Last updated: September 2019

Our customers’ privacy is important to us and we want to be clear and open about what we use your personal information for. This privacy notice explains what personal data we collect from you through our interactions with you and your use of our products and services, and also how and why we use that data.

We offer a variety of different services to our customers and this policy covers our interactions with you in relation to all of these services.

There is a significant amount of information in this privacy notice and we recognise that you may not wish to review all of it at any one time. We have therefore highlighted specific sections which we believe that it is most important you are made aware of, including information about your rights, when and how we may share your personal data and how you can control what marketing you receive.

Who is responsible for the collection of your data


Any references in this notice to “Genting”, “we”, “us” or “our” in this privacy notice are references to all of our brands which include “GentingCasino.com”, “GentingBet,com”, “Genting Casinos”, “Crockfords”, “Crockfords Cairo”, “Resorts World Birmingham”, “Genting Hotel”, “Santai Spa”, “Vortex”, “Pixel by Vortex” and “Park Lane Mews Hotel”.

The above brands are all trading names of our operating companies, and if you interact with any of the below entities, this privacy notice applies:

  • Genting UK Plc, incorporated and registered in England and Wales under company number 01519749 with the registered office of Genting Club Star City, Watson Road, Birmingham, England, B7 5SA;
  • Genting Casinos UK Limited, incorporated and registered in England and Wales under company number 01519689 with the registered office of Genting Club Star City, Watson Road, Birmingham, England, B7 5SA. Genting Casinos UK Limited acts as the principal data controller in respect of our land-based casinos in the United Kingdom.
  • Genting Solihull Limited (t/a “Resorts World Birmingham”) incorporated and registered in England and Wales under company number 06601106 and with the registered office of Genting Club Star City, Watson Road, Birmingham, England, B7 5SA. Genting Solihull Limited acts as the principal data controller in respect of any personal data processed in connection with Genting specific operations and services at our shopping, entertainment and leisure complex known as Resorts World Birmingham.
  • Genting Malta Limited (t/a “GentingBet”), incorporated and registered in Malta under company number C88828 with the registered office of Level G (Office 1/1120), Quantum House 75, Abate Rigord Street, TA' XBIEX XBX 1120, Malta. Genting Malta Limited acts as the principal data controller in respect of our online gambling services.
  • Park Lane Mews Hotel London Limited incorporated and registered in England and Wales under company number 07672723 with the registered office of 2 Stanhope Row, Mayfair, London, England, W1J 7BS.
  • Genting Alderney Limited, incorporated and registered in Alderney under company number 1664 with the registered office of Century House, 12 Victoria Street, Alderney, GY9 3UF.
  • Genting Casinos Egypt Limited, incorporated and registered in England and Wales under company number 02885976 with the registered office of Genting Club Star City, Watson Road, Birmingham, England, B7 5SA.

In certain situations, in addition to the principal data controllers mentioned above, other Genting group companies (including those listed above) may act as data controllers in respect of certain data processing activities, either independently or jointly alongside the principal data controllers listed above, or as data processors on their behalf. Such processing takes place pursuant to intra-group arrangements and is consistent with the nature and purposes of the data processing activities outlined in this group privacy notice.

The above companies are also registered with the UK Information Commissioners Office (“ICO”) with the exception of Genting Malta Limited, which is registered with the Malta Office of the Information and Data Protection Commissioner (“IDPC”).

We are committed to protecting your personal data and processing it in compliance with all applicable Data Protection Laws including the General Data Protection Regulation (“GDPR”), the UK Data Protection Act 2018 and, in respect of the processing of personal data by Genting Malta Limited, the Maltese Data Protection Act 2018 (Chapter 586 of the Laws of Malta) as well as all applicable subsidiary laws and regulations issued under the same from time to time in the UK and Malta including those relating to e-privacy and direct marketing communications.

We review this privacy notice regularly. All amendments and the date of these amendments are outlined under the ‘Last Updated’ section at the top of this page.

Top of page

Our Data Protection Officer


We have appointed a Data Protection Officer. If you have any questions about this privacy notice, wish to make a complaint about our use of your data, or if you would like to invoke any of your rights as a data subject, please direct them to:

The Data Protection Officer, Genting Club Star City, Watson Road, Birmingham, England, B7 5SA or by email to DPO@GentingUK.com.

You may contact our Data Protection Officer on the details above for data protection matters relating to any of the Genting companies to which this Privacy Notice applies. We may require some information from you should you choose to invoke any of your data subject rights. The information required is outlined below in the section entitled Your Rights.

Top of page

When we collect personal data


We collect your personal data to enable us to provide you with our services and to give you information about products and services that might be of interest to you.

The majority of the personal data that we collect is provided by you directly when you register to use our services, both online or in our premises, when you visit our premises, and when you interact with us by other means. We will also collect other data by recording it at the time that you use our services. We outline what this data is and why we collect it later on in this notice.

