Privacy Policy

Your Data Protection & Privacy Rights

Effective Date: 25 May 2025 | Last Reviewed: 25 May 2025

1. Introduction

Welcome to drop-the-boss.org, the official website for "Drop the Boss" by Mirror Imago Gaming. We understand that your privacy is paramount, especially when engaging with online gambling services. This Privacy Policy outlines how Mirror Imago Gaming Ltd ("we," "us," or "our") collects, uses, processes, and protects your personal data when you visit our website, register an account, and play our game, "Drop the Boss."

As a licensed gambling operator, we operate at the intersection of entertainment and significant financial responsibility. Google classifies sites like ours as "Your Money Your Life" (YMYL) content due to the potential impact on your financial well-being. This means transparency, trust, and robust data protection are not just legal obligations, but fundamental pillars of our commitment to you.

We are dedicated to building and maintaining your trust by ensuring your data is handled with the utmost care, security, and in full compliance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We also adhere to the strict regulatory requirements set by gambling authorities and responsible gambling standards.

This policy aims to be clear, understandable, and comprehensive, addressing your specific concerns about data security, game fairness, and responsible play.

2. Who We Are

Mirror Imago Gaming Ltd is a company registered in the United Kingdom.

Company Information

Registered Address: Office 3, The Innovation Hub, 123 Tech Lane, London, EC1V 9XX, United Kingdom

Website: https://drop-the-boss.org/

Email for Privacy Enquiries: [email protected]

For the purposes of applicable data protection law, Mirror Imago Gaming Ltd is the 'data controller' of the personal data we process about you.

3. Key Definitions

To help you understand this policy, here are some key terms:

  • Personal Data: Any information relating to an identified or identifiable living individual.
  • Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
  • Data Subject: The individual to whom the personal data relates (i.e., you, the user).
  • Data Controller: The entity that determines the purposes and means of processing personal data (i.e., Mirror Imago Gaming Ltd).
  • Data Processor: An entity that processes personal data on behalf of the Data Controller.

4. What Data We Collect About You

We may collect, use, store, and transfer different kinds of personal data about you. This data helps us provide our services, ensure compliance, and protect our users.

a. Data You Provide Directly To Us:

  • Identity Data: Full name, date of birth, gender, nationality, photographic identification (e.g., passport, driving licence), utility bills for address verification.
  • Contact Data: Billing address, email address, telephone numbers.
  • Financial Data: Bank account details, payment card details, e-wallet information, source of funds.
  • Account Data: Username, password, security questions and answers.
  • Correspondence Data: Information you provide when contacting customer support, participating in surveys, or providing feedback.
  • Responsible Gambling Data: Information you provide regarding self-exclusion, deposit limits, reality checks, or any other responsible gambling measures.

b. Data We Collect Automatically:

  • Technical Data: Internet Protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data: Information about how you use our website and game, including clickstream data, page views, duration of visits, and navigation paths.
  • Gameplay Data: Detailed records of your gaming activity, including:
    • Betting History: Bets placed, amounts, winnings, losses.
    • Game Interactions: Specific in-game actions such as collecting "Mega Caps," attempting "Somersaults," triggering "K-Hole" events, and landing in "Bonus Zones" like "Chump Tower," "Golden Tee," "Truck Award," "Second Best Friend Award," and the "White House Award."
    • Feature Activation: Use of in-game purchases or modifiers like "Ante Bet" and "Chaos Mode."
    • Game Performance: RTP data, game session duration, and any technical issues encountered.

c. Data We Receive From Third Parties:

  • Identity and Verification Data: From identity verification services, credit reference agencies, and public databases for Know Your Customer (KYC), Anti-Money Laundering (AML), and age verification purposes.
  • Financial Data: From payment service providers regarding transaction status and fraud checks.
  • Marketing Data: From partners for marketing and promotional purposes, where you have given your consent.
  • Affiliate Data: If you were referred to us through an affiliate partner, we may receive data about that referral.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences, except as required by our legal obligations under AML and fraud prevention laws, which may involve screening against sanctions lists.

