Privacy policy
SA Gambling Management
1. Why do we have a regulation regarding personal data protection?
The Circus Casino Resort de Namur (hereinafter “CCRN”), operated by SA Gambling Management, processes the personal data of its customers (hereinafter “the Customers”), for the purposes and within the limits defined in this regulation regarding personal data protection (hereinafter “the Privacy Policy”).
As always, CCRN is concerned with personal data protection and ensures to conform, during the processing of this personal data, to the laws and regulations in force and, notably to the European Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter “the Regulation”), that came into force on 25 May 2018.
This Regulation imposes obligations that CCRN will respect and their Customers must be informed of. In this Privacy Policy, CCRN wishes to communicate all necessary and useful information on the subject of the data that CCRN processes, the type of processing and their objectives, as well as define the rights and obligations of CCRN and the Customers regarding the treatment of their personal data.
The Privacy Policy came into force on 25 May 2018. Conforming to the said Regulation, it has the object of approaching:
- The processing of personal data that CCRN is legally obliged to process. This processing is outlined in article 3.1 of the Privacy Policy;
- The processing of personal data for the purposes of allowing Customers to access the CCRN establishment and benefiting from its offer of casino games, as well as processing for the necessary and legitimate purposes outlined in article 3.2 of the Privacy Policy;
- The processing of personal data that is subject to the Customer’s prior, free and explicit consent, for the purposes described in article 4.
The Customers are considered, on entering the CCRN establishment, to have read and accepted the Privacy Policy. This is attached to and is an integral part of the registration form that Customers have to agree to whenever they visit the CCRN establishment; it can also be viewed at any time at the web address: www.circuscasinoresort.com/privacypolicy-casino
The Customers guarantee that the data and information communicated to CCRN is correct.
2. Our contact information and that of the person responsible for processing your data
CCRN can be contacted for all questions regarding the protection of the personal data of its customers (hereinafter “the Customers”), as follows:
- By post: SA Gambling Management, Rue des Guillemins 129, 4000 Liège
- By email: privacy@circuscasinoresort.com
The data controller within SA Gambling Management is Mr. Alexandre Georgiades.
CCRN has also appointed a data protection officer who can be contacted by email: privacy@circuscasinoresort.com They are responsible for ensuring the monitoring and conformity of the processing of Customers’ personal data by CCRN.
3. Processing of personal data not requiring Customers’ consent
3.1. CCRN’s legal obligations and the necessary processing for CCRN’s offer of casino games
CCRN is bound, under the legal obligations and regulations that all games of chance operators are subject to, on the one hand, and for the purposes of authenticating and allowing Customers to access its establishment and take part in the casino games offered within it, on the other hand, to process the following personal data for the purposes outlined below. This processing of personal data carried out by CCRN does not require Customers’ consent under article 6.1.b) and c) of the Regulation.
The personal data communicated by the Customer is saved on a register, as is described in article 7.1, which is controlled and remains under the responsibility of CCRN at all times.
a. What data is processed?
The personal data processed is the following:
- surname, first name(s), as well as, if applicable, a pseudonym, date and place of birth, nationality, occupation, language, sex, postal address, national registration number (or identity card or passport), gaming ban or not (EPIS), customer number, as well as, if applicable, email address and landline or mobile phone number;
- bank details used during deposits and winnings withdrawals, as well as the amounts of these;
- images, notably from CCRN’s CCTV system;
- identity card or any legal documents used for the authentication of Customers;
- ongoing commercial promotions or those the Customers took part in;
- any other information that can be exchanged between CCRN and the Customer, in any medium or media whatsoever, notably by email, as part of the Customer’s registration or participation in CCRN’s casino games.
b. What processing is carried out by CCRN?
Processing consists of collection, recording, storage, consultation, organization, use, merging or any other necessary or useful action under the legal and regulatory provisions outlined in article 3.1.c). The processing can also consist of the transfer of personal data:
- to judiciary and administrative authorities, such as, notably, the Gaming Commission and Financial Intelligence Processing Unit (CTIF- CFI);
- to CCRN’s providers, whose services are integral to its offer of casino games within its establishment and the list of which is available upon request from the data controller mentioned in article 2.
