Protecting Your Personal Data

Privacy Policy

Version Effective Date: June 2025

The privacy of our customers is important to us - we are committed to protecting your personal data and processing it in compliance with all applicable data protection and e-privacy laws, including the UK General Data Protection Regulation and the Data Protection Act 2018.

This privacy notice provides information on how Genting Casinos UK Limited and its UK group companies collect, process and retain your personal data through your interactions with us and through your use of our websites and mobile apps. It also explains the lawful bases we rely on for that processing, and your rights in relation to your personal data.

We encourage you to read it so that you are fully aware of how and why we are using your personal data.

Who is responsible for collecting your data?

This privacy notice applies to the following Genting UK companies (Excludes Aspers Stratford Casino):

Genting Casinos UK Limited, incorporated and registered in England and Wales under company number 01519689 with the registered office of Genting Club Star City, Watson Road, Birmingham, England, B7 5SA. Genting Casinos UK Limited acts as the principal data controller in respect of our land-based casinos in the United Kingdom with the exception of Genting Casino Stratford;
Genting Casino Stratford Limited, incorporated and registered in England and Wales under company number 07246090 with the registered office of Genting Club Star City, Watson Road, Birmingham, England, B7 5SA. Genting Casino Stratford Limited acts as the principal data controller in respect of the casino operations (including general and sports betting facilities) located at Genting Casino Stratford, Westfield Stratford City, The Loft, Olympic Park, 312 Montfichet Road, London, E20 1ET.
Genting Casinos Egypt Limited, incorporated and registered in England and Wales under company number 02885976 with the registered office of Genting Club Star City, Watson Road, Birmingham, England, B7 5SA.

Any references to “Genting”, “we”, “us” or “our” are references to all of our UK casino brands and trading names including “Genting Casinos”, “Genting Clubs”, “Crockfords Cairo”, “Palm Beach”, “Forty-Five Kensington”, “Colony Club” and “Genting London Chinatown”.

Your personal data may also be processed by other companies within the Genting UK group of companies from time to time, most commonly by our parent company, Genting UK plc (company number 01519749) and its subsidiary company Genting Solihull Limited (company number 06601106) both with the registered office address of Genting Club Star City, Watson Road, Birmingham, B7 5SA.

These group companies may act as data processors on behalf of Genting Casinos UK Limited, Genting Casino Stratford or Genting Casinos Egypt Limited, or as independent data controllers in their own right. Any processing carried out by these entities takes place further to intra-group arrangements to deliver IT infrastructure services, data security, marketing, finance and legal group services in support of our day to day commercial operations. All of the above Genting companies are also registered with the UK Information Commissioner’s Office (ICO).

Our Data Protection Officer

If you have any questions about this privacy notice, your data protection rights or our data protection practices more generally, please contact our Data Protection Officer (DPO) on DPO@gentinguk.com. Our DPO works across all of Genting’s UK companies and will be able to assist with your queries.

Our collection and use of your personal data

The majority of the personal data we use is collected from our direct interactions with you when you make use of our services. This includes where you:

visit our UK casinos; register for casino membership; register for casino membership; join our loyalty schemes (e.g. ‘My Genting’);
you use any of our self-service or over the counter betting services (available at Genting Casino Stratford only);
visit our websites;
download or use our mobile Apps;
use our guest WiFi;
subscribe to receive direct marketing from us or visit our marketing Preference Centre;
make a table reservation for one of our restaurants;
when you interact with us (for queries, complaints, correspondence);
when you participate in social media connected to us;
when you participate in promotions, competitions or surveys.

We outline the personal data that we collect and why we collect it later on in this notice.

Your Rights: You generally have a choice as to whether you provide us with your personal data, but we may be unable to offer you certain services or provide you with materials you have requested if we do not have the necessary information to do so.

Generally the amount of personal data that we collect, process and retain shall be limited as far as possible to what is strictly necessary in connection with the relevant purposes for which it is collected.

Data collected from third parties

We may also collect personal data about you from third parties. This is usually to ensure that we comply with our legal and regulatory obligations and enable us to provide you with our services. We will protect this data in the same way that we protect the personal data that you provide to us directly and in line with any other requirements we are placed under either by the source of the data (where there is a contractual obligation to do so) or if we are required to by law. Examples of third parties who share personal data with us include:

