Privacy policy on ROFUS

The Danish Gambling Authority processes data about individuals and businesses. On this page, you can read more about what personal data is, how the Danish Gambling Authority processes personal data, and what rights you have.

What is personal data?

Personal data is any information that can be directly or indirectly attributed to an identifiable natural person. This can be information such as name, address, civil registration number, finances, family relationships, etc. Personal data can also be information about companies, such as sole proprietorships or shareholders in a company.

Processing of personal data means any handling of personal data. Typical processing operations include: collection, recording, structuring, storage, disclosure, combination and erasure. 

We are the data controller of your personal data - how to contact us

The Danish Gambling Authority is the data controller for the processing of the personal data we have received. You can find our contact details below. 

Spillemyndigheden 
Englandsgade 25, 6. sal
5000 Odense C 
CVR (Central Business Register): 34730415 
Phone: 72387913 
E-mail: GDPR@spillemyndigheden.dk

The Danish Gambling Authority’s Data Protection Officer (DPO)

The Danish Ministry of Taxation has appointed a group-wide data protection officer, whose tasks include advising the Danish Gambling Authority on the processing of personal data and ensuring that the Danish Gambling Authority complies with relevant rules in the data protection area.

The DPO is also the point of contact for citizens and businesses regarding the processing of personal data. You can write to the Danish Gambling Authority's data protection officer if you have questions about the Danish Gambling Authority's processing of personal data or want more information about your rights.

You can contact the Group-wide Data Protection Officer here:

Udviklings- og Forenklingsstyrelsen (IT and Development Agency)
Osvald Helmuths Vej 4 
2000 Frederiksberg 
Att.: Data Protection Officer
E-mail: DPO@ufst.dk 

Where does the personal data come from?

The Danish Gambling Authority processes personal data that you have provided to the Danish Gambling Authority. This can be, for example, information that you have submitted in connection with your registration in ROFUS. The Danish Gambling Authority may also process information about you that we receive from other individuals and companies.

The purpose and legal basis of the Danish Gambling Authority’s processing of personal data

The Danish Gambling Authority is responsible for ensuring a properly regulated gambling market in Denmark. Our core tasks set out in the gambling legislation are to protect players, including young persons or other vulnerable persons, from being exploited through gambling. We do this by ensuring that gambling is offered in a fair, responsible, and transparent manner. The Danish Gambling Authority manages the register of self-excluded players (ROFUS), which is a service for people who want to exclude themselves from gambling. 

The Danish Gambling Authority processes personal data about individuals and businesses which is sent to us for the purpose of operating ROFUS. The Danish Gambling Authority processes personal data as part of the tasks given to us as a public authority. The processing of personal data is based on article 6(1)(e) of the General Data Protection Regulation.

The legal basis for processing your personal data appears in: 

  • Section 10(1) and (2) of the Executive Order on land-based casinos
  • Section 18(1 and (2) of the Executive Order on online betting
  • Section 24(1) and (2) of the Executive Order on online casino

If we receive sensitive personal data, this is processed under article 9(2)(f) of the General Data Protection Regulation.

If you have sent data on criminal offences, our processing of data is based on article 8(1) and (2)(3) of the General Data Protection Regulation.

Processing of data on civil registration numbers is done for the purpose of a precise identification, cf. article 11(1) of the General Data Protection Regulation.

Categories of personal data 

The Danish Gambling Authority process the following categories of personal data:

  • Identification data
  • Financial and vocational data
  • Family circumstances
  • Patterns of movement and location
  • Staff matters (not sensitive)

If we receive sensitive personal data and process this, it may be the following categories of data:

  • Health data
  • Political orientation
  • Trade-union membership

In addition to this, the Danish Gambling Authority also process data on criminal convictions and offences. 

Recipients or categories of recipients

The Danish Gambling Authority discloses personal data to other public authorities as part of our general tasks. The Danish Gambling Authority may be obligated by law to disclose data. For example, data is disclosed to the Danish Tax Agency, the police, the courts, and other relevant authorities. Your registration with ROFUS will only be disclosed to other public authorities in rare cases and only if it is necessary in a specific case. 

