Protecting Your Personal Data
Privacy Policy
Genting Casinos UK
Privacy Policy
Version Effective Date: December 2024
The privacy of our customers is important to us - we are committed to protecting your personal data and processing it in compliance with all applicable data protection and e-privacy laws, including the UK General Data Protection Regulation and the Data Protection Act 2018.
This privacy notice provides information on how Genting Casinos UK Limited and its UK group companies collect, process and retain your personal data through your interactions with us and through your use of our websites and mobile apps. It also explains the lawful bases we rely on for that processing, and your rights in relation to your personal data.
We encourage you to read it so that you are fully aware of how and why we are using your personal data.
Who is responsible for collecting your data?
This privacy notice applies to the following Genting UK companies:
- Genting Casinos UK Limited, incorporated and registered in England and Wales under company number 01519689 with the registered office of Genting Club Star City, Watson Road, Birmingham, England, B7 5SA. Genting Casinos UK Limited acts as the principal data controller in respect of our land-based casinos in the United Kingdom; and
- Genting Casinos Egypt Limited, incorporated and registered in England and Wales under company number 02885976 with the registered office of Genting Club Star City, Watson Road, Birmingham, England, B7 5SA.
Any references to “Genting”, “we”, “us” or “our” are references to all of our UK casino brands and trading names including “Genting Casinos”, “Genting Clubs”, “Crockfords”, “Crockfords Cairo”, “Palm Beach”, “Forty-Five Kensington”, “Colony Club” and “Genting London Chinatown”.
Your personal data may also be processed by other companies within the Genting UK group of companies from time to time, most commonly by our parent company, Genting UK plc (company number 01519749) and its subsidiary company Genting Solihull Limited (company number 06601106) both with the registered office address of Genting Club Star City, Watson Road, Birmingham, B7 5SA.
These group companies may act as data processors on behalf of Genting Casinos UK Limited or Genting Casinos Egypt Limited, or as independent data controllers in their own right. Any processing carried out by these entities takes place further to intra-group arrangements to deliver IT infrastructure services, data security, marketing, finance and legal group services in support of our day to day commercial operations. All of the above Genting companies are also registered with the UK Information Commissioner’s Office (ICO).
Our Data Protection Officer
If you have any questions about this privacy notice, your data protection rights or our data protection practices more generally, please contact our Data Protection Officer (DPO) on DPO@gentinguk.com. Our DPO works across all of Genting’s UK companies and will be able to assist with your queries.
Our collection and use of your personal data
The majority of the personal data that we use is collected from our direct interactions with you when you make use of our services. This includes where:
- visit our casinos, websites or Apps,
- register for casino membership,
- join our loyalty schemes (e.g. ‘My Genting’),
- download our mobile Apps,
- use our guest WiFi
- subscribe to receive direct marketing from us or visit our marketing Preference Centre,
- make a table reservation for one of our restaurants.
- when you interact with us (for queries, complaints, correspondence);
- when you participate in social media connected to us;
- when you participate in promotions, competitions or surveys we conduct.
We outline the personal data that we collect and why we collect it later on in this notice.
Your Rights: You generally have a choice as to whether you provide us with your personal data, but we may be unable to offer you certain services or provide you with materials you have requested if we do not have the necessary information to do so.
Generally the amount of personal data that we collect, process and retain shall be limited as far as possible to what is strictly necessary in connection with the relevant purposes for which it is collected.
Data collected from third parties
We may also collect personal data about you from third parties. This is usually to ensure that we comply with our legal and regulatory obligations and enable us to provide you with our services. We will protect this data in the same way that we protect the personal data that you provide to us directly and in line with any other requirements we are placed under either by the source of the data (where there is a contractual obligation to do so) or if we are required to by law. Examples of third parties who share personal data with us include:
- Genting Group Companies
- (in this context we mean Genting Malaysia Berhad, their subsidiary companies, jointly controlled entities and associated companies).
- Other casino operators
- we may obtain information from other casino operators to undertake further due diligence checks to comply with our legal and regulatory obligations (which includes for fraud prevention and anti-money laundering purposes) and so that we are able to verify your information or investigate suspicious activity both in relation to you or any third party.
- Credit reference agencies
- to ensure that we comply with our legal and regulatory obligations (which includes for fraud prevention and anti-money laundering purposes) we may obtain information from credit reference agencies. The information we obtain does not include information about your credit standing or score
- Commercially available databases and publicly available sources
- in some instances we may need to undertake further due diligence checks to comply with our legal and regulatory obligations (which includes fraud prevention and anti-money laundering purposes) so that we are able to verify your information or investigate suspicious activity both in relation to you or any third party. We use databases that collate and make certain information commercially available for these purposes. We may also look at publicly available sources such as social media or property ownership records.
