GAMSTOP ONLINE PRIVACY POLICY
We are The National Online Self Exclusion Scheme Limited, sometimes referred to as NOSES, GAMSTOP or Gamstop Online (“we, us, our”). We are a limited liability company registered in England and Wales. Our company number is 10504973.
We run the Gamstop Online service (GAMSTOP), a free self-exclusion service to help UK residents control online gambling. To run GAMSTOP we need to use your personal information. This Privacy Policy (“Policy”) explains what personal information we collect, how we use it, who we share it with and how long we retain it.
We have also provided important information regarding your rights in respect of the personal information we collect about you and how you can contact us.
This Policy was last updated 19 November 2025. We will update it again when necessary to reflect changes in our practices or the law.
To contact us about how we use your personal information please use the details set out below.
2.1. GAMSTOP
If you would like help controlling your online gambling, you can register for a six-month, one-year or five-year minimum period of self-exclusion with GAMSTOP. During your period of self-exclusion, GAMSTOP will help to prevent you from using gambling websites and apps run by gambling companies licensed by the Gambling Commission in Great Britain (operators).
2.2. Registration
Registration with GAMSTOP is straightforward. We just need you to provide some basic details. We will then verify your identity before completing registration. You can find out how to register for GAMSTOP on our website https://www.gamstop.co.uk/register.
2.3. Auto renewal
If you select a five-year minimum period of self-exclusion, you will have the option (either during registration or later from your GAMSTOP account) to use our auto renewal feature.
If you do select auto renewal, a new five-year minimum period of self-exclusion will begin immediately after the expiry of your current five-year minimum exclusion period.
This process will continue for four new five-year minimum exclusion periods or until you turn off auto renewal from your GAMSTOP account.
You may only turn off the auto renewal option during the last six months of a five-year minimum exclusion period. Consequently, if you automatically begin a new five-year minimum self-exclusion period, you shall remain self-excluded for at least a further five years. At that point it will be four years and six months until you again have the option to turn off auto renewal to prevent another further five-year minimum exclusion period from beginning.
After four years and six months has passed, you will be able to turn off auto renewal from your GAMSTOP account to prevent another further five-year minimum exclusion period from beginning.
If you do turn off auto renewal and your minimum exclusion period expires, you will remain self-excluded until you decide to remove your self-exclusion.
2.4. Operator checks
All operators are required to check whether their customers are registered with GAMSTOP. Consequently, once you are registered, every time you attempt to login or create an account with an operator, the operator will check to see if you are self-excluded.
2.5. Self-exclusion
When we inform an operator that you are self-excluded with GAMSTOP, that operator should prevent you from accessing its online gambling services.
You will have to contact operators directly about account closures and withdrawing any funds you may have. The details of how this will be done will depend on the operator in question and the return of any funds is not our responsibility.
2.6. Post self-exclusion
If you decide to remove your exclusion after your minimum period has expired, you must telephone our Contact Centre. We will then send you a removal email acknowledging your decision. Following a cooling-off period of at least 24 hours, during which you may change your mind, we will remove your self-exclusion.
After we remove your self-exclusion, we will inform operators for a seven-year period that you were previously self-excluded.
Operators do not have to prevent you from accessing online gambling services during this time. However, they may choose to prevent you from accessing online gambling services outside of the GAMSTOP service.
We have no influence over whether an operator prevents you from accessing online gambling services outside of the GAMSTOP service.
We obtain most of your information either from you, operators or our third-party verification providers – TransUnion and Onfido.
3.1. Primary email verification
Before you can register with GAMSTOP, you must provide us with your primary email address. We will send an email to this address with a link for you to verify it belongs to you. We collect the IP address of any device opening this email. Once you have verified your primary email address, you can continue to the GAMSTOP registration process.
You must use a private email address as your primary email address, as anyone with access to the email account could view any messages that may be sent to you or access your GAMSTOP details.
3.2. Registration
During the GAMSTOP registration process, we ask you to provide the following ‘registration data’:
- Your title
- Your first name
- Your last name
- Your current address and postcode and any postcodes you have lived at previously
- Your date of birth
- Any additional email addresses you currently use or have used in the past
- Any mobile numbers you currently use or have used in the past
3.3. Identity verification
As part of registration, you must undergo an identity verification process. We have two external verification providers, TransUnion and Onfido. In a small number of cases, we also undertake verification manually ourselves.
TransUnion
TransUnion provides us with a series of questions only you should know the answer to. You must answer enough of the questions correctly to complete the TransUnion process.
