Enrol graphic
Enrol onto SENSE

SENSE Privacy Policy

1. THE PURPOSE OF THIS PRIVACY POLICY


The purpose of this Privacy Policy (“the Policy”) is primarily to inform and reassure you as to why we collect and process your Personal Data. It details how we keep your data secure and for how long it will be retained. The Policy also informs you about your rights under data protection legislation. Please be assured that we are fully committed to compliance with all applicable data protection laws and believe that data protection compliance is the foundation of any trustworthy business relationships. 

It is important that you carefully read this Policy in conjunction with any other information that we may provide to you when collecting or processing your Personal Data. This is to ensure that you are then fully aware of how, and why, we use it. Please note that, by applying to enrol onto the SENSE scheme, you are also confirming that you have read and understood this Policy.
 

2. THE PURPOSE OF THIS PRIVACY POLICY

SENSE stands for Self-Enrolment, National Self Exclusion. It is the national self-exclusion scheme operated by Self-Enrolment National Self Exclusion Ltd (“S.E.N.S.E. Ltd”, “we,” ”the Company”) on behalf of all land-based casino premises licensed in Great Britain by the Gambling Commission (“casinos”).  The Scheme (“SENSE”) is a voluntary agreement between the enrolled customer (“you”) and all participating casinos, within the Terms and Conditions of the scheme.

S.E.N.S.E Ltd is a company limited by guarantee registered in England and Wales under registration number 13998497. The registered address is EMW, Seebeck House, 1 Seebeck Place, Davy Avenue, Knowlhill, Milton Keynes MK5 8FR. To operate the scheme, the Company is a ‘Data Controller’ of any personal information that we need to collect about you in order to provide our services. 

SENSE must process your personal data and information (which may, at times, also include sensitive personal data) in accordance with all applicable laws. These include the UK and EU General Data Protection Regulations (GDPR) and the Data Protection Act 2018 (DPA 2018). 
 

3. WHAT IS PERSONAL DATA?

The term ‘Personal Data’ means any information relating to you that actually identifies you or could otherwise be used to do so, either directly or indirectly. Notably, any reference to information that clearly identifies you, such as your name, address, or a unique identification number. Equally, information that applies to one or more factors that are specific to you, be that physical, physiological, genetic, mental, economic, cultural, or otherwise part of your social identity.

Examples of the type of data that we require to enrol you onto SENSE include your full name, address, date of birth, sex, email address, a signature and a head and shoulders photograph.

If you enrol onto SENSE using our online Customer Self Enrolment (“CSE”) portal, (rather than in person at a casino) we will also require a copy of a valid government-issued ID document (such as a driving licence or passport). This is simply to ensure that the person making an application in your name is definitely you. Please note that we do not allow third parties to register on someone else’s behalf.

However, we do not retain copies of any proof of identity documents that you may submit as part of the online CSE application process or to verify an email enquiry.   Copies of such documents, either in hard or electronic form, will be deleted once they have served their sole purpose of identifying you, (by being compared to the data and photograph that you otherwise submitted).

Please also note that we retain the photograph submitted with your application for as long as we retain your data (as prescribed in Section 7 of this policy). This is primarily required so that participating casinos could identify you if you were to visit a casino in breach of your SENSE agreement. 
For a general email or website enquiry made to SENSE (e.g., “how do I….”) we may simply ask for your name and email address so that we can respond to your query.  However, if this enquiry needs us to divulge details of your own specific account, then we may also require copies of a proof of identity document (as above).  Again, this is to ensure that we are definitely communicating with the right person.  
 

4. WHAT IS SPECIAL CATEGORY PERSONAL DATA?

Some Personal Data needs more protection in law because of its sensitive nature. This is most often referred to as “Special Category Personal Data” and might commonly include information about someone’s sexual orientation, health, religion, ethnicity, or political affiliations. (It should be noted that Public Health England categorises problem gambling as a health issue). As such, additional obligations are placed on Data Controllers and/or Processors in order to lawfully process customer data (Under Article 9 of the UK and/or EU GDPR). 

Special Category Personal Data can also include biometric data. The Information Commissioner’s Office does not consider digital photographs as automatically being classed as biometric data even if used for identification purposes. In their published guidance, it only becomes biometric data to carry out “specific technical processing”. This includes your photograph being used to create an individual digital template or profile, notably within Facial Recognition (FR) software. This, in turn, would be used for automated image matching and identification.

