Privacy Notice

The GSC is regulatory body and statutory board as defined in in Section 1(1) of Schedule 1 of the Statutory Boards Act 1987. The GSC comprises of the Inspectorate (a team of Inspectors who manage a portfolio of licence holders) and the Commission, who sit once a month to consider regulatory matters and licence applications.

The GSC’s objectives means that a sophisticated framework must be used when assessing and managing risks, and supervising licensed activities to ensure that all stakeholders are competent, crime free and capable of contributing to a safe, trusted and efficient sector.

For this reason, the GSC aims to utilise information collected and created in the most efficient and secure manner possible in order to meet its objectives reliably and effectively.

We collect and process information, including personal information, to provide effective and efficient services and meet our regulatory objectives under the Gambling Supervision Act 2010 and a number of other statutory instruments which provide for a Regulatory Framework. All of these statutory arms provide the GSC with the legal basis to hold data and process it for the Data Protection legislation as it applies to the Isle of Man and includes the applied General Data Protection Regulation (the GDPR) and Law Enforcement Directive (LED) to:

• Ensure that gambling is conducted in a fair and open way
• Protecting children and other vulnerable persons form being harmed or exploited by gambling
• Preventing gambling from being a source of crime, to be associated with crime or disorder and or used to support crime

We use your personal data in line with the rules set out in the Isle of Man Data Protection Legislation for the following reasons:

• Licensing of Gambling and Book making activity including: Applications for gambling and casino licences, bookmaker’s permits and society lottery registrations
• Licensing of the sale of controlled machines
• Allocation of Freedom of Information Requests
• Fulfilment of compliance requirements
• Administration of corporate complaints
• Ongoing monitoring, supervision and reporting of licensees and holders of licenses
• Carrying out vetting processes for ‘key persons’ in relation to any application, be that integrity checks or fit and proper person checks.
• Conducting suitability requirements as part of the licensing process
• Complying with statutory function and legal obligations
• Inform our regulatory work in accordance with these objectives – including investigations and enforcement
• Assist other regulators or law enforcement agencies
• Monitor and improve our level of service
• Conduct research/collate statistics for publication and/or for the purposes of policy formulation
• Ongoing monitoring of persons in controlling roles for fitness and integrity purposes
• Ongoing monitoring and supervision of licensed activity which may include accounts and alike which may be through third parties.
• Undertaking obligations under other key statute and regulation which includes but is not limited to the Proceeds of Crime Act 2008, Anti-Money Laundering and Counter Terrorist funding general and specific codes
• Any obligation on the GSC to act in accordance with Isle of Man Government Financial regulations and the regulations covering Public Service Commission (Civil Servant) Regulations

Further information can be obtained by contacting the GSC or the Data protection officer. 

We will only process your personal information if there is a legal reason for us to do so. We may rely on:

• The need to meet public tasks as defined which is a legal obligation in carrying out statutory government functions as outlined in primary, secondary legislation and regulations
• The need to meet a request you have made for information or a service
• The processing is necessary for us to comply with the law
• The processing is necessary to perform a contract we have with the individual or their organisation, or because they have asked us to take specific steps before entering into a contract
• To act as an enforcement body in relation to certain gambling offences
• The need to prevent or investigate suspected or actual violations of law including processing under the Applied General Data Protection Regulation and the Law Enforcement Directive 2018.
• Your consent – if we rely on your consent to process your information for a certain purpose you may withdraw your consent at any time by contacting the Data Protection Officer 
• The need to retain information for historical or archiving purposes by the Public Record Office under the Public Records Act 1999 – more information on retention is available from the Public Record Office
• Any relevant guidelines or advice issued to the sector which is relevant for the GSC to fulfil its regulatory obligations
• Set out below are the principle legislation under which the GSC controls, processes, accesses and uses personal data.

In most cases, the minimum legal age for gambling is 18.

This applies to:

• some types of arcade
• all betting shops
• bingo halls
• casinos
• race tracks
• online gambling.

Therefore the GSC does not intentionally obtain data relating to children. There are three potential areas where the GSC may inadvertently come across child data.

1. Where a child is subject of a trust or a customer of a Corporate Service Provider.
2. Where a report is made to the GSC concerning gambling the conduct of an operator or the unlawful placing of a “bet”
3. Where child data is discovered during a supervisory practice such as “desk based assessment” and then it may not be immediately obvious that a child is engaged in the data i.e. if they have lied about their identity.

Any organisation offering gambling facilities on the Isle of Man must have procedures to prevent underage gambling. This includes both online betting sites and physical places you can gamble such as betting shops or casinos. All gambling websites regulated by us must have:

• up to date policies and procedures designed to prevent underage gambling
• a warning that underage gambling is an offence
• a requirement that customers affirm they are legally old enough to gamble.

