SmartINTERACTION Privacy Notice

Who we are

Boomerang Digital Ltd.
2 Saxon Business Park
Owen Avenue
Hessle
England
HU13 9PD
Company Registration Number: 02993612

We are registered as a data controller at the UK Information Commissioner’s Office under number ZA175849.

We are responsible for the processing of personal data that we have received in accordance with the General Data Protection Regulation 2018 and the DPA 2018.

    • What is SmartINTERACTION? 

      SmartINTERACTION is a digital application that allows the recording of personal interactions following a noticeable change in the behaviour of a person in relation to gambling. 

      Our Customers 

      We provide SmartINCLUSION to Operators of Adult Gaming Centres, Licenced Bingo Premises and Casinos in Great Britain. These are referred to as our Customers. 

      We refer to our Customers premises as Venues. 

      Our role in your privacy 

      If you are providing Personal Data to our Customers as part of a interaction with them this Privacy Notice applies to you. 

      Please Note: 

      • If you are providing us data for any other service we provide, please refer to our Privacy Notice Menu 
      • If you are visiting our website, please refer to our standard Privacy Policy. 
      • If you are a member of staff providing Personal Data to us via SmartHub, please refer to our Staff Users Privacy Notice 

      Our responsibilities 

      Our responsibilities as a Data Processor 

      • Whilst you are completing your interaction, we act as a ‘Data Processor’ of your data for our Customers. This means that we are acting on the instruction of our Customers to support them in the collection of your Personal Data to enable them to provide their services to you. 

 

Your responsibilities 

Please read this Privacy Notice 

When we process data 

We will process data from you that you have provided to our Customers as part of an interaction they have held with you in venue, with a member of staff collecting your data using a Tablet device. 

Types of data we may process 

  • Required Data 
  • Interaction Details 
  • Optional Data 
  • Your Name or Nickname 
  • Your Contact Data (Email Address and / or Mobile) 
  • Your Description (Based on an observation from a member of staff) 
  • Gender 
  • Age 
  • Height 
  • Hair Style 
  • Hair Colour 
  • Build Type 
  • Other identifying features 

To assist our Customers in supporting you, they may request information relating to your personal circumstances which will allow them to provide the suitable level of support to you. 

Types of data we DO NOT process 

  • Any data relating to racial or ethnic origin. 
  • Any other special category data, such as photo or health data. 

Purposes for which we process your data 

We process your data solely for the purpose of providing and managing your interaction for our Customers. 

Please note: We do not use any personal data you provide in SmartINTERACTION for Marketing. 

How and why we process your data 

Data protection law requires that we only process your data for certain reasons and where we have a lawful basis to do so. Here are the reasons why we process your data: 

  • Providing SmartINTERACTION to our Customers 
  • Processing of your Personal Data to enable our Customers to provide support services and advice to you. 
  • In this context, our lawful basis for processing your personal data is the contract we have with our Customers. 

 

Here is what each “lawful basis” means: 

  • Contract 
  • We have entered into a contract with our Customers to provide multiple services to them to assist them in meeting the conditions of their gambling licence. SmartINTERACTION is one of those services. 

 

Your privacy choices and rights 

Your choices 

  • You can choose not to provide our Customers with personal data 
  • If you choose to do this, they may not be able to provide support without your personal data. 

Your rights 

You can exercise your rights by sending us an email at dataprotection@boomerangdigital.co.uk. 

  • You have the right to access information we hold about you 
  • This includes the right to ask us for supplementary information about: 
  • the categories of data we’re processing. 
  • the purposes of data processing. 
  • the categories of third parties to whom the data may be disclosed. 
  • how long the data will be stored (or the criteria used to determine that period). 
  • your other rights regarding our use of your data. 

We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights). 

We will tell you if we can’t meet your request for that reason. 

  • You have the right to make us correct any inaccurate personal data about you 
  • You have the right to port your data to another service 
  • We will give you a copy of your data in CSV or JSON so that you can provide it to another service. We will not do so to the extent that this involves disclosing data about any other individual. 
  • You have the right to be ‘forgotten’ by us 
  • You can do this by asking us to erase any personal data we hold about you if it is no longer necessary for us to hold the data for purposes of your use of IHL or we have a legal obligation to retain your personal data. 
  • You have the right to lodge a complaint regarding our use of your data 
  • Please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or as directed on their website at www.ico.org.uk. 

How secure is the data we collect? 

We have physical, technical and organisational procedures in place to appropriately safeguard and secure the data we collect. 

  • All data is stored in a secure ISO 27001 facility by AWS (Ireland). 
  • All data traffic is encrypted with SHA-256 RSA Encryption. 
  • We have Always-On Network Flow Monitoring. 
  • We have DDos protection services provided by AWS, including Automated Mitigation and all APIs are protected using a Throttling middleware. 
  • We have IP Attack Prevention in the form of Rack Attack Preventative Implemented. 

However, please remember: 

  • You provide personal data to our Customers at your own risk: unfortunately, no data transmission across the internet is guaranteed to be 100% secure. 

If you believe your privacy has been breached, please contact us immediately on dataprotection@boomerangdigital.co.uk. 

Where do we store the data? 

The data we collect is processed in our Data Centre hosted in Ireland, in our offices in Hessle (UK), Northampton (UK), Nottingham (UK) and Withernsea (UK) and also in any data processing facilities operated by the third parties identified below. 

By submitting your data, you agree to the storing or processing by us. We do not transfer or store your information outside the EEA. 

How long do we store your data? 

We will anonymise any personal/identifiable information about you 2 years after your last interaction with our Customers. 

Other Third parties who process your data (Non-Partners) 

Businesses often use third parties to help them host their application, communicate with customers, power their emails etc. We contract with third parties who we believe are the best in their field at what they do. 

Here are the details of our main third-party service providers, and what data they process on our behalf, where they store the data and why they need it: 

  • Amazon Web Services, Ireland 
  • We host our services on AWS Data Centres in Ireland. 
  • To ensure the security and safety of your personal data 

Cookies 

We do not use cookies in SmartINTERACTION. 

Revision Date: 02/06/2026