burger icon
Hopa United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how personal data is collected, used, stored, and shared when you access or use the Hopa services made available through gopawin.com (the "Site"), including when you browse the Site, create an account, place bets, play games, or contact customer support. It applies to players and other visitors to the Site, whether you act on your own behalf or on behalf of another person.

We process your personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and, where relevant, comparable international standards (such as the EU GDPR and Mexican data protection regulations) for players located outside the United Kingdom. Please read this Privacy Policy carefully before using the Site or the Hopa services.

Effective date: 6 November 2025

1. Who We Are

For players located in Great Britain, the controller responsible for the processing of your personal data in connection with Hopa services offered via gopawin.com is:

  • Operator: AG Communications Limited
  • Legal form: Limited company incorporated in Malta
  • Company registration number: C48328
  • Registered address: 135, High Street, Sliema, SLM 1548, Malta
  • Gambling licence (Great Britain): UK Gambling Commission account number 39483 (Remote - General Betting Standard - Real Event, Casino, Bingo)

For some services and for players located outside Great Britain, certain processing activities may be carried out on our behalf by group companies, including Aspire Global International LTD (a Malta-registered company with registration number C42296, licensed by the Malta Gaming Authority under licence number MGA/CRP/148/2007).

Data protection contact

AG Communications Limited is responsible for protecting your personal data in relation to the Hopa services on gopawin.com. We have appointed an internal data protection function (the "Data Protection Officer" or "DPO") to oversee our compliance.

  • Postal contact (data protection): Data Protection Officer, AG Communications Limited, 135, High Street, Sliema, SLM 1548, Malta
  • Online contact: via the contact or support channels indicated on https://gopawin.com, clearly marking your request as a "Data protection / privacy enquiry"

The most up-to-date contact details for customer support and privacy enquiries are always available on the Site. When contacting us, please provide sufficient information to identify your account so we can respond effectively and securely.

What Personal Data We Collect

We collect and process different categories of personal data depending on how you interact with gopawin.com and the Hopa services. Some information is provided directly by you, some is generated through your use of the Site, and some is obtained from third parties such as payment providers or verification service providers.

Identification and contact data

  • Basic identity details: full name, date of birth, gender, nationality, and copies or details of identification documents (e.g. passport, national ID card, driving licence), as required for age and identity verification.
  • Contact details: email address, postal address, country of residence, and (where provided) telephone number or mobile number.
  • Account details: username, unique player ID, security questions and answers, and account status (active, suspended, self-excluded, closed).

Account, gameplay and behavioural data

  • Gameplay information: betting and game history, stakes, wins and losses, game sessions, tournament participation, bonus usage, and any limits or preferences you set (e.g. deposit limits, reality checks, time-outs, self-exclusion).
  • Behavioural data: clicks, page views, navigation paths, interaction with promotions, time spent on the Site, and communication logs with customer support (including chat transcripts and emails).

Financial and transaction data

  • Payment data: deposits, withdrawals, account balances, transaction amounts and timestamps, payment method type (e.g. card, e-wallet, bank transfer), partial card details (such as masked card numbers) as provided by your payment provider, and associated verification details (e.g. payment confirmation, chargeback records).
  • Anti-fraud and AML data: risk scores, sanctions and politically exposed person ("PEP") checks, source-of-funds and source-of-wealth information, adverse media results, and other information relevant to our legal AML/CTF obligations.

Technical and device data

  • Device information: device type, operating system, browser type and version, language settings, device identifiers (such as advertising IDs where permitted), and approximate location derived from IP address.
  • Log and usage data: IP address, access times, pages viewed, referral URLs, crash logs, login attempts (successful and unsuccessful), and information related to security events or suspected misuse.

Cookies and similar technologies

  • Cookies: small text files stored on your device to enable core functionality, remember your preferences, and analyse how you use gopawin.com.
  • Similar technologies: web beacons, pixel tags, tracking URLs, and scripts that help us measure performance, deliver personalised content, and manage marketing campaigns.

Further details on specific cookies used on gopawin.com are provided in our separate Cookie Policy available at https://gopawin.com/cookies-policy/.

Special categories and minors

  • We do not intentionally collect special category data (such as health, religious beliefs, or biometric data) except in limited cases where you voluntarily provide information (for example, to explain affordability issues or to request additional responsible gambling support), and only where permitted by law.
  • Our services are strictly for persons aged 18 or over. We implement age verification controls and do not knowingly collect personal data of minors. If we become aware that a minor has provided personal data, we will take appropriate steps to close the account and securely delete or anonymise the data, subject to our legal obligations.

