Business Partner Privacy Notice

Business Partner PRIVACY NOTICE


Your privacy is important to us

Thank you for visiting our website. 

Rest assured that we take the protection of your personal data very seriously. 

This website is managed by Playtech plc.

The following notice applies to you as our business partner when your personal data is processed by us, for example when you contact us, enter into contractual negotiations and/or conducting contractual agreements with us. This Privacy Notice is addressed in particular to:

  1. our contractors, suppliers and service providers who are natural persons (such as self-employed persons);
  2. the representatives or contact persons of our contractors, suppliers and service providers who are legal entities; and
  3. any other visitors of one of our facilities.

The relevant legislation is the UK Data Protection Act 2018 which is the implementation of the EU General Data Protection Regulation (GDPR). 

1. How do we collect your personal data and which categories of data do we use?

Generally, we collect your data directly from you. However, it may also be necessary at times to process personal data that we receive from your employer, other companies, authorities or other third parties, such as credit agencies etc.

This may include personal data that we receive through our established whistle-blower channels ( or in relation to possible compliance violations or as part of compliance investigations.

Personal data may include:

  1. your first name and surname,

  2. address and other contact data,

  3. date and place of birth as well as nationality,

  4. verification and authentication data (e.g. companies house register excerpts, ID data, signature sample),

  5. data in the context of our business relationship (e.g. payment data, order information),

  6. credit data,

  7. data on company structures and ownership relationships,

  8. photo and video recordings (e.g. in the case of goods deliveries or site visits),

  9. and other data comparable with the above mentioned categories. 


You always have the choice whether you want to communicate with us by e-mail or by post. For technical reasons, communication via e-mail may be unencrypted.

2. Purpose and legal basis for processing

To fulfil our contractual obligations

The purposes of the data processing result from the implementation of pre-contractual measures, which precede a contractually regulated business relationship and in the fulfilment of the obligations under contract.

If you conclude a contract with us using a digital signature (Adobe E-Signature), we process your data in relation to this context (in particular email address, IP address, times at which you processed the respective contract document). There is also the option of signing certain contracts with a so-called qualified electronic signature. In this case, we process your signature in addition to the data mentioned. This data is accessible to everyone involved in the approval and signing of the contract.


To comply with our legal obligation 

The purposes of data processing arise in individual cases from legal requirements. These legal obligations include, for example, the fulfilment of record keeping requirements and the identification of obligations, e.g. in the framework of money laundering regulations, tax control and reporting obligations and data processing in the case of enquiries from authorities.  We, therefore, also reserve the right to modify this notice as and when our legal obligations evolve, to ensure that our treatment of your data remains compliant with the law and aligned with then current policies and good practice. At any given time, the prevailing notice terms will be those published on our site.


To fulfil our legitimate interests

It may be necessary to process the personal data you have provided beyond the actual performance of the contract. The legitimate interests here could be, in particular: managing rights and obligations under surviving provisions of a contracts (eg a product warranty claim), to aid the future selection of suitable business partners, to transparently demonstrated probity relating to supplier gating, selection and onboarding, the processing of contact details of contact persons, the assignment of work results to individual business partners, the recording of business transactions and negotiating with contact persons who are not or will not be direct business partners or perhaps in managing a post contractual disagreement. Other legitimate interests include the invitation to events, the assertion of legal claims and avoidance of legal disadvantages (e.g. in the event of bankruptcy), legitimacy checks (e.g. credit providers and disposal companies), defence against liability claims, the avoidance of legal risks and economic disadvantages, detection and processing of potentially harmful emails, access or access controls, clarification of possible compliance violations, prevention of criminal offenses, the regulation of damage resulting from the business relationship, the efficient and fast digital processing of the contract signature, the corresponding capturing of the signature process for verification purposes as well as the validity check of the qualified electronic signature and other internal administrative purposes.


When concluding a contract, we might use the data of credit agencies to verify creditworthiness. The credit agencies store data that you receive, for example, from banks or companies. This data includes: surname, first name, date of birth, address and information on payment behaviour. You can obtain information about the data that credit agencies have available about you directly from the respective credit agencies.


If you visit any of our sites in the course of fulfilling our contractual relationship with your business, you will on arrival be asked to sign in at the entrance with your name, company name, time of arrival and be issued with a visitor pass which you will be required to wear visibly throughout your visit and then return to reception when leaving. The processing of your data takes place for the purpose of safety and security and the legal basis is our legitimate interest in these. Your data will in this case, should no contract eventuate between us, be retained for 6 months. Your name, company name (where applicable) and arrival date/time will be shared with the concierge service so that you can be issued with a building pass on arrival.

3. Who receives the personal data you have provided?

Within our company, different business areas are given access to the data provided as necessary to fulfil contractual or legal obligations or to fulfil our legitimate interests. Within the framework of contractual relations, we also instruct service providers, who can obtain access to your personal data. Compliance with data protection regulations is guaranteed by relevant contractual obligations. 

The data may also be sent to companies within the Playtech group of companies, in order to fulfil contractual obligations.

4. How long will the data be kept?

The personal data will be kept for as long as is necessary to fulfil the above-mentioned purposes. Personal Data will always be retained in line with data minimisation principles.

If we think it’s reasonably necessary or if we’re required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep hold of some of your information as required even after our business with each other has finished.

5. Are you obliged to provide the data?

If you do not wish to provide us with your information, that’s entirely your choice. Please bear in mind that if you don’t provide us with the information we require for the reasons we have stated (e.g. entering, executing and terminating a business relationship and for fulfilling related legal obligations, or if it is justified by legitimate interests for us to collect your data), it is unlikely that we will be able to work with you as a business partner.

6. Data transfers to a third country

If we transmit personal data to recipients outside the European Economic Area (EEA), the transfer will only take place if the EU Commission has confirmed the country has an adequate level of data protection, an adequate level of data protection has been agreed with the data recipient (e.g. by means of EU standard contractual clauses), or if we have obtained your consent.

7. What are your rights?

Upon request, you have the right to receive information about your personal data stored by us free of charge. In addition, you have the right of rectification and/or deletion of your personal data, a right to data transferability and a right to limit its processing, in accordance with legal provisions. If our processing of your personal data takes place on the basis of your consent, you have the right at any time to revoke this consent. If you wish to revoke your consent, please contact our Group Data Protection Office via the below e-mail. 

In addition, if you do not agree to the processing of your personal data, you may lodge a complaint with the relevant supervisory authority as indicated on the website of your business partner. 

8. Responsible Controller

The responsible controller is the respective company with which you are initiating or conducting a business relationship.

9. Do you have further questions?

Contact of the Data Protection Officer:

Postal address:

Playtech Software Limited,

Mid-City Place, 71 High Holborn,


United Kingdom,



Playtech websites

When you visit any of our group companies’ websites, your data will be processed in accordance with the relevant privacy and cookie notices made available on the relevant website.