Policies

EffectiveDate: October 29, 2024

1.INTRODUCTION

Global Poker Staff Ltd (hereinafter referred to as “we,” “our,” or “us”) is resolutely dedicated to the lawful, transparent, and secure handling of all personal data that we collect, process, or retain in connection with our business operations. This Privacy Policy constitutes a binding commitment to data protection compliance, formulated in accordance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), the Data Protection Act 2018, and all relevant statutory data protection laws applicable within the United Kingdom.

In our capacity as the data controller, Global Poker Staff Ltd determines the purposes and means of processing personal data, and we conduct all processing activities in full alignment with the GDPR principles of lawfulness, fairness, transparency, data minimization, accuracy, purpose limitation, storage limitation, integrity, and confidentiality, as prescribed in Article 5 GDPR. We recognize and uphold the data protection rights of individuals, and this Privacy Policy outlines our ongoing commitment to maintaining data security and regulatory compliance through stringent technical and organizational safeguards.

By accessing or using our website at www.globalpokerstaff.com, or by engaging in any services we provide, you, as the data subject, acknowledge that you have been informed of your rights and consent to the processing of your personal data as outlined herein. This Privacy Policy delineates the categories of data we collect, the lawful bases and purposes underpinning each processing activity, and the data subject rights afforded to you under the GDPR and other applicable legal frameworks. We encourage you to review this Privacy Policy in full to understand the scope and limits of our data processing activities and the

protective measures we have in place to secure your personal data from unauthorized access, misuse, or disclosure.

2.Identity and Contact Details of the Data Controller

In accordance with Article 4(7) of the General Data Protection Regulation (GDPR), Global Poker Staff Ltd acts as the data controller, assuming responsibility for determining the purposes and lawful means by which all personal data collected from users is processed. As data controllers, we are accountable for ensuring that all processing activities involving personal data are conducted in strict compliance with applicable data protection laws, including the GDPR and the DataProtectionAct2018.

Our registered office and principal contact address for all data protection inquiries and communications, including those related to the exercise of data subject rights under Articles 12 to 23 GDPR, are as follows:

    • BusinessName: Global Poker Staff

This Privacy Policy governs the processing of all personal data collected in connection with our operations, including but not limited to data collected through our website,www.globalpokerstaff.com. This policy applies irrespective of the geographic location of the data subject and outlines the principles, practices, and obligations Global Poker Staff Ltd adheres to as data controller in the management, protection, and secure handling of personal data.

3.Scope and Categories of Personal Data Collected

Pursuant to the principle of data minimization under Article5(1)(c) ofthe GDPR, Global Poker Staff Ltd is committed to collecting and processing only that personal data

which is adequate, relevant, and strictly necessary for the specific, legitimate purposes outlined in this Privacy Policy. Data subjects voluntarily provide this information to facilitate the services offered by Global Poker Staff, and we do not collect data beyond what is necessary to fulfill these purposes. The categories of personal data we may collect, and process include, but are not limited to, the following:

    • IdentificationData: This category of data includes information necessary to verify the identity of the data subject. Data elements may include, but are not limited to, fulllegalname, passport number, national insurance number, social security number (where applicable), residential address, and contact details, such as email address and telephone number. This data is essential to ensure compliance with legal and contractual obligations concerning user identity verification.
    • Employment and Professional Data: To facilitate placements and ensure that freelancers meet the qualifications and professional standards required by event organizers, we collect employment and professional data, including curriculum vitae (CVs), employment history, educational and professional qualifications, relevant certifications, and contractual agreements. This data is processed exclusively for placement-related purposes and is retained only as long as necessary to facilitate and support the provision of our intermediary services.
    • FinancialandPaymentData: To process administrative fees and other transactions necessary for the provision of services, we collect financial data, including bank account information, debit or credit card details, and PayPal account information. This data is processed with the utmost confidentiality and is handled strictly in accordance with financial and data protection regulations to fulfill billing and other financial obligations related to our services. We adhere to industry- standard security protocols to ensure that this data is stored and transmitted securely.
    • Technical and Website Usage Data: For maintaining website functionality, ensuring account security, and improving user experience, we collect

