Our Privacy Promise
We never lose sight of the fact that your personal information is your personal information. Your privacy is important both to you and to us and we make the following promise to you:
Dribble Media Ltd is committed to protecting your privacy. We believe in using your personal information to make things simpler and better for you. We will always keep your personal information safe. We’ll be clear and open with you about why we collect your personal information and how we use it. Where you have choices or rights, we’ll explain them to you and respect your wishes.
Our Data Protection Officer
If you have any concerns about how Midnite handles your personal information, you can contact our Data Protection Officer at: firstname.lastname@example.org
If you wish to submit a subject access request or a request to exercise any of your rights here, please contact email@example.com directly for details of how to do so.
Collecting information about you
INFORMATION WE GET FROM YOU
Dribble Media Ltd collects personal information about you whenever you use our services. Some of it is information you give us directly when, for example, you register for an account, deposit funds, place a bet or play our game. Other information is collected as you interact with us, such as the bets you place or online chats with our customer services team. We also collect information about the way you access, view, share, contribute to and communicate with and through our services, for example when you post comments via our social media channels.
INFORMATION WE GET FROM YOUR DEVICE
We collect information from the devices you use to receive Dribble Media Ltd content, products and services. This includes, but is not limited to the following: your IP address (a number that identifies a specific device on the internet and is required for your device to communicate with websites), hardware model, operating system and version, software, preferred language, serial numbers, device motion information, mobile network information and location data.
We also collect server logs, which include information such as dates and times of access, the app features or pages you view, app crashes and other system activity, and the third party site or service you were using immediately before visiting our site.
INFORMATION WE GET VIA COOKIES
'Cookies' are small text files stored in your web browser that enable us to recognise your computer when you visit one of our websites. Cookies are essential to keep certain parts of our websites functioning correctly and securely. We also use them to make things quicker, easier and more personal to you and to help us understand how our websites are used. They can also be used to present you with more tailored advertising content.
THE COOKIES WE USE FALL INTO THE FOLLOWING CATEGORIES:
Analytical cookies - Monitoring the performance of our websites:
These Cookies collect information about how people use our websites and how the sites are performing, e.g. how many people visit, which pages are most popular and whether and where people see error messages. They also ensure we can pay our marketing partners correctly for users they refer to us. A few examples of the ways in which we use Analytical cookies:
to identify trends about how people use our website;
to help us keep our content relevant and up to date;
to count the number of times a page or email has been viewed and allow us to measure the effectiveness of our content and communication; and
to improve the functioning of our applications and websites.
Without these cookies you will still be able to use and enjoy all the online features of our websites
Controlling my cookies
All modern browsers allow you to see what cookies you have, and to clear them individually or in their entirety by changing your cookie settings. Cookie settings are typically found in the 'options' or 'preferences' menu of your browser, otherwise you should use the 'Help' option in your browser for more details. You may also find the links below helpful:
org (contains information about cookies on a wide variety of desktop browsers.)
INFORMATION WE GET FROM EXTERNAL COMPANIES
Sometimes we need to undertake additional checks to verify information or, once an account is active, to investigate activity that could indicate a risk. To do this we use organisations and databases which collate information and make it commercially available for use in crime prevention and detection, the promotion of responsible gambling and ensuring the fair use of services. We also look at publicly available information to verify things like occupation status or property ownership, and at social media.
Occasionally, we obtain lists of potential customers from companies that collate these details and make them commercially available for marketing purposes. We only deal with reputable companies that take privacy as seriously as we do and have obtained your consent to share this data with us or companies in our sector for marketing, and you will always be able to opt out of receiving further marketing from us.
PUBLICLY AVAILABLE INFORMATION
As a betting and gaming company we must comply with legal obligations to promote responsible gambling, consider our customers’ financial ability to gamble, and prevent our products and services being misused or used for illegal purposes. If we observe account activity that could present a risk, or believe you have given false information, we will look at publicly available information about you such as your Facebook or other social media pages, property ownership details, the electoral roll, company annual returns for places you have worked, industry bodies of which you may be a member, and insolvency registers. Although this information is public, we remain mindful of your privacy and use it only as and where necessary for carrying out these checks.
