Castle Leisure Membership Privacy Policy
The privacy and security of your personal data is of the utmost importance to Castle Leisure and we invest heavily into measures that help protect your data protection rights. This policy describes how and why we collect, store, process and manage the personal data we hold from our members. The term ‘Personal Data’ refers to any information relating to an identifiable individual or his or her personal identity. This policy outlines how your data will be processed lawfully, fairly and in a transparent manner. Castle Leisure does not sell or rent your personal data to third parties for marketing purposes whatsoever.
We will ensure that the personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the person has agreed to this or would otherwise reasonably expect this.
Castle Leisure collects your personal data in order to manage your membership of our clubs. We also collect your data so that we can send you marketing information regarding our products, promotions and services.
Castle Leisure has appointed a Data Protection Officer (DPO) who is responsible for ensuring that personal data is managed responsibly throughout the company. You can contact the DPO using the details listed at the end of this document. You have the right to see the data we hold on you, rectify that data and also for requesting us to delete that data at any time.
1.0 Introduction
1.1 Castle Leisure is defined as the data controller with regard to all of the information contained within this document.
1.2 This Privacy Policy sets out the way in which Castle Leisure Limited (“we”, “us” or “Castle Bingo”), collects and processes Personal Information of our club members. Castle Leisure is registered for the purposes of data protection with the Information Commissioner’s Office in the UK (Registration Reference Z879812X).
1.3 By using our Services and registering for membership, you acknowledge that you have read, and understand the terms of this Privacy Policy in relation to our lawful basis of processing.
2.0 The information we collect
2.1 As part of maintaining your membership we collect your Personal Information. “Personal Information” means any information from which you, as a ‘data subject’, can be personally identified, including (for example) your name, email address, home address, telephone number, debit/credit card data or date of birth.
2.2 We collect your Personal Information when you register for membership at a club; and when you email us your details. We also collect information about the transactions you undertake whilst at our clubs.
2.3 In addition, we may collect Personal Information through surveys which we undertake. Such surveys are voluntary and are anonymous where possible.
3.0 Your rights as a ‘data subject’
3.1 Under data protection law you retain the following rights over your personal data outlined in paragraph 3.2.
3.2 The right to access the data we hold about you
The right to rectification of any data that is inaccurate or incomplete.
The right to erasure of your data (also known as ‘the right to be forgotten’)
The right to restrict processing of your data
The right to data portability
The right to object to the processing of your data
Rights in relation to automated decision making and profiling.
3.3 If you exercise your right to be forgotten, this would result in a termination of your membership to Castle Bingo clubs. This means you would no longer be able to visit or play at our clubs unless you were to rejoin as a member.
4.0 Our basis for processing personal data
4.1 For the purpose of managing a regulated business within the Gambling Industry it is important for us to maintain a membership database. This database allows us to achieve our regulatory compliance responsibilities and safeguard the security of our members.
4.2 It is a requirement of our Terms and Conditions that any person who wishes to attend or partake in the services offered at our premises must register as a member.
4.3 Information collected and processed for the purposes of becoming and remaining a member is necessary for compliance with a legal obligation to which Castle Leisure is subject to. Castle Leisure is regulated by the Gambling Commission, and under the Gambling Act 2005, must fulfil the primary conditions set out in the Licence Conditions Codes of Practise (LCCP). This includes [A] To prevent gambling from being a source of crime and disorder, being associated with crime or disorder or being used to support crime. [B] To ensure that gambling is conducted in a fair and open way. [C] To protect children and other vulnerable persons from being harmed or exploited by gambling.
4.4 In order to keep you up to date with our news and promotional events we create and send regular marketing information via direct marketing, telephone marketing, SMS and email channels. In order to send you this information we will gain your consent. This is usually obtained at the point of registration.
4.5 This consent can be withdrawn at any time by speaking to your local club or by contacting the Data Protection Officer using the details at the end of this policy.
4.6 For the purpose of public health efforts to tackle COVID-19, and in the interests of the individual, Castle Leisure will assume legitimate interest as our lawful basis of processing data for the purpose of NHS test and trace.
5.0 How we use your Personal Information
5.1 Your Personal Information is processed by us to provide you with the products and services relating to our business. In particular, we collect your Personal Information in order to enable us to:
6.0 Disclosure of your Personal Information
6.1 We may disclose your Personal Information to any of the following recipients:
7.0 Marketing Preferences
7.1 We will not send you unsolicited information regarding any third party’s products or services.
7.2 For new member registration from May 11th 2018, as part of the Account registration process, you will have the opportunity to choose whether or not to receive information on our offers and promotions. This consent is subject to the data retention periods defined within this policy.