TransUnion's privacy notice explains in more detail how TransUnion uses your personal information.
Onfido
Onfido uses facial recognition technology to compare a photo of you with the photo on your official photographic ID document. Onfido undertakes this process and holds this information on our behalf.
Manual verification
In some cases, it may not be possible for TransUnion or Onfido to verify you. We will let you know if this happens, in which case we will require you to provide official ID documents to our Contact Centre before you can use the GAMSTOP service.
3.4. Email confirmation
When you have successfully registered for a GAMSTOP self-exclusion, we will send an email confirming your registration. We will also send you an email confirming any auto renewal of your minimum period of self-exclusion.
We collect the IP address of any device opening these emails.
3.5. Reminder emails
You can opt-in for emails at registration or during your self-exclusion from your GAMSTOP account that remind you to update your registration data.
3.6. Gambling Operators
All operators are required to check if their customers have self-excluded with GAMSTOP. Operators must undertake checks on a daily basis and every time a customer attempts to login or register for an account.
To undertake these checks, operators send their customers’ data to us. The data we receive from operators is hashed and we only store this information as long as is necessary to perform the check and let the operator know if there is a match.
In addition to these checks, operators may provide us with details about attempts to log in to online accounts and other information that may be relevant to our provision of the GAMSTOP service.
A full list of the operators that participate in the GAMSTOP scheme is available here. We strongly recommend that you review the privacy policies of any operators you use to access online gambling services.
3.7. Incorrect identification
We may receive information from an operator, individual or other source that indicates that an individual has been incorrectly identified as being self-excluded, when, in fact, they did not register for self-exclusion with GAMSTOP.
In these situations, we may store certain personal information about that individual in order to build safeguards into our system to avoid that individual being incorrectly prevented from accessing operators' sites in the future. We will collect the personal information necessary to achieve this aim and will retain it for so long as it is needed.
3.8. Call recording
We record calls to our Contact Centre for training, accuracy and performance monitoring purposes. You will receive a message informing you that calls are recorded at the beginning of the call.
3.9. Information about other individuals
As part of the operation of GAMSTOP, we may receive personal information relating to individuals who have not registered for GAMSTOP. For example, GAMSTOP consumers when registering their own self-exclusion may add personal information relating to other individuals during the registration process or later via their online accounts.
We may also receive personal information relating to third parties in correspondence.
3.10. Accuracy
We may also collect personal information from official sources, and information and insights companies where necessary to ensure we hold accurate and up-to-date registration data.
3.11. Categories of Information
The table below contains more details regarding the categories of personal information we collect and process.
| Category | Details | Source |
|---|---|---|
| Registration data | First name (and title) Last name Address(es) Date of birth Email address(es) Mobile number(s) | GAMSTOP consumers |
| Self-excluded status | Record of verification and self-exclusion status | GAMSTOP consumers / Us |
| Operator data | Registration data relating to operator’s customers | Operators |
| Contact information | Name Correspondence email address Correspondence telephone number | GAMSTOP consumers |
| TransUnion verification information | Title TransUnion questions | GAMSTOP consumers / TransUnion |
| Manual verification information | Official ID document Photograph of you holding official ID document | GAMSTOP consumers |
| Correspondence and complaints | Personal information in letters and emails from you, us or operators Records of other communications | GAMSTOP consumers / Us / Operators |
| Email information | Verification email Email confirming registration Removal email Record of IP addresses opening emails | GAMSTOP consumers / Us |
| Account information | Password Username (primary email address) | GAMSTOP consumers |
| Call recordings | Personal information provided during telephone calls | GAMSTOP consumers |
3.12. Special Category Data
Special categories of personal information are more sensitive and require a higher level of protection than standard personal information. We collect a small amount of special categories of personal information to enable us to provide the GAMSTOP service to you.
The table below sets out the special categories of personal information we routinely collect about you.
| Category | Details | Source |
|---|---|---|
| Health information | Information about your health in correspondence | GAMSTOP consumers |
| Onfido verification information | Biometric face scans used for identification Photograph of you Official ID document | GAMSTOP consumers / Onfido |
4.1. GAMSTOP
We mainly use personal information to verify your identity, register you with GAMSTOP, and provide the GAMSTOP service.
To provide the GAMSTOP service we collect information from you and operators. We then use this information to inform operators when one of their customers has self-excluded from online gambling services by registering with GAMSTOP.
When an operator is informed that you have self-excluded by registering with GAMSTOP, that operator should prevent you from accessing any of its online gambling services during the period of your self-exclusion.