Genting Group Companies
- including our parent and subsidiary companies, jointly controlled entities and associated companies.
Other casino operators
- we may obtain information from other casino operators to undertake further due diligence checks to comply with our legal and regulatory obligations (which includes for fraud prevention and anti-money laundering purposes) and so that we are able to verify your information or investigate suspicious activity both in relation to you or any third party. We may also obtain data from other international casinos about your play and transaction history for credit and verification purposes if you have entered into a VIP Player Incentive Agreement or Cheque Cashing Facility with us.
Credit reference agencies
- we may obtain information from credit reference agencies, including Experian to ensure that we comply with our legal and regulatory obligations (including for identify verification, fraud prevention, anti-money laundering purposes and any affordability / financial vulnerability checks mandated by the UK Gambling Commission). The information we obtain does not include information about your credit standing or score, does not leave a hard footprint and does not affect your ability to obtain credit.
Commercially available databases and publicly available sources
- in some instances we may need to undertake further due diligence checks to comply with our legal and regulatory obligations (which includes fraud prevention and anti-money laundering purposes) so that we are able to verify your information or investigate suspicious activity both in relation to you or any third party. We use databases that collate and make certain information commercially available for these purposes. We may also look at publicly available sources such as social media, Companies House or property ownership records.
We may also purchase similar services that are offered by other third party data sources that are available commercially.
SENSE scheme
- if you are a UK-based customer and have, or decide to, self-exclude from gambling using the SENSE national self-exclusion scheme, we will be notified about your exclusion and use this information to prevent you from accessing our premises and gambling services. We may in the future subscribe to similar national self-exclusion schemes. This privacy notice will be updated following any such new subscriptions.
Regulatory and law enforcement agencies

How we use your personal data and data categories

Our legal basis for processing your personal data

Our legal basis for processing your personal data will vary depending upon the services that we provide you with and/or your choices.

Our main legal bases for processing your personal data are one or more of the following:

If you have given your consent to the processing of your data for one or more specific purposes. This includes collecting your consent to receive direct marketing from us, or when you agree to participate in competitions or media releases. In certain cases, we may also rely on your Consent to process Special Category personal data, but this is very rare. Special Category personal data consists of data about your race; ethnic origin; politics; religion; trade union membership; genetics; biometrics; health; sex life; or sexual orientation.
Our processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to your entering into a contract with us.
- We process your data under this condition when you enter into a gambling or other service provision contract with us (i.e. whenever you buy a product or service from us or if you express an interest in buying a product or service from us). We require the data that we process under this condition to enable us to complete our obligations under that contract with you, for example to:
  - Confirm your identity;
  - Make payment to you/receive payment from you;
  - Contact you in order to confirm services that you purchase from us.
Our processing is necessary for compliance with a legal obligation. On occasion, we may process your Special Category personal data under this condition.
- We process your data under this condition as we are required to record certain information that you provide to us by law. This can be for:
  - Prevention of money laundering and combating the financing of terrorism;
  - Compliance with our legal and regulatory obligations to the UK Gambling Commission, including where we are making use of Live Facial Recognition Technology at our casino premises.
Our processing is necessary for the purpose of our legitimate business interests.
- Legitimate Interests refers the interests of Genting in conducting and managing our business, to enable us to provide you with the best service and products, and the most secure experience. For example:
  - we have a legitimate interest in ensuring that our marketing is relevant to you, so we may process your information to ensure that we only send marketing to you that is relevant to your interests;
  - we have a legitimate interest in ensuring that we permit you to use our gambling products in a socially responsible manner so we may process your information to enable us to monitor your gambling activity.
  - we can identify legitimate interests as a secondary lawful basis to support our use of Live Facial Recognition Technology in our casinos to help identify and deny entry to individuals who are suspended or barred from our premises due to the protection or detection of crime, unlawful acts or disorder.
- When we process your information for our legitimate interests, we will make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws against our interests. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise permitted by law).
- You have the right to object to this form of processing if you wish. However, as we explain in the section Our use of your personal data, certain activities are central to our business, therefore if you were to object to certain aspects of our processing we may still have to process some of your other personal data on one of the other grounds of processing set out above.

We outline our specific legal basis for processing the personal data we collect from you against our categorised use of such data in a separate table in the section entitled ‘The personal data we collect’.

For more detailed information on your rights, please see the Your Rights section below.

Our use of your personal data

We use your personal data for a number of different reasons, some of which may not be immediately apparent to you, therefore we have explained in detail how we use your personal data in the below table.

We outline our specific legal basis for processing the personal data we collect from you against our categorised use of such data a separate table in the section entitled ‘The personal data we collect’.

