burger icon
Mobil Bahis United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how personal data is collected, used, stored, and shared when you visit, register with, or otherwise interact with Mobil Bahis on the website mobibahis.bet (the "Site") or associated mobile access methods (including mobile web, PWA shortcuts and APKs). It applies to players, prospective players, website visitors, and other individuals whose data we process in connection with our remote gaming operations.

The services provided through mobibahis.bet are operated offshore under a Malta Gaming Authority licence and are not licensed by the UK Gambling Commission. This means UK self-exclusion schemes such as GamStop and UK-specific ADR mechanisms do not apply to gambling disputes on this Site, but your privacy rights under applicable data protection laws (including UK GDPR) continue to apply.

By using mobibahis.bet, you acknowledge that your personal data will be processed in accordance with this Privacy Policy and our Terms & Conditions. If you do not agree, you must not use the Site or our services.

Effective date: 6 November 2025
Last updated: November 2025

Who We Are

Observe - Identity of the data controller. The controller responsible for your personal data in connection with Mobil Bahis on mobibahis.bet is:

Realm Entertainment Limited (also sometimes referred to as "Realm Entertainment Ltd" in certain materials)
Registered office / legal address: Level 9, East 14 Business Centre, Sliema Road, Gzira, GZR 1639, Malta
Legal entity type: Limited company

Realm Entertainment Limited operates the Mobil Bahis brand under remote gaming licence number MGA/B2C/196/2010 issued by the Malta Gaming Authority (MGA), valid (as stated in the licence information) from 1 August 2018 until 31 December 2028. Our primary operational and data-centre infrastructure is located in Malta, using ISO 27001 certified data centres.

Expand - Contact and regulatory context. For any questions about this Privacy Policy or how we process your personal data, you can contact us using the following channels:

  • Data protection email: a dedicated privacy or data protection email address indicated from time to time in the "Contact" or "Privacy" sections of mobibahis.bet (for example, a DPO or privacy mailbox).
  • Online forms / account messaging: any secure contact or complaint forms, live chat or ticket systems provided within your account area on mobibahis.bet.
  • Postal mail (data protection): Data Protection Officer, Realm Entertainment Limited, Level 9, East 14 Business Centre, Sliema Road, Gzira, GZR 1639, Malta.

Reflect - UK and "grey market" status. Realm Entertainment Limited is not licensed by the UK Gambling Commission. For individuals in the UK, mobibahis.bet is therefore considered an offshore/grey-market service and is not part of GamStop or UK ADR schemes such as IBAS. However, your personal data is still processed under the standards of the EU GDPR, the UK GDPR and the Maltese data protection framework, and this Privacy Policy is designed to align with those regimes.

What Personal Data We Collect

Observe - Categories of personal data. When you use Mobil Bahis on mobibahis.bet, we may collect and process the following categories of personal data:

  • Identification and contact data: full name, username, password, date of birth, nationality, email address, postal address, mobile/telephone number, language preferences.
  • KYC/AML and verification data: copies and details of identity documents (e.g., passport, ID card, driving licence), proof of address, payment ownership proofs, source-of-funds/source-of-wealth documents, screening results from sanctions and PEP databases.
  • Account and transactional data: account creation details, login history, deposit and withdrawal records, currency used (e.g., TRY, EUR), applied FX rates and fees, bonuses claimed, wagering requirements, win/loss history, loyalty or VIP status.
  • Betting and behavioural data: betting slips, game rounds, stakes, outcomes, session duration, navigation paths, clicks, device interactions, responsible gambling interactions (e.g., limits, time-outs, self-exclusion), and records of potential misuse (e.g., VPN, proxy, or multiple-account indicators in line with our T&Cs, including terms prohibiting jurisdiction masking).
  • Technical and usage data: IP address, approximate geolocation (at country/city level), device identifiers, browser type and version, operating system, screen resolution, access timestamps, referrer URLs, diagnostic logs generated by our Techsson-based platform and our security stack (including Cloudflare Enterprise WAF).
  • Payment and financial data: masked card details, payment instrument type, payment provider identifiers, transaction identifiers, IBAN or account numbers where needed, chargeback history, bank and PSP risk flags.
  • Communication data: emails, live chat transcripts, internal messages, call logs (where applicable), complaint records, notes of interactions with customer support, the MGA Player Support Unit or ADR providers such as eCOGRA.
  • Cookies and similar technologies: identifiers stored via cookies, SDKs, web beacons and similar technologies used for session management, analytics, security and marketing, as detailed in the Cookies & Tracking section.

