burger icon
Bluefox United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Bluefox, operated via the website bluefoks.com, collects, uses, discloses, and protects personal data of players and visitors. It applies to all individuals who access or use the online casino services and related features provided through bluefoks.com, including account holders, prospective players, and website visitors. By using the site or creating an account, you acknowledge that your personal data will be processed in accordance with this Privacy Policy and applicable data protection laws in the United Kingdom. Effective date: 6 November 2025.

Who We Are

Bluefox is the United Kingdom-facing configuration of the online casino brand "Bluefox", made available through the website bluefoks.com. The services are operated on a white-label basis by ProgressPlay Limited, which is the main entity responsible for the operation of the platform and, for most processing activities described in this Privacy Policy, acts as the data controller.

Operator and Legal Entity

  • Company name: ProgressPlay Limited
  • Legal form: Limited company incorporated under the laws of Malta
  • Registered number: C58305 (Malta Business Registry)
  • Registered and operational address: Soho Office, 3A, Punchbowl Centre, Elia Zammit Street, St. Julians, STJ3154, Malta
  • Primary business activity: Operation of online casino services, including the Bluefox white-label brand on the ProgressPlay platform

Licensing and Regulatory Context

  • United Kingdom: For players in Great Britain, the services are provided under the UK Gambling Commission licence/account number 39335 held by ProgressPlay Limited, which regulates how we offer remote gambling services and imposes strict requirements on customer due diligence, anti-money laundering (AML), player fund protection, and fair and transparent terms.
  • International markets: For eligible international markets outside Great Britain and outside restricted territories, ProgressPlay Limited operates under licence MGA/B2C/231/2012 issued by the Malta Gaming Authority (MGA). While this Privacy Policy focuses on the UK perspective, the same core data protection standards, based on UK GDPR and EU GDPR principles, apply across our operations where applicable.
  • Player funds: In line with information published by the UK Gambling Commission, player fund protection for our UK-facing operations is assessed as "medium", which means that funds are held in segregated accounts but may not be fully protected in the event of operator insolvency. This relates to financial protection rather than privacy, but we include it here to provide a complete picture of our regulatory context.

Data Protection Responsibility

  • Data controller: For most processing activities described in this Privacy Policy, including account management, gaming, and marketing for Bluefox, the data controller is ProgressPlay Limited, Soho Office, 3A, Punchbowl Centre, Elia Zammit Street, St. Julians, STJ3154, Malta.
  • Joint controllers / processors: In some cases (for example, payment processing, game providers, fraud prevention tools), we may act as joint controller with or rely on third-party processors. The essence of relevant arrangements is available upon request, and we only engage such parties under legally compliant data protection agreements.

Data Protection Contact

  • Data Protection Officer / Data Protection Team: ProgressPlay Limited has appointed a dedicated function responsible for overseeing compliance with data protection laws across its operations, including Bluefox.
  • How to contact us about privacy:
    • By post: Data Protection Officer, ProgressPlay Limited, Soho Office, 3A, Punchbowl Centre, Elia Zammit Street, St. Julians, STJ3154, Malta (please mark the envelope "Data Protection Officer").
    • Via our website: by using the contact options or help channels indicated in the "Contact Us" or equivalent section on bluefoks.com, clearly stating that your query relates to data protection or privacy.

What Personal Data We Collect

We collect and process various categories of personal data when you visit bluefoks.com, create or use a Bluefox account, or otherwise interact with us. The specific data collected depends on how you use our services, but generally includes the following:

Identification and Contact Data

  • Registration data: Full name, date of birth, residential address, country of residence, username, password, and other details required to create and maintain your account, comply with age and identity verification, and meet our UK Gambling Commission and anti-money laundering obligations.
  • Contact details: Email address, telephone number, preferred language, communication preferences (such as whether you wish to receive marketing communications), and any contact information you provide in correspondence with our customer support or responsible gambling teams.
  • Verification documentation: Copies or data extracted from identity documents (e.g., passport, national ID card, driving licence), proof of address (e.g., utility bill, bank statement), and, where legally required, documents demonstrating source of funds or source of wealth.