- We may also purchase similar services that are offered by other third party data sources that are available commercially.
- SENSE scheme
- if you are a UK-based customer and have, or decide to, self-exclude from gambling using the SENSE national self-exclusion scheme, we will be notified about your exclusion and use this information to prevent you from accessing our premises and gambling services. We may in the future subscribe to similar national self-exclusion schemes. This privacy notice will be updated following any such new subscriptions.
- Regulatory and law enforcement agencies
How we use your personal data and data categories
Our legal basis for processing your personal data
Our legal basis for processing your personal data will vary depending upon the services that we provide you with and/or your choices.
Our main legal bases for processing your personal data are one or more of the following:
- If you have given your consent to the processing of your data for one or more specific purposes. In the main (but not exclusively), we will only process your Special Category personal data if you have given us your consent to do so.
Special Category personal data consists of data about your race; ethnic origin; politics; religion; trade union membership; genetics; biometrics; health; sex life; or sexual orientation.
Where legally required we will ensure that we have asked for and received your explicit consent to us processing this type of data at the time that we collect it (or as soon as is possible if it is passed to us from a third party). We will explain to you why we collect this data and how long it will be retained at the time that it is collected.
- Our processing of your Special Category personal data will be rare. An example is where you share sensitive information with us about your health when discussing responsible gambling concerns or where biometric data is processed as part of our use of Live Facial Recognition Technology (LFRT) at selected casino premises. Genting relies on the reasons of substantial public interest of safeguarding individuals at risk (responsible gambling) and preventing or detecting unlawful acts (rather than Consent) to support its use of special category biometric data as part of LFRT. Please see our LFRT FAQs for further information on our lawful bases and the Palm Beach trial more generally.
- Our processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to your entering into a contract with us.
- We process your data under this condition when you enter into a gambling or other service provision contract with us (i.e. whenever you buy a product or service from us or if you express an interest in buying a product or service from us). We require the data that we process under this condition to enable us to complete our obligations under that contract with you, for example to:
- Confirm your identity;
- Make payment to you/receive payment from you;
- Contact you in order to confirm services that you purchase from us.
- We process your data under this condition when you enter into a gambling or other service provision contract with us (i.e. whenever you buy a product or service from us or if you express an interest in buying a product or service from us). We require the data that we process under this condition to enable us to complete our obligations under that contract with you, for example to:
- Our processing is necessary for compliance with a legal obligation. On occasion, we may process your Special Category personal data under this condition.
- We process your data under this condition as we are required to record certain information that you provide to us by law. This can be for:
- Prevention of money laundering and combating the financing of terrorism;
- Compliance with our legal and regulatory obligations to the UK Gambling Commission, including where we are making use of Live Facial Recognition Technology at our casino premises.
- We process your data under this condition as we are required to record certain information that you provide to us by law. This can be for:
- Our processing is necessary for the purpose of our legitimate business interests.
- Legitimate Interests refers the interests of Genting in conducting and managing our business, to enable us to provide you with the best service and products, and the most secure experience. For example:
- we have a legitimate interest in ensuring that our marketing is relevant to you, so we may process your information to ensure that we only send marketing to you that is relevant to your interests;
- we have a legitimate interest in ensuring that we permit you to use our gambling products in a socially responsible manner so we may process your information to enable us to monitor your gambling activity.
- we can identify legitimate interests as a secondary lawful basis to support our use of Live Facial Recognition Technology in our casinos to help identify and deny entry to individuals who are suspended or barred from our premises due to the protection or detection of crime, unlawful acts or disorder.
- When we process your information for our legitimate interests, we will make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws against our interests. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise permitted by law).
- You have the right to object to this form of processing if you wish. However, as we explain in the section Our use of your personal data, certain activities are central to our business, therefore if you were to object to certain aspects of our processing we may still have to process some of your other personal data on one of the other grounds of processing set out above.
- Legitimate Interests refers the interests of Genting in conducting and managing our business, to enable us to provide you with the best service and products, and the most secure experience. For example:
We outline our specific legal basis for processing the personal data we collect from you against our categorised use of such data in a separate table in the section entitled ‘The personal data we collect’.
For more detailed information on your rights, please see the Your Rights section below.
