GDC Media Limited, a subsidiary of Gambling.com Group Limited (Nasdaq: GAMB) (“GAMB”), is the owner of the websites operated by and on behalf of the Group.
The terms “GDC”, “we”, “us”, or “our” refer collectively to GAMB, and its current and future subsidiaries (“Group Members”).
GDC Media Limited has licensed the operation of certain GDC’s websites in certain geographic locations to other Group Members, including:
(a) all GDC websites operating in the United States to GDC America Inc., a GAMB subsidiary;
(b) certain GDC websites operating in the area of the United States to Roto Sports, Inc., a GAMB subsidiary, under a sub-license from GDC America; and
(c) certain GDC websites operating worldwide (excluding the United States), to NDC Media Limited, a GAMB subsidiary.
This Privacy and Cookies Policy (“Policy”) describes the practices of GDC Media Limited, including the Group Members involved in the operation of the GDC’s websites in different geographic locations and the rights and choices available to individuals regarding personal data.
GDC respects your privacy and is committed to protecting your personal data. Personal data means any information that relates to an identifiable individual. It does not include data where the ability to identify an individual has been removed (anonymous data).
This Policy describes the rights and choices regarding your personal data. It is important that you read the Policy carefully. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact us using the details set out below.
We may alter this Policy as needed for certain services of GDC and to abide by local laws or regulations around the world, such as by providing supplemental information in certain countries. This Privacy Notice does not apply to GDC’s processing of the personal data of its personnel, such as employees and contractors.
We also provide important additional information in paragraph 8 that is solely applicable to individuals located within the Member States of the European Union, countries in the European Economic Area, the United Kingdom, and Switzerland (collectively, “Europe” or “European”) and for individuals located in the State of California, United States:
We collect personal data about individuals from various sources described below. Where applicable, we indicate whether and why individuals must provide us with personal data, as well as the consequences of failing to do so. We may collect, use, store and transfer different kinds of personal data about you (“Personal Data”) which we have grouped as follows:
“Personal Information” includes any information from which you can be personally identified, including your name, surname, email address, telephone number or mobile number.
“Profile Data” includes a username, password and a profile image that an individual may establish and upload on one of our websites or mobile applications, along with any other information that an individual enters into their account profile;
“Financial account data” includes payment card details or bank account details;
“Recruitment Process Data” includes the CV and any covering letter of a job applicant and notes taken for the duration of your recruitment process relating to a job application and interview of a job applicant; Other information supplied by a job applicant, such as professional credentials and skills, educational and work history, and other information of the type included on a CV or covering letter;
“Technical Data” includes internet protocol (IP) address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access our websites;
“Usage Data” includes information about how you use our websites.
We also may collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.
We do not collect any information about your race, ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. However, if you are applying for a job with us, we will collect information about criminal convictions and offences.
We automatically collect Technical Data and Usage Data. If you are using a mobile device, we collect data that identifies your mobile device, device-specific settings and characteristics, app crashes and other system activity.
We may use different methods to collect data from and about you including the following:
Generally, our websites can be accessed and used without registration and without having to provide us any Personal Data (Personal Information, Profile Data, and/or Recruitment Process Data). You may opt in to receive information about promotions, bonuses, bets, tips and strategy by subscribing to our mailing list by providing your email address. You may any time opt out from receiving such communications by writing to us or clicking the “unsubscribe” button in any of our emails to you. In case you contact us, whether by email, through contact forms, or in other writings, we may keep a copy of that correspondence. We will not share your Personal Data with third parties for marketing purposes unless you have provided us with your express consent to do so.
We may use your Personal Data for the purposes of:
Providing our services, which may include:
For research and development
We use the information we collect for our own research and development purposes, which include:
We may use your Personal Data to form a view on what services we think you may want or need or what may be of interest to you.
We may contact you with marketing communications using the Personal Data you have provided to us if you have actively expressed your interest in availing of our services or have availed of our services and, in any case, you have not opted out of receiving that marketing, to the extent permitted by applicable law.
You can ask us to stop sending you marketing messages at any time by contacting us using the details below or clicking on the opt-out link included in each marketing message.
Should you choose to opt out of receiving our marketing messages, we will continue to conduct our other relevant activities using your Personal Data, including sending non-marketing messages.
Managing our recruiting and processing employment applications
We process Personal Data, such as information submitted to us in a job application, to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics.
Complying with law
We use your Personal Data as we believe necessary and appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
Compliance, fraud prevention and safety
We use your Personal Data as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
With your consent
In some jurisdictions, applicable law may require us to request your consent to use your Personal Data in certain contexts, such as when we would like to send you certain marketing messages. If we request your consent to use your Personal Data, you have the right to withdraw your consent any time in the manner indicated when we requested the consent or by contacting us. If you have consented to receive marketing communications from our third-party partners, you may withdraw your consent by contacting those partners directly.
To create anonymous data
We may create anonymous data from your Personal Data and other individuals whose Personal Data we collect. We make Personal Data into anonymous data by excluding information that makes the data personally identifiable to you and use that anonymous data for our lawful business purposes.
We may have to share your data to the following parties:
We may disclose your Personal Data to other Group Members for purposes consistent with this Policy.
We may employ third parties to administer and provide services on our behalf (such as third parties that provide customer support, third parties that we engage to host, manage, maintain, and develop our websites, mobile applications, and IT systems, and third parties that help us process payments). These third parties may use your information only as directed by us and in a manner consistent with this Policy. These third parties are prohibited from using or disclosing your information for any other purpose.
Participants in the transaction processing chain
We may share your Personal Data with companies in the transaction processing chain in connection with processing a payment transaction, such as merchants, banks or other card issuers, card associations, debit network operators and their members.
We may disclose your Personal Data to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary, in the course of the professional services that they render to us.
