Processing of personal data

Notice on the Processing of Personal Data of Olympic Casino Customer


Valid from: 02.07.2024


1.    General provisions


1.1.    This notice explains the processing of customers’ personal data by Olympic Casino casinos and the rights of customers in relation to the processing of personal data.
1.2.    The data controller is Olympic Entertainment Group AS (hereinafter referred to as OEG), Pronksi 19, Tallinn 10124, Estonia, +3726671250, estonia@oc.eu.
1.3.    The contact details of OEG’s Data Protection Officer are DataProtectionOfficerEstonia@oc.eu, +3726671250, Pronksi 19, Tallinn 10124, Estonia.
1.4.    OEG implements appropriate technical and organisational measures to protect personal data from unauthorised access, unlawful disclosure, accidental loss, alteration, destruction or other unlawful processing. We also require our cooperation partners, to whom we transfer personal data in accordance with this Privacy Notice, to implement the necessary organisational, physical and IT security measures. However, please note that even by using all technical and organisational measures to protect personal data, some risks, such as cyber-attack, loss of electricity, software error or malicious actions of an individual, still remain. Upon discovering such breach, we shall take all reasonable steps to mitigate and minimise the risk to our customers.
1.5.    Provisions on the processing of personal data may also be included in contracts between the customer and OEG. In such a case, in the event of a conflict of provisions, the provisions agreed upon in the contract shall apply.
1.6.    If OEG amends the notice on the processing of personal data, it will publish the updated version.
 

2.    Customer rights in relation to the processing of their personal data


2.1.    The customer has the right to be informed on whether OEG processes their personal data and, if so, to receive a copy of the aforementioned data.
2.2.    The customer has the right to request the rectification of inaccurate personal data concerning them.
2.3.    The customer has the right to withdraw their consent to the processing of personal data (e.g. direct marketing consent) at any time, if the processing is based on consent. Withdrawal of consent does not affect the lawfulness of the processing that took place prior to the withdrawal.
2.4.    The customer has the right to request the erasure of their personal data. OEG may delete data processed on the basis of consent or legitimate interest if the interests of OEG do not outweigh the interests of the customer. The right to erasure does not apply to data that is processed for the fulfilment of a legal or contractual obligation, as long as the legal or contractual obligation is valid.
2.5.    The customer has the right to object to the processing of their personal data (especially on the basis of legitimate interest) and to restrict the processing of their personal data where justified.
2.6.    The customer has the right to receive their personal data, which they have submitted, in a structured and machine-readable format (if technically feasible) for transmission to other companies.
2.7.    The Customer has the right to lodge a complaint about the processing of personal data with the Estonian Data Protection Inspectorate by sending an e-mail to info@aki.ee or in person at Tatar 39, Tallinn.
 

3.    Processed personal data and their sources


3.1.    OEG processes the following customer personal data.
3.1.1.    Registration data: first name, last name, personal identification code or date of birth, photo of the person.
3.1.2.    Verification data: type of the identity document, number of the document, date of issuance and validity, copy of the document, result of the personal data check from the Estonian Tax and Customs Board gambling self-exclusion list, the list of sanctioned persons and OEG’s casino exclusion list, country of residence.
3.1.3.    AML data: occupation or activity, country of residence, information on being a politically exposed person, source and origin of funds, details of cash transactions over 2,000 € (time, place, amount, description).
3.1.4.    Club reward card data: club reward card number, date of issue.
3.1.5.    Gambling data: name of the gaming venue, type and number of the gaming device, start and end time of the gaming session, details of the funds inserted during the session, the stake placed and the result of the game.
3.1.6.    Transfer data: IBAN of the bank account or the 4 final digits of the card number, the amount of the transfer or card payment, the place and time of the transaction.
3.1.7.    Marketing and communication data: e-mail and/or mobile phone number, language of communication, product/service preference, consent to direct marketing, message content, date and time of message.
3.1.8.    Visual data: visual image of the person, name of the gaming venue, camera number, date and time.
3.1.9.    Website visit data: IP address (including location based on IP address), Internet service provider, referrer URL, date, time, access token, session key, web browser type and version, operating system, amount and status of data transmitted, MAC address;
3.1.10.     Cookie data: OEG uses cookies on its websites to optimise the websites and their functions. Cookies may collect personal data. For more information, please consult OLYBET’s Cookie Policy
3.2.    OEG does not process special categories of personal data related to the customer (data concerning racial or ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic data and biometric data).
3.3.    OEG collects data related to the customer from the customer, publicly available sources, and third parties such as public authorities, national databases and Acuris Risk Intelligence LTD, an intermediary of a database concerning the verification of politically exposed persons and sanctions.
 

