Policies

Privacy policy

Privacy policy

GENERAL NOTICE 

This Privacy Policy sets out how Aspinalls Club Limited ("Crown London", "we", "us" or "our") processes your personal data. Personal data means any information which can be used to directly or indirectly identify you, and processing means the collection, recording, storage, disclosure and other uses of your personal data.

We may need to make changes to this Privacy Policy, for example, to include changes in what we collect and how we use your personal data, or how we manage developments in privacy laws. You should check our website periodically to view our most up to date Privacy Policy. This Privacy Policy replaces any previous version.

YOUR PRIVACY IS IMPORTANT

Crown London is a leading private members club offering casino and gaming services, club membership, concierge services and restaurant and bar services. We collect and process personal data to provide such services and to operate our business and, when doing so, we act as a controller of personal data. This means that we are responsible for processing your personal data in compliance with UK data protection laws: the UK GDPR and the Data Protection Act 2018 (together referred to as the "Data Protection Laws").

Your privacy is important to us. This Privacy Policy explains how Crown London will process your personal data. 

If you are required to provide any personal data to us which relates to other individuals such as guests, you agree that you will inform them about the contents of this Privacy Policy and obtain any required consent in accordance with this Privacy Policy.

If you have any questions, please contact us using the contact details in the “How to Contact Crown London” section of this Privacy Policy.

WHAT PERSONAL DATA DO WE COLLECT?

Existing or prospective members:

  • name, date of birth and gender;
  • identity documents such as your passport or driving licence or tax identity documentation;
  • business and personal contact details including your address and address history, tele-phone numbers and email address;  
  • information related to your citizenship such as nationality and citizenship status;
  • financial information, including credit or debit card details and bank and account details and financial transaction information;
  • details about your business/profession such as employment information and business stakes/ownership and business card;
  • information we hold as part of your profile such as your Crown London membership num-ber photograph, preferences, birthday, details about your guests and visits to Crown Lon-don;
  • information related to gaming services such as betting and gaming history, gaming perfor-mance data, player activity, player tier, comp status and casino/player frequents;
  • information obtained from anti-money laundering (“AML”)/know-your-customer (“KYC”) due diligence and fraud prevention checks such as political exposure, source of funds and source of income;
  • information captured during any correspondence with you such as telephone calls or writ-ten or email correspondence;
  • information about your marketing preferences; and
  • audio and video footage obtained from CCTV.

Certain categories of personal data require special protection under Data Protection Laws and are known as "special category data". This is information relating to your health, genetic or biometric data, criminal convictions, sex life or sexual orientation, racial or ethnic origin, political opinions, re-ligious or philosophical beliefs, or trade union membership. 

In certain circumstances, we may need to collect and process your special category data, for exam-ple:

  • information about your current or former physical and/or mental health and medical histo-ry, for example food allergies and dietary preferences or any information about a disability you may have and need certain special requirements/access.

Guests/dining members:

  • name, date of birth and gender;
  • identity documents such as your passport or driving licence;
  • business and personal contact details including your address, telephone numbers and email address; 
  • your nationality and citizenship;
  • financial information, including credit or debit card details;
  • details about your business/profession such as employment information and business card;
  • information we hold when you visit with a member such as your Crown London guest number, photograph, details about the member you are with and attendance logs prefer-ences;
  • information captured during any correspondence with you such as telephone calls or writ-ten or email correspondence; and
  • audio and video footage obtained from CCTV.

In certain circumstances, we may need to collect and process your special category data, for example: 

  • information about your current or former physical and/or mental health and medical histo-ry and food allergies and dietary preferences; or 
  • any information about a disability you may have and need certain special require-ments/access.

We also collect information from website visitors obtained through the use of cookies and similar tracking technologies such as IP address. Our use of cookies helps the website to function, en-hances user experience and tracks how users use our website. Whilst some cookies are required for the website to function, other cookies help us improve website functions and offerings and we will only use these cookies if you accept them. The tracking technologies we use – including the name, duration and description – are set out on our cookie consent banner when you access the website. You can find more information about cookies at www.allaboutcookies.org. If you have previously opted into our use of tracking technologies and would now like to opt out, you can do so by following the relevant link depending on your web browser: Google Chrome, Internet Explorer, Mozilla Firefox, Safari (Desktop), Safari (Mobile) and Android Browser.

HOW DO WE COLLECT PERSONAL DATA?

