1) INTRODUCTION
The Proprietor and Owner of Les Ambassadeurs Club (the “Club”,) is Les Ambassadeurs Club Limited (“Les A”, “we”, “our” or “us”). These privacy terms govern your use of our website, your activities as you apply for membership and as a member of Les A. As a member you will also be subject to our rules (the “Rules” or “Club Rules”).
Les Ambassadeurs Club registered address is 5 Hamilton Place, London W1J 7ED, and our company registration no. is 02708889.
We want our members and their Guests (“you”) to know that we value your privacy and Personal Data just as much as you do. We apply the highest standards to ensure your Personal Data is secure, and we always comply with the UK GDPR, as incorporated into the law of the United Kingdom under the European Union (Withdrawal) Act 2018 (“UK GDPR”) and the Data Protection Act 2018 or any successor legislation.
Les A is regulated and licensed by the UK Gambling Commission and holds an Operating Licence. Because of this, we have a legal obligation to collect, process, and disclose certain Personal Data.
Les A is a Data Controller registered with the Information Commissioner‘s Office, Registration No. Z5542615.
In this Privacy Policy (the “Policy”), we not only want to advise you of your rights, but also explain how we respect them. Any Personal Data you provide to us is subject to the terms of this Policy. This Policy and Les A’s collection, processing, use or disclosure of Personal Data shall be governed by and construed in accordance with English law.
Personal Data is any information relating to you from which:
- you can be identified or made identifiable directly from the information in question; or
- you can be indirectly identified or made identifiable from that information in combination with other information.
Sensitive Data includes information concerning:
Racial or ethnic origin, Political opinions, Religious and philosophical beliefs, Trade union membership, Genetic data, Biometric data, Data concerning health, Sex life and sexual orientation.
The only sensitive type of data we process about you is, Biometric data for the purpose of uniquely identifying you during the registration process and as may be required on an ongoing basis to effectively safeguard your interests, and your potential political opinions as part of our lawful due diligence requirements. We do not collect any other sensitive data about you.
2) COOKIES
Our website requires the use of files containing small amounts of data that exchange between your computer’s browser and our web server. They are known as “cookies” and are used for a number of functions such as remembering who you are and your choices, either for that session or for when you return to our website. Some cookies are required for our website to work but only last as long as your visit. As a result, you cannot opt out of those. All of the other cookies we like to use you can control, though some functionality may be limited by your choice. You can change your cookie preferences at any time.
3) CATEGORIES OF PERSONAL DATA
The table below sets out the categories of data we use, what they can include, and the period for which we retain that data (from the date of the last relevant activity). Some sections may include categories from another section, particularly your contacts details and identifiers.
Category | Data Included | Retention Period |
Member & Guest | Name; Date of Birth; Identity Documentation (Image); Gender; Nationality; Ethnicity; Biometric Data; Address; Email Contact; Telephone Contact; Visits; Interactions with us (Including Emails and Phone Calls). | 6 years. |
Safer Gambling | Name; Date of Birth; Identity Documentation (Image); Gender; Biometric Data; Nationality, Ethnicity; Address; Email Contact; Telephone Contact; Visits; Interactions with us; Gaming History; Financial Transactions; SENSE Scheme Data (Including Enrolment and Departure from SENSE, and Gaming History from our own or 3rd Party Records); Gaming Behaviour and Mental Health Details. | 6 years. |
Finance & Due Diligence | Name; Date of Birth; Identity Documentation (Image); Gender; Nationality; Ethnicity; Biometric Data; Address; Winnings; Invoices; Applications; Financial Transaction History; Bank Account Details; Bank Card Details; Debt Information; Cheques Awaiting Clearance; Payment Service; Affordability History; 3rd Party Affordability Referencing Data; 3rd Party Adverse Media Referencing Data, 3rd Party Debt Collection and Tracing Agencies, and other Authorised Agents; Records of Civil and Criminal Proceedings; Data from the Gambling Commission or other Regulatory or Government Authorities; Gaming Complaints or Disputes; Source of Wealth and Funds; Lifestyle and Social Circumstances; Occupation, Employment and Educational History; Family and/or Political Connections. | 7 years. |
Marketing | Personal data and gaming preferences. | 2 years or deletion on request. |
Gaming History | Club Visits; Gaming Transactions; Gaming Complaints and Disputes; Financial Transactions; 3rd Party Gaming History; Gaming Behaviour. | 7 years. |
Criminality | Name; Date of Birth; Identity Documentation (Image); Gender; Biometric Data; Nationality; Address; Email Contact; Telephone Contact; Visits; Interactions with us and Behavioural Details. | 6 years. |
AV Recordings | Audio Recordings within operational areas; CCTV of Gaming Tables and the Premises; Facial Recognition and Incident Management. | 6 years. |
AV Recordings: CCTV, Facial Recognition as well as audio recording software is active upon entry to the Club and throughout the casino premises, to enable the effective monitoring and traceability of individuals. We do this in order to prevent and investigate any crime, breaches of regulations, uphold our License conditions, or Club rules. We also use CCTV at the Club’s perimeter.