4.    Legal basis and purposes of the processing of personal data


4.1.    The legal bases for the processing of the customer’s personal data are: performance of legal obligations, performance of contractual obligations, the data subject’s consent and the legitimate interest of OEG.
4.2.    The following is a list of processing activities and their legal basis:
4.2.1.    For performance of legal obligations, we process: registration data, verification data, AML data, gambling data, visual data;
4.2.2.    For performance of contract we process: registration data, gambling data, transfer data, club rewards card data;
4.2.3.    Based on consent, we process marketing and communication data, cookie data;
4.2.4.    Based of legitimate interests, we process: club rewards card data, visual data, gambling data, cookie data, website visit data, registration data.
4.3.    The purposes of processing the customer’s personal data are: administering customer database, fulfilling the customer’s registration obligation, fulfilling the obligation of registering the customer’s financial transaction, providing contractual information to the customer, fulfilling the "know your customer" requirement, fulfilling the obligation to verify persons with child maintenance arrears, providing gambling services, building loyalty and providing added value, handling the customer’s self-exclusion application, marketing OEG services/products, collecting and handling customer feedback, determining the customer’s risk profile, expanding the customer base, building customer loyalty and providing added value through the club reward card, claiming damages, complying with the terms and conditions of use of the payment terminal, maintaining the poker leaderboard, managing OEG’s resources, service improvement, monitoring work processes and staff, ensuring safety in the gaming rooms, archiving OEG documents, handling whistleblowing reports.
4.4.    In the case of data processing carried out for the performance of legal or contractual obligations, the customer is obliged to provide such personal data. Failure to provide such data will prevent OEG from fulfilling its contractual or legal obligations and will limit the customer’s ability to use the services offered.
4.5.    Where OEG processes personal data on the basis of legitimate interest, it has assessed that its legitimate interest in processing personal data for certain purposes outweighs the interests and rights of the customer.
4.6.    Where the personal data is processed based on the customer’s consent, then this consent can be withdrawn by contacting the data protection officer, whose contact details can be found in clause 1.3, or by clicking at the unsubscribe link at the end of every marketing message.
 

5.    Profiling and automated decision-making


5.1.    Profiling is used in the following processes and is based on the following logic.
5.1.1.    Marketing the services/products offered by OEG and OlyBet, taking into account the volume of customer visits, services and games used.
5.1.2.    Determining the risk profile of the customer, taking into account the customer’s last 365 days of visits, game and payment statistics. On the basis of the risk profile, OEG may ask for proof of the customer’s income, failing which OEG has the right to restrict the customer’s access to the services offered.
5.2.    Automatic decisions are used in the following processes and based on the following logic.
5.2.1.    Generating weekly freeplay for the club reward card user, taking into account the customer’s game turnover of the last 30 days.
5.2.2.    Upgrading a customer to the Bronze and Silver tier owing to rewards points is based on the customer’s previous 6 months’ game turnover.
 

6.    Transmission of personal data


6.1.    In order to provide services and/or to fulfil its legal obligations, OEG uses partners as personal data processors, who process data based on and to the extent of the instructions given by OEG.
6.2.    When processing personal data, OEG will transfer your personal data to the following recipients: public authorities, courts, banks, auditors and legal advisors, insurance companies, analytics service providers, archiving service providers, information transmission and communication service providers, PEP and sanction verification database intermediaries, poker tournament management software providers, streaming service intermediaries, whistleblowing platform operators, database operators, sports integrity organisations and unions.
6.3.    If the OEG partner processing the data is located outside the European Union, the safeguards to be used for the transmission of personal data are: an adequate level of data protection in the recipient country in accordance with the European Commission’s decision, or the use of standard contractual clauses for data protection developed by the European Commission in the cooperation agreement (click on the relevant link for more information).
6.4.    The joint controller of customer data is the OlyBet gaming environment operator OB Holding 1 OÜ (address Pronksi 19, Tallinn 10124, Estonia, +3726671250, estonia@oc.eu), which is part of the same group as OEG, with whom OEG processes customer data for the purpose of organising joint-campaigns, marketing services/products, sending communications (including direct marketing regarding Olympic Casino and OlyBet, depending on consent), sharing data between joint controllers for the joint management and provision of loyalty programs determining the customer’s risk profile and managing OEG’s resources. The parties have entered into an agreement to this effect, which allows the parties to share the personal data to achieve the purposes contained in this Privacy Notice.
6.5.    The processor of customer data is the OEG’s subsidiary Kungla Investeeringu Osaühing (address Pronksi 19, Tallinn 10124, Estonia, +3726671250, estonia@oc.eu), with whom OEG processes customer data for the purpose of providing bar services.
 

7.    Time limits for the retention of personal data


7.1.    The personal data of a customer is retained until the purposes of the processing have been fulfilled or until the obligations arising from the legislation have been fulfilled.
7.2.    To comply with gambling, AML as well as accounting legislation, OEG must retain registration, identification, AML and gaming data for at least 5 years after the last visit of the customer. Generally, after 5 years, the customer’s personal data will be deleted, but the non-personalised gaming data will remain. If the personal data is not deleted after 5 years from the last visit, then OEG has assessed that it has a legitimate interest in retaining all or part of the data, in which case OEG will not retain the relevant data for longer than OEG needs to fulfil its legitimate purposes. Data about deposits and withdrawals shall be kept for for a period of 7 years starting from the end of the financial year when the data was collected after which it will be deleted.
7.3.    Video surveillance recordings shall be retained for a minimum of 14 days but not more than 30 days.
 

8.    Video surveillance


8.1.    OEG uses video surveillance for security purposes in its offices, casinos and gaming venues. The entrance area of the offices, the entire customer zone, the cash desk, the bar and the area in front of the front door of the gaming venues are monitored by video surveillance systems.
8.2.    OEG uses video surveillance to fulfil its legal obligations to ensure the safety of visitors, employees and property, to detect and prevent illegal activities and to protect OEG’s legal claims.
8.3.    The CCTV images and recordings will only be viewed by OEG’s surveillance staff. If requested by law enforcement authorities, the recordings will also be transmitted to them.
 

Charming Las Vegas will open its doors to you right here in Estonia!

It is a privilege to be a first-time visitor because on your first four visits you will be greeted to Olympic Casino with a welcoming drink and free starting money.
Read more

Olympic Club Cards

The Olympic Casino club card is much more than just a regular loyalty card. As a holder of our club card, you can enjoy splendid benefits and special offers both at our bars and within various campaigns. In addition to this, you can earn MONEY with our card.
Read more

Olympic newsletter

Follow our latest news & get the best offers.

By submiting the form you agree to receive communications from Olympic Entertainment Group.