certain technical data during your interactions with our website. This may include, but is not limited to, IP addresses, login credentials, device-specific information (such as browser type and operating system), and usage data such as pages visited, frequency, and duration of site interactions. Additionally, communication records with our support teams, whether throughenquiries@globalpokerstaff.com,staff@globalpokerstaff.com , support@globalpokerstaff.com, or other designated contact points, may be retained for reference and quality assurance purposes. This data is processed in accordance with the GDPR’s principles of integrity and confidentiality to prevent unauthorized access and ensure that it is used solely for legitimate operational needs.

Application and Eligibility: Submission of an application to join the Global Poker Staff Ltd database does not constitute a guarantee or entitlement of acceptance into our network. All applications are subject to an individual review and verification process to ensure compliance with our qualifications and standards. Global Poker Staff Ltd reserves the right to accept or deny any application at its discretion, and we are under no obligation to provide reasons for denial. Should an application be denied, all personal data collected during the application process will be handled in accordance with this Privacy Policy, including secure deletion or anonymization where retention is unnecessary or unjustified.

By voluntarily providing us with the data, you consent to the collection, processing, and retention of your personal data in accordance with the terms outlined in thisPrivacyPolicy.All personal data is processed in strict compliance with applicable data protection laws, and we implement robust measures to ensure that such data is handled in a secure and lawful manner.

4.Purpose and Lawful Basis for Processing Personal Data

In compliance with Article 6 of the General Data Protection Regulation (GDPR), all personal data processing activities undertaken by Global Poker Staff Ltd are governed by a specific lawful basis. We ensure that each processing activity is conducted strictly for

the legitimate purposes outlined below, in accordance with GDPR principles, and only to the extent necessary to fulfill those purposes.

    • Verification of Identity and Eligibility: We process personal data to confirm the identity and eligibility of individuals registering with our database of freelance poker staff. This verification is essential to uphold the integrity, security, and reliability of our services and to ensure that only qualified and appropriately vetted individuals are registered within our network. Verification activities may include checks on identification data such as passport numbers or national insurance numbers. (LegalBasis:Article6(1)(b)GDPRPerformanceofa Contract)
    • Service Provision and Contract Fulfillment: As a staffing intermediary, Global Poker Staff Ltd processes personal data to facilitate the placement of freelance poker staff with event organizers. This activity involves matching the qualifications, experience, and preferences of freelance staff with the needs and requirements specified by event organizers. The processing of employment data and professional information enables us to effectively deliver the contractual services we offer to our clients. (LegalBasis: Article6(1)(b)GDPRPerformanceofaContract)
    • CustomerSupportandCommunication: We utilize personal data to manage and respond to inquiries, facilitate communication regarding event assignments, handle complaints, and provide updates on service offerings. Such interactions are essential for maintaining strong customer relationships and ensuring a high standard of client support,whichiscentraltoourbusinessoperations.Processing for customer support purposes is carried out based on our legitimate interest in maintaining efficient and effective communication with our clients and users. (Legal Basis: Article 6(1)(f)GDPRLegitimateInterests)
    • Processing Financial Transactions: In order to fulfill our financial obligations and facilitate the provision of services, we process payment and financial data, including bank details or PayPal information, necessary for collecting

administrative fees and maintaining accurate financial records. This processing ensures compliance with financial reporting standards and enables us to meet our contractual obligations to clients. Additionally, this activity includes the application ofadequate security measures to protect sensitive financial data, as required by both data protection and financial regulations. (Legal Basis: Article 6(1)(b) GDPR –Performance of a Contract and Article 6(1)(c) GDPR – Compliance with LegalObligations)

