burger icon
Napoleon United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Napoleon on napoleonik.com ("Napoleon", "we", "us", "our") collects, uses, discloses and protects personal data relating to visitors to our website and individuals who interact with Napoleons Casinos & Restaurants in the United Kingdom. It is designed to meet the requirements of UK data protection law, including the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018 and relevant gambling-industry standards.

This Privacy Policy applies to: (i) visitors to napoleonik.com; and (ii) customers and prospective customers of UK land-based casinos and restaurants operating under the "Napoleons" brand, insofar as their personal data is processed in connection with information and services described on napoleonik.com. It does not apply to the separate Belgian online operator "Napoleon Games" or to any third-party online casinos that offer the "Napoleon: Rise of an Empire" slot game.

This Privacy Policy is effective from 6 November 2025 and was reviewed for accuracy in January 2026. We encourage you to read it carefully and to check back regularly for updates.

Who We Are

For the purposes of UK data protection law, the primary data controller for personal data described in this Privacy Policy is the operator of napoleonik.com, which provides information about Napoleons Casinos & Restaurants in the United Kingdom ("Napoleons"). In relation to land-based casino and betting operations referenced on this site, personal data may also be controlled by A & S Leisure Group Limited, a privately owned UK company based in Sheffield, United Kingdom, which operates Napoleons-branded casinos and restaurants under licences granted by the UK Gambling Commission (Account Number 294, Non-remote 1968 Act Casino and Non-remote General Betting Standard (Real Events)).

The registered company details (including company registration number and registered office address) of A & S Leisure Group Limited are available in the UK Companies House register and through the UK Gambling Commission public register. Where napoleonik.com links to or references other domains (such as the official Napoleons venues site or third-party operators), those sites are subject to their own privacy policies and are separate controllers of any data they collect.

Because napoleonik.com is an informational resource, it does not itself provide remote real-money gambling services. Any online gambling activity that you undertake must be conducted on sites that are separately licensed and that provide their own privacy and terms.

If you have questions about this Privacy Policy or wish to exercise your data protection rights, you should contact our data protection contact ("DPO contact") using the contact details provided on napoleonik.com, clearly marking your communication "Data Protection" or "Privacy". We will ensure that your enquiry is routed to an appropriate data protection contact person or department.

What Personal Data We Collect

Identity and Contact Data

  • Basic identification data: such as your title, first name, last name and, where relevant, date of birth and age verification information, particularly when you enquire about or apply for Napoleons casino membership or venue access.
  • Contact details: including email address, telephone number and postal address where you provide them (for example, when using contact forms, making event or restaurant bookings, joining marketing lists, or responding to surveys).

Regulatory and Verification Data

  • KYC and due diligence data: information and documentation required under gambling, anti-money-laundering (AML) and counter-terrorist-financing rules (for example, proof of identity, proof of address, occupation, source-of-funds information, and records of checks carried out).
  • Eligibility data: information relating to self-exclusion and safer gambling schemes (such as SENSE or relevant venue self-exclusion records), records of any imposed exclusions or restrictions, and notes relating to safer gambling interactions.

Technical and Usage Data

  • Technical data: IP address, device identifiers, browser type and version, time zone setting, operating system, and other technical information obtained when you visit napoleonik.com.
  • Usage and log data: pages visited, clickstream data, time spent on pages, referral URLs, interaction with on-site tools, and error logs collected for security, diagnostics and analytics purposes.

Payment and Transaction Data

  • Transaction records: where relevant for land-based venues, records of buy-ins, stakes, wagers, wins, losses, chip transactions, deposits and withdrawals, as required by gambling and financial regulations.
  • Payment details: limited payment card or bank information where necessary for processing venue deposits, withdrawals or event payments (usually handled via secure payment providers so that only minimal card information is stored by or visible to us).

Behavioural and Profile Data

  • Behavioural data: betting and gaming patterns in land-based venues (for example, frequency of visits, typical stake levels, game preferences and duration of play) as recorded in player tracking, membership or loyalty systems where available.
  • Marketing and preference data: your communication preferences, records of email opens and clicks (if you subscribe to marketing communications), and responses to promotions, surveys or competitions.

Cookies and Similar Technologies

  • Cookies: small text files placed on your device to make the site work, to remember your choices and to understand how our site is used.
  • Similar technologies: such as web beacons, pixels and tags used for analytics, performance measurement and, where you consent, advertising and retargeting through third-party networks.

