Privacy Notice

Scope

All personal data is collected in line with the requirements of the EU’s General Data Protection Regulations (GDPR).

Your privacy and trust are important to us and this Privacy Notice (“Notice”) provides important information about how Park Lane Club London (“Park Lane Club London,” “Park Lane Club,” “PLC,”  “we,” or “us”) handle personal information. This Notice also applies to the Park Lane Club London website.

Responsibilities

The Data Protection Officer (DPO) is responsible for ensuring that this notice is made available to data subjects prior to PLC collecting and processing their personal data.

Facebook Ireland Limited (“Facebook Ireland”) and PLC are joint controllers for the processing of Insights Data. Facebook Ireland agrees to take primary responsibility under the GDPR for the processing of Insights Data and to comply with all applicable obligations under the GDPR with respect to the processing of Insights Data.

Consent

This notice draws the data subject’s attention to the purposes and nature of the processing of their data. PLC have a duty to comply with legal obligations (see section 13) to process personal data. This Notice, is part of our terms and conditions that you MUST agree to.  If you do not agree to our Privacy Notice (data protection policy) we will not be able to continue the business relationship.

What is Personal Data?

PLC is committed to the responsible handling and protection of personal information. Under the EU’s GDPR personal data is defined as:

Personal information means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Who are we?

Silverbond Enterprises Limited trading as Park Lane Club London. Registration no. 07215674.

Park Lane Club London and its address is 22 Park Lane Park Lane, Mayfair, London, W1K 1BE is regulated and licensed by the UK Gambling Commission and holds an Operating Licence. Park Lane Club London is a Data Controller registered with the Information Commissioner’s Office (ICO), registration no. ZA077716.

Why we collect information

In order for us to provide you with all the amenities offered within the club, and to be a member of the casino, we need to collect personal data for identification and verification purposes as required by our legal obligations. In any event, we are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.

PLC will also process the information you provide in a manner that is compatible with the EU’s GDPR. We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.

For you to be a member of the casino we need to collect and process personal data to:-

  • Assist us in setting up and managing your account and building an accurate customer profile of you;
  • Enable us to comply with legal and regulatory requirements; in particular those relating to the identification and verification of individuals under money laundering legislation;
  • Meet any obligations arising from any contracts entered into between you and PLC including payment processing;

We may also collect and process personal data about you to:-

  • Enable us to identify and intervene when we think you may be at risk of problem gambling
  • Assist us with our commercial operations such as security and safety procedures, and resource allocation
  • Implement your responsible gambling controls
  • To ensure any marketing material communicated to you is relevant to your interests

Sensitive Personal Data such as Health Data, which is explained in section Types of Information, may also be processed when necessary so we can comply with legal and regulatory requirements, which is further explained in section Our legal basis for processing your personal data.

How we collect information

Personal information is initially collected during the registration process, but is also collected and monitored throughout our business relationship and may be collected when there is activity on your account.

Information you provide may be verified with trusted external third party due diligence service providers.

If you visit our social media sites, we will collect aggregated data through Page Insights that can help us understand how people are engaging with our page.

If you use TipAdvisor, we will collect information relating to the reviews you post about our club. Your usage of TripAdvisor is subject to the Terms and Conditions and Privacy Policy you accept on joining their service.

If you use Google, we will collect information regarding your reviews of the club. Your usage of Google is subject to the Terms and Conditions and Privacy Policy you accept on using their service.

Cookies

In relation to your activity on our website, we use Google Analytics to collect anonymous information relating to pages viewed, page response times, download errors, length of time spent on pages, page interaction information such as scrolling, clicks, and wagers, and methods used to browse away from pages.

This is a service provided by Google Analytics.  Full Google Analytics cookie information can be found here. Further information can be found here in Google’s Privacy notice in regards to Analytics.

Preventing Money Laundering and Terrorist Financing

We collect personal information from you to start a business relationship (becoming a member), that being, it starts with customer due diligence.  Customer due diligence means taking steps to identify and verify our customers and checking they are who they say they are.

In situations we must carry out ‘enhanced due diligence’.

In instances where more information is required, we may verify/ask you for verifiable information pertaining to legitimate sources of wealth and funds. This information may be used and verified by PLC and further verified by external enhanced due diligence providers.

Types of Information

You provide us with Personal Data when you complete forms in the club, or by corresponding with us by telephone (we may record such calls), e-mail, website or by other means.  The information you give us may include your name, age, gender, nationality, address, telephone number, e-mail address, occupation(s), financial information and bank details.

Sensitive information: The information we collect and process may be considered sensitive personal information.

Sensitive personal information is a subset of personal information and is generally defined as any information related to racial/ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health (SENSE/voluntary self-exclusion information). Sensitive personal information may also include criminal allegations or convictions, financial and bank account numbers, or unique identifiers such as government-issued social security numbers, driver’s license, and passport numbers.