Our use of your personal data
We use your personal data for a number of different reasons, some of which may not be immediately apparent to you, therefore we have explained in detail how we use your personal data in the below table.
We outline our specific legal basis for processing the personal data we collect from you against our categorised use of such data a separate table in the section entitled ‘The personal data we collect’.
Purpose | Use and examples |
---|---|
Fraud prevention / Anti-money laundering | When you use our services we may need to process and verify your personal data to comply with fraud prevention and anti-money laundering requirements, regulators’ requirements (including the UK Gambling Commission and other industry standards. In some instances, we may share your personal information with third parties to conduct identification or verification checks and/or to enable financial transactions to be processed. Specific examples are:
If you would like to know more about gambling regulation and the obligations we are placed under as a licensed gambling operator, please visit the UK Gambling Commission’s website (www.GamblingCommission.gov.uk) In our view, our processing of your personal data under this category is essential to our ability to comply with legal and regulatory requirements, and to protect our business and customers. Should you object to our use of your data for these purposes your only option may be to terminate your membership and/or not use our services. Even if you do so we may retain some data for a period of time due to legal and/or regulatory obligations. |
Compliance with legal and regulatory obligations | We are subject to a number of laws and regulations and we are required to process and provide personal data requested by regulatory bodies, law enforcement agencies and the courts. Some of the legal and regulatory obligations we are placed under require us to use personal data collected for certain purposes and/or to retain it for a specified time period. We may also be required to share information with industry bodies. We have in place a number of safeguards and mitigations to ensure that your personal data is processed proportionately and safely when processed for these purposes. Specific examples are:
If you would like to know more about gambling regulation and the obligations it places Genting under, please visit the Gambling Commission’s website (www.GamblingCommission.gov.uk )
In our view, our processing of your personal data under this category is essential to our ability to comply with legal and regulatory requirements, and to protect our business and customers. Should you object to our use of your data for these purposes your only option may be to close your account and/or not use our services. Even if you do so we may retain some data for a period of time due to legal and/or regulatory obligations. |
General commercial operations | We use personal data to manage the day-to-day operation of our business and to enable us to provide you with our products and services. This includes management of customer preferences, suppliers, and other relationships, sharing information within the Genting group, implementing safety procedures and allocating resources. Specific examples are:
Processing identifiable personal data by anonymising/de-identifying/re-identifying/pseudonymising.
We may use cookies to facilitate our ability to personalise some of the services we refer to in this section. You can control this through your browser settings. Please see the Cookies Policy for more information on our use of Cookies and how to manage their settings. In our view, our processing of your personal data under this category is essential to our ability to ensure that we protect our commercial interests. Should you object to our use of your data for these purposes you have the option to close your account and/or not use our services. Even in these instances we may retain some data for a period of time due to legal and/or regulatory obligations. |
Marketing | We will process certain personal data to gather market intelligence, promote products and services, communicate offers to individual customers and monitor the use and take up of our loyalty and reward cards and points and promotions (for example, so that we will have an understanding of your interests so that we can send you offers more relevant to you). We may also provide aggregated and pseudonymised or anonymised data to third parties – where we do this we will ensure that these third parties take appropriate measures to secure any personal data that is provided, however we would look to anonymise / pseudonymise where possible. We will never pass your contact information to third parties for them to use for their own marketing purposes unless we have your consent. Where you have opted-in to receive direct marketing communications from us (or have not chosen to opt-out as the case may be) we may from time to time engage third party service providers to carry out direct marketing activities on our behalf. In such cases, our third party service providers are not permitted to use your details for their own direct marketing activities or to pass your data on to any other third parties for these purposes. Such arrangements are subject to contractual protections to ensure the safeguarding and integrity of your data in accordance with the relevant data protection laws. Specific examples of the marketing we will undertake are:
Preference CentreWe have created a preference centre within which you will be able to control how and why we contact you for the purposes of direct marketing. We will include a link to our preference centre in all of the communications that we send to you. We will only ever contact you in accordance with your contact preferences.
