GAMBLING.COM GROUP LIMITED PRIVACY AND COOKIES POLICY

Updated May 3, 2024

Last Updated: May 2024

Effective: May 2024

GDC Media Limited, a subsidiary of Gambling.com Group Limited (Nasdaq: GAMB) (“GAMB”), is the owner of the websites operated by and on behalf of GDC.

The terms “GDC”, “we”, “us”, or “our” refer collectively to GAMB, and its current and future subsidiaries (“Group Members”).

GDC Media Limited has licensed the operation of certain GDC websites in certain geographic locations to other Group Members, including:

(a) all GDC websites operating in the United States to GDC America, Inc.;

(b) certain GDC websites operating in the United States to Roto Sports, Inc., , under a sub-license from GDC America; and

(c) certain GDC websites operating worldwide (excluding the United States), to NDC Media Limited.

This Privacy and Cookies Policy (“Policy”) describes the practices of GDC Media Limited and the Group Members involved in the operation of the GDC’s websites in different geographic locations and the rights and choices available to individuals regarding personal data.

1.PURPOSE OF THIS POLICY

GDC respects your privacy and is committed to protecting your personal data. Personal data means any information that relates to an identifiable individual. It does not include data where the ability to identify an individual has been removed (anonymous data).

This Policy describes your rights and choices regarding your personal data. It is important that you read the Policy carefully. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact us as set out below.

We may alter this Policy at any time and from time to time as needed for certain services of GDC and to abide by local laws or regulations around the world, including by providing supplemental information to users in certain jurisdictions. This Policy does not apply to GDC’s processing of the personal data of its personnel, such as employees and contractors.

We also provide important additional information here that is solely applicable to individuals located (i) within the Member States of the European Union, countries in the European Economic Area, the United Kingdom, and Switzerland (collectively, “Europe” or “European”), (ii) in Brazil, and (iii) in California, Colorado, Connecticut, Nevada, Utah, and Virginia in the United States,:

  • European and Brazilian users should read the important information provided below.
  • California, Colorado, Connecticut, Nevada, Utah and Virginia residents  should read the important information provided below regarding our handling of the personal data.

Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect, use or otherwise handle data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave any of our websites, we encourage you to read the privacy policy of every website you visit.

2.THE PERSONAL DATA WE COLLECT

We collect personal data about individuals from various sources described below. Where applicable, we will let you know how we intend to use your data before collecting it, so that you can decide whether or not you wish to provide that information. We may collect, use, store and transfer different kinds of personal data about you (“Personal Data”) which we have grouped as follows:

  • Personal Information” includes any information from which you can be personally identified, including your name, surname, email address, telephone number or mobile number. 
  • Profile Data” includes a username, password and a profile image that an individual may establish and upload on one of our websites or mobile applications, along with any other information that an individual enters into their account profile;
  • Financial account data” includes payment card details or bank account details;
  • Recruitment Process Data” includes the CV and any covering letter of a job applicant and notes taken for the duration of your recruitment process relating to a job application and interview of a job applicant, and other information supplied by a job applicant, such as professional credentials and skills, educational and work history, and other information of the type included on a CV or covering letter;
  • Technical Data” includes internet protocol (IP) address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access our websites;
  • Usage Data” includes information about how you use our websites.
  • We also may collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.

We may retain recordings of any telephone voice messages that you have left for our customer support teams.

We automatically collect Technical Data and Usage Data. If you are using a mobile device, we collect data that identifies your mobile device, device-specific settings and characteristics, app crashes and other system activity.

We do not collect any information about your race, ethnicity, religious or philosophical beliefs, gender or sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. However, if you are applying for a job with us, we will collect information about criminal convictions and offences.

3.COLLECTION OF PERSONAL DATA

We may use different methods to collect data from and about you including the following:

  1. Direct interactions. You may give us your Personal Information and Recruitment Process Data by: a) filling in a job application form on our Career Page, b) providing an email address to register with our websites and/or receive our newsletter, or c) providing your contact details via our registration and/or newsletters form.
  2. Indirect interactions. You may give us your Personal Information indirectly by providing an email address and/or contact details to register with websites of and/or receive newsletters or other forms of communication from entities with whom we have an agreement to work in partnership with and provide services to (“Media Partners”).
  3. Automated technologies. As you interact with our websites, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies.
  4. Third parties or publicly available sources. We may partner with third parties (such as content providers and analytics companies including Google Analytics, OptInMonster, Hotjar, and Convert.com) to help us improve the services of our website, including to provide you with relevant and interesting content and to conduct analytics and measurement to understand how our services are used. These companies may collect information from you automatically in connection with your visit.