Personal data processed and not obtained directly from you

During the course of our business relationship, we may process personal information which may not be apparent to you at the time of the processing. Some of this personal data is generated automatically to aid us with our legitimate interests which is primarily to provide you with a smooth service and to assist us with our commercial operations. For example, references that are generated for transactions will helps us identify them within records and electronic databases. These types of information become personal data when they can identify you, whether directly or indirectly using multiple identifiers. The table below contains a list of these types of information. Although some of the data is processed due to our legitimate interests, we also have other lawful basis for the processing which is listed under the section “Our legal basis for processing your personal data”

Data Type Description
Account Bank Account from which a payment is made
Amount The value of a transaction, which also includes currency exchanges
Area of the Club When recording incidents, we may record the area of the club where the incident took place
Buy-in and Wins Your buy-ins and Wins at individual tables, machines or buy-ins at the cash desk will be recorded
Casino Payment Value the casino has paid towards an expense
Casino We record where your membership account is held
Comments Some comments are automatically recorded against transactions and is stored within our casino management system, for example, when a ticket is printed from a machine, the location of which the ticket had been printed would be associated with that transaction. Other comments are those which are manually inputted by staff which assists in identifying the transaction, or provides further details of the transaction, for example, in which form a payment was made. In certain circumstances, comments will be for recording Social Responsibility observations.
Commission Once you have been entered into a comissions program, data regarding the commission earned will be stored against your membership account on our casino management system.
Credit The credit value of a transaction wil be recorded against your membership account on our casino management system
Customer Expense The sum you have paid towards an expense, which could be from your Rewards Account, will be recorded against your membership.  This will be processed on a daily and interval basis.
Dates and Times Dates and Times of occurences such as visits, play, registrations, resignations, suspensions, reinstatements, transactions, incidents and interactions will be processed by the club
Debit The debit value of a transaction wil be recorded against your membership account on the casino management system.
Deposits Information concering your deposit transactions will be recorded against your membership account on the casino management system.
Expenses, Items and Quantity Information concerning your expenses at the club, which includes the details of the items  issued, and their value, will be recorded against your membership account on the casino management system.
Hours of Play The time spent playing at the club will be recorded against individual machines or tables, and they will be recorded as an accumulative figure
Last visited The date you had last visited the club will be recorded on our casino management system.
Machines/Tables Details of the machines and tables that you had played at will be recorded against your membership account on the casino management system.
Membership Number A unique membership number will be generated for you on registering as a member
Player Tiers Player Tiers will be automatically assigned to your membership which is dependant on level of play.
Rating Reference Each session of play at a table or machine will have a reference assigned and stored on our casino management system.
Resignations/Reinstatments Information relating to your resignation or reinstatement will be stored by the club
Suspensions Information relating to your suspensions will be processed by the club on the casino management system
Unique Transaction References Unique references for transactions may be generated and stored against your membership  when activity occurs on your account
Reports Reports may be processed which will detail your activity at the club
Table Average Bets, Theoretical Win and Turnover Gaming information will be processed to generate your table average bets, the clubs theoretical win (which is based on the house edge), and your turnover
Every effort is made to ensure that the data processed is accurate and up to date. However, as a substantial portion of our processing is completed manually, such as recording your gaming activity, buy-ins and cash outs, please appreciate that the element of human error cannot be avoided.

Marketing and Events

PLC will not share your personal data with any third parties for marketing purposes.

We will only use this to communicate upcoming events within the club. During your membership application phase we ask for explicit consent for the purposes of marketing. If you opt in, you can set a preference as to how to receive communications. If you wish to opt out, or vary your consent in relation to marketing communications as much as our legal obligations allows, then you may do so by using the opt out option in our texts and emails, contacting the club directly, speaking to a member of staff, or by providing us reasonable notice in writing by email to events@plclondon.com.

Closed Circuit Television (CCTV)

We are required by legislative and licencing obligations (Premises licencing issued by the City of Westminster) to have CCTV throughout the premises, including all internal and external areas. CCTV collects and processes Personal Information about you that may include visual images and recordings, and audio recordings.

We may store such information and may analyse it in order to investigate any actual or suspected criminal activity.

It may also be used to monitor staff, agencies, contractors and visitors when carrying out work duties.