4) DATA WE MAY PROCESS UNDER A LEGAL OBLIGATION
Basis: We have a legal obligation to collect and process specific Personal Data on each Member, Guest and each candidate for membership pursuant to the Proceeds of Crime Act 2002, the Money Laundering Regulations, the Gambling Act 2005, and as a condition of our licence granted by the UK Gambling Commission, the Gambling Commission’s Codes of Practice (the “Code“) and the Self Enrolment National Self Exclusion (SENSE) scheme; please visit www.gamblingcommission.gov.uk and https://www.senseselfexclusion.com/ for further information.
Type of Data: Member and Guest; Social Responsibility; Complaints & issues; Finance & Due Diligence; Gaming History and AV Recordings.
When Data is Processed: We may collect and process this Personal Data in circumstances including, but not limited to, the following:
- When you apply for Club Membership, enter the Club, use its facilities, or when you update your personal details or ID documents with us;
- When we verify your identity and personal details, or when we conduct security, due diligence, gaming dispute and/or compliance checks;
Your Rights: Because the Personal Data referred to above is processed pursuant to a legal obligation, there is no right to erase or object to this data, or have this data made portable.
5) DATA WE MAY PROCESS UNDER OUR CONTRACT WITH YOU
Basis: When you become a Member of the Club you enter into a contract with us to provide certain services to you. This contract includes the Club Rules. It is necessary for us to process certain Personal Data about you in order to provide those services to you, including to maintain our accounts and records, to support and manage our staff, our customer services, and for the purposes of administration.
Type of Data: Member & Guest; Finance & Due Diligence; Gaming History; Complaints & issues and AV Recordings.
We process source of revenue and source of wealth in order to carry out affordability risk reduction assessments and to provide you with additional account services, applied for as a Member of the Club.
When Data is Processed: We may collect and process this data:
- When you apply for Club Membership, enter the Club, use its facilities, or when you update your personal details or ID documents with us;
- When we verify your identity and personal details, or when we conduct affordability checks (including checks with 3rd parties);
- When you contact us, request services, report a problem, or wish to make a complaint;
Your Rights: You have the right to ask us to erase such Personal Data collected pursuant to our contract with you, and we will delete any such Data (other than data we are required to retain in accordance with Section 2, above). In relation to this Data, you also have the right to data access and data portability.
6) DATA WE MAY PROCESS WITH YOUR CONSENT
Basis: When you become a Member of the Club, we will ask your express permission to contact you in relation to some of our additional services, events, general updates about the Club or other marketing materials (‘Marketing Communications’). You do not have to give your consent, and we will not contact you with Marketing Communications unless you do so.
Type of Data: Marketing
When Data is Processed: We may collect and process this data:
- If you give us your express permission to do so when you either apply for Club Membership, enter as a Guest, or you ask us to update your marketing preferences;
- In the event that Les A or substantially all of its assets are acquired by a third party, Personal Data held by Les A may be one of the transferred assets;
Your Rights: You are entitled to qualify, vary or withdraw your consent in relation to Marketing whenever you want to. You also have the right to ask us to erase such Personal Data collected with your consent. In relation to Data obtained in this way, you also have the right to data access and data portability.
5) DATA WE MAY PROCESS FOR A LEGITIMATE INTEREST
Basis: We process specific data in order to protect the legitimate interests of Les A, our employees, our Members, and our Guests. Our legitimate interests include securing our premises, counter-fraud measures and investigations, conducting and managing our business, the maintenance of records, such as gaming, hospitality and financial details obtained throughout the course of your membership. Our Members, Guests and employees, have a legitimate interest in feeling safe and secure whilst on our premises, and of ensuring compliance with the Club Rules.