You can update your contact preferences or opt-out from the receipt of direct marketing in our preference centre, at reception, or by following the instructions in any marketing communications we send you. In App Data Collection / Use and Website MarketingIf you are a user of any of our mobile Apps or our Website, we may send you push notifications. You can disable these notifications independently through your devices settings and by following the prompts issued on download of mobile Apps.. We use services to review in-App events as part of your use of our mobile gaming Apps. These technologies collect information regarding in-App player activity such as new-user registrations, login and session times, device and IP data. Our third party partners do not process this data for their own purposes and provide only hosting and reporting solutions for Genting’s internal business activities. Data collected via these technologies allows us to analyse and improve our services, to offer you gaming experiences and marketing more tailored to your preferences and to measure the effectiveness of our advertising campaigns. You can manage data collection and Ads preferences via your device's privacy settings (e.g. Apple iOS Limit Ad Tracking , Opt-out of seeing personalised Ad on Android device/Google ). |
Profiling or segmentation | MarketingWe would like to be able to contact you about specific offers and promotions that we believe will appeal to you. In order for us to be able to approach our marketing in a socially responsible and non-invasive manner we need to fully understand your use of our services by carefully analysing your preferred products and average spend alongside the records that we hold about our other customers. We analyse your data by placing it into pre-determined segments based on the specific offer or promotion we are operating.
Social Responsibility / Anti-money laundering / Business recordsWe may also profile or segment your personal data to ensure that we act in socially responsible and lawful manner, and to enable us to produce anonymised transactional business reports. We will only share the results of this information externally if we are required to do so by law. Important Information
IF YOU DO NOT WANT US TO SEGMENT OR PROFILE YOUR INFORMATION FOR MARKETING PURPOSES, YOU WILL NEED TO OPT-OUT OF THE RECEIPT OF ALL MARKETING FROM US.
|
Sharing with, or processing by, third parties | We may need to provide your personal data to third parties in order to deliver certain aspects of our services to you and to generally run our day to day business operations. The majority of these third parties are our service providers or other companies within the wider Genting group of companies. Where we do this we will ensure that these third parties take appropriate measures to secure your data. Specific examples are:
We may in some instances have to share your data with third parties who provide services to us that are based in countries that are outside of the UK or permit these third parties to access our systems. Whenever we disclose your personal data to third parties, we will require that third party to have appropriate technical and organisational measures to safeguard your personal data. |
The personal data that we collect
The data that we collect from you will vary depending upon the services that we provide you with and your choices (including your privacy settings). We outline the data that we may collect, our use of that data and our legal basis for processing that data in the table below.
Personal Data Collected | Use of Personal Data | Processing Condition |
---|---|---|
Name and other contact information (including title, date of birth, gender, nationality, address, telephone numbers, email address, customer/user ID and proof of identity information. |
|
|
Payment card or bank account information |
|
|
Closed circuit television (CCTV), photographs, or audio recordings of you | This information will only be collected when you visit our land-based casino premises.
Please note, Genting instructs third parties to provide security services at most of its casinos. Some of these third parties may make use of Body Worn Video devices from time to time – these devices are currently in use at our Birmingham Chinatown, Palm Beach and Resorts World casinos. Recordings collected from third party Body Worn Devices are not under the control of Genting and we do not receive or store copies of the footage. If you wish to obtain copies of Body Worn Video footage featuring you, our staff can provide you with the contact details of the relevant third-party security company so that you can submit your date access request directly to them. |
|
Live image streaming / biometric data created through use of Live Facial Recognition Technology |
Please see our LFRT FAQs for more information. |
|
Offences |
|
|
Technical / device information (including IP address, cookies, geo-location, browser information and operating system information) |
In the majority of cases we are not able to personally identify you from Cookies. See our Genting Casinos Cookies Policy for more information. |
|
Customer records relating to due diligence, gaming and responsible gaming (including occupation, passport and driving licence copies and proof of signature) |
|
|
General correspondence |
|
|
Medical conditions |
|
|
Social media account information |
|
|
Information regarding marketing preferences |
|
|
Retention, storage and, protection of personal data
Retention
We will retain your personal data for as long as we need it in order to fulfil the purposes that are outlined in this Privacy Notice, provided that we have a valid legal reason to do so. Because these needs can vary depending upon the purpose of our processing the data, the length of time that we process the data can vary significantly.
In order to determine the length of time we will retain your data we consider the following factors:
- How long is the data required to enable us to provide you with our services?
- For example: To maintain adequate business and financial records, to enable us to contact you in line with your preferences, to enable us to comply with lawful requirements.
- Is the personal data we hold about you Special Category personal data?
- For example: Data about your race; ethnic origin; politics; religion; trade union membership; genetics; biometrics; health; sex life; or sexual orientation.
- Are we subject to a legal, regulatory or contractual obligation to retain the data?