Generally, our websites can be accessed and used without registration and without having to provide us any Personal Data (Personal Information, Profile Data, and/or Recruitment Process Data). You may opt in to receive information about promotions, bonuses, bets, tips and strategy by subscribing to one or more of our mailing lists by providing your email address. You may any time opt out from receiving such communications by writing to us or clicking the “unsubscribe” button in any of our emails to you. In case you contact us, whether by email, through contact forms, or in other writings, we may keep a copy of that correspondence. We will not share your Personal Data with third parties for marketing purposes unless you have provided us with your express consent to do so and/or, with respect to our Media Partners, you have consented to receive marketing communications from those Media Partners. You may withdraw your consent by contacting those Media Partners directly. You may not withdraw your consent given to our Media Partners by contacting the Group.

4.USE OF PERSONAL DATA

We may use your Personal Data for the purposes of:

Providing our services, which may include:

  • Operating, evaluating, maintaining, improving, and providing the features and functionality of our services;
  • Fulfilling a payment transaction initiated by you;
  • Communicating with you regarding your account with us (if you have one), including by sending you service-related emails or messages (e.g., messages regarding account verification, changes or updates to the functionality of our services, technical and security notices and alerts, and support messages)
  • Personalizing the manner in which we provide our services;
  • Administering and protecting our business; and
  • Providing support and maintenance for our services, including responding to your service-related requests, questions, and feedback.

For research and development

We use the information we collect for our own research and development purposes, which include:

  • Developing or improving our services; and
  • Developing and creating analytics and related reporting.

Marketing 

We may use your Personal Data to form a view on what services we think you may want or need or what may be of interest to you.

We may contact you with marketing communications using the Personal Data you have provided to us if you have actively expressed your interest in availing of our services or have availed of our services and, in any case, you have not opted out of receiving that marketing, to the extent permitted by applicable law. 

You can ask us to stop sending you marketing messages at any time by contacting us using the details below or clicking on the opt-out link included in each marketing message. 

Should you choose to opt out of receiving our marketing messages, we will continue to conduct our other relevant activities using your Personal Data, including sending non-marketing messages.

Managing our recruiting and processing employment applications

We process Personal Data, such as information submitted to us in a job application, to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics.

Complying with law 

We use your Personal Data as we believe necessary and appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

Compliance, fraud prevention and safety

We use your Personal Data as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

With your consent

In some jurisdictions, applicable law may require us to request your consent to use your Personal Data in certain contexts, such as when we would like to send you certain marketing messages.  If we request your consent to use your Personal Data, you have the right to withdraw your consent any time in the manner indicated when we requested the consent or by contacting us. If you have consented to receive marketing communications from our third-party partners, including our Media Partners, you may withdraw your consent by contacting those partners directly (and not by contacting us).

To create anonymous data

We may create anonymous data from your Personal Data and other individuals whose Personal Data we collect.  We make Personal Data into anonymous data by excluding information that makes the data personally identifiable to you and use that anonymous data for our lawful business purposes.  

5.To whom do we provide Personal Data

We may have to share your data to the following parties:

Group Members

We may disclose your Personal Data to other Group Members for purposes consistent with this Policy.  

Service providers

We may employ third parties to administer and provide services on our behalf (such as third parties that provide customer support, that we engage to host, manage, maintain, and develop our websites, mobile applications, and IT systems, and that help us process payments). These third parties may use your information only as directed by us and in a manner consistent with this Policy. These third parties are prohibited from using or disclosing your information for any other purpose.

Participants in the transaction processing chain

We may share your Personal Data with companies in the transaction processing chain in connection with processing a payment transaction, such as merchants, banks or other card issuers, card associations, debit network operators and their members.

Professional advisors

We may disclose your Personal Data to professional advisors, such as lawyers, bankers, auditors and insurers, in the course of the professional services that they render to us.

Transfers to third parties

We may disclose your Personal Data to third parties, such as our Media Partners and other third-party business partners, in order to provide our services.

When we carry out any sharing with third parties, we always ensure that there is an appropriate contract in place, that the information being shared is transferred in a secure way, and that we only share the minimal amount of your information necessary. We will never sell your information to any other third parties.

Where the third party is a data controller, they have the same obligations under data protection law to protect your data, as we do.
Where the third party is a data processor, we require that these third parties provide a sufficient guarantee that the necessary safeguards and controls have been implemented to ensure there is no impact on your data rights and freedoms.