The Danish Gambling Authority discloses your personal data from ROFUS to the operators at which you hold an account, but only in the instances where you attempt to log in or in the instances where the gambling operators attempts to send you marketing material. The Danish Gambling Authority will also disclose your personal data to gambling operators at which you do not have an account if you attempt to create an account with a gambling operator during your self-exclusion period. 

Finally, the Danish Gambling Authority may disclose data on persons registered with ROFUS to our data controllers. 

Apart from these instances, the Danish Gambling Authority never disclose your registration with ROFUS to individuals or private businesses. 

Disclosure to recipients in third countries, including international organisations

The Danish Gambling Authority rarely discloses personal data to recipients outside the EU and EEA. Data will only be disclosed to the gambling operators at which you do not hold an account if you attempt to create a new account with the gambling operator during your self-exclusion period. Data will also be disclosed if you attempt to log into an existing account and before the gambling operator wants to send direct marketing material to you. 

Storage of personal data 

The Danish Gambling Authority stores your personal data about your registration with ROFUS for as long as you are registered in ROFUS and subsequently for 5 years plus ongoing years after your registration in ROFUS has expired. The Danish Gambling Authority's data processors store the information and delete it according to a procedure prepared by the Danish Gambling Authority.

Automatic assessment and profiling

The Danish Gambling Authority does not make use of automatic decision-making and profiling. 

Your rights

You have various rights when the Danish Gambling Authority processes personal data about you. You can read more about the rights below. If you wish to exercise your rights, please contact us.

Right of notification

You have the right to be notified when the Danish Gambling Authority collects and processes personal data about you. You have the right to be informed about the purpose and the legal basis for the processing.
The Danish Gambling Authority’s obligation to inform you may be exempted in certain situations. This applies, e.g., if you are already familiar with the information, or your interest in obtaining the data should give way for private or public interests.

Right to access

You are in principle entitled to access the Danish Gambling Authority's processing of your personal data. This means that you have the right to have confirmed whether we process your personal data as well as other information. 

Right to rectification (correction)

You are entitled to have inaccurate personal data concerning yourself rectified.

Right to erasure

In special cases, you have the right to have personal data about you erased before the time of our general deletion.
However, a registration with ROFUS is binding. This means that a registration cannot be deleted before the exclusion period ends or the minimum registration period is completed. 

Right to restrict processing

In certain cases, you may have the right to have the processing of your personal data restricted. If you are entitled to restriction of processing, we will only be able to process data - except for storage - with your consent. Moreover, we will only process data for the purpose of an establishment, exercise or defense of a legal claim, or for the purpose of protecting the rights of another natural or legal person or important public interests.

Right to object

In some cases, you may have the right to object to our otherwise legitimate processing of your personal data.

Right to transmit information (data portability)

In certain cases, you may have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit such personal data from one data controller to another without hindrance.

Storage and erasure

The information that the Danish Gambling Authority collects and processes about you will be processed and stored in the Danish Gambling Authority's IT systems. 

The Danish Gambling Authority stores your personal data about your registration with ROFUS for as long as you are registered in ROFUS and subsequently for 5 years plus ongoing years after your registration in ROFUS has expired. The Danish Gambling Authority's data processors store the information and delete it according to a procedure prepared by the Danish Gambling Authority.
You can read more about your rights on the Danish Data Protection Agency's website:  www.datatilsynet.dk.

Complaint to the Danish Data Protection Agency

You are entitled to file a complaint to the Danish Data Protection Agency if you are dissatisfied with the way the Danish Gambling Authority processes your personal data. The Danish Data Protection Agency is a central independent authority, which supervises compliance with regulations on personal data in Denmark. You will find contact information of the Danish Data Protection Agency on www.datatilsynet.dk.

Rules and regulations

There are several Act and regulations regulating the processing of personal data. The purpose of the rules is to ensure the protection of the fundamental rights and freedoms of natural persons in the processing of their personal data.
General rules on processing of personal data are set out in the General Data Protection Regulation and the Danish Data Protection Act.