TomGarrattBets.com is operated on behalf of Tom Garratt by GDC Media Limited, a subsidiary of Gambling.com Group Limited (Nasdaq: GAMB). Questions or requests to exercise your rights: dataprotection@gdcgroup.com.
This layout is shared by Privacy & Cookies Policy, Terms & Conditions and Cookie Policy — only the H1 and section content change.
GDC respects your privacy and is committed to protecting your personal data. Personal data means any information that relates to an identified or identifiable individual. It does not include data where the ability to identify an individual has been removed (anonymous data).
This Policy describes your rights and choices regarding your personal data. It is important that you read the Policy carefully. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact us as set out below.
We may alter this Policy at any time and from time to time as needed for certain services of GDC and to abide by local laws or regulations around the world, including by providing supplemental information to users in certain jurisdictions. This Policy does not apply to GDC’s processing of the personal data of its personnel, such as employees and contractors.
We also provide important additional information, which users should read, that is solely applicable to individuals located (i) within the Member States of the European Union, countries in the European Economic Area, the United Kingdom, and Switzerland (collectively, “Europe” or “European”), (ii) in Brazil, and (iii) in California, Colorado, Connecticut, Delaware, Montana, Nevada, Utah, Iowa, Florida, Washington, Virginia and other states of the United States, (iv) in Australia, (v) in Canada and (vi) in Mexico.
Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect, use or otherwise handle data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave any of our websites, we encourage you to read the privacy policy of every website you visit.
We collect personal data about individuals from various sources described below. Where applicable, we will let you know how we intend to use your data before collecting it, so that you can decide whether or not you wish to provide that information. We may collect, use, store and transfer different kinds of personal data about you (“Personal Data”) which we have grouped as follows:
“Personal Information” includes any information from which (alone or when used in combination with other information) you can be personally identified, including your name, surname, email address, telephone number or mobile number. The Personal Information we collect varies depending on our relationship and interactions with you. Personal Information, sometimes referred to as “personal data”, may also have specific meanings under different privacy laws.
“Profile Data” includes a username (or nickname), password (encrypted), login and logout times and a profile image that an individual may establish and upload on one of our websites or mobile applications, along with any comment or content posted by that user and any other information that an individual enters into their account profile.
“Financial Account Data” includes payment card details or bank account details.
“Recruitment Process Data” includes the CV and any covering letter of a job applicant and notes taken for the duration of your recruitment process relating to a job application and interview of a job applicant, and other information supplied by a job applicant, such as professional credentials and skills, educational and work history, and other information of the type included on a CV or covering letter.
“Usage Data” includes information about how you use our websites. This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, operating system and platform, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When you access our mobile applications with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our services, to improve and customize our services. You can enable or disable location services when you use our services at any time by way of your device settings.
We also may collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. We may retain recordings of any telephone voice messages that you have left for our customer support teams. We automatically collect Usage Data. If you are using a mobile device, we collect data that identifies your mobile device, device-specific settings and characteristics, app crashes and other system activity.
We do not collect any information about your race, ethnicity, religious or philosophical beliefs, gender or sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. However, if you are applying for a job with us, we will collect information about criminal convictions and offences.
We may use different methods to collect data from and about you including the following:
Direct interactions. You may give us your Personal Information, Profile Data, Financial Account Data and Recruitment Process Data by: a) filling in a job application form on our Career Page, b) providing an email address to register with our websites and/or receive our newsletter, c) posting comments during your use of our sites, and/or d) providing your contact details, payment card details and/or account log-in details via our registration and/or newsletters form.
Indirect interactions. You may give us your Personal Information indirectly by providing an email address and/or contact details to register with websites of and/or receive newsletters or other forms of communication from entities with whom we have an agreement to work in partnership with and provide services to (“Media Partners”).
Automated technologies. As you interact with our websites, we will automatically collect Usage Data about your equipment, browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies.
Third parties or publicly available sources. We may partner with third parties (such as content providers and analytics companies including Google Analytics, OptInMonster, Hotjar, customer.io, plausible.io, segment.io, Mixpanel and Convert.com) to help us improve the services of our website, including to provide you with relevant and interesting content and to conduct analytics and measurement to understand how our services are used. These companies may collect information from you automatically in connection with your visit. We may use third-party Service Providers to automate the development process of our service (such as development platform to host and review code, manage projects, and build software, including GitHub).
Generally, our websites can be accessed and used without registration and without having to provide us any Personal Data. You may opt in to receive information about promotions, bonuses, bets, tips and strategy by subscribing to one or more of our mailing lists by providing your email address. You may any time opt out from receiving such communications by writing to us or clicking the “unsubscribe” button in any of our emails to you. We will not share your Personal Data with third parties for marketing purposes unless you have provided us with your express consent to do so and/or, with respect to our Media Partners, you have consented to receive marketing communications from those Media Partners.
