burger icon
Lyllo Casino United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Lyllo Casino, presented via the comparison and informational domain lylocasino.bet (the "Website"), collects, uses, stores, and protects personal data of visitors and users. It applies to registered users, prospective players, and all visitors who access or interact with the Website, regardless of whether they create an account or place any wagers on external platforms. Because the Lyllo Casino brand is not licensed by the United Kingdom Gambling Commission and does not accept players located in the UK, this Privacy Policy focuses on how we handle personal data for informational and marketing purposes only, in line with the UK GDPR and other applicable data protection laws. By using the Website, you acknowledge that you have read and understood this Privacy Policy.

Effective date: 06 November 2025

Who We Are

For the purposes of data protection law, the controller responsible for processing your personal data in connection with Lyllo Casino on lylocasino.bet is the legal entity operating the Lyllo Casino brand within the ComeOn Group (the "Operator", "we", "us", or "our"). The Lyllo Casino gambling brand is operated under Swedish gambling licence number 20Si2445 issued by Spelinspektionen (Swedish Gambling Authority) to MOA Gaming Sweden Ltd., a limited liability company within the ComeOn Group, whose parent company is headquartered in Malta. The Website targets users in permitted markets and does not accept players located in the United Kingdom, which is a blocked and prohibited jurisdiction for this brand and is not covered by UK Gambling Commission or GamStop protections.

Our registered company details (including company registration number, tax identification number and full registered address) are available in the official national company register and in the licensing records of Spelinspektionen and other competent regulators. Where required, we will provide our complete corporate identification and address details to you upon request through our privacy contact channels.

The Operator maintains a dedicated data protection function responsible for supervising compliance with applicable data protection laws, including the UK GDPR, the EU GDPR where relevant, and other national laws. You can contact our data protection team (Data Protection Officer or equivalent function) regarding privacy matters by using the contact details and channels published on lylocasino.bet, including secure messaging within your account (where available) and the general customer support contact options indicated on the Website. When you contact us, please clearly mark your message as a "Data protection / Privacy request" so that it is routed promptly to the appropriate team.

What Personal Data We Collect

Identity and contact data

  • Account and identification data: If you create or link an account via the Website, we may collect your full name, username, date of birth, country of residence, and other identification data needed to verify that you are of legal age and located in a permitted jurisdiction.
  • Contact details: We may collect your email address, mobile phone number, postal address (where provided), and preferred language in order to communicate with you about your account, service notifications, and, where permitted, marketing communications.

Technical and usage data

  • Technical data: When you visit the Website, we automatically collect information such as your IP address, device identifiers, browser type and version, operating system, time zone, and similar technical data necessary to display the Website properly, maintain security, and detect fraud or misuse.
  • Usage and log data: We collect information about how you interact with the Website, including pages visited, links clicked, session duration, referral URLs, error logs, and interaction with banners or tools (for example, responsible gambling information links or external regulatory resources).

Payment and transactional data

  • Payment-related data: Although Lyllo Casino on lylocasino.bet primarily provides informational and comparison services, where you are redirected to licensed gambling operators or where any transactional functionality is offered, we may receive or process limited payment-related details such as masked card information, payment method type, transaction identifiers, and status information from payment providers, subject to strict security controls. Full payment card data are generally processed by regulated payment service providers and not stored by us.
  • Financial and verification data: For anti-money laundering (AML), anti-fraud, and "Know Your Customer" (KYC) checks handled by licensed gambling operators within the group or partner networks, we may receive or process information on verification status, risk flags, and relevant financial indicators to prevent abuse and comply with legal obligations.

Behavioural and profiling data

  • Gameplay and betting-related data: Where you interact with gambling services associated with the Lyllo Casino brand operated under licence number 20Si2445 or equivalent licences held within the ComeOn Group, we may collect or obtain information about your game preferences, bet sizes, wins and losses, session frequency, and responsible gambling tools usage (such as deposit limits or time-outs).
  • Behavioural analytics: We may create internal profiles based on your behaviour on the Website and linked services, including clicks, navigation patterns, and responses to offers, to understand user interests, detect problematic behaviour, support responsible gambling initiatives, and tailor non-intrusive marketing where permitted.