Special Categories of Data

  • Sensitive information: we do not intentionally collect special categories of personal data (such as health information) via napoleonik.com. However, in land-based venues, information relating to your health or vulnerabilities may arise where you disclose it voluntarily in the context of safer gambling interactions or incident reports; where that happens, we treat it with particular care and limit access strictly.

Legal Basis for Processing

We process personal data only where we have a lawful basis under UK GDPR and related laws. Depending on the context, this may include one or more of the following:

Performance of a Contract

  • Provision of services: we process your data where it is necessary to enter into or perform a contract with you, for example to manage a casino membership, facilitate venue entry, operate a loyalty programme, process payments, manage restaurant or event bookings, or respond to service requests made via napoleonik.com.
  • Customer support: we use your contact and transaction data to respond to enquiries, resolve complaints and provide ongoing customer service related to our venues and services.

Compliance with Legal Obligations

  • Gambling regulation: we process data to comply with requirements imposed by the UK Gambling Commission and other regulators, including age verification, safer gambling obligations, reporting duties and conditions attached to Licence Account Number 294.
  • KYC/AML and record-keeping: we process and retain identity and transactional data to comply with anti-money-laundering, counter-terrorist-financing, taxation and accounting laws, as well as to respond to lawful requests from law-enforcement agencies and supervisory authorities.

Legitimate Interests

  • Running and improving our business: we rely on legitimate interests to operate secure and efficient venues and websites, to understand how our services are used, to improve customer experience, and to protect our assets and reputation, provided that your interests and fundamental rights do not override these interests.
  • Security and fraud prevention: we use personal data (including CCTV, access logs and transaction patterns) to prevent and detect fraud, cheating, money laundering, theft, abuse of promotions and other unlawful or unethical conduct.
  • Analytics and reporting: we process usage and behavioural data to produce aggregated statistics, performance reports and market insights that help us manage the Napoleons brand and plan future services.

Consent

  • Marketing communications: we send electronic marketing (such as emails or SMS) about Napoleons venues, events, promotions or news only where we have your consent or where otherwise permitted by law. You can withdraw your consent at any time using the unsubscribe mechanisms provided.
  • Optional cookies and tracking: we use non-essential cookies (for example, advertising or advanced analytics cookies) only where you consent via our cookie banner or settings panel.

Vital Interests and Legal Claims

  • Safety and emergencies: in rare cases we may process personal data to protect your vital interests or those of another person (for example, sharing information with emergency services in the event of a serious incident at a venue).
  • Establishment, exercise or defence of legal claims: we may use and preserve relevant data where necessary in connection with legal proceedings, regulatory investigations or dispute resolution.

Purpose of Processing

Providing and Managing Our Services

  • Venue and membership administration: to process applications for membership or access to Napoleons venues, verify identity and eligibility, manage your membership account, and deliver benefits or loyalty schemes as applicable.
  • Events, reservations and hospitality: to manage restaurant bookings, private events and other hospitality offerings associated with Napoleons casinos.

Regulatory and Compliance Purposes

  • Gambling compliance: to discharge our obligations under the UK Gambling Commission licence, including responsible gambling monitoring, reporting and enforcement of self-exclusion or restrictions.
  • AML and financial controls: to comply with AML/CTF and financial regulations, monitor unusual transactions and maintain appropriate account and transaction records.

Improvement, Analytics and Service Development

  • Service improvement: to understand how customers use our venues and our website, identify trends, and improve layouts, products, promotions and customer experience.
  • Analytics and statistics: to analyse aggregated and pseudonymised data for management reporting, budgeting and strategic planning across our UK venues.

Marketing and Communications

  • Direct marketing: to send you offers, news and updates about Napoleons venues and related services where you have consented or where we are permitted to do so by law.
  • Customer surveys and feedback: to invite you to provide feedback on your experiences and to participate in surveys or competitions designed to improve our offerings.

Security and Fraud Prevention

  • Venue and systems security: to secure our premises (including through CCTV), protect staff and customers, monitor suspicious activity and investigate incidents.
  • Fraud, cheating and misconduct prevention: to detect and prevent fraud, cheating at play, money laundering, abuse of promotions and other harmful conduct that could impact our business or other customers.