If you would like to know more about gambling regulation and the obligations it places on companies like Midnite, you can find out more on the Gambling Commission website for the UK.
INFORMATION WE GET FROM SOCIAL MEDIA
If you raise a query or a complaint through the Midnite Facebook or Twitter pages, we will of course have a record of your user name and will use this to talk to you to resolve the matter you’ve raised and keep accurate records of how it was resolved.
We look at information on your Facebook or other public social media pages when carrying out checks to comply with our legal and regulatory obligations. This helps us to verify information you have given us and ensure our products are being used legally and responsibly.
We use information posted publicly on social media sites to help us understand how our customers interact with us. For example, we might look at which groups of customers are more likely to contact us via social media or to use social media to talk about our products and services. We do this in a way that does not identify individual customers.
How and why we use your personal information
We use the information we hold about you in a range of different ways, which fall into these broad categories:
Things we need to do in order to provide you with the products or services you’ve requested
Things we need to do to meet legal or regulatory obligations
Things that enable us to run our business effectively and efficiently, and
Things we do with your consent for marketing purposes
We’re telling you this because data protection law gives you rights over your personal data, which differ according to which of these categories it falls into. This section explains more about each category, the rights it gives you, how to exercise them and what that means in practice.
1. PROVIDING OUR PRODUCTS AND SERVICES
There are certain things we have to do in order to be able to provide you with our products and services. As you would expect, we use your personal information to enable you to use our sites, to set up your account, respond to queries, contact you about games played, and provide you with the best possible level of customer service. We use technical information about your device, such as operating system and location to present you with the correct version of our website or app and keep it functioning securely and correctly.
Like most organisations, to provide our products and services we share your information with external organisations working on our behalf.
Privacy Rights: Can I opt out of having any of my data used in this way?
This category covers everything that is essential in order for us to provide you with the service(s) you use or sign up for. If you don’t want your data used in this way your option is to not use our services and close your account.
2. MEETING OUR OBLIGATIONS
Legal and Regulatory Requirements
We need to comply with a range of legal and regulatory requirements, some of which involve the use of personal information and/or set out timescales for which we need to keep that information. As a provider of betting and gaming services, we are regulated by the UK Gambling Commission. To comply with their requirements, we carry out checks during account opening and throughout the life of account to ensure our customers bet and play responsibly and legally.
Where a UK customer self-excludes, we will receive a notification of this, which we will use to apply their chosen restriction across our sites and apps.
We are also subject to laws and regulations relating to other aspects of our business, such as payment processing or complaint handling and some of these too involve the use of, or set timescales for holding, your personal information.
Fraud, Money Laundering and Other Illegal Activity
When you set up an account with us, place bets or play our game, we carry out identity verification & fraud prevention and anti-money laundering checks. We share your personal data with organisations that verify details and transactions and identify potential indicators of illegal activity, which they make available to other organisations using their services. Where appropriate, we pass information to the police and other law enforcement agencies, debt recovery companies and other similar bodies.
We carry out age verification checks using publicly available information.
Privacy Rights: Can I object to having my personal information used in this way?
This category covers activities we are obliged to do in order to provide our products and services legally, responsibly, and in line with the requirements of our regulators, and ultimately to protect our customers and our business. We cannot provide you with our products and services without carrying out these activities, and if you don’t want your data used in this way your option is to not use our services and close your account
3. RUNNING OUR BUSINESS EFFECTIVELY AND EFFICIENTLY
There are some things we do to help us operate as a commercial organisation. We have a legitimate interest in carrying out these activities, and where they involve using your personal information we are careful to carry them out in a way that minimises any impact on your privacy. Data protection law gives you the ‘right of objection’ to the activities in this category if your right to privacy outweighs our legitimate business interest in doing them. You always have the option to exercise this right but, as we explain in more detail below, the activities involved are central to our business, so if you wish to do so it will usually mean you need to close your account.
Please read this section carefully and ensure you are happy with it before providing us with your personal information.
