The MGA is the regulatory body responsible for the governance and supervision of all gaming activities in and from Malta. It is assigned with the responsibility and official authority to ensure that Malta’s gaming regime is based on fair, responsible, safe and secure provision of gaming services and it seeks to ensure that the three main pillars of gaming, namely (i) the fairness of games, (ii) the protection of minors and vulnerable persons and (iii) the prevention of crime, fraud and money laundering, are safeguarded as much as possible.
It is therefore the duty and responsibility of the Authority to process all the data and information as may be required to effectively safeguard the public interest with regards to gaming activities in and from Malta.
When determining the purposes and means of the processing of such personal data, the MGA – whose principal place of business is situated at Building SCM 02-03, Level 4, SmartCity Malta, Ricasoli SCM1001, Malta – is acting as the ‘Data Controller’ for the purposes of the General Data Protection Regulation (GDPR).
Personal Information We Process
The Authority may collect your personal information in accordance with the terms of this privacy notice. Personal information consists of personal data and, in some cases, may also consist of special categories of personal data. The term ‘personal data’ refers to personally identifiable information about you, such as your name, e-mail or mailing address. Certain information may be classified as ‘special category personal data’, such as information about you that may reveal your race, ethnic origin, or political opinion. Should we require your special category personal data, we will request your explicit consent.
The Authority also collects your personal information when you make use of the following facilities provided by the Authority that require, to varying degrees, the voluntary submission of your personal information:
How is Personal Information Gathered Used?
While fulfilling its role as the regulatory body responsible for the governance and supervision of all gaming activities in and from Malta, the MGA processes certain personal data relating to licensees, players, employees, and the general public.
The Authority may collect and process your personal information for the following purposes:
Sharing Personal Data
Your data may be shared, under our express instructions, with third parties who fulfil a service on our behalf. It may also be shared with other competent authorities where it is necessary to do so and where we are legally required or permitted to do so.
The Authority is required to adhere to the Data Protection Act (Cap. 440 of the Laws of Malta) (the “Data Protection Act”) and other relevant regulations, legal notices and similar instruments that may be in force, taking account of the General Data Protection Regulation (Regulation (EU) 2016/679) and the Electronic Communications Privacy Directive (Directive 2002/58/EC as amended by Directive 2009/136/EC) (the “Directives”) (the “Data Protection Laws”).
All this is in place in order to assure you that at all times your personal information is:
Any person about whom we hold information has rights under the Data Protection Laws. You may:
For further information on how your personal information is used, how we maintain the security of your personal information, and your rights to access information we hold on you, please get in touch with us in the manner specified in the ‘Getting in Touch with Us’ section of this notice.
Access, corrections and deletions
If you wish to view any of your personal information we hold, or have any inaccurate data corrected or removed, you can make a request (“A Data Subject Request”) to this effect.
A data subject request shall be made by sending an email to that Authority’s Data Protection Officer (DPO) to the following email address: [email protected]. The email shall contain your full name, address, and a description of the information you wish to view, correct or delete.
The Authority’s DPO may request further information from the data subject making the request should any clarifications be required. Furthermore, to ensure confidentiality and to verify the identity of the person making the data subject request, the DPO may request a photo to be taken of the subject person holding a photo identification document clearly showing name, identification number and facial photo on document.
It is important to note that the rights of data subjects are tied with certain conditions and limitations that are stipulated within the GDPR itself.
The Authority reserves the right to charge a reasonable fee for repetitive requests, requests for further copies of the same data, and, or requests which are deemed to be manifestly unfounded or excessive. We may also refuse to act upon requests that are deemed to be manifestly unfounded or excessive.
Cookies, tags and other identifiers (“Cookies”)
The Authority Website contains a number of hyperlinks and redirections to other websites, including the LRM Portal. You are therefore kindly reminded to read the privacy notices of any other websites you access which are not covered by this privacy notice.
The Authority does not provide quality control of the hyperlinks to websites that are not operated by the Authority. The Authority accepts no responsibility for the content, performance, accuracy, security, privacy or availability of the hyperlinks to such external websites.
Changes to our Privacy Notice
The Authority is continually improving and adding new functionality and features to its Websites. Because of these ongoing changes, changes in the law, and the changing nature of technology, the Authority’s data practices may change from time to time. If there are any changes to this privacy notice, we will replace this page with an updated version. It is in your own interest to check this privacy notice frequently so as to be aware of any changes which may occur from time to time.
This privacy notice was last updated on 25/05/2018.
We are committed to protecting your privacy. If you find anything on the Authority Website and/or the LRM Portal that causes concern, please get in touch with us.
Any comments or suggestions that you may have and which may contribute to a better quality of service will be welcome.
Getting in touch with us
To get in touch with us on issues concerning privacy and data protection, please email us at [email protected], or write to us at:
Data Protection Officer,
Malta Gaming Authority,
Building SCM 02-03, Level 4,
Your Right to Lodge a Complaint
The Authority endeavours to protect your personal information. However, should you wish to lodge a complaint with the Information and Data Protection Commissioner (IDPC), you have a right to do so pursuant to the GDPR.
The following are the relevant contact details:
Information and Data Protection Commissioner
Level 2, Airways House,
Sliema, SLM 2549
(+356) 2328 7100
The Authority makes every effort to maintain the accuracy of the information that is published on the Websites, but accepts no responsibility and expressly excludes liability for any direct, indirect or consequential loss or damage which may arise from the usage of, and / or reliance on, such information.
© 2022. Malta Gaming Authority. All rights reserved.