Privacy Policy – SmartEXCLUSION

National Self-Exclusion Privacy Notice 30/08/21 (Dynamic Test)

Who we are

We are .

Company Registration Number: [COMPANY REGISTRATION NUMBER]

We are registered as a data controller at the UK Information Commissioner’s Office under number [ICO REGISTRATION NUMBER].

We are responsible for the processing of personal data that we have received in accordance with the General Data Protection Regulation 2018 and the DPA 2018.

We are an Operator of Adult Gaming Centres and / or Licenced Bingo premises in Great Britain. We refer to these premises as Venues.

What is Self-Exclusion?

Self-Exclusion is tool for people who have decided they wish to stop gambling for a period of at least 6 months and wish to be supported in their decision to stop by self-excluding via an official scheme.

As an Operator, we offer the ability to self-exclude to these people in our venues, and our venues will also monitor the Self-Exclusion system, to support these people in preventing them from entering the premise, and protect them from gambling.

Our Scheme Provider

We partner with IHL Tech Ltd, a provider of SmartEXCLUSION, an Official National Self-Exclusion Scheme.

SmartEXCLUSION allows people to enrol in Self-Exclusion Schemes via land-based gambling venues using a secure tablet-based application.

Our role in your privacy

If you are providing Personal Data to us and / or other Operators, to enable us / them to enrol you on SmartEXCLUSION and to enable us / them to monitor SmartEXCLUSION to prevent you from gambling, this Privacy Notice applies to you.

Our responsibilities

  • Our responsibilities as a Data Controller
    • Whilst you are completing or have completed your Self-Exclusion on the SmartEXCLUSION tablet at one of our Venues, we act as a ‘Data Controller’ of your data. This means we will determine why and how your Personal Data is processed to enable us to provide the Self-Exclusion Service to you.
      • Important Note 1.
        • Once you have submitted your Self-Exclusion, IHL Tech Ltd, become a ‘Data Controller’ of your data. This means they will then determine how your Personal Data is processed to enable them to provide the Self-Exclusion Scheme.
      • Important Note 2
        • IHL Tech Ltd will share data with their Partners, who are providers of other National Self-Exclusion Schemes to enable them to provide the Self-Exclusion services. IHL Tech Ltd will share your data, subject to the explicit consent you provide during your self-exclusion process.
        • Their Partners include
          • BSESL (Bacta Self Exclusion Services Ltd)
            • A provider of an Adult Gaming Centre Scheme
          • The Bingo Association
            • Operator of the Traditional Bingo Self-Exclusion Scheme
          • Our responsibilities as a Data Processor
            • When you have completed a Self-Exclusion, if your exclusion covers the jurisdiction of our venues, we need to be able to monitor the SmartEXCLUSION images to identify people who are attempting to breach their exclusion terms. To enable us to manage this in our venues, we need to view the photo and name of people who are currently excluded, so we can prevent them from entering and / or gambling. In this context, we act as a Data Processor for the Personal Data of the people who have requested self-exclusion. This means we have been given instructions from IHL Tech Ltd on how to process Personal Data on the SmartEXCLUSION Self-Exclusion Scheme.

 

 

 

Your responsibilities

Please read this Privacy Notice

Please refer to IHL’s SmartEXCLUSION Privacy Notice for the information on how your Personal Data is processed as part of the SmartEXCLUSION Self-Exclusion Scheme.

If you follow any external links to webpages that are not part of SmartEXCLUSION, the National Self-Exclusion Scheme, please read the respective Privacy Pages for the site you are visiting.

This may include other National Self-Exclusion Schemes, Gambling Support Sites or Information Sites that we share with you upon request following enrolling for your Self-Exclusion.

 

When we collect data

We will collect data from you with your consent:

  • If you Self-Exclude with SmartEXCLUSION in venue, using a Tablet or a PC
  • If you have Self-Excluded with another Operator or National Scheme Provider, who will share your exclusion data with us with.

Types of data we may collect when you are registering for Self-Exclusion using SmartEXCLUSION

  • Self-Exclusion Data
    • Required Data
      • Title
      • Gender
      • Name
      • Address
      • Photo
      • Date of Birth
      • Signature
    • Optional Data
      • Email Address
      • Phone Number

Types of data we may collect when from other Operators of National Scheme Providers

  • Self-Exclusion Data
    • Title
    • Gender
    • Name
    • Address
    • Photo
    • Date of Birth
    • Email Address
    • Phone Number

Types of data we DO NOT collect

  • Any data relating to racial or ethnic origin.

Purposes for which we process your data

We collect your data solely for the purpose of providing and managing your Self-Exclusion request. This includes the sending of emails and texts that may contain information relating to gambling support services and organisations.

