Privacy Policy
Last Updated: 05 September 2024
About us
We, The National Online Self Exclusion Scheme Limited, a company incorporated in England and Wales with company registration number 10504973 and registered office at 3 Greengate, Cardale Park, Harrogate, HG3 1GY, are committed to protecting your privacy and personal information. This privacy policy (Privacy Policy) details the steps we take to protect an individual's personal information when an individual (you) visits: https://operator.stage.gamstop.io/ and https://operator.gamstop.co.uk/ (our Portals) on behalf of an operator licensed by the Gambling Commission of Great Britain (Operator).
This Privacy Policy describes the personal information that we collect when you use our Portal, the purposes for which we use such information, the steps we take to protect your personal information and your choices regarding our use of it.
Our legal status under UK data protection law is that of a data controller and in this capacity we will securely store and process the personal information we collect about you. Data controller is a legal term which identifies the person who controls what to do with any given personal information. As data controller we have registered with the Information Commissioner's Office and our registration number is ZA247738.
Changes to this Privacy Policy
We may occasionally update this Privacy Policy. When we do, we will revise the "Last Updated" date at the top of the Privacy Policy and will take reasonable steps to notify you of any such updates.
Collection of information
This Privacy Policy applies in respect of all personal information you provide to us and your use of our Portal.
We collect the following personal information from you:
- your name;
- your email address;
- your password for logging into the Portal;
- any information gathered in our correspondence with you; and
- information gathered from your use of the Portal.
You are not required to provide any of this information, but if you do not, we may not be able to provide you with the requested services.
How is your personal information used?
We will use the personal information you provide to us to:
- check that your email address is a valid company email address for an Operator;
- provide you with access to our Portal and provide our services to you (acting on behalf of the Operator you represent);
- develop our services to enhance their usability and functionality and improve the user-experience; and
- contact you.
What are the lawful bases for our use of your information?
We must identify a lawful basis for our use of your information, which we set out in the table below:
| Purpose / activity | Information we use | Lawful basis / condition |
|---|---|---|
| Check that your email address is a valid company email address for an Operator |
| Legitimate business interests for the purposes of:
|
| Provide you with access to our Portal and provide our services to you (acting on behalf of the Operator you represent) |
| |
| Develop our services to enhance their usability and functionality and improve the user-experience |
| |
| Contact you |
|
Who do we share your personal data with?
We use certain third party service providers in connection with providing the Portal and our services. We have contracts in place with all third party service providers that strictly govern how they use the personal data we disclose to them.
We may occasionally be required by law, court order or governmental authority to disclose your information. In the event of a reorganisation, sale or takeover we may also need to disclose personal information to new entities within the group or potential acquirers and their advisers, though we will do so on the basis that the information is kept in confidence and, if the reorganisation, sale or takeover takes place, used only in accordance with applicable law and this Privacy Policy.
Further information about what information we share with service providers and other third parties is included in the table below.
| Service provider/third party | Purpose | Information shared |
|---|---|---|
| Hippo (formerly known as The Data Shed) | IT, development and software delivery services | All data types listed in the 'Collection of information' section above. |
| AWS | Cloud services | All data types listed in the 'Collection of information' section above. |
| Zendesk | Case management system services |
|
| Zoho | Case management system services |
|
| Microsoft | Software | All data types listed in the 'Collection of information' section above. |
| Stripe OLT | IT support services | All data types listed in the 'Collection of information' section above. |
| Citrix | Secure information sharing services | Information gathered in our correspondence with you. |
| Operator | Provision of the Service | All data types listed in the 'Collection of information' section above. |
| Public authorities, regulators or government bodies | Administration of justice, regulatory and compliance | All data types listed in the 'Collection of information' section above. |
| Professional advisers | Legal advice Audits | All data types listed in the 'Collection of information' section above. |
| Sage | Invoicing |
|
The requirements of data protection laws
Generally, we only store and use your personal data within the UK and European Economic Area (EEA) countries. If the Operator you represent is located outside the UK or EEA, we will transfer your information to them for the purposes of providing the Service. We have in place standard contractual clauses to protect your personal data where we transfer it to jurisdictions outside the UK or EEA.
Microsoft and some of our other service providers may transfer personal data to the USA or elsewhere outside the UK or EEA. We have in place standard contractual clauses to protect your personal data where it is transferred outside the UK or EEA.
Retention
We will hold your personal data until we:
- Stop providing services to the Operator; or
- Are informed you are no longer engaged by the Operator.
After either of these events, we will deactivate your account and archive your personal data for a period of seven years.
We will only keep your information for a longer period where necessary for the purposes of providing the Service or in order to comply with our legal obligations.
Your rights
You have the following rights in relation to your personal data:
- a right of access to a copy of your information;
- a right to request that we transfer your information to a third party;
- a right to object to the use of your information, including the right to object to the use of your information for direct marketing purposes;
- a right to have your information corrected and updated where it is inaccurate;
- a right to have your information erased;
- a right to restrict our use of your information while any concerns you raise are resolved; and
- a right to lodge a complaint to the Information Commissioner's Office in respect of our use of your personal data.
If you contact us in relation to your rights we will do our best to accommodate your request or objection. Please note, however, that not all rights are absolute. Sometimes other legal obligations or third party rights will take precedence.
Links to other websites
Our Portal may contain links to other websites. We are not responsible for the content, security, practices or privacy policies employed by other websites. We encourage you to carefully review these sites' privacy policies so that you know how they will collect, use, and share your information.
Contact us
If you have questions regarding this policy or our handling of your personal information, or if you would like to contact us regarding your rights in relation to your personal data, please email us at support@gamstop.co.uk.
We will promptly address your concern and strive to reach a satisfactory service.