Compliance with Laws and Law Enforcement; Protection and Safety

GDC may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

6.International transfers of DATA

GAMB is incorporated in the Channel Island of Jersey and GDC operates globally, with primary offices in United States and Ireland. The mailing address of our principal executive offices is 22 Greenville St., St. Helier, Channel Island of Jersey JE4 8PX. Your personal data may be transferred to other locations outside of your state, province, country or other governmental jurisdiction where we, our third-party partners, including our Media Partners, or our service providers maintain offices and where privacy laws may not be as protective as those in your jurisdiction. If we make such a transfer, we will require that the recipients of your personal data provide data security and protection in accordance with applicable law.

European users should read the important information provided below in Section 9 about transfer of personal data outside of your region / country.

7.DATA SECURITY AND DATA RETENTION

We have put in place appropriate security measures which we believe reasonably prevents your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors, subsidiaries, affiliates and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality. We have put in place commercially reasonable procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We will process and store the relevant Personal Data for as long as it is necessary or required in order to fulfil our legal, contractual, or statutory obligations and/or for the establishment, exercise or defence of legal claims.

8.YOUR RIGHTS AND CHOICES

In this section, we describe the rights and choices available to all users. Users who are located in Europe and Brazil should read additional information about their rights in paragraph 9 below.

Marketing communications

You can ask us to stop sending you marketing messages at any time by contacting us or clicking on the opt-out link included in each marketing message. You may continue to receive service-related and other non-marketing messages.

Choosing not to provide your Personal Data

Where we request Personal Data directly from you, you do not have to provide it to us. If you decide not to provide the requested information, in some circumstances we may be unable to provide services to you. For example, we may be unable to process your transaction.

Accessing, modifying or deleting your information 

In some jurisdictions, applicable law may provide a right for individuals to access, modify, or delete their Personal Data in some. You may contact GDC directly to request access to, modify or delete your information. We may not be able to provide access to, modify, or delete your information in all circumstances.

Complaints

If you have a complaint about our handling of your Personal Data, you may contact our data protection officer using the contact information below.  A complaint must be made in writing. Please provide details about your concern or complaint so that we can investigate it. We will determine whether to take action in response to your complaint, which, if we do so, may include conducting internal discussions with relevant business representatives. We may contact you for additional details or clarification about your concern or complaint. We will contact you to inform you of our response to your complaint. You also may have a right to file a complaint with a national or local regulatory agency.

9.ADDITIONAL INFORMATION FOR EUROPEAN USERS AND BRAZILIAN USERS

Data Controller

GDC is the data controller for the purpose of the General Data Protection Regulation (“GDPR”), and other applicable data protection laws. This means that GDC is principally responsible for looking after your Personal Data and this Policy determines the means and purposes of processing of Personal Data.

Legal bases for processing

We are required to inform you of the legal bases of our processing of your Personal Data, which are described in the table below.  If you have questions about the legal basis of how we process your Personal Data, please contact us at dataprotection@gdcgroup.com. 

Processing purpose Legal basis
Providing our servicesProcessing is necessary to perform the contract governing our provision of the services.
-Marketing
-For research and development
-To manage our recruiting and process employment applications
-For compliance, fraud prevention and safety
-To create anonymous data
These processing activities constitute our legitimate interests.  We make sure we consider and balance any potential impact on you and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To comply with lawProcessing is necessary to comply with our legal obligations.
With your consentProcessing is based on your consent. Where we rely on your consent, you have the right to withdraw it anytime in the manner indicated at the time we collect your information or by contacting us at dataprotection@gdcgroup.com

Use for new purposes

We may use your Personal Data for reasons not described in this Policy where permitted by law and the reason is compatible with the purpose for which we collected it.

How long will we use your Personal Data?

We will use your Personal Data for as long as necessary based on why we collected it and what we use it for. This may include our need to satisfy a legal, regulatory, accounting, or reporting requirement. 

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In general terms, we will retain your Personal Data for the duration of your involvement/engagement with us and for as long as reasonably necessary afterwards. There are also certain types of information which are required to be retained for a certain period by law.

Your individual legal rights

You have the right to obtain access to, rectification of, erasure of, restriction of Personal Data, portability of Personal Data and to object to the processing of your Personal Data as follows: 