5. How We Use Your Data and Our Legal Bases

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Purpose for which we use your data Type of Data Legal Basis for Processing
To register you as a new customer and manage your account. Identity, Contact, Account Performance of a contract with you.
To provide our gambling services, including allowing you to play "Drop the Boss", process your bets, and manage winnings/losses. Identity, Contact, Financial, Gameplay, Account Performance of a contract with you.
To process your deposits and withdrawals, and manage billing and payments. Identity, Contact, Financial Performance of a contract with you; Necessary for compliance with a legal obligation (e.g., AML).
To verify your identity, age, and source of funds in compliance with regulatory requirements (KYC, AML). Identity, Contact, Financial, Responsible Gambling Necessary for compliance with a legal obligation (e.g., UKGC licence conditions, AML regulations).
To detect and prevent fraud, money laundering, and other criminal activities. Identity, Contact, Financial, Gameplay, Technical, Usage Necessary for compliance with a legal obligation; Necessary for our legitimate interests (e.g., protecting our business and users from crime).
To monitor and promote responsible gambling, identify potential problem gambling behaviours, and implement self-exclusion or limits. Identity, Gameplay, Responsible Gambling, Usage Necessary for compliance with a legal obligation (e.g., UKGC requirements); Necessary for our legitimate interests (e.g., protecting vulnerable players).
To manage our relationship with you, including notifying you about changes to our terms or privacy policy, and responding to your queries. Identity, Contact, Account, Correspondence Performance of a contract with you; Necessary for compliance with a legal obligation; Necessary for our legitimate interests (e.g., keeping our records updated).
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data). Technical, Usage, Account Necessary for our legitimate interests (e.g., for running our business, network security, preventing fraud); Necessary for compliance with a legal obligation.
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. Usage, Technical, Marketing Necessary for our legitimate interests (e.g., to develop our products/services and grow our business); With your consent (for certain types of marketing).
To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences. Technical, Usage, Gameplay Necessary for our legitimate interests (e.g., to define customer types for our products and services, to keep our website updated and relevant).
To participate in affiliate programs and manage commissions, ensuring compliance with transparency requirements. Affiliate Data, Usage Necessary for our legitimate interests (e.g., to grow our business through partnerships); Performance of a contract (with affiliate partners).

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

6. Disclosure of Your Data

We may share your personal data with the parties set out below for the purposes described in Section 5:

  • Internal Third Parties: Other companies within Mirror Imago Gaming Ltd's group (if applicable) acting as processors or joint controllers.
  • External Third Parties:
    • Game Providers: Mirror Imago Gaming (developer) and Fortune Engine (platform provider) for the operation, maintenance, and auditing of "Drop the Boss" to ensure fair play and functionality.
    • Payment Service Providers: To facilitate secure deposits and withdrawals, complying with PCI DSS standards.
    • Identity and Verification Service Providers: For KYC, AML, and age verification checks.
    • Regulatory and Law Enforcement Bodies: Including the UK Gambling Commission (UKGC), Information Commissioner's Office (ICO), National Crime Agency (NCA), and other relevant authorities, where we are legally required to do so.
    • Responsible Gambling Organisations: Such as GamCare and BeGambleAware, for referral or data sharing related to player protection where legally mandated or with your consent.
    • IT and System Administration Service Providers: For hosting, data storage, and technical support.
    • Analytics Providers: Including Yandex.Metrica, to help us understand website usage and improve our services (see Section 7 for important information regarding Yandex.Metrica).
    • Marketing and Advertising Partners: To deliver relevant promotional content, where appropriate and with your consent.
    • Affiliate Partners: If you accessed our site via an affiliate link, we may share anonymised data or referral IDs with our affiliate partners for commission calculation, in compliance with advertising transparency requirements (e.g., ASA).
    • Professional Advisers: Lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. International Data Transfers (Including Yandex.Metrica)

Many of our external third parties are based outside the UK and European Economic Area (EEA), so their processing of your personal data will involve a transfer of data outside the UK/EEA.

Whenever we transfer your personal data out of the UK/EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government (e.g., EU Member States) or the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the UK government or the European Commission which give personal data the same protection it has in the UK/EEA.

However, we specifically use Yandex.Metrica for web analytics, which is provided by Yandex LLC, a company based in Russia. Please be aware that neither the UK government nor the European Commission has issued an adequacy decision for data transfers to Russia, meaning that data protection standards and legal protections in Russia may differ from those in the UK and EEA. While we implement contractual clauses (Standard Contractual Clauses) and security measures to protect your data during transfer and processing, you should be aware of the inherent risks associated with such transfers outside of an adequacy framework.

By continuing to use our website, you acknowledge and accept this transfer of data to Yandex.Metrica for analytical purposes. You have the right to object to the processing of your data by Yandex.Metrica. You can opt-out of Yandex.Metrica tracking by installing the Yandex.Metrica opt-out browser add-on or by adjusting your cookie preferences (see Section 12).

8. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorised way, altered, or disclosed. These measures include:

  • Encryption: Data is encrypted both in transit and at rest where appropriate.
  • Access Controls: Strict access controls and authentication mechanisms are in place to limit access to your personal data to employees, agents, contractors, and other third parties who have a legitimate business need to know.
  • Staff Training: All personnel handling personal data undergo regular data protection and security training.
  • Regular Audits: We conduct regular security audits and penetration testing to identify and address vulnerabilities.
  • Incident Response Plan: We have a robust plan to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

While we strive to protect your personal data, no system is entirely secure. We also rely on you to keep your account details, particularly your password, confidential. Please choose a strong, unique password and do not share it with anyone.

9. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example:

  • Regulatory Obligations: Gambling regulations (e.g., UKGC licence conditions) and AML laws require us to retain certain customer data (including identity, financial, and transaction records) for a minimum of five years after the business relationship ends.
  • Responsible Gambling: Data related to self-exclusion or responsible gambling measures may be retained indefinitely to ensure player protection.
  • Dispute Resolution: We may retain data for longer periods if there is an ongoing dispute or legal claim.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

10. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include:

  • The right to request access to your personal data (commonly known as a "data subject access request").
  • The right to request rectification of the personal data that we hold about you.
  • The right to request erasure of your personal data.
  • The right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
  • The right to request restriction of processing of your personal data.
  • The right to request the transfer of your personal data to you or to a third party.
  • The right to withdraw consent at any time where we are relying on consent to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

If you wish to exercise any of these rights, please contact us at [email protected]. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

11. Responsible Gambling & Player Protection

We are deeply committed to promoting responsible gambling and protecting our players from potential harms associated with gambling. This is a core part of our operational culture and compliance strategy.

We use your gameplay and usage data to monitor patterns that may indicate problem gambling behaviour. This data analysis allows us to intervene proactively, offer support, or implement necessary restrictions such as deposit limits, time-outs, or self-exclusion.

While the game "Drop the Boss" features a disclaimer "Nobody should play this game", this is a thematic element of the game's fictional narrative. Our commitment to responsible gambling is serious and unwavering. We provide tools and resources to help you manage your play responsibly.

If you are concerned about your gambling or that of someone you know, please seek help from specialist organisations:

  • GamCare: www.gamcare.org.uk (National Gambling Helpline: 0808 8020 133)
  • BeGambleAware: www.begambleaware.org

12. Cookies and Similar Technologies

Our website uses cookies and similar technologies (e.g., pixels, web beacons) to distinguish you from other users, provide you with a good experience, and improve our site and services. Cookies are small text files placed on your device when you visit a website.

We use different types of cookies for various purposes:

  • Strictly Necessary Cookies: Essential for the operation of our website, enabling core functionalities like secure login and transaction processing.
  • Analytical/Performance Cookies: Allow us to recognise and count the number of visitors and see how visitors move around our website. This includes cookies used by Yandex.Metrica (see Section 7) and other analytics providers.
  • Functionality Cookies: Used to recognise you when you return to our website, allowing us to personalise content for you and remember your preferences.
  • Targeting/Marketing Cookies: Record your visit to our website, the pages you have visited, and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests, including for affiliate marketing purposes.

You can manage your cookie preferences through your browser settings or via our cookie consent tool on the website. Please note that disabling certain cookies may affect the functionality and experience of our website.

13. Children's Privacy

Our services are not intended for individuals under the age of 18 (or the legal gambling age in your jurisdiction, if higher). We do not knowingly collect personal data from anyone under this age. If we become aware that a person under the legal gambling age has provided us with personal data, we will take steps to delete such information from our records immediately and close their account.

We implement robust age verification procedures as part of our regulatory obligations to prevent underage gambling.

14. Third-Party Links

Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email or through a prominent notice on our website.

We encourage you to review this policy periodically to stay informed about how we are protecting your information. The "Last Reviewed" date at the top of this policy indicates when it was last updated.

16. Contact Us

If you have any questions about this Privacy Policy or our data protection practices, please contact us:

Privacy Contact Information

Full name of legal entity: Mirror Imago Gaming Ltd

Email address: [email protected]

Postal address: Office 3, The Innovation Hub, 123 Tech Lane, London, EC1V 9XX, United Kingdom

For all privacy-related concerns, please direct your correspondence to the email address provided above, and we will endeavour to respond promptly.