burger icon
Miki United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Miki on mikiswi.com collects, uses, stores, shares, and protects personal data. A privacy policy is required to ensure transparency and fairness when personal data is processed, and to explain your rights and our obligations under applicable data protection laws. It applies to website visitors, registered players, and anyone who communicates with us (for example, via customer support). Effective date: 6 November 2025.

Who We Are

OBSERVE: The services marketed as Miki on mikiswi.com are stated to be operated by Novatech Solutions N.V. under Master License No. 365/JAZ issued in Curaçao. However, the operator's full legal address, company registration number, and tax identification were not provided in the available profile data.

EXPAND: UK GDPR requires us to provide clear controller identity and contact details. Where the operator's registered particulars are not available in the supplied data, we must (i) transparently declare the gap, (ii) provide a working contact point for data-protection matters, and (iii) commit to supplying corporate details upon request or once verified.

REFLECT: For data protection purposes, the following contacts apply:

  • Data Controller / Operator (as stated in available data): Novatech Solutions N.V. (Curaçao licensing structure referenced; registration number and legal address not specified in the provided dataset).
  • Licence reference (as stated): Curaçao Master License No. 365/JAZ (issuing authority stated as the Governor of Curaçao).
  • Data Protection Contact (DPO/Data Protection Department): support@mikiswi.com (marked critical in the provided data; email derived from historical support@miki.com and updated to mikiswi.com per project instruction; verification may be required).
  • Responsible person (operational contact): Oliver Bennett (author/contact name provided; phone not specified).
  • Postal address: Not specified in the provided data. If you require postal service details, contact us via email and we will provide the current registered address once verified.

Regional compliance note (UK): If you are located in the UK, the UK GDPR and the Data Protection Act 2018 apply to our processing activities to the extent we target individuals in the UK or monitor behaviour in the UK.

What Personal Data We Collect

OBSERVE: Operating an online casino for UK-facing users typically involves identity verification, payment processing (including cards, bank transfer, and cryptocurrency), security monitoring, and responsible gambling controls - each of which requires distinct data categories.

EXPAND: Under UK GDPR, we must disclose categories of personal data, sources, and the nature of automated collection (cookies/logs). In gambling, additional sensitivity arises from financial data, behavioural profiling, and AML/KYC documentation.

REFLECT: We may collect the following categories of personal data when you use mikiswi.com as Miki:

  • Identity & contact data: full name, date of birth, email address, telephone number (if provided), username, and correspondence with customer support.
  • Account & verification (KYC) data: identity documents, proof of address, age verification evidence, source-of-funds/source-of-wealth information where required, and results of verification checks.
  • Payment & transaction data: deposit/withdrawal records, payment method identifiers, card payment tokens (where applicable), bank transfer references, cryptocurrency wallet addresses and transaction hashes (e.g., BTC/LTC/USDT TRC20/ERC20), and payment status/chargeback information. We do not intend to store full card numbers; payment processing is typically handled by third-party processors.
  • Gameplay & behavioural data: betting and gaming history, bonus activity, session duration, clicks/navigation, responsible gambling interactions (e.g., limits), and suspected fraud indicators.
  • Technical & device data: IP address, device type, operating system, browser type/version, language settings, time zone, device identifiers, referral URLs, and server/application logs.
  • Cookies and similar technologies: cookie identifiers, SDK/mobile identifiers (if applicable), analytics tags, and advertising consent signals.

Legal Basis for Processing

OBSERVE: UK GDPR requires that each processing activity has a lawful basis. Gambling operations also involve AML/KYC obligations and platform-security needs.

EXPAND: Some activities are necessary to perform the player contract (account, gameplay, withdrawals). Others are required by law (KYC/AML, record-keeping). Analytics and fraud prevention can be legitimate interests, while marketing/advertising tracking typically requires consent (especially for cookies/e-privacy).

REFLECT: We rely on the following legal bases under UK GDPR (and, where relevant, EU GDPR concepts used as an industry benchmark):

  • Contract (performance of a contract): to register and manage your account, provide games, process deposits and withdrawals, apply bonuses, and deliver customer support.
  • Legal obligation: to conduct KYC/AML checks, prevent money laundering and fraud, keep required records, respond to lawful requests from regulators or competent authorities, and support dispute/complaints handling.
  • Legitimate interests: to secure and improve mikiswi.com, prevent abuse, detect and investigate fraud/chargebacks, monitor technical performance, produce aggregated analytics, and defend legal claims - balanced against your rights and expectations.
  • Consent: where required for non-essential cookies and similar technologies, and for direct marketing communications where consent is the appropriate standard. You can withdraw consent at any time (see "Your Rights").

Purpose of Processing

OBSERVE: The platform must use data to deliver casino services and also to meet compliance and security expectations typical for remote gambling and payments.