Technical and Usage Data

  • Device and connection data: IP address, browser type and version, time zone setting, operating system and platform, device identifiers, and similar technical information automatically collected when you access or use bluefoks.com.
  • Usage logs: Date and time of access, pages visited, clicks and navigation paths, response times, download errors, interaction with page elements, session duration, and related log data that helps us maintain the security, integrity, and performance of our services.
  • Location-related data: Approximate geolocation derived from your IP address or other technical signals, used primarily for compliance purposes (e.g., determining whether you are located in a permitted jurisdiction) and fraud prevention.

Gaming, Behavioural and Profile Data

  • Gameplay and betting history: Records of your deposits, withdrawals, stakes, wins and losses, bonuses claimed and used, game sessions (including start and end times), and in-game actions where relevant. This behavioural data is necessary for contractual performance, regulatory compliance, and responsible gambling monitoring.
  • Responsible gambling data: Self-exclusion status, reality checks, time-outs, deposit limits, loss limits, wagering limits and other safer gambling tools you use, as well as internal risk assessments or interaction notes where our staff engage with you about safer gambling.
  • Profile and preference data: Your selected currency, preferred games, marketing preferences, and responses to surveys or feedback forms.

Payment and Financial Data

  • Payment instrument data: Limited card details (such as card type, last four digits, expiry date), e-wallet identifiers, bank account details, or other payment method information you provide for deposits and withdrawals. Full card data is typically processed by our payment providers under strict security standards, and we do not store sensitive authentication data.
  • Transaction data: Records of deposits, withdrawals, chargebacks, refunds, bonus credits, and other payment-related events, including timestamps, amounts, payment methods, and relevant internal references.
  • Financial crime data: Internal risk scores, sanctions and politically exposed person (PEP) screening results, and information derived from AML checks, as required to comply with applicable law and UKGC / MGA regulations.

Communications and Support Data

  • Customer support interactions: Copies of emails, chat logs, call recordings (where lawful and notified), and records of complaints, queries, or feedback, including any personal data you provide in those communications.
  • Dispute and ADR data: Information relating to disputes and complaint handling, including communications with alternative dispute resolution (ADR) providers such as IBAS and, where applicable, interactions with the UK Gambling Commission or other regulators.

Cookies and Similar Technologies

  • Cookies: Small text files placed on your device that enable us to recognise your browser, remember your preferences, keep you logged in, secure your sessions, and understand how you use bluefoks.com. We use session cookies (which expire when you close your browser) and persistent cookies (which remain for a longer period or until deleted).
  • Similar technologies: Web beacons, pixels, tracking URLs, and SDKs used to measure the effectiveness of our marketing campaigns, track aggregate usage statistics, and prevent fraud and misuse of our services.
  • Cookie-specific information: Further details about the cookies we use and your options to manage them are provided in the "Cookies & Tracking Technologies" section of this Privacy Policy and, where available, in our dedicated cookie management interface.

Legal Basis for Processing

We process personal data only where we have a valid legal basis under applicable data protection laws, including the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018. For players located in the European Economic Area (EEA), equivalent provisions of the EU GDPR apply. For players located in other jurisdictions where our services are lawfully offered, we also take into account any relevant local data protection requirements, including Mexican privacy laws where applicable. The main legal bases we rely upon are outlined below.

Performance of a Contract

  • Account creation and management: We need to process your personal data to set up and operate your Bluefox account on bluefoks.com, including enabling you to log in, manage your settings, and access games and services.
  • Provision of gambling services: Processing of identification data, gaming history, transaction data, and technical data is necessary to provide you with remote gambling services, handle deposits and withdrawals, award winnings, apply bonuses, and track wagering requirements under the Terms and Conditions.
  • Customer support and dispute resolution: When you contact support, raise a complaint, or interact with ADR bodies (such as IBAS), we process your data as needed to investigate and resolve the matter, which is integral to our contractual relationship.

