Last Updated: 17thDecember 2025
ClearStake Limited (“ClearStake”, “we, “our”, “us”) is committed to protecting the privacy and security of the personal data we collect about users of our website, end customers and users of our services (“you/your”). ClearStake is a limited company registered in England and Wales under registration number 12144899, and we have our registered office at 29 Harbour Exchange Square, London, England, E14 9GE. We are registered with the UK supervisory authority, the Information Commission(“IC”), in relation to our processing of personal data under registration number ZB047307.
The purpose of this privacy policy is to explain what personal data we collect about you when you use the ClearStake platform, as directed to do so by a gambling operator. When we do this, we are a data processor (and the relevant operator is the data controller).
We also act as an independent controller of your personal data when we anonymise your personal data to perform data analysis and for the further improvement of our services. This is explained in more detail later in this privacy policy.
Whether we act as a processor or an independent, we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to any services we offer to individuals in the European Union (EU) or European Economic Area (EEA).
We update this Privacy Policy from time to time in response to changes in applicable laws and regulations, changes to our processing practices and to products and services we offer. When changes are made, we will update the header section of this policy.
‘Personal data’ is any information from which you can be identified, either directly or indirectly. For example, your name or an online identifier.
‘Special category personal data’ is more sensitive personal data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.
For the type of Personal Data we may collect about you, please see the table below in the section entitled ‘Purposes for which we use your personal data and the lawful basis’.
Please review your gambling operator’s own privacy policy should you require more information regarding how they process your personal data through the ClearStake platform to fulfil their legal and regulatory obligations, specifically with regard to responsible gaming and anti-money laundering checks.
We collect most of this personal data directly from you when you use the ClearStake platform. However, we may also collect information from third parties such as the gambling operator who may have referred you to our service and from your bank where you choose to provide your data via open banking.
The personal data we may receive from the gambling operator will include your first name, last name, address, contact details (such as email address) and date of birth.
We will only use your Personal Data when the law allows. Most commonly, we will use your Personal Data in the following circumstances:
| Categories of individuals | Categories of Personal Data | Purpose of Processing | Lawful Basis |
|---|---|---|---|
| AS A PROCESSOR | |||
| Service User | - First Name - Last Name - Date of birth - Address - Information collected through Open Banking, such as details of your bank accounts and transactions on those accounts - Other documents as requested (for example: utility bills, bank statements, payslips) - Any other personal data you may provide us for the purposes of enhancing the data, or as requested by operators as part of their identity verification process. | To provide our services to the operator to verify your digital identity and/or conduct customer risk profiling, and to comply with safer gambling and anti-money laundering regulatory requirements in those respects. | Where we use the personal data you have given us access to and/or directly provided to us, we do so on the basis of consent, legitimate interests and performance of your contract with the operator. We rely upon your consent to access your banking data by establishing an Open Banking connection to your chosen bank account(s). If you have given such consent, we process your banking data to prepare a report(s) for the gambling operator because it is necessary for the performance of your contract with the gambling operator, and we will be unable to provide our services without the required banking data. |
| AS AN INDEPENDENT CONTROLLER | |||
| Service User | - First Name - Last Name - Date of birth - Address - Information collected through Open Banking, such as details of your bank accounts and transactions on those accounts - Other documents as requested (for example: utility bills, bank statements, payslips) - Any other personal data you may provide us for the purposes of enhancing the data, or as requested by operators as part of their identity verification process. | To create an anonymised dataset, upon which we perform analysis to monitor and improve our services, and generate statistical or demographic insights. Anonymisation means that the data is no longer linked to an identified or identifiable natural person. As a result, it ceases to be considered personal data under the UK and EU GDPR. | It is our legitimate interest to anonymise your personal data in order to monitor and improve our service and generate insights from the anonymised data set |
We will not usually transfer your personal data outside the UK and the European Economic Area (“EAA”). However, in certain circumstances this may be necessary in order to provide our services to you, such as if a supplier we use to provide our service to you is based outside of the UK or EEA.
We have taken appropriate steps to ensure that personal data processed outside the UK or EEA has an essentially equivalent level of protection to that guaranteed in the UK and EEA.. We do this by ensuring that:
We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims. For more information about our retention periods, please contact us at privacy@clearstake.com.
At the end of the retention period, your personal data will be securely deleted or anonymised, for example, by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.
We have implemented appropriate technical and organisational measures to safeguard your personal data and protect it from accidental or unlawful destruction, loss or alteration and from unauthorised disclosure or access.
In addition to the technical and organisational measures we have put in place, there are a number of simple things you can do to in order to further protect your personal information, such as;
Secure Online Services
You can easily identify secure websites by looking at the address in the top of your browser which will begin https:// rather than http://.
You have certain rights in relation to the processing of your personal data, including to:
Right to withdraw consent
In the circumstances where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are permitted by law to do so.
How to exercise your rights
You will not usually need to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. If you wish to exercise your rights, please contact us at privacy@clearstake.com.
Please note that where you wish to exercise your rights in relation to personal data processed as part of ClearStake’s service that we may, in certain circumstances, also direct your request to the relevant gambling operator to ensure that your request is dealt with comprehensively.
You have the right to complain if you consider that we have not complied with the data protection law when handling your Personal Data. We will acknowledge receipt of your complaint within 30days, investigate the matter without undue delay, and keep you informed of the progress and outcome. If you wish to complain please use the contact details given below under “How to contact us”. We will do our best to resolve the matter to your satisfaction.
If you are not satisfied with the outcome of your complaint, you can complain with the relevant supervisory authority. The supervisory authority in the UK is the Information Commission who can be contacted online at:
For supervisory authorities in other countries within the EU see the link below:
If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, then please address your correspondence to:
ClearStake Limited, 29 Harbour Exchange Square, London, E14 9GE, England.
Alternatively, you can email us at privacy@clearstake.com.
We have also appointed a Data protection Officer (“DPO”). Our DPO is Evalian Limited and can be contacted by emailing dpo@evalian.co.uk or via our postal address. If sending correspondence to our postal address, please mark the envelope to the ‘Data Protection Officer’.
