Privacy policy

SA Gambling Management

 

…Did you know?

Dear customers,

New rules have come into force in the European Union concerning the protection of your personal data from 25 May 2018!

….Your casino informs you and protects your personal data.

Please carefully read our new rules about the protection of your personal data. Don’t hesitate to contact us with any questions you may have.

 

 

1. Why do we have a regulation regarding personal data protection?

The Circus Casino de Namur (hereinafter “CDN”), processes the personal data of its customers and visitors to its website www.circuscasinoresort.com (hereinafter “the Customers”), for the purposes and within the limits defined in this regulation regarding personal data protection (hereinafter “the Privacy Policy”).

As always, CDN is concerned with personal data protection and ensures to conform, during the processing of this personal data, to the laws and regulations in force and, notably to the European Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter “the Regulation”), that came into force on 25 May 2018.

This Regulation imposes new obligations that CDN will respect and their Customers must be informed of. In this Privacy Policy, CDN wishes to communicate all necessary and useful information on the subject of the data that CDN processes, the type of processing and their objectives, as well as define the rights and obligations of CDN and the Customers regarding the treatment of their personal data.

The Privacy Policy came into force on 25 May 2018, from a Customer’s next visit to CDN. Conforming to the said Regulation, it has the object of approaching:

  • The processing of personal data that CDN is legally obliged to process. This processing is outlined in article 3.1 of the Privacy Policy;
  • The processing of personal data for the purposes of allowing Customers to access the CDN establishment and benefiting from its offer of casino games, as well as processing for the necessary and legitimate purposes outlined in article 3.2 of the Privacy Policy;
  • The processing of personal data that is subject to the Customer’s prior, free and explicit consent, for the purposes described in article 4.

The Customers are considered, on entering the CDN establishment, to have read and accepted the Privacy Policy. This is attached to and is an integral part of the registration form that Customers have to agree to whenever they visit the CDN establishment; it can also be viewed at any time at the web address: www.circuscasinoresort.com/privacypolicy-casino.

The Customers guarantee that the data and information communicated to CDN is correct.

 

2. Our contact information and that of the person responsible for processing your data

CDN can be contacted for all questions regarding the protection of the personal data of its customers (hereinafter “the Customers”), as follows:

The data controller within SA Gambling Management is Mr. Alexandre Georgiades.

CDN has also appointed a data protection officer who can be contacted by email: privacy@circuscasinoresort.com. They are responsible for ensuring the monitoring and conformity of the processing of Customers’ personal data by CDN.

 

3. Processing of personal data not requiring Customers’ consent

3.1. CDN’s legal obligations and the necessary processing for CDN’s offer of casino games

CDN is bound, under the legal obligations and regulations that all games of chance operators are subject to, on the one hand, and for the purposes of authenticating and allowing Customers to access its establishment and take part in the casino games offered within it, on the other hand, to process the following personal data for the purposes outlined below. This processing of personal data carried out by CDN does not require Customers’ consent under article 6.1.b) and c) of the Regulation.

The personal data communicated by the Customer is saved on a register, as is described in article 7.1, which is controlled and remains under the responsibility of CDN at all times.

a. What data is processed?

The personal data processed is the following:

  • surname, first name(s), as well as, if applicable, a pseudonym, date and place of birth, nationality, occupation, language, sex, postal address, national registration number (or identity card or passport), gaming ban or not (EPIS), customer number, as well as, if applicable, email address and landline or mobile phone number;
  • bank details used during deposits and winnings withdrawals, as well as the amounts of these;
  • images, notably from CDN’s CCTV system;
  • identity card or any legal documents used for the authentication of Customers;
  • ongoing commercial promotions or those the Customers took part in;
  • any other information that can be exchanged between CDN and the Customer, in any medium or media whatsoever, notably by email, as part of the Customer’s registration or participation in CDN’s casino games.

b. What processing is carried out by CDN?

Processing consists of collection, recording, storage, consultation, organization, use, merging or any other necessary or useful action under the legal and regulatory provisions outlined in article 3.1.c). The processing can also consist of the transfer of personal data:

  • to judiciary and administrative authorities, such as, notably, the Gaming Commission and Financial Intelligence Processing Unit (CTIF- CFI);
  • to CDN’s providers, whose services are integral to its offer of casino games within its establishment and the list of which is available upon request from the data controller mentioned in article 2.