The GSC understands the implications of holding such child data and as such takes the view that whilst it does not intentionally hold children’s data – it is possible that it may at some stage. If a child is subject of the data the GSC holds they can contact the GSC Data Protection Officer.

The GSC has prepared a Children’s Data Protection Notice which is available on this site.

The GSC uses a number of statutory obligations in order to process your data. These can be found in the Principle Acts, Codes, Orders, Regulations and other statutory instruments which allow for processing in order for the GSC to conduct its statutory duties. The details of the legislation can be located in the Legislation section of this website.

In summary the legislation allows for the GSC to act as a regulatory body and utilise the framework of supervision tools available at its disposal.

Principal Acts

• Gaming (Amendment) Act 1984
• Casino Act 1986
• Gaming, Betting and Lotteries Act 1988
• Online Gambling Regulation Act 2001
• Gaming, Betting and Lotteries (Amendment) Act 2001
• Gambling Supervision Act 2010
• Casino (Amendment) Act 2018
• Gambling (Anti-Money Laundering and Countering the Financing of Terrorism) Act 2018

Other Acts

• Pool Betting (Isle of Man) Act 1961
• Pool Betting (Isle of Man ) Act 1970
• Betting Act 1970
• National Lottery Act 1999
• Gambling (Amendment) Act 2006

Codes

• Gambling (Anti-Money Laundering and Countering the Financing of Terrorism) Code 2019

Orders

• Gambling (Anti-Money Laundering and Countering the Financing of Terrorism) Civil Penalties Order 2018

Regulations

Regulations made under the Online Gambling Regulation Act 2001:

• Online Gambling (Advertising) Regulations 2007
• Online Gambling (Prescribed Descriptions) Regulations 2007
• Online Gambling (Systems Verification) (No.2) Regulations 2007
• Online Gambling (Betting and Miscellaneous Provisions) Regulations 2007
• Online Gambling (Disaster Recovery) (No.2) Regulations 2007
• Online Gambling Duty Regulations 2008
• Online Gambling (Registration and Accounts) Regulations 2008
• Online Gambling (Licence Fees) Regulations 2009
• Online Gambling (Exclusions) Regulations 2010
• Online Gambling (Participants' Money) Regulations 2010
• Online Gambling (Network Services) Regulations 2011
• Online Gambling (Registration and Accounts) (Amendment) Regulations 2014
• Online Gambling (Exclusions) (Amendment) Regulations 2014
• Online Gambling (Participants' Money) (Amendment) Regulations 2014
• Online Gambling (Amendments) Regulations 2016
• Online Gambling (Software Supplier Licensing) Regulations 2019

Regulations made under the Gambling Supervision Act 2010:

• Gambling Supervision (Permitted Disclosures) Order 2010

Regulations made under the Gaming, Betting and Lotteries Act 1988:

• Bingo Nights (Prescribed Conditions) Regulations 2010
• Racing Nights (Prescribed Conditions) Regulations 2010
• Society Lottery Advertisments Regulations 2011
• Licensed Betting Office (Opening Hours) Regulations 2017

Regulations made under the Casino Act 1986:

• Casino (Licence Applications) Regulations 1986
• Casino Regulations 2011
• Casino (Temporary Premises) Regulations 2013

Regulations under the Gaming (Amendment) Act 1984:

• The Controlled Machines Regulations 1985
• The Controlled Machines (Exemption) Order 1992
• The Certification of Premises (Application Fees) Order 2003
• The Controlled Machines (Suppliers Licences) (Fees) Order 2003
• The Controlled Machines (Prescribed Amounts and Percentages ) Regulations 2014
• The Controlled Machines (Exemption) Order 2016
• The Controlled Machines (Exemption) (Amendment) Order 2020

We may also share your data in respect of obligations under the Proceeds of Crime Act 2008 and Anti-Money Laundering Legislation and codes of practice.

Depending on how you interact with us we may process different information about you. Below you will find an overview of the categories of information that we may collect.

Including as part of an application for a licence, or job applications.

We may also process certain special categories of information for specific and limited purposes such as detecting and preventing crime or the processing of applications, for which the GSC is responsible.  We will only process special categories of information where we have obtained your explicit consent or are otherwise lawfully permitted to do so. We may also process certain special categories of data as defined in the GDPR (Isle of Man) Order. This may include:

• Information about racial or ethnic origin
• Religious or philosophical
• Genetic data, biometric data
• Criminal proceedings, outcomes and sentences;
• Offences (including alleged offences)

Cookies, tags and other identifiers (“Cookies”)

Cookies are text files placed on your computer or mobile device to collect standard internet log information and visitor behaviour information. The Websites create Cookies for each session when you visit them. We use Cookies:

• to ensure that any selections you make on our Websites are adequately recorded; and
• for analysis of the traffic on our Websites, so as to allow us to make suitable improvements.