Existing or prospective members:

  • Directly from you, for example when you complete an application form to register as a member, each time you interact with us or when you make enquiries;
  • From third party AML, KYC, due diligence providers and identity verification providers;
  • From Self Enrolment National Self Exclusion SENSE;
  • From other companies in the Crown Group; and
  • From dining reservation companies such as SevenRooms and Square Meal.

Guests/dining members:

  • Directly from you, for example when you enter the premises as a guest or make a restau-rant reservation;
  • From the Crown London member you visit us with; and
  • From dining reservation companies such as SevenRooms and Square Meal.

WHAT WILL WE USE PERSONAL DATA FOR?

We process personal data for the purposes described in this Privacy Policy. Data Protection Laws requires companies to have a "lawful basis" to collect and use personal data. We rely on the following lawful bases when processing your personal data: 

  • it is necessary to take steps to enter into a, or perform our obligations under your member-ship contract;
  • it is necessary to comply with our legal or regulatory obligations; 
  • it is necessary for legitimate business interests pursued by us or a third party and your inter-ests and fundamental rights do not override those interests. In each case we will always con-sider your interests and undertake a balancing exercise to ensure that our business interest does not cause you harm or override your own interests; and/or
  • in limited circumstances, where you have given consent, for example for marketing purposes. 

We need to have a further processing condition when we process your special category data and we will rely on the following:

  • in limited circumstances, we need your explicit written consent;
  • in limited circumstances, where processing is necessary to protect an individuals' vital inter-ests;
  • we need to use your special category data to comply with or help someone else comply with a regulatory requirement relating to unlawful acts and dishonesty and there is a substantial pub-lic interest in such use; 
  • we need to use your special category data to prevent or detect unlawful acts and this use is in the substantial public interest; and/or 
  • it is necessary in connection with any existing/prospective legal claims, to obtain legal advice or for the establishment, exercise or defence of legal claims.

Prospective/existing members only

Member relationship management

  • It is necessary for performance of a contract.
  • We have a legitimate business interest (to create and develop relationships with members). 
  • Special category data: You have given us explicit consent.

To carry out marketing and to track member jour-ney analytics and experience improvements

  • You have given us explicit consent.
  • We have a legitimate business interest (to im-prove members' experience).

Member account management which includes

  • handling and paying members' winnings 
  • member debt management and recovery   
  • It is necessary for performance of a contract. 
  • We have a legitimate business interest (to recover debt).

To operate finance and audit functions which includes

  • Tax filing and reporting
  • handling of cash and financial transactions
  • internal and external auditing    
  • It is necessary for performance of a contract. 
  • We have a legitimate business interest (to operate our finance and audit functions).

Casino Operation which includes

  • Game play tracking
  • Operating the Casino
  • Player profile management    
  • We have a legal/regulatory obligation.
  • We have a legitimate business interest (to operate and run our Casino). 

To carry out appropriate checks and due diligence which includes:

  • Enhanced due diligence
  • Source of funds checks
  • AML and KYC checks     
  • We have a legal/regulatory obligation.
  •  It is necessary for performance of a contract. 
  • Special category data: Such use is necessary to comply with regulatory requirements relating to unlawful acts and dishonesty. It is in the substantial public interest to prevent/detect unlawful acts.

To comply with our legal or regulatory obligations which includes:

  • Carrying out suspicious activity reports
  • Complying with the Self-Exclusion and Responsible Gaming Programming  
  • Carrying out fraud prevention checks    
  • We have a legal/regulatory obligation.
  • We have a legitimate business interest (to comply with our legal and regulatory obligations).
  • Special category data: Such use is necessary to comply with regulatory requirements relating to unlawful acts and dishonesty. It is in the substantial public interest to prevent/detect unlawful acts.

IT Operations which include data storage and handling and network security

  • We have a legal/regulatory obligation.
  • We have a legitimate business interest (to comply with our legal and regulatory obligations and to ensure our IT Operations run).

Both prospective and existing members and guests/dining members

Reception Management which includes

  • check-ins and check-outs,
  • validation of access;
  • processing guest/member requests;
  • handling vehicle Valet Services  
  • It is necessary for performance of a contract (for members).
  • We have a legitimate business interest (to greet and service guests and members). 
  • Special category data: You have given us explicit consent. 

Handling dining reservations and restaurant operations facilitating dining and retail payments

  • It is necessary for performance of a contract (for members).
  • We have a legitimate business interest (to operate a restaurant and service guests and members). 
  • Special category data: You have given us explicit consent.

To organise and manage events    

  • We have a legitimate business interest (to organise events). 
  • Special category data: You have given us explicit consent.

To operate CCTV

  • We have a legitimate business interest (to operate CCTV and keep our premises, workforce and members secure).