2. Legal Basis for Processing

We only process your personal data where we have a valid legal ground under applicable data protection laws, including the UK GDPR, and, where relevant, comparable rules in other jurisdictions (such as the EU GDPR and Mexican data protection legislation). Depending on the context, we may rely on one or more of the following legal bases:

Contract performance

  • Providing the Hopa services on gopawin.com: we process your identification, contact, account, gameplay and transaction data to create and administer your player account, enable you to deposit and withdraw funds, process bets, settle winnings, and deliver customer support.
  • Enforcing our Terms: we use your data to verify your eligibility to play, ensure that our Terms and Conditions, Bonus Policy and Fair Play Policy are fulfilled, and manage any contractual disputes or requests.

Legal obligations

  • Gambling and AML/CTF regulations: as a licensee of the UK Gambling Commission (licence number 39483), we must carry out age and identity checks, monitor transactions, prevent money laundering and terrorist financing, and retain certain records for specified periods.
  • Accounting, tax and reporting duties: we process and retain transaction and financial data to comply with statutory record-keeping obligations under applicable tax and corporate laws.
  • Data protection rights: we process certain information to respond to and document your rights requests under the UK GDPR, EU GDPR (where relevant), and comparable regulations such as Mexican data protection law.

Legitimate interests

  • Service improvement and analytics: we analyse aggregated and pseudonymised usage and behavioural data to improve gopawin.com, optimise game offerings, detect technical issues, and enhance user experience, ensuring that our interests do not override your fundamental rights and freedoms.
  • Fraud prevention and security: we monitor accounts and transactions for suspicious activity, enforce self-exclusion and responsible gambling measures, and protect our systems and players from misuse, cyberattacks, and other harmful behaviour.
  • Internal management: we use limited personal data to manage our business operations, including internal reporting, risk management, and corporate governance within the Aspire Global group.

Consent

  • Marketing communications: we send email, SMS, push notifications, or in-account marketing about bonuses, promotions and offers only where you have provided valid consent or where permitted by soft opt-in rules. You may withdraw your consent at any time via your account settings or by following the unsubscribe instructions in the communication.
  • Optional cookies and tracking: non-essential cookies (such as certain analytics or advertising cookies) are used based on your consent in line with applicable e-privacy rules and our Cookie Policy.

Where we rely on consent, you are free to refuse or withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal. Where we rely on legitimate interests, you have the right to object, as described in the "Your Rights" section below.

13. Purpose of Processing

We process personal data for specified, explicit, and legitimate purposes, and we do not use it in a way that is incompatible with those purposes. In particular, your data is processed for the following reasons:

  • Providing and operating the Hopa services on gopawin.com: to create and manage your player account, verify your age and identity, enable you to deposit funds, place bets, play games, participate in promotions, and withdraw winnings, as well as to deliver technical and customer support.
  • Compliance with legal and regulatory duties: to comply with UK Gambling Commission requirements (licence number 39483), anti-money laundering and counter-terrorist financing laws, responsible gambling obligations (including GAMSTOP participation), and other applicable laws in the UK and relevant international jurisdictions.
  • Responsible gambling and player protection: to apply and manage deposit limits, time-outs, self-exclusion, affordability assessments, and other tools designed to help you gamble safely, and to identify patterns of play that may indicate potential gambling-related harm.
  • Risk management, fraud prevention and security: to prevent, detect, and investigate fraud, abuse of bonuses, match-fixing, money laundering, account takeover attempts, and other harmful or unlawful activities, and to maintain the integrity and security of our systems and the Site.
  • Service optimisation and analytics: to analyse how visitors and players use gopawin.com, improve site performance and design, enhance game and product offerings, and conduct statistical and business analysis, typically on an aggregated or pseudonymised basis where possible.
  • Marketing and personalisation: to send you tailored offers and promotions (where permitted by law and your preferences), manage bonus schemes, and present personalised content and recommendations on the Site or in communications.
  • Business operations and corporate governance: to manage customer relationships, handle queries and complaints, maintain internal records, support audits and regulatory inspections, and manage corporate transactions within the Aspire Global / NeoGames group.

