General Data Protection Regulation (GDPR)

This is a forum for discussing privacy abuse. Some bookmakers secretly use insidious tracking techniques on computers and smartphones. The one product most talked about is 'iesnare', which is never specifically mentioned in terms and conditions, but there are plenty of other privacy abuses you may not be happy with. Let everyone know.
Jimmy Justice
Site Admin
Posts: 594
Joined: Wed Jan 13, 2016 9:16 am

Re: General Data Protection Regulation (GDPR)

Post by Jimmy Justice » Thu Jul 26, 2018 7:31 am

Also, it would really help if you have a copy of your communication to them. You can send this to our secure email if you prefer: info@justiceforpunters.org

Thanks.

JJ

dobie2089
Supporter
Posts: 10
Joined: Fri Jul 20, 2018 12:49 am

Re: General Data Protection Regulation (GDPR)

Post by dobie2089 » Thu Jul 26, 2018 9:30 am

Yes of course you can JJ , will post it up later when I have a little more time . Also appreciate you will be no doubt very busy , but any help with the specific wording and content on the complaint form would be much appreciated .

Steve

dobie2089
Supporter
Posts: 10
Joined: Fri Jul 20, 2018 12:49 am

Re: General Data Protection Regulation (GDPR)

Post by dobie2089 » Thu Jul 26, 2018 11:56 am

This was my reply to them after they had refused my complaint against sky . I took parts of what i've read on here to formulate my response , but I only have an o level in English ( and that was a long time ago :cry: ) ..so i'm sure with some assistance my complaint against the ICO could be worded a lot better .

Dear Ms Walters ,

Thankyou for your response regarding my concern against sky betting and gaming .

To quote part of your response :

"Generally speaking, if an organisation has a genuine need to continue processing personal data (for example, because of a legal obligation to do so), they will be able to do this. However, each request must be judged on its own merits and organisations will need to be able to justify why it has refused a request.



In its response to your request, Sky Bet clarified that it must retain your personal data in order to comply with its legal obligations.

Therefore, I am satisfied that Sky Bet has responded appropriately, and no further action will be deemed necessary."



can you please tell me what possible legal obligation sky might have, to continue processing data from an account which has been closed by myself and is inactive ? The customer /supplier relationship between myself and sky has been terminated therefore i fail to see the need for sky to continue to hold and process my data .

I'd also like to quote an article from the remote gambling association which also covers this issue :

“55. Customers have the right to have their data ‘erased’ in certain specified situations. This is in essence where the processing fails to satisfy the requirements of the GDPR. Where customers seek to exercise these rights, data controllers must respond without undue delay (and in any event within one month). This period can be extended in difficult cases, but data controllers would need to demonstrate their justification for relying on the extension provision.”

In my opinion " certain specified situations" in the case of gambling companies appears to mean any situation except where a person has self excluded or is suspected of crime ...to clarify I fit into neither of those two categories !

In summary I am not happy with the conclusions you have drawn , and feel that the issue needs to re examined and the above points responded to .

With regards ,

Steve .......

Jimmy Justice
Site Admin
Posts: 594
Joined: Wed Jan 13, 2016 9:16 am

Re: General Data Protection Regulation (GDPR)

Post by Jimmy Justice » Fri Jul 27, 2018 11:18 am

Hi Steve,

Here is my suggestion, I hope it helps. Edit as you see sensible.

Dear Ms Walters,

Thank you for your most recent response regarding my concern against Sky Betting and Gaming.

To quote part of your response:
“In its response dated 3 June, it is clear that Sky Bet is aware of its data protection obligations and is taking them seriously. Although you remain unhappy, this isn’t something that we’ll consider further.”

I assume from this that you feel I’m not worthy of any further use of your time? However, I wish you to explain to me on what basis you feel, “Sky Bet is aware of its data protection obligations and is taking them seriously,” when it’s quite clear that they have not explained to you or me the legislation that supports their claim that they must retain my personal data in order to comply with their legal obligations. At present, I conclude from this, that you are quite happy for a company to make claims concerning data erasure without them providing relevant evidence for that claim, i.e. you will let them claim anything they wish?

I’ve explained previously that the Gambling Commission (http://www.gamblingcommission.gov.uk/fo ... -GDPR.aspx) has stated that personal data must be kept for criminal and social responsibility reasons. I’ve also mentioned that neither of these factors apply to me, so I have to assume you are not believing what I’ve stated?

In my view, you have decided that Sky Betting & Gaming is, “Aware of its data protection obligations and is taking them seriously,” based on little evidence, unless you have other evidence you are not sharing with me.

