Where Your Data May Be Transferred

  • Malta and EEA: To ProgressPlay Limited and service providers located in Malta and other European Economic Area (EEA) countries.
  • Non-EEA countries: To carefully selected providers in third countries (for example, cloud hosting, payment, or support providers) where this is necessary to provide our services.

Safeguards for International Transfers

  • Use of UK-approved standard contractual clauses (SCCs), often together with the UK Addendum or the ICO's International Data Transfer Agreement (IDTA), where required.
  • Transfers to countries with an adequacy regulation under UK data protection law, where the UK government has deemed the level of protection essentially equivalent.
  • Technical and organisational measures such as encryption, access controls and strict contractual confidentiality obligations on recipients.

Details of specific transfer safeguards can be provided on request where permitted by law.

Data Retention

OBSERVE: We must retain certain records for defined periods to meet regulatory, AML and operational requirements.

EXPAND: Retention periods vary by data category and purpose, but we do not keep data longer than necessary.

REFLECT: Once data is no longer needed, we delete or irreversibly anonymise it.

General Retention Principles

  • We retain personal data only for as long as necessary to fulfil the purposes described in this policy, including legal, accounting and reporting obligations.
  • When determining retention periods, we consider the amount, nature and sensitivity of the data, the risk of harm from unauthorised use or disclosure, our processing purposes, and applicable legal requirements.

Indicative Retention Periods

  • Account and identification data: Typically kept for up to five (5) years after account closure to comply with AML and gambling regulations and to defend legal claims.
  • Transaction and gaming data: Typically kept for five (5) years from the date of the relevant transaction or game session, subject to longer retention where required by law or necessary for ongoing investigations or disputes.
  • Marketing data: Retained while you remain subscribed to marketing communications and for up to two (2) years after you opt out, to record your preferences and demonstrate compliance.
  • Technical logs and security data: Retained for shorter periods (often from several months up to two (2) years) depending on security and audit needs.

Deletion and Anonymisation

  • When data is no longer needed, we securely delete it or anonymise it so it can no longer be linked to you.
  • In some circumstances, you may ask us to delete your data earlier (see "Your Rights"), although we may need to retain certain information where lawfully required.

Your Rights

OBSERVE: Data protection laws grant you specific rights over your personal data.

EXPAND: These rights exist under UK GDPR and, where relevant, comparable regimes such as EU GDPR and Mexican data protection law.

REFLECT: We describe these rights and how you can exercise them, including timeframes and cost.

Core Rights under UK GDPR

  • Right of access: You can request confirmation that we process your data and receive a copy of your personal data and related information.
  • Right to rectification: You can ask us to correct inaccurate or incomplete personal data (for example, address or contact details).
  • Right to erasure: You can request deletion of your data in certain circumstances (for example, where it is no longer needed, or you withdraw consent and no other legal basis applies). Legal and regulatory obligations may limit this right.
  • Right to restriction: You can ask us to restrict processing in certain situations (for example, while we verify accuracy or assess an objection).
  • Right to object: You can object to processing based on legitimate interests and direct marketing at any time. We will stop processing unless we can demonstrate compelling legitimate grounds or where required for legal claims.
  • Right to data portability: For certain data processed by automated means on the basis of consent or contract, you can request a copy in a structured, commonly used, machine-readable format and ask us to transmit it to another controller where technically feasible.

Marketing and Cookie Consent

  • You can withdraw consent to marketing at any time via account settings (where available), unsubscribe links in emails, or by contacting [email protected].
  • You can change your cookie preferences through our cookie banner or your browser settings (see "Cookies & Tracking Technologies").

Alignment with Mexican Privacy Law (ARCO Rights)

Although Sparkle Slots and sparcleslots.com primarily target UK and certain MGA markets (such as Canada and New Zealand), individuals in Mexico who interact with our services may have rights under Mexican data protection law, including the Federal Law on Protection of Personal Data Held by Private Parties.

  • ARCO rights: Access, Rectification, Cancellation, and Opposition rights are broadly aligned with the access, rectification, erasure and objection rights described above.
  • Where Mexican law applies, we will handle requests in a way that is consistent with both UK and relevant Mexican requirements, to the extent feasible.

How to Exercise Your Rights

  1. Submit a request: Contact us at [email protected] with "Data Subject Request" in the subject line and specify which right you wish to exercise.
  2. Verify your identity: We may request additional information or documentation to confirm your identity and protect your account and data.
  3. Our response time: We aim to respond within one (1) month of receiving a complete request. For complex or multiple requests, this may be extended by up to two (2) additional months, and we will inform you of any extension.
  4. Fees: Requests are handled free of charge. A reasonable fee may only be charged where requests are manifestly unfounded or excessive, for example due to repetition.

Cookies & Tracking Technologies

OBSERVE: Cookies and similar technologies help us operate and improve our site and offer a tailored experience.

EXPAND: Some cookies are essential; others are used for analytics and advertising subject to your choices.

REFLECT: You can manage your preferences and still use the core services, although some features may be affected.