Purpose	Use and examples
Fraud prevention / Anti-money laundering	When you use our services we may need to process and verify your personal data to comply with fraud prevention and anti-money laundering requirements, regulators’ requirements (including the UK Gambling Commission and other industry standards. In some instances, we may share your personal information with third parties to conduct identification or verification checks and/or to enable financial transactions to be processed. Specific examples are: Sharing and validating your data with credit reference agencies, fraud prevention agencies or for age verification purposes. Sharing and validating your data against databases or with commercial organisations which identify potential illegal activity or related indicators of the same. Sharing your data with law enforcement agencies. In order to ensure that illegal activity, including fraud and anti-money laundering, is prevented and detected, we may have cause to work with and share your data with other gambling operators. We will ensure that any data we share or receive for this purpose is shared or received lawfully and in line with industry guidelines. Monitoring your interactions with us for crime prevention purposes, for example cheating at gambling. Using public sources to verify information you have provided to us on affordability, source of funds and CCD / ECDD due diligence, including social media pages, the electoral roll, HM Land Registry, Companies House and insolvency registers. Sharing and validating your data (to the minimum extent necessary) with other gambling operators, service providers, banks, financial institutions and payment service providers / gateways, the National Casino Forum, the International Association for Casino Surveillance and similar bodies or associations in the interests of security, good practice or safety, for the purposes of the prevention and detection of crime, cheating, counter-fraud measures and investigations, money laundering, other impropriety, and in order to uphold gaming integrity. If you would like to know more about gambling regulation and the obligations we are placed under as a licensed gambling operator, please visit the UK Gambling Commission’s website (www.GamblingCommission.gov.uk) In our view, our processing of your personal data under this category is essential to our ability to comply with legal and regulatory requirements, and to protect our business and customers. Should you object to our use of your data for these purposes your only option may be to terminate your membership and/or not use our services. Even if you do so we may retain some data for a period of time due to legal and/or regulatory obligations.
Compliance with legal and regulatory obligations	We are subject to a number of laws and regulations and we are required to process and provide personal data requested by regulatory bodies, law enforcement agencies and the courts. Some of the legal and regulatory obligations we are placed under require us to use personal data collected for certain purposes and/or to retain it for a specified time period. We may also be required to share information with industry bodies. We have in place a number of safeguards and mitigations to ensure that your personal data is processed proportionately and safely when processed for these purposes. Specific examples are: Carrying out checks during the course of your relationship with us to ensure that you are gambling legally. These checks may include the securing of a copy of identification, for example a copy of your passport or asking you to evidence the source of your funds. Carrying out checks, monitoring your play, and segmenting or profiling the data we hold about you and your gambling with us to ensure that you are gambling responsibly and to enable us to identify and intervene when we think you may be at risk of problem gambling; In some instances we may ask third parties to assist us with this segmentation or profiling. Such parties may also include other companies within the wider Genting group of companies. Conducting checks against the SENSE national self-exclusion scheme or any other national self-exclusions schemes in any country to which we might subscribe from time to time so that we can apply your chosen restrictions to services we provide to you. Using Live Facial Recognition Technology to help identify individuals who suspended / barred for responsible gambling reasons. Compliance with requests for disclosures by law enforcement agencies, regulatory bodies (such as the UK Gambling Commission or the courts. Using records held for other audit, insurance, legal and regulatory compliance purposes. If you would like to know more about gambling regulation and the obligations it places Genting under, please visit the Gambling Commission’s website (www.GamblingCommission.gov.uk ) On occasion you may indirectly provide us with sensitive information, such as your ethnicity (for example if you provide us with identification documentation). We will only use this information for the specific purpose for which it is provided. You may also provide us with sensitive information about your psychological or physical health, in particular if you were to talk to us about problems with gambling. We understand the sensitivities surrounding such disclosures and will only ever use this information to provide you with support or to ensure we comply with legal or regulatory obligations. In our view, our processing of your personal data under this category is essential to our ability to comply with legal and regulatory requirements, and to protect our business and customers. Should you object to our use of your data for these purposes your only option may be to close your account and/or not use our services. Even if you do so we may retain some data for a period of time due to legal and/or regulatory obligations.
General commercial operations	We use personal data to manage the day-to-day operation of our business and to enable us to provide you with our products and services. This includes management of customer preferences, suppliers, and other relationships, sharing information within the Genting group, implementing safety procedures and allocating resources. Specific examples are: Facilitating the creation of your membership or account, or our provision of services to you. Responding to queries we receive from you (for example by email, text, social media etc) Administering your participation in our rewards / loyalty schemes including ‘My Genting’ Using technical information about your device, such as browser version, operating system, IP address and location data to ensure our websites or mobile Apps are functioning correctly and that you are presented with the correct version. Contacting you about important service matters (non-marketing). To maintain our records, including transactional, financial and player records. To monitor and analyse activity in our casinos To conduct internal analysis of our customers to enable us to understand why and how you use our services and what we can do to improve them. For example, for our land-based services we may monitor the busiest times in our premises so that we can ensure we have the requisite number of staff available or we may consider the broad demographic groups who use our services at different times and in different locations so that we can offer appropriate facilities and services to those sites. To share information with other companies within the wider Genting group of companies. Administering your responsible gambling controls. Reporting management information. Monitoring physical access to offices, visitors, conducting CCTV operations and audio recordings, surveillance reports of game play for gaming integrity monitoring. To monitor your use of our products and services for business intelligence purposes. For example we may monitor your use of our services