We carry out basic analytics to help us understand, how, when, where and why our customers use our services, and how our business is performing. This helps us monitor and plan everything from the effectiveness of our advertising through to ensuring we have enough staff available to handle queries at peak times. It also gives us a much clearer picture of our customers generally, the broad demographic groups they fit into (e.g. age group, gender, location, etc.) and the products and services they use, which in turn helps us to develop better and more relevant features, products and services. We do this analysis in a way that does not identify individual customers, so there is no impact on the privacy of any one person.
Privacy Rights: Can I object to having my personal information used in this way?
Like any business, we need to keep a close eye on how our business is performing and whether we’re meeting the needs of our customers. As we do this in a way that does not identify you as an individual, there is no impact on your privacy. If you don’t want your data used in this way your option is to not use our services and close your account.
Giving you a more personal experience
We want to give you a personal experience when playing Midnite products. We will tailor your experience, personalising the layout and content of our app according to what we know about you, your preferences and the way you like to play. For example, we will present you with features we know you have used or think you are likely to use, show you the type of game best suits you, and remind you to deposit funds when your account is running low.
Privacy Rights: Can I object to having my personal information used in this way?
We believe this personalised experience makes betting and gaming better and we want to give you the best customer experience we can. Using your personal data in this way enables us to do that in a way that we believe does not have an impact on your privacy. If you don’t want your data used in this way your option is to not use our services and to close your account
Protecting our commercial interests
Most people use our product fairly, but we carry out monitoring of how our customers play and interact with our products and services, to identify behaviour that is not in line with our Terms and Conditions or that could be prejudicial to our commercial interests.
Privacy Rights: Can I object to having my personal information used in this way?
As a business, we have a legitimate interest in protecting our commercial interests against deliberate misuse, and we are confident that we do it in a way that is proportionate to the risks we face and has minimal impact on your privacy. If you don’t want your data used in this way your option is to not use our services and to close your account
We will occasionally invite you to give feedback on Midnite or to take part in customer surveys, questionnaires or focus groups. We will contact you online or via email, directly or through a third party organisation acting on our behalf. Taking part in research is always voluntary, and where we use a third party we do not pass over any details (other than your contact details so they can send you the initial request or invitation) unless and until we have your consent to do so.
Privacy Rights: Can I object to having my personal information used in this way?
It’s really important for any business to find out what its customers think. As we are careful to limit the number and frequency of feedback/research requests we send to any one person, and you can always decline to take part, there is no adverse impact on your privacy and you cannot opt out of receiving these very occasional requests.
4. THINGS WE DO WITH YOUR CONSENT: MARKETING
We will send you offers and information only if you have given your consent for us to do so, in which case we will contact you via email, post, SMS or online about any of our group products and services. We never share your data with companies outside our group for them to use for their own marketing. From time to time, we may team up with a third party to bring you details of a product or service we think might interest you, but where we do this the contact will come from us - we will never pass your details to the third party without your prior consent.
Please be assured that we do not use any sensitive information we hold about you (for example, information about self-exclusion, health or ethnicity) for marketing-related purposes.
Keeping it Relevant
At Midnite we want to our products better for you, so we want to be able to tell you about products, services and features that you will find exciting and relevant, and we tailor the offers and information we send to suit you. To do this, we look at what we know about you - such as your age, location and gender, your gaming history and patterns, your social media usage and how you interact with us - and we use it to build up a picture of you that helps us decide what you’re most likely to want to hear about. (This is sometimes known as ‘Profiling’). We also combine this with information we’ve obtained from publicly or commercially available sources about the things people with similar characteristics to you (in terms of age, gender, location etc.) tend to be interested in so we can fine-tune the offers we present to you.
