Processing of personal data
Notification on the Processing of Personal Data of Olympic Casino Customer
Valid from: 14.04.2023
1. General provisions
1.1. This notification explains the processing of customers’ personal data by Olympic Casino casinos and the rights of customers in relation to the processing of personal data.
1.2. The data controller is Olympic Entertainment Group AS (hereinafter referred to as OEG), Pronksi 19, Tallinn 10124, Estonia, +3726671250, firstname.lastname@example.org.
1.3. The contact details of OEG’s Data Protection Officer are DataProtectionOfficerEstonia@oc.eu, +3726671250, Pronksi 19, Tallinn 10124, Estonia.
1.4. OEG implements appropriate technical and organisational measures to protect personal data from unauthorised access, unlawful disclosure, accidental loss, alteration, destruction or other unlawful processing. We also require our cooperation partners, to whom we transfer personal data in accordance with this Privacy Notice, to implement the necessary organisational, physical and IT security measures. However, please note that even by using all technical and organisational measures to protect personal data, some risks, such as cyber-attack, loss of electricity, software error or malicious actions of an individual, still remain. Upon discovering such breach, we shall take all reasonable steps to mitigate and minimise the risk to our customers.
1.5. Provisions on the processing of personal data may also be included in contracts between the customer and OEG. In such a case, in the event of a conflict of provisions, the provisions agreed upon in the contract shall apply.
1.6. If OEG amends the notification on the processing of personal data, it will publish the updated version on its website www.olympic-casino.ee.
2. Customer rights in relation to the processing of their personal data
2.1. The customer has the right to be informed on whether OEG processes their personal data and, if so, to receive a copy of the aforementioned data.
2.2. The customer has the right to request the rectification of inaccurate personal data concerning them.
2.3. The customer has the right to withdraw their consent to the processing of personal data (e.g. direct marketing consent) at any time, if the processing is based on consent. Withdrawal of consent does not affect the lawfulness of the processing that took place prior to the withdrawal.
2.4. The customer has the right to request the erasure of their personal data. OEG may delete data processed on the basis of consent or legitimate interest if the interests of OEG do not outweigh the interests of the customer. The right to erasure does not apply to data that is processed for the fulfilment of a statutory or contractual obligation, as long as the statutory or contractual obligation is valid.
2.5. The customer has the right to object to the processing of their personal data (especially on the basis of legitimate interest) and to restrict the processing of their personal data where justified.
2.6. The customer has the right to receive their personal data, which they have submitted, in a structured and machine-readable format (if technically feasible) for transmission to other companies.
2.7. The Customer has the right to lodge a complaint about the processing of personal data with the Estonian Data Protection Inspectorate by sending an e-mail to email@example.com or in person at Tatar 39, Tallinn.
3. Processed personal data and their sources
3.1. OEG processes the following customer personal data.
3.1.1. Registration data: first name, last name, personal identification code or date of birth, photo of the person.
3.1.2. Verification data: type of the identity document, number of the document, date of issuance and validity, copy of the document, result of the personal data check from the Estonian Tax and Customs Board gambling self-exclusion list, the list of sanctioned persons and OEG’s casino exclusion list, country of residence.
3.1.3. AML details: occupation or activity, country of residence, information on being a politically exposed person, source and origin of funds, details of cash transactions over 2,000 € (time, place, amount, description).
3.1.4. Club reward card details: club reward card number, date of issue.
3.1.5. Gambling data: name of the gaming venue, type and number of the gaming device, start and end time of the gaming session, details of the funds inserted during the session, the stake placed and the result of the game.
3.1.6. Transfer details: IBAN of the bank account or the 4 final digits of the card number, the amount of the transfer or card payment, the place and time of the transaction.
3.1.7. Marketing and communication data: e-mail and/or mobile phone number, language of communication, product/service preference, consent to direct marketing, message content, date and time of message.
3.1.8. Visual data: visual image of the person, name of the gaming venue, camera number, date and time.
3.2. OEG does not process special categories of personal data related to the customer (data concerning racial or ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic data and biometric data).
3.3. OEG collects data related to the customer from the customer, publicly available sources, and third parties such as public authorities, national databases and Acuris Risk Intelligence LTD, an intermediary of a database concerning the verification of politically exposed persons and sanctions.
4. Legal basis and purposes of the processing of personal data
4.1. The legal bases for the processing of the customer’s personal data are: performance of statutory obligations, performance of contractual obligations, the data subject’s consent and the legitimate interest of OEG.