Compliance with Legal and Regulatory Obligations

  • Gambling and licensing regulations: UKGC and MGA rules require us to carry out age and identity verification, maintain detailed records of transactions and gameplay, and monitor for suspicious activity. We process personal data to comply with these obligations, including those related to responsible gambling, player fund segregation, and regulatory reporting.
  • Anti-money laundering and counter-terrorist financing (AML/CTF): We are legally obliged to perform due diligence checks, keep records of certain financial transactions for defined periods, and report suspicious activity to relevant authorities. This processing includes verification documents, transaction monitoring, and the use of financial crime screening tools.
  • Data protection and consumer law: We process data to honour your data protection rights, respond to regulatory requests, maintain records of your consents and preferences, and comply with consumer protection and e-privacy rules regarding marketing and cookies.

Legitimate Interests

  • Service improvement and analytics: We analyse aggregated or pseudonymised usage and behavioural data to improve site performance, optimise game offerings, and enhance the user experience, ensuring that such activities are proportionate and do not override your fundamental rights and freedoms.
  • Fraud and security: We process technical and behavioural data to detect and prevent fraud, abuse, bonus misuse, account takeover, and other security incidents. This may involve automated risk scoring and use of third-party fraud prevention tools, subject to human oversight where required.
  • Regulatory and business integrity: We retain certain records and share limited information with professional advisers, auditors, and group entities to protect our legal rights, defend against claims, ensure adherence to regulatory expectations, and maintain the integrity of our operations and the ProgressPlay platform.

Consent

  • Marketing communications: We send you electronic marketing communications (such as promotional emails, SMS, push notifications, or in-account messages) only where we have your valid consent or are otherwise permitted by law. You may withdraw your marketing consent at any time via account settings, communication preferences, or by following the unsubscribe instructions in each communication.
  • Non-essential cookies and similar technologies: Where required under UK and EU e-privacy rules, we obtain your consent before placing non-essential cookies (for example, advertising or certain analytics cookies) on your device. You can change or withdraw your cookie consent at any time, as explained in the "Cookies & Tracking Technologies" section.
  • Special categories of data: As a rule, we do not seek to collect special category data (such as health data) via bluefoks.com. If, in limited cases, such data is processed (for example, where you voluntarily share information about gambling-related harms with our responsible gambling team), we will do so only with your explicit consent or where another permitted ground applies under data protection law.

Other Legal Bases and Local Laws

  • Protection of vital interests and legal claims: In exceptional circumstances, we may process personal data to protect your vital interests or those of another person (for example, where we reasonably believe there is a serious risk of harm) or for the establishment, exercise, or defence of legal claims.
  • Non-UK/EEA users: If you access bluefoks.com from jurisdictions where local data protection laws (such as Mexican privacy laws) apply to you and to us, we will adapt our processing where required to comply with those laws. This Privacy Policy is primarily designed to reflect UK and EU standards, which are generally compatible with many international frameworks.

Purpose of Processing

We use personal data for specific, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes. Where we intend to use your data for a new purpose, we will inform you and, where required, seek your consent. The main purposes for which Bluefox processes personal data through bluefoks.com are outlined below.

Providing and Managing Casino Services

  • Account setup and administration: To register and authenticate users, maintain account information, track balances, manage settings and preferences, and provide core account features such as login, password resets, and communication about service status.
  • Enabling gameplay and transactions: To allow you to access games, place bets, receive results, and process deposits and withdrawals, including the application of bonuses and loyalty rewards. This includes maintaining accurate records of your gaming and transaction history, which are essential both for contractual performance and for regulatory purposes.
  • Customer care: To provide support, resolve technical issues, handle complaints, and answer queries related to the services, your account, or this Privacy Policy.

Regulatory Compliance and Responsible Gambling

  • Legal and regulatory reporting: To comply with UKGC, MGA, AML/CTF, and other legal requirements, including those relating to age verification, identity verification, financial monitoring, and record-keeping for audit and inspection by regulators and authorised authorities.
  • Responsible gambling monitoring: To assess and promote safer gambling, including monitoring patterns of play, interactions, limits, and self-exclusion tools, and intervening where we identify potential indicators of harm in line with our policies and regulatory obligations.
  • Fraud and security: To detect, investigate, and prevent fraud, money laundering, misuse of bonuses, account compromise, and other harmful or unlawful activities, including the sharing of limited information with relevant service providers or authorities where necessary.