Personal data is likely to be processed by CCRN in any medium whatsoever, electronic or paper, including texts and email.
c. What are the purposes of this processing?
1°) CCRN is obliged to carry out the processing of the personal data described in articles 3.1.a) and b) to fulfil the legal and regulatory obligations that they are under, notably, the following legal provisions:
- Law of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash;
- Act of 7 May 1999 on games of chance, bets, gaming establishments and the protection of players, in particular, the obligations it imposes on operators in terms of management and administration, and its decrees of implementation, such as the Royal Decree of 15 December 2004 on the access register for class I and class II gaming establishments.
2°) CCRN also processes the personal data referred to in article 3.1.a) for the purposes of authenticating Customers to allow them to access the CCRN establishment and benefit from CCRN’s offer of casino games; this processing is carried out to ensure:
- the management of registrations and Customers’ accounts;
- the management of Customers’ deposits and winnings;
- the Customer’s information regarding current and future casino games offered by CCRN;
- the management of customer service, including reimbursement in the event of a casino game machine breakdown.
3.2. Other processing not requiring Customers’ consent
CCRN also processes personal data for the legitimate purposes outlined below. This processing of personal data carried out by CCRN does not require Customers’ consent under article 6.1.f) of the Regulation.
The personal data communicated by the Customer is saved on a register, as is outlined in article 7.1, which is controlled and remains under the responsibility of CCRN at all times.
a. What data is processed?
The personal data processed is the following:
- surname, first name(s), as well as, if applicable, a pseudonym, date and place of birth, nationality, occupation, language, sex, postal address, national registration number (or identity card or passport), gaming ban or not (EPIS), customer number, as well as, if applicable, email address and landline or mobile phone number;
- the Customer’s activity within the CCRN establishment;
- bank details used during deposits and winnings withdrawals, as well as the amounts of these;
- images, notably from CCRN’s CCTV system;
- identity card or any legal documents used for the authentication of Customers;
- the Customer’s navigation and activity history on the www.circuscasinoresort.com website, including connection history (browser data, IP address), notably by using cookies;
- ongoing commercial promotions or those the Customers took part in;
- any other information that can be exchanged between CCRN and the Customer, in any medium or media whatsoever, notably by email, as part of the Customer’s registration or participation in CCRN’s casino games.
b. What processing is carried out by CCRN?
Processing consists of collection, recording, storage, consultation, organization, use, merging of the personal data outlined in article 3.2.a). It also consists of the transfer of this personal data to third parties, the list of which is available upon request from the Contact mentioned in article 2, including other gaming hall or casino operators, both direct and indirect partners of CCRN, for security, prevention or anti-fraud purposes.
Personal data is likely to be processed by CCRN in any medium whatsoever, electronic or paper, including texts and email.
c. What are the legitimate purposes of this processing?
CCRN processes the personal data referred to in article 3.2.a) for the following legitimate purposes:
- promotion, advertising and marketing relating to the offer of new casino games or games of chance, or any similar product, as well as CCRN’s horeca services, including sending SMS, telephone calls, emails, and paper or electronic newsletters;
- security of the CCRN establishment, prevention and anti-fraud;
- withdrawal of winnings made by Customers on the 777.be and www.circus.be websites and the related accounting management;
- participation in events, tournaments, tombolas, competitions and promotional offers relating to CCRN’s casino games and games of chance;
- execution of satisfaction surveys, statistical studies, trend analysis and market studies, for the purpose of improving gaming services or Customer information or the protection of Customers and prevention of gaming addiction;
- anything concerning the images saved on CCRN’s CCTV system and reimbursing Customers in the event of a breakdown.
4. Processing of personal data subject to Customers’ consent
By using the casino games offered by CCRN, the Customer expresses their free, specific, informed and unequivocal will to expressly authorize CCRN to process personal data in accordance with the Regulation, within the limits and for the purposes defined below and without prejudice to the processing referred to in article 3.
The personal data communicated by the Customer is saved on a register, as is outlined in article 7.1, which is controlled and remains under the responsibility of CCRN at all times.
The Customer also benefits from rights, including the right to withdraw their consent at any time, according to the terms and conditions defined in article 5.7.