to ensure that you act in line with our terms and conditions so that we can identify activity that may be prejudicial to our commercial interests (for example fraudulent activity) and take requisite action such as by restricting the services we provide to you. Managing third party relationships. Conducting market research. Processing identifiable personal data by anonymising/de-identifying/re-identifying/pseudonymising. To enable you to participate in interactive features of our services when you choose to do so, including administering your voluntary participation in any promotional events, engagement surveys, market research activities, competitions or prize draws from time to time. In relation to competitions and tournaments, this may include, but is not limited to, displaying your name, county of residence and performance stats on a competition leader board or similar display in our casinos .You can opt-out of appearing on our leader boards by notifying our staff at any time. To keep our services, websites and mobile Apps safe and secure. To improve our products and services through troubleshooting, testing, analysis, and research activities. Conducting research in connection with our obligations as a socially responsible gambling operator – for example, making samples of anonymised or pseudonymised player data available to our third party research partners for the purpose of developing our responsible gambling safeguarding / problem gambling detection measures. For information, system, cyber and network security. For example we will use personal data you provide to us to monitor, detect and protect our business, its infrastructure, networks, computer systems, information, intellectual property and other rights from unwanted security intrusion, access, disclosure of and acquisition of information, data and software breaches, hacking, industrial espionage and cyberattacks. We may use cookies to facilitate our ability to personalise some of the services we refer to in this section. You can control this through our interactive consent tools on our website or via your browser settings. Please see the Cookies Policy for more information on our use of Cookies and how to manage their settings. In our view, our processing of your personal data under this category is essential to our ability to ensure that we protect our commercial interests. Should you object to our use of your data for these purposes you have the option to close your account and/or not use our services. Even in these instances we may retain some data for a period of time due to legal and/or regulatory obligations.
Marketing	We will process certain personal data to gather market intelligence, promote products and services, communicate offers to individual customers and monitor the use and take up of our loyalty and reward cards and points and promotions (for example, so that we will have an understanding of your interests so that we can send you offers more relevant to you). We may also provide aggregated and pseudonymised or anonymised data to third parties – where we do this we will ensure that these third parties take appropriate measures to secure any personal data that is provided, however we would look to anonymise / pseudonymise where possible. We will never pass your contact information to third parties for them to use for their own marketing purposes unless we have your consent. Where you have opted-in to receive direct marketing communications from us (or have not chosen to opt-out as the case may be) we may from time to time engage third party service providers to carry out direct marketing activities on our behalf. In such cases, our third party service providers are not permitted to use your details for their own direct marketing activities or to pass your data on to any other third parties for these purposes. Such arrangements are subject to contractual protections to ensure the safeguarding and integrity of your data in accordance with the relevant data protection laws. Specific examples of the marketing we will undertake are: Direct marketing by email, SMS, telephone, push notification, Whatsapp. Targeted advertising on social media. Marketing by post. When you become a registered member of our Casinos, we will contact you by email and/or SMS for the purposes of direct marketing about similar products and services automatically. This is known as the “soft opt-in” rule under current e-privacy regulations. In these circumstances we will provide you with a simple means of refusing our use of your personal data for these purposes both at the time we collect your details and in each subsequent communication we send to you. In addition, you can opt-out of marketing at the time that you become a member or initially transact with us, at any point by accessing our Preference Centre, by clicking on the link included in our marketing communications, by contacting our customer support services, or by asking at any of our reception desks. Preference Centre We have created a Preference Centre within which you will be able to control how and why we contact you for the purposes of direct marketing. We will include a link to our Preference Centre in all of the communications that we send to you. We will only ever contact you in accordance with your contact preferences. Our main means of contact will be by post, email, SMS, telephone, Whatsapp and push notification. From time to time we may contact you by other means (for example via social media). Matters we may contact you about include existing or future services, products, promotional offers, loyalty and rewards incentives, service changes and other of our activities and those of our group companies which we think may be of interest to you. You can update your contact preferences or opt-out from the receipt of direct marketing in our Preference Centre, at reception, or by following the instructions in any marketing communications we send you. In App Data Collection / Use and Website Marketing If you are a user of any of our mobile Apps or our Website, we may send you push notifications. You can disable these notifications independently through your devices settings and by following the prompts issued on download of mobile Apps.. We use services to review in-App events as part of your use of our mobile gaming Apps. These technologies collect information regarding in-App player activity such as new-user registrations, login and session times, device and IP data. Our third party partners do not process this data for their own purposes and provide only hosting and reporting solutions for Genting’s internal business activities. Data collected via these technologies allows us to analyse and improve our services, to offer you gaming experiences and marketing more tailored to your preferences and to measure the effectiveness of our advertising campaigns. You can manage data collection and Ads preferences via your device's privacy settings (e.g. Apple iOS Limit Ad Tracking , Opt-out of seeing personalised Ad on Android device/Google ).