Service Improvement, Analytics and Personalisation

  • Site performance and optimisation: To operate, maintain, and improve the performance of bluefoks.com and associated systems, including load balancing, troubleshooting, and measuring the effectiveness of technical changes.
  • Analytics and statistics: To analyse aggregated and pseudonymised data about how users interact with our site and services, enabling us to understand player behaviour in general terms, refine our product offering, and make data-driven business decisions.
  • Personalisation: To tailor content, game recommendations, and certain promotional messages within the site based on your preferences and historical interactions, always subject to applicable consent requirements and your ability to opt out where appropriate.

Marketing and Relationship Management

  • Direct marketing: To send you information about promotions, bonuses, tournaments, and other offers relating to Bluefox on bluefoks.com where you have opted in or where permitted by law. You may withdraw consent or object at any time.
  • Surveys and feedback: To invite you to participate in surveys, feedback programmes, or market research that help us better understand your expectations and improve our services, while ensuring participation remains voluntary.
  • Affiliate and advertising partnerships: To measure the performance of advertising campaigns and affiliate referrals, implement frequency-capping, and avoid showing you irrelevant or repetitive advertisements, in accordance with applicable e-privacy and data protection rules.

Risk Management and Legal Protection

  • Corporate governance and auditing: To support internal governance, risk management, financial and regulatory audits, and to meet obligations under company law and licensing frameworks.
  • Legal claims and defence: To establish, exercise, or defend legal claims, including processing records and evidence in relation to litigation, regulatory investigations, or disputes with players, affiliates, or other parties.
  • Business continuity and restructuring: To maintain backups and business continuity plans, and in the context of a potential or actual corporate transaction (such as a merger, acquisition, or transfer of business) involving the ProgressPlay platform or the Bluefox configuration, subject to appropriate safeguards and, where required, notice to you.

Disclosure & Sharing

We do not sell your personal data. However, we may share personal data with carefully selected third parties where necessary for the purposes described in this Privacy Policy, where required by law, or where you have provided your consent. In all such cases, we limit the data shared to what is strictly necessary and ensure appropriate contractual and technical safeguards are in place.

Service Providers and Technical Partners

  • Payment providers and banks: We share data with payment processors, card schemes, banks, and e-wallet providers to process deposits and withdrawals, prevent fraud, perform AML checks, and resolve payment-related issues. These providers usually act as independent controllers or joint controllers for their own compliance obligations.
  • Game and platform providers: Certain data (such as your username, session identifiers, and technical information) may be shared with game studios and platform partners to deliver games, calculate outcomes, and ensure fair operation of the gaming system.
  • Technology and security providers: We engage hosting providers, cloud infrastructure services, content delivery networks, fraud detection services, security monitoring vendors, and other IT providers who process data on our behalf as processors, subject to strict contractual obligations.

Regulators, Authorities and ADR Bodies

  • Regulatory bodies: We may share data with the UK Gambling Commission, the Malta Gaming Authority, tax authorities, financial intelligence units, and other competent regulators or enforcement agencies where required to comply with licensing, AML/CTF, and other legal obligations.
  • Alternative dispute resolution (ADR): If a dispute is referred to an ADR provider such as IBAS, we may share relevant personal data with that body to enable it to handle and resolve the complaint.
  • Court proceedings and legal requests: We may disclose data to courts, law enforcement, government agencies, or external legal advisers when necessary for the establishment, exercise, or defence of legal claims, or when compelled by law or valid legal process.

Affiliates, Marketing and Analytics Partners

  • Affiliate networks: We share limited data (for example, anonymised identifiers and aggregate conversion statistics) with affiliate partners who refer players to bluefoks.com, to verify conversions and calculate commissions.
  • Marketing and analytics providers: Subject to your consent where required, we may use third-party tools and platforms for analytics, campaign measurement, and, in some cases, advertising. These providers may act as processors or independent controllers, and you can manage relevant cookies and tracking via your browser and our cookie controls.
  • Group companies and business partners: Where permitted by law, we may share data with group entities and selected business partners involved in operating or supporting the ProgressPlay platform, ensuring that all such parties uphold equivalent data protection standards.