Types of Cookies We Use

  • Session cookies: Temporary cookies that exist only while your browser is open and are deleted when you close it (for example, to keep you logged in during a session).
  • Persistent cookies: Cookies that remain on your device for a defined period (for example, to remember your preferences or recognise you on return visits).
  • First-party cookies: Cookies set directly by sparcleslots.com.
  • Third-party cookies: Cookies set by third parties such as analytics providers, payment providers or advertising networks.

Purposes of Cookies

  • Strictly necessary: Required for the website to function and to provide services you explicitly request (for example, security, load balancing, account login, payment processing).
  • Functional: Used to remember your settings (such as language, region and preferences) and enhance user experience.
  • Analytics: Help us understand how visitors use the site, improve performance, and detect technical issues. Data is typically aggregated and not used to identify you directly.
  • Advertising and marketing: Used to deliver and measure marketing campaigns, track affiliate referrals and provide personalised offers, subject to your consent where required.

Managing Cookies

  • You can manage non-essential cookies via our cookie banner or settings tool (where available) when you first visit the site or at any time afterwards.
  • You can also adjust your browser settings to block or delete cookies. However, disabling strictly necessary cookies may affect the functionality of the website and your ability to log in or play games.

Data Security

OBSERVE: Operating a gambling platform involves processing sensitive financial and behavioural data.

EXPAND: We implement layered technical and organisational measures to protect this data.

REFLECT: While no system is completely risk-free, our controls are designed to reduce risks to an appropriate level and to comply with regulatory expectations.

Technical Security Measures

  • Encryption in transit: Data transmitted between your browser and our servers is protected using TLS 1.2 or higher.
  • Encryption at rest: Sensitive data is stored using industry-standard encryption and hashing mechanisms where appropriate.
  • Access controls: Access to systems and databases is restricted based on role and business need, with strong authentication mechanisms and logging.
  • Network and application security: Firewalls, intrusion detection and prevention systems, and regular vulnerability assessments are used to protect our infrastructure.

Organisational and Procedural Controls

  • Documented security and data protection policies, reviewed and updated on a regular basis in line with regulatory developments and lessons learned (including from past UKGC actions).
  • Staff training on data protection, AML and responsible gambling obligations, with periodic refreshers.
  • Background checks and confidentiality commitments for relevant staff, consistent with legal and regulatory requirements.
  • Alignment of our security controls with recognised international standards such as ISO 27001 and SOC 2, where appropriate, even if we do not publicly claim formal certification.

Incident Response

  • We maintain incident detection, reporting and response procedures to manage suspected or actual data breaches.
  • Where a breach poses a risk to your rights and freedoms, we will notify the appropriate supervisory authority and, where required, affected individuals, in accordance with legal timeframes.

Complaints & Contacts

OBSERVE: You may wish to ask questions, exercise rights, or raise concerns about how we handle your data.

EXPAND: We offer internal channels and, if needed, access to supervisory authorities.

REFLECT: This section explains how to contact us and escalate concerns.

Contacting Us

  • Email (primary): [email protected] - for general queries, rights requests and privacy concerns (mark emails "FAO Data Protection Officer").
  • Postal address: Data Protection Officer, ProgressPlay Limited, Soho Office, 3A, Punchbowl Centre, Elia Zammit Street, St. Julians, STJ3154, Malta.

Internal Complaint Procedure

  1. Submit your complaint: Contact us by email or post with a clear description of your concern and any relevant account details.
  2. Acknowledgement: We will acknowledge receipt of your complaint within a reasonable period, typically within five (5) business days.
  3. Investigation: We will review your complaint, consult relevant internal teams (for example, security, compliance, customer support), and may request additional information.
  4. Response: We aim to provide a substantive response within one (1) month. For complex cases, we may extend this timeframe and will notify you of the extension and reasons.
  5. Further steps: If you remain dissatisfied, you may have the right to escalate to a supervisory authority.

Supervisory Authorities and Escalation

  • United Kingdom (primary): If you are in the UK or your issue relates to UK data protection law, you can lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk.
  • European Union / EEA: If EU/EEA data protection law applies to you, you may lodge a complaint with your local data protection authority in your country of residence or work.
  • Mexico: If Mexican data protection law applies to your situation, you may lodge a complaint with the competent authority (for example, the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales - INAI).

Nothing in this section limits any rights you may have to seek judicial remedies.

Updates

OBSERVE: Data protection and gambling regulations evolve over time, particularly under increased UK regulatory scrutiny.

EXPAND: We may revise this policy to reflect changes in law, guidance, our services, or our internal practices.

REFLECT: We aim to keep you informed about material changes in a transparent and timely manner.

How We Will Notify You

  • On-site notifications: We may display banners or notices on sparcleslots.com highlighting material changes.
  • Email and account messages: Where appropriate, we will notify registered players by email or secure account messages.
  • Policy versioning: Each version of this privacy policy will indicate the "Last updated" date.

Timing and Your Options

  • For significant changes that materially affect your rights or how we process your data, we will provide advance notice where practicable, typically at least thirty (30) days before the changes take effect.
  • If you do not agree with the updated policy, you may close your account and stop using our services. Continued use after the effective date will normally constitute acceptance of the updated policy.

Last updated: November 2025.

Earlier versions of this privacy policy may be available on request where legally necessary for transparency or dispute resolution purposes.