    • CompliancewithLegalObligationsandRiskManagement: We process personal data as required to comply with relevant statutory obligations under UK law and the GDPR. This includes fulfilling requirements for record-keeping, audit, regulatory compliance, and other legal obligations that apply to our operations as a staffing intermediary. Furthermore, data processing activities may be carried out to mitigate business risks associated with service provision and to uphold the safety, security, and lawful operation of our business, ensuring that we operate in accordance with the highest standards of regulatory compliance. (Legal Basis:Article6(1)(c)GDPRCompliancewithLegalObligations)

Where data processing is conducted based on user consent, such as for the purposes of marketing or promotional communications, Global Poker Staff Ltd will seek and obtain explicit consent from the data subject in advance, as required under Article6(1)(a)GDPR. The data subject retains the right to withdraw consent at any time, without affecting the lawfulness of processing conducted based on consent prior to its withdrawal.

By adhering to these lawful bases and processing activities, Global Poker Staff Ltd upholds a commitment to transparency, necessity, and proportionality in all data handling activities. We ensure that personal data is processed with the utmost regard for individual privacy rights, solely for legitimate business purposes, and in full compliance with all applicable data protection regulations.

5.DataStorage,Security,andProtectionMeasures

In adherence to Article32oftheGDPR, Global Poker Staff Ltd has instituted comprehensive technical and organizational security measures to protect personal data from risks such as unauthorized access, accidental loss, destruction, or alteration. We ensure that personal data is securely stored on a GDPR-compliant cloud infrastructure selected based on its robust adherence to data protection and security standards. The following measures have been implemented to safeguard personal data and uphold the principles of integrity and confidentiality:

    • DataEncryption: All personal data is encrypted using industry-standard protocols. Data is encrypted both in transit and at rest to prevent unauthorized access during storage or transmission, thus ensuring the confidentiality and security of the data.
    • Access Controls: Data access is strictly limited to authorized personnel who require access to perform their roles effectively. All authorized personnel are contractually bound by confidentiality agreements and are subject to regular data protection training, consistent with Article 32(4) GDPR. Access control mechanisms are regularly reviewed to maintain compliance and data security.
    • Data Minimization and Pseudonymization: We adhere to the principle of data minimization under Article 5(1)(c) GDPR, ensuring that only data necessary for specific, lawful purposes is collected and processed. Where feasible, personal data is pseudonymized or anonymized to limit the identification of data subjects, enhancing privacy and security.
    • Regular Audits and Testing: To maintain high standards of data security, we conduct regular security assessments, vulnerability scans, and penetration testing on our systems. These assessments are part of an ongoing commitment to identifying and mitigating potential risks, ensuring compliance with GDPR and industry best practices.

In the event of a personal data breach, we follow protocols outlined in Articles 33 and 34oftheGDPR. We promptly assess the scope and impact of the breach, notify the Information Commissioner’s Office (ICO) within 72 hours if required, and inform affected data subjects when the breach poses a high risk to their rights and freedoms. We maintain detailed records of all breaches to ensure accountability and transparency.

6.Data Retention Policy

Global Poker Staff Ltd adheres to the data retention principles stipulated in Article5(1)(e) GDPR, ensuring that personal data is retained only for as long as is necessary to fulfill the purposes for which it was collected, or as required to satisfy legal, accounting, or regulatory obligations. The specific retention periods for various categories of personal data are as follows:

    • Freelancers’ Data: Personal data relating to freelance staff is retained for the duration of their active membership on our platform, which includes the period during which they are eligible for event placements. Upon termination of membership, or upon receipt of a valid request for deletion, we securely remove all associated personal data unless retention is required by law or regulatory obligations. All deletions are conducted in a secure manner to prevent recovery.
    • Financial Records: To ensure compliance with statutory obligations and financial regulations within the United Kingdom, financial records, including payment and transaction data, are retained for a minimum period specified under applicable financial regulations—typically six years for accounting records. This retention period aligns with legal standards for financial reporting and auditing.
    • SupportCommunications: Communication data, including inquiries and interactionswithoursupport teams, is retained solely to enhance service quality and improve support functions. Such data is retained only as long as necessary for these purposes and is subsequently either anonymized or securely deleted in accordance with our data minimization principles.