Personal data is likely to be processed by CDN in any medium whatsoever, electronic or paper, including texts and email.

c. What are the purposes of this processing?

1°) CDN is obliged to carry out the processing of the personal data described in articles 3.1.a) and b) to fulfil the legal and regulatory obligations that they are under, notably, the following legal provisions:

  • Law of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash;
  • Act of 7 May 1999 on games of chance, bets, gaming establishments and the protection of players, in particular, the obligations it imposes on operators in terms of management and administration, and its decrees of implementation, such as the Royal Decree of 15 December 2004 on the access register for class I and class II gaming establishments.

2°) CDN also processes the personal data referred to in article 3.1.a) for the purposes of authenticating Customers to allow them to access the CDN establishment and benefit from CDN’s offer of casino games; this processing is carried out to ensure:

  • the management of registrations and Customers’ accounts;
  • the management of Customers’ deposits and winnings;
  • the Customer’s information regarding current and future casino games offered by CDN;
  • the management of customer service, including reimbursement in the event of a casino game machine breakdown.

 

3.2. Other processing not requiring Customers’ consent

CDN also processes personal data for the legitimate purposes outlined below. This processing of personal data carried out by CDN does not require Customers’ consent under article 6.1.f) of the Regulation.

The personal data communicated by the Customer is saved on a register, as is outlined in article 7.1, which is controlled and remains under the responsibility of CDN at all times.

a. What data is processed?

The personal data processed is the following:

  • surname, first name(s), as well as, if applicable, a pseudonym, date and place of birth, nationality, occupation, language, sex, postal address, national registration number (or identity card or passport), gaming ban or not (EPIS), customer number, as well as, if applicable, email address and landline or mobile phone number;
  • the Customer’s activity within the CDN establishment;
  • bank details used during deposits and winnings withdrawals, as well as the amounts of these;
  • images, notably from CDN’s CCTV system;
  • identity card or any legal documents used for the authentication of Customers;
  • the Customer’s navigation and activity history on the casinodenamur.be website, including connection history (browser data, IP address), notably by using cookies;
  • ongoing commercial promotions or those the Customers took part in;
  • any other information that can be exchanged between CDN and the Customer, in any medium or media whatsoever, notably by email, as part of the Customer’s registration or participation in CDN’s casino games.

b. What processing is carried out by CDN?

Processing consists of collection, recording, storage, consultation, organization, use, merging of the personal data outlined in article 3.2.a). It also consists of the transfer of this personal data to third parties, the list of which is available upon request from the Contact mentioned in article 2, including other gaming hall or casino operators, both direct and indirect partners of CDN, for security, prevention or anti-fraud purposes.

Personal data is likely to be processed by CDN in any medium whatsoever, electronic or paper, including texts and email.

c. What are the legitimate purposes of this processing?

CDN processes the personal data referred to in article 3.2.a) for the following legitimate purposes:

  • promotion, advertising and marketing relating to the offer of new casino games or games of chance, or any similar product, as well as CDN’s horeca services, including sending SMS, telephone calls, emails, and paper or electronic newsletters;
  • security of the CDN establishment, prevention and anti-fraud;
  • withdrawal of winnings made by Customers on the 777.be and www.circus.be websites and the related accounting management;
  • participation in events, tournaments, tombolas, competitions and promotional offers relating to CDN’s casino games and games of chance;
  • execution of satisfaction surveys, statistical studies, trend analysis and market studies, for the purpose of improving gaming services or Customer information or the protection of Customers;
  • responsible gaming and the preventing of gaming addiction;
  • anything concerning the images saved on CDN’s CCTV system and reimbursing Customers in the event of a breakdown.

 

4. Processing of personal data subject to Customers’ consent

By using the casino games offered by CDN, the Customer expresses their free, specific, informed and unequivocal will to expressly authorize CDN to process personal data in accordance with the Regulation, within the limits and for the purposes defined below and without prejudice to the processing referred to in article 3.

The personal data communicated by the Customer is saved on a register, as is outlined in article 7.1, which is controlled and remains under the responsibility of CDN at all times.

