Privacy Policy

• Scope and Purpose
• Basic Principles
• Policy and Practices
  • Receipt of Personal Data
  • Personal Data Accuracy and Completeness
  • Security
  • Basic Uses
  • Ancillary Uses
  • Third Parties
  • Access
  • Enforcement
• Additional Policy Considerations
• Legal Requirements and Limitations
• Compliance
• Posting

Scope:

This policy applies to United States facilities of GTECH Corporation and subsidiaries incorporated in the United States (the “Company”).

Purpose:

• The purpose of the GTECH Corporation Privacy Policy is to establish the requirements and procedures for the protection of employee, customer and vendor privacy rights and their individually identifiable information in our possession in accordance with relevant U.S. laws and regulations and with the Safe Harbor Privacy Principles developed by the U.S. Department of Commerce, in collaboration with the European Commission, for protection of Personal Data (the “Safe Harbor Principles”) consistent with Directive 95/45/EC of the European Parliament and the Council of the European Union (the “EU Directive”).

• This policy also establishes authority and guidance for the Company privacy official and to meet the requirements of the Company’s privacy program.

• The Company may from time to time, and to the extent necessary, issue implementing procedures to address specific federal or local statutes or regulations consistent with the requirements of those statutes or regulations and BS 7799, and in that case, this policy shall not be construed as prohibiting compliance with more specific procedures to protect the privacy rights of all persons whose Personal Data is within the custody and management of the Company.

-top-

Basic Principles

GTECH Corporation is committed to individual privacy, and we recognize the responsibility we have to protect the privacy rights of all persons whose Personal Data are within our custody and management. GTECH’s privacy policy is expressed in the following five basic principles:

1. We will not intentionally gather or maintain Personal Data that is not relevant to us in conducting our business, and we will take steps to assure the accuracy of the Personal Data in our custody and management.
2. We will treat all Personal Data in our possession as confidential, and take reasonable precautions designed to prevent inappropriate or unauthorized disclosure of Personal Data.
3. We will not use Personal Data in our possession for purposes that are incompatible with the purposes related to our business unless affected individuals are appropriately consulted.
4. We will not transfer Personal Data to third parties, except as required in our business, and provided those third parties preserve the confidentiality of Personal Data and use it only for the purposes provided.
5. We will deal fairly with persons whose Personal Data is in our custody and management.
6. The term “Personal Data” means information in any form that is identifiable to a specific individual or by which specific individuals can be identified, such as name, identification number, address, or one or more factors related to physical, physiological, mental, economic, racial, cultural, or social identify or other personal characteristics or attributes.

-top-

Policy and Practices

1.   We will not intentionally gather or maintain Personal Data that is not relevant to us in conducting our business, and we will take steps to assure the accuracy of the Personal Data in our custody and management.

Receipt of Personal Data

• GTECH will not intentionally accept any Personal Data from our employees, consultants, vendors or others that is not relevant to the conduct of our business and the purposes we have disclosed. If we find that we have received Personal Data that is not relevant to these purposes, we will refrain from its use, return it to its source or delete it from our systems. We will not keep Personal Data longer than reasonably necessary or appropriate.

-top-

Personal Data Accuracy and Completeness

• We rely upon our employees, consultants and vendors, as well as third persons who give us Personal Data about themselves, to be sure that the Personal Data they provide to us is complete and accurate.

2.    We will treat all Personal Data in our possession as confidential, and take reasonable precautions designed to prevent inappropriate or unauthorized disclosure of Personal Data.

-top-

Security

• Personal Data in our custody is protected by policies and procedures to prevent unauthorized use of or access to our information systems and to maintain the integrity, availability and privacy of confidential information, and to prevent loss or destruction.

3.    We will not use Personal Data in our possession for purposes that are incompatible with the purposes related to our business unless affected individuals are appropriately consulted.

-top-

Basic Uses

• We use Personal Data for our own employment and retention purposes, to assist employees in using employment information and improving their work/life experience. Employee Personal Data will be made available to their supervisors and participating benefits and other vendors. For example, our uses of Personal Data may include the following, and similar uses: payroll, reimbursement of expenses, tax withholding and reporting, compensation and benefits administration, work assignment, management and evaluation, recruiting, staffing and training, expatriation, repatriation, relocation, legal compliance, personnel records, maintenance and administration and severance.
• In addition, we may make certain Personal Data available to business partners, gaming commissions and government entities in connection with licensing requirements and the delivery of GTECH networks, systems and professional services for transaction processing solutions. We may also make information about employees, consultants and vendors available to others within GTECH for purposes related to our business.

-top-

Ancillary Uses

• Under some circumstances, we might consider using Personal Data for purposes that are incompatible with the purposes for which we originally received the data. However, before doing so, we will give individuals the opportunity to choose not to have their Personal Data used for these purposes, or in the case of sensitive information (relating to medical or health conditions, religious or philosophical beliefs, trade union membership, or information specifying the sexual preference of the individual), we would not use the Personal Data for those other purposes without permission.

4.   We will not transfer Personal Data to third parties, except as required in our business, and provided those third parties preserve the confidentiality of Personal Data and use it only for the purposes provided.

-top-

Third Parties

• GTECH maintains collaborative relationships with vendors, subcontractors, strategic partners and others who assist us and our customers in the conduct of our respective businesses. We transfer Personal Data to these parties to enable them to work with us and our customers with the understanding that they will also maintain the privacy of Personal Data.

