Castle Leisure Membership Privacy Policy

The privacy and security of your personal data is of the utmost importance to Castle Leisure and we invest heavily into measures that help protect your data protection rights.

This policy describes how and why we collect, store, process and manage the personal data we hold from our members. The term ‘Personal Data’ refers to any information relating to an identifiable individual or his or her personal identity.

This policy outlines how your data will be processed lawfully, fairly and in a transparent manner. Castle Leisure does not sell or rent your personal data to third parties for marketing purposes whatsoever.

We will ensure that the personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the person has agreed to this or would otherwise reasonably expect this.

Castle Leisure collects your personal data in order to manage your membership of our clubs. We also collect your data so that we can send you marketing information regarding our products, promotions and services.

Castle Leisure has appointed a Data Protection Officer (DPO) who is responsible for ensuring that personal data is managed responsibly throughout the company. You can contact the DPO using the details listed at the end of this document.

You have the right to see the data we hold on you, rectify that data and also for requesting us to delete that data at any time.


  1. Introduction
    • Castle Leisure is defined as the data controller with regard to all of the information contained within this document.
  • This Privacy Policy sets out the way in which Castle Leisure Limited (“we”, “us” or “Castle Bingo”), collects and processes Personal Information of our club members. Castle Leisure is registered for the purposes of data protection with the Information Commissioner’s Office in the UK (Registration Reference Z879812X).
  • By using our Services and registering for membership, you acknowledge that you have read, and understand the terms of this Privacy Policy in relation to our lawful basis of processing.


  1. The information we collect
    • As part of maintaining your membership we collect your Personal Information. “Personal Information” means any information from which you, as a ‘data subject’, can be personally identified, including (for example) your name, email address, home address, telephone number, debit/credit card data or date of birth.
  • We collect your Personal Information when you register for membership at a club; and when you email us your details. We also collect information about the transactions you undertake whilst at our clubs.
  • In addition, we may collect Personal Information through surveys which we undertake. Such surveys are voluntary and are anonymous where possible.


  1. Your rights as a ‘data subject’
    • Under data protection law you retain the following rights over your personal data outlined in paragraph 3.2.
  • The right to access the data we hold about you
    The right to rectification of any data that is inaccurate or incomplete.
    The right to erasure of your data (also known as ‘the right to be forgotten’)
    The right to restrict processing of your data
    The right to data portability
    The right to object to the processing of your data
    Rights in relation to automated decision making and profiling.
  • If you exercise your right to be forgotten, this would result in a termination of your membership to Castle Bingo clubs. This means you would no longer be able to visit or play at our clubs unless you were to re-join as a member.


  1. Our basis for processing personal data
    • For the purpose of managing a regulated business within the Gambling Industry it is important for us to maintain a membership database. This database allows us to achieve our regulatory compliance responsibilities and safeguard the security of our members. 
  • It is a requirement of our Terms and Conditions that any person who wishes to attend or partake in the services offered at our premises must register as a member.
  • Information collected and processed for the purposes of becoming and remaining a member is necessary for compliance with a legal obligation to which Castle Leisure is subject to. Castle Leisure is regulated by the Gambling Commission, and under the Gambling Act 2005, must fulfil the primary conditions set out in the Licence Conditions Codes of Practise (LCCP). This includes [A] To prevent gambling from being a source of crime and disorder, being associated with crime or disorder or being used to support crime. [B] To ensure that gambling is conducted in a fair and open way. [C] To protect children and other vulnerable persons from being harmed or exploited by gambling.
  • In order to keep you up to date with our news and promotional events we create and send regular marketing information via direct marketing, telephone marketing, SMS and email channels. In order to send you this information we will gain your consent. This is usually obtained at the point of registration.
  • This consent can be withdrawn at any time by speaking to your local club or by contacting the Data Protection Officer using the details at the end of this policy.


  1. How we use your Personal Information
    • Your Personal Information is processed by us to provide you with the products and services relating to our business. In particular, we collect your Personal Information in order to enable us to:
  • Set-up, administer and manage your membership, associated accounts and records;
  • Receive and respond to your communications and requests;
  • Notify you about promotional offers and general marketing;
  • Ensure that we are able to fulfil our regulatory obligations regarding your Account, including by verifying the accuracy of any information you give us;
  • Comply with our obligations under Applicable Laws (including, but not limited to the Gambling Act 2005);
  • Investigate, and assist with the investigation of, suspected unlawful, fraudulent or other improper activity connected with the Services (including, where appropriate, dealing with requests from regulatory bodies for the sharing of information);
  • Carry out market research campaigns;