Some participating casinos may implement Facial Recognition (FR) systems or other technological advances that might use SENSE data, either now or in the future. The casino would use the image that you provide to uniquely identify you as being self-excluded, should you attempt to enter that casino whilst self-excluded, in breach of your SENSE agreement. 

If you require further information as to how individual casinos operate FR technology, you should review the privacy policies of relevant operator(s) and/or otherwise contact their Data Protection Officer.

Any data processed by SENSE, including special category personal data, is done for the purpose of administering the SENSE scheme as effectively as possible. Where that includes the processing of biometric data for FR purposes by casino operators, (as above) then, on such occasions, our legal basis for doing so under Article 9(2)(g) of the UK General Data Protection Regulation (GDPR), is for reasons of substantial public interest, in the pursuit of safeguarding individuals at risk.
 

5. HOW WE COLLECT YOUR PERSONAL DATA

SENSE collects Personal Data in several ways. Primarily, we collect it directly from you at the time that you enrol into the scheme itself, by whatever means, as we require it to administer the self-exclusion scheme.

However, there are other reasons that we may either request or collect certain information from you or other customers, so being:

  • So that we may discuss the scheme with you as a potential or existing participant.
  • When someone browses any page of our website.
  • When someone contacts us by whatever means with a general enquiry about the scheme or their own Self-Exclusion specifically.

In these circumstances, the type of data we may ask for, or otherwise collect, depends on the reason it is needed. For example, when you use SENSE or visit our website, we may collect and process the following data, in accordance with this Policy, and for the purposes given below:

  • Data that identifies you including your IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version used.
  • Contact details: Including your name, email and / or home address and any other appropriate contact details you may choose to provide to us.
  • Data on how you or others use the SENSE website Your URL ‘clickstreams’ (i.e. your journey through our website), such as the products/services you viewed, page response times, download errors, how long you stayed on our pages, what you did on those pages, how often you visited the site etc. This is simply to help us optimize performance and generally improve the website.
  • Survey data This includes any additional information you may choose to give us as part of any survey or research that we might conduct in order to analyse trends and develop new content.   This is usually voluntary and optional unless the information is fully anonymised as part of aggregate statistical data (as below).

For example, your data may be used to compile general statistical data or research (e.g. to calculate the total number of self-exclusions registered with SENSE during a given period or the average length of time between registration and removal etc). However, in such cases, there would be no means or necessity to identify your own specific data within these wider statistics. Such anonymised data is required periodically by our regulator, the Gambling Commission, or by academic researchers approved by them on the same anonymised terms.

  • Location data This includes your precise and approximate geo-location which is collected from the device you use.
  • Aggregate data such as statistical or demographic data for any purpose, including to assist the Gambling Commission. Whilst Aggregated data might be derived from your personal data, it is not considered personal data in law because it does not directly or indirectly reveal your identity. However, were we to combine it with your own Personal Data, so that it does then directly or indirectly identify you, we would then treat the combined result as Personal Data and protect it in accordance with this Policy.

Note that SENSE does not collect or have access to your financial information, any casino gambling history or other internal records kept by participating casinos and governed by their own Privacy Policies. 
 

6. OUR LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA

The current Data Protection legislation (UK and EU GDPR, the global standard of compliance) requires that a data Controller (being an organisation that collects and decides what to do with your Personal Data) must have a legal basis for doing so. SENSE is a ‘Data Controller’ for any personal information that we collect about you in accordance with all applicable laws.

We will not process your Personal Data for any other reason without your consent or by informing you of any other lawful basis for doing so via updates to this Privacy Policy. In most instances, our legal bases for processing your personal information may fall under one, or more, of the following reasons:

a) You give you consent. We will obtain this in writing, and you are able to withdraw your consent at any time. That is, unless it falls within one of the reasons given below where we are obliged to retain it. In most cases, we are obliged by points b) and c), below, to process and retain your data. For example, casino licence conditions make it impossible to remove yourself from SENSE during the minimum requested self-exclusion period (usually six-months) and for a six-months “Thinking” period after that minimum requested period elapses. Our policy is to then retain your data for a further six-month period after removal. However, your data will then be deleted from the SENSE database at this point. (see Section 7, below).  Where applicable, you can otherwise remove your consent by contacting SENSE by email at info@sensescheme.com.    

