The Bingo Association Ltd and Bingo Industry Self-Exclusion Scheme (BISES) Privacy Notice 

Who we are  

The Bingo Industry Self-Exclusion Scheme is operated and managed by The Bingo Association Ltd. 

Company Registration Number: 7588517 

Company Registered Address: Lexham House, 75 High Street North, Dunstable, Bedfordshire. LU6 1JF 

We are registered as a data controller at the UK Information Commissioner’s Office under number Z4952765 

We are responsible for the processing of personal data that we have received in accordance with the UK General Data Protection Regulation (UKGDPR) and the DPA 2018. 

What is BISES? 

BISES is a digital Self-Exclusion solution which allows people to enrol in a National Self-Exclusion Scheme via licensed land-based bingo premises. 

There is one type of self-exclusion that may be offered to you in venue, this is: 

  • National Self-Exclusion 
    • This would exclude you across all licensed land-based bingo premises in Great Britain, including retail bingo clubs, holiday parks and any High Street Bingo venues with the same postcode prefix. 

Our Partners  

We partner with providers of other National Self-Exclusion Schemes, to ensure self-exclusion is supported across multiple licenced gambling premises. These Partners are: 

  • IHL Tech Ltd  
    • Operator of the SmartEXCLUSION Self-Exclusion Scheme to Adult Gaming Centres, Licensed Betting Offices and Licenced High Street Bingo premises in Great Britain and Ireland. 

Our Customers 

We provide the Bingo Industry Self-Exclusion Scheme to Operators of licensed land-based bingo premises in Great Britain. These are referred to as our customers. 

We refer to our customers’ premises as venues. 

Our role in your privacy as a self-excluder 

If you are providing personal data to us, either directly or via our customers or partners to enable us to enrol you on to our, or our partner’s National Self-Exclusion Schemes, this Privacy Notice applies to you. 

Please Note: 

  • If you are visiting our website, please refer to our standard Privacy Policy. 

If you are a member of staff providing personal data to us via BISES, please refer to our BISES (Staff User) Privacy Notice.

Our responsibilities  

  • Our responsibilities as a Data Controller (and Joint Controller) 
    • Whilst you are completing your self-exclusion at a venue, we act as a ‘Joint Controller’ of your data together with our customers. This means that we are jointly determining with our customers how your personal data is processed to enable us to provide the self-exclusion service to you. 
    • When you have completed the enrolment of your self-exclusion on BISES, we act as a ‘Data Controller’ of your data. This means we determine why and how your personal data is processed to enable us to provide the ongoing self-exclusion service to you. 
    • If your self-exclusion requires us to share your exclusion data with self-exclusion schemes operated by our partners, we act as a ‘Joint Controller’ of your data with those partners. This means we jointly determine with our partners the purposes and means of processing your personal data, to enable us to provide the self-exclusion service to you. 

Your responsibilities  

Please read this Privacy Notice. 

If you follow any external links to web-pages that are not part of BISES, our national Self-Exclusion Scheme, please read the respective Privacy Pages for the site(s) you are visiting. 

This may include other national Self-Exclusion Schemes, gambling support sites or information sites that we share with you upon request following enrolling for your self-exclusion. 

When we collect data 

We will collect data from you with your consent: 

  • If you self-exclude with BISES via our customers, they will digitally complete a self-exclusion in venue with your assistance, using a tablet  
  • If you have Seld-excluded with another national Self-Exclusion Scheme provider, they will share your exclusion data with us. 

Types of data we may collect when you are registering for self-exclusion using BISES   

  • Self-exclusion data: 
    • Required data 
      • Title 
      • Gender 
      • Name 
      • Address 
      • Photo 
      • Date of birth 
      • Signature 
    • Optional data 
      • e-mail address 
      • Phone number 

Types of data we may collect when you self-exclude using other national Self-Exclusion Scheme Providers  

  • Self-exclusion data: 
    • Title 
    • Gender 
    • Name 
    • Address 
    • Photo 
    • Date of birth 
    • e-mail address 
    • Phone number 

Types of data we DO NOT collect  

  • Any data relating to racial or ethnic origin. 

Determination of Special Category Data 

To allow us to provide self-exclusion to you, we require you to provide us with a photo of yourself. We have determined that this data is to be categorised as Special Category Data and we will ensure we have the appropriate technical securities and processes in place to manage this data. 

Purposes for which we process your data 

We collect your data solely for the purpose of providing and managing your self-exclusion request. This includes the sending of e-mails and texts that may contain information relating to gambling support services and organisations. 

How and why we use your data 

Data protection law requires that we only use your data for certain reasons and where we have a lawful basis to do so. Here are the reasons why we process your data: 

  • Providing our Self-Exclusion Scheme to our customers (as a Controller or Joint Controller): 
    • Processing of your self-exclusion record at your request, to enable The Bingo Association Ltd to deliver, support and improve its Self-Exclusion Scheme (BISES)). 
    • Sharing of your self-exclusion record with our other customers who participate in our Self-Exclusion Scheme enabling them to manage and monitor any visits that would be in breach of your self-exclusion 
    • To ensure our customers can meet their legal obligations under the gambling regulations to manage and maintain an effective Self Exclusion Scheme, prevent underage gambling and keep licensed land-based bingo premises safe from crime and disorder. 
    • As part of our continuous improvement plan, we may from time-to-time process live data of self-exclusion records to monitor and enhance the accuracy of our systems and also to test new technology, including facial detection and recognition to further improve and support the Self-Exclusion Scheme, the prevention of underage gambling and to keep crime out of gambling venues. 
    • Ensuring self-exclusion policies and procedures and self-excluders instructions are adhered to. 
    • Protecting vulnerable adults from potential harm caused through gambling. 
    • Subject to the terms you have selected within your self-exclusion record, as a joint controller, we will share your personal data with the providers of other approved Self-Exclusion Schemes as detailed in the ‘Our Partners’ section of this policy. 
    • Our lawful basis for processing your personal data in this context is our legitimate interests and in relation to special category data, the substantial public interest. To support this lawful basis, we have conducted a Legitimate Interest Assessment. 