Cookies and similar technologies

  • Cookies: We use session cookies, persistent cookies, and third-party cookies to remember your preferences, maintain sessions, improve performance, analyse Website usage, and deliver relevant content and advertising.
  • Similar technologies: We may use pixels, tags, SDKs, and local storage in conjunction with cookies to measure campaign effectiveness, prevent fraud, and ensure that the Website functions reliably across devices and browsers.

Legal Basis for Processing

We process your personal data in accordance with the UK General Data Protection Regulation ("UK GDPR"), the EU General Data Protection Regulation ("EU GDPR") where applicable, the Data Protection Act 2018, and other relevant data protection laws. Depending on the specific processing activity, we rely on one or more of the following legal bases:

  • Performance of a contract: We process data that are necessary to enter into, perform, and administer our contractual relationship with you, including creating and managing your user profile, facilitating access to comparison tools and associated gambling services, handling your requests, and providing customer support.
  • Compliance with legal obligations: We process certain data to comply with obligations under applicable laws and regulations, such as gambling legislation, AML and counter-terrorist financing rules, responsible gambling requirements, accounting obligations, and regulatory reporting duties imposed by authorities like Spelinspektionen and other competent regulators in relevant jurisdictions.
  • Legitimate interests: We process personal data where it is necessary for our legitimate interests and where your interests and fundamental rights do not override those interests. These legitimate interests include ensuring the security and integrity of our systems, preventing fraud and abuse, conducting analytics to improve our services, understanding how users interact with the Website, and maintaining appropriate records and documentation for our business operations.
  • Consent: In specific cases, we rely on your consent, for example for certain types of marketing communications, for the use of non-essential cookies and similar technologies, and for the sharing of data with certain third-party advertising networks. Where we rely on consent, you may withdraw it at any time using the mechanisms described in this Privacy Policy or in the relevant consent interface (such as a cookie banner or account settings).
  • Protection of vital interests and legal claims: In rare situations, we may need to process personal data to protect your vital interests or those of another person, or to establish, exercise, or defend legal claims, including in relation to regulatory investigations, disputes, or litigation in any jurisdiction relevant to our operations.

Purpose of Processing

We use personal data only for specific, explicit, and legitimate purposes and do not further process it in a manner incompatible with those purposes. In particular, we process your data for the following purposes:

  • Providing and operating our services: To operate, maintain, and improve the Website, including presenting information about Lyllo Casino and related gambling services, providing comparison tools and content, creating and managing user accounts where applicable, and enabling you to use core functionalities.
  • Customer support and communication: To respond to your queries, complaints, and requests; to provide technical support; and to communicate important service messages such as changes to terms, privacy notices, or service disruptions.
  • Compliance, risk management, and responsible gambling: To meet our regulatory and legal obligations, including KYC/AML checks performed in cooperation with licensed operators, to monitor for fraudulent patterns and abuse, and to support responsible gambling measures such as self-exclusion, deposit limits, and other tools provided by group entities or partners.
  • Analytics and service improvement: To conduct data analytics and statistical analysis on aggregated or pseudonymised data in order to understand Website performance, identify trends, refine our content and marketing strategies, and improve the overall user experience and product offering.
  • Marketing and personalisation: To send you marketing communications about products, services, promotions, and events relating to Lyllo Casino and associated brands, where permitted by law and your preferences; and to personalise content, offers, and recommendations based on your interactions and preferences, subject to your choices and any required consents.
  • Security and fraud prevention: To maintain the security of the Website and related systems, detect and prevent fraud or technical issues, protect our rights, property, and the safety of users, and ensure the integrity and availability of data and services.

Disclosure & Sharing

We treat your personal data confidentially and only share it with third parties where permitted by law and where it is necessary for the purposes described in this Privacy Policy. The categories of recipients include:

  • Group companies: Members of the ComeOn Group and related entities that support the operation of the Lyllo Casino brand, including MOA Gaming Sweden Ltd. and other licensed operators and service companies based in Sweden, Malta, and other jurisdictions, may access personal data to provide centralised services such as IT infrastructure, risk management, compliance, marketing, analytics, and customer support.
  • Payment and financial service providers: Regulated payment institutions, banks, and financial intermediaries may receive limited personal data to process payments, verify account ownership, conduct AML checks, and handle refunds or chargebacks related to gambling or service transactions where applicable.
  • Service providers and processors: Carefully selected third-party service providers acting as processors (such as hosting providers, cloud platforms, security and anti-fraud services, customer support tools, analytics providers, and email or SMS delivery services) may process personal data on our behalf and under our instructions, subject to strict contractual obligations and security requirements.
  • Regulators and authorities: Where required by law or regulation, or in response to lawful requests, we may share personal data with regulatory bodies, courts, law enforcement agencies, tax authorities, gambling regulators (such as Spelinspektionen and other licensing authorities in relevant jurisdictions), data protection authorities, or other public bodies.
  • Affiliates and advertising networks: Where you have given consent or where permitted by law, certain data may be shared with affiliate partners, advertising networks, and marketing partners to measure campaign performance, attribute conversions, and deliver relevant advertising. Such sharing is subject to applicable data protection rules and your marketing and cookie choices.
  • Business transfers: In connection with any actual or potential merger, acquisition, financing, restructuring, sale of assets, or similar transaction involving the ComeOn Group or relevant entities, personal data may be disclosed to professional advisers and prospective or actual purchasers, subject to confidentiality obligations and in accordance with applicable law.

International Transfers

Because the Lyllo Casino brand operates across multiple jurisdictions and its parent company is headquartered in Malta, your personal data may be transferred to, and processed in, countries outside of the United Kingdom. These include, in particular, Sweden (where MOA Gaming Sweden Ltd. holds licence number 20Si2445 from Spelinspektionen), Malta (where group functions are located), other countries within the European Economic Area (EEA), and, where necessary, countries outside the UK and EEA where certain service providers or group entities are established.

Where personal data is transferred from the UK to the EEA, such transfers are generally permitted under UK adequacy regulations. For transfers from the UK to countries that do not provide an equivalent level of data protection, we implement appropriate safeguards in line with the UK GDPR, such as the use of standard contractual clauses approved by the UK authorities, robust technical and organisational security measures, and careful due diligence on our partners. Where data is transferred from the EEA to third countries, we rely on EU adequacy decisions or EU standard contractual clauses as appropriate.

We take steps to ensure that any international transfer is lawful and that your personal data remains protected in accordance with this Privacy Policy and applicable laws. If you would like further information about the safeguards in place for international transfers, you may contact us using the channels described in the "Complaints & Contacts" section.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, accounting, or reporting requirements, and to protect our legitimate interests. Retention periods may vary depending on the type of data and the context of processing, but we strive to apply the following general principles:

  • Account and identification data: Identity and contact data associated with your profile are typically retained for the duration of your relationship with us and for up to five (5) years after your account is closed or after your last significant interaction, whichever is later, to comply with legal retention obligations (for example, AML rules) and to defend against potential legal claims.
  • Transaction and financial data: Data relating to payments, bonuses, bets, and transactions are generally retained for a minimum of five (5) years after the relevant transaction or the end of the business relationship, in line with applicable AML and financial record-keeping obligations, and may be kept longer where required by law or necessary for legal proceedings.
  • Technical and usage data: Logs and technical data used for security, fraud detection, and performance monitoring are normally retained for shorter periods, typically from a few days up to two (2) years, depending on the sensitivity of the data and the need to investigate incidents or trends.
  • Marketing and profiling data: Data used for marketing or personalisation is retained for as long as you remain subscribed to marketing communications and for up to two (2) years after your last interaction with our marketing materials or Website, unless you withdraw your consent or object to processing earlier.
  • Cookies and similar technologies: The lifespan of cookies depends on their type and purpose. Session cookies are deleted when you close your browser, while persistent cookies are kept for a defined period (for example, from a few days up to two (2) years) unless you delete them earlier via your browser or device settings.

When personal data is no longer required for the purposes for which it was collected and there is no legal obligation or legitimate interest requiring continued retention, we will securely delete, anonymise, or aggregate the data. If you exercise your rights to deletion (where applicable), we will also act in accordance with those rights and applicable law, subject to any overriding legal obligations to retain certain information.

