Privacy Policy

1. Introduction

GraytonLux ("GraytonLux", "we", "us", or "our") operates an international portfolio of luxury casino hotels and the website located at https://graytonlux.com (the "Site"). This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with our Site, our hotel and casino operations, and the services we offer to guests, members, event organizers, and other clients.

We understand that discretion, trust, and security are essential for our guests and partners. We therefore handle personal information in accordance with applicable data protection laws, including the EU General Data Protection Regulation ("GDPR") where it applies, and other relevant privacy regulations in the regions in which we operate.

By accessing our Site, communicating with us, or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, you should discontinue use of the Site and our online services. This Privacy Policy applies in conjunction with our Terms and Conditions and our Cookie Policy.

2. Information We Collect

We collect personal information that you provide directly to us, that we generate in the course of providing services, and that we obtain automatically when you use the Site. The exact information we collect depends on how you interact with GraytonLux, for example whether you are browsing hotel pages, joining our membership program, making a reservation, or contacting our Finnish support line.

2.1 Information you provide to us

When you interact with GraytonLux, you may provide the following categories of personal data:

Identification and contact details, such as your full name, email address, telephone number (including Finnish contact numbers), postal address, country of residence, and preferred language.
Booking and stay details, including selected hotel and destination, dates of stay, room or suite preferences, number of guests, special requests, loyalty or membership numbers, and information relevant to events, dining, wellness, or casino experiences.
Payment-related details, such as masked payment card details, billing address, and transaction identifiers. Full card data is generally processed by our secure payment service providers rather than stored by GraytonLux.
Communications and enquiries, including messages sent via our Contact Us page, live chat interactions, email correspondence, responses to surveys, and feedback related to our hotels, suites, casino, dining, wellness, events, or membership program.
Marketing and preference information, such as your subscription status to our newsletters or offers, preferences relating to specific destinations or properties, and consent choices regarding marketing communications.
Career and recruitment data, where applicable, including CVs, cover letters, employment history, qualifications, and professional references submitted via our Careers page.

2.2 Information we collect automatically

When you visit or interact with the Site, we automatically collect certain technical and usage data, which may be considered personal information under applicable law:

Device and browser information, including IP address, device type, operating system, browser type and version, language settings, and approximate location derived from your IP address.
Usage and interaction data, such as pages visited (for example, Hotels, Destinations, Casino, Suites, or Wellness), links clicked, time spent on each section, search queries, and interactions with forms, CTAs, and live chat.
Cookies and similar technologies data, as described in more detail in the "Cookies and Tracking Technologies" section below and in our Cookie Policy.

2.3 Information from third parties

Where permitted by law, we may receive information about you from third parties, such as:

Travel agencies, booking platforms, or corporate partners through which you make reservations at a GraytonLux property.
Payment processors or financial institutions that confirm payment authorizations or transactions.
Marketing and analytics providers that help us understand how users browse our Site and respond to campaigns.

3. How We Use Your Information

We process personal information for specific purposes and only where we have a valid legal basis. GraytonLux may use your information for the following purposes:

Providing and managing bookings and services: to process reservations for our hotels, suites, casino experiences, dining, wellness, and events; to manage check-in and check-out; to coordinate with on-property teams; and to handle payments and billing.
Responding to enquiries and providing support: to reply to your messages, live chat conversations, or phone calls, including Finnish support numbers; to provide tailored recommendations; and to assist with membership, loyalty, or event planning requests.
Operating and improving the Site: to analyze how visitors use different sections of the Site (for example, Experiences, Dining, Events, or Reviews), to diagnose technical issues, to enhance navigation and design, and to maintain the security and performance of our digital services.
Personalizing your experience: to present content, offers, and recommendations that align with your preferences, such as highlighting preferred destinations, suite categories, or exclusive membership privileges.
Marketing and communications: to send you updates, invitations, and offers related to GraytonLux hotels, casino services, dining and wellness concepts, and membership benefits, where permitted by law and in accordance with your communication preferences.
Compliance, risk management, and security: to comply with legal and regulatory obligations, including gaming and hospitality regulations, anti‑money laundering rules, and accounting requirements; to monitor, detect, and prevent fraud or misuse; and to safeguard guests, staff, and property.
Recruitment and talent management: to assess and manage applications submitted via our Careers page and to communicate with candidates regarding opportunities with GraytonLux.
Other legitimate business purposes: including internal reporting, analytics, service quality assessments, and strategic planning, provided such uses are compatible with the original purpose of collection and respect your rights.

4. Legal Basis for Processing

Where the GDPR or similar data protection laws apply, GraytonLux relies on one or more of the following legal bases to process your personal information:

Consent: We may process your data based on your explicit consent, for example when you subscribe to marketing communications, accept certain optional cookies, or join specific promotional programs. You may withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
Performance of a contract: We process personal data when necessary to enter into or fulfil a contract with you, such as managing hotel reservations, providing casino or event services, or delivering membership benefits.
Compliance with legal obligations: Certain information is processed to meet legal or regulatory requirements, including financial reporting, tax obligations, responsible gaming obligations, and record‑keeping duties in the hospitality and gaming sectors.
Legitimate interests: We may process data where it is necessary for our legitimate business interests or those of a third party, and where those interests are not overridden by your rights and freedoms. This includes improving our services and Site, ensuring network and information security, preventing fraud, and tailoring communications to existing guests and clients in a proportionate manner.
Vital interests or public interest: In rare cases, we may process information to protect the vital interests of an individual or for reasons of substantial public interest, in line with applicable law.

Where we rely on legitimate interests, we carefully balance these interests against your privacy rights and implement safeguards designed to protect your information.

We do not sell your personal information. However, we may share your data with carefully selected parties where necessary for the purposes described in this Privacy Policy and where permitted by law.

5.1 Within the GraytonLux group

Because GraytonLux operates an international portfolio of luxury casino hotels, your information may be shared among our affiliated entities and properties in the USA, Australia, Saudi Arabia, Asia, and other relevant jurisdictions. This enables us to manage bookings across destinations, honor your preferences throughout your stays, and deliver a seamless GraytonLux experience.

5.2 Service providers and partners

We engage trusted third‑party service providers to perform functions on our behalf, such as:

Website hosting, maintenance, and security operations.
Payment processing and fraud prevention.
Reservation management, CRM, and customer support tools, including live chat platforms.
Analytics, insights, and performance monitoring for our Site and marketing campaigns.
Email delivery, SMS messaging, and marketing automation.
Event and conference management services.

These providers are only permitted to process your information in accordance with our instructions and for the purposes specified in their contracts with us, and they are required to implement appropriate security measures.

5.3 Legal and regulatory disclosures

We may disclose your information where required to do so by law or where we reasonably believe such action is necessary to:

Comply with applicable laws, court orders, or requests from governmental, regulatory, or law enforcement authorities.
Meet sector‑specific requirements, including gaming and hospitality regulations in the jurisdictions in which we operate.
Protect the rights, property, or safety of GraytonLux, our guests, our staff, or the public.

5.4 Business transfers

In connection with any actual or potential merger, acquisition, restructuring, financing, or sale of all or a portion of GraytonLux's business or assets, your information may be transferred to relevant third parties as part of the transaction, subject to appropriate confidentiality protections and, where required, additional safeguards.

6. International Data Transfers

GraytonLux serves guests and clients from around the world and operates properties across the USA, Australia, Saudi Arabia, and Asia. As a result, your personal information may be transferred to and processed in countries other than the one in which you reside. These countries may have data protection laws that are different from those in your jurisdiction and may not be regarded as providing the same level of protection.

Where required by law, we implement appropriate safeguards to protect personal information when it is transferred internationally. These safeguards may include:

Relying on adequacy decisions issued by the European Commission or other authorities recognizing certain jurisdictions as providing an adequate level of data protection.
Entering into standard contractual clauses or similar data transfer agreements with recipients of the data.
Implementing additional technical and organizational measures to protect the confidentiality and integrity of personal data.

By using our Site or engaging our services, you acknowledge that your personal information may be transferred and processed in countries outside your country of residence, subject to the protections described in this Privacy Policy.

7. Retention of Personal Information

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements, resolving disputes, and enforcing our agreements.

Retention periods may vary depending on the type of data and the context of processing, for example:

Booking and transaction records are typically retained for the duration of your stay or engagement with GraytonLux and for a subsequent period required by financial, tax, and hospitality regulations.
Marketing and preference information is retained while you remain subscribed or engaged with GraytonLux communications, or until you withdraw your consent or object to such processing.
Recruitment and career‑related data may be retained for a limited period following the conclusion of a recruitment process, or longer where required by law or where you consent to be considered for future opportunities.

When personal information is no longer required for the purposes described in this Privacy Policy and no longer required by law, we will either delete or irreversibly anonymize it. Where deletion is not immediately possible (for example, in backup archives), we will securely store and isolate the information from further processing until deletion becomes feasible.

8. Your Rights

Depending on your location and applicable data protection laws, you may have certain rights in relation to the personal information we hold about you. Subject to legal limitations and exceptions, these rights may include:

Right of access: to obtain confirmation as to whether we process your personal data and to request a copy of that data.
Right to rectification: to request correction of inaccurate or incomplete personal information.
Right to erasure: to request deletion of your personal data in certain circumstances, for example where it is no longer necessary for the purposes for which it was collected.
Right to restriction of processing: to request that we restrict processing of your data under specific conditions, such as while we verify its accuracy or assess an objection.
Right to data portability: to receive personal data you provided to us in a structured, commonly used, and machine‑readable format and to transmit it to another controller where technically feasible.
Right to object: to object to processing based on our legitimate interests, including profiling, and to object at any time to the use of your data for direct marketing purposes.
Right to withdraw consent: where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing before withdrawal.
Right to lodge a complaint: to file a complaint with your local data protection authority if you believe our processing of your personal information infringes applicable law.

To exercise any of these rights or to make a privacy‑related enquiry, please refer to the Contact Details section below or visit our Contact Us page. We may need to request specific information from you to help us verify your identity and ensure that your rights are exercised securely.

9. Cookies and Tracking Technologies

Our Site uses cookies and similar tracking technologies to provide a refined, secure, and tailored online experience for our guests, members, and prospective clients.

Cookies are small text files placed on your device when you visit a website. We use different types of cookies for various purposes, including:

Strictly necessary cookies: essential for the operation of the Site, enabling core functionality such as page navigation, secure login, and protection against malicious activity.
Performance and analytics cookies: helping us understand how visitors use the Site, such as which sections (for example, About, Membership, or Events) are most frequently viewed, so we can optimize our layouts, content, and navigation.
Functionality cookies: remembering your choices and preferences, such as language, region, or previously viewed properties, to create a seamless and personalized browsing experience.
Marketing and personalization cookies: used, where permitted, to deliver relevant offers, highlight GraytonLux destinations that may interest you, and measure the performance of campaigns.

You can manage your cookie preferences through your browser settings and, where available, through our on‑site cookie management tools. Please note that disabling certain cookies may affect the functionality or performance of the Site. For more detailed information about the cookies we use and your options, please review our dedicated Cookie Policy.

10. Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures designed to protect it against unauthorized access, alteration, disclosure, or destruction.

These measures may include:

Use of encryption and secure transmission protocols for sensitive data.
Access controls and authentication mechanisms to limit access to personal information to authorized personnel and service providers only.
Segmentation of systems and environments to support casino, hotel, and membership operations securely.
Regular monitoring, logging, and testing of our systems and infrastructure.
Staff training and internal policies addressing confidentiality, data protection, and information security.

While we strive to protect personal information using commercially reasonable safeguards, no system can be guaranteed to be completely secure. We encourage you to take appropriate steps to protect your own data, such as using strong and unique passwords where applicable and avoiding the sharing of sensitive information over unsecured channels.

11. Children's Privacy

GraytonLux's Site and casino services are not directed to children, and we do not knowingly collect personal information from individuals under the age required by applicable law for participation in gaming or other age‑restricted activities. Our properties and digital experiences are designed for discerning adult guests.

Where we process limited personal data about children in the context of family stays at our hotels (for example, names and ages for reservation and safety purposes), such processing is carried out in accordance with applicable law and under the responsibility of the adult making the booking.

If you believe that a child has provided personal information to us without appropriate consent or authorization, please contact us using the details in the Contact Details section so that we can take appropriate steps to investigate and, where necessary, delete such information.

12. Contact Details

If you have any questions, concerns, or requests regarding this Privacy Policy or the way GraytonLux handles your personal information, please contact us using one of the following options:

Online: Visit our Contact Us page to submit a privacy enquiry, service request, or booking‑related question.
Email: Use the contact email address provided on our Contact Us page and indicate that your request relates to "Privacy" or "Data Protection".
Telephone: Call our listed Finnish or international support numbers available on the Contact Us page and request to speak with a representative regarding data protection.

When contacting us, please provide sufficient details for us to understand and address your request, including, where applicable, your full name, contact information, the nature of your interaction with GraytonLux, and any relevant booking or membership references.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or the evolution of our international portfolio. When we do so, we will revise the "last updated" date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your information.