Privacy Policy

…Did you know?

   Dear clients,

   New rules came into force in the European Union concerning the protection of your personal data on 25 May 2018!

   …. Your gaming hall informs you and protects your personal data.

   Please carefully read our new rules about the protection of your personal data. Don’t hesitate to contact us with any questions you may have.

 Plan

1. General information

2.  Processing of personal data not requiring Customers’ consent

2.1. CIRCUS’ legal obligations and processing required for use

2.2. Other processing not requiring Users’ consent

3. Processing of personal data subject to Users’ consent

4. User rights

4.1. Right of access

4.2. Right to rectification

4.3. Right to opposition

4.4. Right to be forgotten

4.5. Right to restriction

4.6. Transfer of data to a data controller

4.7. Terms

4.8. Notification

5. Location, storage and duration of storage of personal data

6. Responsibility of CIRCUS – Data processor

7. Other provisions

 

     

    1. General information

    Definitions

    • Gaming Hall: refers to the Establishments operating the landbased Circus Casino gaming halls operated by the companies mentioned below.
    • Establishment: the following companies operating Gaming Halls: CIRCUS BELGIUM S.A. and its subsidiaries, Games Services S.A., SLOTS SPRL, WINVEST SPRL, OLYMPIAN WALLONIE S.A., Mr JOKER SPRL, PRE CARATS SPORTS S.A., ROYAL NAMUR S.A., EURO 78 SPRL, PARCTION SA and all the companies that could be acquired or incorporated in the future by one of the companies listed above and who have their headquarters and place of business listed on the Belgian Gaming Commission website (https://data.gamingcommission.be/licenses/B/latest/table.html?lang=en) (hereinafter “CIRCUS”).
    • Belgian Gaming Commission or “BGC”: refers to the advisory, decision-making and monitoring organization regarding games of chance that issued the Establishment’s operating license and has its head office at Cantersteen 47, 1000 Brussels (gamingcommission.be).

    Why do we have a regulation regarding personal data protection?

    CIRCUS processes the personal data of visitors to the Gaming Hall (hereinafter the “Customers” or “Users”), for the purposes and within the limits defined in this privacy policy (hereinafter the “Privacy Policy”).

    When processing said personal data, CIRCUS. undertakes to comply with the laws and regulations in force, including, in particular, the Belgian Act of 30 July 2018 on the protection of privacy and European Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter the “Regulation”).

           In this respect and in accordance with the Regulation, CIRCUS:

    • Is legally obliged to process the personal data of Users. This processing is outlined in Section 2.1 of the Privacy Policy;
    • Processes personal data for the purposes of allowing Customers to access the Gaming Hall, to use the offer of games of chance and, furthermore, for the necessary and legitimate purposes outlined in Section 2.2 of the Privacy Policy;
    • Shall process the personal data described in Section 3, in accordance with the purposes defined therein, subject to the Customer’s prior, freely given and explicit consent.

    The Customers are considered, on entering the Gaming Hall, to have read and accepted the Privacy Policy. Furthermore, they guarantee that the data and information communicated to CIRCUS is correct.

    The Privacy Policy is an integral part of the registration form that CIRCUS require its Customers to sign during every visit to the Gaming Hall; it can be read at any time in the Gaming Hall establishment.

     

    2. Processing of personal data not requiring Users’ consent

     

    2.1. CIRCUS’ legal obligations and processing required for the Establishments’ offer of games of chance

    CIRCUS is bound, under the legal obligations and regulations that all games of chance operators are subject to, on the one hand, for the purposes of authenticating and allowing Customers to access their Gaming Hall and take part in the games of chance offered within it, on the other hand, to process the following personal data for the purposes outlined below. This processing of personal data carried out by CIRCUS does not require Customers’ consent under Section 6.1.b) and c) of the Regulation.

    The personal data communicated by the Customer is saved on a register, as is described in Section 7.1, which is controlled and remains under the responsibility of CIRCUS at all times.