4.1. Nature of the personal data processed
The data processed by CCRN is the following:
- surname, first name(s), as well as, if applicable, a pseudonym, date and place of birth, nationality, occupation, language, sex, postal address, national registration number (or identity card or passport), gaming ban or not (EPIS), customer number, as well as, if applicable, email address and landline or mobile phone number;
- the bank details used during deposits and winnings withdrawals, as well as the amounts of these;
- the identity card or any legal documents for the authentication of Customers;
- the Customer’s activity within the CCRN establishment;
- images, notably from CCRN’s CCTV system, as well as, if applicable, the data and images published on social media, such as Facebook;
- participation history in tournaments, competitions or events, and the result of the participation, as well as gaming information (stakes, winnings and the times of these, as well as the machines the Customer plays on and the points collected on these as part of loyalty programs);
- the Customer’s navigation and activity history on the www.circuscasinoresort.com website, including connection history (browser data, IP address), notably by using cookies;
- any other information that can be exchanged between CCRN and the Customer, in any medium or media whatsoever, notably by email, as part of the Customer’s registration or participation in CCRN’s casino games.
The personal data communicated by the Customer is saved on a register, as is outlined in article 7.1, which is controlled and remains under the responsibility of CCRN at all times.
4.2. The processing
Processing consists of collection, recording, storage, consultation, organization, use, merging of the personal data outlined in article 3.1.a). It also consists of the transfer of this personal data to third parties, the list of which is available upon request to the Contact mentioned in article 2, including other gaming hall or casino operators, directly or indirectly a partner of CCRN, for marketing purposes as well as to CCRN’s partners participating in CCRN’s promotions.
Personal data is likely to be processed by CCRN in any medium whatsoever, electronic or paper, including texts and email.
4.3. Purposes of personal data processing
The personal data is collected and processed by CCRN for the following purposes:
- Promotion, advertising and marketing, including affiliation and loyalty program management, relating to the offer of casino games and betting services, including text messages, telephone calls, paper or electronic newsletters, emails, not part of article 3.2.c), such as the casino, games of chance and online betting activity of CCRN (777.be) or any other casino or games of chance company, directly or indirectly a partner of CCRN, including advertising, marketing and affiliation and loyalty program management related to it;
- Participation in events, tournaments, tombolas, competitions and promotional offers not related to casino games and games of chance;
- Communication regarding winners and Customers’ winnings during their participation in tournaments, tombolas, competitions or events, notably the communication on the www.circuscasinoresort.com or www.circus.be website;
- Development of new casino games and betting offers, both offline and online;
- Execution of satisfaction surveys, statistical studies, trend analysis and market studies, for the purposes of management, marketing and reporting, including profiling, not part of the purpose outlined in article 3.2.c).
5. CCRN’s Customers and their rights
Without prejudice to articles 3 and 6.2, Customers have the right to exercise the right of rectification, opposition and restriction, according to the terms and within the following limits.
5.1. Right of access
- CCRN makes the following information available to Customers:
- the identity and contact details of the data controller;
- the contact details of the Data Protection Officer;
- the personal data processed;
- the purposes of the personal data processing, as well as the legal base for processing;
- the recipients or categories of recipients of personal data, if applicable;
- and, if applicable, the fact that the data controller intends to transfer personal data to a country located outside the European Union and: either the existence (or absence) of an adequacy decision made by the European Commission, or, in the absence of such a decision, the guarantees offered by the third country and the measures implemented to get a copy of the personal data.
- The possibility of opposing automated processing of their data, such as profiling, unless proper reasons make this processing by CCRN necessary, as well as the possibility of opposing all processing of their personal data for market research.
- Customers have the right to request, at any time, access to all the information stated in this article and in article 5.1, by getting in touch with the Contact referred to in article 2.
- Customers have the right to obtain a copy of the personal data being processed. CCRN reserves the right to demand payment for the potential costs induced by any request for an extra copy; these costs will be calculated on the basis of administrative costs induced by the request; they will not exceed 20 euros.
- Customers have the right to obtain, in a structured format, this access or said copy, in such a way that the personal data they are provided is in a format that conforms to the technical standards in force when requesting access; this format will therefore allow them to be machine readable.