If you decide to remove your exclusion after your minimum period has expired, we will inform operators for a further seven-year period that you were previously self-excluded.
4.2. Lawful basis
We must identify a lawful basis for our use of your information. An explanation of our reasons for using personal information and the lawful bases we rely on is set out below.
Performance of a contract
If you register for GAMSTOP, we will process your personal information as necessary for the performance of our contract with you under our Terms of Use.
This includes verifying your identity, registering you, providing the GAMSTOP service, corresponding with you, and otherwise using and retaining your personal information in accordance with this Policy.
4.3. Consent
GAMSTOP
If you register for GAMSTOP, you will not be able to de-activate your self-exclusion until the end of your selected minimum exclusion period. Therefore, we do not rely on consent (which may be withdrawn) as our lawful basis to use your personal information to operate GAMSTOP or administer your self-exclusion.
Reminder emails
We rely on your consent to send you reminder emails about your self-exclusion and keeping your registration data up to date.
Onfido
We do rely on your consent to enable Onfido to verify your identity via automatic facial recognition technology. If you do not consent to the Onfido process, we will provide you with alternative options for verifying your identity.
Research
We also rely on your consent to use your personal information for research purposes. In order to improve the GAMSTOP service, we collaborate with selected third party independent researchers. We will only ever share your personal information with an independent researcher where we have your consent. The results of the research will be shared with us. You may withdraw your consent for your personal information to be used for research purposes at any time.
If you do consent to speak to an independent researcher, we will provide you with updated details about the research where appropriate. If you do not provide consent, you will not be able to take part in the research.
4.4. Legitimate Interests
Customers of gambling operators
Any time you attempt to log in or try to register for an account with a Gambling Operator, the operator will send us your personal information. We will then use your personal information to check whether or not you are registered with GAMSTOP.
If you are not registered with GAMSTOP, our legal ground to use your personal information is our legitimate interests to provide the GAMSTOP service. If you are registered with GAMSTOP, we will use your personal information to perform our contract with you (as above).
Third parties
When we receive or collect personal information relating to other individuals as part of the operation of GAMSTOP, our lawful basis for using this personal information is our legitimate interests.
Archive emails
We send some consumers emails to inform them that their data will be archived. Our lawful basis for using this personal information is our legitimate interests.
Our legitimate interest
Our legitimate interests for using personal information are:
- Providing and developing the GAMSTOP service
- The regulatory obligations of Gambling Operators
- The regulatory functions of the Gambling Commission
- Helping individuals control their online gambling
- Exercise our legal rights, including the establishment, exercise or defence of legal claims
Your interests
We will not use your personal information on the basis of legitimate interests where your interests, rights or freedoms override those legitimate interests.
4.5. Legal Obligations
We also use personal information to fulfil our legal obligations and when ordered to do so by official authorities.
4.6. Special Category Information
Special category information includes more sensitive types of information such as medical details, biometric identification and religious beliefs. As it is more sensitive, we must identify an additional condition to use special category information.
Biometric identification
We use biometric identification for verification purposes. Our additional condition for using biometric identification is your consent.
Other special categories of personal information
We do not routinely collect any other special categories of personal information. However, where we do need to use your special category information, we will only do so where:
- You provided consent
- You manifestly made the relevant information public
- The use is necessary for a substantial public interest, based on a specific law
- The use is necessary for a legal claim
4.7. Lawful basis table
The table below sets out in more detail how we use your information and our lawful bases.
| Purpose / activity | Information we use | Lawful basis / condition |
|---|---|---|
| Providing and developing the GAMSTOP service | Registration data Operator data Onfido, TransUnion or manual verification information Self-excluded status Contact information Correspondence Email information Account information Health data | Performance of a contract Legitimate interests |
| Correspondence and complaints | Registration data Onfido, TransUnion or manual verification information Self-excluded status Contact information Correspondence Email information Account information Health data | Performance of a contract Legitimate interests Consent Substantial public interest |
| Verification by Onfido | Registration data Onfido verification information | Consent |
| Verification by TransUnion | Registration data TransUnion verification information | Performance of a contract |
| Manual verification | Registration data Manual verification information | Performance of a contract |
| Legal obligations | Registration data Operator data Onfido, TransUnion or manual verification information Self-excluded status Contact information Correspondence Email information Account information Health data | Legal obligations Substantial public interest |
| Legal claims | Registration data Operator data Onfido, TransUnion or manual verification information Self-excluded status Contact information Correspondence Email information Account information Health data | Legitimate interests Establishment, exercise or defence of legal claims |
| Research regarding the performance of the GAMSTOP service | Contact information Correspondence (responses to research questions) | Consent |
| Reminder emails | Contact information Self-excluded status | Consent |
| Archive emails | Contact information Self-excluded status | Legitimate interests |
If you do not provide any of the above information when required, it may impact your ability to register for and benefit from GAMSTOP.