29. Disclosure & Sharing

We treat your personal data as confidential and only share it where necessary, subject to appropriate safeguards and in accordance with applicable law and our contractual obligations. Depending on the circumstances, your personal data may be disclosed to the following categories of recipients:

  • Group companies and platform providers: within the Aspire Global group and its parent NeoGames S.A., including Aspire Global International LTD (Malta, company number C42296), where required for platform operation, IT support, risk management, and group-level compliance, in line with intra-group data transfer safeguards.
  • Payment and financial service providers: banks, card schemes, e-wallets, payment gateways, and other financial institutions that process deposits, withdrawals, and chargebacks, as well as providers that assist us with fraud and affordability checks.
  • Verification, AML and risk management providers: identity verification services, sanctions and PEP-screening providers, credit reference agencies (where lawful), and other due diligence partners that help us meet our legal and regulatory obligations.
  • Technology and service providers: hosting providers, IT and security service providers, analytics and business intelligence vendors, customer support platforms, communication service providers, and marketing agencies that act as our processors under written agreements.
  • Regulators and authorities: the UK Gambling Commission, the Malta Gaming Authority, tax authorities, law enforcement agencies, courts, and other public authorities in the UK or abroad, when required by law, regulation, licence conditions, court order, or to protect our legal rights or the rights of others.
  • Alternative dispute resolution and professional advisers: the Independent Betting Adjudication Service (IBAS) in the UK for gambling-related disputes, auditors, lawyers, consultants and other professional advisers who support our business and must keep your data confidential.
  • Marketing and advertising partners: where you have given appropriate consent, selected third-party marketing and advertising networks may receive limited information necessary to deliver or measure campaigns, subject to applicable marketing and e-privacy rules.
  • Corporate transactions: potential or actual purchasers, investors, or other parties (and their advisers) in connection with any merger, acquisition, asset sale, restructuring, or similar corporate transaction, provided that we only share what is necessary and subject to confidentiality obligations.

We do not sell your personal data to third parties. Where we share data with third-party processors, they may only process it on our instructions and must implement appropriate security measures.

3. International Transfers

Because the Hopa services on gopawin.com are operated by AG Communications Limited in cooperation with other group companies and service providers, your personal data may be transferred to and processed in countries outside the United Kingdom, including countries that may not offer the same level of data protection as the UK.

Typical transfer destinations

  • European Economic Area (EEA) and Malta: some of our group companies (including Aspire Global International LTD) and many of our service providers are located in Malta or elsewhere in the EEA.
  • Other jurisdictions: certain technology, payment, analytics, or support providers may be located or may process data in countries outside the UK and the EEA (for example, in Israel or the United States).

Safeguards for international transfers

  • Adequacy regulations: where the UK Government has recognised a country as providing an adequate level of data protection, transfers may take place on that basis.
  • Standard Contractual Clauses and IDTA: for transfers to other countries, we implement appropriate safeguards such as the UK-approved International Data Transfer Agreement and/or the applicable standard contractual clauses, often accompanied by transfer impact assessments and additional technical and organisational measures.
  • Contractual and technical protections: we require recipients to protect your data in accordance with this Privacy Policy and applicable law, including by limiting onward transfers, implementing strong security controls, and subjecting their staff to confidentiality obligations.

Where required, we can provide more information about specific transfer mechanisms applicable to your data upon request, subject to redacting commercially sensitive information.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including to meet legal, accounting, and regulatory requirements, and to resolve disputes. Retention periods may vary by category of data and by jurisdiction, but we apply consistent principles designed to avoid keeping data longer than necessary.

Typical retention periods

Data category Typical retention period Main rationale
Identification and KYC data At least 5 years after account closure or last transaction Compliance with AML/CTF and gambling regulations
Account and gameplay data Up to 5 years after account closure, unless a longer period is required by law or for dispute resolution Regulatory reporting, responsible gambling, defending legal claims
Financial and transaction data 5-10 years from the end of the relevant financial year Accounting, tax, anti-fraud and statutory record-keeping
Customer communications and complaints Up to 6 years after resolution Customer service history, legal and regulatory defence
Marketing preferences and consents Until you withdraw consent or object + limited period to document compliance Proof of consent and compliance with marketing rules
Technical logs and security data From a few months up to 5 years, depending on sensitivity Security monitoring, fraud detection, incident investigation

When the relevant retention period expires, or when data is no longer needed for the purposes for which it was collected, we will either securely delete or irreversibly anonymise the data, unless we are legally required or permitted to retain it longer (for example, due to an ongoing investigation or legal dispute). Where deletion is not immediately possible from backups, we will securely segregate and protect the data from further processing until deletion is feasible.

28. Your Rights

Under the UK GDPR and the Data Protection Act 2018, and, where applicable, under the EU GDPR and Mexican data protection regulations, you have a number of rights in relation to your personal data. These rights may be subject to conditions and limitations under applicable law, particularly where processing is required to comply with legal or regulatory obligations.