7.3 For existing members who registered prior to May 11th 2018, you were provided with an ‘opt out’ of receiving marketing communication at the time of registration, and if you have not opted out, we will assume legitimate business purpose in sending marketing communication. We will include the option to opt out every time such communications are sent out to you. The product, service or ideals we are marketing to you are the same or similar to those that you originally consented to receive marketing at time of registration, and therefore it is reasonable for you to receive marketing material from us.
7.4 We will send you promotional marketing information and updates until such time that you inform us that you do not wish to continue to receive them or do not refresh your consent upon our request at the end of 5 years from the date of your consent. You may update your marketing preferences at any time by contacting your local club or through the contact form on our website (www.castlebingo.co.uk)
8.0 Accessing and Updating your Personal Information
8.1 You may update your Personal Information at any time by contacting your local club or the company data protection officer using the details below.
8.2 You may obtain a copy of your Personal Information held by us through the following channels, by contacting our Customer Services team in club, by writing to us at The Data Protection Officer, Castle Leisure, 1 City Road, Cardiff, CF24 3TQ, or online via email at data@castleleisure.co.uk. Requests for access to your personal data are free of charge, and we require one calendar month in order to respond to such requests.
9.0 How long do we keep your data for
9.1 We retain your data for no longer than is necessary for compliance with a legal obligation as defined in 4.3. This length of time is different for each type of personal data that we hold. These retention periods are subject to change only where deemed necessary by the Data Protection Officer where there is a defined vital interest under data protection law.
9.2 Data retention periods:
Membership information
This is the information we collect at the point of registration.
Data retained for 5 years after data subjects’ most recent visit.
Marketing Preferences
These are the marketing channels you give consent for us to contact you by.
Data retained for 5 years from consent being given.
Information required by legislation
This includes data which relates to social responsibility or anti-money laundering policy.
Data retained for 10 years after data subjects’ most recent visit.
Data relating to spend information
This includes information on cash or card transactions which take place on or around our premises in exchange for products or services provided by Castle Leisure.
Data retained for 6 years after data subjects’ most recent visit.
10. Advertising and use of Cookies
10.1 We may collect anonymous information about your use of the Website (‘the website’ refers specifically to www.castlebingo.co.uk & www.castle.bingo) using “cookies”, pixel tags and similar functionality. We use cookies for the operation of the Website. We also use cookies for our own analytical purposes so that we can improve our customers’ experience.
10.2 If you object to cookies or want to delete any cookies that are already stored on your computer, you should follow the instructions for deleting existing cookies and disabling future cookies on your web browser or equivalent software. Further information is available at www.aboutcookies.org.
10.3 As part of the Website’s operation, and for our own statistical analysis of site traffic, our Website automatically logs internet IP addresses.
11. Security
11.1 We use a number of methods to ensure that all customer information remains confidential. We have developed a comprehensive policy for data protection management which is reviewed and updated as necessary.
12. Complaints
12.1 Castle Leisure takes the personal data we hold very seriously and is happy to receive any queries or concerns you may have. If you believe that we have not adhered to this policy or that your data has been handled in a way which you feel is not in accordance with your wishes then you may complain to the Data Protection Officer using the contact details below.
The Data Protection Officer, Castle Leisure, 1 City Road, Cardiff, CF24 3TQ
02920 48 44 22
Alternatively you may contact the Information Commissioners Officer (ICO) directly who are the body responsible for managing data protection compliance in the UK.
You can contact the ICO at the following address: Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
0303 123 1113
13. Contact information
Please contact us via the contact form on our website or in writing at;
The Data Protection Officer, Castle Leisure, 1 City Road, Cardiff, CF24 3TQ
02920 48 44 22
The privacy and security of your personal data is of the utmost importance to Castle Leisure and we invest heavily into measures that help protect your data protection rights.
This policy describes how and why we collect, store, process and manage the personal data we hold from our members. The term ‘Personal Data’ refers to any information relating to an identifiable individual or his or her personal identity.
This policy outlines how your data will be processed lawfully, fairly and in a transparent manner.
Castle Leisure does not sell or rent your personal data to third parties for marketing purposes whatsoever.
We will ensure that the personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the person has agreed to this or would otherwise reasonably expect this.
As your employer Castle Leisure needs to process your personal data during your recruitment, during your employment with us and following the termination of your employment.
Castle Leisure has appointed a Data Protection Officer (DPO) who is responsible for ensuring that personal data is managed responsibly throughout the company. You can contact the DPO using the details listed at the end of this document.
You have the right to see the data we hold on you, rectify that data and also for requesting us to delete that data at any time.
This policy is not contractual and may be amended at the Company’s absolute discretion.
1. Introduction
1.1 Castle Leisure is defined as the data controller with regard to all of the information contained within this document.
