Privacy Policy

Privacy Policy

For Mookie Limited

This Privacy Policy (“Policy”) explains how Mookie Limited (“Mookie”, “us”, “we”, “our”) collects, uses, shares, and protects your personal data when you visit and use our website, mymookie.com (“Website”, “Service”). This Policy also outlines how we process your personal information through your use of the Website and any online account you open with us (“Account”) to create your Account profile, secure the Website, and enable you to access our products and services (collectively referred to as the “Services”). For the purposes of the Services, Mookie is the data controller of your Personal Data.

At Mookie, we respect your privacy and are committed to safeguarding your personal information. This Privacy Policy details our data practices, including how we collect, process, and store your information, and explains your rights regarding your personal data. We will update this Policy as necessary and will inform you of any significant changes. We encourage you to periodically review this page to stay informed of any updates.

Personal Data

“Personal Data” refers to any information that can be used to identify a natural person either directly or indirectly. This may include, but is not limited to, your name, email address, phone number, payment information, and account preferences. The Personal Data we collect helps us provide, personalize, and continually improve our Services.

We use the data to:

  • Enable you to use the Services and process payments

  • Communicate with you about your Account activity, products, services, and promotions

  • Improve the functionality, performance, and security of the Services

  • Customize content and make product/service recommendations that may interest you

  • Prevent, detect, or report fraud and abuse

  • Allow third parties to perform technical, logistical, or operational functions on our behalf

Types of Information We Collect

  1. Information You Provide Directly

    • Account Information: When you create an Account, update your profile, request customer support, subscribe to our emails, or fill out forms, we collect data such as your full name, email address, phone number, date of birth, and payment details.

    • Communications: Any information you provide when you contact us, including email exchanges, chat messages, or feedback submissions.

  2. Information from Third-Party Sources

    • We may receive information about you from third-party providers (e.g., payment processors or identity verification services), which we combine with the data you provide to us.

  3. Cookies and Tracking Technologies

    • We use cookies, web beacons, and other tracking technologies to automatically collect information when you interact with our Website. This includes data on your browsing behavior, such as pages visited, time spent on our Website, and interaction with the content.

    • You can manage cookie settings through your browser, and blocking or rejecting cookies may affect the full functionality of the Website.

Personal Data Processing

We process your Personal Data for the following purposes:

  • To Provide Services: We use your data to process bets, manage payments, and ensure the smooth operation of your Account.

  • To Improve Services: We use your data to analyze performance, fix errors, and improve the overall user experience.

  • To Communicate: We use your data to send service-related messages, promotions, and updates via email, chat, or phone.

  • To Protect Against Fraud: We process your data to prevent or detect fraud, abuse, or illegal activities.

  • To Recommend Products/Services: We use your data to provide personalized recommendations for products and features that may interest you.

Data Sharing and Disclosure

We may share your Personal Data with the following parties:

  1. Service Providers
    We engage third-party service providers (e.g., payment processors, marketing platforms, fraud prevention services) to perform functions on our behalf. These providers only have access to the data needed to perform their functions and are contractually obligated to comply with this Privacy Policy.

  2. Legal Compliance
    We may disclose your Personal Data when required by law, to enforce our Terms and Conditions, or to protect the rights, property, or safety of our users, Mookie, or others.

  3. Business Transactions
    In the event that Mookie undergoes a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction. We will ensure that your data remains protected under the terms of this Privacy Policy.

  4. Other Parties
    We may also share data with external organizations for fraud protection, security purposes, or when required by law.

Privacy

Depending on which payment service you use, you may need to disclose your Personal Data or part of it to your payment provider. Note that the payment provider already has your Personal Data to provide you with the payment services and their use of any Personal Data disclosed by us will be regulated by the payment provider’s privacy policy. We engage with the technology providers, financial institutions, other companies, and individuals to perform functions on our behalf and transactions that you request or authorize. Examples include sending e-mail, analysing data, providing marketing assistance, processing payment transactions, verifying identity, fraud screening, and providing customer service.

They have access to personal information needed to perform their functions, but may not use it for other purposes and must process the personal information in accordance with this Privacy Policy and as permitted by the applicable data protection legislation. Such third-party service providers may be based outside of Nigeria. As we continue to develop our business, we might sell or buy other businesses or services.
In such transactions, user or other customer information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Policy. Also, in the unlikely event that Mookie or substantially all of its assets are acquired, user information will of course be one of the transferred assets.