Examples:

We will collect your personal data when you interact with us, which includes when:

  • you visit one of our casinos;
  • you visit any of our websites;
  • you register for membership at our casinos or online;
  • you are registered for our loyalty schemes (at one of our casinos or online – for example ‘My Genting’ and ‘Genting Black’);
  • you download any of our Apps;
  • you register for WIFI in our premises;
  • you book a hotel room or stay at Genting Hotel or Park Lane Mews Hotel;
  • you book a spa appointment or visit Santai Spa;
  • you register a Vortex Gaming card;
    • we collect data from customers aged 13 and over from this source. This data is segregated and is not held in the same place as the personal data of our other customers.
  • you sign up to receive marketing about any of our Casino products or services;
    • we have created a preference centre to enable you to control how and why we contact you.
  • you sign up to receive marketing from Vortex Gaming or Pixel by Vortex;
    • we have created a preference centre to enable you to control how and why we contact you.
  • you sign up to receive marketing from Resorts World Birmingham;
    • we have created a preference centre to enable you to control how and why we contact you.
  • you sign up to receive marketing from Santai Spa;
    • we have created a preference centre to enable you to control how and why we contact you.
  • you sign up to receive marketing from Genting Hotel;
    • we have created a preference centre to enable you to control how and why we contact you.
  • you sign up to receive marketing from Park Lane Mews Hotel;
    • we have created a preference centre to enable you to control how and why we contact you.
  • when you interact with us (e.g. queries, complaints, correspondence);
  • when you participate in social media connected to us;
  • when you participate in promotions, competitions or surveys we conduct.

You have a choice as to whether you share your personal data with us - when you are asked to provide personal data you may decline. However, if you refuse to provide the data that we require, we may not be able to provide you with all of our services.

Obtaining data from third parties

To ensure that we comply with our legal and regulatory obligations and enable us to provide you with our services, we may obtain data from third parties. We will protect this data in the same way that we protect the data that you provide to us directly and in line with any other requirements we are placed under either by the source of the data (where there is a contractual obligation to do so) or if we are required to by law.

Examples:

Third parties from whom we may obtain your personal data include:

  • Genting Group Companies(in this context we mean Genting Berhad and Genting Hong Kong Limited, their subsidiary companies, jointly controlled entities and associated companies). This includes, for example, the sharing of personal data between our land-based and online gambling businesses and the Genting group entities that operate them.
  • Other casino operators
  • In some instances we may need to obtain information from other casino operators to undertake further due diligence checks to comply with our legal and regulatory obligations (which includes for fraud prevention and anti-money laundering purposes) so that we are able to verify your information or investigate suspicious activity both in relation to you or any third party.
  • Credit reference agencies
    • To ensure that we comply with our legal and regulatory obligations (which includes for fraud prevention and anti-money laundering purposes) we may obtain information from credit reference agencies. The information we obtain does not include information about your credit standing or score
  • Commercially available databases and publicly available sources
    • In some instances we may need to undertake further due diligence checks to comply with our legal and regulatory obligations (which includes fraud prevention and anti-money laundering purposes) so that we are able to verify your information or investigate suspicious activity both in relation to you or any third party. We use databases that collate and make certain information commercially available for these purposes. We may also look at publicly available sources such as social media or property ownership records.
    • We may also purchase similar services that are offered by other third party data sources that are available commercially.
  • Gamstop and SENSE
    • If you are a UK customer and you have, or decide to, self-exclude from gambling using the Gamstop national self-exclusion database or the Sense national self-exclusion scheme, we will be notified and we will use this information about you to prevent you from accessing our services. We may in the future subscribe to similar national self-exclusion schemes in any of the countries in which we operate and whether in respect of land-based or online gambling activities. This privacy notice will be updated following any such new subscriptions.
  • Regulatory and law enforcement agencies

We will only ever obtain our information from sources that are reputable and we will ensure that the data we are being provided with has been obtained lawfully, for example by the third party having secured your consent to share this data with us if such consent is required.

Top of page

Our use of your personal data


We use your personal data for a number of different reasons, some of which may not be immediately apparent to you, therefore we have explained in detail how we use your personal data in the below table.

We outline our specific legal basis for processing the personal data we collect from you against our categorised use of such data a separate table in the section entitled The personal data we collect.

Fraud prevention / Anti-money laundering

When you use our services we may need to process and verify your personal data to comply with fraud prevention and anti-money laundering requirements, regulators’ requirements (including the UK Gambling Commission and / or the Malta Gaming Authority) and other industry standards. In some instances we may share your personal information with third parties to conduct identification or verification checks and/or to enable financial transactions to be processed.

Specific examples are:

  • Sharing and validating your data with credit reference agencies, fraud prevention agencies or for age verification purposes.
  • Sharing and validating your data against databases or with commercial organisations which identify potential illegal activity or related indicators of the same.
  • Sharing your data with law enforcement agencies.
  • In order to ensure that illegal activity, including fraud and anti-money laundering, is prevented and detected, we may have cause to work with and share your data with other gambling operators. We will ensure that any data we share or receive for this purpose is shared or received lawfully and in line with industry guidelines.
  • Monitoring your interactions with us for crime prevention purposes, for example cheating at gambling.