How and why we use your data

Data protection law requires that we only use your data for certain reasons and where we have a lawful basis to do so. Here are the reasons why we process your data:

  • Providing Self-Exclusion to you
    • Processing of your Self-Exclusion record to enable us to provide self-exclusion to you.
    • Sharing of your Self-Exclusion record with other Operators to enable them to manage and monitor any visits that would be in breach of your Self-Exclusion
    • Sharing of your Self-Exclusion record with IHL Tech Ltd, the providers of the SmartEXCLUSION Self-Exclusion Scheme to enable them to meet their obligations of a National Self-Exclusion Scheme Provider.
    • In this context, our lawful basis for processing your personal data is the contract we have with you AND your explicit consent.

Here is what each “lawful basis” means:

  • Consent
    • You have given explicit and informed consent for us to process your personal data for the specific purpose of Self-Exclusion.
  • Contract
    • You have entered into a contract with us for the service of providing Self-Exclusion.

Your privacy choices and rights

Your choices

  • Self-Exclusion Data
    • If you have given your consent allowing us to process your data for the purpose of Self-Exclusion, this consent cannot be withdrawn during the exclusion period you have contracted to.

Your rights

You can exercise your rights by sending us an email at [TBC].

  • You have the right to access information we hold about you
    • This includes the right to ask us for supplementary information about:
      • the categories of data we’re processing.
      • the purposes of data processing.
      • the categories of third parties to whom the data may be disclosed.
      • how long the data will be stored (or the criteria used to determine that period).
      • your other rights regarding our use of your data.

We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights) or conflict with our obligations to maintain the integrity of a National Self-Exclusion Scheme which is governed by the Gambling Commission.

We will tell you if we can’t meet your request for that reason.

  • You have the right to be ‘forgotten’ by us following the expiry of your Self-Exclusion
    • You can do this by asking us to erase any data we hold about you if it is no longer necessary for us to hold the data for purposes of your Self-Exclusion or we have a legal obligation to retain your data.
  • You have the right to lodge a complaint regarding our use of your data
    • Please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or as directed on their website at ico.org.uk.

How secure is the data we collect?

Data collected during your self-exclusion is fully hosted and managed by IHL Tech Ltd

IHL Tech Ltd have physical, technical and organisational procedures in place to appropriately safeguard and secure the data we collect.

  • All data is stored in a secure ISO 27001 facility by AWS (Ireland).
  • All data traffic is encrypted with SHA-256 RSA Encryption.
  • Always-On Network Flow Monitoring is enabled.
  • DDos protection services provided by AWS are enabled, including Automated Mitigation and all APIs are protected using a Throttling middleware.
  • IP Attack Prevention in the form of Rack Attack Preventative is implemented.

However, please remember:

  • You provide personal data at your own risk: unfortunately, no data transmission across the internet is guaranteed to be 100% secure.

If you believe your privacy has been breached, please contact us immediately [TBC].

Where do we store the data?

The data we collect is processed in our Venues, and in our Head Office

SmartEXCLUSION, provided by IHL Tech Ltd, is hosted in AWS, Ireland and processed in IHL Tech Ltd’s offices in Northampton (UK), Nottingham (UK) and Withernsea (UK) and also in any data processing facilities operated by the third parties identified below.

By submitting your data, you agree to this transfer, storing or processing by us. If we transfer or store your information outside the EEA in this way, we will take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Notice.

How long do we store your data?

We will stop actively using any personal/identifiable following the expiry of your Self-Exclusion and will be archived for a further 7 years from after which your Personal Data will be deleted.

Other Third parties who process your data (Non-Partners)

Businesses often use third parties to help them host their application, communicate with customers, power their emails etc. We contract with third parties who we believe are the best in their field at what they do.

When we do this, sometimes it is necessary for us to share your data with them in order to get these services to work well.

Your data is shared only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Notice.

If third party providers (processors) are established outside of the EU/EEA, we shall ensure that we contract only with third-party providers that are located in countries that ensure adequate levels of protection based on the European Commission’s adequacy decision or that IHL Tech Ltd has entered into agreements with corresponding Standard Contractual Clauses that ensure adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals.

Here are the details of our main third-party service providers, and what data they collect or we share with them, where they store the data and why they need it:

  • Amazon Web Services, Ireland
    • IHL Tech host SmartEXCLUSION Self-Exclusion Scheme (on AWS Data Centres in Ireland.
  • Google, USA
    • During the self-exclusion process, a service called Google Vision to detect a face in a Self-Exclusion Image is used as part of the quality control and validation processes.
    • No image data is stored by Google.

Cookies

We do not use cookies in the collection of Self-Exclusion Data.