The Customer also benefits from rights, including the right to withdraw their consent at any time, according to the terms and conditions defined in article 5.7.

 

4.1. Nature of the personal data processed

The data processed by CDN is the following:

  • surname, first name(s), as well as, if applicable, a pseudonym, date and place of birth, nationality, occupation, language, sex, postal address, national registration number (or identity card or passport), gaming ban or not (EPIS), customer number, as well as, if applicable, email address and landline or mobile phone number;
  • the bank details used during deposits and winnings withdrawals, as well as the amounts of these;
  • the identity card or any legal documents for the authentication of Customers;
  • the Customer’s activity within the CDN establishment;
  • images, notably from CDN’s CCTV system, as well as, if applicable, the data and images published on social media, such as Facebook;
  • participation history in tournaments, competitions or events, and the result of the participation, as well as gaming information (stakes, winnings and the times of these, as well as the machines the Customer plays on and the points collected on these as part of loyalty programs);
  • the Customer’s navigation and activity history on the circuscasinoresort.com website, including connection history (browser data, IP address), notably by using cookies;
  • any other information that can be exchanged between CDN and the Customer, in any medium or media whatsoever, notably by email, as part of the Customer’s registration or participation in CDN’s casino games.

The personal data communicated by the Customer is saved on a register, as is outlined in article 7.1, which is controlled and remains under the responsibility of CDN at all times.

 

4.2. The processing

Processing consists of collection, recording, storage, consultation, organization, use, merging of the personal data outlined in article 3.1.a). It also consists of the transfer of this personal data to third parties, the list of which is available upon request to the Contact mentioned in article 2, including other gaming hall or casino operators, directly or indirectly a partner of CDN, for marketing purposes as well as to CDN’s partners participating in CDN’s promotions.

Personal data is likely to be processed by CDN in any medium whatsoever, electronic or paper, including texts and email.

 

4.3. Purposes of personal data processing

The personal data is collected and processed by CDN for the following purposes:

  • Promotion, advertising and marketing, to the extent authorized by law, including the loyalty program, relating to the offer of casino games and betting services, including text messages, telephone calls, paper or electronic newsletters, emails, not part of article 3.2.c), such as the casino, games of chance and online betting activity of CDN or any other casino or games of chance company, directly or indirectly a partner of CDN, including advertising, marketing, to the extent authorized by law, including the loyalty program related to it;
  • Participation in events, tournaments, tombolas, competitions and promotional offers not related to casino games and games of chance;
  • Communication regarding winners and Customers’ winnings during their participation in tournaments, tombolas, competitions or events, notably the communication on the circuscasinoresort.com or www.circus.be website;
  • Development of new casino games and betting offers, both offline and online;
  • Execution of satisfaction surveys, statistical studies, trend analysis and market studies, for the purposes of management, marketing and reporting, including profiling, not part of the purpose outlined in article 3.2.c).

 

5. CDN’s Customers and their rights

Without prejudice to articles 3 and 6.2, Customers have the right to exercise the right of rectification, opposition and restriction, according to the terms and within the following limits.

 

5.1. Right of access

    1. CDN makes the following information available to Customers:
    • the identity and contact details of the data controller;
    • the contact details of the Data Protection Officer;
    • the personal data processed;
    • the purposes of the personal data processing, as well as the legal base for processing;
    • the recipients or categories of recipients of personal data, if applicable;
    • and, if applicable, the fact that the data controller intends to transfer personal data to a country located outside the European Union and: either the existence (or absence) of an adequacy decision made by the European Commission, or, in the absence of such a decision, the guarantees offered by the third country and the measures implemented to get a copy of the personal data.
    • The possibility of opposing automated processing of their data, such as profiling, unless proper reasons make this processing by CDN necessary, as well as the possibility of opposing all processing of their personal data for market research.
  1. Customers have the right to request, at any time, access to all the information stated in this article and in article 5.1, by getting in touch with the Contact referred to in article 2.
  2. Customers have the right to obtain a copy of the personal data being processed. CDN reserves the right to demand payment for the potential costs induced by any request for an extra copy; these costs will be calculated on the basis of administrative costs induced by the request; they will not exceed 20 euros.
  3. Customers have the right to obtain, in a structured format, this access or said copy, in such a way that the personal data they are provided is in a format that conforms to the technical standards in force when requesting access; this format will therefore allow them to be machine readable.