Sharing and validating your data (to the minimum extent necessary) with other gambling operators, service providers, banks, financial institutions and payment service providers / gateways, ‘Acquiring Bank’, Alternative Payment Method Providers, the National Casino Forum, the International Association for Casino Surveillance and similar bodies or associations in the interests of security, good practice or safety, for the purposes of the prevention and detection of crime, cheating, counter-fraud measures and investigations (including the verification and investigation of “chargeback” claims relating to your transactions with Genting), money laundering, other impropriety, and in order to uphold gaming integrity.

If you would like to know more about gambling regulation and the obligations we are placed under as a licensed gambling operator, please visit the UK Gambling Commission’s website ( www.GamblingCommission.gov.uk and / or the Malta Gaming Authority website at www.mga.org.mt).

In our view, our processing of your personal data under this category is essential to our ability to comply with legal and regulatory requirements, and to protect our business and customers. Should you object to our use of your data for these purposes your only option may be to close your account and/or not use our services. Even if you do so we may retain some data for a period of time due to legal and/or regulatory obligations.

Compliance with legal and regulatory obligations

  • We are subject to a number of laws and regulations and we are required to process and provide personal data requested by regulatory bodies, law enforcement agencies and the courts.
  • Some of the legal and regulatory obligations we are placed under require us to use personal data collected for certain purposes and/or to retain it for a specified time period.
  • We may also be required to share information with industry bodies.
  • We have in place a number of safeguards and mitigations to ensure that your personal data is processed proportionately and safely when processed for these purposes.

Specific examples are:

  • Carrying out checks during the course of your relationship with us to ensure that you are gambling legally. These checks may include the securing of a copy of identification, for example a copy of your passport or asking you to evidence the source of your funds.
  • Carrying out checks, monitoring your play, and segmenting or profiling the data we hold about you and your gambling with us to ensure that you are gambling responsibly and to enable us to identify and intervene when we think you may be at risk of problem gambling;
  • In some instances we may ask third parties to assist us with this segmentation or profiling. Such parties may also include other companies within the wider Genting group of companies.
  • Conducting checks against the Gamstop national self-exclusion database / the Sense national self-exclusion scheme or any other national self-exclusions schemes in any country to which we might subscribe from time to time so that we can apply your chosen restrictions to services we provide to you.
  • Compliance with requests for disclosures by law enforcement agencies, regulatory bodies (such as the UK Gambling Commission and / or the Malta Gaming Authority)or the courts.
  • Using records held for other audit, insurance, legal and regulatory compliance purposes.

If you would like to know more about gambling regulation and the obligations it places Genting under, please visit the Gambling Commission’s website ( www.GamblingCommission.gov.uk)or in the case of Genting Malta Limited, the Malta Gaming Authority website (www.mga.org.mt).

  • On occasion you may indirectly provide us with sensitive information, such as your ethnicity (for example if you provide us with identification documentation). We will only use this information for the specific purpose for which it is provided.
  • You may also provide us with sensitive information about your psychological or physical health, in particular if you were to talk to us about problems with gambling. We understand the sensitivities surrounding such disclosures and will only ever use this information to provide you with support or to ensure we comply with legal or regulatory obligations.

In our view, our processing of your personal data under this category is essential to our ability to comply with legal and regulatory requirements, and to protect our business and customers. Should you object to our use of your data for these purposes your only option may be to close your account and/or not use our services. Even if you do so we may retain some data for a period of time due to legal and/or regulatory obligations.

General commercial operations

  • We use personal data to manage the day-to-day operation of our business and to enable us to provide you with our products and services. This includes management of customer preferences, suppliers, and other relationships, sharing information within the Genting group, implementing safety procedures and allocating resources.

Specific examples are:

  • Facilitating the creation of your membership or account, or our provision of services to you.
  • Responding to queries we receive from you (for example by email, text, social media etc) and providing customer support services via our support channels – e.g. interacting with you via our ‘Live Chat’ service.
  • Administering your participation in our rewards / loyalty schemes including our ‘My Genting’ land-based and ‘Genting Black’ online schemes.
  • Using technical information about your device, such as browser version, operating system, and location to ensure our websites or Apps are functioning correctly and that you are presented with the correct version.
  • Contacting you about important service matters (non-marketing).
  • To maintain our records, including transactional, financial and player records.
  • Storing (with your prior agreement) your Card Credentials in relation to payments made via your GentingBet account ensuring that you do not need to re-enter your preferred payment card details for every transaction you complete with us.
  • To monitor and analyse activity in our casinos and online at GentingBet to enable us to personalise your experiences with us. For example by personalising the layout and content of our websites to according to your preferences so that your preferred games are easily visible.
  • To conduct internal analysis of our customers to enable us to understand why and how you use our services and what we can do to improve them. For example, for our land-based services we may monitor the busiest times in our premises so that we can ensure we have the requisite number of staff available or we may consider the broad demographic groups who use our services at different times and in different locations so that we can offer appropriate facilities and services to those sites.
  • To share information with other companies within the wider Genting group of companies.
  • Administering your responsible gambling controls.
  • Reporting management information.
  • Monitoring physical access to offices, visitors, conducting CCTV operations and audio recordings.
  • To monitor your use of our products and services for business intelligence purposes (for example to enable us to monitor the performance of our products or services and in order to protect our interests). For example we may monitor your use of our services to ensure that you act in line with our terms and conditions so that we can identify activity that may be prejudicial to our commercial interests (for example fraudulent activity) and take requisite action such as by restricting the services we provide to you.
  • For GentingBet, we may analyse your online activity to improve the user experience of our online gaming services / game selections / website and account platform presentation, layout or functionality.
  • Managing third party relationships.
  • Conducting market research.

