All personal data is collected in line with the requirements of the EU’s General Data Protection Regulations (GDPR).
Your privacy and trust are important to us and this Privacy Notice (“Notice”) provides important information about how Park Lane Club London (“Park Lane Club London,” “Park Lane Club,” “PLC,” “we,” or “us”) handle personal information. This Notice also applies to the Park Lane Club London website.
The Data Protection Officer (DPO) is responsible for ensuring that this notice is made available to data subjects prior to PLC collecting and processing their personal data.
This notice draws the data subject’s attention to the purposes and nature of the processing of their data. PLC have a duty to comply with legal obligations (see section 13) to process personal data. This Notice, is part of our terms and conditions that you MUST agree to. If you do not agree to our Privacy Notice (data protection policy) we will not be able to continue the business relationship.
What is Personal Data?
PLC is committed to the responsible handling and protection of personal information. Under the EU’s GDPR personal data is defined as:
Who are we?
Silverbond Enterprises Limited trading as Park Lane Club London. Registration no. 07215674.
Park Lane Club London and its address is 22 Park Lane Park Lane, Mayfair, London, W1K 1BE is regulated and licensed by the UK Gambling Commission and holds an Operating Licence. Park Lane Club London is a Data Controller registered with the Information Commissioner’s Office (ICO), registration no. ZA077716.
Why we collect information
In order for us to provide you with all the amenities offered within the club, and to be a member of the casino, we need to collect personal data for identification and verification purposes as required by our legal obligations. In any event, we are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
PLC will also process the information you provide in a manner that is compatible with the EU’s GDPR. We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.
For you to be a member of the casino we need to collect and process personal data to:-
- Assist us in setting up and managing your account and building an accurate customer profile of you;
- Enable us to comply with legal and regulatory requirements; in particular those relating to the identification and verification of individuals under money laundering legislation;
- Meet any obligations arising from any contracts entered into between you and PLC including payment processing;
We may also collect and process personal data about you to:-
- Enable us to identify and intervene when we think you may be at risk of problem gambling
- Assist us with our commercial operations such as security and safety procedures, and resource allocation
- Implement your responsible gambling controls
- To ensure any marketing material communicated to you is relevant to your interests
Sensitive Personal Data such as Health Data, which is explained in section Types of Information, may also be processed when necessary so we can comply with legal and regulatory requirements, which is further explained in section Our legal basis for processing your personal data.
How we collect information
Personal information is initially collected during the registration process, but is also collected and monitored throughout our business relationship and may be collected when there is activity on your account.
Information you provide may be verified with trusted external third party due diligence service providers.
In relation to your activity on our website, we use Google Analytics to collect anonymous information relating to pages viewed, page response times, download errors, length of time spent on pages, page interaction information such as scrolling, clicks, and wagers, and methods used to browse away from pages.
Preventing Money Laundering and Terrorist Financing
We collect personal information from you to start a business relationship (becoming a member), that being, it starts with customer due diligence. Customer due diligence means taking steps to identify and verify our customers and checking they are who they say they are.
In situations we must carry out ‘enhanced due diligence’.
In instances where more information is required, we may verify/ask you for verifiable information pertaining to legitimate sources of wealth and funds. This information may be used and verified by PLC and further verified by external enhanced due diligence providers.
Types of Information
You provide us with Personal Data when you complete forms in the club, or by corresponding with us by telephone (we may record such calls), e-mail, website or by other means. The information you give us may include your name, age, gender, nationality, address, telephone number, e-mail address, occupation(s), financial information and bank details.
Sensitive information: The information we collect and process may be considered sensitive personal information.
Marketing and Events
PLC will not share your personal data with any third parties for marketing purposes.
We will only use this to communicate upcoming events within the club. During your membership application phase we ask for explicit consent for the purposes of marketing. If you opt in, you can set a preference as to how to receive communications. If you wish to opt out, or vary your consent in relation to marketing communications as much as our legal obligations allows, then you may do so by using the opt out option in our texts and emails, contacting the club directly, speaking to a member of staff, or by providing us reasonable notice in writing by email to email@example.com.
Closed Circuit Television (CCTV)
We are required by legislative and licencing obligations (Premises licencing issued by the City of Westminster) to have CCTV throughout the premises, including all internal and external areas. CCTV collects and processes Personal Information about you that may include visual images and recordings, and audio recordings.
We may store such information and may analyse it in order to investigate any actual or suspected criminal activity.
It may also be used to monitor staff, agencies, contractors and visitors when carrying out work duties.
Our legal basis for processing your personal data
Our legal bases for processing your personal data are one or more of the following:
- We have a legal obligation to process Personal Information, this is necessary for us to comply with the law, the following are legislations PLC are obliged to follow;
- Proceeds of Crime Act (POCA) 2002
- Terrorism Act 2000
- The Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017
- Anti-Terrorism, Crime & Security Act 2001
- License conditions and codes of practice
- We have a legal obligation to process Special Categories of Personal Data (Health Data), this may be necessary for us to comply with the law, the following are legislations PLC are obliged to follow;
- The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013
- The Social Security (Claims and Payments) Regulations 1979
- The processing is necessary for the purpose of our legitimate business interests, which include:
- Processing your personal data to enable us to monitor your gambling activity so that we can ensure you are using our amenities in a socially responsible manner
- Processing your personal data such as capturing your image, to provide you with an ease of access to our amenities, to assists with the clubs security, and to aid us in complying with current regulations
- Processing your personal data to enable us to send marketing material to you which are relevant to your interests
Legitimate Business Interests refers the interests of PLC in conducting and managing our business, to enable us to provide you with the best service and products, and the most secure experience. In these cases, we will always balance our interests with yours, and we will never process your information where our interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
You are entitled to object to the processing of any personal data relating to your particular situation. However, as explained in section 6. Why we collect information, certain processing is may still be carried out on the grounds of the Legal Basis’ outlined above.