b) We have a contractual obligation. For example, in order to enrol you into SENSE and enable the scheme to then work effectively. Equally, our customer support team may need it to notify you of any issues, such as changes to our service or to solve any problems or queries via email, (fixing bugs etc).

c) We have a legal obligation. For example, British casinos are obliged under the Gambling Act 2005 to protect vulnerable people, notably those with gambling issues. Therefore, data relating to self-exclusions can be relevant to a casino’s decision-making process in terms of whether to allow a customer to gamble again in their premises after their self-exclusion has been removed. This allows casinos to make responsible decisions about gambling by a previously excluded person within their premises and is also used to assist the regulator in gathering anonymised aggregate data about how all self-exclusion schemes are used and how effective they are.

d) We have a vital interest.

e) We need it to perform a public task.

f) We have a legitimate interest. For example, testing features, managing landing pages, traffic optimization and data analysis and research. This may include profiling and other techniques that may use your data and, in some cases, might require a third party to do this on our behalf.

Please note that SENSE does not undertake any marketing activities. If we were ever to undertake marketing activities in the future, we would comply with the requirements set out in the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), whereby we would include the option for you to stop receiving such marketing material from us. 
 

7. HOW LONG WE KEEP YOUR PERSONAL DATA

SENSE keeps your Personal Data for no longer than is necessary, and this will vary according to the reason it was collected. For example, if you register with SENSE, our legal basis for processing your personal data is contractual.  This means that, in accordance with contract law, we will keep your personal data on the SENSE database for six months from the date that your self-exclusion is removed either by you specifically during the “Thinking” period (see below), when eligible, or by being automatically removed by SENSE after the six-month “Thinking” period expires.

The ” Thinking” period is a period of six-months after the minimum requested period of exclusion has elapsed (normally six-month or extended to a year at your request).

Within this Privacy Policy and the SENSE Terms and Conditions, if you have not asked to be removed from SENSE between the end of your minimum requested, (or extended) period and the end of the subsequent six month “Thinking” period, your exclusion will then expire and be automatically removed.  

Please note that the automatic removal conditions mentioned above only apply as described for all new enrolments, extensions or renewals received on or after 16th December 2024.  This was the date when both the SENSE Terms and Conditions and the SENSE Privacy Policy were updated to incorporate auto-removal.  

For all “Pre-existing” customers who enrolled onto SENSE prior to that date (i.e. under previous T&Cs and Privacy Policies applicable at the time), the following conditions will apply:

i)    Customers whose minimum exclusion period elapsed more than three years ago (“Pre-Existing  Customers”) 

Pre-existing customers whose minimum exclusion period elapsed more than three years before the current T&Cs came into effect on September 1st 2025 will be auto-removed on that date.   

However, for a transitional period until 1st September 2026, their profile will remain as visible on the SENSE database, despite being auto-removed. This is so that a casino manager can then verbally notify them of their auto-removal if they visit a casino during the transitional period.  Subject to local entry controls under condition 4i), below, they may then enter and gamble during that visit, unless they elect to re-enrol onto SENSE.  
If a Pre-existing  customer does not visit during the 12 month transitional period, they will not otherwise be notified of their auto-removal.   
At the end of the transitional period, (i.e. on 1st September 2026), the notification process will end.  All Pre-existing  customers will then be treated in exactly the same way as any other auto-removed  customer, as detailed above.  Their profile will similarly be deleted from the SENSE database after a further period of six months.

ii)    Customers whose minimum exclusion period has not yet elapsed more than three years ago as at 1st September 2025.

All remaining pre-existing customers who enrolled prior to December 16th 2024, but whose minimum exclusion period had not yet elapsed more than three years ago, will remain as fully self-excluded unless or until they remove themselves from SENSE.  

However, if they do not remove themselves in the meantime, they will qualify as a Pre-existing  customer on the third anniversary of their minimum requested exclusion period elapsing.  They will then be auto-removed on that anniversary date and treated thereafter in accordance with section 7) i), above.

Please monitor the SENSE website regularly for any further changes to our Terms and Conditions and Privacy Policy in relation to the transitional period described above.