Please be aware that it is not possible to use this website without Cookies. If additional information about the Commissions use of Cookies is required, please get in touch with us.

We will obtain data from third parties in order to confirm information supplied to us in the application and supervision process and/or for the purposes of suitability assessments.

This includes:

• Data from operators for the exercise of our functions including those outlined below
• From complainants and regulatory bodies
• Data provided by licence applicants identifying people relevant to the application, who are not the applicants themselves

We share data with / collect it from In order to...

The GSC uses a Customer Relationship Management system called Atlas to store data relating to licence holders. All of the GSC's data and information is held on the Isle of Man Government's secure network - further details can be obtained via the Data Protection Officer. This is covered within a Data Retention and Disposal Policy which is available on request.

We will only keep your information for the minimum time necessary, with exceptions of when longer retention can be justified for statutory, regulatory, legal or security reasons, or for their historical value. As a public authority the GSC is subject of the provisions of the Public records Act and as such data may be selected for more significant terms of retention.

This may be to:

• Respond to an enquiry from you
• Continue to monitor licensees and ‘key persons’
• Confirm the transfer of information to other regulatory bodies
• Meet Isle of Man Government Financial Regulations
• Meet statutory requirements
• To analyse the use and quality of our services and to make improvement
• Records are only retained for longer term periods if their retention can be justified for statutory, regulatory, and legal or security reasons or for their historic value.

For further details about retention periods, or to see the GSC’s Retention and Destruction Schedule, please contact the GSC Data Protection Officer at DPO-GSC@gov.im

The security and confidentiality of your information is very important to us.

We will ensure that:

• Safeguards are in place to make sure personal information is kept securely;
• Only authorised staff are able to access your information;
• We maintain security of the systems which hold personal information in line with Government Standards; and
• We comply with the regulatory and compliance requirements of the Information Commissioner.

We may share your information as described under ‘Sharing Your Information’. Your personal information will not be disclosed to any third party without your prior consent, or where we are permitted or required to do so to exercise our functions as a law enforcement body.

We will not sell your personal information to other companies, organisations or individuals. The GSC may share your personal information with other companies, organisations or individuals where there is a legal requirement to do so or where their use will be consistent with our functions described above.

We publish the names of all companies and individuals who hold operating licences in the Isle of Man.

How to request your personal information

Under Article 15 of the Applied GDPR you have a right of access to your personal data and to check the accuracy of that data by making a Subject Access Request.

A subject access request is made by filling in our Subject Access Request Form, or by contacting the Data Protection Officer.

We have a guidance sheet that gives you details on the process.

To make a request of the DPO for the GSC contact:

GSC,
Ground Floor,
St. George’s Court,
Myrtle St.
Douglas,
Isle of Man,
IM1 1ED

Email: DPO-GSC@gov.im
Phone: +44 1624 694331

This Privacy Notice may change. We will not reduce your rights under this Privacy Notice without your consent. If any significant change is made to this Privacy Notice we will provide a prominent notice on this website so that you can review the updated Privacy Notice. 

This Privacy Notice may be replaced, or more information added, when you send feedback, ask to use a service online or make a payment for a service through our website.

This privacy notice was last updated in May 2022.

Under the Data Protection Act 2018 you have a right of access to your personal data and to check the accuracy of that data by making a Subject Access Request.

A subject access request is made by filling in our Subject Access Request Form, or by contacting the Data Protection Officer (DPO) of the Department, Office or Board that collects the information.

We have a guidance sheet that gives you details on the process.

To make a request of the DPO for the GSC contact:

Gambling Supervision Commission,
Ground Floor,
St. George’s Court,
Myrtle St.
Douglas,
Isle of Man,
IM1 1ED

Email: DPO-GSC@gov.im
Phone: +44 1624 694331

If you are unhappy with the way we deal with your personal information you can submit a complaint to the GSC Data Protection Officer who will work with you to resolve any issues.

The Isle of Man’s Information Commissioner is the independent supervisory body responsible for upholding the public's information rights and promoting and enforcing compliance with the Island's information rights legislation.

You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of the Manx Data Protection Legislation.

Further information regarding complaints to the ICO can be obtained through its website or by calling +44 1624 693260.

Who we are

We are the Gambling Supervision Commission (GSC) for the Isle of Man and we make sure that gambling is conducted in a crime free way, that the young and anyone at risk is protected and that gambling is fair.

Gambling takes many forms and includes betting, placing a bet of money against the outcome of a game, a contest, slot machines, casinos and on line gambling

We have worked to keep gambling safe by licensing and monitoring gambling for since 1962 and we are here to help when there is an issue with a company that provides gambling services.

