We shall not keep your personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay. If you are an active user, we will retain your personal data for the entire time that you are actively engaging with our site or products and for a further period of 3 months from the date of your last engagement. After that you will become an inactive user and we will put you onto a soft suppression list for a period of 2 years, following which we erase your details. If you request to no longer receive direct marketing from us, we will place your details onto a hard suppression list, where it will not be used, and you will be deleted from that hard suppression list at the end of 5 years.
8. Secure Processing
We have put in place appropriate security measures to prevent your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. In addition, we limit access to your personal data to those employees, agents, contractors and other online casinos accepting neosurf third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. Keeping You Informed
Where your personal data is collected directly from you, you will be informed of its purpose at the time of collection.
- 9.1 if the personal data is used to communicate with you, when the first communication is made;
- 9.2 if the personal data is to be transferred to another party, before that transfer is made; or
- 9.3 as soon as reasonably possible and in any event not more than one month after the personal data is obtained.
10. Your Access Requests
You may make subject access requests (“SARs”) at any time to find out more about the personal data which we hold about you and to check that we are lawfully processing it. If you wish to make a SAR, you should do so by emailing our DPO at [email protected]Responses to SARs shall normally be made within one month of receipt. However, this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, you shall be informed. We do not charge a fee for the handling of normal SARs. We reserve the right to charge reasonable fees for additional copies of information that has already been supplied to you, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.
11. Rectification of Personal Data
You have the right to require us to rectify any of your personal data that is inaccurate or incomplete. Within one month of you making your request, we shall rectify the personal data in question, and inform you of the rectification. The period may be extended by up to two months in the case of complex requests. If such additional time is required, you shall be informed. In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of any rectification that must be made to that personal data.