    Within the limits defined by the Regulation, the User shall also benefit from (certain) rights, as laid out in Section 4 below, which they can exercise in accordance with the provisions of Section 4.7.

    a. What data is processed?

    The following personal data is processed:

    • surname, first name(s), as well as, if applicable, username, date and place of birth, language, sex, nationality, postal address, national registration number (or identity card or passport), occupation, and, if applicable, email address, and landline or mobile phone number;
    • bank details used during deposits and winnings withdrawals, as well as the amounts of these;
    • image, notably via CIRCUS’ video surveillance system;
    • identity card or any legal documents used for the authentication of Customers;
    • number of visits and the dates of these visits;
    • all other personal data that can be exchanged between CIRCUS and the Customer, by any method or medium whatsoever, including by email, as part of the Customer’s registration or their participation in CIRCUS’ games of chance.

    b. What processing is carried out by CIRCUS?

    Processing consists of collection, recording, storage, viewing, organization, use, reconciliation or any other necessary or useful action in accordance with the statutory and regulatory provisions referred to in Section 2.1.c) below. Processing may also involve the forwarding of personal data:

    • to judiciary and administrative authorities, including the Gaming Commission and the Financial Intelligence Processing Unit (CTIF- CFI);
    • to CIRCUS’ providers, whose services are integral to its offer of games of chance within its establishment and the list of which is available upon request from the data controller mentioned in Section 7.5.

    Personal data is likely to be processed by CIRCUS in any medium whatsoever, electronic or paper, including texts and email.

    c. What are the purposes of this processing?

    1) CIRCUS must process the personal data referred to in Sections 2.1.a) and b) in order to fulfill the legal and regulatory obligations incumbent upon it, including the following legal provisions in particular:

    • the Belgian Act of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash;
    • Act of 7 May 1999 on games of chance, bets, gaming establishments and the protection of players, in particular, the obligations it imposes on operators in terms of management and administration and responsible gaming, and its decrees of implementation, such as the Royal Decree of 15 December 2004 on the access register for class I and class II gaming establishments.

    2) CIRCUS also processes the personal data referred to in Section 2.1.a) for the purposes of authenticating Customers in order to allow them to access and use the CIRCUS establishment and use CIRCUS’ offer of games of chance; this processing is carried out for the following purposes:

    • the management of registrations and Customers’ accounts;
    • the management of Customers’ deposits and winnings;
    • Customer’s information relating to current and future casino games offered by CIRCUS;
    • the management of customer service, including reimbursement in the event of a game of chance machine breakdown.

     

    2.2 Other processing not requiring Customers’ consent

    CIRCUS also processes personal data for the legitimate purposes outlined below. This processing of personal data carried out by CIRCUS does not require Customers’ consent under Section 6.1.f) of the Regulation.

    The personal data communicated by the Customer is saved on a register, as is outlined in Section 7.1, which is controlled and remains under the responsibility of CIRCUS at all times.

    a. What data is processed?

    The following personal data is processed:

    • surname, first name(s), as well as, if applicable, username, date and place of birth, language, sex, postal address, occupation, nationality, and, if applicable, email address, and landline or mobile phone number;
    • the Customer’s activity within CIRCUS’ establishment;
    • the bank details used during deposits and winnings withdrawals, as well as the amounts of these, whatever the payment or withdrawal method (in cash, by bank card, by Gunnebo game card or by the player account opened by the Customer on www.circus-casino.be);
    • image, notably via CIRCUS’ video surveillance system;
    • identity card or any legal documents used for the authentication of Customers;
    • the Customer’s navigation and activity history on www.circus-casino.be, including game history (casino and sports betting) and their transactions (winnings, withdrawals), logins (browser data, IP address) notably by using cookies;
    • all other information that can be exchanged between CIRCUS and the Customer, by any method or medium whatsoever, including by email, as part of the Customer’s registration or their participation in CIRCUS’ games of chance.

    b. What processing is carried out by CIRCUS?