Processing identifiable personal data by anonymising/de-identifying/re-identifying/pseudonymising.

  • To enable you to participate in interactive features of our services when you choose to do so, including administering your voluntary participation in any promotional events, engagement surveys , market research activities, competitions or prize draws from time to time
  • To keep our services, websites and Apps safe and secure.
  • To improve our products and services through troubleshooting, testing, analysis, and research activities.
  • Conducting research in connection with our obligations as a socially responsible gambling operator – for example, making samples of anonymised or pseudonymised player data available to our third party research partners for the purpose of developing our responsible gambling safeguarding / problem gambling detection measures.
  • For information, system, cyber and network security. For example we will use personal data you provide to us to monitor, detect and protect our business, its infrastructure, networks, computer systems, information, intellectual property and other rights from unwanted security intrusion, access, disclosure of and acquisition of information, data and software breaches, hacking, industrial espionage and cyberattacks.
  • We may use cookies to facilitate our ability to personalise some of the services we refer to in this section. You can control this through your browser settings. Please see the Cookies Policy for more information on our use of Cookies and how to manage their settings.

In our view, our processing of your personal data under this category is essential to our ability to ensure that we protect our commercial interests. Should you object to our use of your data for these purposes you have the option to close your account and/or not use our services. Even in these instances we may retain some data for a period of time due to legal and/or regulatory obligations.

Marketing

  • We will process certain personal data to gather market intelligence, promote products and services, communicate offers to individual customers and monitor the use and take up of our loyalty and reward cards and points and promotions (for example, so that we will have an understanding of your interests so that we can send you offers more relevant to you).
  • We may also provide aggregated and pseudonymised or anonymised data to third parties – where we do this we will ensure that these third parties take appropriate measures to secure any personal data that is provided, however we would look to anonymise / pseudonymise where possible.We will never pass your contact information to third parties for them to use for their own marketing purposes unless we have your consent. Where you have opted-in to receive direct marketing communications from us (or have not chosen to opt-out as the case may be) we may from time to time engage third party service providers to carry out direct marketing activities on our behalf. In such cases, our third party service providers are not permitted to use your details for their own direct marketing activities or to pass your data on to any other third parties for these purposes. Such arrangements are subject to contractual protections to ensure the safeguarding and integrity of your data in accordance with the relevant data protection laws.

Specific examples of the marketing we will undertake are:

  • Direct marketing by email, SMS, telephone, push notification, Whatsapp.
  • Targeted advertising on social media.
  • Marketing by post.
  • When you purchase a product or service from us (for example from Genting Hotel, Park Lane Mews Hotel or Santai Spa), become a registered member of our online or land based Casinos, or register a Vortex Gaming card, we will contact you by email and/or SMS for the purposes of direct marketing about similar products and services automatically. This is known as the “soft opt-in” rule under current e-privacy regulations. In these circumstances we will provide you with a simple means of refusing our use of your personal data for these purposes both at the time we collect your details and in each subsequent communication we send to you.
  • In addition, you can opt-out of marketing at the time that you open an account (including via GentingBet), become a member or initially transact with us, at any point by accessing our Preference Centre, by clicking on the link included in our marketing communications, by contacting our customer support services, or by asking at any of our reception desks.

Preference Centre

  • We have created a preference centre within which you will be able to control how and why we contact you for the purposes of direct marketing. We will include a link to our preference centre in all of the communications that we send to you.
  • We will only ever contact you in accordance with your contact preferences.
  • Our main means of contact will be by post, email, SMS, telephone, Whatsapp and push notification. From time to time we may contact you by other means (for example via social media).
  • Matters we may contact you about include existing or future services, products, promotional offers, loyalty and rewards incentives, service changes and other of our activities and those of our group companies which we think may be of interest to you.

You can update your contact preferences or opt-out from the receipt of direct marketing in our preference centre, at reception, or by following the instructions in any marketing communications we send you.

In App and Website Marketing

  • If you are a user of any of our Apps or our Website, we may send you push notifications. You can disable these notifications independently through your devices settings. If you have opted-out to the receipt of all direct marketing we will not send you push notifications.