Corporate Transactions

  • Business transfers: If ProgressPlay Limited or the Bluefox configuration of bluefoks.com is involved in a merger, acquisition, sale of assets, or similar corporate transaction, personal data may be disclosed to potential or actual purchasers and their advisers, subject to confidentiality obligations and, where required, appropriate notice to users.
  • Anonymised and aggregated data: We may share anonymised or aggregated information that does not reasonably identify you with third parties (for example, for industry analysis or statistical purposes). Such information is not considered personal data under data protection law.

International Transfers

Because Bluefox is operated by ProgressPlay Limited from Malta and relies on a global network of service providers, your personal data may be transferred to and processed in countries outside the United Kingdom and the European Economic Area (EEA). These transfers are carried out in compliance with applicable data protection laws and are subject to appropriate safeguards.

Intra-Group and EEA Transfers

  • Malta and EEA processing: Much of our core gaming and platform infrastructure is operated from Malta and other EEA locations. From the perspective of UK law, transfers to the EEA are permitted under the UK's adequacy regulations, which recognise the EU/EEA as providing an essentially equivalent level of data protection.
  • Internal access: Members of our staff and authorised contractors in Malta and, where relevant, other EEA states may access your data strictly on a need-to-know basis for the purposes described in this Privacy Policy, subject to internal access controls and confidentiality obligations.

Transfers to Third Countries

  • Non-EEA/UK service providers: Some of our service providers (for example, certain cloud hosting, analytics, or fraud prevention vendors) may be located in or process data from countries that do not benefit from an adequacy decision under UK or EU data protection law (such as the United States or other jurisdictions).
  • Transfer safeguards: In these cases, we implement appropriate safeguards, which may include:
    • Standard Contractual Clauses (SCCs) approved under UK and/or EU law;
    • Additional technical and organisational measures (such as strong encryption, pseudonymisation, and strict access controls); and
    • Careful assessment of the legal environment of the recipient country and the provider's security practices.

Your Rights in Relation to International Transfers

  • Additional information: You may contact us for more details about the safeguards in place for international transfers, including copies of relevant contractual protections (with commercially sensitive information redacted where necessary).
  • Local law alignment: Where local data protection laws apply to you (for example, EU GDPR or Mexican privacy laws), we will take them into account in assessing and implementing appropriate transfer mechanisms, provided that we lawfully offer services in your jurisdiction.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, accounting, and reporting requirements, resolve disputes, and enforce our agreements. Retention periods vary depending on the category of data and the context of processing, particularly given the stringent record-keeping obligations applicable to regulated gambling operators.

General Retention Principles

  • Purpose-based retention: We determine retention periods by considering the nature of the data, the risks associated with its processing, the purposes for which it is used, and applicable legal requirements (including those under UKGC, MGA, AML, and tax regulations).
  • Statutory requirements: Many of our records must be retained for minimum periods mandated by law or regulators, particularly in relation to identity verification, financial transactions, and AML monitoring. These requirements can, in some cases, extend beyond the end of your relationship with us.

Indicative Retention Periods

  • Account and identification data: Typically retained for the duration of your active account plus a period of up to five (5) years after account closure, in line with AML and gambling regulatory record-keeping obligations. In some cases, this period may be extended where necessary for the establishment, exercise, or defence of legal claims.
  • Financial and transaction data: Records of deposits, withdrawals, and gaming transactions are generally kept for at least five (5) years from the date of the relevant transaction or from the end of the business relationship, whichever is later, to comply with AML and accounting rules.
  • Responsible gambling and risk data: Data relating to self-exclusion, limits, interactions, and internal risk assessments is retained for at least the duration of any active measures plus a period that aligns with regulatory expectations and our legitimate interest in demonstrating compliance (often overlapping with the five-year period above).
  • Marketing data: Information about consents and marketing preferences is retained while you remain subscribed and for a limited period thereafter (usually up to two (2) years) to demonstrate compliance with consent requirements and to manage suppression lists ensuring that you do not receive unwanted marketing.
  • Cookies and technical logs: Cookie data is retained in accordance with the cookie's lifecycle (as set out in our cookie tools) or until you delete it. Technical and security logs are kept for shorter periods that are sufficient to support security investigations, troubleshooting, and regulatory audits (typically ranging from a few months to a few years, depending on their purpose).