Profiling or segmentation	Marketing We would like to be able to contact you about specific offers and promotions that we believe will appeal to you. In order for us to be able to approach our marketing in a socially responsible and non-invasive manner we need to fully understand your use of our services by carefully analysing your preferred products and average spend alongside the records that we hold about our other customers. We analyse your data by placing it into pre-determined segments based on the specific offer or promotion we are operating. Our segments are identified using information such as: Product (to ensure that we only contact you about your preferred products); Spend (to ensure that we only bring offers to your attention that correlate with your preferred spend and that we act in a socially responsible manner); Location (to ensure that we only contact you about offers that are realistically accessible by you from a geographical perspective) We will never use any special category personal data that we hold about you for marketing profiling purposes unless we have your explicit consent to do so. Social Responsibility / Anti-money laundering / Business records We may also profile or segment your personal data to ensure that we act in socially responsible and lawful manner, and to enable us to produce anonymised transactional business reports. We will only share the results of this information externally if we are required to do so by law. Important Information We strongly believe that our customers would rather receive marketing information that is relevant to their preferences. Our ability to segment or profile the information that we hold is essential if we wish to ensure this occurs. All of our marketing is tailored in this way. IF YOU DO NOT WANT US TO SEGMENT OR PROFILE YOUR INFORMATION FOR MARKETING PURPOSES, YOU WILL NEED TO OPT-OUT OF THE RECEIPT OF ALL MARKETING FROM US. You can opt-out of marketing at the time that you become a member of our land-based casinos at any point by accessing our Preference Centre, by clicking on the link included in our marketing communications or by asking at any of our reception desks. If you have opted-out of the receipt of marketing we may still segment your data for the sole purpose of ensuring you do not receive marketing information from us. We will continue to personalise our online services. Please see our Cookies Policy for more information about this and how to control our use of cookies.
Sharing with, or processing by, third parties	We may need to provide your personal data to third parties in order to deliver certain aspects of our services to you and to generally run our day to day business operations. The majority of these third parties are our service providers or other companies within the wider Genting group of companies. Where we do this we will ensure that these third parties take appropriate measures to secure your data. Specific examples are: Sharing data with other Genting branded services such as Genting Casino online (operated by our third-party partner Skill On Net Limited). We may use land-based customer data to determine where our UK casino customers are also customers of Genting Casino online. We may use this data to offer and suggest other Genting branded products and services that you may be interested in. Providing personal data to other gambling operators, service providers, banks, financial institutions, the National Casino Forum, the International Association for Casino Surveillance and similar bodies or associations in the interests of security, good practice or safety (for example, our participation in the Casino Operators Information Network “COIN”, for the purposes of the prevention and detection of crime), cheating, bonus abuse and other service mis-use, counter-fraud measures and investigations (including the verification and investigation of “chargeback” claims relating to your transactions with Genting), money laundering, other impropriety, and in order to uphold gaming integrity. Processing your payment transaction data in conjunction with our third party payment service providers and payment gateways, banks or financial institutions acting as ‘Acquiring Banks’ and Alternative Payment Method Providers (APMPs) in each case to enable us to receive payments from you and to credit payments to you (e.g. the payment of gaming winnings or the withdrawal of funds back to your card). In such circumstances, third party payment service providers and gateways, Acquiring Banks and APMPs may act as Data Controllers in their own right in respect of certain processing activities associated with receiving and making payments online. We use the ‘Worldpay’ group as a payment services provider – Worldpay also act as an independent Controller of the personal data that you provide as part of a payment transaction. You can find more information about how they process your personal on Worldpay’s corporate website. Providing your personal information to our service providers, software suppliers and game suppliers who help us to provide you with services (for example, a software service used to supply gaming services to you, a cloud services provided for data storage / hosting or services used to process bookings or payments or to provide customer service support. Providing your personal data to other Genting Group Companies (for example Genting Malaysia Berhad and the group of Genting companies identified at the beginning of this Privacy Notice) (acting as controller or processor) in relation to services they provide, offer, or consider providing to you and for any other purpose which would be permitted under this policy if we undertook the same processing of your data. Such processing is also necessary for us to carry out our day to day business operations in the context of a multi-brand group of companies. Providing your personal data (typically basic information such as your name and contact information) to social media operators including (but not limited to) Facebook and Twitter to facilitate our marketing to you via the social media channels that you participate in. Use by those social media operators for that purpose will also be subject to the privacy policies that such operators provide to you, and where applicable, to the contact preferences, consent and privacy settings that you have given those operators in relation to their use of your personal data. Please note that your Preference Centre settings will not be reflected in our marketing via these third parties; they only apply to marketing sent directly by us. Sharing your device, content and log Information with our service and analytics providers in order to enable them to analyse website and mobile App performance, improve our services, or tailor web and landing pages to any identified preferences – please also see the Genting Casino Cookies Policy for further information. Sharing your data with market research agencies for research and analysis purposes. Sharing your data with credit reference agencies. Sharing your data with prospective and actual buyers (and our professional advisors) in the event of the proposed sale or restructuring of any part of our business. Such disclosures shall be subject to adequate contractual obligations of confidentiality to ensure the safeguarding of your personal data. Sharing your data (to the minimum extent necessary) with our third-party professional advisers for the purposes of obtaining legal, regulatory, accounting, tax, insurance or other professional advice where required. Sharing your data (to the minimum extent necessary) with our third-party insurers for the purposes of administering insurance related claims and commencing / defending legal claims. Sharing your data (to the minimum extent necessary) with our third party service providers in order to administer and give effect to Data Subject Rights – e.g. sharing CCTV images with our third party visual / audio redaction specialists in order to redact third party personal data / images in connection with a Data Subject Access Request. We may in some instances have to share your data with third parties who provide services to us that are based in countries outside of the UK, or permit these third parties to access our systems. Whenever we disclose your personal data to these third parties, we will ensure that Chapter V of the UK GDPR is complied with by checking that an adequacy regulation is in place for the destination country, or requiring the third party to enter into appropriate safeguards to support the transfer, such as ICO’s International Data Transfer Agreement / UK Addendum and or conduct a Transfer Risk Assessment. We will also require the third party to have appropriate technical and organisational measures to safeguard your personal data.