Profiling or segmentation

Marketing

  • We would like to be able to contact you about specific offers and promotions that we believe will appeal to you.
  • In order for us to be able to approach our marketing in a socially responsible and non-invasive manner we need to fully understand your use of our services by carefully analysing your preferred products and average spend alongside the records that we hold about our other customers.
  • We analyse your data by placing it into pre-determined segments based on the specific offer or promotion we are operating.
  • Our segments are identified using information such as:
  • Product (to ensure that we only contact you about your preferred products);
  • Spend (to ensure that we only bring offers to your attention that correlate with your preferred spend and that we act in a socially responsible manner);
  • Location (to ensure that we only contact you about offers that are realistically accessible by you from a geographical perspective)
  • We will never use any special category personal data that we hold about you for marketing profiling purposes unless we have your explicit consent to do so.

Social Responsibility / Anti-money laundering / Business records

  • We may also profile or segment your personal data to ensure that we act in socially responsible and lawful manner, and to enable us to produce anonymised transactional business reports.
  • We will only share the results of this information externally if we are required to do so by law.

Important Information

  • We will only profile or segment your personal data if you have told us you are aged over 18. The data we collect when Vortex Gaming Cards are registered is segregated and this data is not profiled.
  • We strongly believe that our customers would rather receive marketing information that is relevant to their preferences. Our ability to segment or profile the information that we hold is essential if we wish to ensure this occurs. All of our marketing is tailored in this way.

IF YOU DO NOT WANT US TO SEGMENT OR PROFILE YOUR INFORMATION FOR MARKETING PURPOSES, YOU WILL NEED TO OPT-OUT OF THE RECEIPT OF ALL MARKETING FROM US.

  • You can opt-out of marketing at the time that you open a GentingBet account, become a member of our land-based casinos or initially transact with us, at any point by accessing our preference centre, by clicking on the link included in our marketing communications, by contacting our customer support services, or by asking at any of our reception desks.
  • If you have opted-out of the receipt of marketing we may still segment your data for the sole purpose of ensuring you do not receive marketing information from us. We will continue to personalise our online services. Please see our Cookies Policy for more information about this and how to control our use of cookies.

Sharing with, or processing by, third parties

  • We may need to provide your personal data to third parties in order to deliver certain aspects of our services to you and to generally run our day to day business operations. The majority of these third parties are our service providers or other companies within the wider Genting group of companies. Where we do this we will ensure that these third parties take appropriate measures to secure your data.

Specific examples are:

  • Providing your data to other gambling operators, service providers, banks, financial institutions, the National Casino Forum, the International Association for Casino Surveillance and similar bodies or associations in the interests of security, good practice or safety (for example, our participation in the Casino Operators Information Network “COIN”, for the purposes of the prevention and detection of crime), cheating, bonus abuse and other service mis-use, counter-fraud measures and investigations (including the verification and investigation of “chargeback” claims relating to your transactions with Genting), money laundering, other impropriety, and in order to uphold gaming integrity.
  • Processing your payment transaction data in conjunction with our third party payment service providers and payment gateways, banks or financial institutions acting as ‘Acquiring Banks’ and Alternative Payment Method Providers (APMPs) in each case to enable us to receive payments from you and to credit payments to you (e.g. the payment of gaming winnings or the withdrawal of funds back to your card). In such circumstances, third party payment service providers and gateways, Acquiring Banks and APMPs may act as Data Controllers in their own right in respect of certain processing activities associated with receiving and making payments online.
  • Providing your personal information to our service providers, software suppliers and game suppliers who help us to provide you with services (for example, a software service used to supply gaming services to you, a cloud services provided for data storage / hosting or services used to process bookings or payments or to provide customer service support – e.g. via our ‘Live Chat’ service).
  • Providing your personal data to other Genting Group Companies (for example Genting Malaysia Berhad and the group of Genting companies identified at the beginning of this Privacy Notice) (acting as controller or processor) in relation to services they provide, offer, or consider providing to you and for any other purpose which would be permitted under this policy if we undertook the same processing of your data. Such processing is also necessary for us to carry out our day to day business operations in the context of a multi-brand group of companies.
  • Providing your personal data (typically basic information such as your name and contact information) to social media operators including (but not limited to) Facebook and Twitter to facilitate our marketing to you via the social media channels that you participate in. Use by those social media operators for that purpose will also be subject to the privacy policies that such operators provide to you, and where applicable, to the contact preferences, consent and privacy settings that you have given those operators in relation to their use of your personal data. Please note that your preference centre settings will not be reflected in our marketing via these third parties; they only apply to marketing sent directly by us.
  • Sharing your device, content and log Information with our service and analytics providers in order to enable them to analyse website and App performance, improve our services, or tailor web and landing pages to any identified preferences – please also see the Genting Cookies Policy for further information.
  • Sharing your data with market research agencies for research and analysis purposes.
  • Sharing your data with credit reference agencies.
  • Sharing your data with prospective and actual buyers (and our professional advisors) in the event of the proposed sale or restructuring of any part of our business. Such disclosures shall be subject to adequate contractual obligations of confidentiality to ensure the safeguarding of your personal data.
  • Sharing your data (to the minimum extent necessary) with our third party professional advisers for the purposes of obtaining legal, regulatory, accounting, tax, insurance or other professional advice where required.
  • Sharing your data (to the minimum extent necessary) with our third party insurers for the purposes of administering insurance related claims and commencing / defending legal claims.
  • Sharing your data (to the minimum extent necessary) with our third party service providers in order to administer and give effect to Data Subject Rights – e.g. sharing CCTV images with our third party visual / audio redaction specialists in order to redact third party personal data / images in connection with a Data Subject Access Request.
  • We may in some instances have to share your data with third parties who provide services to us that are based in countries that are outside of the European Economic Area (this being the European Union and Iceland, Liechtenstein and Norway (“the EEA”)) or permit these third parties to access our systems. Whenever we disclose your personal data to third parties we will require that third party to have technical and organisational measures that reflect those within the EEA are in place.
Top of page