Our legal basis for processing your personal data

Our legal bases for processing your personal data are one or more of the following:

  • You have provided your consent to the processing of your personal data for one or more specific purposes
  • The processing is necessary to fulfil contractual obligations entered into between you and PLC
  • We have a legal obligation to process Personal Information, this is necessary for us to comply with the law, the following are legislations PLC are obliged to follow;
    • Proceeds of Crime Act (POCA) 2002
    • Terrorism Act 2000
    • The Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017
    • Anti-Terrorism, Crime & Security Act 2001
    • License conditions and codes of practice
  • We have a legal obligation to process Special Categories of Personal Data (Health Data), this may be necessary for us to comply with the law, the following are legislations PLC are obliged to follow;
    • The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013
    • The Social Security (Claims and Payments) Regulations 1979
  • The processing is necessary for the purpose of our legitimate business interests, which include:
    • Processing your personal data to enable us to monitor your gambling activity so that we can ensure you are using our amenities in a socially responsible manner
    • Processing your personal data such as capturing your image, to provide you with an ease of access to our amenities, to assists with the clubs security, and to aid us in complying with current regulations
    • Processing your personal data to enable us to send marketing material to you which are relevant to your interests, and in a timely manner
    • Processing your personal data to monitor the frequency of your wins to aid us in identifying wins which may have been unlawfully gained
    • Recording incidents you may have been involved in so management can review both the employees and members conduct to better the service and products provided , and for the protection of all parties being recorded
    • Recording your signature to maintain a record that you have received funds after completing transactions on the available terminals to allow us to retain proof of purchase.
    • Processing your personal data such as recording which other gambling establishments you are a member of to aid us in our KYC procedures and to enable us to better the services offered
    • Processing your personal data such as recording your purchases and hospitality items (including any complimentary items afforded to you by PLC) you have received to aid us in managing our assets, and social responsibility obligations
    • Processing your personal data such as recording alleged food poisoning incidents with our Health and Safety auditors, Food Alert Ltd, to ensure you are provided with the necessary support in relation to these incidents
    • Processing your personal data and recording your membership under a specific Tier group to enable us to quickly make commercial decisions such as providing complimentary items
    • Processing your personal data on our social media sites, TripAdvisor and Google to enable us to act on reviews, and act on aggregated data which can help us understand how people are engaging with our page to optimise the service

Legitimate Business Interests refers the interests of PLC in conducting and managing our business, to enable us to provide you with the best service and products, and the most secure experience. In these cases, we will always balance our interests with yours, and we will never process your information where our interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.

You are entitled to object to the processing of any personal data relating to your particular situation. However, as explained in section 6. Why we collect information, certain processing is may still be carried out on the grounds of the Legal Basis’ outlined above.

The existence of automated decision making, including profiling

Your personal data may be processed via automated decision making, including profiling, so that we can meet our regulatory obligations. We do not believe that our automatic processing subjects you to a decision which produces legal effects concerning you or similarly significantly affects you. In any case, such processing will be subject to suitable safeguards, as well as having appropriate mathematical or statistical procedures for the profiling. As well as having the right to object to automated decision making, including profiling, you have the right to obtain human intervention, to express your point of view, to obtain an explanation of the decision reached after such assessment and to challenge the decision.

Automated decisions are made by assessing the information you provide on registration along with information collected during the business relationship. The assessment would result in a “Risk” factor which will determine if human intervention is required. The risks determined can be associated to risks to the club, the public, or yourself. Criteria’s used to determine whether an assessment is required will depend on current legislations, or frequency of gaming visits, hours of play, high stake / high tempo play, and level of spend.

Will PLC share my personal data with anyone else?

Your Personal Information may be disclosed or shared with third parties to comply with any legal or regulatory obligations. If we disclose or share your sensitive personal data, we will only do so once we have obtained your consent, unless we are legally required.

Our Legal basis may require us to use, retain and share personal information for the prevention, detection, or investigation of a crime; loss prevention; fraud; illicit, unfair or fraudulent gaming activity, regulatory breaches, or the apprehension of or prosecution of offenders  We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate: (a) under applicable law; (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, (c) to enforce our terms and conditions; and (d) to protect our rights, privacy, safety, or property, or those of other persons, (d) complaints adjudicators/alternative dispute resolution bodies, (e) in the event that PLC sells or buys any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.

Members of the club can opt to use the Cheque Cashing Facility, a service facilitated by our system and service provider Checkprint Limited. Checkprint Limited is a UK registered company (Company number: 03323382, Office Address: Tall Security Print Ltd, Pembroke Court, Manor Park, Runcorn, Cheshire, WA7 1TJ).

As part of the process to enable the Club to provide you with this facility on your account, should you require this, we need to have your account information validated by your account holding bank. Your account details and address will be passed securely to Checkprint Limited and used to validate your account with your bank once you have signed the facility consent form. This will also enable the cheque printing facility at other UK based casinos who subscribe to the Checkprint Limited Casino Account Validation Service. Your Account Details are completely secure and will only be used for validation and enablement of the cheque printing facility. Your details will not be visible to any other casino operator unless you provide that operator with your account details separately and directly.