Putting you in Control
We firmly believe our customers prefer offers and information that are relevant to them and their interests over general adverts, so we tailor all our marketing using this picture we’ve built up of you. We think this makes our marketing better both for you and for us. However, data protection law gives you the right to opt out of having your personal data used to build up this type of picture and predict what you might be interested in, so you can opt out at any time. As we explain above, all our marketing is tailored to you in this way, so to opt out of this type of personalisation you will need to opt out of receiving all direct marketing from us. You can do this by unsubscribing from our emails & turning off push notifications. We will continue to personalise your online experience based on the picture we’ve built up of you. This means you’ll continue to benefit from a more personalised look and feel on our websites and apps, and will still see the following:
Targeted pop-ups telling you about products, services and offers we think you’ll like
Bespoke offers relevant to you, communicated through pop-ups or other on-site content
Targeted messages on social media platforms such as Facebook or Twitter (which you can control easily through your privacy settings on each individual platform) and in other places on the internet that support targeted advertising.
Advertising on Social Media
If you have given your consent to marketing, we will work with social media companies such as Facebook and Twitter to provide you with information about our products and services via their platforms. If you do not wish to see these adverts, you can control this easily by disabling preference-based marketing in the privacy and ad settings on each individual platform.
Even if you have withdrawn your consent to personalised marketing by Midnite, you might still see general adverts for Midnite products and services on your social media feeds. These will not be specifically targeted to you, and again, you can control this via the privacy and ad settings on each platform.
Online Behavioural Advertising
Marketing on our apps: Push Messages
When using our apps, you will receive push messages. These can be easily disabled through your phone or device’s settings.
Privacy Rights: Can I opt out of marketing?
Yes, you have the right to opt out of having your information used for direct marketing and the right to opt out of having it used to build up a picture of you so we can personalise our marketing to suit you. Remember you can change your mind about receiving marketing material at any time via your online Midnite account.
If you wish to opt out of e-mail marketing only, you can also do this by clicking on the link at the bottom of any email we have sent you. You can disable our push notifications via your phone’s settings.
As our marketing campaigns are prepared well in advance, you are likely to continue to receive material for a short period of time after updating your preferences.
More sensitive matters: how we use sensitive data
As a responsible provider of betting and gaming services, we do our best to ensure that our customers bet responsibly, and encourage you to make use of the responsible gambling controls available to help you with this. This means that on occasion you may provide us, directly or indirectly with information about your physical, psychological or emotional health or situation and talk to us about problems with gambling. We appreciate the sensitivity of this information and use it only to provide you with the support you have asked for and to signpost you to the appropriate sources of help.
On occasion, you may provide us, usually indirectly, with other sensitive information about yourself, such as your ethnicity or nationality (for example, identity verification documentation or checks can reveal this information). It is rare for us to ask you for this type of information directly, and we will only do so if we have a specific and valid legal reason, which we will explain clearly at the time. Where we do need to hold this type of sensitive information because it is shown in an identification document for example, we will do so only to comply with our legal or regulatory requirements and will not use or make it available for any other purpose.
Where you provide us with details of, or a copy of, your passport, driving license, national identity card, or other national identification documentation, we use it only for identification and verification purposes required to fulfill our legal and regulatory requirements.
Sharing Your Information
COMPANIES THAT PROVIDE SERVICES ON OUR BEHALF
We share your personal information with external organisations that carry out a range of services on behalf of Midnite. We carry out checks to ensure that the companies we work with will give your information the same level of care and protection as we do. Both we and they are obliged to handle your information in accordance with data protection law, and we are also required to put in place contractual measures reinforcing those obligations.
The main functions that are or may be carried out, fully or in part, by third parties are listed below:
Account set-up and registration
Management and execution of marketing campaigns
Payment processing and verification
Anti-fraud and -money laundering checks and ID verification
Checks to detect unfair use of our products and services
Web hosting, online content services and data storage
Management of competitions, contests and offers
Data analytics and data cleansing
Market research and collecting or analysing customer feedback
IT services and support
Audit, Legal- & Compliance- related services
SHARING INFORMATION WITH CREDIT AND FRAUD-PREVENTION AGENCIES
For ID verification and the prevention of fraud, money laundering and other illegal use of our pay-to-play services, we may use commercially-available tools or services provided by Credit Reference and Fraud Prevention Agencies and services. These agencies/services keep a record of the information we and other companies provide and make it available for use by other organisations carrying out identification checks and fraud prevention. In order to provide this essential service, these agencies/services are ‘data controllers’ for the purposes of data protection law, which means they own and control the information we and their other subscribers provide to them. As ‘data controllers’, they are obliged to comply with data protection law and can use the information shared with them only to provide these checks. We cannot provide our products and services without carrying out these essential checks by sharing your data in this way, so it is important that we make you aware of it from the outset, and for this reason we bring it to your attention in ‘Fraud, Money Laundering and Other Illegal Activity’ above. If you are not happy for us to pass your information to credit and fraud prevention agencies, you will not be able to open an account and use our pay-to-play products and services.