- For example: We are under an obligation under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 to keep a record of all customer due diligence records we have for a period of 5 years following the end of a business relationship. We are also obliged by the UK Gambling Commission to retain self-exclusion records to enable us to implement self-exclusion periods.
Customers to whom we provide gambling services
- In general we will retain the majority of your personal data for a period of 5 years after the conclusion of your business relationship with us. We consider a business relationship to be at an end if you have not interacted with us at all for a period of 13 months. At this point we will retain your data and we will no longer process it for any other reason (other than for direct marketing where you have not opted-out, in which case, you will continue to receive direct marketing from us for a period of 36 months) other than its deletion unless and until you further engage with us.
- If you have a gambling account or membership with us, but you have never used our gambling services, we will retain your data for a period of 3 years. If you have not interacted with us (logged in to an account, visited our premises, clicked through a link in a marketing email, logged into our preference centre) for a period of 36 months, we will stop any processing of your personal data beyond its retention and deletion unless and until you further engage with us.
- If you are subscribed to our marketing only and do not have an active account or membership with us, we will delete all personal data that we hold about you at the point that you opt-out to the receipt of any marketing material from us.
- CCTV footage from our premises is generally retained for a maximum period of 30 days but this may be shorter in some cases. For details of our retention periods for Live Facial Recognition Technology, please see our LFRT FAQs.
- There will be some exceptions to the period of time we retain your personal data. For example, we may retain your data for a longer period if you have self-excluded from gambling with us or if we need to retain your data because of ongoing litigation.
Customers to whom we provide non-gambling services
- In general we will retain the majority your personal data for a period of 24 months following your last interaction with us. We will stop processing your data if you have not interacted with us (logged in to an account, visited our premises, clicked through a link in a marketing email, logged into our preference centre) after 36 months. At this point we will retain your data and we will no longer process it for any other reason other than its deletion unless and until you further engage with us.
- If you are subscribed to our marketing only and have not purchased any non-gambling services from us, we will delete all personal data that we hold about you at the point that you opt-out to the receipt of any marketing material from us.
- CCTV footage from our premises is generally retained for a maximum period of 30 days, but may be shorter or long depending on the circumstances – e.g, if CCTV footage is archived following a specific incident).
- There will be some exceptions to the period of time we retain your personal data. For example, we may retain your data for a longer period if you have been suspended from our premises or if we need to retain your data because of ongoing litigation.
When we no longer need to retain your personal data we will always ensure that it is deleted securely or anonymised by us and we will also require third parties with whom we have shared your personal data to have deleted it also.
In instances where we want to retain data for analysis purposes for a longer period than we are able to we will anonymise this data such that it can no longer be linked back to you. Where we do this the information will no longer be your personal data.
Please note that if you opt-out from the receipt of marketing from us, we may need to retain your contact information in order that we can ensure that you no longer receive such marketing.
Storage and protection of personal data
We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and also against accidental loss, destruction or damage. We use a variety of technologies to help to protect your personal data.
For example, we ensure that your personal data is stored on computer systems that have limited access and that are in secure controlled facilities, we ensure that appropriate protection is in place whenever we allow access to your personal data by third parties.
- We adhere to high security standards in order to protect any information you give us and our security programme is aligned with ISO 27001 and PCI-DSS frameworks.
- Any data you give us will be retained in a secure environment and access to it will be heavily restricted on a ‘need to know’ basis.
- The primary storage location of your personal data will be in the UK in respect of our land-based casino activities. However, as outlined in this Privacy Notice, we may in some instances disclose your personal data to third parties outside of the UK. Where we disclose your personal data to a third party, we require that third party to have appropriate technical and organisational measures in place to protect your personal data. In instances where we are required by law to disclose your personal data to third parties (for example to law enforcement agencies) we have limited control over how it is protected by that third party.
Your Rights
Under UK Data Protection Laws, you have a number of rights with regard to your personal data. Here is more information about them -
Your right to access the data we hold about you
- You have the right to request a copy of your personal data along with confirmation as to whether your personal data is being processed and the purposes of such processing. This is also known as a “data subject access request”, or DSAR for short.
- To submit a DSAR, please contact us at DPO@GentingUK.com.
- We may ask you to provide us with proof of identity and additional information before we we are able to complete your DSAR. This is to help us verify your identity and to locate the information you are looking for.
- To submit a DSAR, please contact us at DPO@GentingUK.com.
Your right to have inaccuracies in your personal data corrected
- You have the right to obtain from us the rectification of any inaccurate personal data that we hold about you.