5.2. Right to rectification
CCRN implements everything possible to guarantee that Customers’ personal data is correct and up to date; Customers are obliged to request the rectification and update of personal data concerning them, as soon as this data is wrong or incomplete.
This right to rectification can be exercised by request to the data controller referred to in article 2.
5.3. Right to opposition
CCRN authorizes Customers to oppose the processing of all or part of personal data concerning them, for the following reasons:
- their data is inaccurate;
- the processing is no long necessary for the purposes the data was collected for;
- the Customer withdraws their consent;
- the data has been subject to illegal processing.
CCRN also authorizes customers to oppose:
- automated processing of their data, such as profiling, unless proper reasons make this treatment by CCRN necessary;
- any processing of their personal data for market research, including profiling, if it is linked to this market research.
This right to opposition can be exercised by request to the data controller referred to in article 2.
5.4. Right to be forgotten
CCRN also ensures to respond to any request for deletion of personal data in the shortest possible period (right to be forgotten), when:
- the processing is no long necessary for the purposes the data was collected for;
- the Customer withdraws their consent;
- the data has been subject to illegal processing, or should be deleted under a legal obligation;
- the Customer opposes automated processing of their data, such as profiling, and there are no proper reasons making this processing by CCRN necessary;
- the Customer opposes processing of their personal data for market research, including profiling, if it is linked to this market research.
5.5. Right to restriction
The Customers also have the right to obtain from CCRN the restriction of the processing of their personal data when:
- the Customer considers their personal data to be incorrect, for the time necessary for CCRN to verify the accuracy of it;
- the processing is illegal but the Customer does not wish for their data to be deleted but requests a restriction of the data processing;
- the Customer opposes automated processing, including profiling or processing of their personal data for market research purposes and that it is necessary to verify the legitimate nature of the reasons for which CCRN intends to maintain this processing;
- CCRN no longer needs the personal data processed but the person concerned wants them to be saved for the observation, exercise or defense of rights in court;
This right to restriction can be exercised by request to the Contact referred to in article 2.
5.6. Transfer of data to a data controller
Customers are authorized to transfer their personal data to another data controller without CCRN being able to prevent this.
While such a transfer is technically possible, Customers are authorized to request CCRN to have this transfer carried out directly by their data controller.
5.7. Terms and conditions
The rights recognized by CCRN to the Customer must be exercised by contacting the data controller referred to in article 2.
CCRN will respond to these requests within a month and will keep a record for this purpose.
5.8. Notification
CCRN will provide the Customer with a notification of any deletion or rectification of data carried out conforming to articles 5.2 and 5.4, unless such a notification proves to be impossible or imposes disproportionate effort.
This notification will be done by email or mail, based on the details communicated by the Customer.
6. Location, storage and duration of storage of personal data
6.1. CCRN stores Customers’ personal data in a form that allows their identification and availability and follows appropriate and secure methods.
- The data is stored and hosted in the European Union territory as well as in Israel for marketing data; which provides all the security guarantees necessary regarding the technical standards in force.
6.2. Customers’ personal data is stored by CCRN for the purposes defined in articles 3 and 4. They are stored for a period of 10 years for all the purposes determined in article 3.1; CCRN therefore reserves the right to keep the Customers’ personal data for all purposes that would be imposed on them by the Law, arising from their gaming and betting activities. Therefore, the Customers declare that they are informed and agree that, by reference to the Royal Decree of 15 December 2004 on the access register for class I and class II gaming establishments, CCRN is required to keep the photocopy of the identity card or document used to identify the Customer for at least ten years from the date of the Customer’s last activity.
Personal data is kept for a period not exceeding that necessary for the execution of the purpose of processing for all the purposes defined in article 3.2 and 4.
7. CCRN’s responsibilities – Subcontracting
7.1. CCRN agrees to process Customers’ personal data in a legal, loyal and transparent way regarding the Customer concerned. Any processing by CCRN will conform to the Regulation’s demands and the Privacy Policy.
- CCRN has put in place and updates a register of processing activities, conforming to article 30 of the Regulation. This register is controlled by and remains at all times under the responsibility of CCRN. It contains, notably, the purposes of processing, the categories of people concerned and the categories of personal data.