  1. Disclosure of your Personal Information
    • We may disclose your Personal Information to any of the following recipients:
  • Any company within our Group (including to its employees and sub-contractors) which assists us in providing the Services or which otherwise has a need to know such information.
  • Any contractors or other advisers auditing any of our business processes or who have the need to access such information for the purpose of advising us.
  • Any data processor which enable us to manage systems or processes as part of any service or promotion offered to our members. Processors will be subject to data sharing agreements, and we will take reasonable steps to ensure that used data processors are compliant with GDPR requirements in order to safeguard data.
  • Any law enforcement or regulatory body which may have any reasonable requirement to access your Personal Information.
  • In the event that we sell or buy any business, assets or shares in part or whole we may disclose your personal details to such relevant third parties involved.


  1. Marketing Preferences
    • We will not send you unsolicited information regarding any third party’s products or services.
  • For new member registration from May 11th 2018, as part of the Account registration process, you will have the opportunity to choose whether or not to receive information on our offers and promotions. This consent is subject to the data retention periods defined within this policy.
  • For existing members who registered prior to May 11th 2018, you were provided with an ‘opt out’ of receiving marketing communication at the time of registration, and if you have not opted out, we will assume legitimate business purpose in sending marketing communication. We will include the option to opt out every time such communications are sent out to you. The product, service or ideals we are marketing to you are the same or similar to those that you originally consented to receive marketing at time of registration, and therefore it is reasonable for you to receive marketing material from us.
  • We will send you promotional marketing information and updates until such time that you inform us that you do not wish to continue to receive them or do not refresh your consent upon our request at the end of 5 years from the date of your consent. You may update your marketing preferences at any time by contacting your local club or through the contact form on our website (


  1. Accessing andUpdating your Personal Information
    • You may update your Personal Information at any time by contacting your local club or the company data protection officer using the details below.
  • You may obtain a copy of your Personal Information held by us through the following channels, by contacting our Customer Services team in club, by writing to us at The Data Protection Officer, Castle Leisure, 1 City Road, Cardiff, CF24 3TQ, or online via email at Requests for access to your personal data are free of charge, and we require one calendar month in order to respond to such requests.


  1. How long do we keep your data for?
    • We retain your data for no longer than is necessary for compliance with a legal obligation as defined in 4.3. This length of time is different for each type of personal data that we hold. These retention periods are subject to change only where deemed necessary by the Data Protection Officer where there is a defined vital interest under data protection law.
    • Data retention periods:
Membership information This is the information we collect at the point of registration Data retained for 5 years after data subjects’ most recent visit.
Marketing Preferences These are the marketing channels you give consent for us to contact you by Data retained for 5 years from consent being given.
Information required by legislation This includes data which relates to social responsibility or anti-money laundering policy Data retained for 10 years after data subjects’ most recent visit.
Data relating to spend information This includes information on cash or card transactions which take place on or around our premises in exchange for products or services provided by Castle Leisure Data retained for 6 years after data subjects’ most recent visit.

Figure 1.1 data retention periods


  1. Advertising and use of Cookies
    • We may collect anonymous information about your use of the Website (‘the website’ refers specifically to using “cookies”, pixel tags and similar functionality. We use cookies for the operation of the Website. We also use cookies for our own analytical purposes so that we can improve our customers’ experience.
  • If you object to cookies or want to delete any cookies that are already stored on your computer, you should follow the instructions for deleting existing cookies and disabling future cookies on your web browser or equivalent software. Further information is available at
  • As part of the Website’s operation, and for our own statistical analysis of site traffic, our Website automatically logs internet IP addresses.


  1. Security
    • We use a number of methods to ensure that all customer information remains confidential. We have developed a comprehensive policy for data protection management which is reviewed and updated as necessary.


  1. Complaints

Castle Leisure takes the personal data we hold very seriously and is happy to receive any queries or concerns you may have. If you believe that we have not adhered to this policy or that your data has been handled in a way which you feel is not in accordance with your wishes then you may complain to the Data Protection Officer using the contact details below.

The Data Protection Officer, Castle Leisure, 1 City Road, Cardiff, CF24 3TQ
02920 48 44 22

Alternatively you may contact the Information Commissioners Officer (ICO) directly who are the body responsible for managing data protection compliance in the UK.

You can contact the ICO at the following address: Information Commissioner’s Office
Wycliffe House
Water Lane

0303 123 1113

  1. Contact information

Please contact us via the contact form on our website or in writing at;

The Data Protection Officer, Castle Leisure, 1 City Road, Cardiff, CF24 3TQ
02920 48 44 22