The personal data that we collect

The data that we collect from you will vary depending upon the services that we provide you with and your choices (including your privacy settings). We outline the data that we may collect, our use of that data and our legal basis for processing that data in the table below.

Personal Data Collected	Use of Personal Data	Processing Condition
Name and other contact information (including title, date of birth, gender, nationality, address, telephone numbers, email address, customer/user ID and proof of identity information.	Fraud prevention and anti-money laundering. Compliance with legal and regulatory obligations. General commercial operations. For product/service development and enhancement. Marketing. Profiling or segmentation. Sharing with, or processing by, third parties.	Performance of a contract. Compliance with a legal obligation. Necessary for the purposes of our legitimate business interests.
Payment card or bank account information	Fraud prevention and anti-money laundering. Compliance with legal and regulatory obligations. General commercial operations. Sharing with, or processing by, third parties.	Performance of a contract. Compliance with a legal obligation. Necessary for the purposes of our legitimate business interests.
Closed circuit television (CCTV), photographs, or audio recordings of you	This information will only be collected when you visit our land-based casino premises. Fraud prevention and anti-money laundering. Game play monitoring and surveillance reporting for gaming integrity purposes Compliance with legal and regulatory obligations. General commercial operations. Sharing with, or processing by, third parties. Please note, Genting instructs third parties to provide security services at most of its casinos. Some of these third parties may make use of Body Worn Video devices from time to time – these devices are currently in use at our Birmingham Chinatown, Palm Beach and Resorts World casinos. Recordings collected from third party Body Worn Devices are not under the control of Genting and we do not receive or store copies of the footage. If you wish to obtain copies of Body Worn Video footage featuring you, our staff can provide you with the contact details of the relevant third-party security company so that you can submit your date access request directly to them.	Compliance with a legal obligation. Necessary for the purposes of our legitimate business interests.
Live image streaming / biometric data created through use of Live Facial Recognition Technology	Collection of live facial images and cropped extracts for comparison against database of persons of interest. Creation of binary biometric template to be used in comparison exercise. Please see our LFRT FAQs for more information.	Further to our legal obligations under the UK Gambling Commission’s Licensing Conditions and Codes of Practice (LCCP) to protect vulnerable persons from being harmed by gambling and to prevent gambling from being associated with crime and disorder. Further to our legitimate interests. In the substantial public interests of safeguarding individuals at risk and preventing or detecting unlawful acts – this also applies to the processing of special category biometric data created in the use of LFRT.
Offences	Fraud prevention and anti-money laundering. Compliance with legal and regulatory obligations. Sharing with, or processing by, third parties.	Compliance with a legal obligation. Necessary for the purposes of our legitimate business interests.
Technical / device information (including IP address, cookies, geo-location, browser information and operating system information)	Fraud prevention and anti-money laundering. Compliance with legal and regulatory obligations. General commercial operations. For product/service development and enhancement. Marketing. Profiling or segmentation. Sharing with, or processing by, third parties. In the majority of cases we are not able to personally identify you from Cookies. See our Genting Casinos Cookies Policy for more information.	Compliance with a legal obligation. Necessary for the purposes of our legitimate business interests.
Customer records relating to due diligence, gaming and responsible gaming (including occupation, passport and driving licence copies and proof of signature)	Fraud prevention and anti-money laundering. Compliance with legal and regulatory obligations. General commercial operations. For product/service development and enhancement. Marketing. Profiling or segmentation. Sharing with, or processing by, third parties.	Compliance with a legal obligation. Necessary for the purposes of our legitimate business interests.
General correspondence	Fraud prevention and anti-money laundering. Compliance with legal and regulatory obligations. General commercial operations. For product/service development and enhancement. Marketing. Profiling or segmentation. Sharing with third parties.	Performance of a contract. Compliance with a legal obligation. Necessary for the purposes of our legitimate business interests.
Medical conditions (only where voluntary disclosed by you)	Compliance with legal and regulatory obligations.	Consent Compliance with a legal obligation
Social media account information	Fraud prevention and anti-money laundering. Compliance with legal and regulatory obligations. General commercial operations. For product/service development and enhancement. Marketing. Profiling or segmentation. Sharing with, or processing by, third parties.	Compliance with a legal obligation. Necessary for the purposes of our legitimate business interests.
Information regarding marketing preferences	Compliance with legal and regulatory obligations. General commercial operations. Marketing. Profiling or segmentation. Sharing with third parties.	Compliance with a legal obligation. Necessary for the purposes of our legitimate business interests.
Special Category personal data consists of data about your race; ethnic origin; politics; religion; trade union membership; genetics; biometrics; health; sex life; or sexual orientation.	Our processing of your Special Category personal data will be rare. Examples include: where you share sensitive information with us about your health when discussing responsible gambling concerns. where biometric data is processed as part of our use of Live Facial Recognition Technology (LFRT). Please see our LFRT FAQs for further information on the lawful bases we rely on to support this processing.	Consent. Compliance with legal obligations. Legitimate Interests. Substantial public interest of safeguarding individuals at risk (responsible gambling) and preventing or detecting unlawful acts.