  • Access. You are entitled to ask us if we are processing your Personal Data and, if so, for a copy of the Personal Data we hold about you, as well as obtain certain other information about our processing activities.
  • Correction. If any Personal Data we hold about you is incomplete or inaccurate, you can require us to correct it, though we may need to verify the accuracy of the new data you provide to us.
  • Erasure. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.  If you are in Brazil, you may also ask us to anonymize or block personal data that is excessive, unnecessary or where we may have processed your information unlawfully.
  • Object. Where our reason for processing your Personal Data is legitimate interest, you may object to processing as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. 
  • Restriction. You may ask us to suspend our use of your Personal Data in the following scenarios: 
    • if you want us to establish the data’s accuracy; 
    • where our use of your Personal Data is unlawful but you do not want us to erase it; 
    • where you need us to hold your data for a longer period than we usually would, because you need it to establish, exercise or defend legal claims; or 
    • you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it. 
  • Transfer. Where it is possible, we will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to Personal Data provided by you which you initially provided consent for us to use or where we used the information to perform a contract with you. 
  • Withdraw consent. Where our reason for processing is based on your consent, you may withdraw that consent at any time. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Automated decision making. You have the right not to be subject to automated decision making (e.g., profiling) that significantly affects you. The exercise of this right is not available to you in the following cases: 
    • The automated decision is required to enter into, or perform, a contract with you. 
    • We have your explicit consent to make such a decision.
    • The automated decision is authorised by local law of an EU member state. 

However, in the first two cases set out above, you still have the right to obtain human intervention in respect of the decision, to express your point of view and to contest the decision.

If you have any questions about this Policy or wish to exercise any of the rights set out above, please contact us at dataprotection@gdcgroup.com.

We may need to request specific information from you to help us confirm your identity and ensure you are entitled to exercise a right in respect of your Personal Data. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

There may be legal or other reasons why we cannot, or are not obliged to, fulfil a request to exercise your rights. We will use available lawful exemptions to your individual rights to the extent appropriate. If we decline your request, we will tell you why, subject to legal restrictions. 

You also have the right to make a complaint at any time to a supervisory authority (for more information go to https://edpb.europa.eu/about-edpb/board/members_en). If you are located in the UK, you also have a right to make a complaint to the Information Commissioner’s Office (ICO).

International transfers of data

We may transfer your Personal Data outside of Europe. We will only transfer your information outside of Europe where the same standard of data protection applies or appropriate safeguards are in place.  This may include:

  • transfers to countries approved by European Commission as having an adequate level of protection;
  • use of appropriate safeguards such as Binding Corporate Rules or Model Contractual Clauses;
  • the consent of the individual to whom the personal data relates; or
  • other mechanisms or legal grounds as may be permitted under applicable European law.

10. INFORMATION FOR CALIFORNIA RESIDENTS

We are required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (CPRA), which goes into effect January 1, 2023, (“CCPA”) to provide California residents with an information of how we collect, use and share their Personal Data, and of the rights and choices we offer California residents regarding our handling of the Personal Data.  

Your California privacy rights

As a California resident, you have the rights listed below. However, these rights are not absolute, and we may decline your request as permitted by the CCPA. 

  • Access and data portability.   You may have the right to request that we provide you a copy of the Personal Data we have collected about you. In addition, you may have the right to request that we disclose to you information about our collection and use of your personal data in the preceding 12 months, including: (a) the categories and specific pieces of personal data we collect; (b) the categories of sources from which we collect personal data; (c) the business or commercial purpose for which we collect, sell or share personal data; (d) the categories of third parties to whom we disclose personal data; and (e) the categories of personal data disclosed for a business purpose or sold to third parties and the categories of third parties to whom such personal data was sold or disclosed. You may only make an access request to us for your personal data up to two times in any 12-month period.
  • Deletion.  You may have the right to request that we delete certain personal data that we have collected about you. The foregoing is subject to our right to maintain your personal data for specific purposes permitted under the CCPA. If we are unable to comply with any such request, we will notify you.
  • Correction. You may have the right to request that we correct inaccuracies in the personal data we have collected about you.
  • Right to limit the use and disclosure of sensitive personal data. The CCPA grants you the right to instruct a business to limit its use or disclosure of your sensitive personal information to that use which is necessary to perform the services or provide the goods reasonably expected by you in your request for those goods or services and to perform certain activities permitted by the CCPA. We do not collect, use or disclose sensitive personal data for any purposes other than those necessary to provide the relevant services or as permitted by the CCPA.
  • Right to opt-out. You may have the right to request that your personal data not be shared (as such terms are defined above) with third parties.
  • Non-discrimination.  You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as by denying you goods or services, increasing the price/rate of goods or services, decreasing the service quality, or suggesting that we may penalize you as described above for exercising your rights. However, the CCPA allows us to charge you a different price or provide a different service quality if that difference is reasonably related to the value of the Personal Data we are unable to use. 

How to exercise your rights

You may exercise your California privacy rights as follows:

Right to information, access and deletion

You can request to exercise your information, access and deletion rights by:

  • Contacting us at dataprotection@gdcgroup.com
  • Identify verification. The CCPA requires us to verify the identity of the individual submitting the request before providing a substantive response to the request. A request must be provided with sufficient detail to allow us to understand, evaluate and respond. The requester must provide sufficient information to allow us to reasonably verify that the individual is the person about whom we collected information. A request may also be made on behalf of your child under 13.
  • Authorized agents.  California residents can empower an “authorized agent” to submit requests on their behalf.  We will require the authorized agent to have a written authorization confirming that authority.