Incident and health and safety reporting  

  • We have a legal/regulatory obligation.
  • We have a legitimate business interest (to handle and report any incidents at our premises). 
  • Necessary to protect individuals' vital interests.
  • Special category data: We need to use your information in order to establish, exercise or defend our legal rights.

To establish, exercise or defend legal claims and to handle complaints    

  • We have a legitimate business interest (to handle all complaints and legal claims)
  • Special category data: We need to use your information in order to establish, exercise or defend our legal rights.

WHO WILL WE SHARE PERSONAL DATA WITH?

We share data with:

  • Third parties we appoint to assist with our AML/KYC checks and due diligence such as Altra-ta Limited (Wealth X), Acuris, ID and address verification providers;
  • Event management companies;
  • External auditors and appointed consultants;
  • Self-Enrolment National Self Exclusion SENSE;
  • Our third-party service providers who support the operation of our business, such as IT and financial service providers including payment service providers and CCTV providers and document management providers, software providers and information security providers;
  • Regulatory bodies and law enforcement agencies including the police and the UK's Infor-mation Commissioner's Office, UK Gambling Commission and the UK Financial Intelligence Unit; 
  • Other casino operators, to identify credit worthiness, the prevention and detection of crime, the apprehension and prosecution of offenders; 
  • HM Revenue and Customs or any other relevant authority who may have jurisdiction (as is necessary for compliance with our legal obligations);
  • Third parties associated with a legal claim or complaint such as law firms, adjudicators, regu-lators;
  • Other companies within the Crown Group;
  • Any person to whom we may assign or transfer our rights and/or obligations under our agreement with you or any third party as a result of a restructuring or re-organisation, merger, sale or acquisition; and/or
  • Any companies that are in the process of joining the Crown Group, for example due to a merger, restructuring/re-organisation, sale of a business or business strategies or an acqui-sition and their legal and technical advisers in order to manage such transactions.

We are in the process of being acquired by Wynn Resorts Limited (“Wynn”) and we will share cer-tain personal data with Wynn in our legitimate interests to ensure the successful sale and contin-ued operations of our business. Wynn will process your personal data in the United States.

MARKETING

From time to time, Crown will send members marketing communications about our products and services by telephone, email and SMS which we think will be of interest to you; we will do this where you have provided consent.

Members can opt out of receiving marketing from us at any time by: 

  • following the unsubscribe link in our marketing emails or SMS; or
  • contacting us using the contact details in the “How to Contact Crown London” section of this Privacy Policy.

Crown London does not market to any excluded persons including persons registered on SENSE.

AUTOMATED DECISION MAKING

Crown London does not undertake any automated decision making.

DISCLOSING YOUR PERSONAL DATA OVERSEAS

The personal data that we collect from you may be transferred to and processed in a destination outside of the UK and the European Economic Area (which means all the European Union (EU) countries plus Norway, Iceland and Liechtenstein, together "EEA") for example:

  • it may be processed by our suppliers in other countries such as the US;
  • we may transfer your personal data to our companies in our Crown Group in Australia;
  • for international gaming patrons, we may share your personal data overseas in relation to the assessment of your credit worthiness; and/or
  • as we are in the process of being acquired by Wynn, when sharing certain personal data with Wynn in our legitimate interests to ensure the successful sale and continued opera-tions of our business, this will involve Wynn processes your personal data in the United States.

In the event that your personal data is transferred outside the UK and EEA, we take steps to en-sure that your personal data is adequately protected and in compliance with data protection laws such as:

  • transferring personal data to a country or jurisdiction which has been deemed 'adequate' by the UK government i.e. that country or jurisdiction provides an adequate level of pro-tection to that of UK;
  • entering into the UK Addendum to the EU Standard Contractual Clauses or the UK's Inter-national Data Transfer Agreement with the recipient to whom we are transferring personal data (these are sets of contractual wording which has been issued by the UK's data protec-tion regulator to safeguard transfers compliantly in accordance with Data Protection Laws); or
  • the recipient of personal data in the United States has self-certified with the UK Data Bridge to the EU-US Privacy Framework.

To find out more about how your personal data is protected when it is transferred outside the UK and the EEA (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact using the contact details in the “How to Contact Crown” section of this Privacy Policy.

SECURITY OF PERSONAL DATA

Crown London takes steps to protect the personal data it holds against loss, interference, unauthorised access, use, modification, or disclosure and against other misuses. Your personal data is held on Crown London premises in secure systems or offsite using trusted third-party providers. 

