S.E.L.F. Playing System

Introduction

The European Union’s General Data Protection Regulation (GDPR) entered into force on May 25, 2018. Although it is an EU regulation, it extends to those who may be processing data from EU citizens located anywhere in the world. This EU GDPR Privacy Notice (“Notice”) applies to all EU “Data Subjects” (“users”, “you, or “your”) as defined in the GDPR who may access our website (“Website”) and products and services (“Services”) or communicate with S.E.L.F. Playing System (“Company”, “us”, “we” or “our”). 

Scope

This Notice and our Privacy Policy https://www.selfplayingsystem.com/pages/privacy-policy are intended to comply with the GDPR and should be read in conjunction with each other by ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to, and what safeguarding measures are in place to protect their information.

“Personal Information” means any information from which an individual can be directly or indirectly identified. The personal information that we may collect and process may include, but is not limited to, the following:

- Name;
- Date of birth;
- Personal contact details: address, email, and telephone number(s);
- Employment information;
- IP Addresses – in the provision of payment services and or web activity; and/or
- Banking and or payment information including credit card information.

Commitment

We are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognize our obligations in updating and expanding this program to meet the demands of the GDPR.

We are dedicated to safeguarding the personal information we process and in developing a data protection regime that is effective, fit for purpose, and demonstrates an understanding of, and appreciation for the GDPR. Our GDPR compliance is summarized in this Notice and include the development and implementation of new data protection policies, procedures, controls, and measures to ensure maximum and ongoing compliance.  Further, we continuously review and update our Privacy Policy in line with procedural protections in accordance with the GDPR guidelines for appropriate safeguards regarding the personal information provided by our users.

LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION UNDER GDPR

We have identified the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to. If you request that we perform a service for you then our legal basis is based on Article 6, Section 1(a) to perform the service you have requested from us. If you are a visitor to the website then we will only process such information as is necessary to provide the website to you in accordance with Article 6, Section 1(a).

We may process your personal information under the following conditions:

Consent: You have given your consent for processing personal information for one or more specific purposes.

Performance of a contract: Provision of personal information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.

Legal obligations: Processing personal information is necessary for compliance with a legal obligation to which the Company is subject.

Vital interests: Processing personal information is necessary in order to protect your vital interests or of another natural person.

Public interests: Processing personal information is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company.

Legitimate interests: Processing personal information is necessary for the purposes of the legitimate interests pursued by the Company.

In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular, whether the provision of personal information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

HOW WE OBTAIN YOUR CONSENT

We request that you consent to our processing of personal information at the point of collection when you apply to use our Website and Services.  At the point of collection we ensure that users understand what they are providing, why and how we use it and give clear, defined ways to consent to us processing the users' information. We have developed processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy-to-use mechanism to withdraw consent at any time.

CONFIDENTIALITY AND SECURITY MEASURES

We are committed to keeping the personal information provided to us secure and we will take reasonable precautions to protect personal information from loss, misuse, or alteration. We have implemented information security policies, rules, and technical measures to protect the personal information that we have under our control from unauthorised access; improper use or disclosure; unauthorised modification; and unlawful destruction or accidental loss. All of our employees, workers, affiliates, and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of the personal information of all visitors to our Website and all users of our Services.

We take the privacy and security of individuals and their personal information very seriously and we take every reasonable measure and precaution to protect and secure the personal information that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure, or destruction and have several layers of security measures.

YOUR RIGHTS UNDER THE GDPR

If you are within the EU or an EU citizen, you have the following rights in relation to the personal information we hold about you:

Request access to your personal information. The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your personal information directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you. If you ask us, we’ll confirm whether we’re processing your personal information and, if necessary, provide you with a copy of that personal information (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.

Request correction of the personal information that we hold about you. You have the right to have any incomplete or inaccurate information we hold about you corrected.

Your right to data portability. You have the right, in certain circumstances, to obtain personal information you’ve provided us with (in a structured, commonly used, and machine-readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Object to processing of your personal information. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation which makes you want to object to our processing of your personal information on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

Request erasure of your personal information. You have the right to ask us to delete or remove personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). 

Your right to restrict processing. You can ask us to ‘block’ or suppress the processing of your personal information in certain circumstances such as where you contest the accuracy of that personal information or you object to us. If you are entitled to restriction and if we’ve shared your personal information with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.

Withdraw your consent. You have the right to withdraw your consent on using your personal information. If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of the Services.

Your rights in relation to automated decision-making and profiling. You have the right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.

Your right to lodge a complaint with the applicable supervisory authority. You have the right to complain to a Data Protection Authority about our collection and use of your personal information. For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA.

EXERCISING OF YOUR GDPR DATA PROTECTION RIGHTS

You may exercise your rights of access, rectification, cancellation, and opposition by contacting us at [email protected]. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to You as soon as possible. 

International Transfers

Wherever you use or access our Website or Services, you understand and acknowledge that we may transfer, process, and store information about you in Canada, the United States and other countries, both within and outside of the UK, EU, EEA, or Switzerland. By providing us with your information, you consent to the transfer to, and to the processing and storage of your information in countries outside of your country of residence, which may have different data protection laws than those in the country in which you reside, in accordance with this section. Whenever we transfer your personal information out of the UK, EU, EEA, or Switzerland, we ensure a similar degree of protection is afforded to it by ensuring one of the appropriate safeguards are implemented.

Revisions to this Notice

We reserve the right to change this Notice at any time. If we make any material changes to this Notice, we will post the revised version to https://selfplayingsystem.com/pages/gdpr and update the “Last Updated” date at the bottom of this Notice. Except as otherwise indicated, any changes will become effective when we post the revised Notice on our Website.

Last Updated: December 18th