Privacy Policy

Last Updated 28 June 2019

Sportech PLC and its affiliates and subsidiaries (collectively, Sportech or “we or “us”) respects your right to privacy and the protection of your privacy is very important to us. Sportech pledges to meet fully, and where possible exceed, internationally-recognized standards of personal data privacy protection, including the General Data Protection Regulation.  This Privacy Notice explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights.

If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Notice.

We recommend that you read this Privacy Notice in full to ensure you are fully informed.  Topics covered in this Privacy Notice include:

What personal information does Sportech collect and why?
Who does Sportech share my personal information with?
Legal basis for processing personal information
Cookies and similar tracking technology
How does Sportech keep my personal information secure?
International data transfers
Data retention
Your data protection rights
Updates to this Privacy Notice
How to contact us

 

What personal information does Sportech collect and why?

The personal information that we may collect about you broadly falls into the following categories:

Information that you provide voluntarily

Certain parts of our Website may ask you to provide personal information voluntarily: for example, we may ask you to provide your contact details in order to subscribe to marketing communications from us, and/or to submit enquiries to us.  This information may include: (name, contact details, and company affiliation). The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

Information that we collect automatically

When you visit our Website, we may collect certain information automatically from your device.  In some countries, including countries in the European Union, this information may be considered personal information under applicable data protection laws.

Specifically, the information we collect automatically may include information like your IP address, device type, browser-type, broad geographic location (e.g. country or city-level location) and other technical information.  We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.

Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them.  We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.

Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology” below.

Information that we obtain from third party sources

From time to time, we may receive personal information about you from third party sources (including IP address, device type, browser-type, broad geographic location and other technical information), but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.

The types of information we collect from third parties include IP address, device type, browser-type, broad geographic location and other technical information.  We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.   We use the information we receive from these third parties to for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.

In general, we will use the personal information we collect from you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your personal information.

 

Who does Sportech share my personal information with?

We may disclose your personal information to the following categories of recipients:

  • to our group companies, third party services providers and partners who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Website), or who otherwise process personal information for purposes that are described in this Privacy Notice or notified to you when we collect your personal information;
  • to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice;
  • to any other person with your consent to the disclosure.

 

Legal basis for processing personal information (EU visitors only)

If you are a visitor from the European Union, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

However, we will normally collect personal information from you only (i) where we need the personal information to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person).

If we ask you to provide personal information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our platform and communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, or undertaking marketing.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.

 

Cookies and similar tracking technology

We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you, including to serve interest-based advertising.  For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Cookie Notice.

 

How does Sportech keep my personal information secure?

We use appropriate technical and organisational measures to protect the personal information that we collect and process about you.  The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.  Specific measures we use include the use of third-party website security vendor to shield our website from security breaches using built-in Web Application Firewalls (WAF). 

 

International data transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you are resident.  These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).

Specifically, our Website servers are located in the United States, and our group companies and third party service providers and partners operate around the world.  This means that when we collect your personal information we may process it in any of these countries.

However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice.

 

Data retention

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a product or service you have requested).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible, in accordance with our Data Retention Policy.

 

Your data protection rights (EU visitors only)

If you are a resident of the European Union, you have the following data protection rights:

  • If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.
  • In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you.  To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “How to contact us” heading below.
  • Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

 

Updates to this Privacy Notice

As Sportech expands the range of options and services available through this Web Site, the collection and use of personal data will also change to serve you better. Sportech may therefore update this Privacy Notice at any time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.

 

How to contact us

If you have any questions or concerns about privacy and security at Sportech and our use of your personal information, please contact us using the following details: [email protected].

Address:
Sportech PLC
Icarus House
Hawkfield Business Park
Bristol, BS14 0BN
United Kingdom

The data controller of your personal information is Sportech PLC.

GDPR FAQ’s – How Sportech Complies with EU Data Protection Laws

Introduction

We provide this note to answer the most frequently asked questions that our customers ask us about the GDPR. It does not (and is not intended to) confer legal advice – you should always speak to your own, independent legal advisers to understand your legal responsibilities under the GDPR.

This information is split up into two sections – the first provides an overview of the data protection law that applies to Sportech and the second provides a description of Sportech’s data processing operations and how it complies with applicable data protection law.

If you have a specific question about Sportech and its data protection practices, look below to read the FAQs. The topics covered are:

What are data protection laws?
What is the General Data Protection Regulation?
Who does the GDPR apply to?
European data protection law applies only to data controllers, doesn’t it?
What is a data controller and a data processor?
Does Sportech comply with the GDPR?
What types of products does Sportech provide?
What type of personal data is Sportech collecting?
Is Sportech a controller or processor?
What is Sportech ‘s lawful basis for processing personal data?
How does Sportech provide transparency to data subjects?
What data protection rights do data subjects have?
Will customer personal data ever be transferred outside Europe?
What data transfer solution does Sportech have in place?
What security measures does Sportech apply to protect personal data?
Will Sportech update its terms for GDPR compliance?
Who do I contact if I have further questions?

Data Protection Law

What are data protection laws?

Data protection laws are a set of laws that govern the way that businesses collect, use, and share personal data about individuals.  Among other things, they require businesses to process individuals’ personal data fairly and lawfully, to allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and to have in place appropriate security protections in order to protect the personal data that they process.

What is the General Data Protection Regulation?

The General Data Protection Regulation (or “GDPR”) (Regulation (EU) 2016/679) is Europe’s data protection law that applies from May 25th, 2018.  The GDPR is a major overhaul of the current data protection rules under the Directive, and Sportech, like many organizations, is taking steps to ensure that it is GDPR-ready when the new law comes into effect.

The GDPR aims to update Europe’s existing data protection rules to make sure they are fit for the 21st century.  Amongst other things, it harmonizes data protection rules throughout European Union member states, introduces new requirements for data processors (the current law applies only to data controllers), enhances individual’s privacy rights (introducing new rights to be forgotten and to data portability) and creates significant penalties for non-compliance (including potential fines of up to 4% annual worldwide turnover).

Who does the GDPR apply to?

The GDPR applies to any organization which is established within the European Union (i.e. has a subsidiary or branch in the EU).  It also applies to any non-EU organization which either:

(a) offer goods or services to individuals in the EU (including free goods and services); or

(b) monitors the behaviour of individuals in the EU (for example, through the use of advertising or analytics technologies).

European data protection law applies only to data controllers, doesn’t it?

While it is true that the previous data protection rules under Directive 95/46/EC applied only to data controllers, the GDPR applies both to data controllers and to data processors.  There are, however, more obligations imposed on data controllers under the GDPR than data processors.

What is a data controller and a data processor? 

A data controller is the entity that determines the “purposes and means of the processing” – or, in layman’s terms, how and why personal data will be processed.  A data processor processes personal data only on behalf of, and under the instruction of, a data controller.

Sportech’s Approach to Data Protection Law

Does Sportech comply with the GDPR?

Like any responsible organization, Sportech aims to comply with the data protection laws that apply to it.  Sportech does have an EU establishment, and therefore would be directly subject to the GDPR (see our FAQ above “Who does the GDPR apply to?”).

What types of products does Sportech provide?

Sportech provides the products and services that allow licensed operators to offer primarily wagering – primarily pari-mutuel in nature – to their patrons via numerous land based and digital channels. Sportech is a full-service wagering systems and service provider, managing betting operations for various land based and digital wagering operators, with services that include the provision of wagering hardware and software, phone, Internet and mobile account betting platforms, central wagering system software, and central betting system hosting and operations, and hardware and software maintenance services.

What type of personal data is Sportech collecting?

Sportech mainly gathers personal information through our website.  We also process personal data about our employees, individuals about whom information is collected in connection with the creation of content (including talent) and business contact data relating to our customers, suppliers and other individuals with whom we have a business relationship.  The information that we process may include limited amounts of sensitive personal data and we take care to protect all the personal information that we hold in accordance with law.

Is Sportech a controller or processor?

When providing its services to customers, Sportech processes data both as a data controller and a data processor.

What is Sportech ‘s lawful basis for processing personal data?

Sportech will only be able to process personal data if it can demonstrate it has a lawful processing ground, such as reliance on its legitimate interests, where processing is to comply with a legal obligation or with consent from the individual whose personal information is processed.

How does Sportech provide transparency to data subjects?

Sportech provides excellent high-level descriptions of the data it processes in its website privacy policy and employee privacy policies.

What data protection rights do data subjects have?

Under the GDPR, individuals can exercise the following rights against data controllers:

(a) a right to request access to, and a copy of, personal information processed about them;

(b) a right to correct any inaccurate or outdated personal information processed about them;

(c) a right to object to processing of their personal information;

(d) a right to request erasure of their personal information – for example, end users may want that their data gets deleted;

(e) a right to request that processing of their personal information be restricted – for example this can be supported with the “do not track” option in the browser; and

(f) a right not to be subject to automated decisions that significantly affect them or legally affect them.

Sportech put in place procedures to ensure that it handles all such requests made to it as a controller in compliance with the GDPR.  For data where Sportech is a processor, Sportech will forward any such requests it receives to the relevant customer to respond.

Will customer personal data ever be transferred outside Europe?

If our customers are located outside of Europe, then yes – of course!

Aside from that, please note that Sportech is a UK headquartered company with affiliates in the US and Canada, Ireland, Singapore, Germany, Turkey, France and Puerto Rico.  Customer personal data may be transferred outside Europe, including in the US, to our affiliates.  We also work with international service providers who help us to manage and deliver our services; however, they do so under strict contractual terms to ensure they protect the privacy and security of customer personal information.

While customer personal information may be accessed from and processed outside of Europe, the majority of customer personal information is stored in Europe.

What data transfer solution does Sportech have in place?

Sportech is currently working towards updating and implementing a global data transfer agreement to legalise the data flows between the various Sportech entities.

What security measures does Sportech apply to protect personal data?

Sportech is committed to ensuring that personal data is secure.  Sportech implements appropriate technical and organisational security measures to protect personal data against: (i) accidental or unlawful destruction; and (ii) loss, alteration, unauthorised disclosure or access.

Will Sportech update its terms for GDPR compliance?

Yes.  Sportech has reviewed its terms of service is updating these for compliance with GDPR requirements.

Who do I contact if I have further questions?

If you have any further questions about Sportech’s compliance with EU data protection requirements or the GDPR, please contact [email protected].