The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content

Ensuring self-excluded customers do not receive marketing materials

Published:
17 May 2021
Updated:
10 June 2021
Search or save this guide

Search this guide by:

  1. pressing Ctrl+f on your keyboard if you’re using a PC or ⌘+f if you’re using a Mac.
  2. typing the word or search term that you’re looking for.

Save a copy of this guide by:

  1. choose the 'save page' option in your browser
  2. save the HTML file in your chosen location.

You can also save this page as a PDF by:

  1. selecting the 'print this guide' button or use your browser print option
  2. in the print settings window, select 'Save as PDF'
  3. save the PDF file in your chosen location.
Warning You must take all reasonable steps to prevent any marketing material being sent to a self-excluded customer.

It is a breach of social responsibility codes if you are unable to demonstrate that all reasonable steps have been taken to prevent marketing materials from being sent to self-excluded customers.

You must take steps to remove the name and details of a self-excluded individual from any marketing databases used by your company or group (or otherwise flag that person as an individual to whom marketing material must not be sent), within two days of receiving the completed self-exclusion notification.

You must take responsibility for any third parties you contract for the provision of any aspect of your business related to the licensed activities. Where you have a relationship with a third party which sends marketing materials to your customers, you must take all reasonable steps to ensure they do not send material to those who have self-excluded.

Affiliates or third parties

Gambling businesses must comply with the relevant requirements set out in LCCP, the Data Protection Act 2018 (opens in new tab) and Privacy and Electronic Communications Regulations (PECR) (opens in new tab) when using affiliates to undertake direct marketing. We, and the ICO, consider that you are primarily responsible for any breaches.

You should address the risks associated with using affiliates to acquire customers on your behalf through direct marketing by email or SMS. Those who have self-excluded are particularly vulnerable due to the risk of problem gambling harm and the sensitivity of their personal data.

You could manage the risk of an affiliate marketing to those who have self-excluded by ensuring that the affiliate removes from its marketing list any individual who has self-excluded. However, you will be held responsible if the affiliate does not process and manage that data appropriately.

Taking action on failures to prevent marketing material being sent to self-excluded customers

It is a breach of the social responsibility code if you are unable to demonstrate that you had taken all reasonable steps to prevent marketing materials from being sent to self-excluded customers.

You should also take the same steps to prevent marketing to customers whose self-exclusion has expired but who are yet to make a positive decision to return to gambling. We will consider such cases in light of the specific circumstances involved but we would be unlikely to accept that you had taken all reasonable steps if there was a single point of failure (such as a mistake by one member of staff or at a single stage of the process) which had led to marketing materials being sent to self-excluded customers.

In any case where we determine that you have not taken reasonable steps to prevent a self-excluded customer from receiving marketing material we may take regulatory action against the business, the relevant Personal Management Licence holders, or both.

Social responsibility code provision 1.1.2 (Responsibility for third parties) requires you to take responsibility for third parties with whom you contract for the provision of any aspect of your business related to the licensed activities.

Where you have a relationship with a third party which sends marketing materials to customers, you must take all reasonable steps to ensure that the provisions of social responsibility code provision 3.5.3 are not breached.

Where self-exclusion has expired

You should also take the same steps to prevent marketing to customers whose self-exclusion has expired but who are yet to make a positive decision to return to gambling.

Issues to be aware of and manage to prevent failures from occurring within your business

Operators who have sent marketing material to self-excluded customers in error have reported that this occurred for one or more of the following reasons:

  • individual members of staff using manual “work-arounds” of systems designed to ensure that the accounts of self-excluded customers are excluded from e-mail and SMS marketing campaigns
  • members of staff not following policies and procedures
  • the recycling of old customer lists which had not been updated to remove the contact details of self-excluded customers
  • technical vulnerabilities in control systems
  • failures to clearly differentiate between those customers who had taken advantage of other gambling control tools (such as time-outs) and those who had self-excluded.

Operators have informed us that following incidents of this kind, they have taken steps to prevent a recurrence including:

  • addressing single point of failures (that is, parts of the relevant systems that, if they fail, will stop the entire system from working)
  • removing the ability for staff to use manual work-arounds
  • introducing additional checks, controls and failsafe mechanisms.

Key events: reporting incidents

The following code is relevant to this section:

LCCP: Ordinary code 8.1.1

You should notify us of any matters which in your view could have a material impact on your business or affect your compliance.

Given the potential impact on vulnerable people, we expect all incidents in which you, or one of your affiliates, send marketing material to self-excluded customers to be reported as a key event.

Such incidents are likely to breach the Privacy and Electronic Communications Regulations (PECR) (opens in a new tab) and should also be reported to the Information Commissioner’s Office (ICO).

The ICO has also produced direct marketing guidance (opens in a new tab). This includes helpful information on PECR and Section 11 of the DPA, as well as practical advice on safeguards such as the maintenance of marketing suppression lists.

Is this page useful?
Back to top