Disclosure & Sharing

Service Providers and Business Partners

  • Payment and banking partners: we share necessary payment and transaction data with payment processors, banks and other financial institutions to process payments, handle chargebacks and comply with anti-fraud measures.
  • IT and infrastructure providers: we use third-party providers for hosting, email delivery, data storage, CRM tools, analytics and security services. These providers process personal data on our behalf and are bound by contractual obligations to protect it.

Regulators, Authorities and Dispute Resolution

  • Regulators and law enforcement: we may share information with the UK Gambling Commission, law-enforcement agencies, tax authorities and other public bodies where required by law, licence conditions or lawful requests.
  • Alternative Dispute Resolution (ADR): for unresolved land-based gambling disputes, we may share relevant information with the Independent Betting Adjudication Service (IBAS) or another approved ADR entity so that they can assess and resolve the dispute in accordance with their procedures.

Group, Corporate and Professional Recipients

  • Affiliated entities: we may share data with other entities within the same corporate group as A & S Leisure Group Limited where this is necessary for internal administration, consistent service delivery and compliance.
  • Professional advisers: we may disclose personal data to lawyers, auditors, accountants and consultants where necessary for legal, auditing, risk management or advisory purposes, under appropriate confidentiality obligations.

Advertising and Analytics Partners

  • Analytics providers: we share pseudonymised or aggregated data with analytics providers to understand website performance and visitor behaviour, using cookies and similar technologies where you have consented.
  • Marketing and advertising networks: where you consent to marketing cookies, we may share limited data with advertising partners for the purposes of delivering and measuring targeted advertising relevant to Napoleons venues and services.

Other Disclosures

  • Business transfers: in the event of a merger, acquisition, corporate reorganisation or sale of part of our business or assets, personal data may be transferred as part of that transaction, subject to continued protection and lawful processing.
  • No sale of personal data: we do not sell your personal data in the sense of exchanging it for money. Where we share data for marketing or analytics, this is done under strict contractual controls and subject to your rights and choices.

International Transfers

Our primary operations for Napoleons land-based casinos are in the United Kingdom. However, some of our service providers and partners may be located outside the UK, or may store or access data from other countries.

  • Transfers within the UK and EEA: personal data may be transferred between the UK and countries in the European Economic Area (EEA). The UK currently recognises the EEA as providing an adequate level of data protection, and the EEA recognises the UK on the basis of adequacy decisions, subject to periodic review.
  • Transfers to other countries: where we use providers or partners outside the UK or EEA (for example, in the United States or other jurisdictions), we implement appropriate safeguards such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or equivalent contractual protections approved by the UK Information Commissioner's Office (ICO).
  • Limited and controlled transfers: only the data necessary for the relevant purpose is transferred, and we assess the risks associated with each transfer in light of applicable law and regulatory guidance.
  • Separate Belgian operator: the Belgian online operator "Napoleon Games" (licence B+3863, Belgian Gaming Commission) is a separate entity and controller. Personal data processed by that operator through napoleongames.be is subject to its own privacy notice. We do not routinely transfer your personal data from the UK to that operator in the course of providing the informational services on napoleonik.com.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, accounting and reporting obligations, and to resolve disputes. Retention periods may vary depending on the category of data and the context of processing, but typically fall within the ranges below:

  • Identity, contact and membership data: usually retained for the duration of your relationship with Napoleons and for up to five (5) years after your account or membership is closed or your last significant interaction, unless a longer period is required by law or is necessary for legal claims.
  • KYC/AML and transactional data: retained for at least five (5) years from the date of the relevant transaction or the end of the business relationship, in line with AML and gambling regulatory requirements, and potentially longer where needed for investigations or legal obligations.
  • Marketing and preference data: retained for as long as you remain subscribed to marketing communications and for up to three (3) years after your last interaction with us, unless you withdraw consent or object earlier, in which case we will retain minimal suppression data to ensure we respect your preferences.
  • Technical and usage data (including logs): typically retained for twelve (12) to twenty-four (24) months for security, diagnostics and analytics, after which it is deleted, aggregated or anonymised.
  • CCTV and security footage: normally retained for thirty (30) to ninety (90) days, unless an incident or investigation requires us to retain particular footage for longer.
  • Complaint and dispute records: retained for the period necessary to manage and document the complaint or dispute and for up to six (6) years afterwards, in line with limitation periods for legal claims.

When personal data is no longer required, we will securely delete or anonymise it, taking into account technical feasibility and any legal obligations that require continued storage. Where deletion is not possible (for example, because data is stored in backup archives), we will isolate and securely protect it from further active use until deletion is feasible.

Your Rights

Rights Under UK GDPR and UK Law

Subject to certain conditions and exceptions under UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data processed by or on behalf of Napoleon in the UK:

  • Right of access: to obtain confirmation as to whether we process your personal data and to receive a copy of that data, together with certain information about how we use it.
  • Right to rectification: to have inaccurate or incomplete personal data corrected or completed.
  • Right to erasure ("right to be forgotten"): to request deletion of your personal data where there is no compelling reason for its continued processing, for example where it is no longer necessary for the purposes for which it was collected and we have no legal obligation to retain it.
  • Right to restriction of processing: to request that we suspend the processing of your data under certain circumstances (for example, while its accuracy or the basis of processing is being reviewed).
  • Right to object: to object to processing based on our legitimate interests, including profiling, and to object at any time to the use of your personal data for direct marketing.
  • Right to data portability: to receive personal data that you have provided to us in a structured, commonly used and machine-readable format and to request that we transmit that data to another controller where technically feasible and where the processing is based on consent or contract and carried out by automated means.
  • Right to withdraw consent: where we rely on your consent (such as for electronic marketing or non-essential cookies), you may withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

EU and Other Jurisdictions

Where the EU GDPR or other local privacy laws apply in addition to UK law (for example, if you are physically located in the EEA and interact with our services), you may have equivalent or additional rights under those laws. You can exercise such rights via the same contact channels set out in this Privacy Policy, and we will handle your request in line with the strictest applicable standard where we are subject to multiple regimes.

Notes on Mexican Privacy Law

Napoleon chiefly targets customers in the United Kingdom and operates under UK regulation. However, if Mexican data protection law applies to you in a specific context (for example, if you are in Mexico and Mexican law is found to be applicable to our processing), you may also benefit from rights under Mexican privacy legislation, such as the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP). These may include rights to access, rectify, cancel or oppose ("ARCO" rights) the processing of your personal data. You may exercise these rights using the same contact details set out in this Privacy Policy; we will respond in accordance with applicable legal timeframes and standards.

How to Exercise Your Rights

  • Submitting a request: you can submit a request by contacting our DPO contact using the contact details on napoleonik.com, indicating which right you wish to exercise and providing sufficient information for us to verify your identity and locate your data.
  • Verification: to protect your privacy, we may ask for certain additional information to confirm your identity before acting on your request, particularly for access, erasure and data portability requests.
  • Response time: we aim to respond to all valid requests within one (1) month of receipt. Where requests are complex or numerous, this period may be extended by up to two further months, in which case we will inform you of the extension and the reasons for it.
  • Fees: we generally handle access and other rights requests free of charge. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, particularly if they are repetitive.

Cookies & Tracking Technologies

Types of Cookies We Use

  • Strictly necessary cookies: essential for the operation of napoleonik.com, enabling basic functions such as page navigation, security features and access to restricted areas. These cannot be switched off through our consent tools.
  • Functional cookies: enable enhanced functionality and personalisation, such as remembering your preferences (for example, language or cookie choices) between visits.
  • Analytics and performance cookies: help us understand how visitors use our website by collecting information such as page views, time on site and navigation patterns, so that we can improve performance and user experience.
  • Advertising and targeting cookies: used, where enabled, to deliver relevant marketing about Napoleons venues, to limit the number of times you see a particular advertisement, and to measure the effectiveness of campaigns.

Managing Cookies

  • Consent management: where required by the UK Privacy and Electronic Communications Regulations (PECR) and UK GDPR, we obtain your consent before setting non-essential cookies. You can manage your cookie preferences at any time using our cookie banner or settings tool, where available.
  • Browser settings: you can also configure your browser to refuse cookies, accept only certain types, or delete cookies that have already been set. Please note that blocking or deleting cookies may affect the functionality and performance of napoleonik.com.
  • Third-party cookies: some cookies on our site may be set by third parties (for example, analytics or advertising partners). These cookies are subject to the third party's own privacy and cookie policies, and we encourage you to review those policies for more information.

Data Security

Technical and Organisational Measures

We take the security of personal data seriously and implement appropriate technical and organisational measures designed to protect it against unauthorised access, accidental loss, destruction or damage. These measures include, where appropriate:

  • Encryption in transit and at rest: use of industry-standard encryption protocols (such as TLS 1.2 or higher) to protect data in transit over networks, and encryption or equivalent safeguards for sensitive data stored in our systems.
  • Access controls and authentication: role-based access controls, unique user accounts, strong password requirements and, where appropriate, multi-factor authentication for systems that store or process personal data.
  • Network and system security: firewalls, intrusion detection and prevention systems, secure configuration of servers, regular patching and update management.
  • Data minimisation and pseudonymisation: limiting personal data collection to what is necessary, pseudonymising data where possible and applying retention limits as described above.

Governance, Training and Oversight

  • Policies and procedures: documented data protection and information security policies to guide staff in handling personal data safely and in compliance with legal obligations.
  • Staff training: regular training and awareness for staff members who handle personal data, including those in casinos, restaurants and central functions, covering topics such as confidentiality, data protection and incident reporting.
  • Audits and testing: periodic reviews of security controls, internal audits and, where appropriate, independent assessments to test the effectiveness of our measures and identify areas for improvement.
  • Incident response: procedures for detecting, investigating and responding to actual or suspected personal data breaches, including assessment of risk to individuals and notification to affected individuals and regulators where required by law.

While we strive to protect your personal data, no system can guarantee absolute security. You also play an important role by keeping your information secure, such as by not sharing membership details or sensitive information with unauthorised parties.

Complaints & Contacts

Contacting Us

  • Initial contact: if you have any questions, concerns or complaints about how we handle your personal data, please contact our DPO contact using the contact details published on napoleonik.com, clearly indicating that your enquiry relates to privacy or data protection.
  • Information to include: please provide your name, contact details, a clear description of your concern and any relevant reference numbers (for example, membership or booking references) to help us respond efficiently.

Our Complaint Handling Process

  • Acknowledgement: we aim to acknowledge receipt of your privacy-related complaint or enquiry within a reasonable period, normally within five (5) working days.
  • Investigation and response: we will investigate your concern and endeavour to provide a substantive response within one (1) month. If the issue is complex or we receive numerous related complaints, we may need more time; in that case, we will keep you informed of the progress.
  • Escalation: if you are not satisfied with our response, you may request that the matter be escalated internally for further review.

Supervisory Authorities and External Recourse

  • Information Commissioner's Office (ICO) - UK: you have the right to lodge a complaint with the UK Information Commissioner's Office if you believe that your personal data has been processed in breach of data protection law. The ICO can be contacted via its website at https://ico.org.uk or by post at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom.
  • EU supervisory authorities: if EU GDPR applies to you (for example, if you are based in the EEA), you may also lodge a complaint with your local data protection authority. Contact details are available on the European Data Protection Board website.
  • Mexican data protection authority: where Mexican law applies, you may have the right to lodge a complaint with the National Institute for Transparency, Access to Information and Personal Data Protection (INAI) in Mexico. For more information, please consult INAI's official channels.
  • ADR and gambling disputes: unresolved land-based gambling disputes may be referred to the Independent Betting Adjudication Service (IBAS) or another approved ADR, as indicated in our gambling terms. Note that ADR bodies deal with gambling-related disputes and not with data protection complaints; privacy issues should be directed to us and, where appropriate, to the ICO or other data protection authorities.

Updates

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal or regulatory developments, industry best practice or organisational changes affecting Napoleon on napoleonik.com. When we make material changes, we will take appropriate steps to notify you.

How We Will Notify You

  • Website notifications: we will publish the updated Privacy Policy on napoleonik.com and adjust the "Last updated" date at the end of the document.
  • Prominent notices: where changes are significant, we may display a prominent notice on the website (for example, a banner or pop-up) and, where feasible, provide a summary of key changes.
  • Direct communications: if we hold your contact details and the changes are material to your relationship with Napoleons (for example, changes to marketing practices or new categories of data), we may also inform you directly via email or other appropriate channels.

Effective Dates and Your Choices

  • Advance notice: where legally required or where a change materially affects your rights, we will aim to provide at least thirty (30) days' notice before the changes take effect, giving you time to review the updated terms.
  • Your continued use: your continued use of napoleonik.com or continued engagement with Napoleons venues after the effective date of any update indicates your acknowledgement of the updated Privacy Policy.
  • Right to object or close accounts: if you do not agree with material changes to this Privacy Policy, you may choose to discontinue using napoleonik.com, opt out of marketing, or, where applicable, request closure of your membership or account, subject to our legal and regulatory obligations.

Last updated: 6 November 2025 (reviewed January 2026).