Expand - Sources of data. We obtain personal data directly from you (e.g., when you register, verify your account, play games or contact support), automatically through your use of the Site and apps, and from third parties such as payment providers, KYC/AML service providers, fraud-prevention tools, marketing partners and publicly available databases or sanctions lists.

Reflect - Why this scope is necessary. These categories are necessary to run a compliant, secure and fair online gambling service under the requirements of the MGA licence, applicable AML/KYC rules, EU/UK data protection laws and, where relevant, other regional standards. They also help us protect users against fraud, abuse, and problem gambling.

Legal Basis for Processing

Observe - Applicable legal frameworks. Because our operations and infrastructure are primarily located in Malta and we serve users in the UK and other jurisdictions, our data processing is principally governed by:

  • the EU General Data Protection Regulation (GDPR) and Maltese data protection law;
  • the UK GDPR and the UK Data Protection Act 2018 for individuals in the United Kingdom;
  • where relevant, other local data protection regimes such as the Mexican Federal Law on the Protection of Personal Data Held by Private Parties for Mexican residents (see "Your Rights").

Expand - Specific legal bases we rely on. Depending on the processing activity, we rely on one or more of the following legal bases:

  • Performance of a contract: to create and manage your account, verify your identity, provide games and betting services, process deposits and withdrawals, manage bonuses and promotions, and provide customer support.
  • Compliance with legal obligations: to fulfil AML/CFT and KYC obligations, prevent fraud and money laundering, keep mandatory records for tax and regulatory audits, respond to lawful requests from the Malta Gaming Authority, other regulators or law enforcement, and comply with responsible gambling rules.
  • Legitimate interests: to secure our platform (including using Cloudflare Enterprise WAF and other security tools), detect and prevent fraud or abuse (e.g., multiple accounts, VPN use contrary to our T&Cs), protect the integrity of our games, perform non-intrusive analytics to improve performance and usability (e.g., monitoring Techsson platform metrics such as loading times), manage business operations, and defend legal claims. When relying on legitimate interests, we balance these interests against your rights and expectations.
  • Consent: for certain marketing activities (e.g., email, SMS, push notifications), the placement of non-essential cookies or similar tracking technologies, and some forms of personalised advertising or profiling that go beyond what is strictly necessary for service provision or fraud prevention. You may withdraw your consent at any time, as described in "Your Rights".

Reflect - Alignment with UK and EU standards. We seek to ensure that every processing activity has a clearly documented lawful basis under EU GDPR and UK GDPR. Where we intend to rely on your consent, we will present a clear choice (for example, through checkboxes or our cookie banner), and your decision will not affect core account functions that do not depend on consent (such as processing needed to comply with AML obligations).

Purpose of Processing

Observe - Core service purposes. We process your personal data primarily to:

  • provide and operate the online betting and casino services available on mobibahis.bet, including account registration, access to games, processing bets, and handling deposits and withdrawals;
  • comply with legal and regulatory requirements relating to remote gambling, AML/CFT, taxation and accounting;
  • enforce our Terms & Conditions, including rules prohibiting the use of VPNs or other tools to disguise your jurisdiction where prohibited.

Expand - Additional purposes. In addition, we use personal data for:

  • Customer support and communication: responding to your requests, complaints or feedback via email, chat or other channels, and keeping records of these interactions.
  • Risk management and fraud prevention: monitoring betting patterns, device fingerprints, IP addresses, payment behaviour, and other signals to detect suspicious activity or breaches of our rules.
  • Responsible gambling: monitoring gameplay to identify patterns that may indicate problem gambling, applying limits or interventions where appropriate, and recording self-exclusion and other safer-gambling tools.
  • Analytics and service improvement: using aggregated and pseudonymised data to analyse performance (e.g., via Techsson platform metrics), improve site speed and usability, and develop new features.
  • Marketing and personalisation: where permitted, sending you offers, promotions and news, including personalised content based on your account history and preferences, and measuring the effectiveness of these campaigns.

Reflect - Purpose limitation. We do not use your personal data for purposes that are incompatible with those described here. If we intend to use your data for a materially different purpose, we will provide you with appropriate notice and, where required, obtain your consent.

