Super Free Bingo – a product of Little Star Media Limited
-
Introduction
We are committed to protecting your personal data. This privacy policy (“Policy”) will inform you about how we look after your personal data when you visit our website and tell you about your privacy rights as a subscribed customer and website user under the General Data Protection Regulation 2016/679 (“GDPR”).
We may change this policy from time to time by updating this page.
The Super Free Bingo website is not intended for use by those under the age of 18 years and/or those living outside the UK. We do not knowingly collect data relating to children.
-
Contact Details
Little Star Media Limited is the data controller and is responsible for your personal data (collectively referred to as the “Company”, “we”, “us” or “our” in this Policy).This means that we are responsible for deciding how we hold and use personal information about you. We are a company registered in the United Kingdom with company number 5957310. Our registered office is at Suite 478-480, Exchange House, 450 Midsummer Boulevard, Milton Keynes, MK9 2EA.
We have appointed a data protection officer (“DPO”), Caroline Sugrue. The DPO is responsible for overseeing the implementation of this Policy and for monitoring compliance with the GDPR and other applicable data protection legislation. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO at: dpo@littlestarmedia.com.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. We will always work hard to resolve any concern you may have.
-
Your Rights
Under data protection legislation, you have rights we need to make you aware of. The GDPR sets out the following rights applicable to you (please refer to the parts of this policy indicated for further details):
- The right to be informed (Part 9);
- The right of access (Part 10);
- The right to rectification (Part 11);
- The right to erasure (also known as the ‘right to be forgotten’) (Part 12);
- The right to opt out (Part 13);
- The right to restrict processing (Part 14);
- The right to data portability (Part 15); and
- The right to object (Part 16).
If you wish to exercise any of the rights set out above, please contact our DPO.
-
The Data We Collect About You
The GDPR defines “personal data” as any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. It does not include data where the identity has been removed.
Type of Data Purpose of Data Lawful Basis Identity Data including: name, user name or similar identifier, title, gender To identify you as a user so that we can provide services to you and communicate with you in connection with your registration at the Super Free Bingo website. Consent Contact Data including: Email Address Mobile Phone Number We email gambling offers and newsletters to users who have consented to receive these. Users will normally receive emails up to 3 times per week, but on occasion this could be up to 4 times per week. Users may receive gambling offers and site information by SMS if they have consented to receive these. Users will normally receive SMS up to 3 times per week, but on occasion this could be up to 4 times per week.
We will use contact information to update you about changes to our policies and terms and conditions. We also share your personal data with Facebook who help us show you relevant content and find similar users who might be interested in our services.
Consent Necessary to comply with a legal obligation IP Address Used as a factor to determine robot behaviour and detect malicious or suspicious software. Necessary for our legitimate interests which is to ensure our website is not used by machine learning tools or other non-human actors. Geographic Location Used to determine fraudulent robot behaviour [and to detect whether you are eligible to use our website]. Necessary for our legitimate interests which is to ensure our website is not used by machine learning tools or other non-human actors. Technical Data including: Device Screen size Device Type Browser Information Preferred Language Hotjar We use Hotjar in order to better understand our users’ needs and to optimise this service and experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.). This enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices (in particular, device IP address (captured and stored only in anonymised form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and preferred language on our website). Hotjar stores this information in a pseudonymised user profile. We will not (nor will Hotjar) use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link: https://www.hotjar.com/privacy. Opt-Out: You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out: https://www.hotjar.com/legal/compliance/opt-out Cookies and Analytics We use Google Analytics on this website. Therefore, third-party vendors, including Google, may show our ads on sites across the internet. The Google Analytics features that have been implemented are used for Display Advertising (including Google Display Network Impression Reporting, the DoubleClick Campaign Manager integration, or Google Analytics Demographics and Interest Reporting). We (and third-party vendors including Google) use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimise, and serve ads based on past customer visits to our website. We also use these cookies to report how our ad impressions and other ad services, and interactions with these, relate to visits to our site. We use Google Analytics Demographics and Interest Reporting in order to target users who have a higher probability of being interested in our products. We also may use third party audience data (such as age, gender, and interests) to help guide our website offering to better meet consumer needs, and ultimately improve the user experience. Opt-out: Using the Ads Settings, you can opt-out of Google Analytics for Display Advertising and customise Google Display Network ads. Read more here: https://tools.google.com/dlpage/gaoptout
How we use cookies: A cookie helps us, for example, to analyse web traffic or lets us know when you visit a particular site. This enables us to enhance your user experience when visiting Super Free Bingoby placing cookies on your computer. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
To find out more or to change how cookies interact with your computer, click on the ‘manage cookies’ link at the bottom of our website.
