Privacy Notice

This privacy notice explains what information the Gambling Supervision Commission (‘The GSC’) collects and what that information is used for.

The GSC is a data controller for the purposes of the Data Protection Act 2018 and the Data Protection (Application of GDPR) Order 2018 and the Data Protection (Application of LED) Order 2018, together with any regulations made under them (Manx Data Protection Legislation). We are registered with the Information Commissioner’s Office as a data controller. Our registration number is: R002347.

When you use a GSC service we may ask you to share personal information with us. When we collect your personal information we will:

  • Only collect what we need and no more
  • Keep your information secure
  • Tell you how we will use your information
  • Delete your information when it is no longer needed
  • Only process your information in line with rules set out in Manx Data Protection legislation.

This Privacy Notice defines what happens when you give personal information to the GSC and will explain:

  • What information is collected and why
  • Who is collecting it
  • How it is collected
  • Why it is being collected
  • How it will be used
  • How long it will be kept
  • Who it will be shared with
  • How your information will be kept secure
  • Your rights, including how to access your information

If you have any questions or comments on this Privacy Notice please email the GSC Data Protection Officer.

Contact the Data Protection Officer for the GSC:

Email: DPO-GSC@gov.im

Phone: +44 1624 694331

Ground Floor
St George's Court
Myrtle Street
Douglas
Isle of Man
IM1 1ED

How and why we process your personal information

We collect and process information, including personal information, to provide effective and efficient services and meet our regulatory objectives under the Gambling Supervision Act 2010:

  • To ensure that gambling is conducted in a fair and open way
  • Protecting children and other vulnerable persons form being harmed or exploited by gambling
  • Preventing gambling from being a source of crime, to be associated with crime or disorder and or used to support crime

We use your personal data in line with the rules set out in the Manx Data Protection Legislation for the following reasons:

  • Applications for gambling and casino licences, bookmaker’s permits and society lottery registrations
  • Allocation of Freedom of Information Requests
  • Fulfilment of compliance requirements
  • Administration of corporate complaints
  • Ongoing monitoring of licensees
  • Carrying out vetting processes for ‘key persons’ in relation to any application
  • Conducting suitability requirements as part of the licensing process
  • Complying with statutory function and legal obligations
  • Inform our regulatory work in accordance with these objectives – including investigations and enforcement
  • Assist other regulators or law enforcement agencies
  • Monitor and improve our level of service
  • Conduct research/collate statistics for publication and/or for the purposes of policy formulation

Our legal basis for processing your information

We will only process your personal information if there is a legal reason for us to do so. We may rely on:

  • Your consent – if we rely on your consent to process your information you may withdraw your consent at any time by contacting the Data Protection Officer 
  • The need to meet a legal obligation in carrying out statutory government functions
  • The need to meet a request you have made for information or a service
  • The processing is necessary for us to comply with the law
  • The processing is necessary to perform a contract we have with the individual or their organisation, or because they have asked us to take specific steps before entering into a contract
  • To act as an enforcement body in relation to certain gambling offences
  • The need to prevent or investigate suspected or actual violations of law
  • The need to retain information for historical or archiving purposes by the Public Record Office under the Public Records Act 1999 – more information on retention is available from the Public Record Office

Types of personal info we collect about you

Depending on how you interact with us we may process different information about you. Below you will find an overview of the categories of information that we may collect.

Information you provide to us directly

Information you provide to us directly

Including as part of an application for a licence, or job applications.

Category of information

Examples of that type of information

Personal details

Name, email address, telephone number, address

Employment details

Current employment details, employment history, income, and employment references.

Financial information

Financial and banking documentation in support of licence applications.

Source of wealth/funding.

We do not hold credit or debit card information

Government identifiers

Copy of driving licence, passport, national ID, national insurance number

Communication

Feedback, comments, complaints, enquiries

Personal identification information

Title, date of birth, nationality, gender

Education and training details

Academic qualifications

Family, lifestyle and social circumstances

Dependents, marital status, character references

Criminal & Disclosure

DBS Forms, Criminal Convictions/Offences

Complainant Data

Customer account details, customer-operator history

Supporting documents

Utility bills, tax information

We may also process certain special categories of information for specific and limited purposes such as detecting and preventing crime or the processing of applications, for which the GSC is responsible.  We will only process special categories of information where we have obtained your explicit consent or are otherwise lawfully permitted to do so. We may also process certain special categories of data as defined in the GDPR (Isle of Man) Order. This may include:

  • Information about racial or ethnic origin
  • Religious or philosophical
  • Genetic data, biometric data
  • Criminal proceedings, outcomes and sentences;
  • Offences (including alleged offences)

Information provided to us by third parties

We will obtain data from third parties in order to confirm information supplied to us in the application process and/or for the purposes of suitability assessments.

This includes:

  • Data from operators for the exercise of our functions
  • From complainants and regulatory bodies
  • Data provided by licence applicants identifying people relevant to the application, who are not the applicants themselves

Category of information

Examples of that type of information

Personal details

Name, email address, telephone number, address

Employment details

Current employment details, employment history, income, and employment references.