Sale or Sharing of Personal Information for cross-context advertising means

Our websites and online services and the websites of our Media Partners may use analytics and advertising tools that enable us and our analytics and marketing partners to collect and disclose internet or other electronic network activity information based on your activity across our services and websites and the websites of our Media Partners, including to analyze your usage of our services and our services with our Media Partners and to serve you advertisements that are relevant to you (collectively, “cross-context behavioral advertising”). However, please note that we do not knowingly sell or share the Personal Information of consumers under 16 without parental consent.

Personal information that we collect, use and share

The table below summarizes what data we may collect or what data may have been collected from California residents during the last 12 months before the effective date of this Policy.

Please note that the categories and examples provided in the list below are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact collected by GDC but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been collected. For example, certain categories of personal information would only be collected if you provided such personal information directly to us.

Categories of Information We CollectData Elements within the CategoryDo we collect this information?Do we share this information for business purposes?
IdentifiersReal name, alias, postal address, unique personal identifier, customer number, email address, account name, other similar identifiers. YesNo
Online IdentifiersAn online identifier or other persistent identifier that can be used to recognize a person, family or device, over time and across different services, including but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers (i.e., the identification of a person or a device to a degree of certainty of more probable than not) that can be used to identify a particular person or device.YesNo
Protected Classification CharacteristicsRace, religion, sexual orientation, gender identity, gender expression, ageAge possibleNo
Commercial informationRecords of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendenciesNoNo
Biometric InformationAn individual's physiological, biological or behavioural characteristics, including DNA, that can be used, singly or in combination with each other or with other identifying data, to establish an individual's identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a face print, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.NoNo
Internet or Network InformationBrowsing history, search history, and information regarding a consumer's interaction with an Internet website, application, or advertisement.YesYes
Geolocation DataPrecise location, e.g., derived from GPS coordinates or telemetry data.YesYes
Professional or Employment InformationInformation relating to a person's current, past or prospective employment or professional experience (e.g., job history, performance evaluations), and educational background.PossibleNo
Financial InformationBank account number, debit or credit card numbers, insurance policy number, and other financial information. YesYes
Medical InformationPersonal information about an individual's health or healthcare, including health insurance information.  NoNo

11. INFORMATION FOR VIRGINIA RESIDENTS

Under the Virginia Consumer Data Protection Act, Virginia residents have the following rights around GDC’s collection, use and disclosure of their personal data. For purposes of exercising the rights in this section, the listed terms are defined as follows:

Definitions:

  • Profiling means any form of automated processing to evaluate, analyze or predict personal aspects related to a person’s economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
  • Sale of personal data means the exchange of personal data for monetary consideration.
  • Targeted advertising means displaying advertisements to a consumer where the advertisement is selected based on personal data obtained from that consumer’s activities over time and across non-affiliated websites or online applications to predict such consumer’s preferences or interests.

As a Virginia resident, you may have the rights listed below.

  • Right of access. You may have the right to confirm whether we are processing your personal data and to access your personal data.
  • Right of data portability. You may have the right to request that we provide you a copy of the personal data that you previously provided to GDC.
  • Right to correction. You may have the right to request that we correct inaccuracies in the personal data we have collected about you.
  • Right to deletion. You may have the right to request that we delete certain personal data that we have collected about you. The foregoing is subject to our right to maintain your personal data for specific purposes permitted under applicable state law. If we are unable to comply with any such request, we will notify you. 
  • Right to opt-out. You may have the right to request that your personal data not be sold to third parties or used for targeted advertising or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
  • Appeal. You may have the right to appeal GDC’s denial of any of the above-listed rights. You may do so by responding to the message in which GDC has communicated its denial and indicating you would like to appeal that denial.

How to exercise your rights

If you are a Virginia resident, you may exercise your rights by contacting us at dataprotection@gdcgroup.com

12.OTHER STATES OF THE UNITED STATES PRIVACY RIGHTS

The States of Colorado, Connecticut, and Utah each provide their state residents with rights to:

  • Confirm whether we process their personal information.
  • Access and delete certain personal information.
  • Data portability.
  • Opt-out of personal data processing for targeted advertising and sales.

The States of Colorado and Connecticut also each provide their state residents with rights to:

  • Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose.
  • Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.

If you are a resident of any of these states, you may exercise any of these rights by contacting us dataprotection@gdcgroup.com.