Type of Data: Member & Guest; Finance & Due Diligence; Gaming History; Complaints & issues and AV Recordings.
When Data is Processed: This Data is used upon entry to the Club, throughout the casino premises and surrounding areas, specifically the Club’s perimeter, to enable the effective monitoring and traceability of individuals.
Your Rights: Whilst you are entitled to object to some of this processing, the only way you can exercise that right is by not entering the Club. Any Personal Data will be deleted after the expiry of the retention period, provided it is not being actively used in any ongoing investigations.
8) WHERE YOUR PERSONAL DATA MAY BE STORED
The information that you provide to us will be held in our systems, which are located on our premises or those of an appointed third party. We are based in the United Kingdom and your information will be accessed and used here and elsewhere in the European Economic Area (EEA) where we enable the provision of the contracted services.
While countries within the EEA all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection of your personal data. In each case, your data may, for purposes described in this notice or otherwise approved by you, be transferred to, processed by and stored by persons operating outside of the EEA and the third party may require access to all or some of your data. For example:
- other Les Ambassadeurs Club trading companies based outside the EEA may need to use data in accordance with this notice;
- our staff, suppliers or agents located outside of the EEA may need to access and process personal data to fulfil requested and or contracted services or provide other support services;
- we may use cloud-based technology hosted outside of the EEA to host some of our applications;
- we may use service providers based outside of the EEA to help us support some of our information technology infrastructure and these service providers may need to access your personal data in order to provide and support that infrastructure.
When we send personal data outside of the EEA we take steps to put in place appropriate safeguards to protect the information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed in accordance with applicable data protection laws. We protect your personal data, for example, by:
- transferring to a jurisdiction which the European Commission recognises as providing adequate protection for the rights and freedoms of data subjects in connection with the processing of their personal data;
- where possible, putting in place standard contractual clauses (SCC`s) in accordance with European Commission decisions on transferring personal data.
- requiring all Ambassadeurs Group trading companies to be subject to group data protection policies, designed to protect data in accordance with EU data protection law;
- ensuring access controls which limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know; and
- ensuring they will only process your personal information on our instructions, for the reasons we specify.
We may also from time to time rely on one or more of the ‘derogations’ available in applicable data protection laws, for example:
- The transfer is necessary for the establishment, exercise or defence of legal claims; or
- We have the individual’s explicit consent; or
- The transfer is necessary for the conclusion or performance of a contract in the interest of the individual concerned, and we are party to that contract; or
- The transfer is necessary in order to perform a contract between us and the individual concerned, or the implementation of pre-contractual measures taken at the individual’s request.
We may also be compelled by law to disclose your personal data to a third party and will have limited control over how it is protected by that party in such circumstances.
9) ACCESS TO YOUR PERSONAL DATA
When you ask to see a copy of your personal data as permitted under data protection laws we will supply you with all the personal data to which you are entitled, promptly and normally no later than one month after the receipt of your data subject access request. In rare cases, where the requests are complex or contain multiple requests, the period of compliance may be extended by a further two months, but we will write to you and explain why any extension is required within one month of your request.
We will want to ensure that we have properly identified anyone making a data subject access request and may therefore ask to see additional identification.
Any access request is normally free, although in some cases we may charge a reasonable fee based purely on our administrative costs when a request is clearly unfounded, is made excessively, or is made repetitively.
You may also have the right to Data Portability which allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. If you wish to exercise this right, we will transmit such data to you in a machine-readable code where it is technically feasible to do so.
10) HOW LONG DO WE KEEP YOUR PERSONAL DATA
Generally, we comply with the retention periods specified above although there may be exceptions, such as where there is an ongoing legal enquiry. Your personal data may also be subject to increasing internal restrictions on accessing. For example, personal data may be removed from front office functions and only accessible by senior management with specific reasons.
11) WHO DO WE DISCLOSE YOUR PERSONAL DATA TO
In accordance with this Privacy Policy and for specific purposes, we may share some of your information with the following categories of third parties.
