Statement

Last updated: May 2018

Our customers’ privacy is important to us and we want to be clear and open about what we use your personal information for. This privacy notice explains what personal data we collect from you through our interactions with you and your use of our products and services, and also how and why we use that data.

We offer a variety of services to our customers and this policy covers our interactions with you in relation to all of these services.

There is a significant amount of information in this privacy notice and we recognise that you may not wish to review all of it at any one time. We have therefore highlighted specific sections which we believe that it is most important you are made aware of, including information about your rights, when and how we may share your personal data and how you can control what marketing you receive.

 


Who is responsible for the collection of your data

Any references in this notice to “Sunborn”, “Casino”, “we”, “us” or “our” in this privacy notice are references to all of “Casinosunborn.com”

  • Sunborn Casino (Gibraltar) Ltd. Leisure Island, 35, Ocean Village Promenade, Ocean Village, Gibraltar GX11 1AA.
  • The above company is registered with the Gibraltar ETB licensing office.

 


When we collect personal data

We collect your personal data to enable us to provide you with our services and to give you information about products and services that might be of interest to you.

The majority of the personal data that we collect is provided by you directly when you register to use our services when you visit our premises, and when you interact with us by other means. We will also collect other data by recording if at the time that you use our services. We outline what this data is and why we collect it later on in this notice.

You have a choice about what personal data we collect about you. When you are asked to provide personal data you may decline. However, if you refuse to provide the data that we require, we may not be able to provide you with all of our services.

 


Obtaining data from third parties

To ensure that we comply with our legal and regulatory obligations and enable us to provide you with our services, we may obtain data from third parties. We will protect this data in the same way that we protect the data that you provide to us directly and in line with any other requirements we are placed under either by the source of the data (where there is a contractual obligation to do so) or if we are required to by law.

We will only ever obtain our information from sources that are reputable and we will ensure that the data we are being provided with has been obtained lawfully, for example by the third party having secured your consent to share this data with us.

 


Our legal basis for processing your personal data

Our legal basis for processing your personal data will vary depending upon the services that we provide you with. Our main legal bases for processing your personal data are one or more of the following:

If you have given your consent to the processing of your data for one or more specific purposes. In the main, we will only process your Special Category personal data if you have given us your consent to do so.

  • Special Category personal data consists of data about your race; ethnic origin; politics; religion; trade union membership; genetics; biometrics; health; sex life; or sexual orientation.
  • We will ensure that we have asked for and received your explicit consent to us processing this type of data at the time that we collect it (or as soon as is possible if it is passed to us from a third party). We will explain to you why we collect this data and how long it will be retained at the time that it is collected.
  • Our processing of your Special Category personal data will be rare. An example will be when you use our spa services and are required to complete a medical questionnaire.
  • Our processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to your entering into a contract with us.
  • We process your data under this condition when you enter into a gambling or other service provision contract with us (i.e. if you were to request a private “Fun Casino Event” from us). We require the data that we process under this condition to enable us to complete our obligations under that contract with you, for example to:
    • Confirm your identity;
    • Make payment to you/receive payment from you;
    • Contact you in order to confirm services that you purchase from us.
  • Our processing is necessary for compliance with a legal obligation. On occasion, we may process your Special Category personal data under this condition.
  • We process your data under this condition as we are required to record certain information that you provide to us by law. This can be for:
    • Prevention of money laundering and combating the financing of terrorism.
    • Compliance with law enforcement, court and regulatory obligations.
  • Our processing is necessary for the purpose of our legitimate business interests.
  • Legitimate Interests refers to the interests of Casino Sunborn (Gibraltar) Ltd. in conducting and managing our business, to enable us to provide you with the best service and products, and the most secure experience. For example:
  • we have a legitimate interest in ensuring that our marketing is relevant to you, so we may process your information to ensure that we only send marketing to you that is relevant to your interests;
  • we have a legitimate interest in ensuring that we permit you to use our gambling products in a socially responsible manner so we may process your information to enable us to monitor your gambling activity.
  • When we process your information for our legitimate interests, we will make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws (DGPR 25th May 2018) against our interests. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise permitted by law).
  • You have the right to object to this form of processing if you wish. However, as we explain in the section ‘Our use of your personal data ’, certain activities are central to our business, therefore if you were to object to certain aspects of our processing we may still have to process some of your other personal data on one of the other grounds of processing set out above.
  • To submit an objection to this form of processing please click here

We outline our specific legal basis for processing the personal data we collect from you against our categorised use of such data here.