I don’t wish to make a complaint about the way my enquiry has been handled, I would prefer you to go back to Sky Betting and Gaming, if you don’t already have this information and ask them what legislation and sections therein allow them to retain and continue processing data from an account which has been closed by myself and is inactive? The customer/supplier relationship between myself and the company has been terminated. As I’ve previously stated I’m not suspected of crime or having a gambling problem. If it’s not the ICO’s job to ask these questions, please could you inform me whose job it is?

Finally, I suspect, but as yet cannot prove, that Sky Betting and Gaming is refusing to erase my personal data purely for commercial risk management reasons. Please can you advise whether this is a valid legal reason to retain personal data under GDPR?

Thank you in anticipation.

Yours sincerely,

dobie2089
Supporter
Posts: 10
Joined: Fri Jul 20, 2018 12:49 am

Re: General Data Protection Regulation (GDPR)

Post by dobie2089 » Fri Jul 27, 2018 1:59 pm

Brilliant , thanks a lot for that JJ ..will bob pretty much all of that over as it stands and update on here the response .

Jimmy Justice
Site Admin
Posts: 594
Joined: Wed Jan 13, 2016 9:16 am

Re: General Data Protection Regulation (GDPR)

Post by Jimmy Justice » Sun Jul 29, 2018 9:38 am

No worries. Cheers!

flook
Supporter
Posts: 10
Joined: Mon Jul 16, 2018 4:32 pm

Re: General Data Protection Regulation (GDPR)

Post by flook » Sun Jul 29, 2018 2:45 pm

William Hill response to request for erasure

We are sorry to hear that you would like to close your account, but it has been closed as requested. If you require your account to be re-opened in the future, please do not hesitate to contact us.

We recognize that customers have the right to be forgotten, and as we highlighted, as a business we will delete your information from our system in line with our Privacy Policy.

Even if your account is closed, we still have to maintain your data for a period of at least 7 years from time of closure or last contact from yourself. This is because of regulatory requirements such as anti-money laundering.

Wherever it’s no longer necessary to process your personal data, we’ll delete it, in line with our Privacy policy. You may further check that here: https://williamhill-lang.custhelp.com/a ... a_id/6721/

As for your other data requests in line with GDPR, this has already been forwarded to our Management review for further review and checking. This may take up to 30 days to gather the data for you. They’ll be in touch as soon as they have gathered the information.

If you need any help let us know and we’ll be glad to assist.

flook
Supporter
Posts: 10
Joined: Mon Jul 16, 2018 4:32 pm

Re: General Data Protection Regulation (GDPR)

Post by flook » Sun Jul 29, 2018 2:48 pm

And response from Coral following my request to Ladbrokes.....surely thats an issue in itself

Thank you for contacting Coral Customer Services in regards to have your account closed.

I hope this email finds you well.

 I am sorry that you want to close your account with us but I am happy to assist you in any way that I can.

Please be advised that your account has now been closed on request .

flook
Supporter
Posts: 10
Joined: Mon Jul 16, 2018 4:32 pm

Re: General Data Protection Regulation (GDPR)

Post by flook » Sun Jul 29, 2018 2:50 pm

I've had a busy day, so response from Betstars which is faintly ridiculous

Thank you for your contacting us in which you have asked us to send you certain personal information relating to your player account.

This is known as data subject request and in order for us to fulfill your request, we must ensure that the individual making the request is the account holder or entitled to receive the information being requested. This is to not only safeguard your privacy but to ensure that we do not commit a data breach by making an unauthorized disclosure of your personal information.

Please send us a recent copy of your government issued identification documents (e.g. driving license, national identity card or passport). Once received, we will process your request due course. Do note that we will not be in a position to proceed with this request unless and until we have verified your identity.

Your account has been closed as requested.

We appreciate his patience in the process, as we have been receiving multiple requests from our players, the waiting time for this to be processed might become extended, however we are working around the clock to fulfil all requests in due time. We are looking forward to hearing from you again.

flook
Supporter
Posts: 10
Joined: Mon Jul 16, 2018 4:32 pm

Re: General Data Protection Regulation (GDPR)

Post by flook » Mon Jul 30, 2018 7:57 pm

reply from betstars, so thats a 5 year retention from them and a 7 year one from hills so far

Please kindly note that under our current License requirements in the United Kingdom, we are required to adhere to and abide by several forms of legislation such as but not limited to the Money Laundering Regulations 2007 (MLR).

In particular, Regulation 19 of the MLR requires us to retain certain customer information stored in our database for up to 5 years following the last transaction made by a customer or following the closure of the customer's account.

Note further that our requirement to retain your information for this purpose supersedes any rights that may arise under separate legislation (including but not limited to data protection laws, which includes the General Data Protection Regulations (GDPR)).

Consequently, in compliance with our legal obligations, we are required to retain your information and are therefore unable to proceed with your request at this time. Note however that your information, in the absence of any other legal requirement, will be deleted following the expiry of the applicable retention period.

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests