EGR Global is a B2B publisher and membership networking group for the online gaming and gambling industry. Further details can be found here: http://www.egr.global/about/
Our personal data usage guidelines
We will only use your personal data for the purposes for which we collected it, unless we consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose then please contact us.
If we need to use your personal data for an unrelated purpose then we will notify you and we will explain the legal basis which allows us to do so.
We do not collect any special categories of personal data. This means we will not collect data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic data or biometric data. Similarly, we do not collect any information about criminal convictions and offences.
Our websites, products and services are not intended for children and we do not knowingly collect data relating to children.
Types of personal data held by us
From time to time we collect, use, store, process and transfer the following kinds of personal data:
- Identity data, including first names, last names, job titles, usernames or similar identifier, dates of birth, gender and dietary requirements;
- Contact data including billing addresses, delivery addresses, email addresses and telephone numbers;
- Financial data including bank account details and payment card details;
- Transaction data including details about payments made to and from users and other details of products and services our customers have purchased from us;
- Technical data including internet protocol (IP) addresses, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices used to access this website or our services or products;
- Profile data including usernames and passwords, purchases or orders made, social media account details, preferences, feedback and survey responses;
- Usage data including information about how our websites, products and services are used; and
- Marketing and Communications data including personal preferences in receiving marketing from us and our third parties and any communication preferences.
How we collect personal data and what we use it for
Providing products and services
When a client or customer purchases a subscription service or a product from us we collect certain personal data. We also collect personal data when an individual submits a website form or contacts us to request information about our products and services. We use this personal data in the following ways:
(a) To fulfil our contract: this includes setting up clients and users, processing payments, providing updates relating to our products, processing user IDs, passwords and contact details and delivering content. Any such use will be on the basis that the processing is necessary to perform the agreement that we may have with you.
(b) After the contract has ended: we will keep full records about the contract for a limited period in case you want to reactive your account. Such processing would be carried out on the basis that it is necessary to protect our legitimate interest of protecting our business.
(c) Record keeping: we retain details of transactions for a period of up to 6 years for our internal records and for the purpose of tax and regulatory compliance. Any further use of the retained information will only be to comply with regulatory requirements or in the event of a dispute between the recipient and us. Such processing would be carried out on the basis that it is necessary to protect our legitimate interest of protecting our business and to comply with the law.
(d) Monitoring use: we use software services and tools to monitor the use of our websites, products and services access using your account details, to identify and manage potential security issues and to keep your account safe. Any usage data will be processed to the extent necessary for our legitimate interest of ensuring our products, websites and services are secure. We will retain usage data for a period of up to six years. Any further use of the retained information will only be to comply with regulatory requirements or in the event of a dispute between you and us – in which case such processing would be carried out on the basis that it is necessary to protect our legitimate interest of protecting our business.
(f) Troubleshooting and technical support: in certain circumstances when performing our contract with you (or otherwise providing requested services to you where no contract exists), a need may arise for us to transfer your data to a third party technical support or technology development agency. Any such use and transfer will be on the basis that the processing is necessary to perform the agreement that we may have with you and in order to protect our legitimate interest in developing and improving the stability and security of our systems.
Events and webinars
We process personal data in order to effectively manage, organise and run our events and webinars. Where you sign up to attend one of our events or webinars:
(a) We will collect such personal details as are required to deliver our contractual obligations (or otherwise providing requested services to you where no contract exists), such as your name, email address, payment details and any other relevant attendee details. We will only process such details as are necessary to enable us to perform the contract between you and us or to protect our legitimate interest of promoting our business and developing new customers.
(b) We may publish or circulate an attendance list (including your name and company name) which will be made available to other attendees and, if you have agreed to our doing so, to the event/webinar sponsors. We will not share your details with the venue (where relevant) or other third parties for marketing purposes unless you provide your consent. We consider this processing to be necessary to protect our legitimate interest of running our events and webinars effectively.
(c) We may also request and collect information about your relevant interests and preferences. We will use this information to help us make decisions about the kind of events, webinars and any services or products you might be interested in hearing about from us and will use this information for marketing purposes. Such processing is carried out to protect our legitimate interest of promoting our business, developing new customers and to inform our marketing strategy.
Any individuals who sign up to act as speakers at our events or webinars may have their personal data collected and used in the following way:
(a) We will use your contact details to contact you in connection with the event or webinar and process any payment or facilitate any obligations or rights set out in any agreement which may exist between you and us. Any such processing will be carried out on the basis that it is necessary to fulfil the contract between you and us. We will retain details of transactions between you and us for up to six years. We will only use the retained information to comply with regulatory requirements or in the event of a dispute between you and us – such processing may be carried out on the basis that it is necessary to protect our legitimate interest of protecting our business.
(b) We may use any profile or personal that you provide us with or that are publicly available to help market or advertise the event that you are speaking at on the basis that such processing is necessary to achieve our legitimate aim of running an effective event or webinar. We may retain your profile and details for our internal records and to allow us to contact you in the future about similar events or webinars. Such processing is carried out to protect our legitimate interest of promoting our business.
Visits to our websites
Cookies are small data files that websites store on your electronic device so that the website can store data and will enable us to collect information, which is likely to include data from which you can be identified. For further details, including the duration that we retain data for, please see our Cookie Notice http://www.egr.global/cookies. In some instances we also use server logs to collect data. Our lawful basis for using cookies and server logs to collect and process usage data is that it is necessary to protect our legitimate interests of promoting our business and for the correct functioning and operation of our websites.
Our own internal team actively identify people who we believe are likely to find our events, services products useful. Our team look for and source business contact details and information about an individual’s job role both online (using publicly available resources and websites), through networking activities and from details collected from previous event attendees, newsletter subscribers and users of our products.
We use those business contact details to send event invites and emails about relevant industry news. We always include an unsubscribe link at the bottom of any such email which we send, so that you can let us know if you do not wish to receive any further marketing emails.
Our lawful basis for using personal data in this way is that it is necessary to protect our legitimate interest of promoting our business, developing new customers and to inform our marketing strategy.
In parallel with the services and products that we provide we offer access to certain platforms through which we engage with our customers and clients. This includes, for instance, our own community social media platform and a customer polling platform. In operating these platforms we may process your personal data to allow you to access and use the services thereon.
Our lawful basis for using personal data in this way is that it is necessary to protect our legitimate interest of promoting our business, developing new customers and to inform our marketing strategy.
We collect, use and store personal data relating to third parties such as details about the directors, shareholders, stakeholders and professional advisors of certain companies in order to provide certain services. Data of this type is collected and processed internally by our researchers. Our researchers may contact relevant individuals directly to obtain information as well as using publicly available websites, LinkedIn, regulatory filings, company registries and news articles. We use this information to write profiles, articles, blogs and reports which are then published for the benefit of our subscribers (who may be based outside the EEA) via a searchable database or in a newsletter. We process data in this way in order to protect our legitimate interests of developing our products/services and growing our business and to present journalistic content.
If you apply for a job at EGR Global we will use the information you provide us with to assess your suitability for the role and to progress or end your application. The personal data we will require and use includes contact details, your curriculum vitae, your previous experience, education history and answers to questions relevant to the role you have applied for. Our HR team and the hiring manager for the role will have access to this data.
We may also ask about equal opportunities data. We use this data on an anonymised basis to produce and monitor equal opportunities statistics for legal reasons. There is no obligation to provide this data and it will not affect your application if it is not provided.
We will only share your data with contracted third parties if it is necessary for the recruitment process and we will notify you at the time that we do so. We will never sell your data or use it for marketing purposes.
If your application is not successful, unless you ask us to retain your data for other opportunities in the future, we will store your details for six months to help with any questions, before securely deleting or anonymising the data.
If your application is successful we will need to complete employment checks for legal reasons, in particular, to verify your right to work in the country and to verify your previous employment references.
We may carry out data processing of this nature for the legitimate interest of recruiting and developing our workforce.
We may process personal data in order to allow us to properly administer our systems and our business, including data storage, hosting, reporting, systems maintenance, improving our computer systems, troubleshooting, analysis, testing and the operation of our databases. Processing of this kind is incidental to the provision of our services and products and to the efficient operation of our business. We may carry out data processing of this nature for the legitimate interest of administering, improving and protecting our business, this website, our products and our services. We may also carry out this type of data processing to protect our legitimate interest in ensuring our systems are secure and preventing fraud.
Where a client fails to make payment for an event, service or product at the time that it is due we may need to transfer your personal data in order to instruct a third party debt collection agency. Processing of this type may be carried out in order to protect our legitimate interest in recovering such a debt.
We use data analytics to monitor and improve our websites, products/services, marketing, customer relationship management and user experiences Wherever possible when carrying out this type of analytical work we anonymise all personal data. In certain circumstances however, cases arise whereby we need to process personal data in order to achieve the objectives of our analytical processing. Where we do so we are protecting our legitimate interests of defining the types of customers for our products and services, keeping our websites, services and products updated and relevant, developing our business and to inform our marketing strategy.
At some of our offices there is a CCTV system installed. Any individual who visits these offices will have their image recorded by the CCTV system. We operate CCTV systems at these premises in order to protect our legitimate interests of protecting the personal safety of staff, visitors and other members of the public, to act as a deterrent against crime and to prevent crime and protect our assets from damage, disruption, vandalism and other crime.
We have put in place appropriate security measures at organisational, technical, physical and operational levels to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
International transfers of personal data
We share your personal data within the Pageant Media Group, which includes Pageant Media Holdings Ltd. As we have a number of offices outside of the European Economic Area (EEA) your personal data may be transferred outside of the EEA. We ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data. These rules are called “binding corporate rules”. For further details, please see the following article on the European Commission’s website: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/binding-corporate-rules-bcr_en
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- a) Where the recipient is located in a country that has been deemed to provide an adequate level of protection for personal data by the European Commission; or
- b) Using specific contracts approved by the European Commission which give personal data the same protection it has within the EEA.
Disclosure of personal data to third parties
We may disclose any personal data that we hold to certain third parties who are contracted to help us provide our products and services (some of whom may be based outside the EEA). Any such third parties will be acting as processors on our behalf and will be contractually bound to only use the data in accordance with our instructions and to implement adequate security measures. The data will only be transferred by us to a third party if appropriate contractually binding safeguards are implemented between us and the processor. We require all third parties to respect the security of your personal data and to treat it in accordance with all applicable law. We do not allow our third-party service providers to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may share also personal data with third parties (who will also be acting as controllers in respect of that personal data) if we:
- a) have a legal duty to do so or if it is required to enforce or apply our contracts or to protect legal rights, our property, the use and functionality of our websites or the safety of us or others; and
- b) sell, transfer or merge parts of our business or our assets. If a change happens to our business, then the new owners will only be entitled to use personal data in accordance with the provisions set out in this privacy notice.
We will only retain your personal data for as long as is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we believe there is a reasonable prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
By law we must keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see ‘Your rights’ below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be used to identify you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
If we hold data about you, you have certain rights under the General Data Protection Regulation (‘GDPR’) and data protection legislation in respect of the personal data which we hold. This includes the:
(a) Right to be informed: you have a right to ask us what personal data we collect and what we use it for;
(b) Right of access: you have a right to request a copy of any personal data that we hold about you. We will respond to your request within one month;
(c) Right of rectification: you have a right to require us to correct any personal data held about you which is inaccurate or incomplete. We will rectify any errors you highlight to us within one month;
(d) Right of erasure: also known as the ‘right to be forgotten’ – in certain circumstances, you have a right to have the personal data held about you erased from our records. Valid requests will be actioned within a month;
(e) Right to restriction processing: you have a right to request us to restrict the processing carried out in respect of personal data relating to you;
(f) Right of data portability: you have a right in certain circumstances to request that the personal data held by us about you transferred to another organisation;
(g) Right to object: you have a right to object where processing is carried out. You may always object to us processing your personal data for direct marketing purposes; and
(h) Right to object to automated decision making and profiling: you have a right not to be subject to a decision based solely on automated processing which produces legal or similar significant effects on you.
Given the nature of the services we provide in certain situations we may be able to rely on certain exemptions under the GDPR and the Data Protection Act 2018. These exemptions may mean we have a right to refuse requests for disclosure of information, erasure requests and rectification requests and exempt us from some notification obligations.
We will confirm to you in writing to acknowledge receipt of any request we receive relating to your rights as a data subject, and we will let you know if we have complied with your request. If having, carried out an assessment, we believe we have an overriding reason for resisting your request, we will let you know why we have reached that conclusion.
Questions, complaints and contact
Address: Pageant Gaming Media Ltd, One London Wall, London EC2Y 5EA
Telephone: +44 0207 832 6500
EGR Global has implemented appropriate technical and organisational measures in order to ensure our compliance with the GDPR and all applicable data protection laws. EGR Global has formed a GDPR compliance committee reporting to our board and Chief Executive. Pageant Gaming Media’s Data Protection Officer role is executed by Gina Sharma.
Please let us know if you have any concerns about how we are handling your data. We will do our best to resolve the matter, but if we are unable to do so to your satisfaction you may make a complaint to our Data Protection Officer (firstname.lastname@example.org). All users also have the right to lodge a complaint with the appropriate supervisory authority. All complaints can be lodged with the ICO who can be contacted at https://ico.org.uk/make-a-complaint/