• BANBURY WINNER ON TUESDAY : £50,000 The National Game
  • FALKIRK WINNER ON SATURDAY : £60,706.80 Rise & Shine Winner!
  • METRO CENTRE ON SUNDAY: £4,292.26 National Live
  • AYLESBURY WINNER ON SATURDAY: £50,000 The National Game
  • ASHMORE PARK WINNER ON SUNDAY: £20,000 Special Ticket
  • COVENTRY SAVOY WINNER ON WEDNESDAY: £20,000 Special Ticket
  • ALZHEIMER'S CHARITY GAME: We've raised £121,109 so far for the Alzheimer’s Society and Alzheimer’s Scotland thank you!

Privacy

  1. Who are we and what is the purpose of this Privacy Policy?

Who are we?

We are Gala Leisure Limited, a company incorporated and registered in England and Wales with company number 00794943 and registered office is at New Castle House, Castle Boulevard, Nottingham, Nottinghamshire, NG7 1FT. Gala Leisure Limited is part of a group which also includes our subsidiary, Gala County Clubs Limited, a company incorporated and registered in Scotland with company number SC041681 and registered office at Gala Clubs Regional Office, Kerse Lane, Falkirk, FK1 1RJ (“Gala Leisure Group”).

This Data Protection Statement is issued on behalf of Gala Leisure Group. As such, any references to "Gala", "we", "us" or "our" in this Data Protection Statement are references to the relevant company (as named above) in the Gala Leisure Group which is responsible for processing your data. We will let you know which entity will be the controller for your data when you purchase a product or service with us.

What is the purpose of this Data Protection Statement?

We take your privacy very seriously. As such, we ask that you read this Data Protection Statement carefully as it contains important information about:

  1. what personal data we may collect from you;
  2. how we will use, store and protect your personal data;
  3. with whom we may share personal data; and
  4. your rights under relevant data protection laws.

It is important that you read this Data Protection Statement together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Data Protection Statement supplements the other notices and is not intended to override them.

  1. What data do we collect from you?

We may collect and process the following personal data about you:

  • Identity data: first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact data: billing address, delivery address, email address and telephone numbers.
  • Financial data: bank account and payment card details and, in some circumstances, other details which we require in order to complete our anti-money laundering checks (such as ID documents or payslips).
  • Transaction data: details about payments to and from you and other details of products and services you have purchased from us.
  • Marketing and communications data: your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Social media data: your social media profile details (including your name, profile photo, and other information which you make available to us) when you connect with, or otherwise contact, us through a social media account.
  • Sensitive personal data: such as information about your race, religion, and health (including mental health, for example, when you choose to self-exclude yourself from our services).
  • Profile data: purchases made by you, your interests, preferences, feedback, and survey responses.
  • When you use our website, technical data: your username and password, internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • When you use our website, usage data: information about how you use our website, products and services.
  • When you use our website, other data: any other data which you provide to us when you contact us via the live chat function on our website.
  1. How do we collect data from you?

We collect your personal data in a number of ways:

  • Directly: contact, financial, and identity data directly provided by you when you fill in online forms or correspond with us in any way, for example when:
    • completing application forms;
    • creating online accounts;
    • submitting queries, including via the live chat function on our website;
    • connecting with, or otherwise contacting, us through a social media account;
    • requesting or consenting to marketing materials being sent to you; or
    • providing us with feedback.
  • Via CCTV: we use CCTV recording devices across our premises (covert or overt) in order to ensure the security of our customers, employees, buildings, and assets. This means that, while you are onsite at any of our clubs, you may be recorded by CCTV and will see signs informing you about this.
  • From third parties/public sources:
    • contact, financial and transaction data may be obtained from providers of credit referencing services, including those based outside the EU;
    • from social media or any other publically available sources; or
  • When you use our website, automatically: as you browse the Gala website certain information relating to your browsing patterns and technical data about the equipment you are using to access the website is automatically collected using cookies, server logs and other similar technologies. Please see section 8 below for further information.
  1. How do we use your data?