The State of Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out rights may submit a request to this designated address: dataprotection@gdcgroup.com. However, we do not currently sell data triggering that statute’s opt-out requirements.

13.LINKS TO OTHER WEBSITES

In the provision of our services, on our websites and on the websites of our Media Partners, we may link to third-party websites, mobile applications, and other content. GDC is not responsible for the privacy practices of any such third party, and this Policy does not apply to such third party’s websites, mobile applications, or other content. GDC does not guarantee, approve, or endorse any information, material, services, or products contained on or available through any such linked third-party website, mobile application, or other content. GDC is not responsible for any content on any such third-party properties to which we link.

14. COOKIES INFORMATION

Cookies are small pieces of data served on your computer that remember what you enter while you’re browsing a website. For more information about cookies and how they work, please visit: www.aboutcookies.org.

We use cookies to improve our service, and to enhance your user experience, for example, to show you the most relevant information when you return to our site.

When we use cookies, we do not typically process any information that personally identifies a user.  By using our websites, you are consenting to us using cookies. You can manage cookie usage, disable or delete cookies through your browser settings at any time. The help function in your preferred browser should provide you with the correct information.

More information on how to deactivate or delete cookies can be found below as well as on https://www.aboutcookies.org/cookie-faq/. 

Some browsers provide helpful cookie guides:

  • Chrome: https://support.google.com/chrome/bin/answer.py?hl=en&answer=95647&p=cpn_cookies
  • Firefox: http://support.mozilla.org/en-US/kb/Cookies
  • Internet Explorer: http://support.microsoft.com/kb/278835
  • Safari 5 for Mac: https://support.apple.com/e
  • Opera: http://help.opera.com/Linux/10.50/en/cookies.html

In addition, Google Analytics provides its own opt-out options:

  • http://tools.google.com/dlpage/gaoptout

In the case of mobile devices, it may be necessary to consult the device’s instruction manual to manage cookies effectively. Restriction of cookies may have an impact on the functionality of our websites.

TYPES OF COOKIES

We may use cookies for different purposes and with different functions.

Essential cookies are necessary for our websites to work effectively. They help to make our websites usable by enabling basic functionalities such as page navigation and accessibility to secure areas of our websites. Cookies of this nature may also be used to protect and accelerate our websites for security reasons and to identify our trusted visitors. They may filter bots and distinguish them from legitimate users, preventing any form of spam activity on our websites.

Preference cookies enable our websites to remember information that changes the way our websites behave or look. They may also be used to provide services you have asked for.

Analytics cookies analyse information about how our websites are being used. Analytics cookies can process information about the number of visitors to our websites, where visitors to our websites came from, the pages they visit, scrolling activities, downloads, information about user agents, time spent on our websites and approximate geo-location of a device that you use to access our websites. We use this information to compile reports that help us to improve our websites. 

In case we allow others to service cookies through our websites and/or apps, these cookies are called “third party cookies”.

Below is more information about most common cookies that we use, how they are used, and how long they will be stored on your computer or device.

Our most common cookies are:

CookieDescription
KAX_P - Placed by GDCThis is a first party cookie to give us information about how visitors discover our websites (e.g., whether they clicked a Google search result, an advertisement or typed any of our websites address on their browser). This cookie is stored for 1 month.
Google Analytics – Placed by GoogleThis third-party cookie provides us information about your use of the site, including where the site is accessed from, time of visit, pages viewed, etc. This cookie is stored for 2 years.
Google AdWords - Placed by GoogleThis third-party cookie enables us to advertise our site using Google AdWords campaigns. This cookie is stored for 2 years.
Google Cookies_ga - Google cookie used to identify users which expires after 2 years.
_gid - Google cookie used to identify users which expires after 24 hours.
_gasessionid - Placed by Google. Used to tie user activity to a specific time window.
_gaclientid - Placed by Google. Unique identifier for a browser–device pair that helps Google Analytics link user actions on a site.
_utmzz - Placed by Google. Used to track where visitors came from.
Microsoft CookiesMicrosoft Clarity. Placed by Microsoft. Used to track how users interact with a site.
MMID - Placed by Microsoft Identifies unique web browsers visiting Microsoft sites.
KTag Cookies (our inhouse tracking system)g_uuid - KTag User ID. Placed by gambling.com group and used to assign an anonymous identifier to each user so we can tailor content to your preferences.
g_sid - KTag session id. Placed by gambling.com group and used to assign an anonymous session to each user so we can track which advertisements perform best.
Optin Monster CookiesPlaced by Optin Monster. Used to track user interactions with AB tests.
Custom CookiesPrivacyModalVisited. Placed by gambling.com. Used to track if users interacted with a model to avoid showing it twice.
Hotjar - Placed by HotjarThis third-party cookie allows us to measure and observe user behaviour on our websites with no connection to personal information.
OutbrainThis third-party cookie allows us to tailor content based on viewer preferences. This cookie is stored for 10 Months.
ViafouraThis third-party cookie allows us to create interactive features for our users on some of our websites and it enables you to log in to be able to post a comment, like a comment, follow a user or a conversation, etc.
Cloudflare - Placed by Cloudfare.This cookie is strictly necessary for Cloudflare's security features and cannot be turned off. It does not correspond to any user ID in your web application and does not store any personally identifiable information. This cookie is stored for 12 Months.
ViziblThis cookie is used to deliver GDC advertisements relevant to you, based upon your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of an advertising campaign. This cookie is stored indefinitely.
Facebook custom audiencesThis cookie is used to deliver GDC advertisements relevant to you, based upon your on-site actions. This cookie is stored for 180 days. We may use Facebook custom audiences to deliver advertisements to email subscribers based on email addresses we have gathered. For further information on Facebook advertising please visit here. To learn how to opt out of Facebook advertising please visit here.
PushEngageThis cookie is used to send you notifications relevant to you based upon your interests, after you have subscribed to receive notifications from GDC. They are also used to send you notifications based on your geolocation. For instructions on how to unsubscribe from receiving notifications please visit here.
Cohort - IDThis cookie is used categorise the user into a group based on their device so that we are able to tailor better offers for you.
CriteoThis cookie is used to deliver GDC advertisements relevant to you, based upon your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of an advertising campaign. This cookie is stored indefinitely. If you would like to opt out of our service for all browsers we have been able to link to the cookie ID of your current browser, please see the opt out module included in the “User Choices” section here. If you only want to opt out from your current browser uncheck the box.
ALGOLIAThis cookie is used to search analytics and preferences. This cookie is stored for 6 months.
op_list_region_usThis cookie used to store a record of users’ preferred US state. This cookie expires when the users session ends.
__gadsGoogle Advertising cookie, expires after 13 months.
__gpiGoogle Advertising cookie, expires after 13 months.
__qca:Quantcast Digital Advertising cookie to store and track audience reach, expires after 13 months.
_cc_idLotame digital marketing cookie, expires after 270 days.
_fbpFacebook Pixel cookie, expires after 3 months.
_gcl_auGoogle Analytics and Advertising cookie, expires after 90 days.
_uetsidBing Advertising cookie, expires after 1 day.
advertUsed to track any referrals (such as rotowire.com/try), limited to that session.
cookieDigital marketing cookies, expires after 28 days.
cto_bididCriteo Advertising cookie, expires after 13 months.
cto_bundleCriteo Advertising cookie, expires after 13 months.
panoramaId_expiryLotame digital marketing cookie, expires after 7 days.
panoramaIdLotame digital marketing cookie, expires after 7 days.
panoramaIdTypeLotame digital marketing cookie, expires after 7 days.
PHPSESSIDThe unique session ID of a logged in user, expires after 1 year.
RW_addonsUsed in subscription process to track if a subscriber purchased an optional add-on (such as a magazine), limited to that session.
RW_couponUsed to redeem special subscription offer codes, limited to that session.
RW_orderTotalUsed in subscription process to display changes in order total, expires after 1 year.
RW_viewedSubChoicesImpression cookie used to track conversions, limited to that session.
rwbaseballmyleagueThe user's preferred league in MyLeagues feature, limited to that session.
rwbasketballmyleagueThe user's preferred league in MyLeagues feature, limited to that session.
RWCFBrankingsUsed to preserve a user's preferences on our College Football Rankings page, expires after 6 months.
RWDefvsPos90StatsUsed to preserve a user's preferences on our Soccer Defense vs Position (Per 90 Minutes) page, expires after 6 months.