Here is what each “lawful basis” means: 

  • Legitimate Interests: 
    • The processing of your personal data is necessary for the purposes of our legitimate interests and that of our customers and partners in providing a national Self-Exclusion Scheme to protect vulnerable people from potential harm caused through gambling. We know that you would reasonably expect us to be processing your personal data and that we are doing so to prevent you from harm. We have therefore concluded, in the context of the self-exclusion listed at the beginning of this Privacy Notice, that when balancing your interests with our legitimate interests that the processing of your personal data is proportionate and not intrusive. 
  • Substantial Public Interest: 
    • The processing of special category data is necessary for the purposes of ensuring the integrity of the data being processed within the National Self-Exclusion Scheme to ensure customers can accurately recognise those individuals that have self-excluded and protect vulnerable people from potential harm caused through gambling and the prevention of underage gambling and to keep crime out of gambling venues. We believe that the substantial public interest can be applied to the type of self-exclusion listed at the beginning of this Privacy Notice. 

Your privacy choices and rights 

Your rights 

You can exercise your rights by sending us an e-mail at pauls@bingo-association.co.uk. 

  • You have the right to access information we hold about you. 
    • This includes the right to ask us for supplementary information about: 
      • the categories of data we’re processing
      • the purposes of data processing
      • the categories of third parties to whom the data may be disclosed
      • how long the data will be stored (or the criteria used to determine that period)
      • your other rights regarding our use of your data. 

We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights) or conflict with our obligations to maintain the integrity of a national Self-Exclusion Scheme which is governed by the Gambling Commission. 

We will tell you if we can’t meet your request for any reason. 

  • You have the right to be ‘forgotten’ by us following the expiry of your self-exclusion: 
    • You can do this by asking us to erase any data we hold about you if it is no longer necessary for us to hold the data for purposes of your self-exclusion UNLESS we have a legal obligation to retain your data. 
  • You have the right to object to the processing of your data:
    • We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights) or conflict with our obligations to maintain the integrity of a national Self-Exclusion Scheme which is governed by the Gambling Commission. 
  • You have the right to lodge a complaint regarding our use of your data: 
    • Please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or as directed on their website at www.ico.org.uk

How secure is the data we collect? 

We have physical, technical and organisational procedures in place to appropriately safeguard and secure the data we collect. 

  • All data is stored in a secure ISO 27001 facility by AWS (Ireland). 
  • All data traffic is encrypted with SHA-256 RSA Encryption. 
  • We have Always-On Network Flow Monitoring. 
  • We have DDos protection services provided by AWS, including Automated Mitigation and all APIs are protected using a Throttling middleware. 
  • We have IP Attack Prevention in the form of Rack Attack Preventative Implemented. 

However, please remember: 

  • You provide personal data at your own risk: unfortunately, no data transmission across the internet is guaranteed to be 100% secure. 

If you believe your personal data may have been exposed to a data breach, please contact us immediately on pauls@bingo-association.co.uk. 

Where do we store the data? 

The data we collect is processed in IHL’s Data Centre hosted in Ireland, in our offices in Dunstable and also in data processing facilities operated by the third parties identified below. 

By submitting your data, you agree to this transfer, storing or processing by us. If we transfer or store your information outside the EEA in this way, we will take steps to ensure that your rights continue to be protected as outlined in this Privacy Notice. 

How long do we store your data? 

The duration of your self-exclusion agreement is the period set when submitting your exclusion (Exclusion Period), plus a maximum of 6 months (Thinking Period), followed by an additional 24 hours (Cooling Off Period). 

We will stop actively using any personal/identifiable data following the end of your self-exclusion agreement plus a further 6 months, after which your personal data will be anonymised. 

Other Third parties who process your data (Non-Partners) 

Businesses often use third parties to help them host their application, communicate with customers, power their emails etc. We contract with third parties who we believe are the best in their field at what they do. 

When we do this, sometimes it is necessary for us to share your data with them in order to get these services to work well. 

Your data is shared only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Notice. 

If third party providers (Processors) are established outside of the EU/EEA, we shall ensure that we contract only with third-party providers that are located in countries that ensure adequate levels of protection based on the European Commission’s adequacy decision or that The Bingo Association Ltd has entered into agreements with corresponding Standard Contractual Clauses (SCCs) and/or International Data Transfer Agreements (IDTAs) that ensure adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals. 

Here are the details of our main third-party service providers, and what data they collect or we share with them, where they store the data and why they need it: 

  • Amazon Web Services, Ireland 
    • We host our Self-Exclusion Scheme (BISES) on AWS Data Centres in Ireland. 
  • Google, USA 
    • We use a service called Google Vision to detect a face in a self-exclusion image as part of our quality control and validation processes. 
    • No image data is stored by Google. 

Cookies 

We do not use cookies in the collection of Self-Exclusion Data. 

Revision Date 23/05/2023