Last update: 24th May 2018
1.2 All personal information is subject to certain legal safeguards specified in the Data Protection Act 1998 and GDPR. To comply with UK law, we are registered with the Information Commissioner’s Office (ICO) and further details are published on a public register on the ICO website.
1.3 We are committed to the protection of your information security and are invested in providing you with a world class Information Security System compliant with ISO 27001 guidelines.
1.4 This policy and any other documents referred to in it sets out the basis on which we will collect and process any personal data.
2.1 Data is information which is stored electronically, on a computer, or in filing systems.
2.2 Personal Data means data relating to a living individual who can be identified from that data (or from that data and other information in our possession). Personal data can be factual (for example, a name, address or date of birth) or it can be an opinion about that person, their actions or behaviour.
2.3 Data Controllers are organisations or people that determine the purposes for which, and the manner in which, any personal data is processed. They are responsible for establishing practices and policies in line with the Data Protection Act 1998.
2.5 Data Processors include any person or organisation that is not a data user that processes personal data on our behalf and on our instructions. Employees of Data Controllers are excluded from this definition but it could include suppliers which handle personal data on our behalf.
2.6 Processing is any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
3. Our Data Protection Principles
3.1 Anyone processing personal data must comply with the eight enforceable principles of good practice. These ensure that personal data must be:
- Processed fairly and lawfully;
- Processed for limited purposes and in an appropriate way;
- Adequate, relevant and not excessive for the purpose;
- Not kept longer than necessary for the purpose;
- Processed in line with data subjects’ rights;
- Not transferred to people or organisations situated in countries without adequate protection.
4. Information we collect
4.1 Information we obtain from you
4.1.1 We collect personal information about you when you register to use our services. This includes:
- Your full name;
- Date of birth;
- Email address;
- Mobile number;
- Player name;
- PayPal, Apple Pay or credit/debit billing information and transaction details
4.2 Additional personal information that we collect from you generally includes:
- Communications sent to us by you;
- Additional records of correspondence between you and Reality Gaming;
- Your entries to various competitions and promotions;
- Your activity and behaviour in app, including game play;
- Your response to surveys or customer research that we may, from time to time, carry out;
- Additional information that you provide to us by using our services;
- Any other information you submit to us when using our services.
4.3 Information we collect from your device
4.3.1 We collect information from the devices you use to access our services in line with Google Analytics reporting and other applicable communication data.
4.3.2 We collect information from your device such as location, app crashes and server logs. A full list of the information collected from your device is available on request.
5. ID Verification
5.1 You must be 18 years old or over to use our services. To ensure that all our players are 18 years old of over, we use a third-party age verification provider AgeChecked.com. AgeChecked.com processes the following information to verify that you are eligible to use our services:
- Full name;
5.2 On certain occasions, we may require further information to verify your identity and age. We may request the following:
- Photographic identification document (passport, drivers licence or ID card)
- Proof of address (utility bill, bank statement)
- Any other information that may be required to verify you in accordance with applicable laws and regulations.
6.2 Clear GIFS Information: When you use our Service, we may employ technology such as “clear GIFs” which are used to track the online usage patterns of our users. In addition, we may also use clear GIFs in HTML-based emails sent to our users to track which emails are opened by specific users.
7. Information we obtain from external companies
7.1 Where a UK customer self excludes through GAMSTOP, the national self-exclusion scheme, we will receive a notification of this, which we will use to apply the applicable restriction across our services.
8. How we use your information and why
8.1 We use the information we hold about you in a range of different ways, which fall into the categories below:
- Provide you with the services you’ve requested
- Meet legal and regulatory obligations
- Marketing purposes which you have consented to
Each category above is explained in more detail below and each category gives you different rights over your personal data according to data protection laws.
8.2 Providing our products and services
8.2.1 In order for you to use our services, we use your data for the following reasons:
- Create an account;
- Provide you with the best possible level of customer service;
- Contact you regarding games played or account issues;
- Ensure you are in an eligible jurisdiction for real money gaming;
- Ensure your device supports our services and is secure.
8.2.2 When creating an account, you will choose a player name which will be displayed on leader boards, and game over screens. Please note that all players must have a player name to create an account.
8.2.3 This category is essential for us to provide you with service you registered for. If you do not want your data used in this way your option is to not use any of our services and to close your account.
8.3 Legal and Regulatory Obligations
8.3.1 For real money players located in the UK, we are required to comply with the UK Gambling Commission’s regulations. To comply with these requirements, we carry out checks during account opening, depositing and throughout the lifetime of your account to ensure all players play responsibly and legally.
8.3.2 We monitor player behaviour to ensure that any problem gambling behaviour is detected, and to ensure the relevant limits, and account restrictions are in place. We monitor the following:
- Game activity
- Transaction activity
- Session duration
8.3.3 We are committed to keeping crime out of our services in strict compliance with the Proceeds of Crime Act 2002 and the UK Gambling Commission. We have a duty as a gaming operator to be alert to attempts by customers to play with money acquired unlawfully. In order for us to monitor for criminal activity, we do the following:
- Verify players using our third-party provider using their name and address
- Checking for multiple accounts using the same payment method
- Checking for duplicate accounts
- Ensuring players can only withdraw to the payment method used to deposit
- Monitoring on a real-time basis all customer activity for suspicious, foul play manipulative and criminal activity
- Monitoring for excessive deposits, withdrawals or over spending
8.3.4 If we find any suspicious activity, we are obliged to report and share customer data with fraud prevention agencies, police and other law enforcement agencies.
