Last Updated: 18th July 2024
ClearStake Limited (“ClearStake”, “we, “our”) is committed to protecting the privacy and security of the personal data we collect about end customers and users of our services (“you/your”).
The purpose of this privacy notice is to explain what personal data we collect about you when visit our website. When we do this, we are the data controller. Please note that this privacy notice applies to website users only. Please see our Platform Privacy Notice for more information on how your personal data will be handled when using our affordability platform.
Please read this privacy notice carefully as it provides important information about how we handle your personal information and your rights. If you have any questions about any aspect of this privacy notice you can contact us using the information provided below or by emailing us at privacy@clearstake.com.
‘Personal data’ is any information from which you can be identified, either directly or indirectly. For example, your name or an online identifier.
‘Special category personal data’ is more sensitive personal data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.
We collect, use and process certain personal data about you, as directed by the controller(operator). When we do so we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to any services we offer to individuals in the European Union (EU) or European Economic Area(EEA). The personal data we may collect, on behalf of the controller, includes your:
We may also process your personal data to create an anonymised dataset from it. We then perform analysis upon this dataset to improve our services. Anonymisation means that the data is no longer linked to an identified or identifiable natural person. As a result, it ceases to be considered personal data under the UK GDPR.
We collect most of this personal data directly from you when you use the ClearStake service. However, we may also collect information from third parties such as the gambling operator who may have referred you to our service and from your bank where you choose to provide your data via open banking.
The personal data we may receive from the gambling operator will include your first name and last name.
We collect your personal data in order to provide our services to you, on behalf of the gambling operator (this means that the operator is the controller and we are the processor for this processing). This involves processing your personal data for compliance purposes, such as affordability checks and anti-money laundering compliance. Where we use the personal data you have given us access to and/or directly provided to us, we do so on the basis of consent and performance of your contract with the operator.
We rely upon your consent to process the banking data you enter and for the purposes of establishing an Open Banking connection.
Where personal data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.
We rely upon legitimate interests to perform our anonymisation process on your personal data, in order to create an anonymised dataset that we can analyse to monitor our performance and enhance our services, which allows us to provide a better service to you.
We may share your personal data with our service providers who support our products which we provide to you. When data is shared with our service providers, they only use the data on our written instructions and we implement appropriate safeguards to protect and secure your data.
We also share relevant data with specific gambling operators who you have given consent for your data to be shared with. Please note that the criteria of personal data shared with the gambling operators may vary depending on the nature of the check. For example, checks requiring enhanced due diligence may contain more personal data than those used for confirmation of income.
We will not usually transfer your personal data outside the UK, however, in certain circumstances this may be necessary in order to provide our services to you, such as if the gambling operator who is reviewing your risk profile is established in a country outside of the UK.
We have taken appropriate steps to ensure that where personal data is processed outside the UK, it has an essentially equivalent level of protection as it has within the UK. We do this by ensuring that:
We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.
At the end of the retention period, your personal data will be securely deleted or anonymised, for example, by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.
We have implemented appropriate technical and organisational measures to safeguard your personal data and protect it from accidental or unlawful destruction, loss or alteration and from unauthorised disclosure or access.
In addition to the technical and organisational measures we have put in place, there are a number of simple things you can do to in order to further protect your personal information, such as;
Secure Online Services
You can easily identify secure websites by looking at the address in the top of your browser which will begin https:// rather than http://.
You have certain rights in relation to the processing of your personal data, including to:
Right to withdraw consent
In the circumstances where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are permitted by law to do so.
How to exercise your rights
You will not usually need to pay a fee to access your personal data (or to exercise any of the other rights).However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Please note that if you are a customer and wish to exercise your rights in relation to personal data processed as part of ClearStake’s service that you should, in the first instance, contact the relevant operator to exercise this right. This is because the controller of your personal data (the operator) is responsible for facilitating your rights request, in this instance.
The operator’s contact details (for exercising your rights) are often located within their privacy notice.
If you wish to exercise your rights relating to non-customer related personal data, please contact us at privacy@clearstake.com.
You have the right to lodge a complaint with the supervisory authority, if you believe we are infringing the UK data protection laws or you are concerned about the way in which we are handling your personal data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:
If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, then please address your correspondence to:
29 Harbour Exchange Square, London, England. E14 9GE
Alternatively, you can email us at privacy@clearstake.com.
We have also appointed a Data protection Officer (“DPO”). Our DPO is Evalian Limited and can be contacted by emailing dpo@evalian.co.uk or via our postal address. If sending correspondence to our postal address, please mark the envelope to the ‘Data Protection Officer’.