Deletion and Anonymisation

  • Account closure: When your account is closed, we will securely delete or anonymise personal data that is no longer required, subject to the legal and regulatory retention obligations described above.
  • User requests: Where you request deletion of your data and we have no overriding legal basis to continue processing (for example, no outstanding AML record-keeping requirement), we will delete or anonymise the relevant data in line with your rights under data protection law.
  • Anonymised data: In some circumstances, we may convert your personal data into anonymised information for statistical or analytical purposes. Once anonymised, the data will no longer be linked to you, and we may retain and use it indefinitely without further notice.

Your Rights

Under the UK GDPR and the Data Protection Act 2018, and where applicable under the EU GDPR or other local laws, you have several rights in relation to your personal data. Where Mexican privacy laws or other non-UK regulations apply to you because we lawfully offer services in your jurisdiction, similar rights may exist and are supported by our practices. We explain these rights and how to exercise them below.

Key Data Protection Rights

  • Right of access: You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of the data along with information about the purposes of processing, categories of data, recipients, retention periods, and your associated rights.
  • Right to rectification: You can request correction of inaccurate or incomplete personal data. In many cases, you can update certain information (such as contact details) directly via your account settings on bluefoks.com, subject to our identity verification and regulatory requirements.
  • Right to erasure ("right to be forgotten"): You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent (and no other legal basis applies), where you successfully object to processing, or where processing is unlawful. This right is limited where continued retention is necessary for compliance with legal obligations (for example, AML record-keeping) or the establishment, exercise, or defence of legal claims.
  • Right to restriction of processing: You can ask us to restrict processing of your data in certain circumstances, such as when you contest its accuracy, when processing is unlawful but you prefer restriction to deletion, or when we no longer need the data but you require it for legal claims.
  • Right to object: You have the right to object, on grounds relating to your particular situation, to processing based on our legitimate interests, including profiling related to those interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms or the processing is necessary for legal claims. You also have an unconditional right to object to direct marketing at any time.
  • Right to data portability: Where processing is based on your consent or on a contract and carried out by automated means, you may request that we provide your personal data in a structured, commonly used, machine-readable format and, where technically feasible, transmit it directly to another controller.
  • Right to withdraw consent: Where we rely on your consent (for example, for marketing or certain cookies), you may withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

Exercising Your Rights

  • How to submit a request: You can exercise your rights by contacting our Data Protection Officer or data protection team using the contact information provided in the "Who We Are" or "Complaints & Contacts" sections, or by using the relevant tools in your bluefoks.com account where available.
  • Verification: To protect your account and prevent unauthorised access, we may need to verify your identity before actioning a request. This may involve asking for information that matches our records or, in limited cases, requesting additional documentation.
  • Response time: We aim to respond to all valid requests within one (1) month (approximately 30 days) of receipt. In complex or numerous cases, this period may be extended by up to two further months, in which case we will inform you of the extension and reasons.
  • Fees: Requests are normally handled free of charge. We reserve the right to charge a reasonable fee or refuse to act on requests that are manifestly unfounded, excessive, or repetitive, consistent with legal provisions.

Rights under Non-UK Laws (Including Mexican Law)

  • EU/EEA residents: If you are located in the EU/EEA and we lawfully offer you services, you may also have equivalent rights under the EU GDPR. You can exercise these rights through the same contact channels, and you may contact your local supervisory authority in the EEA.
  • Mexican residents: Where our services are lawfully offered in Mexico, you may have rights under Mexican data protection law (for example, the Federal Law on Protection of Personal Data Held by Private Parties), including rights that broadly correspond to access, rectification, cancellation, and opposition (often referred to as ARCO rights). We seek to handle requests from Mexican users in a manner consistent with both UK/EU and Mexican standards, subject to local legal requirements.

Cookies & Tracking Technologies

Cookies and similar technologies are used on bluefoks.com to ensure the proper functioning of the site, enhance your experience, and support analytics and marketing activities. Certain cookies are essential for the operation of the site, while others are optional and used only with your consent where required.