Your Rights

Rights under UK GDPR and EU GDPR

If you are located in the United Kingdom or in the European Union and the UK GDPR or EU GDPR applies to the processing of your personal data, you have the following rights, subject to legal conditions and limitations:

  • Right of access: To obtain confirmation as to whether we process your personal data and, if so, to receive a copy of the data and information about its processing.
  • Right to rectification: To have inaccurate personal data corrected and incomplete data completed without undue delay.
  • Right to erasure ("right to be forgotten"): To request the deletion of your personal data where, for example, it is no longer necessary for the purposes for which it was collected, you withdraw consent (where applicable), or you successfully object to processing, subject to any overriding legal obligations to retain the data.
  • Right to restriction of processing: To request that we restrict processing of your data in specific circumstances, for example while we verify the accuracy of data or assess an objection to processing.
  • Right to object: To object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests, and to object at any time to the processing of your personal data for direct marketing purposes, including profiling for such marketing.
  • Right to data portability: To receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format and to transmit those data to another controller where the processing is based on consent or on a contract and is carried out by automated means.
  • Right to withdraw consent: Where we process personal data on the basis of your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

Alignment with Mexican privacy law

If you are located in Mexico and the processing of your personal data falls within the scope of Mexican data protection law, we will also respect the applicable rights under the Federal Law on Protection of Personal Data Held by Private Parties and related regulations. In particular, we recognise the ARCO rights, which are broadly aligned with GDPR principles:

  • Right of Access: To know whether we process your personal data and to receive information about the origin and use of such data.
  • Right of Rectification: To request correction of inaccurate or incomplete personal data.
  • Right of Cancellation: To request that we stop processing and delete your personal data when it is no longer necessary, when you withdraw your consent, or when processing is otherwise inappropriate, subject to legal retention obligations.
  • Right of Opposition: To oppose the processing of your personal data for specific purposes, including marketing or profiling, where permitted under Mexican law.

Where both GDPR/UK GDPR and Mexican law may apply, we will endeavour to provide a level of protection consistent with the higher standard, while complying with mandatory local rules.

How to exercise your rights

You may exercise your rights free of charge, except where requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act, as permitted by law. To exercise your rights:

  1. Submit a request: Contact us through the privacy or customer support channels indicated on lylocasino.bet, clearly describing the right you wish to exercise and providing sufficient information to verify your identity (for example, username, registered email address, or other account details).
  2. Verification: We may request additional information to confirm your identity and ensure that we do not disclose personal data to unauthorised persons.
  3. Response timeframe: We will respond to your request as soon as reasonably possible and in any event within one month (30 days) of receipt of a complete request, unless a longer period is permitted by law due to complexity or number of requests. In such cases, we will inform you of any extension and the reasons for it.
  4. Outcome: Where we refuse your request in whole or in part, we will explain the reasons for our decision and inform you of your right to lodge a complaint with a supervisory authority.

Cookies & Tracking Technologies

Types of cookies we use

  • Strictly necessary cookies: Session and functional cookies that are essential for the operation of the Website, enabling basic features such as page navigation, secure login, and access to restricted areas. The Website cannot function properly without these cookies.
  • Preference cookies: Persistent cookies that remember your choices and settings (such as language, region, or cookie preferences) to provide a more personalised experience when you return to the Website.
  • Analytics and performance cookies: Cookies and similar technologies set by us or third parties (such as analytics providers) that help us understand how visitors use the Website, which pages are most popular, and how users move around the site. This information is usually aggregated and used to improve Website performance and content.
  • Advertising and marketing cookies: Third-party cookies and tracking technologies that may be used to deliver relevant advertisements, measure campaign effectiveness, and limit the number of times you see a particular advertisement. These may be set by affiliate partners, advertising networks, or social media platforms where permitted.

Managing your cookie preferences

  • Cookie banner or settings: Where required by law, non-essential cookies (such as analytics or advertising cookies) will only be placed on your device with your consent. You can manage your preferences via the cookie banner or settings panel that appears when you first visit the Website or by updating your choices at any time.
  • Browser settings: You can configure your browser to refuse all or some cookies, or to alert you when websites set or access cookies. Please note that disabling or blocking certain cookies may affect the functionality and performance of the Website.
  • Third-party tools: Some third-party services used on the Website offer their own opt-out mechanisms or privacy controls (for example, opt-outs for analytics or advertising platforms). Information about these mechanisms may be provided in the relevant third-party privacy notices.

Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures designed to protect it against unauthorised access, accidental loss, destruction, or alteration. While no system can be guaranteed as completely secure, we strive to maintain a level of security proportionate to the risks associated with our processing activities, taking into account the nature of the data and the state of the art.

