Service User Privacy Policy

Last Updated: 3rd June 2025

  1. Introduction
  2. What is personal data?
  3. Personal data we collect
  4. How we collect your personal data
  5. Purposes for which we use your personal data and the lawful bases
  6. Sharing your personal data
  7. International transfers
  8. How long we keep your personal data
  9. Security of your personal data
  10. Your rights
  11. How to complain
  12. How to contact us

1. Introduction

ClearStake Limited (“ClearStake”, “we, “our”, “us”) is committed to protecting the privacy and security of the personal data we collect about users of our website, end customers and users of our services (“you/your”). ClearStake is a limited company registered in England and Wales under registration number 12144899, and we have our registered office at 29 Harbour Exchange Square, London, England, E14 9GE. We are registered with the UK supervisory authority, the Information Commissioner’s Office (“ICO”), in relation to our processing of personal data under registration number ZB047307.

The purpose of this privacy policy specifically, is to explain what personal data we collect about you when you use the ClearStake platform, as directed to do so by a gambling operator. When we do this, we are independent and joint controllers (jointly with the relevant operator).

Where we are a joint controller, this means that we, together with the operator, determine together the purposes and manner through which we are processing your personal data, such as when verifying your identification. This is explained in more detail later in this privacy policy.

We also act as an independent controller of your personal data where we solely determine the purposes and manner through which we are processing your personal data, such as when we anonymise your personal to perform data analysis for the further improvement of our services. This is explained in more detail later in this privacy policy.

Please read this privacy policy carefully as it provides important information about how we handle your personal data and your rights. We update this Privacy Policy from time to time in response to changes in applicable laws and regulations, changes to our processing practices and to products and services we offer. When changes are made, we will update the header section of this policy. If you have any questions about any aspect of this privacy policy you can contact us using the information provided below or by emailing us at privacy@clearstake.com.

2. What is my personal data

‘Personal data’ is any information from which you can be identified, either directly or indirectly. For example, your name or an online identifier.

‘Special category personal data’ is more sensitive personal data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.

3. Personal data we collect

We collect, use and process certain personal data about you, as directed by the controller (operator). When we do so we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to any services we offer to individuals in the European Union (EU) or European Economic Area (EEA).

Joint controller - the personal data we may collect, as a joint controller, includes your:

  • First name
  • Last name
  • Date of birth
  • Address
  • Phone number
  • Email address
  • Information collected through Open Banking, such as details of your bank accounts and transactions on those accounts
  • Other documents as requested (for example: utility bills, bank statements, payslips)
  • Any other personal data you may provide us for the purpose of enhancing the data, or as requested by banks as part of their identity verification process.

Please review your gambling operator’s own privacy policy should you require more information regarding how they process your personal data through the ClearStake platform to fulfil their legal and regulatory obligations, specifically with regard to responsible gaming and anti-money laundering checks.

Independent controller - the personal data we may collect, as an independent controller, includes your:

  • First name
  • Last name
  • Contact details
  • Date of birth
  • Address
  • information collected through Open Banking, such as details of your bank accounts and transactions on those accounts

We may also process your personal data to create an anonymised dataset from it. We then perform analysis upon this dataset to improve our services. Anonymisation means that the data is no longer linked to an identified or identifiable natural person. As a result, it ceases to be considered personal data under the UK GDPR and the EU GDPR.

4. How we collect your personal data

We collect most of this personal data directly from you when you use the ClearStake platform. However, we may also collect information from third parties such as the gambling operator who may have referred you to our service and from your bank where you choose to provide your data via open banking.

The personal data we may receive from the gambling operator will include your first name, last name, address, contact details (such as email address) and date of birth.

5. Purposes for which we use your personal data and the lawful basis

We collect your personal data in order to provide our services to you, jointly and separately with the gambling operator. This involves processing your personal data for compliance purposes, such as affordability checks and identity checks and anti-money laundering compliance. Where we use the personal data you have given us access to and/or directly provided to us, we do so on the basis of consent, legitimate interests and performance of your contract with the operator.

We rely upon your consent to process the banking data you enter and for the purposes of establishing an Open Banking connection.

Where personal data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.

We rely upon legitimate interests to perform our anonymisation process on your personal data, in order to create an anonymised dataset that we can analyse to monitor our performance and enhance our services, which allows us to provide a better service to you.

We additionally rely upon legitimate interest to conduct behavioural insight checks upon your data that may indicate a risk of fraud or identity theft. This is in our legitimate interest to ensure that anti-money laundering regulations are complied with.