These retention practices are implemented to uphold compliance with applicable legal obligationsandtoprotecttheprivacyrightsofdatasubjectsbyensuringthatdataisretained no longer than necessary.

7.Data Sharing and Disclosure Protocol

Global Poker Staff Ltd does not engage in the sale or rental of personal data to third parties under any circumstances. However, as an intermediary facilitating event staffing, we may share certain personal data with third-party event organizers who engage our services. All disclosures of personal data to third parties are carefully controlled and governed by the following principles:

    • Disclosure Grounds and Limitations: Personal data is disclosed solely to fulfill contractual obligations with event organizers and is limited to data strictly necessary to facilitate the placement of freelance staff. This practice adheres to the GDPR’s data minimization principle under Article 5(1)(c) GDPR, ensuring that only essential information is disclosed.
    • Third-Party Compliance with GDPR: All third-party recipients of personal data are required to process data in full compliance with GDPR standards. We verify the data protection measures of third parties and ensure they have appropriate safeguards in place to maintain data security and confidentiality.
    • Data Processing Agreements (DPAs): In accordance with Article 28 GDPR, we establish formal Data Processing Agreements (DPAs) with all third-party processors and controllers who may handle personal data on our behalf. These agreements outline the specific terms, conditions, and limitations governing the processing of personal data, ensuring that all processing activities are conducted in compliance with GDPR mandates. Our DPAs include clauses on data security, incident response, and requirements for data processing and disposal upon completion of services.

Through these protocols, we ensure that all personal data disclosures align with the principles of lawfulness, fairness, and transparency as mandated by GDPR. All third parties with whom we share data are vetted and contractually bound to maintain the highest standards of data protection, thus ensuring the safety, security, and confidentiality of data subjects’ personal information always.

8.Data Subject Rights Under GDPR

Global Poker Staff Ltd fully acknowledges and respects the rights of data subjects as provided by Articles 15 to 22 of the General Data Protection Regulation (GDPR). We are committed to facilitating the exercise of these rights in a timely and transparent manner. Data subjects may exercise any of the following rights regarding their personal data:

    • RightofAccess(Article15): Data subjects have the right to obtain confirmation of whether we process their personal data and, where applicable, to access such data. This includes receiving a copy of the personal data undergoing processing and relevant information regarding the purposes of processing, categories of data involved, and recipients or categories of recipients with whom data has been shared.
    • RighttoRectification(Article16): Data subjects have the right to request correction or completion of any inaccurate or incomplete personal data we hold. Upon receipt of such a request, we will take prompt action to rectify or supplement the data, ensuring accuracy and integrity.
    • Right to Erasure (“Right to be Forgotten”) (Article 17): Data subjects may request the deletion of personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, consent has been withdrawn, or if processing is unlawful. This right is subject to specific legal exceptions, particularly where processing is required to comply with legal obligations or for the establishment, exercise, or defense of legal claims.

Right to Restriction of Processing (Article 18): Under specified conditions, data subjects have the right to request a limitation on the processing of their personal data. Such conditions include instances where the accuracy of data is contested, processing is unlawful, or the data is no longer needed by us but required by the data subject for legal purposes.

  • RighttoDataPortability(Article20): Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format, as well as to transfer such data to another data controller where technically feasible. This right applies where processing is based on consent or the performance of a contract and is carried out by automated means.
  • Right to Object (Article 21): Data subjects may object to the processing of their data under certain conditions, including processing based on legitimate interests, direct marketing, or scientific and historical research purposes. Upon objection, we will cease processing the data unless we can demonstrate compelling legitimate grounds for the processing that override the data subject’s interests, rights, and freedoms.
  • Right to WithdrawConsent(Article 7(3)): Where processing relies on data subject consent as its lawful basis, individuals have the right to withdraw such consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

Requests to exercise any of these rights should be directed tostaff@globalpokerstaff.com. In compliance with Article12GDPR, we will endeavor to respond to all rights requests within one month of receipt. In cases of complex requests or multiple requests, this period may be extended by a further two months, and we will inform the subject accordingly.