1.2 This Privacy Policy sets out the way in which Castle Leisure Limited (“we”, “us” or “Castle Bingo”), collects and processes Personal Information of our club members. Castle Leisure is registered for the purposes of data protection with the Information Commissioner’s Office in the UK (Registration Reference Z879812X).
1.3 By applying for a position with the Company, you acknowledge that you have read, and understand the terms of this Privacy Policy in relation to our lawful basis of processing.
2. The information we collect
2.1 As part of maintaining your employment we collect your Personal Information. “Personal Information” means any information from which you, as a ‘data subject’, can be personally identified, including (for example) your name, email address, home address, telephone number, or date of birth. It does not include data that has been anonymised. The Company may hold personal data about you on email systems, electronic and paper HR files.
2.2 We collect your Personal Information when you apply for vacancies
3. Your rights as a ‘data subject’
3.1 Under data protection law you retain the following rights over your personal data outlined in paragraph 3.2
3.2 The right to access the data we hold about you
The right to rectification of any data that is inaccurate or incomplete.
The right to erasure of your data (also known as ‘the right to be forgotten’)
The right to restrict processing of your data
The right to data portability
The right to object to the processing of your data
Rights in relation to automated decision making and profiling.
4. Our basis for processing personal data
4.1 The Company processes personal data where necessary to manage the employment relationship and the main lawful basis for processing your data are:
Where we process special category data we will only do so where one of the lawful reasons set out above applies and where either, you have given explicit consent:; processing is necessary under employment law: processing is necessary to protect you or another person’s vital interests and you are capable of giving consent: you have made the data public; processing is necessary for a legal claim; it is necessary for occupational medical reasons, or for the assessment of medical capacity. Where we plan to process special category data relating to you we will explain this and set out the reasons, at the time.
Special category data is information such as racial or ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, sex life or sexual orientation.
We may collect information from you relating to some of these matters but will usually do so in an anonymised way, so as to monitor the effectiveness of our equal opportunities policies. Where this is the case it will not be considered to be personal data. However where the data has not been anonymised, this will clearly be special category data and be treated as such.
The Company processes personal data relating to criminal convictions to meet our regulatory requirements.
5. How we use your Personal Information
5.1 Your Personal Information is processed by us, as your employer during your recruitment. We will use this data to decide whether to employ you, check you have the right to work in the UK, decide what salary and other terms to offer you and then administer the ongoing contract between us including for example managing your performance and conduct, making reasonable adjustments if you have a disability, paying you and deducting tax and national insurance. Personal data may be provided to us by you, but may also be provided to us by third parties such as former employers or may be created during the employment relationship such as appraisal records or on its termination such as references provided to prospective employers.
The following are examples of the personal information we may process and retain:
This information will be retained by the Company in line with our Data Retention Policy.
6. Disclosure of your Personal Information
6.1 We may disclose your Personal Information to any of the following recipients:
8. Accessing and Updating your Personal Information
8.1 You may update your Personal Information at any time by contacting the company data protection officer using the details below.
8.2 You may obtain a copy of your Personal Information held by from The Data Protection Officer, Castle Leisure, 1 City Road, Cardiff, CF24 3TQ, or online via email at data@castleleisure.co.uk. Requests for access to your personal data are free of charge, and we require one calendar month in order to respond to such requests.
9. How long do we keep your data for?
9.1 We retain your data for no longer than is necessary for compliance with a legal obligation as defined in 4.1. This length of time is different for each type of personal data that we hold dependant on company and legislative requirements. These retention periods are subject to change only where deemed necessary by the Data Protection Officer
10. Security
10.1 We use a number of methods to ensure that all employee information remains confidential. We have developed a comprehensive policy for data protection management which is reviewed and updated as necessary.
11. Complaints
Castle Leisure takes the personal data we hold very seriously and is happy to receive any queries or concerns you may have. If you believe that we have not adhered to this policy or that your data has been handled in a way which you feel is not in accordance with your wishes then you may complain to the Data Protection Officer using the contact details below.
The Data Protection Officer, Castle Leisure, 1 City Road, Cardiff, CF24 3TQ
02920 48 44 22
Alternatively you may contact the Information Commissioners Officer (ICO) directly who are the body responsible for managing data protection compliance in the UK.
You can contact the ICO at the following address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113
12. Contact information
Please contact us via the contact form on our website or in writing at;
The Data Protection Officer, Castle Leisure, 1 City Road, Cardiff, CF24 3TQ
02920 48 44 22
Copyright © 2024 Castle Leisure Limited
18+ BeGambleAware
This website uses cookies. By continuing to use this site, you accept our use of cookies. Privacy Policy