The personal data that we collect


The data that we collect from you will vary depending upon the services that we provide you with and your choices (including your privacy settings). We outline the data that we may collect, our use of that data and our legal basis for processing that data in the table below.

Personal Data Collected: Name and other contact information(including title, date of birth, gender, nationality, address, telephone numbers, email address, customer/user ID and proof of identity information.

  • Use of Personal Data:
    • Fraud prevention and anti-money laundering.
    • Compliance with legal and regulatory obligations.
    • General commercial operations.
    • For product/service development and enhancement.
    • Marketing.
    • Profiling or segmentation.
    • Sharing with, or processing by, third parties.
  • Processing Condition::
    • Performance of a contract.
    • Compliance with a legal obligation.
    • Necessary for the purposes of our legitimate business interests.

Personal Data Collected: Payment card or bank account information

  • Use of Personal Data:
    • Fraud prevention and anti-money laundering.
    • Compliance with legal and regulatory obligations.
    • General commercial operations.
    • Sharing with, or processing by, third parties.
  • Processing Condition:
    • Performance of a contract.
    • Compliance with a legal obligation.
    • Necessary for the purposes of our legitimate business interests.

Personal Data Collected: Closed circuit television (CCTV), photographs, or audio recordings of you

This information will only be collected when you visit our land based premises.

  • Use of Personal Data:
    • Fraud prevention and anti-money laundering.
    • Compliance with legal and regulatory obligations.
    • General commercial operations.
    • Sharing with, or processing by, third parties.
  • Processing Condition:
    • Compliance with a legal obligation.
    • Necessary for the purposes of our legitimate business interests.

Personal Data Collected: Offences

  • Use of Personal Data:
    • Fraud prevention and anti-money laundering.
    • Compliance with legal and regulatory obligations.
    • Sharing with, or processing by, third parties.
  • Processing Condition:
    • Compliance with a legal obligation.
    • Necessary for the purposes of our legitimate business interests.

Personal Data Collected: Technical / device information (including IP address, cookies, geo-location, browser information and operating system information)

  • Use of Personal Data:
    • Fraud prevention and anti-money laundering.
    • Compliance with legal and regulatory obligations.
    • General commercial operations.
    • For product/service development and enhancement.
    • Marketing.
    • Profiling or segmentation.
    • Sharing with, or processing by, third parties.

In the majority of cases we are not able to personally identify you from Cookies. See our Cookies Policy for more information.

  • Use of Personal Data:
    • Compliance with a legal obligation.
    • Necessary for the purposes of our legitimate business interests.

Personal Data Collected: Customer records relating to due diligence, gaming and responsible gaming (including occupation, passport and driving licence copies and proof of signature)

  • Use of Personal Data:
    • Fraud prevention and anti-money laundering.
    • Compliance with legal and regulatory obligations.
    • General commercial operations.
    • For product/service development and enhancement.
    • Marketing.
    • Profiling or segmentation.
    • Sharing with, or processing by, third parties.
  • Processing Condition:
    • Compliance with a legal obligation.
    • Necessary for the purposes of our legitimate business interests.

Personal Data Collected: General correspondence

  • Use of Personal Data:
    • Fraud prevention and anti-money laundering.
    • Compliance with legal and regulatory obligations.
    • General commercial operations.
    • For product/service development and enhancement.
    • Marketing.
    • Profiling or segmentation.
    • Sharing with third parties.
  • Processing Condition:
    • Performance of a contract.
    • Compliance with a legal obligation.
    • Necessary for the purposes of our legitimate business interests.

Personal Data Collected: Medical Notes
(Spa Customers Only)Personal Data Collected:

  • Use of Personal Data:
    • Compliance with legal and regulatory obligations.
    • General commercial operations.
    • Sharing with, or processing by, third parties.
  • Processing Condition:
    • Consent
    • Compliance with a legal obligation

Personal Data Collected: Social media account information

  • Use of Personal Data:
    • Fraud prevention and anti-money laundering.
    • Compliance with legal and regulatory obligations.
    • General commercial operations.
    • For product/service development and enhancement.
    • Marketing.
    • Profiling or segmentation.
    • Sharing with, or processing by, third parties.
  • Processing Condition:
    • Compliance with a legal obligation.
    • Necessary for the purposes of our legitimate business interests.