Types of Cookies We Use

  • Session cookies: Temporary cookies that are stored on your device only for the duration of your browsing session and are deleted when you close your browser. These cookies help us maintain your session, keep you logged in, and support essential functions such as navigating between pages securely.
  • Persistent cookies: Cookies that remain on your device for a predefined period or until you delete them. They allow us to remember your preferences (such as language and region), recognise returning users, and measure the effectiveness of site features and campaigns over time.
  • First-party cookies: Cookies set directly by bluefoks.com and used primarily for essential functions, security, and site analytics under our control.
  • Third-party cookies: Cookies set by third-party providers (for example, analytics services, advertising networks, or social media platforms) that may collect information about your online activities over time and across different websites, subject to their own privacy practices and your consent choices.

Purposes of Cookies

  • Strictly necessary / functional: These cookies are essential for the operation of bluefoks.com and cannot be switched off in our systems. They include, for example, cookies that enable you to log into secure areas, use account features, and ensure that requests are associated with the correct session.
  • Performance and analytics: These cookies help us understand how visitors use the site, which pages are most and least popular, and how users move around. The information is typically aggregated, helping us to improve site performance, fix errors, and optimise content.
  • Advertising and targeting: Where enabled, these cookies may be used to deliver more relevant adverts about Bluefox on bluefoks.com or on other sites, to limit how often you see an ad, and to measure the effectiveness of marketing campaigns. They may be set through our site by advertising partners or affiliate networks.

Managing Cookies

  • Browser settings: Most web browsers allow you to manage cookies, including blocking or deleting them. You can usually find these options in your browser's "settings" or "preferences" menu. If you block all cookies, certain essential features of bluefoks.com may not function correctly.
  • Cookie controls on the site: Where available, we provide a cookie banner or preference centre that allows you to accept or reject non-essential cookies and to change your choices at any time. Your selections may need to be renewed periodically or when cookies are cleared from your device.
  • Do Not Track and similar signals: At present, our site does not respond to "Do Not Track" signals or similar mechanisms, but you can manage cookies and tracking as described above.

Regional compliance note: For users in the UK and EEA, the use of non-essential cookies and similar technologies is governed by the Privacy and Electronic Communications Regulations (PECR) and equivalent EU e-privacy rules. We seek to obtain valid consent where required and to provide clear options to manage your cookie preferences.

Data Security

We take the security of your personal data very seriously and implement a combination of technical and organisational measures designed to protect it against unauthorised or unlawful processing and against accidental loss, destruction, or damage. As a regulated online gambling operator, ProgressPlay Limited must meet strict expectations regarding information security, system integrity, and resilience.

Technical Security Measures

  • Encryption in transit and at rest: Data transmitted between your browser and bluefoks.com is protected using industry-standard Transport Layer Security (TLS) protocols (TLS 1.2 or higher, where supported), helping to prevent interception or tampering. Sensitive data stored within our systems is protected using appropriate encryption or pseudonymisation techniques.
  • Secure infrastructure: Our systems are hosted in secure data centres and/or cloud environments that implement robust physical and logical security controls, including access control, network segmentation, and environmental protections.
  • Access controls and authentication: Access to personal data is strictly limited to authorised personnel on a need-to-know basis, using role-based access controls, strong authentication mechanisms, and regular access reviews. We encourage the use of strong passwords and, where available, additional authentication features for player accounts.
  • Monitoring and logging: We maintain security logs and monitoring tools to detect and respond to suspicious activities, attempted intrusions, or unusual patterns of access, supporting early detection of potential incidents.

Organisational and Procedural Measures

  • Policies and training: We maintain internal policies and guidelines on data protection, information security, acceptable use, and incident response. Staff who handle personal data receive appropriate training and are subject to confidentiality obligations.
  • Security assessments: We conduct regular security testing and risk assessments, which may include vulnerability scanning, penetration testing, and independent reviews, in line with regulatory expectations for remote gambling operators.
  • Standards and good practice: Our information security programme is informed by recognised industry standards and frameworks (such as ISO 27001 and SOC 2 principles), and we seek to align our controls with good practice for online gambling platforms, taking into account the sensitivity of financial and gaming data.