5.   We will deal fairly with persons whose Personal Data is in our custody and management.

-top-

Access

• Upon reasonable written request, we will inform any person what Personal Data we have about him or her generally, and take steps to correct or delete any inaccuracies in Personal Data pointed out to us, either directly or through making available self-service mechanisms. However, we may limit access, corrections or deletions if the burden and expense would be disproportionate to the privacy risks, when applicable laws or regulations would be violated, or under other circumstances as outlined in the Safe Harbor Principles. We may establish reasonable rules for providing access to Personal Data, and/or set reasonable limits on the frequency of access requests.

-top-

Enforcement

• Persons who believe their Personal Data is not handled in accordance with this Privacy Policy should contact the Company’s privacy official, who will discuss the issue with the complainant, conduct an investigation, and report back to the complainant, all in an effort to resolve the issue quickly and amicably. If working through the Company’s privacy official does not lead to a satisfactory resolution, persons with complaints about handling of their Personal Data will have access to independent recourse mechanisms.
• EU Residents: In order to assure compliance with the Safe Harbor Principles as applicable to Personal Data about our employees, consultants and vendors within the jurisdiction of the EU Directive, the Company is committed to cooperating with the European Union Data Protection Authorities (DPA’s). Specifically, at the request of employees, consultants and vendors who are entitled to the benefits of the EU Directive, the Company will (i) cooperate with the DPA’s in the investigation and resolution of complaints brought under the Safe Harbor Principles by such persons, and (ii) comply with advice given by the DPA’s where the DPA has determined additional specific actions are necessary to comply with the Safe Harbor Principles, including compensatory measures, up to an aggregate of US$1,000, for the benefit of individuals affected by any noncompliance with the Safe Harbor Principles, and (iii) provide the DPA’s with written confirmation of the corrective actions taken.
• US Employees: Employees, consultants and vendors who are not entitled to the benefits of EU protective legislation may utilize a formal third-party mediation procedure to address complaints about handling of their Personal Data in violation of this policy that have not been resolved directly with the Company within thirty (30) days after contacting the Company’s privacy official as described above. Under these circumstances and upon the request of the employee, the Company will initiate mediation by appointing an independent mediator within fifteen (15) days of the employee’s request. The employee may object to any mediator who has any relationship with the Company that would compromise the mediator’s independence, in which case the Company will appoint an alternative mediator. The selected mediator will, within ten (10) days of final selection, commence an investigation that will include private discussions with the employee, Company interviews, and such other fact-finding, analysis and procedures as the mediator deems appropriate. The mediator will not spend more than ten (10) hours in the aggregate in the process of reviewing and decision-making. The Company will cooperate in, and pay the costs of, this process. If the mediation process does not result in a negotiated resolution that is satisfactory to the employee and the Company, and the mediator believes the Company failed in any material respect to comply with this policy, the mediator will recommend one or more remedies from the following list, which the Company will observe:


• Payment to the employee of an amount to compensate for any actual out-of-pocket costs or losses incurred as a result of the Company’s failure to adhere to this policy, that have not otherwise been reimbursed or compensated, and that were not, and could not reasonably have been, mitigated by the employee, not to exceed U.S. $1,000 in the aggregate.
• Recommendation to the Company for reasonable modification of the Company’s procedures for compliance with the portions of this policy that were violated, provided that the Company is not required to comply with recommendations that are impracticable or not cost-effective where alternative modifications that are reasonably likely to address compliance issues can be implemented.
• Notification of the Federal Trade Commission, in circumstances in which the Company is not cooperative and such notification is necessary to protect the rights of the Employee, consultant or vendor.

-top-

Additional Policy Considerations

This Privacy Policy is designed to protect Personal Data privacy rights as they are currently understood, and to satisfy the related regulations that are applicable to us in the course of conducting our business. However, we realize that the text of this Privacy Policy cannot address every potential issue and circumstance. It is the policy of GTECH to adhere to the Safe Harbor Principles, the data protection regulations of the countries in which we do business, and applicable employment laws and regulations that affect our maintenance and handling of Personal Data.

-top-

Legal Requirements and Limitations

• This Privacy Policy is subject in all respects to applicable legal and regulatory requirements and limitations that would dictate actions or policies different from those set forth herein.
• This Privacy Policy is issued by GTECH and applies exclusively to U.S. facilities of GTECH Corporation and its subsidiaries incorporated in the United States. It is not binding upon or applicable to our customers, and does not limit, alter or otherwise amend any separate privacy policies that may have been or may be adopted by our customers or vendors. Any separate private policies promulgated by our customers or vendors remain in full force and effect.
• GTECH may change this Privacy Policy from time to time as we deem appropriate consistent with the principles described above, our commitments to our customers, and evolving business needs. We will reflect all changes in updated versions of this policy made available publicly through GTECH’s website and various policy documents.

-top-

Compliance

In order to verify that the attestations and assertions we have made about protection of Personal Data are true and that our privacy practices have been implemented as presented, we will:

1. Publish this policy so that it is accessible to all interested persons.
2. Appoint and maintain a privacy officer with responsibility for designing and implementing a compliance program and verifying our compliance with it.
3. Implement procedures to execute these policies in the conduct of our business, train employees in the application of such procedures, and discipline employees for breach of these policies and procedures.
4. Maintain our records on implementation of this policy and make them available upon reasonable request in the context of an investigation or a complaint about noncompliance to the independent body responsible for investigating complaints or to the agency with unfair and deceptive practices jurisdiction.
5. At least annually, (i) review the policy to ensure that it continues to comply with the Safe Harbor Principles, and the data protection regulations of the countries in which employees, consultants and vendors reside, (ii) review our compliance with the policy, and (iii) prepare a written report verifying the self-assessment signed by the privacy officer, director of compliance or the chief compliance officer, which will be made available upon request by any affected individuals or in the context of an investigation or a complaint about noncompliance.

-top-

Posting

• This Privacy Policy will be available on GTECH’s website, as well as through any interface maintained for employees.

-top-