Consent Necessary for our legitimate interests for the provision of administration and IT services and to study how users use our products. Analytics Data We use analytics data to improve our website, products/services, marketing, and user experience. Necessary for our legitimate interests (to study how users use our products, to develop them, to grow our business, and to inform our marketing strategy) Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We collect and process the personal data set out above in the following ways:- directly from you for example through correspondence with you, creation of an account subscriptions and use of our website;
- via software, automated technologies or interactions with our website (we collect data using cookies and other similar technologies); and
- via third parties.
We only collect, process, and hold personal data for the specific purposes set out above (or for other purposes expressly permitted by the GDPR).
You will be kept informed of the purpose or purposes for which we use your personal data. Please refer to Part 9 for more information about keeping you informed. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy. -
How we use your personal data
We will only use your personal data when the law allows us to do so. Most commonly, we will use your personal information in the following circumstances:
-
- you have given consent to the processing of your personal data for one or more specific purposes;
- where we need to perform the contract we have entered into with you;
- for compliance with a legal obligation;
- to protect your interests (or someone else’s interests); or
- for our legitimate interests (or those of a third party), except where such interests are overridden by your fundamental rights and freedoms .
We may share your personal data with third parties (as set out below) and the third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may share your personal data with the following third parties:- service providers (including marketing and digital analytics) such as Hotjar, Reportdash, Mozenda, Microsoft, Google Analytics, Acoustic L.P, Zapier, AWS, Twilio, Cake, Digital Ocean; Reactful Inc.; Bulk SMS Limited; Accelerize Inc. and Facebook;
- advertising networks;
- search information providers;
- banks and payment providers;
- professional advisers; and
- UK law enforcement agencies.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to our processing of your personal data that we process for non-marketing purposes. If you would like us to stop processing that data too, please let us know by exercising your rights summarised in this policy, particularly in paragraphs 11, 12 and 16 below. -
-
Accuracy of Data and Keeping Data Up-to-Date
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. You have the right to request the rectification of personal data that we hold about you, as set out in Part 11, below.
-
Data Retention
We shall not keep your personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay.
If you are an active user, we will retain your personal data for the entire time that you are actively engaging with our site or products and for a further period of 3 months from the date of your last engagement. After that you will become an inactive user and we will put you onto a soft suppression list for a period of 2 years, following which we erase your details.
If you request to no longer receive direct marketing from us, we will place your details onto a hard suppression list, where it will not be used, and you will be deleted from that hard suppression list at the end of 5 years.
If you require any information or have any data requests, you can contact our DPO, Caroline Sugrue, at: dpo@littlestarmedia.com. -
Secure Processing
We have put in place appropriate security measures to prevent your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
-
Keeping You Informed
Where your personal data is collected directly from you, you will be informed of its purpose at the time of collection.
Where your personal data is obtained from a third party, you will be informed of its purpose:
- if the personal data is used to communicate with you, when the first communication is made;
- if the personal data is to be transferred to another party, before that transfer is made; or
- as soon as reasonably possible and in any event not more than one month after the personal data is obtained.