Personal Data Collected: Information regarding marketing preferences

  • Use of Personal Data:
    • Compliance with legal and regulatory obligations.
    • General commercial operations.
    • Marketing.
    • Profiling or segmentation.
    • Sharing with third parties.
  • Processing Condition:
    • Compliance with a legal obligation.
    • Necessary for the purposes of our legitimate business interests.
Top of page

Retention, storage and, protection of personal data


Retention

We will retain your personal data for as long as we need it in order to fulfil the purposes that are outlined in this Privacy Notice provided that we have a valid legal reason to do so. Because these needs can vary depending upon the purpose of our processing the data, the length of time that we process the data can vary significantly.

In order to determine the length of time we will retain your data we consider the following factors:

  • How long is the data required to enable us to provide you with our services?

- For example: To maintain adequate business and financial records, to enable us to contact you in line with your preferences, to enable us to comply with lawful requirements.

  • Is the personal data we hold about you Special Category personal data?

- For example: Data about your race; ethnic origin; politics; religion; trade union membership; genetics; biometrics; health; sex life; or sexual orientation.

  • Are we subject to a legal, regulatory or contractual obligation to retain the data?

- For example: We are under an obligation under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 to keep a record of all customer due diligence records we have for a period of 5 years following the end of a business relationship. We are also obliged by the UK Gambling Commission and the Malta Gaming Authority to retain self-exclusion records to enable us to implement self-exclusion periods.

Customers to whom we provide gambling services

  • In general we will retain the majority of your personal data for a period of 5 years after the conclusion of your business relationship with us. We consider a business relationship to be at an end if you have not interacted with us at all for a period of 13 months. At this point we will retain your data and we will no longer process it for any other reason other than its deletion unless and until you further engage with us.
  • If you have a gambling account or membership with us, but you have never used our gambling services, we will retain your data for a period of 3 years. If you have not interacted with us (logged in to an account, visited our premises, clicked through a link in a marketing email, logged into our preference centre) for a period of 13 months we will stop any processing of your personal data beyond its retention and deletion unless and until you further engage with us.
  • If you are subscribed to our marketing only and do not have an active account or membership with us, we will delete all personal data that we hold about you at the point that you opt-out to the receipt of any marketing material from us.
  • CCTV footage from our premises is generally retained for a maximum period of 30 days.
  • There will be some exceptions to the period of time we retain your personal data. For example, we may retain your data for a longer period if you have self-excluded from gambling with us or if we need to retain your data because of ongoing litigation.

Customers to whom we provide non-gambling services

  • In general we will retain the majority your personal data for a period of 24 months following your last interaction with us. We will stop processing your data if you have not interacted with us (logged in to an account, visited our premises, clicked through a link in a marketing email, logged into our preference centre) after 13 months. At this point we will retain your data and we will no longer process it for any other reason other than its deletion unless and until you further engage with us.
  • If you are subscribed to our marketing only and have not purchased any non-gambling services from us, we will delete all personal data that we hold about you at the point that you opt-out to the receipt of any marketing material from us.
  • CCTV footage from our premises is generally retained for a maximum period of 30 days.
  • There will be some exceptions to the period of time we retain your personal data. For example, we may retain your data for a longer period if you have suspended from our premises or if we need to retain your data because of ongoing litigation.
  • If you visit our spa we are required to collect information about your health before you are able to use our services. Any information about your health will be collected only if you give us your consent.

When we no longer need to retain your personal data we will always ensure that it is deleted securely by us and we will also require third parties with whom we have shared your personal data to have deleted it also.

In instances where we want to retain data for analysis purposes for a longer period than we are able to we will anonymise this data such that it can no longer be linked back to you. Where we do this the information will no longer be your personal data.

Please note that if you opt-out from the receipt of marketing from us, we may need to retain your contact information in order that we can ensure that you no longer receive such marketing.

Storage and protection of personal data

We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and also against accidental loss, destruction or damage. We use a variety of technologies to help to protect your personal data.

For example, we ensure that your personal data is stored on computer systems that have limited access and that are in secure controlled facilities, we ensure that appropriate protection is in place whenever we allow access to your personal data by third parties.

  • We adhere to high security standards in order to protect any information you give us and our security programme is aligned with ISO 27001 and PCI-DSS frameworks.
  • Any data you give us will be retained in a secure environment and access to it will be heavily restricted on a ‘need to know’ basis.
  • The primary storage location of your personal data will be in the United Kingdom in respect of our land-based business activities and in Malta and the United Kingdom in respect of our online gambling services. However, as outlined in this Privacy Notice, we may in some instances disclose your personal data to third parties. Where we disclose your personal data to a third party, we require that third party to have appropriate technical and organisational measures in place to protect your personal data. In instances where we are required by law to disclose your personal data to third parties (for example to law enforcement agencies) we have limited control over how it is protected by that third party.
Top of page

Your Rights


Under the General Data Protection Regulation, the UK Data Protection Act 2018 and the Malta Data Protection Act 2018 (Chapter 586 of the Laws of Malta) you have a number of rights with regard to your personal data.

Your right to access the data we hold about you

  • You have the right to request from us access to your personal data along with confirmation as to whether your personal data are being processed and the purposes of such processing.
    1. To submit a request for access to your personal data, please contact us at DPO@GentingUK.com.
      • We will require that you provide us with proof of identity before we comply with such requests.
      • We are also likely to ask you some additional questions to assist us in providing the information you are looking for.