We may use your personal data for the following purposes:  

  • to assess your suitability for our services;
  • to provide, and seek to improve, the requested services;
  • in accordance with our legitimate interests (in circumstances where your interests and fundamental rights do not override our interests);
  • to manage your account with us and provide customer service, including to respond to your enquiries, fulfil any of your requests for information and/or self-exclusion, and to send you important information regarding our services and/or other technical notices, updates, security alerts, and support and administrative messages;
  • for research, behaviour, and statistical analysis purposes, including to assess patterns in your spending and behaviour when using our services;
  • as we believe to be necessary or appropriate:
    • in order to comply with a legal obligation, such as the prevention of fraud and money laundering or the conduct of litigation. This includes where the processing is necessary for us to comply with the law;
    • to enforce or apply this Data Protection Statement; and
    • to protect our legitimate rights, privacy, property or safety, and/or those of a third party and your rights do not override those interests; and
  • when you use our website, to personalise your experience on the Gala website.

Marketing

It is important to us that we only provide you with tailored offers and promotions for services which you may want or need. You will therefore only receive such offers from us if you have consented to, and have not at any point opted out from, receiving marketing.
Opting out from receiving marketing communications from us is easy and you may do so at any time by contacting us at DPO@galaleisure.com or calling customer services on 0808 164 4456. We will process your request to be opted-out of marketing within 30 days of receipt.
We will ensure that we obtain your consent before we share your personal data with any third party company for marketing purposes.

  • Consent: if you have consented for us to process your personal data for specific reasons.
  • Compliance with a legal obligation: where the processing is necessary for us to comply with the law.
  • Performance of a contract: in order to perform a contract we may have with you.
  • Legitimate interest: in order to carry out the purposes of Gala’s business of providing online and in-club gaming services.  
  1. How do we keep your data?

Retention

We will not retain your personal data for longer than is necessary for the purposes for which the personal data is processed. This means that your data will only be retained for as long as it is still required to provide you with services or is necessary for legal reasons. Accordingly, we are likely to retain your data for no longer than 6 years from the date on which our contract or relationship with you terminates or expires (after which time your data will be anonymised).   
When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the personal data which we hold and the purposes for which it is held and processed.
Specifically, we retain CCTV footage for a maximum of 31 days (unless there is a legitimate reason to retain it for longer), after which time the footage is deleted. If required for crime prevention purposes, we may provide footage to the police or other appropriate third parties as necessary.
When we determine that personal data can no longer be retained (or where you request us to delete your data in accordance with your right to do so (please see section 7 below for more information)), we ensure that this data is securely deleted or destroyed.
For more details about our retention periods, please contact us at DPO@galaleisure.com.

Accuracy

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Security

In order to protect your personal data, we have appropriate organisational and technical security measures. These measures include restricting access to your personal data to certain employees, ensuring our internal IT systems are suitably secure, and implementing procedures to deal with any suspected data breach.

In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.

  1. How do we transfer your data?

Transfers to members of our group

We may share your data with other members of the Gala Leisure Group in order for them to provide services to you and for administrative purposes.

Transfers to third parties

There may be circumstances in which we may also need to share your personal data with certain third parties, including third parties located outside of the EEA.

The third parties to which we may transfer your personal data include:

 

Category of third party

Reason for transfer

  1.  

IT, including suppliers of software (including customer relationship management and customer services software) and website support.

For the provision and maintenance of our website and IT software, and related support.

  1.  

Finance, including payment processing providers.

For the provision of payment processing.

  1.  

Marketing, including providers of direct mail, email, SMS, and telephone marketing services.

For the provision of marketing communications to our customers.

  1.  

Analytics, including statistical analysis and research.

For the provision of data analytics services.

  1.  

Operations, including providers of customer identification services, student discount cards, customer vouchers, CCTV, self-exclusion support, and photographers.

For the provision of a variety of operational services.

  1.  