RWDefvsPosTotStatsUsed to preserve a user's preferences on our Soccer Defense vs Position page, expires after 6 months.
rwfootballmyleagueThe user's preferred league in MyLeagues feature, limited to that session.
rwhockeyleagueThe user's preferred league in MyLeagues feature, limited to that session.
rwlandingUsed to route a user back to what they were viewing after they login, expires after 1 day.
rwmlbH2HPointsUsed to preserve a user's preferences on our MLB Rankings page, expires after 6 months.
rwmlbH2HRotoUsed to preserve a user's preferences on our MLB Rankings page, expires after 6 months.
rwmlbPointsUsed to preserve a user's preferences on our MLB Rankings page, expires after 6 months.
RWMLBPositionEligibilityUsed to preserve a user's preferences on our MLB Games Played By Position page, expires after 6 months.
RWMLBProjectedUsed to preserve a user's preferences on our MLB Projected Starters page, expires after 6 months.
rwmlbRotoUsed to preserve a user's preferences on our MLB Rankings page, expires after 6 months.
rwnbaH2HPointsUsed to preserve a user's preferences on our Basketball Rankings pages, expires after 6 months.
rwnbaH2HRotoUsed to preserve a user's preferences on our Basketball Rankings pages, expires after 6 months.
rwnbaPointsUsed to preserve a user's preferences on our Basketball Rankings pages, expires after 6 months.
rwnbaRotoUsed to preserve a user's preferences on our Basketball Rankings pages, expires after 6 months.
RWNFLrankingsPreserves a user's NFL scoring and roster preferences across Auction Values and Rankings pages, expires after 6 months.
rwnhlPtsPreserves a user's NHL scoring and roster preferences across Auction Values and Rankings pages, expires after 6 months.
rwnhlRotoPreserves a user's NHL scoring and roster preferences across Auction Values and Rankings pages, expires after 6 months.
RWPlayerPer90StatsUsed to preserve a user's preferences on our Soccer Player Stats (Per 90 Minutes) page, expires after 6 months.
RWPlayerStatsUsed to preserve a user's preferences on our Soccer Player Stats page, expires after 6 months.
RWPrizePicksProjectionsRemembers a user's preferred sports on our Prize Picks page, expires after 6 months.
rwsoccermyleagueThe user's preferred league in MyLeagues feature, limited to that session.
RWSOCrankingsPreserves a user's Soccer scoring and roster preferences across Weekly Rankings and Season Rankings pages, expires after 6 months.
RWTeamStatsUsed to preserve a user's preferences on our Soccer Team Stats page, expires after 6 months.
.33across.comThe 33Across platform delivers programmatic video and display ad revenue to publishers across devices.
.adform.netAdform is an advertising platform.
.amazon-adsystem.comAmazon Ad System is an online advertising service which run ads on the Amazon network.
.colossusssp.comColossus SSP is a custom supply side platform that delivers a diverse marketplace, enabling brands of all sizes to connect with multicultural and general market audiences.
.connextra.comConnextra is the gaming industry's No 1 adserver, delivering live prices & messages into dynamically-built online adverts.
.creativecdn.comRTB House is a global company that provides AI-based advertising and marketing technologies for large brands and agencies worldwide.
.crwdcntrl.netThe crwdcntrl.net is owned by Lotame Solutions Inc. “Data Management Platform: Lotame licenses its Data Management Platform software to online publishers, marketers, agencies and other companies for their use in collecting, organizing and activating data for their marketing purposes.
.id5-sync.comID5 operates an identity platform for the digital advertising industry, helping publishers monetise their websites and protect their users' privacy.
.mediago.ioMediaGo is a global AI-integrated marketing platform under the Baidu Global brand that helps clients to rapidly expand into the global market and enhance international influence.
.prebid.a-mo.netPrebid Mobile is an open-source library that provides an end-to-end header bidding solution for mobile app publishers.
.pub.networkProvides advertising or advertising-related services such as data collection, behavioral analysis or retargeting.
.quantserve.comquantserve.com is a domain used by Quantcast. The domain is used for advertising and analytics.
.scorecardresearch.comScorecardResearch.com is a domain owned by Full Circle Studies, a market research company that is part of Comscore, Inc. Comscore is media analytics and measurement company that provides marketing data, analytics, and digital market research to its clients.
adnxs.comAdnxs.com is run by AppNexus, a company that provides technology, data and analytics to help companies buy and sell online display advertising.
bidswitchBidSwitch provides immediate and seamless real-time access for supply and demand partners across all media types (display, mobile, video, native, etc.)
dotomiDotomi provides Personalized Media display advertising that is dynamically adapted in real time at the user and impression level.
justpremiumJustpremium offers programmatic buying and selling of online advertising space with real-time technologies.
openxOpenX is a leader in programmatic advertising, powering monetization and advertising revenue for publishers.
quantservequantserve.com is a domain used by Quantcast. The domain is used for advertising and analytics.
sonobiSonobi is an consumer-focused technology company that provides a media marketplace to connect advertisers.

Please note that our advertisers may also use cookies on their websites, and we have no control over such use.

If you have any questions about this Policy or you wish to exercise any of the rights set out above, please contact us at dataprotection@gdcgroup.com.

We will respond to all legitimate requests promptly and, in any event, within any timeframes prescribed by applicable law. In general, we must respond to queries within one month from the receipt of the request. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Updates to this Policy

We may make changes to this Policy from time to time. You can always find an up-to-date version of this Policy  on our websites.

This Policy was updated as of August 31, 2023.