top of page


The General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act (Cap 586) regulate the processing of personal data, whether held electronically or in manual form. The Responsible Gaming Foundation is set to comply with the Data Protection Principles in The Data Protection Act. 


Personal Information Processed


The Responsible Gaming Foundation (hereinafter ‘the Foundation’ or the ‘Data Controller') may collect your personal information, such as your name, e-mail or mailing address, and other personal data as a user of the website, and as may be provided by you when contacting the Foundation through the website and when using its services including making a support request. 


Due to the purpose of the Foundation, the Foundation may be provided information about possible gambling-related harm. This information is classified as sensitive personal information and will only be processed in the strictest confidence with the aim of providing support and assistance.

Purposes for collecting data


The Foundation collects and processes information to carry out its aims and purposes in accordance with present legislation and its obligations. 


The Foundation is tasked with operating support services for persons who may require assistance with problem gambling. The Foundation can be reached via live chat available on its website, via its support line, as well as by email or physical appointments at its premises.


In order to provide persons who request help with adequate support, the Foundation may reach out to professionals in order to provide expert care. The Foundation cooperates with Agenzija Sedqa in order for the latter to provide support services.


The Foundation also processes requests by persons who wish to exclude themselves from gambling activity in Malta. In order to assist persons in excluding themselves from gambling premises, the Foundation is required to collect and process data into the Self Exclusion System. The Self Exclusion System acts to prevent persons who have excluded themselves from entering gambling premises, acting to prevent any gambling-related harm.


By having your data processed within the Self-Exclusion System, entities connected to the Self-Exclusion System, including the Malta Gaming Authority, as well as operators of licensed gaming premises and controlled gaming premises who are obliged by law to ensure that persons accessing their premises are not registered on the Self Exclusion System.


Data is also processed by the Foundation for statistical purposes.


All data is collected and processed in accordance with Data Protection Legislation, Data Processing Services Agreements and the Gaming Act.

Recipients of data


Personal Information is accessed by the employees assigned to carry out the functions of the Foundation.  Personal Data may also be disclosed to all competent regulatory authorities or entities according to law.


The Foundation may share personal data, including caller data and support requests, with designated care professionals and specialised support entities in order to further and better assist problem gamblers. 


Operators of licensed gaming premises and controlled gaming premises who are obliged by law to ensure that persons accessing their premises are not registered on the Self Exclusion System Data of persons will be able to get a ‘match’ or a ‘no match’ result when checking their customers against the Self Exclusion System, and therefore data provided to the Foundation may also be viewed by the aforementioned operators to fulfil their obligations at law. 


Your rights


You are entitled to know, free of charge, what type of information the Foundation holds and processes about you and why, who has access to it, how it is held and kept up to date, for how long it is kept, and what the Foundation is doing to comply with Data Protection Legislation.
The GDPR establishes a formal procedure for dealing with data subject access requests. You have the right to access any personal information kept about you by the Foundation, either on a computer or in manual files and may also obtain a copy of such data upon request. Requests for access to personal information and/or a copy of the data kept shall be made by data subjects in writing and sent to the Data Protection Officer of the Foundation (hereinafter ‘the Data Protection Officer’) in writing.   
All data subjects may:
1.    Request information on your personal data being processed by the Foundation;
2.    Request the specific purpose of processing and the categories processed of your personal data;
3.    Request access to the personal data the Foundation holds about you;
4.    Request the period for which your personal data will be stored or the criteria used to determine such period;
5.    Request the rectification of your personal data if it is inaccurate;
6.    Request the deletion of your personal data in certain circumstances;
7.    Object to the processing of your personal data or of a category of your personal data;
8.    Submit a complaint to the Information and Data Protection Commissioner in Malta, where you believe we have not complied with the Data Protection Laws.

If applicable, these rights may be restricted as per regulation (EU) 2016/679. 

Requests for access, amendments, deletions and/or limitation of use of data


Data subjects who wish to file a request for access, amendments, deletion and/or limitation of use of data kept by the Foundation shall do so by contacting the Data Protection Officer at the contact details indicated below. The request shall contain the data subject’s full name, identification number, address and a clear description of the information one wishes to access, amend, delete or restrict the use thereof. 


Should any clarifications be required, the Data Protection Officer may request additional information from data subjects. Furthermore, in order to ensure confidentiality and verify the identity of the data subjects making the request, data subjects may be asked to provide additional evidence relating to their identity or their request.


The Foundation aims to comply as quickly as possible with requests for access to personal information and will ensure that it is provided within a reasonable timeframe and, in any case, not later than one month from receipt of the request unless there is a good reason for delay. When a request for access cannot be met within a reasonable timeframe, the reason will be explained in writing to the data subject making the request. The subject will be informed accordingly if there are any data breaches.


If applicable, these rights may be restricted as per regulation (EU) 2016/679.
The Data Protection Officer of the Foundation shall take the appropriate measures in accordance with what the law regulates when information has been provided by the data subject, whether the data subject has given his consent or otherwise.


In case you are not satisfied with the outcome of your access request, you may refer your complaint to the Information and  Data Protection  Commissioner, whose contact details are provided below.


Retention Policy 


Your personal data is collected inter alia as per Article 6 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and subject to such terms as stipulated in the said Regulation.
When processing is based on the data subject's consent, then in such case, the Foundation shall retain such personal data up to and until the data subject withdraws his or her consent in the manner specified above. 
When data processing is in relation to a child, the processing of a child's personal data shall be lawful when the child is at least 16 years old. Where the child is below the age of 16, such processing shall be lawful if and to the extent that consent is given by the holder of parental responsibility over the child. If the data subject is no longer a child, he should be able to exercise all of the rights of any other data subject.
When processing is not based on the data subject's consent, the Data Protection Officer shall provide the data subject with the information as clearly established under Article 14 of Regulation (EU) 2016/679 and inter alia with the legal basis for processing and the recipients of such data.
The following schedule outlines the retention requirements for the various categories of documentation within the Foundation of the data subject.

DPP Table

Data that needs to be destroyed after the noted periods will be disposed of in an efficient manner ensuring that such information is no longer available within the Responsible Gaming Foundation.
The data subject shall have the right to obtain from the Data Protection Officer without undue delay the rectification of inaccurate personal data.
Furthermore, the data subject shall have the right to obtain from the Data Protection Officer the erasure of personal data concerning him or her without undue delay and the Data Protection Officer shall have an obligation to erase personal data without undue delay when –
1.    the personal data is  no longer necessary in relation to the purposes  for which they were collected or otherwise processed;
2.    the  data  subject  withdraws  consent  on  the  basis  that  the  personal  data  is  no  longer necessary;
3.    the data subject objects to the processing by automated means of personal data as per article 21(1) of Regulation EU) 2016/679;
4.    the personal data has been unlawfully processed;
5.    the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the Foundation is subject.

Data Protection Officer
The Data Protection Officer may be contacted at 90/91, Second Floor, Psaila Street, Birkirkara, BKR9073

Telephone: +356 21499030/1.

The Information and Data Protection Commissioner
The Information and Data Protection Commissioner may be contacted at Level 2, Airways House, High Street, Sliema SLM1549

Telephone:  +356 23287100

bottom of page