Financial information

Invoice number, amount, and financial and banking documentation in support of licence applications.

Source of wealth/funding.

We do not hold credit or debit card information

Personal identification information

Title, date of birth, nationality, gender

Education and training details

Academic qualifications

Family, lifestyle and social circumstances

Dependents, marital status, character references

Criminal & Disclosure

DBS Forms, Criminal Convictions/Offences

Other

Utility bills, tax information

Information we collect automatically

When you visit or use our website we may collect information sent to us by your computer, mobile phone, or other device.

For example we may collect:

Category of information

Examples of that type of information

Device information

Hardware model, operating system version, IP address

Log information

Time and duration of visit

Other information

Links you click, location

Tracking information

When you visit this site we use cookies that do not collect any personal information.

Read more about how we use Cookies

How long we keep your personal information

We will only keep your information for the minimum time necessary, with exceptions of when longer retention can be justified for statutory, regulatory, legal or security reasons, or for their historical value.

This may be to:

  • Respond to an enquiry from you
  • Continue to monitor licensees and ‘key persons’
  • Confirm the transfer of information to other regulatory bodies
  • Meet Isle of Man Government Financial Regulations
  • Meet statutory requirements
  • To analyse the use and quality of our services and to make improvement
  • Records are only retained for longer term periods if their retention can be justified for statutory, regulatory, and legal or security reasons or for their historic value.

For further details about retention periods, or to see the GSC’s Retention and Destruction Schedule, please contact the GSC Data Protection Officer at DPO-GSC@gov.im .

How we keep your personal information secure

The security and confidentiality of your information is very important to us.

We will ensure that:

  • Safeguards are in place to make sure personal information is kept securely
  • Only authorised staff are able to view your information
  • We maintain security of the systems which hold personal information in line with ISO27001 standard
  • We comply with the requirements of the Information Commissioner

We may share your information:

  • With or between other Government Departments, Boards and Offices to provide a service or information you have requested, where there are arrangements in place to do so
  • With third parties to establish that the Applicant Company is under the control and management of persons of sound integrity and competence who are of sound character and financial status.
  • The courts on production of a valid court order

We publish the names of all companies and individuals who hold operating licences in the Isle of Man.

We will not sell to, or share, your personal information with other companies, organisations or individuals. The GSC may share your personal information with other companies, organisations or individuals where there is a legal requirement to do so. Your personal information will not be disclosed to any third party without your prior consent or where required to do so by law.

Your rights

To ask if we hold personal information about you

You can ask to see what information we hold about you by submitting a ‘Subject Access Request’ to the GSC Data Protection Officer.

You can review your personal information and ensure it is accurate

Where possible we will provide you with access to the information we hold about you so that you can view this information and provide a means for you to have this information changed if it is not accurate.

Alternatively you can ask for the information we hold about you to be changed by making a request to the GSC Data Protection Officer.

To remove your personal information

In certain circumstances you can ask for your information to be deleted. Please note that as part of the GSC statutory functions some information may need to be retained.

You can request this by contacting the GSC Data Protection Officer.

To make a complaint

If you are unhappy with the way we deal with your personal information you can submit a complaint to the GSC Data Protection Officer who will work with you to resolve any issues.

Email address: DPO-GSC@gov.im

Telephone: +44 1624 694331

Ground Floor
St George's Court
Myrtle Street
Douglas
Isle of Man
IM1 1ED

The Isle of Man’s Information Commissioner is the independent supervisory body responsible for upholding the public's information rights and promoting and enforcing compliance with the Island's information rights legislation.

You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of the Manx Data Protection Legislation. Further information regarding complaints to the ICO can be obtained through its website or by calling +44 1624 693260.

Will this notice change?

This Privacy Notice may change. We will not reduce your rights under this Privacy Notice without your consent. If any significant change is made to this Privacy Notice we will provide a prominent notice on this website so that you can review the updated Privacy Notice. 

This Privacy Notice may be replaced, or more information added, when you send feedback, ask to use a service online or make a payment for a service through our website.

This privacy notice was last updated in September 2020.

How to request your personal information

Under the Data Protection Act 2018 you have a right of access to your personal data and to check the accuracy of that data by making a Subject Access Request.

A subject access request is made by filling in our Subject Access Request Form, or by contacting the Data Protection Officer (DPO) of the Department, Office or Board that collects the information.

We have a guidance sheet that gives you details on the process.

To make a request of the DPO for the GSC contact:

Gambling Supervision Commission,
Ground Floor,
St. George’s Court,
Myrtle St.
Douglas,
Isle of Man,
IM1 1ED

Email: DPO-GSC@gov.im
Phone: +44 1624 694331

The Information Commissioner is the independent authority responsible for upholding the public's information rights and promoting and enforcing compliance with the Island's information rights legislation. Further information can be found on the Information Commissioner's website.

You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of the Data Protection Act 2018.