4.2. The purposes of processing the customer’s personal data are: fulfilling the customer’s registration obligation, fulfilling the obligation of registering the customer’s financial transaction, fulfilling the "know your customer" requirement, fulfilling the obligation to verify persons with child maintenance arrears, providing gambling services, building loyalty and providing added value, handling the customer’s self-exclusion application, marketing OEG services/products, handling customer feedback, determining the customer’s risk profile, expanding the customer base, building customer loyalty and providing added value through the club reward card, claiming damages, complying with the terms and conditions of use of the payment terminal, maintaining the poker leaderboard, managing OEG’s resources, service improvement, monitoring work processes and staff, ensuring safety in the gaming rooms, archiving OEG documents, handling whistleblowing reports.
4.3. In the case of data processing carried out for the performance of statutory or contractual obligations, the customer is obliged to provide such personal data. Failure to provide such data will prevent OEG from fulfilling its contractual or statutory obligations and will limit the customer’s ability to use the services offered.
4.4. Where OEG processes personal data on the basis of legitimate interest, it has assessed that its legitimate interest in processing personal data for certain purposes outweighs the interests and rights of the customer.
5. Profiling and automated decision-making
5.1. Profiling is used in the following processes and is based on the following logic.
5.1.1. Marketing the services/products offered by OEG and OlyBet, taking into account the volume of customer visits, services and games used.
5.1.2. Determining the risk profile of the customer, taking into account the customer’s last 365 days of visits, game and payment statistics. On the basis of the risk profile, OEG may ask for proof of the customer’s income, failing which OEG has the right to restrict the customer’s access to the services offered.
5.2. Automatic decisions are used in the following processes and based on the following logic.
5.2.1. Generating weekly freeplay for the club reward card user, taking into account the customer’s game turnover of the last 30 days.
5.2.2. Upgrading a customer to the Bronze and Silver tier owing to rewards points is based on the customer’s previous 6 months’ game turnover.
6. Transmission of personal data
6.1. In order to provide services and/or to fulfil its legal obligations, OEG uses partners as personal data processors, who process data based on and to the extent of the instructions given by OEG.
6.2. When processing personal data, OEG will transfer your personal data to the following recipients: public authorities, courts, banks, auditors and legal advisors, insurance companies, analytics service providers, archiving service providers, information transmission and communication service providers, PEP and sanction verification database intermediaries, poker tournament management software providers, streaming service intermediaries, whistleblowing platform operators.
6.3. If the OEG partner processing the data is located outside the European Union, the safeguards to be used for the transmission of personal data are: an adequate level of data protection in the recipient country in accordance with the European Commission’s decision, or the use of standard contractual clauses for data protection developed by the European Commission in the cooperation agreement (click on the relevant link for more information).
6.4. The joint controller of customer data is the OlyBet gaming environment operator OB Holding 1 OÜ (address Pronksi 19, Tallinn 10124, Estonia, +3726671250, firstname.lastname@example.org), which is part of the same group as OEG, with whom OEG processes customer data for the purpose of marketing services/products, determining the customer’s risk profile and managing OEG’s resources. The parties have entered into an agreement to this effect.
6.5. The processor of customer data is the OEG’s subsidiary Kungla Investeeringu Osaühing (address Pronksi 19, Tallinn 10124, Estonia, +3726671250, email@example.com), with whom OEG processes customer data for the purpose of providing bar services.
7. Time limits for the retention of personal data
7.1. The personal data of a customer is retained until the purposes of the processing have been fulfilled or until the obligations arising from the legislation have been fulfilled.
7.2. OEG retains the customer’s personal data for 5 years after the customer’s last visit. After this period, the customer’s personal data will be deleted.
7.3. Video surveillance recordings shall be retained for a minimum of 14 days but not more than 30 days.
8. Video surveillance
8.1. OEG uses video surveillance for security purposes in its offices, casinos and gaming venues. The entrance area of the offices, the entire customer zone, the cash desk, the bar and the area in front of the front door of the gaming venues are monitored by video surveillance systems.
8.2. OEG uses video surveillance to fulfil its statutory obligations to ensure the safety of visitors, employees and property, to detect and prevent illegal activities and to protect OEG’s legal claims.
8.3. The CCTV images and recordings will only be viewed by OEG’s surveillance staff. If requested by law enforcement authorities, the recordings will also be transmitted to them.
Charming Las Vegas will open its doors to you right here in Estonia!
Olympic Club Cards
Follow our latest news & get the best offers.
By submiting the form you agree to receive communications from Olympic Entertainment Group.