Your right to have inaccuracies in your personal data corrected

  • You have the right to obtain from us the rectification of any inaccurate personal data that we hold.
  • Please note that it is possible for you to rectify any inaccurate personal data that we hold fairly quickly and easily by undertaking one of the following actions yourself:
    1. Updating your details yourself in the ‘Your Account’ section of GentingBet.com;
    2. Contacting customer services at GentingBet.com by email, telephone or live chat;
    3. Updating your preferences in our Preference Centre;
    4. Asking at the reception in any of our operating premises.
  • Alternatively you can contact us at DPO@GentingUK.comand submit a request for the same.

Your right to erasure

  • You have the right to request that we erase your personal data in certain circumstances.
  • These circumstances are where:
    1. our retention is no longer necessary in relation to the purposes for which they were collected;
    2. if we are processing your data with your consent, you wish to withdraw that consent
    3. if we are processing your data in our legitimate business interests and we have not demonstrated overriding legitimate grounds to continue to process your data in the event that you have objected to such processing (see below);
    4. if your personal data have been unlawfully processed;
    5. if we are required to erase your data in compliance with a legal obligation.
  • It is of note that, other than data collected exclusively through our preference centre (where no membership or commercial relationship exists alongside this) we do not process your data with your consent. Requests for erasure based on the withdrawal of consent alone outside these circumstances are unlikely to be complied with. We will delete your data when you opt-out of marketing if the only data we hold is within the preference centre.
  • We will not delete your personal data if we still have a valid fraud, anti-money laundering, legal or regulatory obligation to retain it, unless the courts or our regulators require us to do so.

Your right to restrict our processing of your personal data

  • You have the right to require that we restrict our processing of your personal data in certain circumstances.
  • These circumstances are where:
    1. you have contested the accuracy of your personal data (restriction for a period to enable us to verify the accuracy of the personal data);
    2. our processing is unlawful and you oppose the erasure of your personal data;
    3. we no longer need the personal data but you require it for the establishment, exercise or defence of a claim;
    4. you have objected to our processing of the data, pending the verification whether our legitimate grounds override yours.
  • In instances where we have restricted our processing of your personal data, we will inform you when the restriction of such processing has been lifted.

Your right to data portability

  • If we are processing your data with your consent or because our processing is necessary for the performance of a contract to which you are a party and such processing in carried out by automated means, you have the right to receive your personal data from us in a commonly used and machine readable format and to transmit this data to another data controller.
  • Please note that the information we will provide in response to a request under this right is limited to:
    1. Personal contact details held
    2. Gaming history records held or booking records held
    3. Payments made or withdrawn.

Your right of objection to certain processing activities

  • If we are processing your data in our legitimate business interests you have the right to object to such processing on grounds relevant to your particular situation at any time.
  • In instances where you object we are obliged to cease our processing of your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
  • As we explain in the section Our use of your personal data, the majority of the activities we undertake are central to our business so were you to object it will usually mean that you have to close your account or terminate your membership. Even in these instances we may have to retain certain information for a longer period of time to ensure we comply with our legal and regulatory obligations or for anti-money laundering purposes.
  • You can object to our use of your data for direct marketing purposes by accessing our preference centre or by following the ‘unsubscribe’ or opt-out instructions in any marketing communication we send to you. Your personal data will no longer be used for such purposes.

Your right not to be subject to a decision based solely on automated processing

  • You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  • In our opinion, we do not currently subject you to a decision based on profiling that produces legal effects concerning you or similarly affects you. We outline all automated profiling that we conduct and why in our section entitled How we use your personal data.

We are obliged to comply with, or respond to, any requests you make to exercise your rights free of charge and within 30 days of receipt of the request.

  • We will require you to provide us with proof of identity before we comply with your requests and will not consider the request valid until this has been provided.
  • If we do not uphold your request we will explain why.
  • In certain circumstances we can extend the period within which we are obliged to comply by two further months. We will inform you of any such extension within one month.
  • If your request to exercise your rights is manifestly unfounded or excessive, in particular because of its repetitive character, we may either charge a fee taking into account our administrative costs of providing the information or refuse to act on the request.

Your right to complain to the regulator

You have the right to complain to the privacy regulator if you believe that we have infringed your privacy rights or disagree with a decision we have made about your privacy rights.

  • We are based in the UK so our principal regulator is the Information Commissioners Office. You can contact the ICO at www.ico.org.uk.
  • This is with the exception of Genting Malta Limited (t/a “GentingBet”) which is based in Malta and whose principal regulator is the Malta Office of the Information and Data Protection Commissioner (“IDPC”). You can contact the IDPC at www.idpc.org.mt. If you are a UK-based GentingBet customer, you may choose to contact the ICO about data protection matters in connection with your use of GentingBet services if you wish to do so.

If you are based in any other European country in which we operate, you can complain to the regulator in your country of residence. You can find a list of national data protection authorities and their contact details here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

Top of page