EXPAND: Purposes should be stated in a way that maps to lawful bases and supports transparency: service delivery, verification, payments, support, product improvement, marketing (where permitted), and fraud/abuse prevention.

REFLECT: We use personal data for the following purposes:

  • Providing casino services: account creation, authentication, gameplay, bonus administration, transaction processing, withdrawals, and account communications.
  • Verification and compliance: age/identity verification, KYC/AML screening, risk assessments, and record keeping required by applicable laws and contractual obligations with payment partners.
  • Customer support and communications: responding to queries, handling self-exclusion-related requests via support@mikiswi.com, and notifying you about service messages.
  • Security and fraud prevention: detecting suspicious activity, preventing account takeover, investigating chargebacks, and protecting the integrity of games and payments.
  • Service improvement and analytics: understanding usage patterns, troubleshooting, performance monitoring, and improving UX and content (primarily in aggregated or pseudonymised form where feasible).
  • Marketing (where permitted): sending promotional emails and personalising offers where lawful and subject to your choices and cookie/marketing preferences.

Regional compliance note (UK): Where the Privacy and Electronic Communications Regulations (PECR) apply, we will obtain appropriate consent for non-essential cookies and provide clear opt-out mechanisms for electronic marketing.

Disclosure & Sharing

OBSERVE: The profile indicates use of third-party processors for card payments, bank transfers, and cryptocurrency rails; it also notes payment processing may be handled by a subsidiary (often located in Cyprus), though the subsidiary name is not provided.

EXPAND: UK GDPR requires transparency about recipients and categories of recipients, including processors (hosting, analytics, KYC vendors) and disclosures to authorities. Advertising networks require consent where tracking is involved.

REFLECT: We may share personal data in the following circumstances and with the following recipient categories:

  • Payment partners and financial service providers: card processors (e.g., Visa/Mastercard via third-party processors), bank transfer intermediaries, and cryptocurrency payment facilitation providers (as applicable) to process deposits/withdrawals and manage fraud/chargebacks.
  • Verification, compliance, and fraud-prevention vendors: KYC/AML providers, identity verification services, sanctions/PEP screening providers, and risk/fraud scoring services.
  • IT and security service providers: hosting, content delivery networks, cloud services, email delivery, monitoring/log management, and incident response support - under contractual confidentiality and security obligations.
  • Analytics and measurement providers: used to understand performance and usage. Where these rely on non-essential cookies or similar identifiers, they are used only with your consent where required.
  • Affiliates and advertising networks: only to the extent you have consented to advertising/marketing cookies or where another lawful basis clearly applies; otherwise, we limit sharing to aggregated reporting where possible.
  • Regulators, law enforcement, and competent authorities: when required by law, court order, or to establish, exercise, or defend legal claims.
  • Corporate/structural recipients: where payment processing is carried out by a related entity (noted as often located in Cyprus in the provided data), data may be shared within the corporate group/structure on a need-to-know basis and subject to appropriate safeguards.

International Transfers

OBSERVE: The operator is linked to Curaçao licensing, and payment processing may involve a Cyprus-based subsidiary; service providers (hosting, analytics, fraud prevention) may operate globally.

EXPAND: UK GDPR restricts transfers outside the UK unless safeguards apply (e.g., UK International Data Transfer Agreement (IDTA), UK Addendum to EU SCCs, adequacy regulations). References to "Privacy Shield" are outdated; transfers to the US must rely on appropriate UK mechanisms.

REFLECT: Your personal data may be transferred to, stored in, or accessed from locations outside the United Kingdom, including (as indicated or implied by our operating model) Curaçao and Cyprus, and potentially other jurisdictions where our service providers or infrastructure are located. Where we transfer personal data internationally, we apply appropriate safeguards, which may include:

  • UK adequacy regulations: transfers to jurisdictions recognised by the UK as providing adequate protection (where applicable).
  • Contractual safeguards: the UK IDTA or the UK Addendum to the EU Standard Contractual Clauses (SCCs), as appropriate, with supplementary measures where required.
  • Security and minimisation: encryption in transit (TLS 1.2+) and access controls to reduce transfer risk; sharing limited to what is necessary for the stated purposes.

Data Retention

OBSERVE: Gambling services require retention for account management, dispute resolution, fraud prevention, and compliance (notably AML/KYC record keeping). The prompt requires retention periods per category and an example of no more than 5 years after account closure.

EXPAND: Retention must follow storage limitation: keep data only as long as necessary for purposes and legal obligations. Some records may require longer retention depending on applicable AML rules, contractual disputes, or legal claims; we should use "at least" where legally mandated and avoid under-retention.