Retention, storage and, protection of personal data

Retention

We will retain your personal data for as long as we need it in order to fulfil the purposes that are outlined in this Privacy Notice, provided that we have a valid legal reason to do so. Because these needs can vary depending upon the purpose of our processing the data, the length of time that we process the data can vary significantly.

In order to determine the length of time we will retain your data we consider the following factors:

How long is the data required to enable us to provide you with our services?
- For example: To maintain adequate business and financial records, to enable us to contact you in line with your preferences, to enable us to comply with lawful requirements.
Is the personal data we hold about you Special Category personal data?
- For example: Data about your race; ethnic origin; politics; religion; trade union membership; genetics; biometrics; health; sex life; or sexual orientation.
Are we subject to a legal, regulatory or contractual obligation to retain the data?
- For example: We are under an obligation under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 to retain all customer due diligence, identification, verification and supporting records for a period of 5 years following the end of our business relationship with you. We are also obliged by the UK Gambling Commission to retain self-exclusion records to enable us to implement self-exclusion periods.

Customers to whom we provide gambling services

In general we will retain the majority of your personal data for a period of 5 years after the conclusion of your business relationship with us. We consider a business relationship to be at an end if you have not interacted with us in any material way for a period of 13 months (e.g. visited our casinos or used the My Genting App). At this point we will retain your data and no longer process it for any other reason (other than for direct marketing where you have not opted-out, in which case, you will continue to receive direct marketing from us for a period of 36 months) other than its deletion unless and until you further engage with us
CCTV footage from our premises is generally retained for a maximum period of 30 days but this may be or longer in some cases (e.g. where an incident requires the footage to be archived or where a gaming integrity surveillance report has been produced from the footage). For details of our retention periods for Live Facial Recognition Technology, please see our LFRT FAQs.
There will be some exceptions to the period of time we retain your personal data. For example, we may retain your data for a longer period if you have self-excluded from gambling with us or if we need to retain your data because of ongoing complaints, disputes, investigations or litigation.

When we no longer need to retain your personal data we will always ensure that it is deleted securely or anonymised by us and we will also require third parties with whom we have shared your personal data to have deleted it also.

In instances where we want to retain data for analysis purposes for a longer period than we are able to we will anonymise this data such that it can no longer be linked back to you. Where we do this the information will no longer be your personal data.

Please note that if you opt-out from the receipt of marketing from us, we may need to retain your contact information in order that we can ensure that you no longer receive such marketing.

Storage and protection of personal data

We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and also against accidental loss, destruction or damage. We use a variety of technologies to help to protect your personal data.

For example, we ensure that your personal data is stored on computer systems that have limited access and that are in secure controlled facilities, we ensure that appropriate protection is in place whenever we allow access to your personal data by third parties.

We adhere to high security standards in order to protect any information you give us and our security programme is aligned with ISO 27001 and PCI-DSS frameworks.
Any data you give us will be retained in a secure environment and access to it will be heavily restricted on a ‘need to know’ basis.
The primary storage location of your personal data will be in the UK in respect of our land-based casino activities. However, as outlined in this Privacy Notice, we may in some instances disclose your personal data to third parties outside of the UK. Where we disclose your personal data to a third party, we require that third party to have appropriate technical and organisational measures in place to protect your personal data. In instances where we are required by law to disclose your personal data to third parties (for example to law enforcement agencies) we have limited control over how it is protected by that third party.

Your Rights

Under UK Data Protection Laws, you have a number of rights with regard to your personal data. Here is more information about them -

Your right to access the data we hold about you

You have the right to request a copy of your personal data along with confirmation as to whether your personal data is being processed and the purposes of such processing. This is also known as a “data subject access request”, or DSAR for short.
- To submit a DSAR, please contact us at DPO@GentingUK.com.
  - We may ask you to provide us with proof of identity and additional information before we we are able to complete your DSAR. This is to help us verify your identity and to locate the information you are looking for.

Your right to have inaccuracies in your personal data corrected

You have the right to obtain from us the rectification of any inaccurate personal data that we hold about you.
Please note that it is possible for you to rectify any inaccurate personal data that we hold fairly quickly and easily by undertaking one of the following actions yourself:
- Updating your preferences in our Preference Centre;
- Asking at the reception in any of our casinos
Alternatively, you can contact us at DPO@GentingUK.com to submit your request.