    Processing consists of the collection, recording, storage, viewing, organization, use and reconciliation of the personal data outlined in Section 2.2.a). It also consists of the transfer of this personal data to third parties, the list of which is available upon request from the Contact mentioned in Section 7.5, including other gaming hall or casino operators, both direct and indirect partners of CIRCUS, for security, prevention or anti-fraud purposes.

    Personal data is likely to be processed by CIRCUS in any medium whatsoever, electronic or paper, including texts and email.

    c. What are the legitimate purposes of this processing?

    CIRCUS processes the personal data referred to in Section 2.2.a) for the following legitimate purposes:

    • the development of new games and betting offers;
    • promotion, advertising and marketing within the limits allowed by law, related to the offer of casino games, games of chance or new bets, or any similar product, as well as CIRCUS’ horeca services, including by SMS, telephone call, email, and paper or electronic newsletter;
    • security of the CIRCUS establishment, prevention and anti-fraud;
    • withdrawal of winnings made by Customers on the www.circus-casino.be website and the related accounting management;
    • participation in events and competitions relating to CIRCUS’ casino games and games of chance or sports bets, including communication with winners;
    • execution of satisfaction surveys, statistical studies, trend analysis and market studies, for the purpose of improving gaming services or Customer information or the protection of Customers and prevention of gaming addiction as well as for management, marketing, reporting purposes, including profiling;
    • anything concerning the images saved on CIRCUS’ CCTV system and reimbursing Customers in the event of a breakdown.

    3. Processing of personal data subject to Customers’ consent

    By using the games of chance offered by CIRCUS, the Customer expresses their free, specific, informed and unequivocal will to expressly authorize CIRCUS to process personal data in accordance with the Regulation, within the limits and for the purposes defined below and without prejudice to the processing referred to in Section 2.  

    The personal data communicated by the Customer is saved on a register, as is outlined in Section 7.1, which is controlled and remains under the responsibility of CIRCUS at all times.

    The Customer also benefits from rights, including the right to withdraw their consent at any time, according to the terms and conditions defined in Section 4.7.

    3.1. Nature of the personal data processed

    The data processed by CIRCUS is the following:

    • surname, first name(s), as well as, if applicable, username, date and place of birth, language, sex, occupation, nationality, postal address, national registration number (or identity card or passport), email address, and landline or mobile phone number;
    • the Customer’s activity within CIRCUS’ establishment;
    • images, notably from CIRCUS’ CCTV system, as well as, if applicable, the data, usernames and images published on social media, such as Facebook;
    • participation history in competitions or events, and the result of the participation, as well as gaming information (stakes, winnings and the times of these, as well as the machines the Customer plays on and the points collected on these as part of loyalty programs);
    • the Customer’s navigation and activity history on www.circus-casino.be, including game history (casino and sports betting) and their transactions (winnings and losses, deposits, withdrawals), logins (browser data, IP address) notably by using cookies;
    • all other information that can be exchanged between CIRCUS and the Customer, by any method or medium whatsoever, including by email, as part of the Customer’s registration or their participation in CIRCUS’ games of chance.

    The personal data communicated by the Customer is saved on a register, as is described in Section 7.1, which is controlled and remains under the responsibility of CIRCUS at all times.

    3.2. The processing

    Processing consists of the collection, recording, storage, viewing, organization, use and reconciliation of the personal data referred to in Section 3.1. It also consists of forwarding this personal data to third parties, a list of whom may be obtained upon request by writing to one of the contact addresses provided in Section 7.5 below, including the companies owned, directly or indirectly, by CIRCUS shareholders.

    Personal data is likely to be processed by CIRCUS in any medium whatsoever, electronic or paper, including texts and email.

    3.3. Purposes of personal data processing

    Personal data is collected and processed by CIRCUS for the purposes of promotion, advertising and marketing within the limits allowed by the law related to the offer of game of chance, casino game and betting services (including by SMS, telephone call, email, paper or electronic newsletter, and email), involving the processing of personal data by third parties.

       

      4. Customer rights

      Without prejudice to Sections 2 and 5, Customers have the right to exercise the right of rectification, opposition and restriction, according to the terms and within the following limits.