We may use your Personal Data for the purposes of:
Providing our services, which may include: operating, evaluating, maintaining, improving, and providing the features and functionality of our services; notifying you about changes to our services; fulfilling a payment transaction initiated by you; communicating with you regarding your account with us, including by sending you service-related emails or messages; personalizing the manner in which we provide our services; administering and protecting our business; providing you with news, special offers and general information about other goods, services and events which we offer; monitoring the usage of our services; detecting, preventing and addressing technical issues; and providing support and maintenance for our services.
For research and development. We use the information we collect for our own research and development purposes, which include developing or improving our services and developing and creating analytics and related reporting.
Marketing. We may use your Personal Data to form a view on what services we think you may want or need. We may contact you with marketing communications if you have actively expressed your interest in availing of our services and have not opted out. You can ask us to stop sending you marketing messages at any time by contacting us or clicking on the opt-out link included in each marketing message. Should you choose to opt out, we will continue to conduct our other relevant activities using your Personal Data, including sending non-marketing messages.
Managing our recruiting and processing employment applications. We process Personal Data, such as information submitted to us in a job application, to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics.
Complying with law. We use your Personal Data as we believe necessary and appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
Compliance, fraud prevention and safety. We use your Personal Data as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
With your consent. In some jurisdictions, applicable law may require us to request your consent to use your Personal Data in certain contexts, such as when we would like to send you certain marketing messages. If we request your consent, you have the right to withdraw it any time in the manner indicated when we requested the consent or by contacting us. If you have consented to receive marketing communications from our third-party partners, including our Media Partners, you may withdraw your consent by contacting those partners directly.
To create anonymous data. We may create anonymous data from your Personal Data and other individuals whose Personal Data we collect. We make Personal Data into anonymous data by excluding information that makes the data personally identifiable to you and use that anonymous data for our lawful business purposes.
We may have to share your data to the following parties:
Group Members. We may disclose your Personal Data to other Group Members for purposes consistent with this Policy.
Service providers. We may employ third parties to administer and provide services on our behalf (such as third parties that provide customer support, that we engage to host, manage, maintain, and develop our websites, mobile applications, and IT systems, and that help us process payments). These third parties may use your information only as directed by us and in a manner consistent with this Policy. These third parties are prohibited from using or disclosing your information for any other purpose.
Participants in the transaction processing chain. We may share your Personal Data with companies in the transaction processing chain in connection with processing a payment transaction, such as merchants, banks or other card issuers, card associations, debit network operators and their members.
Business Transaction. If GDC and any Group Member are involved in a merger, acquisition or asset sale, your Personal Data may be transferred.
Professional advisors. We may disclose your Personal Data to professional advisors, such as lawyers, bankers, auditors and insurers, in the course of the professional services that they render to us.
Transfers to third parties. We may disclose your Personal Data to third parties, such as our Media Partners and other third-party business partners, in order to provide our services. When we carry out any sharing with third parties, we always ensure that there is an appropriate contract in place, that the information being shared is transferred in a secure way, and that we only share the minimal amount of your information necessary. We will never sell your information to any other third parties. Where the third party is a data controller, they have the same obligations under data protection law to protect your data, as we do. Where the third party is a data processor, we require that these third parties provide a sufficient guarantee that the necessary safeguards and controls have been implemented.
Compliance with Laws and Law Enforcement. GDC may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process; (b) enforce the terms and conditions that govern our services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
GAMB is incorporated in the Channel Island of Jersey and GDC operates globally, with primary offices in United States and Ireland. The mailing address of our principal executive offices is 22 Greenville St., St. Helier, Channel Island of Jersey JE4 8PX. Your personal data may be transferred to other locations outside of your state, province, country or other governmental jurisdiction where we, our third-party partners, including our Media Partners, or our service providers maintain offices and where privacy laws may not be as protective as those in your jurisdiction. If we make such a transfer, we will require that the recipients of your personal data provide data security and protection in accordance with applicable law; and we will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.
European users should read the important information provided below in Section 10 about transfer of personal data outside of your region / country.
We have put in place appropriate security measures which we believe reasonably prevents your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors, subsidiaries, affiliates and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality. We have put in place commercially reasonable procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
As we seek to use reasonable physical, electronic, and procedural measures to safeguard Personal Data within our organization against loss, theft, and unauthorized use, disclosure, or modification, however, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your information, we cannot guarantee its security.
We will process and store the relevant Personal Data for as long as it is necessary for the purposes set out in this Privacy Policy or required in order to fulfil our legal, contractual, or statutory obligations and/or for the establishment, exercise or defence of legal claims.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our services, or we are legally obligated to retain this data for longer time periods.