Your right to erasure (also known as the “right to be forgotten”)

You have the right to request that we erase your personal data in certain circumstances.
These circumstances are where:
- our retention of your personal data is no longer necessary in relation to the purposes for which it was collected;
- if we are processing your data solely on the basis of your consent and you wish to withdraw that consent
- if we are processing your data in our legitimate interests and we have not demonstrated overriding legitimate grounds to continue to process your data in the event that you have objected to such processing (see below);
- if your personal data has been unlawfully processed;
- if we are required to erase your data in compliance with a legal obligation.
It is of note that, other than data collected exclusively through our Preference Centre (where no membership or commercial relationship exists alongside this) we do not process your data with your consent. Requests for erasure based on the withdrawal of consent alone outside these circumstances are unlikely to be complied with. We will delete your data when you opt-out of marketing if the only data we hold is within the Preference Centre.
We will not delete your personal data if we still have a valid fraud, anti-money laundering, legal or regulatory obligation to retain it, unless the courts or our regulators require us to do so.
If you wish to exercise this right, please contact us at DPO@GentingUK.com.

Your right to restrict our processing of your personal data

You have the right to require that we restrict our processing of your personal data in certain circumstances.
These circumstances are where:
- you have contested the accuracy of your personal data (restriction for a period to enable us to verify the accuracy of the personal data);
- our processing is unlawful and you oppose the erasure of your personal data;
- we no longer need the personal data but you require it for the establishment, exercise or defence of a claim;
- you have objected to our processing of the data, pending the verification whether our legitimate grounds override yours.
In instances where we have restricted our processing of your personal data, we will inform you when the restriction of such processing has been lifted.

Your right to data portability

If we are processing your data with your consent or because our processing is necessary for the performance of a contract to which you are a party and such processing in carried out by automated means, you have the right to receive your personal data from us in a commonly used and machine readable format and to transmit this data to another data controller.
If you wish to exercise this right, please contact us at DPO@GentingUK.com.
Please note that the information we will provide in response to a request under this right is limited to:
- Personal contact details held
- Gaming history records held or booking records held
- Payments made or withdrawn.

Your right of objection to certain processing activities

If we are processing your data in our legitimate business interests you have the right to object to such processing on grounds relevant to your particular situation at any time.
- In instances where you object, we are obliged to cease our processing of your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
- As we explain in the section ‘Our use of your personal data’, the majority of the activities we undertake are central to our business so were you to object it will usually mean that you have to close your account or terminate your membership. Even in these instances we may have to retain certain information for a longer period of time to ensure we comply with our legal and regulatory obligations or for anti-money laundering purposes.
You can object to our use of your data for direct marketing purposes by accessing our Preference Centre or by following the ‘unsubscribe’ or opt-out instructions in any marketing communication we send to you. Your personal data will no longer be used for such purposes.

Your right not to be subject to a decision based solely on automated processing

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- In our opinion, we do not currently subject you to a decision based on profiling that produces legal effects concerning you or similarly affects you. We outline all automated profiling that we conduct and why in our section entitled How we use your personal data.

We are obliged to comply with, or respond to, any requests you make to exercise your rights free of charge and within 30 days of receipt of the request.

We may require you to provide us with proof of identity or further information before we can comply with your requests and will not consider the request valid until this has been provided.
If we do not uphold your request we will explain why.
- In certain circumstances we can extend the period within which we are obliged to comply by two further months. We will inform you of any such extension within one month. This may be required where your request is complex, such as a request for CCTV footage that requires the specialist redaction of all third party audio and visual data.
- If your request to exercise your rights is manifestly unfounded or excessive, in particular because of its repetitive character, we may either charge a fee taking into account our administrative costs of providing the information or refuse to act on the request.

Your right to complain to the Information Commissioner’s Office (ICO)

You have the right to complain to the UK data privacy regulator (the ICO) if you believe that we have infringed your data privacy rights or disagree with a decision we have made about your personal data. You can contact the ICO at www.ico.org.uk but we encourage you to contact us first as we may be able to resolve the matter directly.

Updates to this privacy notice

We may update this privacy notice from time to time as and when we make any material changes to how we process or look after your personal data. You can obtain a copy of the latest version at any time by contacting our Data Protection Officer via DPO@GentingUK.com or by visiting our website.

Last Reviewed: June 2025
Next Review Due: December 2025

Genting Casinos UK Limited

My Genting

10% Off Drinks

Exclusive Offers

Download
My Genting App

•Complete Badges & Challenges and earn even more points
•See what's on easily and conveniently at your local casino
•Top up in the app
•All your messages in one place
•Stay up to date with latest game releases
•Track your points and current balance
•Plus so much more

Download on Apple Download on Android

Download to start
earning today!

MyGenting membership card and app showing on mobile phone

Available on Android and iOS devices, with our free to download app