5.1. Service providers and third parties
To provide the GAMSTOP services, we share your information with operators, external service providers and other third parties. We have agreements in place with any third parties we routinely share personal information with to control the use and confidentiality of your personal information.
5.2. Gamstop Group companies
To provide the GAMSTOP services, we also receive services from our group companies (Gamstop Group). Gamstop Group are companies that are all under common control with NOSES.
In addition, we share aggregated personal information within Gamstop Group (excluding Tutelar Limited) to identify trends and assist with the development of GAMSTOP and other responsible gambling services across Gamstop Group.
We do not use information from GAMSTOP to register GAMSTOP consumers with other Gamstop Group self-exclusion schemes or responsible gambling services. If you would like to take part in any other self-exclusion schemes, you must register with them separately.
The companies in the Gamstop Group are:
- National Online Self Exclusion Scheme Limited (NOSES)
- Gamstop Group Limited
- Tutelar Limited
- Multi Operator Self Exclusion Scheme Limited
5.3. Corporate reorganisation
We will also share your information with third parties and new group or related companies where necessary in the event of a corporate reorganisation.
We will only make such a disclosure for the purposes of corporate reorganisation on the basis that the information is kept in confidence. If the reorganisation takes place, the personal information disclosed will only be used in accordance with applicable law and the purposes set out in this Policy.
5.4. Recipients table
Further details about the information we routinely share with service providers and third parties is included in the table below. If we share your information with other third parties, we will provide you with further information where appropriate.
| Service provider / third party | Purpose | Information shared |
|---|---|---|
| CGI (formerly known as BJSS) Microsoft Stripe OLT (IT support) | IT support, development and software delivery services | Registration data Operator data Onfido, TransUnion or manual verification information Self-excluded status Contact information Correspondence Email information Account information Health data |
| Gamstop Group | GAMSTOP services delivery and development | Registration data Operator data Onfido, TransUnion or manual verification information Self-excluded status Contact information Correspondence Email information Account information Health data |
| Gamstop Group (excluding Tutelar Limited) | Developing GAMSTOP and other GAMSTOP group services | Aggregated personal information |
| Brevo | Email services | Contact information Email information Self-excluded status |
| AWS | Cloud services Email services | Registration data Operator data Self-excluded status Account information Contact information Email information |
| TransUnion | Identity verification services | TransUnion verification information |
| Onfido (an Entrust Company) | Identity verification services | Onfido verification information |
| Fetchify | Address lookup services | Contact information (address only) |
| Connect Assist | Consumer contact and call centre services | Registration data Operator data Onfido, TransUnion or manual verification information Self-excluded status Contact information Correspondence Email information Account information Health data |
| Zendesk | Case management system | Registration data Operator data Onfido, TransUnion or manual verification information Self-excluded status Contact information Correspondence Email information Account information Health data |
| Citrix | Secure information sharing | Registration data Operator data TransUnion or manual verification information Self-excluded status Contact information Correspondence Health data |
| Operators | GAMSTOP services delivery Identity matching | Self-excluded status Correspondence |
| Gambling Commission, courts and official authorities | GAMSTOP services delivery Regulatory and compliance | Registration data Self-excluded status Contact information Correspondence Account information Health data |
| Linklaters LLP | Legal advice Exercise or defence of legal claims | Registration data Operator data Onfido, TransUnion or manual verification information Self-excluded status Contact information Correspondence Email information Account information Health data |
Generally, we only store and use your personal information within the UK and European Economic Area (“EEA”) countries.
If an operator which you use (or try to use) is located outside the UK or EEA and they submit your personal information to our matching service, we will let them know if you are, or were, self-excluded. Additionally, some service providers acting on our behalf may transfer personal information to the USA or elsewhere outside the UK or EEA.
In each case, we have in place standard contractual clauses to protect your personal information where we transfer it to operators or service providers outside the UK or EEA. You can find out more about these clauses on the Information Commissioner’s Office’s website here.
You can request further information about our international transfers and the contractual safeguards we implement using the contact details below.