If, during your use of our websites, you post comments, we will keep a record of your commenting history. Personal data collected from commenting will be kept for the lifetime of the article commented on.
In this section, we describe the rights and choices available to all users. Users who are located in Europe and Brazil should read additional information about their rights in paragraph 10 below; users who are located in California, Virginia and other US states should read additional information about their rights in the relevant paragraphs below; and users who are located in Australia, Canada and Mexico should read additional information in paragraphs 14, 15 and 16 respectively.
Marketing communications. You can ask us to stop sending you marketing messages at any time by contacting us or clicking on the opt-out link included in each marketing message. You may continue to receive service-related and other non-marketing messages.
Choosing not to provide your Personal Data. Where we request Personal Data directly from you, you do not have to provide it to us. If you decide not to provide the requested information, in some circumstances we may be unable to provide services to you. For example, we may be unable to process your transaction.
Accessing, modifying or deleting your information. In some jurisdictions, applicable law may provide a right for individuals to access, modify, or delete their Personal Data. You may contact GDC directly to request access to, modify or delete your information. We may not be able to provide access to, modify, or delete your information in all circumstances.
Complaints. If you have a complaint about our handling of your Personal Data, you may contact our data protection officer using the contact information below. A complaint must be made in writing. Please provide details about your concern or complaint so that we can investigate it. We will determine whether to take action in response to your complaint, which, if we do so, may include conducting internal discussions with relevant business representatives. We may contact you for additional details or clarification about your concern or complaint. We will contact you to inform you of our response to your complaint. You also may have a right to file a complaint with a national or local regulatory agency.
We may provide paid products and/or services. In that case, we use third-party services for payment processing (e.g. payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processors we work with from time to time include:
Data Controller. GDC is the data controller for the purpose of the General Data Protection Regulation (“GDPR”), and other applicable data protection laws. This means that GDC is principally responsible for looking after your Personal Data and this Policy determines the means and purposes of processing of Personal Data.
Legal bases for processing. We are required to inform you of the legal bases of our processing of your Personal Data. If you have questions about the legal basis of how we process your Personal Data, please contact us at dataprotection@gdcgroup.com.
| Processing purpose | Legal basis |
|---|---|
| Providing our services | Processing is necessary to perform the contract governing our provision of the services. |
| Marketing; For research and development; To manage our recruiting and process employment applications; For compliance, fraud prevention and safety; To create anonymous data | These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). |
| To comply with law | Processing is necessary to comply with our legal obligations. |
| With your consent | Processing is based on your consent. Where we rely on your consent, you have the right to withdraw it anytime in the manner indicated at the time we collect your information or by contacting us at dataprotection@gdcgroup.com |
Use for new purposes. We may use your Personal Data for reasons not described in this Policy where permitted by law and the reason is compatible with the purpose for which we collected it.
How long will we use your Personal Data? We will use your Personal Data for as long as necessary based on why we collected it and what we use it for. This may include our need to satisfy a legal, regulatory, accounting, or reporting requirement. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. In general terms, we will retain your Personal Data for the duration of your involvement/engagement with us and for as long as reasonably necessary afterwards. There are also certain types of information which are required to be retained for a certain period by law.
Your individual legal rights. You have the right to obtain access to, rectification of, erasure of, restriction of Personal Data, portability of Personal Data and to object to the processing of your Personal Data as follows:
If you have any questions about this Policy or wish to exercise any of the rights set out above, please contact us at dataprotection@gdcgroup.com. We may need to request specific information from you to help us confirm your identity and ensure you are entitled to exercise a right in respect of your Personal Data. There may be legal or other reasons why we cannot, or are not obliged to, fulfil a request to exercise your rights. If we decline your request, we will tell you why, subject to legal restrictions.
You also have the right to make a complaint at any time to a supervisory authority. If you are located in the UK, you also have a right to make a complaint to the Information Commissioner’s Office (ICO).
International transfers of data. We may transfer the Personal Data we collect about you to recipients in countries other than your country, including the United States. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your Personal Data to other countries, we will protect that information as described in this Policy or as otherwise disclosed to you. We comply with applicable legal requirements when transferring Personal Data to countries other than the country where you are located. If you are located in the EEA, the UK or Switzerland, we will transfer your Personal Information in accordance with adequacy decisions, standard contractual clauses, and other data transfer mechanisms.
A) Your Data Protection Rights under the California Consumer Privacy Act (CCPA/CPRA). We are required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (CPRA), to provide California residents with information of how we collect, use and share their Personal Data, and of the rights and choices we offer California residents regarding our handling of the Personal Data.