SENDING PERSONAL INFORMATION OUTSIDE EUROPE
Some of the third party providers we use are based in, or carry out their activities in, countries outside the European Economic Area (EEA), which is made up of the EU Member states plus certain countries considered to offer a standard of data protection equivalent to that of Europe. Where this means personal information is transferred outside the EEA, we have to put in place additional legal protections on top of our standard checks and measures, to ensure it receives the same level of protection as it would within Europe. We do this by using standardised contractual clauses (sometimes called ‘the EU Model Clauses’) approved by the European Commission and European privacy regulators, although there are alternative approved legal mechanisms which we can decide to use instead. Where necessary, we also put in place any additional contractual measures required by local law in any of the countries in which we operate, except where they conflict with the General European Data Protection Regulation.
OTHER CIRCUMSTANCES IN WHICH WE SHARE YOUR PERSONAL DATA
Apart from the functions set out above, we do not share your personal information with third parties except where we are compelled or permitted by law to do so. These circumstances are rare, but may require us to share information with the police or other law enforcement agencies, the courts, statutory authorities (e.g. in connection with tax matters) and sporting bodies (in connection with sporting integrity issues) in any of the countries in which we operate.
Where necessary to protect or defend our rights and interests, resolve disputes or enforce our agreements, we will share personal data with our regulators, external legal advisors and debt recovery and tracing agencies, although again these circumstances are rare.
If ownership of all or part of our business changes or we undergo a reorganisation or restructure, we will transfer your personal information to the new owner or successor company so we or they can continue to provide the services you have requested.
Whenever we share personal information, and whatever the reason or circumstances, we will always do so legally and with due regard to your privacy. If we receive a request from law enforcement or other statutory bodies, we do not disclose personal information without a warrant, court order or other legally valid proof of authority.
How long do we keep your information?
We hold your personal information only as long as we have a valid legal reason to do so, which includes providing you with the services you have requested, meeting our legal and regulatory obligations, resolving disputes and enforcing our agreements.
The length of time for which we keep different types of personal information can vary, depending on why we originally obtained them, the reason we process them and the legal requirements that apply to them. When setting our data retention and deletion timescales we take into account a range of factors including applicable regulations and standards relating to gambling and gaming , anti-money laundering, taxation, payment processing and complaint handling, the need to prevent or detect crime or other misuse of our services, and audit requirements. To fulfil our requirements, some of your personal data will need to be retained for a period of time after you cease to be a customer. When we no longer need it to fulfil the above requirements, we delete it securely. Where we wish to retain any information for analysis purposes, we first anonymise it to the standards approved by the UK Information Commissioner’s Office, (which, as we are based in the UK, is our lead regulator on matters relating to Data protection) so that it can no longer be linked back to an individual. Please note that if you opt out of receiving marketing from us, we will still need to keep your contact details in order to suppress them from future marketing activity.
Privacy Rights: How do I exercise my ‘right to be forgotten?’
THE RIGHT TO OPT OUT OF HAVING YOUR INFORMATION USED FOR MARKETING
You can opt out of receiving marketing at any time. You also have the right to opt out of having your information used to create a ‘profile’ of you for marketing purposes.
We firmly believe that our customers prefer to receive offers and information that are relevant to them so we tailor all of our marketing to make it more interesting to our customers.
THE RIGHT TO HAVE ANY INACCURACIES IN YOUR PERSONAL INFORMATION CORRECTED
You can update your personal details at any time via your online Midnite account.