       

      4.1. Right of access

       a. CIRCUS makes the following information available to Customers:

      • The identity and contact details of the data controller;
      • The contact details of the Data Protection Officer (DPO);
      • The personal data processed;
      • The purposes of the personal data processing and the legal basis for such processing;
      • the recipients or categories of recipients of personal data, if applicable;
      • Where applicable, the data controller’s intention to transfer the personal data to a country located outside the European Union and either (i) the existence (or absence) of an adequacy decision adopted by the European Commission or, (ii) in the absence of such a decision, the guarantees offered by the third country in question and the measures implemented to obtain a copy of the personal data;
      • The possibility of opposing automated processing of their data, such as profiling, unless proper reasons make this processing by CIRCUS necessary, as well as the possibility of opposing all processing of their personal data for market research.

      b. Customers have the right to request, at any time, access to all the information stated in this Section and in Section 5.1, by getting in touch with the Contact referred to in Section 7.5.

      c. Customers have the right to obtain, without cost, a copy of the personal data being processed. CIRCUS reserves the right to demand payment for the potential costs induced by any request for an extra copy; these costs will be calculated on the basis of administrative costs induced by the request; they will not exceed 20 euros.

      d. Customers shall have the right to be granted said access or obtain said copy of the personal data, in a structured format and in such a way that the personal data is provided in a format that complies with technical standards in force when the request for access is submitted; this format must allow the data to be machine-readable.  

         

        4.2. Right to rectification

        CIRCUS implements everything possible to guarantee that Customers’ personal data is correct and up to date; Customers are obliged to request the rectification and update of personal data concerning them, as soon as this data is wrong or incomplete.

        This right to rectification can be exercised by request to the data controller referred to in Section 7.5.

        4.3. Right to opposition

        CIRCUS authorizes Customers to oppose the processing of all or part of personal data concerning them, for the following reasons:

        • The data is inaccurate;
        • The processing is no longer required for the purposes for which the data was collected;
        • The Customer withdraws their consent;
        • The data has been subject to illegal processing.

        CIRCUS also authorizes customers to oppose:

        • automated processing of their data, such as profiling, unless proper reasons make this treatment by CIRCUS necessary;
        • any processing of their personal data for direct marketing purposes, including profiling, if it is linked to such direct marketing.  

        This right to opposition can be exercised by request to the data controller referred to in Section 7.5.

        4.4. Right to be forgotten

        CIRCUS also ensures to respond to any request for deletion of personal data in the shortest possible period (right to be forgotten), when: 

        • The processing is no longer required for the purposes for which the data was collected;
        • The Customer withdraws their consent;
        • The data has been subject to illegal processing, or should be deleted under a legal obligation.
        • The Customer opposes automated processing of their data, such as profiling, and there are no proper reasons making this processing by CIRCUS necessary;
        • The Customer opposes processing of their personal data for market research, including profiling, if it is linked to this market research.  

           

          4.5. Right to restriction

          The Customers also have the right to obtain from CIRCUS the restriction of the processing of their personal data when:

          • the Customer considers their personal data to be incorrect, for the time necessary for CIRCUS to verify the accuracy of it;
          • the processing is illegal but the Customer does not wish for their data to be deleted but requests a restriction of the data processing;
          • the Customer opposes automated processing, including profiling or processing of their personal data for market research purposes and that it is necessary to verify the legitimate nature of the reasons for which CIRCUS intends to maintain this processing; 
          • CIRCUS no longer needs the personal data processed but the person concerned wants them to be saved for the observation, exercise or defense of rights in court;

          This right to restriction can be exercised by request to the Contact referred to in Section 7.5.

          4.6 Data transfer to a data controller

          Customers are authorized to transfer the personal data processed automatically by CIRCUS under Sections 2.2 and 3 to another data controller without CIRCUS being able to prevent said transfer.

          While such a transfer is technically possible, Customers are authorized to request CIRCUS to have this transfer carried out directly by their data controller.

