We may change this policy from time to time by updating this page.
The Super Free Bingo website is not intended for use by those under the age of 18 years and/or those living outside the UK. We do not knowingly collect data relating to children.
Little Star Media Limited is the data controller and is responsible for your personal data (collectively referred to as the “Company”, “we”, “us” or “our” in this Policy).This means that we are responsible for deciding how we hold and use personal information about you. We are a company registered in the United Kingdom with company number 5957310. Our registered office is at Suite 478-480, Exchange House, 450 Midsummer Boulevard, Milton Keynes, MK9 2EA.
We have appointed a data protection officer (“DPO”), Caroline Sugrue. The DPO is responsible for overseeing the implementation of this Policy and for monitoring compliance with the GDPR and other applicable data protection legislation. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO at: email@example.com.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. We will always work hard to resolve any concern you may have.
Under data protection legislation, you have rights we need to make you aware of. The GDPR sets out the following rights applicable to you (please refer to the parts of this policy indicated for further details):
If you wish to exercise any of the rights set out above, please contact our DPO.
The GDPR defines “personal data” as any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. It does not include data where the identity has been removed.
|Type of Data||Purpose of Data||Lawful Basis|
|Identity Data including: name, user name or similar identifier, title, gender||To identify you as a user so that we can provide services to you and communicate with you in connection with your registration at the Super Free Bingo website.||Consent|
|Contact Data including: Email Address Mobile Phone Number||We email gambling offers and newsletters to users who have consented to receive these. Users will normally receive emails up to 3 times per week, but on occasion this could be up to 4 times per week. Users may receive gambling offers and site information by SMS if they have consented to receive these. Users will normally receive SMS up to 2 times per week, but on occasion this could be up to 3 times per week We will use contact information to update you about changes to our policies and terms and conditions. We also share your personal data with Facebook who help us show you relevant content and find similar users who might be interested in our services.||Consent Necessary to comply with a legal obligation|
|IP Address||Used as a factor to determine robot behaviour and detect malicious or suspicious software.||Necessary for our legitimate interests which is to ensure our website is not used by machine learning tools or other non-human actors.|
|Geographic Location||Used to determine fraudulent robot behaviour [and to detect whether you are eligible to use our website].||Necessary for our legitimate interests which is to ensure our website is not used by machine learning tools or other non-human actors.|
Cookies and Analytics We use Google Analytics on this website. Therefore, third-party vendors, including Google, may show our ads on sites across the internet. The Google Analytics features that have been implemented are used for Display Advertising (including Google Display Network Impression Reporting, the DoubleClick Campaign Manager integration, or Google Analytics Demographics and Interest Reporting). We (and third-party vendors including Google) use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimise, and serve ads based on past customer visits to our website. We also use these cookies to report how our ad impressions and other ad services, and interactions with these, relate to visits to our site. We use Google Analytics Demographics and Interest Reporting in order to target users who have a higher probability of being interested in our products. We also may use third party audience data (such as age, gender, and interests) to help guide our website offering to better meet consumer needs, and ultimately improve the user experience. Opt-out: Using the Ads Settings, you can opt-out of Google Analytics for Display Advertising and customise Google Display Network ads. Read more here: https://tools.google.com/dlpage/gaoptout
|Consent Necessary for our legitimate interests for the provision of administration and IT services and to study how users use our products.|
|Analytics Data||We use analytics data to improve our website, products/services, marketing, and user experience.||Necessary for our legitimate interests (to study how users use our products, to develop them, to grow our business, and to inform our marketing strategy)|
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We collect and process the personal data set out above in the following ways:
We only collect, process, and hold personal data for the specific purposes set out above (or for other purposes expressly permitted by the GDPR).
We will only use your personal data when the law allows us to do so. Most commonly, we will use your personal information in the following circumstances:
We may share your personal data with third parties (as set out below) and the third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may share your personal data with the following third parties:
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to our processing of your personal data that we process for non-marketing purposes. If you would like us to stop processing that data too, please let us know by exercising your rights summarised in this policy, particularly in paragraphs 11, 12 and 16 below.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. You have the right to request the rectification of personal data that we hold about you, as set out in Part 11, below.
We shall not keep your personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay.
If you are an active user, we will retain your personal data for the entire time that you are actively engaging with our site or products and for a further period of 3 months from the date of your last engagement. After that you will become an inactive user and we will put you onto a soft suppression list for a period of 2 years, following which we erase your details.
If you request to no longer receive direct marketing from us, we will place your details onto a hard suppression list, where it will not be used, and you will be deleted from that hard suppression list at the end of 5 years.
If you require any information or have any data requests, you can contact our DPO, Caroline Sugrue, at: firstname.lastname@example.org.
We have put in place appropriate security measures to prevent your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Where your personal data is collected directly from you, you will be informed of its purpose at the time of collection.
Where your personal data is obtained from a third party, you will be informed of its purpose:
You may make subject access requests (“SARs”) at any time to find out more about the personal data which we hold about you and to check that we are lawfully processing it.
If you wish to make a SAR, you should do so by emailing our DPO at email@example.com.
Responses to SARs shall normally be made within one month of receipt. However, this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, you shall be informed.
We do not charge a fee for the handling of normal SARs. We reserve the right to charge reasonable fees for additional copies of information that has already been supplied to you, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.
You have the right to require us to rectify any of your personal data that is inaccurate or incomplete.
Within one month of you making your request, we shall rectify the personal data in question, and inform you of the rectification. The period may be extended by up to two months in the case of complex requests. If such additional time is required, you shall be informed.
In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of any rectification that must be made to that personal data.
You have the right to request that we erase your personal data in the following circumstances:
Unless we have reasonable grounds to refuse to erase your personal data, we will comply with all requests for erasure and inform you when this has been done within one month of receipt of your request. The period can be extended by up to two months in the case of complex requests. If such additional time is required, we will inform you.
In the event that your personal data to be erased has been disclosed to third parties, we will inform those parties of the erasure (unless it is impossible or would require disproportionate effort to do so).
You can withdraw your consent to receiving marketing communications from us at any time by unsubscribing from our database. If you wish to unsubscribe from this service, please click the ‘Unsubscribe’ link in any email that you have received from us.
Alternatively, you can contact us via the ‘Contact us’ link at the bottom of the site or by emailing firstname.lastname@example.org, using the subject line “Unsubscribe” and providing your name, as well as the email address and mobile number that you signed up with.
Please allow up to 28 days for your request to be processed.
You may request that we cease processing the personal data we hold about you. If you make such a request, we shall retain only the amount of your personal data (if any) that is necessary to ensure that the personal data in question is not processed further.
In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of the applicable restrictions on processing it (unless it is impossible or would require disproportionate effort to do so).
Where you have given your consent to us to process your personal data in such a manner, or the processing is otherwise required for the performance of a contract between us, you have the right, under the GDPR, to request that we transfer your personal data.
To facilitate the right of data portability, we will make available all your applicable personal data to you as a .csv file via email. Where technically feasible, if requested by you, your personal data shall be sent directly to the required data controller.
You have the right to object to us processing your personal data where we are relying on legitimate interests and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some limited cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
We may from time to time transfer (‘transfer’ includes making available remotely) personal data to external third parties outside the EEA.
The transfer of personal data to a country outside of the EEA shall take place only if one or more adequacy measures as summarised in the GDPR apply. For the purposes of your data, this is likely to be the following:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.