Please help us to help you by keeping your contact details up to date and letting us know if you spot any errors in the information we hold about you. If it is something you cannot correct yourself online, you should contact us at firstname.lastname@example.org. We’ll update inaccuracies promptly, and within a month if you are requesting a more complex change. If we take the decision not to make a change you have requested, we will explain why and make a note on your account to show that you requested the change.
YOUR ‘RIGHT OF OBJECTION’ TO CERTAIN ACTIVITIES
Data protection law gives you the right to express an objection to activities detailed in the section entitled ‘Running our business effectively and efficiently’ if you believe your privacy rights outweigh the legitimate interest we have as a business in doing those things. Please read that section carefully before getting in touch with us and note that exercising your right of objection will usually mean you need to close your account and stop using our services.
YOUR RIGHT TO ERASURE
People sometimes refer to this as the ‘right to be forgotten’. Under data protection law, you have the right to request erasure of your personal data in the following circumstances:
Where the courts or our regulators have found us to be processing it unlawfully;
Where our original purpose for collecting the data has been completed and we have no other valid legal grounds for continuing to hold it;
Where you have withdrawn your consent to marketing and personalised marketing and asked us to delete the information we previously used for those purposes, in which case we will either delete it from our marketing systems or fully anonymise it, but note that we will retain your contact details in order to prevent further marketing;
Where you have successfully exercised your ‘right to object’ to one of the activities in the section entitled ‘running our business effectively and efficiently’ and asked us to delete the information we used for that purpose. As we explain in that section, exercising your right to object will usually mean closing your account, and note that in most cases we will need to retain your information for a period of time after your account is closed. We will not delete information as long as we still have a valid legal or regulatory reason to hold it, unless the courts or our regulators order us to do so.
HOW DO I EXERCISE THIS RIGHT?
If you still wish to exercise your right, you should contact us at email@example.com and we will respond to your request within a month. If we uphold your request and erase your data we will also notify any third parties to which the data has been passed, where we are able to do so, and tell you who they are. If we do not uphold your request, we will tell you why.
THE RIGHT TO ACCESS THE DATA WE HOLD ABOUT YOU
If you would like a copy of the personal information we hold about you, you should request it by emailing firstname.lastname@example.org. We will ask you to complete and return a form, which is not compulsory but helps us to help you by providing the information you are looking for. Before we respond to your request, we will ask you for valid proof of identity and once we’ve received it we will provide our response within one month. If your request is unusually complex and likely to take longer than a month, we will let you know as soon as we can and tell you how long we think it will take.
We will fulfill requests wherever possible, but there are occasional situations in which local or European data protection law requires or permits us to withhold some information (such as where it would involve disclosing information about another person or information which is commercially sensitive), or permits us to make a small charge. If either of these applies, we will explain this to you.
Your Right to ‘Data Portability’
The right to ‘data portability’ aims to enable consumers to re-use some of their personal information online by making it available in a commonly-used, machine-readable format that can be passed to and used by other organisations. This is a new initiative and it is not yet possible to ‘port’ data directly between providers in the betting and gaming industry. However, if you wish to exercise this right, you should submit your request by emailing email@example.com, and we will provide you with the following information as a CSV file:
the personal and contact details held in your online account
your betting and gaming history
A list of payments made and funds withdrawn
Before responding to your request, we will ask you to provide valid proof of identity, and we will provide our response within one month of receiving it.
In future, it may become possible to transfer (or ‘port’) data directly between organisations. In the meanwhile, if you would like to take your Midnite data to another provider you should first check that your chosen provider is able to upload data from a CSV file before making your request as above and passing the file to the provider yourself. If you would like to ‘port’ your data into Midnite from another provider, you should first contact firstname.lastname@example.org to see whether we can accommodate your request. It is unlikely that we will be able to do so at the present time, but we will try to accommodate requests where we can.
YOUR RIGHT TO COMPLAIN TO THE REGULATOR
If you believe your privacy rights have been infringed, or you disagree with a decision we have made about your privacy rights, you have the right to complain to the privacy regulator. As we are based in the UK, our principal data protection regulator is the UK’s ICO:
Links to Third Party Sites