          4.7. Terms and conditions

          The rights recognized by CIRCUS to the Customer must be exercised by contacting the data controller referred to in Section 7.5.

           

          4.8. Notification

          CIRCUS will provide the Customer with a notification of any deletion or rectification of data carried out conforming to Sections 4.2 and 4.4, unless such a notification proves to be impossible or imposes disproportionate effort.

          This notification will be done by email or mail, based on the details communicated by the Customer.

          5. Location, storage and duration of storage of personal data

          5.1. CIRCUS stores Customers’ personal data in a form that allows their identification and availability and follows appropriate and secure methods.
          The data is stored and hosted in the European Union territory as well as in Israel for marketing data; which provides all the security guarantees necessary regarding the technical standards in force.

          5.2 Customers’ personal data is stored by CIRCUS for the purposes defined in Sections 2 and 3. They are stored for a period of 10 years for all the purposes determined in Section 2; CIRCUS therefore reserves the right to keep the Customers’ personal data for all purposes that would be imposed on them by the Law, arising from their gaming and betting activities. Therefore, the Customers declare that they are informed and agree that, by reference to the Royal Decree of 15 December 2004 on the access register for class I and class II gaming establishments, CIRCUS is required to keep the photocopy of the identity card or document used to identify the Customer for at least ten years from the date of the Customer’s last activity, in order to fulfill its legal obligations.
          In addition, personal data is kept for a period not exceeding that necessary for the execution of the purpose of processing for all the purposes defined in Section 2.2 and 3, it being understood that the retention period must take into account, in view of the specific nature of the services offered by CIRCUS, the eventuality that, on the initiative of the Gaming Commission, a judicial authority or a third party, CIRCUS may be obliged to have a legal claim established or exercised in relation to the Customer’s personal data.

           

          5.3 If the personal data must be transferred to service providers located outside of the European Economic Area, this transfer will be carried out on one of the following principals:
          • the European Commission has adopted an adequacy decision recognizing that the service providers in question offer an adequate level of protection for the data transferred to them by a European entity;
          • CIRCUS CASINO has provided appropriate guarantees, mainly due to the use of standard contractual clauses (SCCs) drawn up by the European Commission.

           

          6 Responsibility of CIRCUS – Data processor

          6.1 CIRCUS agrees to process Customers’ personal data in a legal, loyal and transparent way regarding the Customer concerned. Any processing done by CIRCUS conforms to the requirements of the Regulation, of the Law of 30 July 2018 on privacy and of the Privacy Policy.
          CIRCUS has put in place and updates a register of processing activities, conforming to Section 30 of the Regulation. This register is controlled by and remains at all times under the responsibility of CIRCUS. It contains, notably, the purposes of processing, the categories of people concerned and the categories of personal data.
          CIRCUS implements all reasonable and appropriate methods to ensure confidentiality, integrity and availability of the personal data it processes. These technical and organizational measures are regularly evaluated and updated.
          The technical measures notably include a firewall, CCTV, etc.
          The organizational measures notably include the execution of internal audits, in addition to the audits CIRCUS can be subject to from the Gaming Commission, notably.
          If necessary, CIRCUS carries out, with the help of the data protection officer, impact analysis when processing is likely to cause a heightened risk for Customers.

          6.2 Customers’ personal data is not transferred to third parties other than authorities, providers and CIRCUS’ partners, unless for the purposes outlined in Sections 2.1, 2.2, 3 and 7.2 and, therefore, if:
          • The transfer becomes compulsory by law, regulation or injunction of an administrative or judiciary authority;
          • The transfer is necessary for the provision of game of chance services by CIRCUS or the management of a Customer complaint;
          • The Customer gives their consent for such transfer.
          CIRCUS’ partner will not be considered as a subcontractor, unless they process the Customers’ personal data on behalf of CIRCUS. CIRCUS declines all responsibility regarding the processing of Customers’ personal data by the partner that provides its own services in its own name and on its own behalf or if CIRCUS proves it is not accountable for any damage caused; this will be the case in particular if the partner has not acted in accordance with CIRCUS’ instructions.
          In the event that CIRCUS acts as the partner’s subcontractor, it is agreed that CIRCUS will only be held liable for damage caused by the processing of personal data contrary to the Regulation or this Privacy Policy if it has not complied with the obligations set out in the Regulation that are specifically incumbent on the subcontractors or acted outside of or contrary to the partner’s lawful instructions. Similarly, CIRCUS’ liability cannot be incurred in any way whatsoever i) if it can prove that it is in no way responsible for the event that caused the damage; and ii) remains subject to the limitation of liability provisions of Section 11 of the Website Terms of Use.