Core data protection rights

  • Right of access: you can request confirmation of whether we process personal data about you and obtain a copy of such data, together with information about how we use it.
  • Right to rectification: you can ask us to correct or update inaccurate or incomplete personal data. In many cases you can update certain details directly through your account settings on gopawin.com.
  • Right to erasure ("right to be forgotten"): you can request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent (if consent was the sole legal basis), or where you successfully object to processing. We may need to retain certain data to comply with our legal obligations, especially under gambling and AML regulations.
  • Right to restriction of processing: you can ask us to restrict processing of your data in certain circumstances, for example where you contest its accuracy or where you have objected to processing and we are verifying our legitimate grounds.
  • Right to object: you can object at any time to processing based on our legitimate interests, including profiling related to those interests. We will stop processing unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms, or where processing is required for legal claims. You can also object at any time to processing for direct marketing, in which case we will stop that processing.
  • Right to data portability: where processing is based on your consent or on a contract and carried out by automated means, you may request to receive certain personal data in a structured, commonly used and machine-readable format and to have it transmitted to another controller where technically feasible.
  • Right to withdraw consent: where we rely on your consent (for example, for certain marketing communications or optional cookies), you may withdraw that consent at any time via your account settings or by following the instructions in our communications. This will not affect the lawfulness of processing before withdrawal.

Alignment with Mexican privacy law

Where Mexican data protection regulations (such as the Federal Law on the Protection of Personal Data Held by Private Parties and its regulations) apply, comparable rights are recognised, including rights of access, rectification, cancellation, and opposition ("ARCO rights"). Our procedures are designed to align with these rights to the extent applicable, and we will consider relevant Mexican regulatory guidance when handling such requests.

How to exercise your rights

  1. Submit your request: contact us using the data protection contact details set out in the "Who We Are" section or through the dedicated privacy/contact channels indicated on gopawin.com, clearly stating which right you wish to exercise and providing enough information to identify your account.
  2. Verification: we may request additional information to verify your identity and ensure that we are acting on the request of the correct individual, especially for access, portability, or deletion requests.
  3. Response timeframe: we aim to respond to your request within one month (30 calendar days) of receipt. Where the request is complex or where we receive multiple requests from you, we may extend this period by a further two months, but we will inform you of any such extension and the reasons for it.
  4. Cost: we will handle your rights requests free of charge, unless they are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request in accordance with applicable law.

If we cannot fully comply with your request due to legal or regulatory obligations (for example, where AML or gambling laws require us to retain certain data), we will explain the reasons, unless we are legally prevented from doing so.

27. Cookies & Tracking Technologies

We use cookies and similar technologies on gopawin.com to ensure the proper functioning of the Hopa services, improve user experience, analyse performance, and, where permitted, deliver personalised content and marketing. Some cookies are essential for the operation of the Site, while others are optional and used only with your consent.

Types of cookies

  • Session cookies: temporary cookies that remain on your device only while your browser is open. They are typically used to maintain your session, allow you to move between pages without re-logging in, and ensure that your bets and account actions are processed correctly.
  • Persistent cookies: cookies that remain on your device for a set period or until you delete them. They help remember your preferences (such as language or login options), measure site performance, and support personalisation.
  • First-party cookies: cookies set directly by gopawin.com for core functionality and analytics.
  • Third-party cookies: cookies set by third-party providers (for example, analytics services or advertising networks) that help us understand how the Site is used or deliver and measure marketing campaigns, subject to your consent where required.

Purposes of cookies

  • Strictly necessary/functional: essential for the Site to function and to provide the Hopa services you request (such as keeping you logged in, processing payments, and maintaining security).
  • Analytics and performance: help us understand how visitors use gopawin.com (for example, which pages are most popular, how long sessions last, and where users encounter errors) so that we can improve our services.
  • Advertising and personalisation: enable us or our partners to deliver tailored offers and promotions and to measure the effectiveness of marketing campaigns, in accordance with your preferences.

Managing cookies

  • You can manage or disable cookies through your browser settings; however, blocking certain cookies may affect the functionality and performance of gopawin.com and may prevent you from using some features of the Hopa services.
  • Where applicable, you may also be able to manage your preferences for optional cookies through on-site tools (such as cookie banners or preference centres) provided on gopawin.com.
  • More detailed information about the specific cookies we use and how long they persist is available in our Cookie Policy at https://gopawin.com/cookies-policy/.