  • Encryption in transit and at rest: We use industry-standard encryption technologies, such as TLS 1.2 or higher, to protect data transmitted between your browser and our servers. Where feasible, we also encrypt sensitive data at rest within our systems to reduce the risk of unauthorised access.
  • Access controls and authentication: Access to personal data is restricted to authorised personnel and service providers who require it for legitimate business purposes. We apply role-based access controls, authentication mechanisms, secure password policies, and, where appropriate, multi-factor authentication to help protect accounts and systems.
  • Secure infrastructure and monitoring: Our systems are hosted in secure data centres or cloud environments with physical and logical protections, including firewalls, intrusion detection and prevention systems, and regular monitoring for vulnerabilities and unusual activity.
  • Policies, training, and awareness: We maintain internal policies, procedures, and training programmes to ensure that employees and contractors understand their responsibilities regarding the handling and protection of personal data and to promote a culture of security and compliance.
  • Vendor and processor management: Third-party service providers that process personal data on our behalf are carefully selected and are required to implement appropriate security measures and to process data only in accordance with our instructions and applicable law.
  • Incident response: We maintain incident response procedures to detect, assess, and respond to actual or suspected data breaches. Where required by law, we will notify the relevant supervisory authority and affected individuals without undue delay, including in the UK, EU, or other jurisdictions where notification obligations apply.

We aim to align our security practices with recognised industry standards and frameworks (such as ISO 27001 or SOC 2) as appropriate for our risk profile, even if lylocasino.bet and related entities may not hold formal certification under these standards at all times.

Complaints & Contacts

Contacting us about privacy

If you have questions, concerns, or complaints about this Privacy Policy or our handling of your personal data, you should first contact us so that we can attempt to resolve the issue directly. You may contact our data protection team using the privacy or customer support channels indicated on lylocasino.bet, including any dedicated privacy email addresses, secure messaging tools, or contact forms provided on the Website. When contacting us, please:

  • State that your request relates to "Privacy" or "Data protection".
  • Provide your name, contact details, and any relevant account or reference number.
  • Describe your request or concern in sufficient detail for us to understand and respond.

We will acknowledge your complaint or request and aim to respond within one month (30 days), or within any other timeframe required or permitted by applicable law. If we are unable to address your concern to your satisfaction, you may have the right to escalate the matter to a supervisory authority as described below.

Supervisory authorities and escalation

  • United Kingdom: If you are in the UK and believe that we have infringed your data protection rights under the UK GDPR or Data Protection Act 2018, you may lodge a complaint with the Information Commissioner's Office ("ICO"), for example via its website at www.ico.org.uk or by using the contact details published there.
  • European Union / EEA: If EU GDPR applies and you are located in an EU/EEA Member State, you may lodge a complaint with your local data protection authority or with the authority of the Member State where you live, work, or where the alleged infringement took place. In particular, given that MOA Gaming Sweden Ltd. holds licence number 20Si2445 from Spelinspektionen, you may also choose to contact the relevant supervisory authority in Sweden or any other competent authority for the group entities processing your data.
  • Mexico: If Mexican data protection law applies to our processing of your personal data and you are not satisfied with our response, you may have the right to file a complaint with the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI), the Mexican data protection authority, using the channels and procedures described on its official website.

Nothing in this Privacy Policy limits your right to lodge a complaint with a supervisory authority or to seek other remedies available under applicable law. However, we encourage you to contact us first so that we can try to address your concerns promptly and constructively.

Updates

We may update or revise this Privacy Policy from time to time to reflect changes in our processing activities, legal or regulatory developments, or best practices in the industry. Where changes are material or significantly affect how your personal data is processed, we will provide you with clear and timely notice, which may include one or more of the following:

  • Posting an updated version of the Privacy Policy on lylocasino.bet with a revised "Last updated" date.
  • Displaying prominent notices or banners on the Website informing you of key changes.
  • Sending email notifications or in-account messages (where applicable) summarising material changes and providing a link to the updated Privacy Policy.

For significant changes that materially affect your rights or the way in which we process your data, we will, where reasonably practicable, provide notice at least 30 days in advance of the effective date of the change. During this period, you may review the updated terms and, if you do not agree, you may choose to adjust your privacy preferences, stop using the Website, or close your account (if applicable). Continued use of the Website after the effective date of the updated Privacy Policy will be deemed to constitute your acceptance of the changes, to the extent permitted by law.

Last updated: 06 November 2025