Our professional services providers, including providers of legal, accounting, and claims management services.

For the provision of professional services to Gala.

  1.  

Credit bureaus

For the provision of identity verification services and conducting credit checks where applicable.

The security of your data is important to us and we will, therefore, only transfer your data to such third parties if:

  • you have expressly consented to your data being shared with specific third parties;
  • the third party needs to access the personal data for the purposes of providing any contracted services to you;
  • the third party has agreed to comply with Gala’s instructions, required data security standards, policies, and procedures and put adequate security measures in place;
  • the transfer complies with any applicable cross border transfer restrictions and suitable safeguards have been put in place; and 
  • a fully executed written contract that contains suitable obligations and protections has been entered into between the parties.

As mentioned above, we will only transfer your data where suitable safeguards have been put in place. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and includes:

  • only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission; or
  • where your data will be transferred outside of the EEA, entering into specific contractual terms which have been approved by the European Commission and which give personal data the same protection as within the EEA.

For more information on the safeguards used by Gala when transferring personal data to third parties, please contact us at DPO@galaleisure.com.

  1. What are your rights?
  • You have certain rights in relation to the personal data we process and hold about you. These include:
  • Right to rectification: you have the right to require us to correct any inaccuracies in your data.
  • Right to erasure: you have the right to require us to delete your data, subject to certain legal requirements.
  • Right to restriction of processing: you have the right to require us to restrict the way in which we process your personal data. You may wish to restrict processing if, for example:
    • You contest the accuracy of the data and wish to have it corrected;
    • You object to processing but we are required to retain the data for reasons of public interest; or
    • If you would prefer restriction to erasure.
  • Right to data portability: you have the right to obtain from us easily and securely the personal data we hold on you for any purpose you see fit.
  • Right to object to processing: you have the right to require us to stop processing your personal data should you wish the data to be retained but no longer processed.
  • Right of access: you have the right to request access to personal data that we may process about you.
  • Right to withdraw consent: you have the right at any time to withdraw consent allowing us to process your personal data.

If you would like to exercise any of the above rights, please:

  • either email us at DPO@galaleisure.com or speak to a member of staff in club;
  • if requested, provide proof of your identity (such as a copy of your driving licence or passport) and address (such as a recent utility or credit card bill) so we can identify you; and
  • specify the right you wish to exercise.

Response time

  • We will respond to requests made by you within one month.

Charge

We will not charge a fee for you to exercise any of the rights listed above.

  1. What happens when you use our website?

    8.1 Third party links

    The Gala website may contain links to and from other applications, plug-ins and websites of other networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that they (and any services that may be accessible through them) have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these apps, websites or services. Please check these policies before you submit any personal data to these websites or use such services.

    8.2 Cookies

    You should be aware that our website may contain cookies. For more information about how we use cookies, please read our Cookies Policy which can be found by visiting https://www.galabingoclubs.co.uk/cookies.html  

  1. What about this Data Protection Statement?

Amendments to this Data Protection Statement

No changes to this Data Protection Statement are valid or have any effect unless agreed by us in writing. We reserve the right to vary this Data Protection Statement from time to time. Our updated terms will be displayed on the Gala website. It is your responsibility to check this Data Protection Statement from time to time to verify such variations.

Questions in relation to this Data Protection Statement

You should also be aware that you have the right to raise any concerns in relation to how we process your personal data to the Information Commissioner's Office (ICO).

We have appointed a data protection officer (DPO) who is responsible for dealing with any such concerns, in addition to overseeing questions in relation to this Data Protection Statement and handling requests in relation the exercise of your legal rights. If you have any concerns, questions, or requests, please contact the DPO using the details set out below.

Our full details are:

Full name of legal entity: Gala Leisure Limited

Name or title of DPO: Director of Risk and Compliance

Email address: DPO@galaleisure.com

Postal address: DPO, Gala Leisure, New Castle House, Castle Boulevard, Nottingham NG7 1FT

 

Follow us on Social Media