Privacy Notice

We collect and process information, including personal information, to provide effective and efficient services and meet our regulatory objectives under the Gambling Supervision Act 2010:

• To ensure that gambling is conducted in a fair and open way
• Protecting children and other vulnerable persons form being harmed or exploited by gambling
• Preventing gambling from being a source of crime, to be associated with crime or disorder and or used to support crime

We use your personal data in line with the rules set out in the Manx Data Protection Legislation for the following reasons:

• Applications for gambling and casino licences, bookmaker’s permits and society lottery registrations
• Allocation of Freedom of Information Requests
• Fulfilment of compliance requirements
• Administration of corporate complaints
• Ongoing monitoring of licensees
• Carrying out vetting processes for ‘key persons’ in relation to any application
• Conducting suitability requirements as part of the licensing process
• Complying with statutory function and legal obligations
• Inform our regulatory work in accordance with these objectives – including investigations and enforcement
• Assist other regulators or law enforcement agencies
• Monitor and improve our level of service
• Conduct research/collate statistics for publication and/or for the purposes of policy formulation

We will only process your personal information if there is a legal reason for us to do so. We may rely on:

• Your consent – if we rely on your consent to process your information you may withdraw your consent at any time by contacting the Data Protection Officer 
• The need to meet a legal obligation in carrying out statutory government functions
• The need to meet a request you have made for information or a service
• The processing is necessary for us to comply with the law
• The processing is necessary to perform a contract we have with the individual or their organisation, or because they have asked us to take specific steps before entering into a contract
• To act as an enforcement body in relation to certain gambling offences
• The need to prevent or investigate suspected or actual violations of law
• The need to retain information for historical or archiving purposes by the Public Record Office under the Public Records Act 1999 – more information on retention is available from the Public Record Office

Depending on how you interact with us we may process different information about you. Below you will find an overview of the categories of information that we may collect.

Information you provide to us directly

Including as part of an application for a licence, or job applications.

We may also process certain special categories of information for specific and limited purposes such as detecting and preventing crime or the processing of applications, for which the GSC is responsible.  We will only process special categories of information where we have obtained your explicit consent or are otherwise lawfully permitted to do so. We may also process certain special categories of data as defined in the GDPR (Isle of Man) Order. This may include:

• Information about racial or ethnic origin
• Religious or philosophical
• Genetic data, biometric data
• Criminal proceedings, outcomes and sentences;
• Offences (including alleged offences)

We will obtain data from third parties in order to confirm information supplied to us in the application process and/or for the purposes of suitability assessments.

This includes:

• Data from operators for the exercise of our functions
• From complainants and regulatory bodies
• Data provided by licence applicants identifying people relevant to the application, who are not the applicants themselves

When you visit or use our website we may collect information sent to us by your computer, mobile phone, or other device.

For example we may collect:

We will only keep your information for the minimum time necessary, with exceptions of when longer retention can be justified for statutory, regulatory, legal or security reasons, or for their historical value.

This may be to:

• Respond to an enquiry from you
• Continue to monitor licensees and ‘key persons’
• Confirm the transfer of information to other regulatory bodies
• Meet Isle of Man Government Financial Regulations
• Meet statutory requirements
• To analyse the use and quality of our services and to make improvement
• Records are only retained for longer term periods if their retention can be justified for statutory, regulatory, and legal or security reasons or for their historic value.

For further details about retention periods, or to see the GSC’s Retention and Destruction Schedule, please contact the GSC Data Protection Officer at DPO-GSC@gov.im .

The security and confidentiality of your information is very important to us.

We will ensure that:

• Safeguards are in place to make sure personal information is kept securely
• Only authorised staff are able to view your information
• We maintain security of the systems which hold personal information in line with ISO27001 standard
• We comply with the requirements of the Information Commissioner

We may share your information:

• With or between other Government Departments, Boards and Offices to provide a service or information you have requested, where there are arrangements in place to do so
• With third parties to establish that the Applicant Company is under the control and management of persons of sound integrity and competence who are of sound character and financial status.
• The courts on production of a valid court order

We publish the names of all companies and individuals who hold operating licences in the Isle of Man.

We will not sell to, or share, your personal information with other companies, organisations or individuals. The GSC may share your personal information with other companies, organisations or individuals where there is a legal requirement to do so. Your personal information will not be disclosed to any third party without your prior consent or where required to do so by law.

To ask if we hold personal information about you

You can ask to see what information we hold about you by submitting a ‘Subject Access Request’ to the GSC Data Protection Officer.

You can review your personal information and ensure it is accurate

Where possible we will provide you with access to the information we hold about you so that you can view this information and provide a means for you to have this information changed if it is not accurate.

Alternatively you can ask for the information we hold about you to be changed by making a request to the GSC Data Protection Officer.

To remove your personal information

In certain circumstances you can ask for your information to be deleted. Please note that as part of the GSC statutory functions some information may need to be retained.

You can request this by contacting the GSC Data Protection Officer.

To make a complaint

If you are unhappy with the way we deal with your personal information you can submit a complaint to the GSC Data Protection Officer who will work with you to resolve any issues.

Email address: DPO-GSC@gov.im

Telephone: +44 1624 694331

Ground Floor
St George's Court
Myrtle Street
Douglas
Isle of Man
IM1 1ED

The Isle of Man’s Information Commissioner is the independent supervisory body responsible for upholding the public's information rights and promoting and enforcing compliance with the Island's information rights legislation.

You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of the Manx Data Protection Legislation. Further information regarding complaints to the ICO can be obtained through its website or by calling +44 1624 693260.

This Privacy Notice may change. We will not reduce your rights under this Privacy Notice without your consent. If any significant change is made to this Privacy Notice we will provide a prominent notice on this website so that you can review the updated Privacy Notice. 

This Privacy Notice may be replaced, or more information added, when you send feedback, ask to use a service online or make a payment for a service through our website.

This privacy notice was last updated in September 2020.

Under the Data Protection Act 2018 you have a right of access to your personal data and to check the accuracy of that data by making a Subject Access Request.

A subject access request is made by filling in our Subject Access Request Form, or by contacting the Data Protection Officer (DPO) of the Department, Office or Board that collects the information.

We have a guidance sheet that gives you details on the process.

To make a request of the DPO for the GSC contact:

Gambling Supervision Commission,
Ground Floor,
St. George’s Court,
Myrtle St.
Douglas,
Isle of Man,
IM1 1ED

Email: DPO-GSC@gov.im
Phone: +44 1624 694331

The Information Commissioner is the independent authority responsible for upholding the public's information rights and promoting and enforcing compliance with the Island's information rights legislation. Further information can be found on the Information Commissioner's website.

You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of the Data Protection Act 2018.