6. Sharing your personal data

We may share your personal data with our service providers who support our products which we provide to you. When data is shared with our service providers, they only use the data on our written instructions and we implement appropriate safeguards to protect and secure your data.

We also share relevant data with specific gambling operators who you have given consent for your data to be shared with. Please note that the criteria of personal data shared with the gambling operators may vary depending on the nature of the check. For example, checks requiring enhanced due diligence may contain more personal data than those used for confirmation of income.

For some business activities, we may share your personal data with our vendors and third party service providers, for instance, with the third parties listed below:

  • Professional advisors, such as lawyers, accountants, auditors and other professionals
  • Third party companies in the event that we are involved in a corporate transaction, such as an actual or potential merger, joint venture, consolidation or asset sale. We may, from time to time, expand or reduce ClearStake and this may involve the sale and/or the transfer of controller of all or part of our business. Any personal data that you have provided will, where it is relevant to the part of our business that is being transferred, be shared alongside that. The new owner or newly controlling party will be permitted to use that personal data only for the purposes for which it was originally collected by us.

Personal data may also be shared with other third parties including government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim and to other third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.

7. International transfers

We will not usually transfer your personal data outside the UK, however, in certain circumstances this may be necessary in order to provide our services to you, such as if the gambling operator who is reviewing your risk profile is established in a country outside of the UK.

We have taken appropriate steps to ensure that where personal data is processed outside the UK, it has an essentially equivalent level of protection as it has within the UK. We do this by ensuring that:

  • Your personal data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation); or
  • We enter into either International Data Transfers Agreements (IDTAs) or Standard Contractual Clauses (SCCs) with the UK Addendum with the receiving organisations and ensure that supplementary measures are also applied, where necessary.

8. How long we keep your personal data

We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims. For more information about our retention periods, please contact us at privacy@clearstake.com.

At the end of the retention period, your personal data will be securely deleted or anonymised, for example, by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.

9. Security of your personal data

We have implemented appropriate technical and organisational measures to safeguard your personal data and protect it from accidental or unlawful destruction, loss or alteration and from unauthorised disclosure or access.

In addition to the technical and organisational measures we have put in place, there are a number of simple things you can do to in order to further protect your personal information, such as;

  1. If you’re logged into any online service do not leave your computer unattended.
  2. Close down your internet browser once you’ve logged off

Secure Online Services

You can easily identify secure websites by looking at the address in the top of your browser which will begin https:// rather than http://.

10. Your rights

You have certain rights in relation to the processing of your personal data, including to:

  1. Request access to your personal data (commonly known as a “Subject Access Request”). This enables you to receive a copy of the personal data we hold about you.
  2. Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  3. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  4. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. If you object to us using your personal data for marketing purposes we will stop sending you marketing material.
  5. Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data, for example if you want us to establish its accuracy or the reason for processing it.
  6. Request the transfer of your personal data to another party (data portability).
  7. Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making. Please be aware that the gambling operator may use automated decision making when reviewing the results produced by the ClearStake platform. Should you require more information on this please contact your gambling operator (that has referred you to us) or review their privacy policy.

Right to withdraw consent

In the circumstances where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are permitted by law to do so.

How to exercise your rights

You will not usually need to pay a fee to access your personal data (or to exercise any of the other rights).However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. If you wish to exercise your rights, please contact us at privacy@clearstake.com.

Please note that where you wish to exercise your rights in relation to personal data processed as part of ClearStake’s service that we may, in certain circumstances, also direct your request to the relevant gambling operator to ensure that your request is dealt with comprehensively.

11. How to complain

You have the right to lodge a complaint with the supervisory authority, if you believe we are infringing the UK data protection laws or you are concerned about the way in which we are handling your personal data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:

12. How to contact us

If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, then please address your correspondence to:

29 Harbour Exchange Square, London, England. E14 9GE

Alternatively, you can email us at privacy@clearstake.com.

We have also appointed a Data protection Officer (“DPO”). Our DPO is Evalian Limited and can be contacted by emailing dpo@evalian.co.uk or via our postal address. If sending correspondence to our postal address, please mark the envelope to the ‘Data Protection Officer’.

The simple way to request financial data

Talk to us
ClearStake
29 Harbour Exchange Square, London, England, E14 9GE
Resources
NewsMrQ
About
Website Privacy PolicyService User Privacy PolicyCookie PolicyCookie Settings
© 2025. All Rights Reserved. ClearStake Limited
Cookies
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Preferences
DenyAccept