- CCRN implements all reasonable and appropriate methods to ensure confidentiality, integrity and availability of the personal data it processes. These technical and organizational measures are regularly evaluated and updated.
- The technical measures notably include a firewall, CCTV, etc.
- The organizational measures notably include the execution of internal audits, in addition to the audits CCRN can be subject to from the Gaming Commission, notably.
- If necessary, CCRN carries out, with the help of the data protection officer, impact analysis when processing is likely to cause a heightened risk for Customers.
7.2. Customers’ personal data is not transferred to third parties other than authorities, providers and CCRN’s partners, unless for the purposes outlined in articles 3.1, 3.2 and 4 and, therefore, if:
- The transfer becomes compulsory by law, regulation or injunction of an administrative or judiciary authority;
- The transfer is necessary for the provision of casino game services by CCRN or the management of a Customer complaint;
- The Customer gives their consent for such transfer;
- CCRN’s partner will not be considered as a subcontractor, unless they process the Customers’ personal data on behalf of CCRN. CCRN declines all responsibility regarding the processing of Customers’ personal data by the partner that provides its own services in its own name and on its own behalf or if CCRN proves it is not accountable for any damage caused.
- In the event that CCRN acts as the partner’s subcontractor, it is agreed that CCRN will only be held liable for damage caused by the processing of personal data contrary to the Regulation or this Privacy Policy if it has not complied with the obligations set out in the Regulation that are specifically incumbent on the subcontractors or acted outside of or contrary to the partner’s lawful instructions. Similarly, CCRN cannot be held liable under any circumstances if it proves that the fact that caused the damage is in no way attributable to it.
7.3. CCRN ensures that, when processing is carried out by a subcontractor, on behalf of CCRN, they provide sufficient guarantees for the implementation of appropriate technical and organizational measures and, more generally, regarding compliance with the Regulation’s demands. In particular, it requires the subcontractor to comply with the Regulation and, therefore, to keep a register.
7.4. CCRN agrees to notify security incidents linked to processed data, likely to create a risk for the rights and freedoms of natural persons concerned, to the data protection authority referred to in article 8.3 at the earliest opportunity and, if possible, within 72 hours, at the latest, from the date they learnt about the incident.
- CCRN will record any security incident and take the necessary organizational and technical measures in order to resolve it as soon as possible.
- CCRN will also inform the Customers concerned, insofar as the violation of personal data presents a heightened risk for Customers’ rights and freedoms; they will be informed by email or mail using the contact details communicated by the Customer.
8. Other
8.1. Personal data register
As the personal data controller, CCRN has a register of all of its processing activities. This contains all information relating to the type of data processed, the people concerned by the processing of data, the potential recipients to whom the data is, if applicable, communicated, to which end the data is processed as well as the duration the data is stored and a general description of the technical and organizational security measures put in place.
The personal data communicated by the Customer is saved, as well as the processing carried out and its purposes, in a register that is controlled by and remains under the responsibility of CCRN at all times. This register includes, in addition to the aforementioned information:
- a description of the purposes of the processing;
- a description of the categories of people concerned and the categories of personal data;
- the categories of recipients that the personal data has been or will be communicated to, including the recipients in third countries or international organizations;
- the periods expected for the deletion of various categories of data;
- a general description of the technical security measures.
8.2. Entirety – modification of the Privacy Policy
The Privacy Policy contains the entirety of contractual provisions effective against Customers, without prejudice to the general provisions applicable to Customers during any visit to the CCRN establishment. These provisions therefore remain applicable for any matter not related to personal data protection.
CCRN also reserves the right to modify the Privacy Policy. Any update is effective against Customers from their next visit to CCRN. CCRN ensures to mention the date of posting of the Privacy Policy in force on the www.circuscasinoresort.com website.
8.3. Data protection authority
The Customer has the right to request additional information or make a complaint to the Data Protection Authority; their contact details are:
- Address: Rue de la Presse, 35, 1000 Brussels
- Telephone: +32 (0)2 274 48 00
- Fax: +32 (0)2 274 48 35
- Email: commission@privacycommission.be