Compliance with Laws and Law Enforcement; Protection and Safety
GDC may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors, subsidiaries, affiliates and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality. We have put in place commercially reasonable procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will process and store the relevant Personal Data for as long as it is necessary or required in order to fulfil our legal, contractual, or statutory obligations and/or for the establishment, exercise or defence of legal claims.
In this section, we describe the rights and choices available to all users. Users who are located in Europe may read additional information about their rights in paragraph 8 below.
You can ask us to stop sending you marketing messages at any time by contacting us or clicking on the opt-out link included in each marketing message. You may continue to receive service-related and other non-marketing messages.
Choosing not to provide your Personal Data
Where we request Personal Data directly from you, you do not have to provide it to us. If you decide not to provide the requested information, in some circumstances we may be unable to provide services to you. For example, we may be unable to process your transaction.
Accessing, modifying or deleting your information
In some jurisdictions, applicable law may provide a right for individuals to access, modify, or delete their Personal Data in some. You may contact GDC directly to request access to, modify or delete your information. We may not be able to provide access to, modify, or delete your information in all circumstances.
If you have a complaint about our handling of your Personal Data, you may contact our data protection officer using the contact information below. We request that a complaint be made in writing. Please provide details about your concern or complaint so that we can investigate it. We will determine whether to take action in response to your complaint, which, if we do so, may include conducting internal discussions with relevant business representatives. We may contact you for additional details or clarification about your concern or complaint. We will contact you to inform you of our response to your complaint. You also may have a right to file a complaint with a national or local regulatory agency.
GDC is the data controller for the purpose of the General Data Protection Regulation (“GDPR”), and other applicable data protection laws. This means that GDC is principally responsible for looking after your Personal Data and this Policy determines the means and purposes of processing of Personal Data.
Legal bases for processing
We are required to inform you of the legal bases of our processing of your Personal Data, which are described in the table below. If you have questions about the legal basis of how we process your Personal Data, please contact us at [email protected].
Use for new purposes
We may use your Personal Data for reasons not described in this Policy where permitted by law and the reason is compatible with the purpose for which we collected it.
How long will we use your Personal Data?
We will use your Personal Data for as long as necessary based on why we collected it and what we use it for. This may include our need to satisfy a legal, regulatory, accounting, or reporting requirement.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In general terms, we will retain your Personal Data for the duration of your involvement/engagement with us and for as long as reasonably necessary afterwards. There are also certain types of information which are required to be retained for a certain period by law.
Your individual legal rights
You have the right to obtain access, rectification, erasure, restriction of Personal Data, portability of Personal Data and to object to the processing of your Personal Data, under the conditions and restrictions laid out in Chapter III of the GDPR as follows:
If you have any questions about this Policy or wish to exercise any of the rights set out above, please contact us at [email protected].
We may need to request specific information from you to help us confirm your identity and ensure you are entitled to exercise a right in respect of your Personal Data. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
There may be legal or other reasons why we cannot, or are not obliged to, fulfil a request to exercise your rights. We will use available lawful exemptions to your individual rights to the extent appropriate. If we decline your request, we will tell you why, subject to legal restrictions.
You also have the right to make a complaint at any time to a supervisory authority (for more information go to https://edpb.europa.eu/about-edpb/board/members_en).
We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide California residents with an information of how we collect, use and share their Personal Data, and of the rights and choices we offer California residents regarding our handling of the Personal Data.
Your California privacy rights
As a California resident, you have the rights listed below. However, these rights are not absolute, and we may decline your request as permitted by the CCPA.
How to exercise your rights
You may exercise your California privacy rights as follows:
Right to information, access and deletion
You can request to exercise your information, access and deletion rights by:
Sale of Personal Information
We do not sell your Personal Information to third parties as defined in the CCPA.
Personal information that we collect, use and share
The table below summarizes what data we may collect or what data may have been collected from California residents during the last 12 months before the effective date of this Policy.
Please note that the categories and examples provided in the list below are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact collected by GDC but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been collected. For example, certain categories of personal information would only be collected if you provided such personal information directly to us.
Cookies are small pieces of data served on your computer that remember what you enter while you're browsing a website. For more information about cookies and how they work, please visit: www.aboutcookies.org.
More information on how to deactivate or delete cookies can be found below as well as on https://www.aboutcookies.org/cookie-faq/.
Some browsers provide helpful cookie guides:
In addition, Google Analytics provides its own opt-out options:
In the case of mobile devices, it may be necessary to consult the device’s instruction manual to manage cookies effectively. Restriction of cookies may have an impact on the functionality of our websites.
Essential cookies are necessary for our websites to work effectively. They help to make our websites usable by enabling basic functionalities such as page navigation and accessibility to secure areas of our websites. Cookies of this nature may also be used to protect and accelerate our websites for security reasons and to identify our trusted visitors. They may filter bots and distinguish them from legitimate users, preventing any form of spam activity on our websites.
Preference cookies enable our websites to remember information that changes the way our websites behave or look. They may also be used to provide services you have asked for.
Analytics cookies analyse information about how our websites are being used. Analytics cookies can process information about the number of visitors to our websites, where visitors to our websites came from, the pages they visit, scrolling activities, downloads, information about user agents, time spent on our websites and approximate geo-location of a device that you use to access our websites. We use this information to compile reports that help us to improve our websites.
In case we allow others to service cookies through our websites and/or apps, these cookies are called “third party cookies”.
Below is more information about most common cookies that we use, how they are used, and how long they will be stored on your computer or device.
Our most common cookies are:
If you have any questions about this Policy or you wish to exercise any of the rights set out above, please contact us at [email protected].
We will respond to all legitimate requests promptly and, in any event, within any timeframes prescribed by applicable law. In general, we must respond to queries within one month from the receipt of the request. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.