7.1. If you do not remove your self-exclusion
If you do not remove your self-exclusion following the minimum period expiring, we will hold personal information for –
| Category | Retention period |
|---|---|
| Registration data Self-excluded status Contact information Account information | Your minimum period of self-exclusion (six months, one year or five years) whether added by you either manually or via the auto renewal feature A further self-exclusion period of seven years which begins on the expiry of your minimum period (during this period we will continue to inform operators that you are self-excluded) An archive period of seven years |
7.2. If you do remove your self-exclusion
If you do remove your self-exclusion following the minimum period expiring, we will hold your personal information for –
| Category | Retention period |
|---|---|
| Registration data Self-excluded status Contact information Account information | Your minimum period of self-exclusion (six months, one year or five years) whether added by you either manually or via the auto renewal feature The time period from the expiry of your minimum period until you remove your self-exclusion A post self-exclusion period of seven years that begins on the date your self-exclusion is removed (during this period we will inform operators that you were previously self-excluded) An archive period of seven years |
7.3. Other information
In all cases we hold the following personal information for –
| Call recordings | Up to three months |
| Correspondence and complaints | Up to seven years from the date of receipt or sending |
| Email information | Up to seven years from the date of sending |
| Operator data | If you are a customer of an operator, but not registered for a period of self-exclusion, we will delete your personal information as soon as we have checked to see if you are self-excluded |
| Onfido information | We do not retain a copy of your biometric data (face scans) after we have verified your identity We do retain a copy of your photo and official ID for up to three years from the date of verification |
| Manual verification information | We normally retain official ID documents and the photograph of you holding the official ID document for 30 days However, if it is necessary to add the official ID documents to our case management system they will be stored for the same period as correspondence and complaints (above) |
| TransUnion verification information | TransUnion holds this information – please refer to TransUnion’s privacy notice |
| Incomplete registrations | If you attempt to register for a period of self-exclusion but are unsuccessful, we will keep your registration personal data for 30 days – unless it is added to our case management system, in which case it will be stored for up to 7 years. |
7.4. Compliance
We may keep any of the above categories of data for longer periods where necessary to fulfil our legal obligations or resolve complaints or legal issues.
7.5. Other individuals
If we receive your personal information as part of registration data or correspondence, we will keep it with the relevant GAMSTOP account in accordance with the periods set out above.
8.1. Self-Exclusion service
Due to the volume of the data we need to process, GAMSTOP is fully automated.
The consequences of GAMSTOP’s automated processes are that you may be prevented from accessing gambling websites and apps run by operators when you are not self-excluded.
Therefore, our automated processes may have legal or similarly significant effects on you. If you believe that our automated processes have incorrectly identified you as self-excluded, please contact our Contact Centre. Our staff will undertake an investigation of any concerns you raise about our automated processes.
Providing us at all times with your most accurate and up-to-date registration data will help improve the accuracy of our automated processes.
8.2. Identity verification
As explained above we also use automated processes to verify your identity. The consequences of our automated verification processes are that if your identity is verified you will be provided access to the GAMSTOP service where you may be prevented from accessing gambling websites and apps.
If you are not verified, you will not be provided access to the GAMSTOP service and may be able to access online gambling services.
If you think we have failed to verify you correctly, please contact our Contact Centre. Our staff will undertake a thorough investigation of any concerns you raise about our identity verification processes.
You have the right to:
- Access your information
- Object to the use of your information
- Erasure of your information
- Portability of your information to other organisations
- Correct and update your information if it is inaccurate
- Restrict our use of your information while any concerns you raise are resolved
- Withdraw your consent
Please be aware that these rights are not absolute and there are situations where they cannot be exercised or they are not relevant.
If you have any concerns about our use of your information, you also have the right to make a complaint to the Information Commissioner’s Office, which regulates and supervises the use of personal information in the UK. Details for the office of the Information Commissioner in the UK are available at www.ico.org.uk.
Cookies are used on our website in accordance with our Cookie Policy.
You must make sure that your consumer account is up to date with your latest personal information. This is important for your self-exclusion to remain effective. Please log in to your account or contact our Contact Centre immediately if any of your personal information is out of date.
The GAMSTOP website may contain links to other websites. We are not responsible for the content, security, practices or privacy policies employed by other websites. We encourage you to carefully review these sites' privacy policies so that you know how they will collect, use, and share your information.
13.1. Helpdesk
You can contact our Contact Centre with any questions you have about your personal information.
We have also prepared FAQs regarding how we use your personal information.
13.2. Data Protection Officer
You can contact our Data Protection Officer at this email address: dataprotection@gamstop.co.uk.