Additional information on Data Protection in the Processing of Administrative Breaches

Pursuant to  Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, regarding the protection of natural persons with regard to the processing of personal data and on the free movement of such data, the Directorate-General for the Regulation of Gambling commits to fulfilling its obligation of privacy with respect to personal data and the duty to treat it confidentially. To this end, it will take any necessary action to prevent its alteration, loss, unauthorised handling or access.

Furthermore, the following additional information is provided in relation to the protection of personal data in the processing of personal data for the management and processing of administrative breaches in terms of gambling:

Who is responsible for the processing of your data?

Directorate-General for the Regulation of Gambling
c/ Atocha 3, 28012 MADRID, Spain

Data Protection Officer: Sub-Directorate General for Information on Transparency and Web Content.
C/ Alcala 9, 28071 MADRID.

For what purpose will the DGOJ process your data and for how long will it be retained.

The DGOJ will process the data provided to us through this form and its attached information for the management and processing of administrative disciplinary proceedings initiated for breaches provided for by Law 13/2011 on Gambling Regulation.

The data will be retained on our systems until the resolution of the penalty pursuant to Article 43 of Law 13/2011 on Gambling Regulation. That is, four years after a firm decision has been issued for very serious penalties, two years for serious, and one year for minor.

What allows the DGOJ to process your data for the stated purposes?

The processing of your data is necessary to fulfil a mission carried out in the public interest or in exercising the public powers conferred on the DGOJ through Law 13/2011 on gambling regulation.

The data provided through this form is the minimum required to be able to deal with your request. Therefore, all data is considered mandatory. Otherwise, we would not be able to progress further.

To whom will your data be communicated?

Such data shall at no time be processed by or transferred to third parties without the clear consent of the person involved, or in the circumstances provided for in Articles 6 and 49 of aforementioned Regulation 2016/679 of 27 April 2016.  

 What are your rights when you provide us with your data?

  • Anyone has the right to obtain confirmation of whether we are processing personal data concerning them in the DGOJ, or not.
  • Interested parties have the right to access their personal data, as well as requesting inaccurate data to be corrected.
  • In certain circumstances and for reasons related to your particular situation, you may object to the processing of your data. The DGOJ will stop processing your data, unless afforded legitimate reasons for the processing which prevails over your interests, rights and freedoms, or to prepare, exercise and defend your claims.
  • You can request the processing of your data be limited when:
    • Its accuracy is contested and during the period of time the DGOJ has to verify its accuracy.
    • You request that we keep it when no longer necessary for the purpose collected and prior to its deletion by the DGOJ, in which case we will only keep it to exercise or defend claims.
    • Once your right to oppose processing is requested, while it is verified if the legitimate reasons of the DGOJ to process your data prevail over yours.
  • You can exercise these rights by means of a  request addressed to the DGOJ  or through the network of assistance offices for registries (
  • Likewise, you can file a claim with the Spanish Data Protection Agency should you consider that no satisfaction has been obtained when exercising your rights, either through its web form  (Claim Form of the Spanish Agency for Data Protection), or in-person at c/ Jorge Juan 6, 28001 MADRID.