REFLECT: We retain personal data for no longer than necessary for the purposes set out in this Privacy Policy, unless a longer period is required or permitted by law:

  • Account profile data (identity/contact): kept while your account is active and generally up to 5 years after account closure, unless legal obligations (e.g., AML) require longer.
  • KYC/AML and verification records: typically retained for at least 5 years after the end of the customer relationship or completion of the relevant checks, or longer if required by applicable AML/financial crime rules or to respond to regulatory requests.
  • Payment and transaction records: generally retained for 5 - 7 years to meet accounting, audit, anti-fraud, and dispute handling requirements (exact period may vary by payment method and applicable legal obligations).
  • Gameplay and behavioural logs: retained for operational integrity, responsible gambling controls, and dispute resolution, typically up to 5 years, unless needed longer for investigations or legal claims.
  • Technical logs and security records: typically retained from 90 days to 12 months (longer where required for security incident investigation or to demonstrate compliance).
  • Marketing preferences and consent records: retained while marketing is active and thereafter as needed to evidence compliance (for example, to record an opt-out).

Deletion criteria: We delete, anonymise, or securely restrict access to personal data when (i) retention periods expire, (ii) processing purposes are fulfilled, (iii) you make a valid deletion request (subject to legal obligations/defences), or (iv) consent is withdrawn and no other lawful basis applies.

Your Rights

OBSERVE: The prompt requests "GDPR and Mexican privacy law alignment," including Mexican authority references. The target jurisdiction is the UK; therefore, UK GDPR rights must be primary, while Mexican references should be included only as an informational alignment note without implying Mexican law governs UK users.

EXPAND: We must list rights (access, rectification, erasure, restriction, objection, portability, withdraw consent), explain how to exercise them, provide timelines (typically 1 month/30 days), and note fee rules. For Mexico, the comparable framework is LFPDPPP and ARCO rights (Access, Rectification, Cancellation, Opposition). We can include them as an additional pathway for users located in Mexico or where processing falls under Mexican law.

REFLECT: Subject to conditions and exceptions under applicable law, you have the following rights:

  • Right of access: obtain confirmation of whether we process your personal data and receive a copy of it.
  • Right to rectification: request correction of inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): request deletion of personal data where there is no overriding lawful basis to keep it (e.g., AML record-keeping or legal claims may require retention).
  • Right to restrict processing: request that processing be limited in certain circumstances (e.g., you contest accuracy, or you object while we assess grounds).
  • Right to object: object to processing based on legitimate interests; object at any time to direct marketing.
  • Right to data portability: receive certain data in a structured, commonly used, machine-readable format and/or have it transmitted to another controller where technically feasible.
  • Right to withdraw consent: where processing is based on consent (e.g., some cookies/marketing), you can withdraw it at any time without affecting the lawfulness of prior processing.

How to Exercise Your Rights (Procedure, Timing, Cost)

  1. Submit a request: Email support@mikiswi.com with the subject line "Data Protection Request - Miki (mikiswi.com)".
  2. Verify identity: We may request additional information to confirm your identity (especially for access/deletion requests) to protect your account from unauthorised access.
  3. Response timeframe: We aim to respond within 30 days. If the request is complex or numerous, we may extend the period as permitted by law and will inform you of the reason and expected timeline.
  4. Fees: Requests are generally handled free of charge, unless they are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request as permitted by law.

Mexican Privacy-Law Alignment (Informational)

If you are located in Mexico or your relationship with us is otherwise governed by Mexican privacy rules, you may also have ARCO rights under Mexico's Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP): Access, Rectification, Cancellation, and Opposition. You may submit ARCO-style requests using the same contact channel above. This informational section does not limit any UK GDPR rights available to UK users.

Cookies & Tracking Technologies

OBSERVE: The service uses web technologies that typically include session management, security controls, analytics, and (optionally) advertising attribution.

EXPAND: Under UK rules (UK GDPR + PECR), non-essential cookies generally require prior consent. Users must be told what cookies do, how long they last, and how to manage preferences.

REFLECT: We use cookies and similar technologies on mikiswi.com for the following purposes:

  • Strictly necessary cookies (session/functional): required to operate the site (login, account security, fraud prevention, load balancing). These cannot usually be disabled via our consent tool because they are necessary for service delivery.
  • Functional cookies (preferences): remember choices such as language and interface preferences.
  • Analytics cookies (performance/measurement): help us understand how visitors use the site (pages visited, error rates) so we can improve performance and usability.
  • Advertising/marketing cookies (where enabled): used to measure campaign effectiveness and, where applicable, personalise advertising. These are used only where you provide the relevant consent.
  • Third-party cookies: may be set by integrated service providers (e.g., analytics, fraud tools, payment widgets). We aim to limit third-party cookies and use them only where necessary and lawful.

