Under the Isle of Man Data Protection Act 2018 and UK Data Protection Act 2018 Welton Holdings Limited a company incorporated in the Isle of Man with Registered Number 123348C having its Registered Office at Suite 8/9, West House, West Street, Ramsey, Isle of Man, IM8 1AE together with TGP Europe Limited (“TGPE”), a company incorporated in the Isle of Man with Registered Number 122698C having its Registered Office at James House, 1st Floor, 11-13 Hill Street, Douglas, Isle of Man IM1 1EF "us, our, we", are classified as data controllers. This means we determine the purposes and means of processing your personal data.
We take the privacy of your information very seriously and ask you to read this Privacy Notice carefully as it contains important information on:
- The personal information we collect about you and why
- What we do with your information
- The measures applied to ensure the security of your personal data
- Who your information might be shared with
- Your rights
What is personal data and special category data?
Under the EU’s General Data Protection Regulation (“GDPR”), personal data is defined as any information relating to an identified or identifiable natural person. It can include obvious identifiers like your name but also identification numbers, online identifiers and/or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. Special category data includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.
What information do we collect, for what purpose, and the legal basis for collection?
We collect and process personal data based on one or more of the following legal bases:
- Consent: the individual has given clear consent for us to process their personal data for a specific purpose
- Contract: the processing is necessary for a contract we have with the individual or their organisation, or because they have asked us to take specific steps before entering into a contract
- Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations)
By using our websites or by contacting us by phone, email, or in writing, you may be providing us with the following information when you open an account with us or interact with our gaming platform:
- Your name
- Date of birth
- Current address and proof of address
- Proof of identity
- Email address
- Mobile and telephone numbers
- Financial debit card information (in line with current Payment Card Industry Data Security Standard)
- Recordings of telephone calls and email or chat communications
When you visit our websites, we may automatically collect the following information:
- Technical information used to connect your computer to the internet
- Login information, your geographic location, browser type and version
- Browser types operating system and platforms
- Information about your visit
- Financial transactions
- Your gaming activities
Information with relevance to cookies may be obtained from third parties (such as financial institutions, identification verification agencies, credit providers, credit reference agencies) for us to follow legal gaming requirements (e.g. to identify you, Anti-Money Laundering, Anti-Fraud, prevention of terrorist financing). These third parties have all been thoroughly vetted as part of our Information Security Controls. and in accordance with the requirements of our remote gambling licence.
You can learn more on cookies by visiting http://www.allaboutcookies.org/
Why do we use your information?
We require your information to:
- Set up, manage and administer your account
- Provide you with our services (make/settle/pay Bets, playing games, etc.)
- Improve the quality or service and gaming experience for you
- Comply with obligations as set out in our terms and conditions (contractual obligations)
- Comply with legal, licensing and regulatory requirements
Your personal data may also be used by the Group for customer modelling, statistical and trend analysis, with the aim of developing and improving our products and services. If your data is used in this way, then it will be anonymised.
We will only contact you about our products and services if we have your consent to do so. You can freely manage your consent at any time via our tools within personal details.
We use personal information in an endeavour to personalise your interaction and experience with our services. Personalisation or user profiling is necessary for the purpose of delivering and displaying relevant content to our customers which we deem to be our legitimate interest.
Do we share your information?
We may share the personal data we hold about you across the Group to enable us to better understand your needs and run your accounts in the efficient way that you expect.
To ensure we follow legal obligations set by the gaming industry, we may be required to disclose information with specific third parties (e.g. to identify you, Anti-Money Laundering, Anti-Fraud, prevention of terrorist financing). As detailed above, these third parties have all been thoroughly vetted as part of our Information Security Controls, which we are required to follow as part of gaming requirements.
We will not share/sell your information outside of the Group (e.g. to other gaming companies, or unrelated companies), as this is not part of our scope of business.
We may need to disclose your information to a third party if required by law. In this case, we would follow the law’s strict rules on sharing information.
How long do we retain your information?
We will ensure personal data is not kept for longer than is necessary. We will always follow the below controls to ensure that the storage of personal data conforms to this:
- Review the length of time personal data is retained
- Review and consider the purpose for retaining the personal data
- Securely delete personal data which is no longer required
- Ensure personal data held is updated and, when appropriate, is archived securely
What do we do with your information?
We are the controllers of the information collected and will only use your personal data in the course of provision of services to you.
We will take all steps reasonably necessary to ensure that your data is treated securely.
Your information and transactions are transmitted using encryption technology and securely stored in line with our Information Security Policies.
If you are required to send us your debit card information, your card details will always be transmitted securely. Any debit card information stored by us are in an encrypted form and can only be viewed by employees with the appropriate level of security clearance.
The data collected from you (including recorded calls) will be transferred, processed and stored at our dedicated secured offices and data centres. By submitting your personal data, you agree to this transfer, processing and storing.
Where we have given you a password which enables you to access certain parts of any of our websites, you are responsible for keeping this password confidential, including not sharing it with other persons. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to any of our websites. In addition to the steps that we take to protect your personal data, you should take steps to help protect yourself against Internet fraud.
Your Personal Data Rights
Under GDPR you have several rights to your personal data, which are detailed below:Right to Access personal data:
You have a right to request a copy of the personal information that we hold about you. Please visit the ‘Contact Us’ page to get in touch, should you wish to make such a request. In your request, please give as much information as possible to identify yourself with, to assist us in gathering the information requested.
We will respond to such a request within one month which will require your identification to be verified prior to release of relevant personal data.
Your information provided by us, on your request, will be communicated to you in a way which can be transferred to another party if required.
Right to Erasure:
You can request us to erase your personal data where there is no lawful basis requiring us to continue processing this personal data. This right only applies in certain circumstances given that our legal obligations include data retention periods.
Right to Rectification of Personal data:
Right to Rectification of Personal data: You can request that we correct any personal data that we are processing about you which is incorrect.
Right to be informed:
Right to be informed: Where the application of a personal data right has impacted on your personal data, you have the right to be informed.
Right to data portability:
Similar to the right to access personal data, this right allows you to obtain your personal data in an electronic format that would enable you to transfer that personal data to another organisation, should it be relevant.
Right to restrict / object to processing of personal data:
In certain circumstances you have the right to object to or restrict the processing of your personal data, where this processing is based on consent, contractual obligation or our legitimate interest.
However, despite your objections or wish to restrict processing, where there are compelling legitimate grounds or legal obligations, we have the right to continue to process your personal data.
Rights relating to automated decision making and profiling:
Rights relating to automated decision making and profiling: You have the right to not be subject to a decision which is based only on automated processing, i.e. without human involvement. In instances where a decision has a legal impact or otherwise significantly affects you, particularly. We confirm that we do not make automated decisions of this nature.
As referred to above, you also have the general right to withdraw the consent you have given us to process your personal data (in respect of our marketing activities) and where this processing is based on what we deem to be our legitimate interest.
You have a right to opt-out of any marketing communications, which customers can do so by opting-out through your account. This can be found under Personal Details > Promotions and Marketing materials.
Please ensure you inform us of any changes to your information to ensure accuracy is maintained. You can do this by contacting our customer services team at firstname.lastname@example.org
If you wish further information regarding personal data or to make a complaint, please contact us in writing at:
TGP Europe Ltd James House, 1st Floor, 11-13 Hill Street, Douglas, Isle of Man IM1 1EF