8.3.5 This data is also used in making decisions about whether to place restrictions on people’s accounts, or to close their accounts.
8.4 How we use your data with your consent
8.4.1 We will occasionally carry out market research by sending you customer surveys or questionnaires. We will contact you asking for your permission, Taking part in research is completely voluntary and is for our purposes only.
8.4.2 We will send you offers and information only if you have given consent for us to do so, in which case we will contact you via the following:
- Push alerts;
- In app messages;
8.4.3 Players may opt out of all marketing activities by contacting [email protected], by disabling push notifications from their device settings and by unsubscribing to email marketing. You can update this whenever you want by contacting [email protected].
8.4.4 If you have consented to marketing, we will work with advertising companies such as Facebook, Adwords, Snapchat and Instagram to provide you with information about our products and services via their platforms. If you do not wish to see these adverts, please contact [email protected].
8.4.5 If you have withdrawn your consent to personalised marketing, you may still see general adverts about our services. These adverts will not be specifically targeted to you.
9. Sharing your data for business and legal purposes
9.1 We share your personal data with external organisations that carry out a range of services on our behalf. We ensure that every third party we work with complies with relevant data protection laws and information security standards. Our agreements with these service providers limit the information they can use, process or hold to ensure they keep your personal information secure.
9.2 The main functions that are or may be carried out by third parties are listed below:
- Customer services
- Payment processing
- Anti-fraud and money laundering checks
- Collusion monitoring
- IT services and support
- Legal and compliance related services
- Data analytics
- Resolve disputes
9.3 In order to comply with regulatory requirements, we are entitled to share the information we hold on you with the regulator and other bodies required by law.
9.4 Your account information and certain personal information is transmitted to a third-party service provider for the purpose of processing payments. If you choose to process payments using your PayPal account, your payments will be subject to PayPal’s terms of service.
10. Sharing your data for marketing purposes
10.1 If you have opted in for marketing we may share your personal data with third party marketing service providers. The main functions of these third parties may include:
- Management of marketing campaigns and audiences
- Communicating via email, SMS, push notifications, in app messages and phone
- Behavioural analytics
- Campaign attribution tracking
10.2 Third parties, including but not limited to, Facebook and AdWords, may collect and receive information from our Services and use that information to provide measurement services and targeted adverts. This only applies to those opted in for marketing.
11. Retaining your information
11.1 We hold your personal data as long as we have a valid legal reason to so do, which includes providing you with the services you have requested, meeting our legal and regulatory obligations, and resolving disputes.
11.2 Please note that if you opt out of receiving marketing, we will still need to retain contact details in order to prevent you from future marketing.
12. Your rights
12.1 You can opt out of receiving marketing at any time by contacting [email protected]. You also have the right to opt out of having your information used to create a ‘profile’ of you for marketing purposes.
12.2 You can update your personal details at any time. If you see any inaccurate information please contact [email protected] and we will update your personal data within 3 to 5 working days.
12.3 Data Protection law gives you the right to express an objection to activities detailed in the section 8. If you disagree with this section, please contact [email protected].
12.4 You have the right to be forgotten. Under data protection law, you have the right to request erasure of your personal data in the following circumstances:
- Regulators have found us to be processing your data unlawfully;
- Where we have no valid legal grounds for continuing to hold your data;
- Where you have withdrawn consent from marketing and requested us to delete the information we previously used for those purposes.
- Exercising your right to close your account and delete your personal data. Please note that we will not delete information if we still have a valid legal or regulatory reason to hold it.
12.5 You have the right to access the data we hold about you. If you would like a copy of the personal data we hold about you, please contact [email protected]. Before we respond to your request, we will ask you to provide a valid proof of identity. After we have verified your identity, we will provide you with a copy of the personal data we hold about you within 3 to 5 working days.
12.6 Under data protection laws, you have the right to data portability which allows individuals the right to require us to transfer your data to a recipient of your choice. This is a new initiative and is not yet possible to port data between gaming companies. However, if you wish to exercise this right please contact [email protected].
12.7 If you believe your privacy rights have been infringed, or you disagree with a decision, you have the right to complain to the regulator. Our data protection regulator is the UK’s ICO.
13. Keeping your data secure
13.1 We adhere to ISO27001 principles, and are PCI compliant. In order to ensure consistent Information Security we undergo annual security audits and quarterly reviews.
13.2 We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal information from unauthorised access, use, or disclosure.
13.3 Whilst neither we, nor any other organisation, can guarantee the security of information processed online, we do have appropriate security measures in place to protect your personal information.
13.4 We advise you to keep your mobile number and device secure and refrain from sharing it with others. You are responsible for maintaining the security of your password and mobile device. You are solely responsible for any and all activities that occur under your account.
14. Governing law