Introduction

This website is operated by the Alderney Gambling Control Commission. The principal place of business of the Alderney Gambling Control Commission is St Annes House, Queen Elizabeth II Street, Alderney, Channel Islands, GY9 3TB.

The Alderney Gambling Control Commission is an independent body corporate established by the Gambling (Alderney) Law, 1999 to supervise and control licensed gambling. In addition to the Gambling (Alderney) Law, 1999 the Alderney eGambling Ordinance, 2009 and the Alderney eGambling Regulations, 2009 apply to the operations of the Alderney Gambling Control Commission.

In order for the Alderney Gambling Control Commission (AGCC) to carry out its regulatory functions and meet its legal responsibilities it needs to collect certain personal data and in doing so it is a “data controller” of that information for the purposes of the General Data Protection Regulation (GDPR) which applies to European Union citizens wherever they are
based and the Data Protection (Bailiwick of Guernsey) Law, 2017 the object of which is to protect the rights of individuals in relation to their personal data, in a manner equivalent to the GDPR and Law Enforcement Directive.

 

Notification and Data Protection Officer

The AGCC has notified its data processing to the Office of the Data Protection Commissioner in Guernsey (www.odpc.gg) and is number 11216 on the Register of Data Controllers.

The AGCC has appointed a Data Protection Officer. The Data Protection Officer can be contacted by email at DPO@agcc.gg or by telephone on +44(0)1481 825500.

 

What is personal data

Personal data is defined as any information relating to an identified or identifiable natural person (ie a living individual). It includes obvious means of identification such as a person’s name as well as other identifiers such as identification numbers, online identifiers as well as other factors specific to the physiological, genetic, mental, economic, cultural or social identity of that person. In addition to personal data there is also “special category data” which includes information relating to a person’s racial or ethnic origin, their political opinions, trade union membership, religious or philosophical beliefs as well as genetic data,
biometric data, health data and information relating to a person’s sex life or sexual orientation.

 

Why does the AGCC process personal data

​

The AGCC collects personal in accordance with a number of legal bases.

1. Legal obligation: the processing is necessary to for the AGCC to comply with the law.

2. Contract: the processing is necessary for a contract the AGCC has with an individual or an organisation or because the AGCC has been asked to carry out specific tasks before entering into a contract.

3. Public task: the processing is necessary for the AGCC to carry out a task in the public interest or for an official function and the task or function has a clear basis in law.

4. Consent: the processing is carried out with the clear and unambiguous consent of the individual for their data to be processed for a specific purpose.

5. Vital interest: the processing is necessary to protects someone’s life. and

6. Legitimate interest: the processing is necessary for the purposes of the legitimate interests of the controller or third party.*

​

*This applies in only very limited instances for processing that is not strictly connected with the exercise by the AGCC of its public functions.

 

The bulk of the processing of personal information carried out by the AGCC will fall within categories 1 to 3 inclusive above.
Special Category data will be processed in line with one of the bases in 1 to 5 and it is most likely to be processed for performing a public task or meeting a legal obligation imposed upon by the AGCC by Alderney Law or wider laws in force in the Bailiwick of Guernsey.

The AGCC is a regulator and collects and processes personal data in relation to its regulatory functions and responsibilities. Personal data will mostly be processed on the basis that it is necessary for the AGCC to perform a task that is in the public interest or in order to carry out a function that a statute requires of the AGCC.

 

 

Applicants for licences and certificates

 

The AGCC is required to be satisfied that those companies applying for licences and certificates are “fit and proper” to hold that licence or certificate. In addition certain people involved in the ownership or management of licensees or certificate holders may be required to hold a certification that is personal to them (a Key Individual Certificate). The process for assessing the fitness and propriety of a corporate applicant will require that individuals connected to that applicant are investigated. The data that is collected during the application process is used to determine whether a licence or certificate should be issued.

 

Legislation requires that, for the purpose of licence and certificate applications, information is provided. If information is not provided then the application cannot be processed. The provision of false information is a criminal offence and regulatory or criminal action may result. Information that is supplied for the purpose of licence and certificate obligations must be accurate and up to date and if, following the submission of the application, there is a change to the information supplied, the AGCC must be updated.

 

When assessing fitness and propriety personal data will be obtained in relation to individuals and individuals connected to applicants from third parties. These third parties include, but are not limited to, other regulators (both domestic and international), the Police and credit reference agencies.

This processing is required to ensure that the licensing objectives set out in the Alderney eGambling Ordinance, 2009 are met. These are:-

i. Protecting and enhancing the reputation of Alderney as a well-regulated eGambling centre;
ii. Ensuring that eGambling is conducted honestly and fairly and in compliance with good governance;
iii. Preventing eGambling from being a source of crime, being associated with crime, or being used to support crime, including preventing the funding, management and operation or eGambling from being under criminal influence; and
iv. Protecting the interests of young persons and other vulnerable persons from being harmed or exploited by eGambling.

 

Personal data that is collected for licensing purposes may be used for other reasons including:-

• Complying with the AGCC’s statutory functions and legal obligations

• Undertaking on-going regulatory activity to meet the licensing objectives

• Assisting other regulators and law enforcement bodies.

• Internal management purposes

• Collating statistics for publication or other research purposes or determining future policy.

• Complying with international obligations.