Disclosure & Sharing

Observe - Types of recipients. We only share your personal data where necessary for the purposes described in this Privacy Policy, subject to contractual safeguards and applicable law. Categories of recipients include:

  • Payment and banking partners: card processors, e-wallet providers, bank transfer services and other financial institutions needed to process deposits, withdrawals and chargebacks, including those handling FX conversions where your bank charges fees for non-GBP transactions.
  • KYC/AML, fraud-prevention and verification providers: identity verification services, sanctions and PEP screening tools, transaction monitoring services, device fingerprinting and anti-fraud systems.
  • Platform and infrastructure providers: the Techsson gaming platform, ISO 27001 certified data centres in Malta and related hosting providers, content delivery networks and security services such as Cloudflare Enterprise WAF.
  • Analytics and marketing partners: providers that help us measure site usage, campaign effectiveness and user engagement, and, where you consent, advertising networks and affiliates that refer you to mobibahis.bet.
  • Regulators and dispute bodies: the Malta Gaming Authority, the MGA Player Support Unit, alternative dispute resolution providers such as eCOGRA, and other regulatory or supervisory bodies where required.
  • Professional advisors and group entities: legal, tax, compliance or audit advisors, and, where applicable, other companies within the same corporate group as Realm Entertainment Limited.
  • Law enforcement and authorities: competent courts, police and government agencies when required by law or reasonably necessary to protect our rights, users or the public.

Expand - Conditions of sharing. Whenever we share personal data with service providers or partners, they act under written contracts that limit their ability to use the data for their own purposes and oblige them to implement appropriate security measures. Sharing with regulators or authorities is done strictly in line with legal obligations or to establish, exercise or defend legal claims.

Reflect - No sale of personal data. We do not sell your personal data in the sense commonly understood under data protection laws. Any sharing for advertising or affiliate attribution is based on consent or legitimate interests and controlled through contractual safeguards and user choices (including opt-outs where applicable).

International Transfers

Observe - Cross-border data flows. As a Malta-based operator using global infrastructure and third-party services, we may transfer personal data to countries other than the one in which you are located. This includes:

  • transfers within the European Union/EEA, including between Malta and other EU/EEA states;
  • transfers from the UK to the EU/EEA (currently covered by UK adequacy regulations);
  • transfers to non-EEA countries such as Turkey (our main target market), and to other locations where certain payment providers, platform partners or security services process data.

Expand - Safeguards applied. When personal data is transferred outside the EU/EEA or the UK to a country that does not benefit from an adequacy decision, we implement appropriate safeguards, such as:

  • the European Commission's Standard Contractual Clauses (SCCs) or the UK's International Data Transfer Agreement/Addendum;
  • technical and organisational measures (e.g., encryption in transit and at rest, strict access controls, data minimisation);
  • additional contractual and due-diligence steps to ensure that recipients provide an adequate level of protection.

Where available and appropriate, we may also rely on updated international frameworks such as the EU-US Data Privacy Framework for transfers to certified entities. We do not rely on the invalidated EU-US Privacy Shield as a legal basis.

Reflect - Transparency for UK users. For users in the UK, your data is typically processed in Malta (an EEA country recognised as adequate by the UK) and may be further transferred to other jurisdictions under the safeguards described above. By using mobibahis.bet, you acknowledge that such international transfers are necessary for the provision of a global online gaming service.

Data Retention

Observe - Retention principles. We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including meeting legal, accounting and regulatory requirements, particularly those associated with our MGA licence and AML/CFT rules.

Expand - Typical retention periods. While actual periods may vary depending on legal obligations and risk factors, we generally apply the following guidelines:

  • Account and identification data: kept for the duration of your active account and, normally, for up to five (5) years after account closure, or longer where required by AML, tax or gaming regulations.
  • KYC/AML records and transactional data: retained for at least five (5) years from the date of the relevant transaction or business relationship termination, or longer if required by law or needed for the establishment, exercise or defence of legal claims.
  • Betting history and behavioural data: stored for the same period as account and transactional data, with some elements possibly pseudonymised or aggregated earlier for analytics and risk-modelling purposes.
  • Communications and complaints: retained for up to five (5) years following resolution, or longer where needed for legal or regulatory purposes.
  • Marketing data: kept until you opt out of marketing or withdraw consent, after which we maintain only minimal records (e.g., your email address and an "opted-out" flag) to ensure we respect your choice.
  • Cookies and similar identifiers: stored for the periods set out in our cookie tools or browser, typically ranging from session-only up to 24 months for certain analytics or preference cookies.

Reflect - Deletion, anonymisation and legal holds. When data is no longer needed, we either securely delete it or anonymise it so it can no longer be associated with you. In some cases, we may place data under a "legal hold" and retain it for longer if we reasonably believe it is necessary for pending or potential disputes, regulatory investigations or audits.

Your Rights

Observe - Core data protection rights. Under EU GDPR, UK GDPR and similar laws, including Mexico's Federal Law on the Protection of Personal Data Held by Private Parties, you may have the following rights over your personal data, subject to certain conditions and exceptions:

  • Right of access: to obtain confirmation as to whether we process your personal data and to receive a copy of such data, together with relevant information about our processing.
  • Right to rectification: to have inaccurate or incomplete personal data corrected or updated.
  • Right to erasure ("right to be forgotten"): to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent and no other legal basis applies, or where required by law. This right may be limited by our obligations under AML and gaming regulations.
  • Right to restriction of processing: to request that we suspend certain processing activities while the accuracy of data is contested, the processing is unlawful, or you have objected and we are verifying our legitimate grounds.
  • Right to object: to object at any time to processing based on our legitimate interests, including profiling related to those interests, and to object to direct marketing (including profiling for marketing) at any time.
  • Right to data portability: to receive certain personal data you provided to us in a structured, commonly used and machine-readable format and to request that we transmit it to another controller where technically feasible.
  • Rights related to consent: where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Expand - Mexico-specific ARCO rights. If you are a resident of Mexico, you may have additional "ARCO" rights (Access, Rectification, Cancellation, Opposition) under the Mexican Federal Law on the Protection of Personal Data Held by Private Parties and its Regulations. These rights largely correspond to the access, rectification, erasure and objection rights described above, and are exercised through similar procedures.

Procedures, timeframes and cost.

  • How to exercise your rights: submit a request via the contact channels indicated in the "Complaints & Contacts" section (for example, via a dedicated privacy email address or secure account messaging). Please clearly state which right you wish to exercise and, if necessary, provide information to help us confirm your identity.
  • Verification: to protect your account and funds, we may ask for additional information or documentation to verify your identity before acting on your request.
  • Response time: we aim to respond within one month (30 days) of receiving a valid request. In complex cases or where multiple requests are made, this period may be extended by up to a further two months, in which case we will inform you of the extension and reasons.
  • Fees: we generally process rights requests free of charge. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive (for example, repetitive requests), as permitted by law.

Reflect - Limitations. Some rights may be restricted, for example where fulfilling your request would conflict with our legal obligations (such as mandatory retention under AML laws) or the rights of other individuals. Where we cannot fully comply with your request, we will explain the reasons and inform you of your options, including your right to lodge a complaint with a supervisory authority.

Cookies & Tracking Technologies

Observe - Types of cookies we use. Mobil Bahis on mobibahis.bet uses cookies and similar technologies to provide and enhance our services. These may include:

  • Strictly necessary / functional cookies: session and persistent cookies required for core site functions (e.g., keeping you logged in, maintaining your bet slip, security protections, load balancing).
  • Preference cookies: cookies that store your language, region, and display settings.
  • Analytics cookies: first-party or third-party cookies used to understand how users interact with the Site, measure performance (for example, page load times on the Techsson platform) and improve usability.
  • Advertising and affiliate cookies: third-party cookies or similar identifiers used to manage marketing campaigns, track affiliate referrals, prevent abuse of bonuses and, where you consent, tailor offers and advertising.

Expand - Management and consent. Non-essential cookies (particularly analytics and advertising) are used based on your consent where required by UK/ePrivacy rules and similar regimes. On your first visit, and from time to time thereafter, a cookie banner or preference tool will explain the categories used and allow you to accept or reject non-essential cookies. You can also:

  • adjust cookie settings in our on-site cookie management panel (where available);
  • configure your browser to block or delete cookies, or to alert you when cookies are set; and
  • use browser add-ons or device settings to manage certain analytics and advertising identifiers.

Reflect - Impact of disabling cookies. If you disable or reject certain cookies, some features of mobibahis.bet may not function correctly (for example, you may need to log in more frequently or certain games may not load optimally). Strictly necessary cookies cannot be disabled as they are required for the secure and correct operation of the Site.

Data Security

Observe - Security objectives. We are committed to protecting your personal data and your account balance from unauthorised access, use, alteration or destruction. Our security programme combines technical, organisational and physical measures aligned with recognised international standards.

Expand - Measures implemented. Without prejudice to any additional internal controls, our security framework includes:

  • Encryption: TLS 1.2 or higher for data in transit between your device and our servers, and industry-standard encryption mechanisms for data at rest where appropriate.
  • Hardened infrastructure: hosting in ISO 27001 certified data centres located in Malta, with layered perimeter security, backups, and environmental safeguards.
  • Network and application security: Cloudflare Enterprise Web Application Firewall (WAF) and DDoS protection, secure coding practices on the Techsson platform, regular patching and vulnerability assessments.
  • Access controls and authentication: strict role-based access controls, strong authentication procedures for staff, logging and monitoring of privileged access, and, where available, support for multi-factor authentication features for user accounts.
  • Organisational measures: internal policies governing data handling, least-privilege access, clean desk requirements and secure disposal of media.
  • Staff training: periodic security and privacy training for relevant employees, particularly those handling payments, KYC/AML, customer support and system administration.
  • Incident response: documented procedures to detect, respond to and remediate security incidents, including assessment and notification of personal data breaches to regulators and affected users where required by law.