Get in touch

The GSC does not intentionally hold children’s data but if you want to know more about the personal information we have of yours, or if you want to raise a question with us then do drop us a line. If you are under 13 your parent or carer would need to do this. If you are over 13 then you can write to our data protection officer, Kristy. She’s contactable at Kristy.maxwell@gov.im

We think it would be best if you discussed this with your parent or carer first, and that you copied them into any emails you send. But this is up to you, we will always tell you if we are going to tell other people, so do not worry.

Personal data – what’s that?

What we mean is any information that could be used to identify you. At its simplest this could be just your name and address; or, it could include a telephone number, email address, a picture or recording of you. We might be in contact with your personal data if you are a person who has a trust or investments in a gaming company or if you are gaming, even though you should not be. This could be quite sensitive and personal information about what has happened and how you are doing.

Where we get your personal data from and what we do with it?

Basically, we get it from people who may represent you or from gaming companies if you are betting and you should not be, we may also get it from you, if you write to us! If you are under 13 then your parent or carer has to give it to us on your behalf. We don’t buy lists of names.

So: You might need a little bit of help yourself and maybe someone has contacted us for you. Or you may be gambling and you should not be, do not worry if you are, you are not in trouble.

When you are in touch with us we will sometimes ask you for personal information. Personal information means things like your name, your age, where you live and how we can contact you.

But that’s only if you are over 13. The first thing we would want to know, and check, is how old you are.

If you are under 13 then we have to ask a parent or carer, or another adult who looks after you to give us that information for you. We tell them how we keep that information safe in our other ‘Privacy Notice’ – it is a bit longer than this one! They can ask to see any of that information, any time. Full privacy notice

If you are 13-18 then you can give us permission (or, ‘consent’) to record some data about you depending on what we are doing and hold on to it for as long as we need to.

If you are subject of a trust then your representative should tell you about the gaming industry if they are working in this area. They should explain all of this and check that you agree, that you know what your rights are, and that you understand what we do with your personal information – it is yours after all!

It is really important to know that we are really careful with this information.

Everyone at the GSC understands that they should look after your information and should keep you safe and that includes how we keep your information safe. We don’t share it unless you tell us we can (unless we are really worried about you), and we store it safely.

How long we keep your data for

We have thought a lot about how long we should hold on to personal data. We believe it is only as long as you would consider reasonable, or where we have to because of the law. We have a list of how long we keep all information and what we do with it (delete or archive) when its time is up! We keep it very safe on our systems, just like you would expect us too. You can ask for this list if you like.

Your rights

You have all the same ‘rights’ with regard to your personal information as adults do – this is a very good thing. There are a number of rights and you can see them here

If you want to know more, have a look at our general Privacy Notice.

This privacy notice was last updated by adults in May 2022 in line with the GDPR. It will be reviewed by children and young people regularly.

Children and families

You might be part of a trust or be gambling when you should not be, this may affect your family and this may mean you are receiving a service from us in which case we would collect your data as part of receiving that service. This might include quite sensitive information relating to the support we are providing to you. If you are under 13 we will need to get consent from the relevant adults to hold your personal information.

Sometimes another agency (like a school, GP, gambling company or corporate service provider (CSP)) might have information that they want to pass onto us but we would only take that data with your consent.

In any case, before you started talking to us we would have explained all of this to you and asked you to give us your specific permission (your ‘consent’) to gather, hold and process this information for a defined period of time.

We take our responsibility to safeguard the welfare of children, young people and vulnerable adults very seriously. We are legally obliged to pass on personal information to the relevant authority if we thought a child, young person or vulnerable adult was at risk. When you begin to receive a service this will all be covered in the process of giving your consent for us to hold and process your personal information.

Who can see your information?

We take data security very seriously. Our internal systems are robust and we have invested in ensuring our data systems meet industry standards. Access to information we hold internally is restricted according to the type of data we hold and where we hold it. All personal data is processed by staff in the UK and data we hold securely on third party servers is hosted and maintained within the European Union.

We may also share your data with law enforcement agencies or statutory agencies if required.

A word about ‘Cookies’

When anyone visits our website, their IP address, browser and version, operating system and the site they came from are stored in a log file. This information is only used for statistical purposes to help improve this site. Log files do not contain any personal information. We do not use cookies for collecting personal information and we will not collect any information about you except that required for administration of the web server.

GDPR – A Summary of Your Rights

The Information Commissioner’s Office (ICO) has produced a summary of your rights in relation to data protection and the General Data Protection Regulation (GDPR)

If you have a concern about how we have handled or processed your data, or are unsatisfied with our response to a complaint you have raised with us then please contact the ICO 

This privacy notice was last updated in May 2022. It is reviewed regularly.