How to Manage Cookies

  • Cookie banner/consent tool: where available, you can accept, reject, or customise non-essential cookies at any time.
  • Browser settings: you can delete or block cookies via your browser. Note that blocking strictly necessary cookies may prevent account login or gameplay.
  • Device controls: on mobile devices, you may be able to limit ad tracking via OS privacy settings.

Data Security

OBSERVE: The platform processes identity, financial, and behavioural data typical for online gambling, making confidentiality, integrity, and availability controls essential.

EXPAND: UK GDPR requires "appropriate technical and organisational measures," and industry expectations include encryption, least privilege, monitoring, vulnerability management, and incident response. References to ISO 27001/SOC 2 should be framed as "where applicable" unless certified.

REFLECT: We implement proportionate security measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, including:

  • Encryption in transit: TLS 1.2+ for data transmitted between your device and our systems.
  • Encryption at rest (where appropriate): sensitive data is encrypted or tokenised where feasible, especially for authentication and payment-related identifiers.
  • Access controls: role-based access, least-privilege permissions, logging of administrative access, and segregation of duties.
  • Account protection: multi-factor authentication (MFA) for administrative access and enhanced authentication controls for suspicious activity, where applicable.
  • Operational security: monitoring, rate-limiting, anti-bot measures, vulnerability management, and regular patching.
  • Audits and testing: periodic security reviews and assessments; alignment with recognised control frameworks (e.g., ISO/IEC 27001 or SOC 2) where applicable to vendors or internal programmes.
  • Staff training: confidentiality obligations and security awareness training for personnel with access to personal data.
  • Incident response: documented procedures to detect, investigate, contain, and remediate security incidents, including assessment of notification obligations to affected users and supervisory authorities where required by law.

Important: No method of transmission or storage is 100% secure. You are responsible for keeping your login credentials confidential and contacting us immediately if you suspect unauthorised use.

Complaints & Contacts

OBSERVE: The only confirmed contact channel in the provided data is support@mikiswi.com; phone, contact form URL, and postal address are not specified. The prompt requires a step-by-step complaint procedure and escalation to supervisory authorities, including Mexican authority references.

EXPAND: UK users must be informed of their right to complain to the UK Information Commissioner's Office (ICO). For Mexico, the data protection authority is INAI. We should provide direct links and keep the procedure practical despite missing operator address/phone.

REFLECT: If you have questions, requests, or complaints about this Privacy Policy or our handling of personal data for Miki on mikiswi.com, contact us using the options below:

  • Primary privacy contact (DPO/Data Protection Department): support@mikiswi.com
  • Phone: not specified in the provided data
  • Online form: not specified in the provided data
  • Postal address: not specified in the provided data (request via email for current registered address details)

Complaint Handling Procedure

  1. Step 1 - Submit details: Email support@mikiswi.com describing your concern and, where possible, include your account identifier and relevant dates (do not send full payment card details).
  2. Step 2 - Acknowledgement: We aim to acknowledge receipt within 7 days.
  3. Step 3 - Investigation: We will review logs, account records, and any processor/vendor information required to assess the issue, applying access controls and minimisation.
  4. Step 4 - Outcome: We aim to provide a substantive response within 30 days, or inform you if we need more time due to complexity and explain why.
  5. Step 5 - Escalation: If you are not satisfied, you may escalate to the relevant supervisory authority below.

Supervisory Authorities (Escalation)

  • United Kingdom (ICO): Information Commissioner's Office
    Website: https://ico.org.uk/
    Report a concern: https://ico.org.uk/make-a-complaint/
  • Mexico (INAI) - informational where applicable: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales
    Website: https://home.inai.org.mx/

Regional compliance note (UK): You also have the right to seek a judicial remedy if you consider that your data protection rights have been infringed.

Updates

OBSERVE: The prompt requires notification methods, version control with a "Last updated" timestamp, a changelog of material changes, and advance notice (minimum 30 days) for significant changes, with user options to object or close accounts.

EXPAND: Under transparency principles, material changes should be highlighted; consent-dependent changes (e.g., new marketing tracking) require renewed consent where applicable. Versioning supports auditability.

REFLECT: We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes affecting Miki on mikiswi.com.

  • Notification channels: we may notify you via email (where we have your email address), a banner on mikiswi.com, and/or notices within your account dashboard.
  • Advance notice for significant changes: for material changes that affect your rights or how we use your data, we will provide at least 30 days' notice where practicable.
  • Your options: if you object to a material change, you may (i) adjust cookie/marketing preferences where applicable, (ii) submit a rights request, and/or (iii) close your account - subject to any required retention under law.

Last updated: November 2025

Changelog (Material Changes)

  • November 2025: Initial publication for Miki on mikiswi.com; added UK GDPR/PECR-aligned cookie consent statements; documented international transfer safeguards (UK IDTA/UK Addendum); added authority escalation links (ICO, INAI informational).