Reflect - Continuous improvement. While no system can be guaranteed 100% secure, we regularly review and improve our security measures in light of evolving threats, industry practices and regulatory expectations (including those associated with ISO 27001 and, where relevant, service providers' SOC 2-type controls).

Complaints & Contacts

Observe - How to contact us first. If you have any questions, concerns or complaints about how we handle your personal data, we encourage you to contact us before approaching a supervisory authority so we can attempt to resolve the issue directly.

  • Data protection contact (email): the dedicated privacy or DPO email address published in the "Privacy" or "Contact" sections of mobibahis.bet (for example, a "dpo@" or "privacy@" mailbox).
  • Online feedback and support forms: secure account messaging, complaint forms or live chat tools made available on mobibahis.bet.
  • Postal address: Data Protection Officer, Realm Entertainment Limited, Level 9, East 14 Business Centre, Sliema Road, Gzira, GZR 1639, Malta.

Expand - Complaint handling process.

  1. Submission: Submit your privacy-related complaint with sufficient detail (including your account ID and relevant dates) using one of the channels above.
  2. Acknowledgement: We will acknowledge receipt of your complaint as soon as reasonably practicable, typically within a few working days.
  3. Investigation: We will investigate the matter, which may involve liaising with security, compliance and customer support teams and, where necessary, requesting additional information from you.
  4. Response timeframe: We aim to provide a substantive response within one month (30 days) of receiving a complete complaint. For complex matters, this may be extended, but we will keep you informed of progress.
  5. Outcome and escalation: We will explain our findings and any remedial measures taken. If you are not satisfied, you may escalate the matter to a competent supervisory authority as described below.

Escalation to supervisory authorities (data protection). You have the right to lodge a complaint directly with a data protection authority, in particular in the EU/EEA Member State of your habitual residence, place of work or place of the alleged infringement, or with the UK authority if you are in the UK. Relevant authorities include:

  • Information and Data Protection Commissioner (IDPC), Malta: the primary data protection authority for Realm Entertainment Limited. Website: https://idpc.org.mt.
  • Information Commissioner's Office (ICO), United Kingdom: for individuals in the UK. Website: https://ico.org.uk.
  • Mexican data protection authority (INAI): for individuals in Mexico under the Federal Law on the Protection of Personal Data Held by Private Parties. Website (Spanish): https://home.inai.org.mx.

Gambling-related complaints. For complaints primarily concerning gambling transactions, game outcomes or service quality, you may also contact the MGA Player Support Unit or our designated alternative dispute resolution (ADR) provider (such as eCOGRA), as described in our Terms & Conditions. These bodies, however, do not replace your rights to raise privacy issues with data protection authorities.

Reflect - Free and without prejudice. Raising a privacy complaint with us or a supervisory authority does not affect your other legal rights under applicable laws or your ability to bring claims before the courts where appropriate.

Updates

Observe - Why we update this policy. Laws, regulatory guidance and our business operations may evolve over time, especially given the cross-border and "grey market" nature of Mobil Bahis for UK users. We may therefore update this Privacy Policy periodically to reflect changes in our processing activities or applicable legal requirements.

Expand - How we notify you. When we make material changes, we will take appropriate steps to inform you in advance, which may include:

  • posting an updated version of this Privacy Policy on mobibahis.bet with a revised "Last updated" date (currently November 2025);
  • displaying in-site banners or pop-up notifications when you log in, highlighting the key changes;
  • sending you an email or account message summarising significant updates, especially where they relate to new processing purposes, new categories of data or changes in your rights; and
  • providing information in your account dashboard or help centre.

For significant changes that materially affect your rights or obligations, we will provide, where reasonably practicable, at least 30 days' advance notice before the changes take effect. During this period, you may review the changes and decide whether to continue using our services.

Reflect - Versioning and your options. We maintain internal records of previous versions of this Privacy Policy for accountability and audit purposes. If you disagree with the updated terms, you may choose to close your account and stop using mobibahis.bet. Continued use of the Site after the effective date of an updated Privacy Policy will generally be taken as your acknowledgement of the changes, to the extent permitted by applicable law.