Your California privacy rights. As a California resident, you have the following rights (subject to CCPA exceptions): Access and data portability — you may request a copy of the Personal Data we have collected about you and information about our collection and use of your personal data in the preceding 12 months (up to twice per 12-month period). Deletion — you may request that we delete certain personal data that we have collected about you. Correction — you may request that we correct inaccuracies in the personal data we have collected about you. Right to limit use of sensitive data — we do not collect, use or disclose sensitive personal data for any purposes other than those necessary to provide the relevant services or as permitted by the CCPA. Right to opt-out — you may request that your personal data not be shared with third parties. Non-discrimination — you are entitled to exercise the rights described above free from discrimination.
How to exercise your rights. You may exercise your California privacy rights by contacting us at dataprotection@gdcgroup.com.
B) Your Data Protection Rights under the California Privacy Protection Act (CalOPPA). According to CalOPPA we agree to the following: (a) users can visit our site anonymously; (b) our Privacy Policy link includes the word “Privacy”, and can easily be found on the home page of our website; (c) users will be notified of any privacy policy changes on our Privacy Policy page; (d) users are able to change their personal information by emailing us at dataprotection@gdcgroup.com.
Under the Virginia Consumer Data Protection Act, Virginia residents have the following rights: right of access, right of data portability, right to correction, right to deletion, right to opt-out, and the right to appeal GDC’s denial of any of the above-listed rights. You may exercise your rights by contacting us at dataprotection@gdcgroup.com.
Residents of Colorado, Connecticut, Florida, Utah, Iowa, Delaware, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Nevada and Washington have various rights regarding GDC’s collection, use and disclosure of their personal data, including rights to access, correct, delete, data portability, and opt-out of targeted advertising and sales. To exercise any of these rights, please contact us at dataprotection@gdcgroup.com with the subject “Appeal of Consumer Rights Request” where applicable.
GDC is providing the following additional information for individuals whose personal information is collected or held by us at a time when the collecting or holding entity has an “Australian link” within the meaning of the Australian Privacy Law.
Where you are such an individual, you may make a complaint to us about a breach of the Australian Privacy Principles by contacting us at dataprotection@gdcgroup.com. If we do not adequately answer your concerns, you will have the right to make a complaint in writing to the Office of the Australian Information Commissioner.
If at any time you want to know what personal information we hold about you, you may request access to your record by contacting us. If at any time you want to change personal information that is inaccurate or out of date, please contact us and we can amend the record. If you want to have your personal information deleted, please let us know and we will take reasonable steps to delete it unless we need to keep it for legal or regulatory purposes.
We may collect, use, and disclose Personal Data for the purposes identified in this Privacy Policy, and for any additional purposes, as required by law, with notice to you and your express or implied consent. If you have a question or a complaint about our handling of your personal information, please contact us at dataprotection@gdcgroup.com.
You have the following ARCO rights regarding GDC’s handling of your personal information: the right to access your personal information, the right to correct inaccurate or incomplete data, the right to cancel your data, and the right to object to GDC’s processing of your data for certain purposes. To exercise your ARCO rights, please submit your request at dataprotection@gdcgroup.com indicating “Exercise of ARCO rights/Mexico” at the beginning of your request.
In the provision of our services, on our websites and on the websites of our Media Partners, we may link to third-party websites, mobile applications, and other content. GDC is not responsible for the privacy practices of any such third party, and this Policy does not apply to such third party’s websites, mobile applications, or other content.
Cookies are small pieces of data served on your computer that remember what you enter while you’re browsing a website. We use cookies, pixels, and similar technologies to improve our service, and to enhance your user experience, for example, to show you the most relevant information when you return to our site.
When we use cookies, pixels and similar technologies, we do not typically process any information that personally identifies a user. By using our websites, you are consenting to us using cookies. You can manage cookie usage, disable or delete cookies through your browser settings at any time.
Like many other companies which offer online services to their clients/customers, we use services provided by Google, Meta, and other companies that use tracking technology. Your choices to adjust your preferences for interest-based advertising include blocking cookies in your browser, using privacy plug-ins or browsers, and using platform opt-out tools provided by Google, Facebook, and others. Advertising industry opt-out tools are also available via the Digital Advertising Alliance and the Network Advertising Initiative.
Types of Cookies. We may use the following categories of cookies:
For a full list of the cookies we use, their purposes, and retention periods — including cookies placed by Google, Microsoft, Hotjar, Criteo, Facebook, Cloudflare and others — please refer to the cookie table maintained at Gambling.com Group’s main privacy policy page.
We may use remarketing services to advertise on third party websites to you after you visited our service. We and our third-party vendors use cookies to inform, optimise and serve ads based on your past visits to our service. Remarketing services we use include Google Ads (AdWords), Bing Ads, Twitter, and Pinterest. You may opt out of interest-based advertising through the settings and links provided by each of these platforms.
As we may make changes to this Policy from time to time, you can always find an up-to-date version of this Policy on our websites.