Privacy Policy

 

Scope:

This policy applies to GTECH Corporation and its subsidiaries incorporated in the United States (the “Company”).

Purpose:

  • The purpose of the GTECH Corporation Privacy Policy is to establish the requirements and procedures for the protection of employee, customer and third party privacy rights and their individually identifiable information in our possession in accordance with relevant U.S. laws and regulations and with the Safe Harbor Privacy Principles developed by the U.S. Department of Commerce, in collaboration with the European Commission, for protection of Personal Data (the “Safe Harbor Principles”) consistent with Directive 95/45/EC of the European Parliament and the Council of the European Union (the “EU Directive”).

  • The Company may from time to time, and to the extent necessary, issue implementing procedures to address specific federal or local statutes or regulations consistent with the requirements of those statutes or regulations and BS 7799, and in that case, this policy shall not be construed as prohibiting compliance with more specific procedures to protect the privacy rights of all persons whose Personal Data is within the custody and management of the Company.

-top-

Basic Principles

GTECH Corporation is committed to individual privacy, and we recognize the responsibility we have to protect the privacy rights of all persons whose Personal Data are within our custody and management. GTECH’s privacy policy is expressed in the following five basic principles:

  1. We will not intentionally gather or maintain Personal Data that is not relevant to us in conducting our business, and we will take steps to assure the accuracy of the Personal Data in our custody and management.
  2. We will treat all Personal Data in our possession as confidential, and take reasonable precautions designed to prevent inappropriate or unauthorized disclosure of Personal Data.
  3. We will not use Personal Data in our possession for purposes that are incompatible with the purposes related to our business unless affected individuals are appropriately consulted.
  4. We will not transfer Personal Data to third parties, except as required in our business, and provided those third parties preserve the confidentiality of Personal Data and use it only for the purposes provided and if adequate protections apply.
  5. We will deal fairly with persons whose Personal Data is in our custody and management.
The term “Personal Data” means information in any form that is identifiable to a specific individual or by which specific individuals can be identified, such as name, identification number, address, or one or more factors related to physical, physiological, mental, economic, racial, cultural, or social identify or other personal characteristics or attributes.

-top-

Policy and Practices

1.   We will not intentionally gather or maintain Personal Data that is not relevant to us in conducting our business, and we will take steps to assure the accuracy of the Personal Data in our custody and management.

Receipt of Personal Data

  • GTECH will not intentionally accept any Personal Data from our employees, consultants, vendors or other third parties that is not relevant to the conduct of our business and the purposes we have disclosed. If we find that we have received Personal Data that is not relevant to these purposes, we will refrain from its use, return it to its source or delete it from our systems. We will not keep Personal Data longer than reasonably necessary or appropriate.

-top-

Personal Data Accuracy and Completeness

  • We rely upon our employees, consultants and vendors, as well as third persons who give us Personal Data about themselves, to be sure that the Personal Data they provide to us is complete and accurate.

2.    We will treat all Personal Data in our possession as confidential, and take reasonable precautions designed to prevent inappropriate or unauthorized disclosure of Personal Data.

Personal Data in our custody is protected by policies and procedures to prevent unauthorized use of or access to our information systems and to maintain the integrity, availability and privacy of confidential information, and to prevent loss or destruction.

-top-

Equipment and Information Security

To safeguard against unauthorized access to Personal Data by third parties outside GTECH, all electronic Personal Data we hold are maintained on systems that are protected by secure network architectures that contain firewalls and intrusion detection devices. The servers holding Personal Data are “backed up” (i.e., the data are recorded on separate media) on a regular basis to avoid the consequences of any inadvertent erasure or destruction of data. The servers are stored in facilities with comprehensive security and fire detection and response systems.

-top-

Access Security

We limit access to internal systems that hold Personal Data to a select group of authorized users who are given access to such systems through the use of a unique identifier and password. Access to Personal Data is limited to and provided to individuals for the purpose of performing their job duties (e.g., a human resources manager may need access to an employee’s compensation data to conduct salary planning, or a training manager may need to know the names of those who need certain training and the languages they speak). Decisions regarding such access are made by the human resources department. Compliance with these provisions will also be required of third-party administrators who may access certain Personal Data.

-top-

Training

We will conduct training regarding the lawful and intended purposes of processing Personal Data, the need to protect and keep information accurate and up-to-date, and the need to maintain the confidentiality of the data to which employees have access. Authorized users will comply with this Privacy Policy, and we will take appropriate disciplinary actions, in accordance with applicable law, if Personal Data are accessed, processed, or used in any way that is inconsistent with the requirements of this Privacy Policy.

3.    We will not use Personal Data in our possession for purposes that are incompatible with the purposes related to our business unless affected individuals are appropriately consulted.

We use Personal Data for our own employment and retention purposes, to assist employees in using employment information and improving their work/life experience. Employee Personal Data may be made available to their supervisors and participating benefits and other third parties consistent with this policy.

In addition, we may receive and process Personal Data from, as well as make available to,  business partners, gaming commissions and government entities in connection with licensing requirements and the delivery of GTECH networks, systems and professional services for transaction processing solutions. We may also make information about employees, consultants and vendors available to others within GTECH for purposes related to our business.

Under some circumstances, we might consider using Personal Data for purposes that are incompatible with the purposes for which we originally received the data. However, before doing so, we will give individuals the opportunity to choose not to have their Personal Data used for these purposes.

In the case of sensitive information (relating to medical or health conditions, religious or philosophical beliefs, trade union membership, or information specifying the sexual preference of the individual), we will ensure that any person from whom such data is collected is informed of, and has consented to, such collection and processing.  We will not use sensitive information for purposes that are incompatible with the purposes for which we originally received the information without permission.