5. Data Security

We implement technical and organisational measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. While no system can be guaranteed as completely secure, we continually review and enhance our security controls in line with industry best practices and regulatory expectations for licensed gambling operators in the UK.

Technical measures

  • Encryption in transit and at rest: data transmitted between your browser and gopawin.com is protected using Transport Layer Security (TLS) protocols (TLS 1.2 or higher). Where appropriate, we encrypt or pseudonymise data stored on our systems and on the systems of our trusted providers.
  • Access controls and authentication: access to personal data is restricted to authorised personnel and service providers on a strict need-to-know basis, enforced by role-based access controls, strong authentication mechanisms, and regular access reviews.
  • Network and application security: we use firewalls, intrusion detection and prevention systems, anti-malware tools, secure coding practices, and regular vulnerability assessments and penetration testing to reduce security risks.

Organisational measures

  • Policies and training: we maintain internal policies on data protection, information security, and acceptable use, and we provide staff training and awareness programmes so that employees understand their responsibilities in handling personal data.
  • Vendor due diligence: we assess the security and privacy practices of key third-party providers and require them to implement appropriate safeguards and comply with contractual data protection obligations.
  • Incident response: we maintain incident response procedures to detect, investigate, and respond to potential data breaches. Where required by law, we will notify the relevant supervisory authorities and affected individuals without undue delay.

Where feasible, we align our controls with recognised international security standards (such as ISO/IEC 27001 and SOC 2) either directly or through the certified status of our critical service providers.

19. Complaints & Contacts

If you have any questions, concerns, or complaints about how we process your personal data in connection with Hopa services on gopawin.com, or if you wish to exercise your rights, you should contact us first so that we can try to resolve the issue.

How to contact us

  • Data protection contact: Data Protection Officer, AG Communications Limited, 135, High Street, Sliema, SLM 1548, Malta.
  • Online: via the contact or support channels indicated on https://gopawin.com, clearly marking your enquiry as a "Data protection / privacy complaint".

Complaint handling procedure

  1. Submission: send us your complaint with sufficient detail to identify your account and clearly explain your concerns.
  2. Acknowledgement: we will acknowledge receipt of your complaint and provide a reference where appropriate.
  3. Investigation: we will review the facts, consult relevant internal teams, and, if necessary, request additional information from you.
  4. Response: we aim to provide a substantive response within one month (30 days) of receiving your complaint. In complex cases or where several complaints are received, this period may be extended, but we will keep you informed of progress.

Supervisory authorities

You also have the right to lodge a complaint with a data protection supervisory authority if you believe that your rights have been infringed.

  • United Kingdom: Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom; website: https://ico.org.uk.
  • European Union/EEA (where applicable): if you are located in an EU/EEA Member State and EU GDPR applies, you may lodge a complaint with your local data protection authority. Contact details are available on the European Data Protection Board website.
  • Mexico (where applicable): if Mexican data protection regulations apply to you, you may have the right to lodge a complaint with the competent Mexican authority (for example, the National Institute for Transparency, Access to Information and Personal Data Protection (INAI)), in accordance with local law.

These channels are for data protection and privacy matters. Gambling-related disputes regarding transactions or game outcomes should first be raised through our internal complaints process as described in our Terms of Service. If a gambling dispute remains unresolved after our final response or after 8 weeks, UK players may escalate the matter to the Independent Betting Adjudication Service (IBAS) free of charge via https://ibas-uk.com/consumers/claim-wizard/.

32. Updates

We may update this Privacy Policy from time to time to reflect changes in our services, our processing activities, legal requirements, or regulatory guidance relevant to licensed gambling operators in the UK and other applicable jurisdictions. The updated version will be published on gopawin.com, and the "Last updated" date will be revised accordingly.

Notification of changes

  • Minor changes: for non-material updates (for example, clarifications or corrections that do not affect your rights or the way we process your data), we will post the revised Privacy Policy on gopawin.com and update the "Last updated" date.
  • Material changes: where we make significant changes to this Privacy Policy (such as introducing new processing purposes, changing the legal bases relied upon, or expanding categories of recipients), we will provide additional notice by appropriate means, which may include email notifications, prominent notices or banners on the Site, or alerts in your account dashboard.
  • Advance notice: unless immediate changes are required by law or to protect our services and players, we will endeavour to provide at least 30 days' advance notice of material changes before they take effect.

If you do not agree with the updated Privacy Policy, you may choose to stop using the Hopa services on gopawin.com and request account closure in accordance with our Terms of Service. Continued use of the Site after the effective date of any changes will constitute your acknowledgement of the updated Privacy Policy.

Last updated: November 2025