This box is not visible in the printed version.
Information on the reasonable steps you can take in order to prevent marketing material reaching those who are self-excluded.
Published: 17 May 2021
Last updated: 13 April 2022
This version was printed or saved on: 8 December 2023
Online version: https://www.gamblingcommission.gov.uk/licensees-and-businesses/guide/ensuring-self-excluded-customers-do-not-receive-your-marketing-materials
The following codes are relevant to this section:
You must take steps to remove the name and details of a self-excluded individual from any marketing databases used by your company or group (or otherwise flag that person as an individual to whom marketing material must not be sent), within two days of receiving the completed self-exclusion notification.
You must take responsibility for any third parties you contract for the provision of any aspect of your business related to the licensed activities. Where you have a relationship with a third party which sends marketing materials to your customers, you must take all reasonable steps to ensure they do not send material to those who have self-excluded.
Gambling businesses must comply with the relevant requirements set out in LCCP, the Data Protection Act 2018 (opens in new tab) and Privacy and Electronic Communications Regulations (PECR) (opens in new tab) when using affiliates to undertake direct marketing. We, and the ICO, consider that you are primarily responsible for any breaches.
You should address the risks associated with using affiliates to acquire customers on your behalf through direct marketing by email or SMS. Those who have self-excluded are particularly vulnerable due to the risk of problem gambling harm and the sensitivity of their personal data.
You could manage the risk of an affiliate marketing to those who have self-excluded by ensuring that the affiliate removes from its marketing list any individual who has self-excluded. However, you will be held responsible if the affiliate does not process and manage that data appropriately.
It is a breach of the social responsibility code if you are unable to demonstrate that you had taken all reasonable steps to prevent marketing materials from being sent to self-excluded customers.
You should also take the same steps to prevent marketing to customers whose self-exclusion has expired but who are yet to make a positive decision to return to gambling. We will consider such cases in light of the specific circumstances involved but we would be unlikely to accept that you had taken all reasonable steps if there was a single point of failure (such as a mistake by one member of staff or at a single stage of the process) which had led to marketing materials being sent to self-excluded customers.
Social responsibility code provision 1.1.2 (Responsibility for third parties) requires you to take responsibility for third parties with whom you contract for the provision of any aspect of your business related to the licensed activities.
Where you have a relationship with a third party which sends marketing materials to customers, you must take all reasonable steps to ensure that the provisions of social responsibility code provision 3.5.3 are not breached.
You should also take the same steps to prevent marketing to customers whose self-exclusion has expired but who are yet to make a positive decision to return to gambling.
Operators who have sent marketing material to self-excluded customers in error have reported that this occurred for one or more of the following reasons:
Operators have informed us that following incidents of this kind, they have taken steps to prevent a recurrence including:
The following code is relevant to this section:
You should notify us of any matters which in your view could have a material impact on your business or affect your compliance.
Given the potential impact on vulnerable people, we expect all incidents in which you, or one of your affiliates, send marketing material to self-excluded customers to be reported as a key event.
Such incidents are likely to breach the Privacy and Electronic Communications Regulations (PECR) (opens in a new tab) and should also be reported to the Information Commissioner’s Office (ICO).
The ICO has also produced direct marketing guidance (opens in a new tab). This includes helpful information on PECR and Section 11 of the DPA, as well as practical advice on safeguards such as the maintenance of marketing suppression lists.