- any trading company within Les Ambassadeurs Club Limited, which includes Les Ambassadeurs Online Limited and our sister companies (“other companies with close affiliations to us, owned by the same ultimate parent company”), and their respective subsidiaries and or trading brands for the purposes set out in this notice (for example, information and customer relationship management; software and service compatibility and improvements; and to provide you with any information, applications or services that you have requested);
- authorised representatives or agents acting on our behalf with respect to the promotion of our services in particular territories;
- suppliers where necessary, in performance of services which you have contracted, with or through us (which may include sharing data in order to perform and process payments associated with performance of such services);
- information technology companies undertaking services for us in connection with maintenance, support, development or enhancement of our websites or our other information technology platforms and infrastructure;
- third parties that we engage to perform market surveys/client feedback surveys, subject to your selected preferences;
- third parties which we engage to securely host communication services (emails and SMS) and act as suppliers to distribute our notifications and other marketing communications on our behalf, both where you have requested information and where we believe that information will be of interest to you;
- companies used to facilitate payment transactions arising from engagement of our services;
- credit reference agencies for the purposes of supporting mechanisms which assist us in safer gambling and affordability assessments;
- fraud prevention agencies;
- recruitment agencies or website recruitment platforms in the context employment;
- law enforcement agencies, regulators or other applicable third parties, where necessary to enable us to comply with our regulatory and legal obligations (including statutory or regulatory reporting or the detection or prevention of unlawful acts ), or where necessary to assist them in the conduct of their investigations;
- authorised third parties engaged to support us in performing customer and enhanced customer due diligence checks;
- our clients (if you are a supplier), in the course of performing any engagement for services;
- relevant third parties in the context of actual or potential legal proceedings (for example in response to a court order, enforcement of the terms of a contract and debt recovery);
- our own professional advisors and auditors for the purpose of seeking professional advice or to meet our legal, regulatory and auditing responsibilities; and
- another organisation if we sell or buy (or negotiate to sell or buy) any of our companies, business or assets.
We may compile statistics about the use of our websites including data on traffic, usage patterns, user numbers, and other information. All such data will be anonymised and will not include any data which can be used to identify you either by itself or when combined with other data. We may share non-personally identifiable information about the use of our website, applications, products or services publicly or with third parties, but this will not include information that can be used to identify you.
We do not sell personal data to third parties for marketing purposes.
Your Rights: You have the right to object to this and to correct any incorrect data. Membership may be conditional on allowing us to share this personal data.
12) CHANGES TO THIS POLICY
From time to time we will need to update, change or supplement this Policy, including by altering the types of Personal Data that may be collected, processed or shared. If this happens, we will update this Policy on our website, in our literature, and we will contact Members (normally by email) to inform them of any updates to this Policy before such changes come into effect. If you do not agree to these changes then you will have to inform us.
13) YOUR RIGHTS
Under Data Protection legislation, including the ‘Data Protection (Fundamental Rights and Freedoms) (Amendment) Regulations 2023, you are granted specific rights concerning your personal data. These rights align with the principles of the UK Human Rights Act 1998, ensuring comprehensive protection and respect for individuals’ fundamental rights and freedoms.
You have the following rights (“Data Rights”):
- The right to be informed: This privacy policy is intended to meet our obligation to provide “fair processing information”.
- The right of access: You have the right at any time to ask to see a copy of the personal data we hold about you.
- The right to withdraw consent: Where you have given your consent to our processing you may withdraw this at any time.
- The right to rectification and data quality: If your personal data is incorrect or incomplete then you may ask us to remedy that.
- The right to erasure including retention and disposal: You may ask us to delete or remove your personal data where there is no compelling reason for its continued processing but this may affect any services, we provide to you which relies on that personal data.
- The right to restrict processing: Where you have highlighted an issue with the data.
- The right to data portability: This allows you to request that your personal data be shared with other processors at your request.
- The right to object: Where you have an objection to our processing you may do so.
You may also have the right to lodge a complaint with the Information Commissioner’s Office if you believe we are in breach of our legal obligations under data protection laws.
14) CONTACT US
If you wish to exercise any of your GDPR rights, if you have any questions, complaints, or comments regarding this Policy, please contact us:
- by post to: The Data Protection Officer (DPO), Les Ambassadeurs Club, 5 Hamilton Place, London, W1J 7ED.
- by email to: The Data Protection Officer (DPO) at DPO@Lesaclub.com
- the Membership Committee at lesamembershipcommittee@lesaclub.com
To further query your rights regarding your Personal Data, to lodge a complaint, raise a concern about how your complaint has been handled and / or appeal against any decision made following your complaint, in accordance with your rights, you may contact the Information Commissioner’s Office (ICO): https://ico.org.uk/