If you had simply made a general enquiry via our website or email, then the retention period would be much less, as there is unlikely to be a valid reason to retain it.

When calculating appropriate retention periods for your data, we consider the nature and sensitivity of the data, the purposes for which it is being processed and any applicable statutory retention periods. Using these criteria, we regularly review the Personal Data that we hold and the reason why we hold and process it. The retention period is then dependent on this review. Should you require further detail please email info@sensescheme.com. When we determine that Personal Data can no longer be retained (or where you request that we delete your data, and we would be permitted to do so within the above criteria) we always ensure that this data is then securely deleted or destroyed. 
 

8. SECURITY OF YOUR PERSONAL DATA

To protect your Personal Data, we use appropriate organisational and technical security measures. These include the need to ensure that our internal IT systems are suitably secure. We also implement procedures to deal with any suspected data breach. In the unlikely event of such a data breach, we will take steps to mitigate any loss or destruction of Personal Data. If required, we will also notify you and any applicable authority.

Although we use appropriate security to protect your Personal Data, we accept that the transmission of data over the internet (including by email) is never completely secure. We therefore use our best endeavour to protect Personal Data but can never 100% guarantee the security of data transmitted to, or by, us.
 

9. TRANSFERRING YOUR PERSONAL DATA OUTSIDE THE UK

To provide our services, we may need to share your Personal Data with third parties and suppliers based outside the UK.  For example, if the operating system on which SENSE is provided were to be moved to an overseas-based supplier, or they otherwise physically store the data overseas (e.g. on cloud-based servers based in another country). If this were to happen, we would ensure that your Personal Data received the same level of protection as if it were being processed inside the UK.  To this end, our contracts with suppliers stipulate the standards that must be followed in order to process and protect Personal Data on your behalf.

Where the support services of a British casino are located outside the UK, that casino company is a Data Controller in their own right, with their own legal obligations to protect your data. For information on how Personal Data is protected by a British casino company, please therefore refer to their own respective privacy notice or policy. 
 

10. YOUR RIGHTS

You have rights under data protection legislation and, subject to certain legal exemptions referred to in point 7, above, and we must allow you to exercise those rights if you ask us to do so.  In such cases, there is no charge, unless your requests are manifestly unfounded or excessive. In such circumstances, we may make a reasonable charge or decline your request.

Before we action your request, we may ask you for proof of your identity and, once received and confirmed, will then process the request without undue delay. This is normally within one calendar month. In order to exercise your rights please contact the SENSE Data Protection Officer via info@sensescheme.com. The Data Protection Officer is the SENSE Executive Director.

You can also contact the company if you wish to complain about the way we collect, store, and use your Personal Data. It is always our aim to provide the best possible remedy to your complaints. However, if you are not satisfied with our answer, you can also contact the relevant competent supervisory authority. In the UK, that is the Information Commissioners Office, contact details of which can be found below. Your rights in connection with personal information are set out below:

Subject Access Request - You have a right to receive a copy of all the Personal Data we hold about you.

Rectification - If any of your Personal Data that we hold is incomplete or inaccurate, you have a right to have it corrected.

Erasure - This is also known as the “right to be forgotten.” You have a right to ask us to delete your Personal Data, but only where there is no good reason for us continuing to hold or process it. However, certain criteria apply that may lead to your request being denied, as referred to in Point 7, above.  If we have a legitimate or lawful reason to continue processing your personal data, we will not be legally required to delete it. Records relating to a current self-exclusion fall under our contractual and legal obligations to retain the data. Therefore, any requests to delete such information, earlier than six months after a recent self-exclusion was removed, will not be approved.

Objection - You have a right to object if we are relying on legitimate interests as our legal basis for processing, or continuing to process, your Personal Data.  However, in certain circumstances we may still be able to continue. For example, if we have compelling legitimate grounds which override your interests, rights, and freedoms. Similarly, if your personal information is needed for the establishment, exercise, or defence of a legal claim.

Restriction - You have a right to ask us to restrict the processing of your Personal Data in certain circumstances. For example, you may ask us to suspend the processing of your data whilst checks are being made to ensure its accuracy. Restriction is not available where the legal basis relied on to process your Personal Data is the ‘performance of a contract.’