The existence of automated decision making, including profiling
Your personal data may be processed via automated decision making, including profiling, so that we can meet our regulatory obligations. We do not believe that our automatic processing subjects you to a decision which produces legal effects concerning you or similarly significantly affects you. In any case, such processing will be subject to suitable safeguards, as well as having appropriate mathematical or statistical procedures for the profiling. As well as having the right to object to automated decision making, including profiling, you have the right to obtain human intervention, to express your point of view, to obtain an explanation of the decision reached after such assessment and to challenge the decision.
Automated decisions are made by assessing the information you provide on registration along with information collected during the business relationship. The assessment would result in a “Risk” factor which will determine if human intervention is required. The risks determined can be associated to risks to the club, the public, or yourself. Criteria’s used to determine whether an assessment is required will depend on current legislations, or frequency of gaming visits, hours of play, high stake / high tempo play, and level of spend.
Will PLC share my personal data with anyone else?
Your Personal Information may be disclosed or shared with third parties to comply with any legal or regulatory obligations. If we disclose or share your sensitive personal data, we will only do so once we have obtained your consent, unless we are legally required.
Our Legal basis may require us to use, retain and share personal information for the prevention, detection, or investigation of a crime; loss prevention; fraud; illicit, unfair or fraudulent gaming activity, regulatory breaches, or the apprehension of or prosecution of offenders We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate: (a) under applicable law; (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, (c) to enforce our terms and conditions; and (d) to protect our rights, privacy, safety, or property, or those of other persons, (d) complaints adjudicators/alternative dispute resolution bodies, (e) in the event that PLC sells or buys any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
PLC is also a participant of the National Casino Security Association which is a specialist casino association consisting of a number of land based casino operators (the Participants).
The Participants consider the sharing of Personal Data is necessary to support the agreed purposes of the Participants which is the Processing of Personal Data for the purpose of the legitimate interests pursued by the Participants, namely:
(a) to enable the Participants to comply with the Licensing Objective (1)(a) of the Gambling Act 2005 (“2005 Act”) (being to prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime), and thereby to:
(i) assist the Gambling Commission in respect of its duty, pursuant to section 22 of the 2005 Act, to promote the Licensing Objectives; and
(ii) minimise the risk of suspension or loss of a Participant’s operating license pursuant to sections 118 to 120 of the 2005 Act;
(b) to enable the Participants to comply with Licensing Conditions and Codes of Practice (as published by the Gambling Commission from time to time) (“LCCP”), including but limited to:
(i) Condition 10 of Part II (Assessing Local Area Risk); and
(ii) Condition 12 of Part 1 (Anti-money laundering).
(c) to enable the Participants to protect themselves and their businesses from fraud and other criminal activity and ensure good corporate governance;
(d) to enable the Participants to maintain a safe place of work and a safe place for its customers by preventing known offenders or people with a history of violence from entering the Participants premises; and
(e) in furtherance and support of the substantial public interest of preventing and detecting unlawful acts (in accordance with the provisions of paragraph 10 of Part 2 of Schedule 1 of the Data Protection Act 2018) (it being noted by the Participants that each must have an appropriate policy document in place).
How we secure personal information?
PLC takes data security seriously, and we use appropriate technologies and procedures to protect personal information. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.
The data that we collect from you may be transferred to, or stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us. Such staff may be engaged in, among other things, the provision of any requested services, the processing of your payment details and the provision of support services. We will take all steps necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.
All information you provide to us is stored on secure servers. If you use our site to send messages, your transmission will be protected by Secure Socket Layer (SSL), more information can be found here.
Under what circumstances will PLC contact me?
Our aim is not to be intrusive, we will only contact you when necessary and we will always explain why we have done so.
Your right to your personal information
We respect your right to access and control your information, we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information. Under EU GDPR at any point while we are in possession of, or processing your personal data, you, the data subject, have the following rights:
- Right of access
- Right to be informed
- Right of rectification
- Right to be forgotten
- Right to restriction of processing
- Right of portability
- Right to object
- Right to object to automated processing, including profiling
Access to Personal Information
If you request access to your personal information, we will gladly comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. We may also charge you a fee, for example, if there is repeated or excessive requests.
We will provide the information requested to which you are entitled within one month of the receipt of the request.
The period may be extended by a further two months. This is in cases where the requests are complex or multiple.
With all the rights stated above, all requests are to be forwarded to the Data Protection Officer.
In determining data retention periods, PLC takes into consideration legal and contractual obligations, retaining personal information for 5 years after the business relationship has ended, however if there are subsequent requirements by legal authorities, information may be required to be held for up to 10 years. When we no longer need personal information, we securely delete, anonymise or destroy it.
Notification of Change
If we decide to change our privacy notice, we will post material changes on the iPad at our club reception that displays the Privacy Notice, and on our website www.parklaneclublondon.com so that all of our visitors are always aware of what personal data we collect, how we use it, and under what circumstances, if any, we disclose it.
How to contact us
We understand that you may have questions or concerns about this Notice, our privacy practices or you may wish to submit a subject access request or to file a complaint. Please feel free to contact us in one of the following ways.
Our DPO can be contacted directly here:
|Data Protection Officer|
|Contact Name:||Attn: Data Protection Officer|
|Address:||Park Lane Club London|
|22 Park Lane|
The Supervisory authority contact details are:
|Supervisory authority contact details|
|Contact Name:||Information Commissioners Office (ICO)|
|Phone Number||0303 123 1113|