PLC is also a participant of the National Casino Security Association which is a specialist casino association consisting of a number of land based casino operators (the Participants).

The Participants consider the sharing of Personal Data is necessary to support the agreed purposes of the Participants which is the Processing of Personal Data for the purpose of the legitimate interests pursued by the Participants, namely:

(a) to enable the Participants to comply with the Licensing Objective (1)(a) of the Gambling Act 2005 (“2005 Act”) (being to prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime), and thereby to:

(i) assist the Gambling Commission in respect of its duty, pursuant to section 22 of the 2005 Act, to promote the Licensing Objectives; and

(ii) minimise the risk of suspension or loss of a Participant’s operating license pursuant to sections 118 to 120 of the 2005 Act;

 

(b) to enable the Participants to comply with Licensing Conditions and Codes of Practice (as published by the Gambling Commission from time to time) (“LCCP”), including but limited to:

(i) Condition 10 of Part II (Assessing Local Area Risk); and

(ii) Condition 12 of Part 1 (Anti-money laundering).

 

(c) to enable the Participants to protect themselves and their businesses from fraud and other criminal activity and ensure good corporate governance;

(d) to enable the Participants to maintain a safe place of work and a safe place for its customers by preventing known offenders or people with a history of violence from entering the Participants premises; and

(e) in furtherance and support of the substantial public interest of preventing and detecting unlawful acts (in accordance with the provisions of paragraph 10 of Part 2 of Schedule 1 of the Data Protection Act 2018) (it being noted by the Participants that each must have an appropriate policy document in place).

PLC will share your data with our data processor, Food Alert Ltd, to assist us with the management of food hygiene and Health and Safety compliance. Food Alert Ltd provides for an annual management and investigation of individual alleged food complaints.

How we secure personal information?

PLC takes data security seriously, and we use appropriate technologies and procedures to protect personal information. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.

The data that we collect from you may be transferred to, or stored at, a destination outside the European Economic Area (“EEA”).  It may also be processed by staff operating outside the EEA who work for us.  Such staff may be engaged in, among other things, the provision of any requested services, the processing of your payment details and the provision of support services.  We will take all steps necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.

All information you provide to us is stored on secure servers.  If you use our site to send messages, your transmission will be protected by Secure Socket Layer (SSL), more information can be found here.

Under what circumstances will PLC contact me?

Our aim is not to be intrusive, we will only contact you when necessary and we will always explain why we have done so.

Your right to your personal information

We respect your right to access and control your information, we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information. Under EU GDPR at any point while we are in possession of, or processing your personal data, you, the data subject, have the following rights:

  • Right of access
  • Right to be informed
  • Right of rectification
  • Right to be forgotten
  • Right to restriction of processing
  • Right of portability
  • Right to object
  • Right to object to automated processing, including profiling

Where your personal information is handled by Facebook Ireland Ltd, we will forward all requests to Facebook Ireland Ltd who will take responsibility for exercising your rights.

Access to Personal Information

If you request access to your personal information, we will gladly comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. We may also charge you a fee, for example, if there is repeated or excessive requests.

We will provide the information requested to which you are entitled within one month of the receipt of the request.

The period may be extended by a further two months. This is in cases where the requests are complex or multiple.

With all the rights stated above, all requests are to be forwarded to the Data Protection Officer.

Retention period

In determining data retention periods, PLC takes into consideration legal and contractual obligations, retaining personal information for 5 years after the business relationship has ended, however if there are subsequent requirements by legal authorities, information may be required to be held for up to 10 years. When we no longer need personal information, we securely delete, anonymise or destroy it.

Checkprint Limited, our system and service provider for the Check Cashing Facility, will keep the personal data of members who use the facility for a maximum of 90 days, at which time the personal data will be deleted.

Notification of Change

If we decide to change our privacy notice, we will post material changes on the iPad at our club reception that displays the Privacy Notice, and on our website www.parklaneclublondon.com so that all of our visitors are always aware of what personal data we collect, how we use it, and under what circumstances, if any, we disclose it.

How to contact us

We understand that you may have questions or concerns about this Notice, our privacy practices or you may wish to submit a subject access request or to file a complaint. Please feel free to contact us in one of the following ways.

Our DPO can be contacted directly here:

Data Protection Officer
Contact Name: Attn: Data Protection Officer
Address: Park Lane Club London
22 Park Lane
Mayfair
London
W1K 1BE
Email: DPO@plclondon.com

 

The Supervisory authority contact details are:

Supervisory authority contact details
Contact Name: Information Commissioners Office (ICO)
Phone Number 0303 123 1113
Website: https://ico.org.uk/

Updated 25/09/2019