4.  We will not transfer Personal Data to third parties, except as required in our business, and provided those third parties preserve the confidentiality of Personal Data and use it only for the purposes provided. 

GTECH maintains collaborative relationships with vendors, subcontractors, gaming regulators, strategic partners and others who assist us and our customers in the conduct of our respective businesses. We transfer Personal Data to these parties to enable them to work with us and our customers with the understanding that they will also maintain the privacy of Personal Data.

-top-

Transfers to other GTECH entities

We strive to ensure a consistent and adequate level of protection for Personal Data that are processed and/or transferred between GTECH entities. A transfer of Personal Data to another GTECH entity is considered a transfer between two different entities, which means that even in such “intra-group” cases, a data transfer shall be carried out only if applicable legal requirements are met and if:

  • The transfer is based on a clear business need;
  • The receiving entity provides appropriate security for the data; and
  • The receiving entity ensures compliance with this Privacy Policy for the transfer and any subsequent processing.

-top-

Transfers to non-GTECH entities

  • Service Providers: At times, we may be required to transfer Personal Data to selected external third parties that have been hired to perform certain services on our behalf. These third parties may process the data in accordance with our instructions or make decisions regarding the data as part of the delivery of their services (e.g., to assess eligibility for a disability benefit). In either instance, we will select reliable suppliers who undertake, by contract or other legally binding and permissible means, to put in place appropriate security measures to ensure an adequate level of protection. We will require external third-party suppliers to comply with this Privacy Policy or to guarantee the same levels of protection as us when handling Personal Data. Such selected third parties will have access to Personal Data solely for the purposes of performing the services specified in the applicable service contract. If we conclude that a supplier is not complying with these obligations, we will promptly take appropriate actions.
  • Other Third Parties: We may be required to disclose certain Personal Data to other third parties: (1) as a matter of law (e.g., to tax and social security authorities); (2) to protect our legal rights (e.g., to defend a litigation suit); or (3) in an emergency where the health or security of a person is endangered.

5.    We will deal fairly with persons whose Personal Data is in our custody and management.

Upon reasonable written request, we will inform any person what Personal Data we have about him or her generally, and take steps to correct or delete any inaccuracies in Personal Data pointed out to us, either directly or through making available self-service mechanisms. However, we may limit access, corrections or deletions if the burden and expense would be disproportionate to the privacy risks, when applicable laws or regulations would be violated, or under other circumstances as outlined in the Safe Harbor Principles. We may establish reasonable rules for providing access to Personal Data, and/or set reasonable limits on the frequency of access requests.

If access or a request for correction or deletion is denied, we will communicate the reason for the denial and make a written record of the request and reason for denial.

-top-

Enforcement

All GTECH entities will ensure that this Privacy Policy is observed. All GTECH employees who have access to Personal Data must comply with this Privacy Policy.

Persons who believe their Personal Data is not handled in accordance with this Privacy Policy should contact the Company’s Chief Compliance Officer, who will discuss the issue with the complainant, conduct an investigation, and report back to the complainant, all in an effort to resolve the issue quickly and amicably. 

If the concern relates to an alleged violation of this Policy by a GTECH entity located in a country other than that of the person or the exporting GTECH entity, he or she may request the assistance of the exporting entity.  That GTECH entity will assist him or her in investigating the circumstances of the alleged violation.  If the violation is confirmed, the exporting and importing entities will work together with any other relevant parties to resolve the matter in a satisfactory manner, consistent with the provisions of this Privacy Policy.

-top-

Additional Policy Considerations

This Privacy Policy is designed to protect Personal Data privacy rights as they are currently understood, and to satisfy the related regulations that are applicable to us in the course of conducting our business. However, we realize that the text of this Privacy Policy cannot address every potential issue and circumstance. It is the policy of GTECH to adhere to the Safe Harbor Principles, the data protection regulations of the countries in which we do business, and applicable employment laws and regulations that affect our maintenance and handling of Personal Data.

-top-

Legal Requirements and Limitations

This Privacy Policy is subject in all respects to applicable legal and regulatory requirements and limitations that would dictate actions or policies different from those set forth herein.

This Privacy Policy is issued by GTECH and applies exclusively to GTECH Corporation and its subsidiaries incorporated in the United States. It is not binding upon or applicable to our customers, and does not limit, alter or otherwise amend any separate privacy policies that may have been or may be adopted by our customers or other third parties. Any separate private policies promulgated by our customers or vendors remain in full force and effect.

GTECH may change this Privacy Policy from time to time as we deem appropriate consistent with the principles described above, our commitments to our customers, evolving business needs, or changes in applicable laws or regulations.  We will reflect all changes in updated versions of this policy made available publicly through GTECH’s website and various policy documents.

-top-

Compliance

In order to verify that the attestations and assertions we have made about protection of Personal Data are true and that our privacy practices have been implemented as presented, we will:

  • Publish this policy so that it is accessible to all interested persons.
  • Maintain responsibility for designing and implementing a compliance program and verifying our compliance with it.
  • Implement procedures to execute these policies in the conduct of our business and discipline employees for breach of these policies and procedures.
  • On an annual basis, (i) review the policy to ensure that it continues to comply with the Safe Harbor Principles, and the data protection regulations of the countries in which employees, consultants and vendors reside and (ii) review our compliance with the policy.

We will respond diligently and appropriately to requests from data protection authorities about this Privacy Policy or compliance with applicable data protection and privacy laws and regulations. Our employees who receive such requests should contact the legal department or Chief Compliance Officer. We will, upon request, provide data protection authorities with names and contact details of relevant contact persons.

-top-

Posting

This Privacy Policy will be available on GTECH’s website, as well as through any interface maintained for employees.

-top-


 

Copyright 2012 GTECH Corporation
.