- Please note that it is possible for you to rectify any inaccurate personal data that we hold fairly quickly and easily by undertaking one of the following actions yourself:
- Updating your preferences in our Preference Centre;
- Asking at the reception in any of our casinos
- Alternatively, you can contact us at DPO@GentingUK.com to submit your request.
Your right to erasure (also known as the “right to be forgotten”)
- You have the right to request that we erase your personal data in certain circumstances.
- These circumstances are where:
- our retention of your personal data is no longer necessary in relation to the purposes for which it was collected;
- if we are processing your data solely on the basis of your consent and you wish to withdraw that consent
- if we are processing your data in our legitimate interests and we have not demonstrated overriding legitimate grounds to continue to process your data in the event that you have objected to such processing (see below);
- if your personal data has been unlawfully processed;
- if we are required to erase your data in compliance with a legal obligation.
- It is of note that, other than data collected exclusively through our preference centre (where no membership or commercial relationship exists alongside this) we do not process your data with your consent. Requests for erasure based on the withdrawal of consent alone outside these circumstances are unlikely to be complied with. We will delete your data when you opt-out of marketing if the only data we hold is within the preference centre.
- We will not delete your personal data if we still have a valid fraud, anti-money laundering, legal or regulatory obligation to retain it, unless the courts or our regulators require us to do so.
- If you wish to exercise this right, please contact us at DPO@GentingUK.com.
Your right to restrict our processing of your personal data
- You have the right to require that we restrict our processing of your personal data in certain circumstances.
- These circumstances are where:
- you have contested the accuracy of your personal data (restriction for a period to enable us to verify the accuracy of the personal data);
- our processing is unlawful and you oppose the erasure of your personal data;
- we no longer need the personal data but you require it for the establishment, exercise or defence of a claim;
- you have objected to our processing of the data, pending the verification whether our legitimate grounds override yours.
- In instances where we have restricted our processing of your personal data, we will inform you when the restriction of such processing has been lifted.
Your right to data portability
- If we are processing your data with your consent or because our processing is necessary for the performance of a contract to which you are a party and such processing in carried out by automated means, you have the right to receive your personal data from us in a commonly used and machine readable format and to transmit this data to another data controller.
- If you wish to exercise this right, please contact us at DPO@GentingUK.com.
- Please note that the information we will provide in response to a request under this right is limited to:
- Personal contact details held
- Gaming history records held or booking records held
- Payments made or withdrawn.
Your right of objection to certain processing activities
- If we are processing your data in our legitimate business interests you have the right to object to such processing on grounds relevant to your particular situation at any time.
- In instances where you object, we are obliged to cease our processing of your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
- As we explain in the section ‘Our use of your personal data’, the majority of the activities we undertake are central to our business so were you to object it will usually mean that you have to close your account or terminate your membership. Even in these instances we may have to retain certain information for a longer period of time to ensure we comply with our legal and regulatory obligations or for anti-money laundering purposes.
- You can object to our use of your data for direct marketing purposes by accessing our preference centre or by following the ‘unsubscribe’ or opt-out instructions in any marketing communication we send to you. Your personal data will no longer be used for such purposes.
Your right not to be subject to a decision based solely on automated processing
- You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- In our opinion, we do not currently subject you to a decision based on profiling that produces legal effects concerning you or similarly affects you. We outline all automated profiling that we conduct and why in our section entitled How we use your personal data.
We are obliged to comply with, or respond to, any requests you make to exercise your rights free of charge and within 30 days of receipt of the request.
- We will require you to provide us with proof of identity before we comply with your requests and will not consider the request valid until this has been provided.
- If we do not uphold your request we will explain why.
- In certain circumstances we can extend the period within which we are obliged to comply by two further months. We will inform you of any such extension within one month.
- If your request to exercise your rights is manifestly unfounded or excessive, in particular because of its repetitive character, we may either charge a fee taking into account our administrative costs of providing the information or refuse to act on the request.
Your right to complain to the Information Commissioner’s Office (ICO)
You have the right to complain to the UK data privacy regulator (the ICO) if you believe that we have infringed your data privacy rights or disagree with a decision we have made about your personal data. You can contact the ICO at www.ico.org.uk.
Updates to this privacy notice
We may update this privacy notice from time to time as and when we make any material changes to how we process or look after your personal data. You can obtain a copy of the latest version at any time by contacting our Data Protection Officer via DPO@GentingUK.com or by visiting our website.
Last Reviewed: February 2023
Next Review Due: February 2025
Genting Casinos UK Limited