Portability - You have the right to ask that we reveal and transfer any Personal Data we hold about you to another party (e.g., a solicitor), subject to certain criteria being satisfied. We will provide this Personal Data in a structured, commonly used, and machine-readable format.

Right to withdraw consent – At any time, you can withdraw you consent to process your Personal Data going forward. However, please note that this has no effect on the legality of data processing that has already been carried out in the past and was done on the basis of your previous consent (see section 6 of this policy). To exercise your right to withdraw consent, please contact us at info@sensescheme.com.

Right to complain - If you are unhappy with the way in which your personal information has been, or is being, processed you have the right to make a complaint to the Information Commissioner’s Office (ICO). They can be contacted at: Information Commissioner’s Office Wycliffe House, Water Lane, Wilmslow Cheshire SK9 5AF www.ico.org.uk
 

11. YOUR OBLIGATIONS

If any of your Personal Data changes whilst you are using our services (e.g., change of address, married name, etc), it is important that you inform SENSE immediately in writing to ensure that the data we hold is accurate and up to date. Please contact SENSE Administration at info@sensescheme.com  accordingly to update your data records if and when necessary.

12. HOW TO CONTACT OUR DATA PROTECTION OFFICER

If you wish to contact SENSE to exercise any of your rights referred to above, or about any other data protection matter, please contact our DPO via info@sensescheme.com


13. THE DATA PROTECTION PRINCIPLES

As above, we comply with all relevant Data Protection Legislation. In particular, Article 5 of the UK and EU GDPR contains the data protection principles that we adhere to. These require that Personal Data is: 
 

  • Processed lawfully, fairly and in a transparent way.
  • Collected for specified, explicit and legitimate purposes and not used in any way that is incompatible with those purposes.
  • Adequate, relevant, and limited to what is necessary.
  • Accurate and, where necessary, kept up to date.
  • Kept for no longer than is necessary for the purposes we have told you about.
  • Kept securely. 

We operate according to these principles, regardless of where you, as a customer, may be located. 

14. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update this Privacy Policy from time to time. The most up to date version will be published on our website www.senseselfexclusion.com. To ensure that you are made aware when changes to this Policy have been made, the revision date at the bottom of each page will show when it was last amended and the most recently updated text will be highlighted in the document. Changes apply as soon as they are published on our website. We therefore recommend that you visit this Policy regularly to review any updates that may have been made.

Contact details for SENSE

Telephone: (+44) 020 34092047

Email: info@sensescheme.com

Website: www.senseselfexclusion.com 


Recent amendments made to this Policy:

1st September 2024    
Section 7 – Update on arrangements for the auto-removal of “Pre-existing” customers, created under previous T&Cs before auto-removal was introduced for new enrolments post 16th December 2024 (see below). Those whose minimum requested self-exclusion period elapsed more than three years before 1/9/25 (i.e. prior to 31/8/22) are now auto-removed, and, going forward any remaining Pre-existing  customers (i.e 1/9/22 to 15/12/24) will be auto removed on the third anniversary of their minimum requested period elapsing.    

Transitional arrangements will apply for 12 months (i.e. until 1st September 2026) during which time Pre-existing  customers will be notified of their auto-removal by a manager if and when they visit during this period.  If they do not visit during this period, they will not be notified.

16th December 2024
Section 2- update change of corporate address details.
Section 3- Add reference to the Customer Self-Enrolment process and remove references to the need to provide a proof of address document for online enrolments or enquiries.
Section 5 – delete references to specific communication methods (e.g. post etc) and replace with generic terminology.
Sections 6(a), 6(c), 7 & 10 – Amend references to the period of data retention after a self-exclusion is removed, reducing it from six-years to six months and to delete reasons for the previous longer retention period accordingly.  
Section 7- Add references to automatic removal at the end of the six-month “Thinking” period, whilst clarifying transitional arrangements for “Pre-existing” customers who excluded prior to 16th December 2024 when this updated policy and related Terms and Conditions took effect.

30 November 2023
Section 3 - clarification added regarding retention of photographs.
Section 4- Expanded to cover the use of Facial Recognition software under “Special Category Status” of data legislation.
Section 5- clarification added regarding use of anonymised data for statistics.
Section 9- clarification to include cloud-based servers being located overseas
Sections 6(a) & 10 - clarification added regarding right to withdraw consent.

31 July 2023     
Reformatted