 

Wherever possible information that is used for internal management purposes or the collation etc of statistics will be anonymised but there may be occasions when anonymisation might not be possible.

 

 

Existing licensees and certificate holders

In addition to ensuring that those who apply for a licence or certificate are fit and proper the AGCC is also required to ensure that those who have applied for and been granted a licence or certificate remain fit and proper to hold that licence or certificate on an on-going basis. This means that the AGCC will, as part of the reporting regime imposed by eGambling legislation on licensees and certificate holders, obtain and process personal data. Periodic reporting forms may require personal data to be provided and the AGCC may also obtain personal data from other sources prior to processing it. This information is held and
processed by the AGCC in order to meet the obligations imposed on the AGCC by legislation and international obligations.

 

Publication

The AGCC is required to publish the details of companies that have applied for licences and certificates prior to the application being determined. In addition the AGCC maintains a list of licensees and associate certificate holders on its website. Where regulatory action is taken against a licensee or certificate holder the AGCC may publish certain information if it is in
the public interest. Personal data may be used in determining the public interest and any such publication may involve the publishing of personal data.

 

Investigations and Regulatory action

eGambling legislation requires that the AGCC carries out activities to assess compliance with eGambling legislation and whether there have been any regulatory breaches. Personal data

will be used in these activities and in the event that breaches have been found, used in regulatory proceedings or shared with law enforcement bodies for the purpose of criminal proceedings.

Personal data may also be used to meet the AGCC’s wider remit of keeping under review the extent and character of eGambling on the Island of Alderney. However where information is used for this purpose it will, as far as possible, be anonymised. This processing is necessary to fully understand the risks faced in the eGambling sector and the risks to individual consumers.

 

Player complaints

The player section of the AGCC’s website has an area dealing with complaints.
This can be found at www.gamblingcontrol.org/player-complaints/ and sets out the process to be followed where a player has a complaint about an operator.

In the first instance complaints arising from customers based in the United Kingdom will be addressed to the operator and, if necessary, will be handled by an Alternative Dispute Resolution (ADR) process. Where the complaint cannot be concluded by way of the ADR process it will be handled by the AGCC in accordance with eGambling legislation. This will require the processing of personal data. The AGCC will create a complaint file which will identify the complainant and possibly others, if involved. Personal data relating to the complainant will be shared with the relevant operator/s. the relevant operators will need to
process information about the complainant to deal with the complaint and will need to share this information with the AGCC to enable the AGCC to resolve the complaint. The more information that is provided the better able the AGCC will be to deal with the complaint.

For customers not located in the United Kingdom any complaint must first be raised with the operator and thereafter it will be handled by the AGCC in accordance with eGambling legislation. This will require the processing of personal data. The AGCC will create a complaint file which will identify the complainant and possibly others, if involved. Personal data relating to the complainant will be shared with the relevant operator/s. the relevant operators will need to process information about the complainant to deal with the complaint and will need to share this information with the AGCC to enable the AGCC to resolve the
complaint. The more information that is provided the better able the AGCC will be to deal with the complaint.

Information obtained and used in handling a complaint may subsequently be used in regulatory proceedings. In the event that an adverse finding is made against an operator in these circumstances the AGCC will endeavour to anonymise the complainant’s data.

The AGCC routinely publishes statistics about complaints handled. These statistics do not publicly identify complainants.

 

Employees – current, former and future

The AGCC processes personal data (including, on occasions, special category data) in order to determine job applications. In addition the AGCC processes personal data or former employees in order to meet specific obligations regards to matters such as taxation, social insurance and pensions.

The AGCC also processes personal data of current staff to meet its obligations as an employer.

Information relating to staff who have been unsuccessful in their recruitment application is kept for a period of six months after the closing date for applications. Information received as a result of speculative applications will not be retained and those who contact the AGCC in such a manner will have their documentation returned and will be advised to regularly visit the AGCC’s website to learn of any recruitment taking place.

 

Other people the AGCC processes personal data about

As a regulator the AGCC will process personal data relating to third parties who might be relevant to its work as a regulator. This can include advisors to applicants or operators, academics, witnesses in investigations, other regulators, enforcement agencies and interested members of the public. The AGCC also obtains information about those who may have provided the funding for an applicant or operator even if they fall outside of the application or are not a Key Individual.

This personal data will be used in the context of the AGCC’s regulatory activities or for reasons connected with the AGCC’s wider remit with regards to gambling.

The AGCC may receive personal data from enquiries made directly to it about the licensing regime from those who may be interested in obtaining an eGambling licence or certificate.

 

Cookies

The AGCC’s website uses essential cookies. These are necessary for the security and functioning of the AGCC website. No personal data is collected.

 

The AGCC does not use cookies for collecting user information. Except as otherwise stated, we may use information visitors provide via links from this website to communicate information to them (if they have requested it). We do not disclose any information visitors may provide via the website to any third parties or other government departments except where:

​

• such disclosures are necessary to fulfil our service obligations to them, in which case we will require such third parties to agree to treat it in accordance with this Privacy Policy

• required by applicable laws, court orders or government regulations (for example to prevent or detect crime), or

• they give us permission to do so.

We take reasonable precautions to prevent the loss, misuse, or alteration of data that visitors give us.

 

The cookies that are used on the AGCC website, their purpose, the period for which they are in use and their type is set out in the table below:-