 

5.2. Right to rectification

CDN implements everything possible to guarantee that Customers’ personal data is correct and up to date; Customers are obliged to request the rectification and update of personal data concerning them, as soon as this data is wrong or incomplete.

This right to rectification can be exercised by request to the data controller referred to in article 2.

5.3. Right to opposition

CDN authorizes Customers to oppose the processing of all or part of personal data concerning them, for the following reasons:

  • their data is inaccurate;
  • the processing is no long necessary for the purposes the data was collected for;
  • the Customer withdraws their consent;
  • the data has been subject to illegal processing.

CDN also authorizes customers to oppose:

  • automated processing of their data, such as profiling, unless proper reasons make this treatment by CDN necessary;
  • any processing of their personal data for market research, including profiling, if it is linked to this market research.

This right to opposition can be exercised by request to the data controller referred to in article 2.

 

5.4. Right to be forgotten

CDN also ensures to respond to any request for deletion of personal data in the shortest possible period (right to be forgotten), when:

  • the processing is no long necessary for the purposes the data was collected for;
  • the Customer withdraws their consent;
  • the data has been subject to illegal processing, or should be deleted under a legal obligation;
  • the Customer opposes automated processing of their data, such as profiling, and there are no proper reasons making this processing by CDN necessary;
  • the Customer opposes processing of their personal data for market research, including profiling, if it is linked to this market research.

 

5.5. Right to restriction

The Customers also have the right to obtain from CDN the restriction of the processing of their personal data when:

  • the Customer considers their personal data to be incorrect, for the time necessary for CDN to verify the accuracy of it;
  • the processing is illegal but the Customer does not wish for their data to be deleted but requests a restriction of the data processing;
  • the Customer opposes automated processing, including profiling or processing of their personal data for market research purposes and that it is necessary to verify the legitimate nature of the reasons for which CDN intends to maintain this processing;
  • CDN no longer needs the personal data processed but the person concerned wants them to be saved for the observation, exercise or defense of rights in court;

This right to restriction can be exercised by request to the Contact referred to in article 2.

 

5.6. Transfer of data to a data controller

Customers are authorized to transfer their personal data to another data controller without CDN being able to prevent this.

While such a transfer is technically possible, Customers are authorized to request CDN to have this transfer carried out directly by their data controller.

 

5.7. Terms and conditions

The rights recognized by CDN to the Customer must be exercised by contacting the data controller referred to in article 2.

CDN will respond to these requests within a month and will keep a record for this purpose.

 

5.8. Notification

CDN will provide the Customer with a notification of any deletion or rectification of data carried out conforming to articles 5.2 and 5.4, unless such a notification proves to be impossible or imposes disproportionate effort.

This notification will be done by email or mail, based on the details communicated by the Customer.

 

6. Location, storage and duration of storage of personal data

6.1. CDN stores Customers’ personal data in a form that allows their identification and availability and follows appropriate and secure methods.

The data is stored and hosted in European Union territory; which offers all the necessary and useful security guarantees regarding the technical standards in force.

6.2. Customers’ personal data is stored by CDN for the purposes defined in articles 3 and 4 for a period of 10 years; CDN therefore reserves the right to keep the Customers’ personal data for all purposes that would be imposed on them by the Law, arising from their gaming and betting activities. Therefore, the Customers declare that they are informed and agree that, by reference to the Royal Decree of 15 December 2004 on the access register for class I and class II gaming establishments, CDN is required to keep the photocopy of the identity card or document used to identify the Customer for at least ten years from the date of the Customer’s last activity.

Notwithstanding article 6.2, paragraph 1, player photographs are kept by CDN for a period of 8 weeks from the date on which the photograph was taken, for the purposes of anti-money laundering, ensuring the security of CDN’s establishment and its players, and complying with CDN’s house rules.

 

7. CDN’s responsibilities – Subcontracting

7.1. CDN agrees to process Customers’ personal data in a legal, loyal and transparent way regarding the Customer concerned. Any processing by CDN will conform to the Regulation’s demands and the Privacy Policy.