We implement a range of technical, physical and organisational measures to ensure that your personal data is kept confidential and secure.

YOUR RIGHTS

It is important that any personal data we hold about you is both accurate and up to date. Please keep us informed if your personal data changes. 

Data Protection Laws give you a number of the rights (as set out below) which you can exercise at any time by or contacting our Data Protection Officer using the details provided at the end of this Privacy Policy:

  • the right to access your personal data: you are entitled to a copy of the personal data we hold about you and certain details of how we use it; 
  • the right to rectification: you can ask us to correct any information about you that may be out of date, incorrect or incomplete;
  • the right to restrict processing: in certain circumstances, you are entitled to ask us to stop using your personal data, for example where you think that we no longer need to use your personal data or where you think that the personal data we hold about you may be inaccu-rate;
  • right to erasure: you have the right to ask us to erase your personal data in certain circum-stances, for example where you withdraw your consent or where the personal data we obtained is no longer necessary for the original purpose; this right, will, however, need to be balanced against other factors (for example, we may have legal obligations which mean we cannot comply with your request);
  • right to data portability: you have the right, under certain circumstances, to ask that we transfer certain personal data that you have provided to us to another third party of your choice or receive it in a certain format;
  • the right to object to marketing: you can ask us to stop sending you marketing messages at any time. You can exercise this right by clicking on the "unsubscribe" link which is contained in any email that we send to you. Please note that exercise of this right does not extend to service-related communications about your membership which, where necessary, we will continue to send;
  • the right to object to processing: where we process your personal data based on our legit-imate business interests (indicated in this Privacy Policy), you can object to our processing. We will consider your objection and determine whether or not our legitimate business in-terests prejudice your privacy rights;
  • the right to withdraw consent: we may ask for your consent for certain uses of your per-sonal data – we have indicated in this Privacy Policy where we do need your consent. You have the right to withdraw your consent at any time; and
  • rights related to automated decision-making: we do not carry out any automated decision making but will let you know if this changes.
  • to the right to lodge a complaint with the Information Commissioner's Office: you can find out more information at the Information Commissioner’s Office website: https://ico.org.uk/. Please note that lodging a complaint will not affect any other legal rights or remedies that you have.

Please note that not all of your data subject rights will be absolute; this means that there may be some circumstances where we may not be able to comply with your request (such as where this would conflict with our obligation to comply with other regulatory and/or legal requirements). However, if we cannot comply with your request, we will tell you the reason and we will always respond to any request you make. 

There may also be circumstances where exercising some of these rights (such as the right to eras-ure, the right to restrict processing and the right to withdraw consent) will mean we can no longer provide you with our services and it may therefore result in the cancellation of your membership. We will inform you of these consequences when you exercise your right.

DATA RETENTION

We will only keep your personal data for as long as it’s necessary to fulfil the purposes set out in this Privacy Policy and to comply with our legal and regulatory obligations. 

The retention period for which we keep your personal data will therefore depend on your rela-tionship with us and the type of personal data. For example:

  1. Member account information (e.g., name, email address, transaction/ gaming history) — retained for 7 years after the last interaction to comply with tax and accounting regulations.
  2. Marketing preferences and communications data are retained until you withdraw your consent or unsubscribe from our marketing communications. 
  3. Audio and video footage obtained from CCTV recordings are retained for 30 days, after which they are automatically deleted unless required for investigative or legal purpos-es.

If you have any questions in relation to the retention of your personal data, please contact our Da-ta Protection Officer at the details provided in this Privacy Policy.

MAKING A PRIVACY COMPLAINT

Individuals may make a written complaint to Crown London’s Data Protection Officer (using the address in the “How to Contact Crown” section of this Privacy Policy).

Any complaint should set out as much detail as possible, all the relevant particulars relating to the complaint. Upon receiving a written complaint, Crown London will acknowledge receipt of the complaint in writing without undue delay. Crown London will investigate the matters described in the complaint and then provide a written response.

Should you feel that Crown London has not processed your data fairly, you retain the right to submit a complaint to the Information Commissioner’s Office. For further details refer to their website, https://ico.org.uk/.

HOW TO CONTACT CROWN LONDON

Individuals can obtain further information in relation to this Privacy Policy, or provide any comments, by contacting:

Telephone: +44 (0) 20 7647 5454

By Post:
Data Protection Officer
Crown London 
27-28 Curzon Street 
London W1J7TJ

Email: dpo@crownaspinalls.com

Crown London is owned by Aspinalls Club Limited an England registered company no. 2495259, registered with the Information Commissioner’s Office (ICO) no. Z6242841.