9.PolicyonInternationalDataTransfers

Global Poker Staff Ltd recognizes the importance of maintaining strict safeguards when transferring personal data outside the European Economic Area (EEA). In compliance with Chapter V of the GDPR, any transfers of personal data to jurisdictions outside the EEA are undertaken only under conditions that ensure the same level of protection afforded by the GDPR. Such transfers are subject to one or more of the following GDPR-compliant mechanisms:

    • Adequacy Decisions (Article 45 GDPR): Where the European Commission has determined that a third country, territory, or specified sector ensures an adequate level of data protection, personal data may be transferred without further authorization.
    • Standard Contractual Clauses (SCCs): In cases where an adequacy decision is not in place, Global Poker Staff Ltd relies on Standard Contractual Clauses(SCCs) adopted by the European Commission. These legally binding clauses provide appropriate safeguards for the transfer of data to jurisdictions without GDPR- equivalent data protection laws.
    • Binding Corporate Rules (BCRs): For internal transfers within corporate groups, Binding Corporate Rules (BCRs) approved by a data protection authority may be used to ensure consistent, GDPR-compliant data protection practices.
    • Derogations for Specific Situations (Article 49 GDPR): In exceptional cases, where none of the above safeguards are available, data transfers may take place under specific derogations provided for in Article 49 GDPR, such as where the data subject has explicitly consented to the proposed transfer after being informed of potential risks, or where the transfer is necessary for the performance of a contract.

All international transfers are reviewed on an ongoing basis to ensure that they meet GDPR standards and provide sufficient protection for data subject rights. Data subjects may

request additional information on international transfer mechanisms by contacting us at

staff@globalpokerstaff.com.

10.Amendments to This Privacy Policy

Global Poker Staff Ltd reserves the right to amend this Privacy Policy at its sole discretion to reflect changes in our data processing practices, legal obligations, or regulatory requirements. Such amendments will be made in accordance with applicable data protection laws and will be published on our website, www.globalpokerstaff.com. Where substantial changes are made that materially affect data subject rights or our processing practices, we will provide notice to data subjects in a prominent manner, which may include email notification or a notification banner on our website.

We encourage data subjects to periodically review this Privacy Policy to stay informed of any updates. Continued use of our services following any amendments will constitute acceptance of the revised terms. For questions or concerns about any changes, data subjects may contact us at staff@globalpokerstaff.com.

11.Contact Information and the Right to Lodge a Complaint

Data subjects who have inquiries regarding this Privacy Policy, or who wish to exercise their rights under the General Data Protection Regulation (GDPR), are encouraged to contact our designated Data Protection Officer. We are committed to responding to all data protection inquiries in a timely and comprehensive manner. Contact details are as follows:

Mailing Address: Global Poker Staff Ltd 3 Southdown Close Stockport, SK41LB United Kingdom

Global Poker Staff Ltd aims to address all concerns directly and diligently. However, if you, as a data subject, believe that your data protection rights have been infringed or that the processing of your personal data is not in compliance with GDPR, you retain the right to lodge a formal complaint with the United Kingdom’s supervisory authority:

    • InformationCommissioner’sOffice(ICO)

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

Website:www.ico.org.uk

Telephone: +44 0303 123 1113

The ICO serves as the independent regulatory body responsible for enforcing GDPR compliance in the United Kingdom. Should you wish to escalate a data protection complaint, the ICO provides guidance and mechanisms for lodging a complaint and may investigate matters as deemed necessary under applicable data protection laws. Data subjects are encouraged to consult the ICO’s website for further information on their rights and the complaint submission process.

Our website use Cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy.

Decline Cookies Accept Cookies