We disclose Account and other Personal Data when we believe disclosure is appropriate or required to comply with the law; enforce or apply our General Terms and Conditions and other agreements we have with you; or protect the rights, property, or safety of our business, our users, or others. This also includes exchanging information with other companies and organizations for fraud protection reduction as well as sharing information with our attorneys, auditors, and other representatives.

Link to Other Websites

Our website contains links that lead to other websites. When you click on these links Mookie is not responsible for your data and privacy protection. Visiting those websites is not governed by this privacy policy agreement. Make sure to read the privacy policy documentation of the website you go to from our website.

Minors

The Services provided by Mookie are strictly prohibited for individuals under the age of 18 or the legal age for gaming in the applicable jurisdiction. We verify the age of our users at the point of withdrawal, and any account found to belong to a minor will be immediately blocked.

Security

We are committed to protecting the security of the information you provide to our website. To ensure your data is secure, we implement industry-standard encryption and security measures.

  1. Encryption in Transit:
    We use SSL/TLS encryption (Secure Sockets Layer/Transport Layer Security) to secure data during transmission over the internet. This ensures that any sensitive information, such as login credentials and payment details, is encrypted before it is sent over the network.

  2. Encryption at Rest:
    Sensitive documents and data are encrypted at rest using AES-256-CBC encryption, one of the most secure encryption algorithms available. This ensures that even if unauthorized access to our storage systems occurs, the data remains unreadable without the encryption key.

  3. Hashing for Passwords:
    We store user passwords securely by applying a strong cryptographic hashing algorithm (using Bcrypt or a similarly secure algorithm). This means your password is never stored in plaintext. Additionally, we use a salt for each password, ensuring that even if two users have the same password, their hashed values will be different. This adds an extra layer of security, making it more difficult for attackers to reverse-engineer passwords.

  4. Web Application Firewall (WAF):
    We deploy a Web Application Firewall (WAF) to protect against common threats such as SQL injection, cross-site scripting (XSS), and other malicious attacks that could compromise the integrity of the platform.

  5. Key Management:
    We implement strict key management practices to ensure the security of encryption keys. Keys used for encrypting data are stored separately from the encrypted data and protected by specialized key management systems (KMS). Access to keys is tightly controlled and logged.

  6. Access Control and Authentication:
    We enforce strong authentication methods to control access to sensitive data. In addition to basic username and password authentication, we recommend the use of two-factor authentication (2FA) for extra protection. We also regularly review user access levels to ensure that only authorized personnel have access to sensitive information.

  7. Data Integrity:
    To ensure data integrity, we use secure methods such as HMAC (Hash-based Message Authentication Code) and digital signatures, ensuring that the data cannot be tampered with during transmission or while at rest.

  8. Physical Security:
    Our data centers employ stringent physical security measures, including surveillance, access controls, and monitoring, to prevent unauthorized physical access to the infrastructure where sensitive data is stored.

  9. Procedural Safeguards:
    We maintain electronic, physical, and procedural safeguards to protect personal customer information. Our security procedures require us to verify your identity before disclosing personal information to you. In case of a security incident, we have established procedures to detect, respond to, and mitigate any potential threats.

  10. User Responsibility:
    The security of your account is ultimately your responsibility. We strongly advise you to protect your password and security questions. Never share your password with anyone. If you suspect your account has been compromised, change your password immediately and contact us.

We regularly review and update our security practices to ensure that we provide the highest level of protection for your sensitive information.

Sensitive Documents

To ensure the security, authenticity, and compliance of our platform, we require users to submit a valid government-issued identification document (e.g., National ID, Passport, or Driver’s License) for verification purposes.

  1. Collection and Use of Sensitive Documents
    Purpose – We collect ID documents exclusively for the purposes of identity verification, fraud prevention, and compliance with regulatory requirements. Your documents are used only to validate your identity and to meet legal obligations.

  2. Secure Storage
    All submitted documents are encrypted both in transit and at rest using AES-256-CBC encryption to ensure that your sensitive information remains protected from unauthorized access. We store documents in secure, access-controlled systems. Access to sensitive documents is restricted to authorized personnel only.
    Hashing may also be applied for documents like photos or other personal identifiers to prevent unauthorized use.

  3. Limited Access
    Access to sensitive documents is strictly controlled and limited to personnel with a valid need-to-know basis. We implement role-based access control (RBAC) and audit logs to monitor and restrict who can view or handle sensitive documents. Our systems are designed to track and record any access to these documents, ensuring transparency and accountability.