          6.3 CIRCUS ensures that, when processing is carried out by a subcontractor, on behalf of CIRCUS, they provide sufficient guarantees for the implementation of appropriate technical and organizational measures and, more generally, regarding compliance with the Regulation’s demands. In particular, it requires the subcontractor to comply with the Regulation and, therefore, to keep a register.

          6.4 CIRCUS agrees to notify security incidents linked to processed data, likely to create a risk for the rights and freedoms of natural persons concerned, to the data protection authority referred to in Section 8.3 at the earliest opportunity and, if possible, within 72 hours, at the latest, from the date they learnt about the incident.
          CIRCUS will record any security incident and take the necessary organizational and technical measures in order to resolve it as soon as possible.
          CIRCUS will also inform the Customers concerned, insofar as the violation of personal data presents a heightened risk for Customers’ rights and freedoms; they will be informed by email or mail using the contact details communicated by the Customer.

           

          7. Other provisions 

           

          7.1. Personal data register

          As the personal data controller, CIRCUS has a register of all of their processing activities. This register contains all information relating to the type of data processed, data subjects, the potential recipients to whom the data is communicated (where applicable), the purposes for which the data is processed, the data retention period and a general description of the technical and organizational security measures implemented.
          The personal data communicated by the Customer is saved, as well as the processing carried out and its purposes, in a register that is controlled by and remains under the responsibility of CIRCUS at all times. This register includes, in addition to the aforementioned information:
          – a description of the purposes of the processing;
          – a description of the categories of data subjects and personal data;
          – the categories of recipients to whom the personal data has been or will be communicated, including any recipients in third countries or international organizations;
          – the expected deadlines for the deletion of various categories of data;
          – a general description of the technical security organizational measures implemented with regard to data confidentiality and security.

             

            7.2. Entirety – modification of the Privacy Policy

            The Privacy Policy contains the entirety of contractual provisions effective against Customers, without prejudice to the general provisions applicable to Customers during any visit to the CIRCUS establishment. These provisions therefore remain applicable for any matter not related to personal data protection.
            CIRCUS also reserves the right to modify the Privacy policy. Any update is effective against Customers from their next visit to the Gaming Hall.

             

            7.3. Probative value

            Customers acknowledge that the electronic documents exchanged and electronic data collected in connection with their registration or use of the website www.circus-casino.be shall have the same probative value as if such documents and data had been communicated or collected via printed media. Users therefore agree not to contest the documents’ validity or probative value on grounds of their digital format.

             

            7.4. Data protection authority

            In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the Belgian Act of 8 December 1992, Users shall have the right to request extra information or make a complaint to the Belgian Data Protection Authority. The Supervisory Authority is the Commission for the Protection of Privacy; their contact details are:

            Address: Rue de la Presse, 35, 1000 Brussels

            Telephone: +32 (0)2 274 48 00

            Fax: +32 (0)2 274 48 35

            Email: contact@apd-gba.be 

             

            7.5 Our contact information and that of the person responsible for processing your data

            CIRCUS contacted for all questions regarding the protection of the personal data of its customers (hereinafter “the Customers”), as follows:

             

            The data controller within CIRCUS is the legal entity that operates the gaming hall and is the holder of the B license for the gaming hall visited by the Users.

            CIRCUS also appointed a data protection officer who can be contacted by email: privacy@circus-casino-places.be. They are responsible for ensuring the monitoring and conformity of the processing of Customers’ personal data by CIRCUS.