CDN has put in place and updates a register of processing activities, conforming to article 30 of the Regulation. This register is controlled by and remains at all times under the responsibility of CDN. It contains, notably, the purposes of processing, the categories of people concerned and the categories of personal data.

CDN implements all reasonable and appropriate methods to ensure confidentiality, integrity and availability of the personal data it processes. These technical and organizational measures are regularly evaluated and updated.

The technical measures notably include a firewall, CCTV, etc.

The organizational measures notably include the execution of internal audits, in addition to the audits CDN can be subject to from the Gaming Commission, notably.

If necessary, CDN carries out, with the help of the data protection officer, impact analysis when processing is likely to cause a heightened risk for Customers.

7.2. Customers’ personal data is not transferred to third parties other than authorities, providers and CDN’s partners, unless for the purposes outlined in articles 3.1, 3.2 and 4 and, therefore, if:

  • The transfer becomes compulsory by law, regulation or injunction of an administrative or judiciary authority;
  • The transfer is necessary for the provision of casino game services by CDN or the management of a Customer complaint;
  • The Customer gives their consent for such transfer;

CDN’s partner will not be considered as a subcontractor, unless they process the Customers’ personal data on behalf of CDN. CDN declines all responsibility regarding the processing of Customers’ personal data by the partner that provides its own services in its own name and on its own behalf or if CDN proves it is not accountable for any damage caused.

In the event that CDN acts as the partner’s subcontractor, it is agreed that CDN will only be held liable for damage caused by the processing of personal data contrary to the Regulation or this Privacy Policy if it has not complied with the obligations set out in the Regulation that are specifically incumbent on the subcontractors or acted outside of or contrary to the partner’s lawful instructions. Similarly, CDN cannot be held liable under any circumstances if it proves that the fact that caused the damage is in no way attributable to it.

7.3. CDN ensures that, when processing is carried out by a subcontractor, on behalf of CDN, they provide sufficient guarantees for the implementation of appropriate technical and organizational measures and, more generally, regarding compliance with the Regulation’s demands. In particular, it requires the subcontractor to comply with the Regulation and, therefore, to keep a register.

7.4. CDN agrees to notify security incidents linked to processed data, likely to create a risk for the rights and freedoms of natural persons concerned, to the data protection authority referred to in article 8.3 at the earliest opportunity and, if possible, within 72 hours, at the latest, from the date they learnt about the incident.

CDN will record any security incident and take the necessary organizational and technical measures in order to resolve it as soon as possible.

CDN will also inform the Customers concerned, insofar as the violation of personal data presents a heightened risk for Customers’ rights and freedoms; they will be informed by email or mail using the contact details communicated by the Customer.

 

8. Other

8.1. Personal data register

As the personal data controller, CDN has a register of all of its processing activities. This contains all information relating to the type of data processed, the people concerned by the processing of data, the potential recipients to whom the data is, if applicable, communicated, to which end the data is processed as well as the duration the data is stored and a general description of the technical and organizational security measures put in place.

The personal data communicated by the Customer is saved, as well as the processing carried out and its purposes, in a register that is controlled by and remains under the responsibility of CDN at all times. This register includes, in addition to the aforementioned information:

  • a description of the purposes of the processing;
  • a description of the categories of people concerned and the categories of personal data;
  • the categories of recipients that the personal data has been or will be communicated to, including the recipients in third countries or international organizations;
  • the periods expected for the deletion of various categories of data;
  • a general description of the technical security measures.

 

8.2. Entirety – modification of the Privacy Policy

The Privacy Policy contains the entirety of contractual provisions effective against Customers, without prejudice to the general provisions applicable to Customers during any visit to the CDN establishment. These provisions therefore remain applicable for any matter not related to personal data protection.

CDN also reserves the right to modify the Privacy Policy. Any update is effective against Customers from their next visit to CDN. CDN ensures to mention the date of posting of the Privacy Policy in force on https://www.circuscasinoresort.com/en/privacy-policy-casino/ website.

 

8.3. Data protection authority

The Customer has the right to request additional information or make a complaint to the Data Protection Authority; their contact details are:

Address: Rue de la Presse, 35, 1000 Brussels

Telephone: +32 (0)2 274 48 00

Fax: +32 (0)2 274 48 35

Email: contact@apd-gba.be