SmartINCLUSION Privacy Notice

SmartINCLUSION (Membership Scheme) Privacy Notice

Who we are

We are IHL Tech Ltd, 57 Ashbourne Road, Derby, Derbyshire, DE22 3FS.

Company Registration Number: 09926970

We are registered as a data controller at the UK Information Commissioner’s Office under number ZA175849.

We are responsible for the processing of personal data that we have received in accordance with the General Data Protection Regulation 2018 and the DPA 2018.

What is SmartINCLUSION?

SmartINCLUSION is a digital Membership solution which allows people to enrol in Membership Schemes via land-based gambling premises.

Our Partners

We partner with providers of other Membership Schemes, to ensure SmartINCLUSION is supported across multiple Licenced Gambling Premises, these Partners are:

  • ISD (ISD Computer Services Ltd)
    • A provider of a membership scheme for the Gambling Industry

Our Customers

We provide SmartINCLUSION to Operators of Adult Gaming Centres and Licenced Bingo premises in Great Britain. These are referred to as our Customers.

We refer to our Customers premises as Venues.

Our role in your privacy

If you are providing Personal Data to us, either directly or via our Customers or Partners to enable us to enrol you on our or our Partner’s Membership Schemes, this Privacy Notice applies to you.

Please Note

  • If you are providing us data for any other service we provide, please refer to our Privacy Notice Menu
  • If you are visiting our website, please refer to our standard Privacy Policy.

If you are a member of staff providing Personal Data to us via SmartHub, please refer to our IHL SmartHub (Staff User) Privacy Notice

Our responsibilities

  • Our responsibilities as a Data Processor
    • Whilst you are completing your Membership Application at a Venue, we act as a ‘Data Processor’ of your data for our Customers. This means that we are acting on the instruction of our Customers to support them in the collection of your Personal Data to enable them to provide Membership Service to you.

Your responsibilities

Please read this Privacy Notice

Please refer to the terms and conditions of your membership provided by the Operator as to how they process your data.

When we collect data

We will process data from you that you have provided to our Customers as part of you Membership Application with them, with a member of staff collecting your data using a Tablet device.

Types of data we may collect

  • Membership Data
    • Required Data
      • Title
      • Name
      • Address
      • Date of Birth
      • Signature
    • Optional Data
      • Photo
      • Email Address
      • Mobile Number

Types of data we DO NOT collect

  • Any data relating to racial or ethnic origin.

Purposes for which we process your data

We process your data solely for the purpose of creating or updating your membership account you have with our Customers.

Please note: We do not use any personal data you provide in SmartINCLUSION for Marketing.

Please refer to the terms and conditions of your membership provided by the Operator as to the purpose that they process your data.

How and why we use your data

Data protection law requires that we only process your data for certain reasons and where we have a lawful basis to do so. Here are the reasons why we process your data:

  • Providing SmartINCLUSION to our Customers
    • Processing of your Personal Data to enable our Customers to provide membership services to you.
    • In this context, our lawful basis for processing your personal data is the contract we have with our Customers.

Here is what each “lawful basis” means:

  • Contract
    • We have entered into a contract with our Customers to provide multiple services to them to assist them in meeting the conditions of their gambling licence.

Your privacy choices and rights

Your choices

  • Membership Data
    • If you have previously given consent to our processing your data you can freely withdraw such consent at any time. You can do this by emailing us at dpo@ihlhub.com
    • If you do withdraw your consent, and if we do not have another legal basis for processing your information, then we will stop processing your personal data.

Your rights

You can exercise your rights by sending us an email at dpo@ihlhub.com.

  • You have the right to access information we hold about you
    • This includes the right to ask us for supplementary information about:
      • the categories of data we’re processing
      • the purposes of data processing
      • the categories of third parties to whom the data may be disclosed
      • how long the data will be stored (or the criteria used to determine that period)
      • your other rights regarding our use of your data

We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights).

We will tell you if we can’t meet your request for that reason.

  • You have the right to be ‘forgotten’ by us following the expiry of your Membership
    • You can do this by asking us to erase any data we hold about you if it is no longer necessary for us to hold the data for purposes of your Self-Exclusion or we have a legal obligation to retain your data.
  • You have the right to lodge a complaint regarding our use of your data
    • Please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or as directed on their website at ico.org.uk

How secure is the data we collect?

We have physical, technical and organisational procedures in place to appropriately safeguard and secure the data we collect.

  • All data is stored in a secure ISO 27001 facility by AWS (Ireland)
  • All data traffic is encrypted with SHA-256 RSA Encryption
  • We have Always-On Network Flow Monitoring
  • We have DDos protection services provided by AWS, including Automated Mitigation and all APIs are protected using a Throttling middleware
  • We have IP Attack Prevention in the form of Rack Attack Preventative Implemented

However, please remember:

  • You provide personal data at your own risk: unfortunately, no data transmission across the internet is guaranteed to be 100% secure

If you believe your privacy has been breached, please contact us immediately on dpo@ihlhub.com

Where do we store the data?

The data we collect is processed in our Data Centre hosted in Ireland, in our offices in Northampton (UK), Nottingham (UK) and Withernsea (UK) and also in any data processing facilities operated by the third parties identified below.

By submitting your data, you agree to this transfer, storing or processing by us. If we transfer or store your information outside the EEA in this way, we will take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Notice.

How long do we store your data?

We will stop actively using any personally identifiable data following the expiry of your SmartINCLUSION and will be archived for a further 2 years from after which your Personal Data will be deleted.

Other Third parties who process your data (Non-Partners)

Businesses often use third parties to help them host their application, communicate with customers, power their emails etc. We contract with third parties who we believe are the best in their field at what they do.

When we do this, sometimes it is necessary for us to share your data with them in order to get these services to work well.

Your data is shared only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Notice.

If third party providers (processors) are established outside of the EU/EEA, we shall ensure that we contract only with third-party providers that are located in countries that ensure adequate levels of protection based on the European Commission’s adequacy decision or that IHL Tech Ltd has entered into agreements with corresponding Standard Contractual Clauses that ensure adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals.

Here are the details of our main third-party service providers, and what data they collect or we share with them, where they store the data and why they need it:

  • Amazon Web Services, Ireland
    • We host our Membership Scheme (SmartINCLUSION) on AWS Data Centres in Ireland
  • Google, USA
    • If we collect your photo during your membership application, we use a service called Google Vision to detect a face in the image as part of our quality control and validation processes.
    • No image data is stored by Google

Cookies

We do not use cookies in the collection of SmartINCLUSION Data

Revision Date 09/12/21