-
Your Access Requests
You may make subject access requests (“SARs”) at any time to find out more about the personal data which we hold about you and to check that we are lawfully processing it.
If you wish to make a SAR, you should do so by emailing our DPO at dpo@littlestarmedia.com.
Responses to SARs shall normally be made within one month of receipt. However, this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, you shall be informed.
We do not charge a fee for the handling of normal SARs. We reserve the right to charge reasonable fees for additional copies of information that has already been supplied to you, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive. -
Rectification of Personal Data
You have the right to require us to rectify any of your personal data that is inaccurate or incomplete.
Within one month of you making your request, we shall rectify the personal data in question, and inform you of the rectification. The period may be extended by up to two months in the case of complex requests. If such additional time is required, you shall be informed.
In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of any rectification that must be made to that personal data. -
Erasure of Personal Data
You have the right to request that we erase your personal data in the following circumstances:
- It is no longer necessary for us to process your personal data for the purpose(s) for which it was originally collected;
- You no longer wish us to process your personal data;
- Your personal data has been processed unlawfully; or
- Your personal data needs to be erased in order for us to comply with a particular legal obligation.
Unless we have reasonable grounds to refuse to erase your personal data, we will comply with all requests for erasure and inform you when this has been done within one month of receipt of your request. The period can be extended by up to two months in the case of complex requests. If such additional time is required, we will inform you.
In the event that your personal data to be erased has been disclosed to third parties, we will inform those parties of the erasure (unless it is impossible or would require disproportionate effort to do so). -
Marketing Communications
You can withdraw your consent to receiving marketing communications from us at any time by unsubscribing from our database.
If you wish to unsubscribe from this service, please click the ‘Unsubscribe’ link in any email that you have received from us.
To unsubscribe from receiving SMS messages please click on the opt-out link provided to you in the SMS you have received, enter the telephone number you wish to opt out in the onscreen box, and click “I‘m sure I want to leave”.
Alternatively, you can contact us via the ‘Contact us’ link at the bottom of the site or by emailing support@superfreebingo.com, using the subject line “Unsubscribe” and providing your name, as well as the email address and mobile number that you signed up with.
Please allow up to 28 days for your request to be processed.
-
Restriction of Personal Data Processing
You may request that we cease processing the personal data we hold about you. If you make such a request, we shall retain only the amount of your personal data (if any) that is necessary to ensure that the personal data in question is not processed further.
In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of the applicable restrictions on processing it (unless it is impossible or would require disproportionate effort to do so). -
Data Portability
Where you have given your consent to us to process your personal data in such a manner, or the processing is otherwise required for the performance of a contract between us, you have the right, under the GDPR, to request that we transfer your personal data.
To facilitate the right of data portability, we will make available all your applicable personal data to you as a .csv file via email. Where technically feasible, if requested by you, your personal data shall be sent directly to the required data controller. -
Objections to Personal Data Processing
You have the right to object to us processing your personal data where we are relying on legitimate interests and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some limited cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
-
Transferring Personal Data to a Country Outside the EEA
We may from time to time transfer (‘transfer’ includes making available remotely) personal data to external third parties outside the EEA.
The transfer of personal data to a country outside of the EEA shall take place only if one or more adequacy measures as summarised in the GDPR apply. For the purposes of your data, this is likely to be the following:- the transfer is to a country, territory, or one or more specific sectors in that country (or an international organisation), that the European Commission has determined ensures an adequate level of protection for personal data; or
- the transfer is to a country (or international organisation) which provides appropriate safeguards in the form of a legally binding agreement between public authorities or bodies; binding corporate rules; standard data protection clauses adopted by the European Commission; compliance with an approved code of conduct approved by a supervisory authority (e.g. the Information Commissioner’s Office); certification under an approved certification mechanism (as provided for in the GDPR); contractual clauses agreed and authorised by the competent supervisory authority; or provisions inserted into administrative arrangements between public authorities or bodies authorised by the competent supervisory authority.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.