  4. Retention Period
    We retain ID documents only for the duration necessary to complete the verification process. Once the verification process is complete, documents are either securely stored for compliance with regulatory requirements or deleted per our data retention policy. If you request deletion, we will ensure that your documents are securely and permanently erased unless retention is required for legal or regulatory reasons.

  5. User Rights & Control
    You have the right to request the deletion of your sensitive documents after successful verification, subject to any applicable legal or regulatory retention obligations. If your verification request is denied, we will promptly notify you, and you will have the opportunity to resubmit valid documents.

  6. Legal Compliance
    We may disclose sensitive documents to third parties only when required by law, regulation, or government request. In such cases, we ensure that the disclosure complies with legal standards and protects your privacy.

By submitting your ID document, you acknowledge and agree to our Privacy Policy and the use of your document for the specific verification purposes outlined above. For any questions or concerns regarding your sensitive documents, please contact our support team.

Data Deletion

At Mookie, we are committed to safeguarding your personal data while ensuring compliance with privacy regulations. We have implemented a clear policy regarding data retention and deletion.

  1. Inactivity and Account Deletion
    If your account remains inactive for a period of 30 days, Mookie will initiate a soft delete of your account. This means that your account and associated data will be temporarily archived but not permanently removed. Access to your account will be disabled, but your data will still be retained in our systems.

  2. Reactivation Period
    If your account is in a soft-deleted state due to inactivity, you can reactivate it within 30 days by simply logging in with your credentials. Reactivating your account will restore your access and allow you to continue using the platform as usual, with your data intact.

  3. Permanent Deletion
    After 90 days of inactivity, if your account has not been reactivated, Mookie may proceed with the permanent deletion of your account and associated data from our systems. However, please note that permanent deletion is not guaranteed, as it may depend on factors such as legal obligations, regulatory requirements, and other internal processes. Once permanently deleted, your data cannot be recovered.

  4. User-Initiated Deletion
    You have the option to permanently delete your account and all associated data at any time. If you wish to delete your account, please contact our support team, and we will process your request in accordance with applicable laws and our internal data management procedures.

General

At Mookie, we value your privacy and comply with applicable data protection laws, including The Constitution of the Federal Republic of Nigeria 1999 (as Amended), the Nigeria Data Protection Regulation (NDPR) 2019, and other relevant data protection legislation. These laws provide certain rights to you regarding the collection, use, and processing of your personal data.

  1. Rights Regarding Your Personal Data
    You have the following rights concerning your personal data:

    • Access: You may request details about the information we hold about you and how we process it.

    • Rectification: You can request that we correct any inaccurate or incomplete personal data we hold about you.

    • Erasure/Deletion: You have the right to request the deletion of your personal data, subject to certain conditions, such as legal obligations or the necessity of the data for legitimate business purposes.

    • Restriction of Processing: You may request the restriction of our processing of your personal data in specific circumstances.

    • Data Portability: Where technically feasible, you can request that your personal data be provided in a structured, commonly used, and machine-readable format and transferred to another service provider/organization.

    • Object to Processing: You have the right to object to the processing of your personal data in certain circumstances, such as when the processing is based on our legitimate interests or for direct marketing.

  2. Withdrawal of Consent
    If you have provided your consent for the processing of your personal data, you can withdraw it at any time. However, please note that withdrawal of consent will not affect the lawfulness of processing carried out prior to the withdrawal. In some cases, we may still process your personal data if required or permitted by law, particularly in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.

  3. Updating Your Information
    You are encouraged to inform us of any updates to the information we hold about you. Keeping your information accurate helps us serve you better.

  4. Compliance and Notifications
    Mookie is committed to complying with all relevant data protection laws. Should you make a request to exercise your rights, we will notify you of our compliance in accordance with the law. If you wish to submit such a request, please email us at [email protected].

  5. Force Majeure
    Mookie shall not be responsible for events beyond its control, including but not limited to acts of God, natural disasters, power cuts, or strikes. These circumstances may impact our ability to respond to requests or provide services.

  6. Changes to the Privacy Policy
    We may update this Privacy Policy from time to time. Any modifications will be published on our website. Continued use of our services after such modifications will be considered as your acceptance of the updated Privacy Policy. Modifications to the Privacy Policy will not affect your existing account registration details unless required by law.

    Effective Date: This Privacy Policy is effective from 01/09/2022.

  7. Governing Law
    This Privacy Policy is governed by and construed in accordance with the laws of the Federal Republic of Nigeria.