Incident Response

  • Detection and containment: In the event of a suspected or actual security incident affecting personal data, we follow a defined incident response process aimed at quickly identifying, containing, and investigating the issue.
  • Notification: Where a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (such as the UK Information Commissioner's Office) without undue delay and, where required, inform affected individuals as soon as reasonably practicable, stating what happened, the likely consequences, and the steps we are taking.
  • Continuous improvement: Following incidents or near-misses, we review root causes and update our security controls, procedures, and training as needed to reduce the likelihood of recurrence.

Complaints & Contacts

We are committed to handling your personal data fairly and transparently. If you have questions, concerns, or complaints about how we process your personal data, or about this Privacy Policy, you are encouraged to contact us first so that we can seek to resolve the issue.

Contacting Us About Privacy

  • Data Protection Officer / Data Protection Team: Please direct privacy-related queries to our Data Protection Officer or equivalent function at ProgressPlay Limited.
  • Postal address: Data Protection Officer, ProgressPlay Limited, Soho Office, 3A, Punchbowl Centre, Elia Zammit Street, St. Julians, STJ3154, Malta (mark your correspondence "Data Protection - Bluefox").
  • Online contact: You may also contact us using the help or contact options provided on bluefoks.com; please clearly indicate that your request relates to data protection or privacy to ensure it is routed correctly.

Internal Complaint Handling Procedure

  • Step 1 - Submission: Submit your privacy concern or request (for example, relating to access, correction, deletion, or objection) using the contact methods above, providing sufficient detail for us to understand and verify your request.
  • Step 2 - Acknowledgement: We will acknowledge receipt of your complaint or request as soon as reasonably practicable, typically within a few working days.
  • Step 3 - Assessment and response: We will investigate and respond to your complaint or request within one (1) month (approximately 30 days) of receipt. If the matter is particularly complex or numerous requests are pending, we may extend this period by up to two additional months, informing you accordingly.
  • Step 4 - Escalation: If you remain dissatisfied with our response, you may escalate the complaint internally (for example, by requesting a review by senior management or the compliance team) and/or pursue external remedies, as outlined below.

Supervisory Authorities and External Remedies

  • United Kingdom (primary authority for UK players): If you are in the UK and you are not satisfied with how we have handled your personal data or responded to your complaint, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can find up-to-date contact details and guidance on submitting a complaint on the ICO's official website at ico.org.uk.
  • EU/EEA residents: If EU/EEA data protection law applies to you, you may also lodge a complaint with the data protection supervisory authority in your place of habitual residence, place of work, or place of the alleged infringement.
  • Mexican residents: Where our services are lawfully offered in Mexico and Mexican privacy law applies, you may have the right to lodge a complaint with the competent Mexican data protection authority (currently the National Institute for Transparency, Access to Information and Personal Data Protection). You can consult that authority's official resources for current contact details and procedures.
  • Gambling-related disputes: For disputes primarily concerning gambling transactions, game outcomes, or terms (rather than data protection issues), you may be able to refer your complaint to the appointed alternative dispute resolution provider (such as IBAS) or to use the UK Gambling Commission's complaint channels, as described in our Terms and Conditions and complaints policy.

Updates

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, regulatory guidance, or industry best practices. We encourage you to review this policy periodically to stay informed about how we process your personal data.

How We Notify You of Changes

  • Website publication: The most current version of this Privacy Policy will always be available on bluefoks.com. We will indicate the date of the latest revision at the top or bottom of the policy.
  • Active notifications: For material changes that significantly affect your rights or the way we process your data, we will take additional steps to notify you, which may include email notifications, in-account messages, and/or prominent banners or notices on the website.

Timing and Your Options

  • Advance notice for significant changes: Where feasible and required, we will provide at least 30 days' advance notice before material changes take effect, particularly where they introduce new purposes of processing or significantly alter existing ones.
  • Your continued use of the services: If you continue to use bluefoks.com and the Bluefox services after the effective date of any updated Privacy Policy, you will be deemed to have accepted the changes, subject to your rights under applicable law.
  • Right to object or close your account: If you do not agree with changes that materially affect your rights, you may object to certain processing (where permitted by law), adjust your privacy settings, or close your account in accordance with our Terms and Conditions. We will continue to process your data as necessary to comply with legal and regulatory obligations, even after account closure.

Last updated: November 2025.