For more detailed information on your rights, please see the “Your Rights” section below.

 


Our use of your personal data

We use your personal data for a number of different reasons, some of which may not be immediately apparent to you, therefore we have explained in detail how we use your personal data HERE

 


Retention, storage and, protection of personal data

Retention

We will retain your personal data for as long as we need it in order to fulfil the purposes that are outlined in this Privacy Notice provided that we have a valid legal reason to do so. As these needs can vary depending upon the purpose of our processing the data, the length of time that we process the data can vary significantly.

In order to determine the length of time we will retain your data we consider the following factors:

  • How long is the data required to enable us to provide you with our services?
  • – For example: To maintain adequate business and financial records, to enable us to contact you in line with your preferences, to enable us to comply with lawful requirements.
  • Is the personal data we hold about you Special Category personal data?
  • – For example: Data about your race; ethnic origin; politics; religion; trade union membership; genetics; biometrics; health; sex life; or sexual orientation.
  • Are we subject to a legal, regulatory or contractual obligation to retain the data?
  • – For example: We are under an obligation under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 to keep a record of all customer due diligence records we have for a period of 5 years following the end of a business relationship. We are also obliged by the Gambling Commission to retain self-exclusion records to enable us to implement self-exclusion periods.

When we no longer need to retain your personal data we will always ensure that it is deleted securely by us and we will also require third parties with whom we have shared your personal data to have deleted it also.

In instances where we want to retain data for analysis purposes for a longer period than we are able to we will anonymise this data such that it can no longer be linked back to you. Where we do this the information will no longer be your personal data.

Please note that if you opt-out from the receipt of marketing from us, we may need to retain your contact information in order that we can ensure that you no longer receive such marketing.

 

Storage and protection of personal data

We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and also against accidental loss, destruction or damage. We use a variety of technologies to help to protect your personal data.

For example, we ensure that your personal data is stored on computer systems that have limited access and that are in secure controlled facilities, we ensure that appropriate protection is in place whenever we allow access to your personal data by third parties, and we ensure that your personal data is protected through encryption whenever it is transmitted.

  • We adhere to high security standards in order to protect any information you give us.
  • Any data you give us will be retained in a secure environment and access to it will be heavily restricted on a ‘need to know’ basis.
  • The primary storage location of your personal data will be in Gibraltar. However, as outlined in this Privacy Notice, we may in some instances disclose your personal data to third parties. Where we disclose your personal data to a third party, we require that third party to have appropriate technical and organisational measures in place to protect your personal data. In instances where we are required by law to disclose your personal data to third parties (for example to law enforcement agencies) we have limited control over how it is protected by that third party.

 


Your rights

Under the General Data Protection Regulation and the Data Protection Act 2018 you have a number of rights with regard to your personal data.

 

Your right to access the data we hold about you

  • You have the right to request from us access to your personal data along with confirmation as to whether your personal data are being processed and the purposes of such processing.
    • To submit a request for access to your personal data, please contact us at info@casinosunborn.com.
      • We will require that you provide us with proof of identity before we comply with such requests
      • We are also likely to ask you some additional questions to assist us in providing the information you are looking for.

 

Your right to have inaccuracies in your personal data corrected

  • You have the right to obtain from us the rectification of any inaccurate personal data that we hold.
    • Please note that it is possible for you to rectify any inaccurate personal data that we hold fairly quickly and easily by undertaking one of the following actions yourself:
      • Contacting customer services at info@casinosunborn.com
    • Alternatively you can call in and see us and submit a request for the same at the reception desk or with any member of our reception team.

 

Your right to erasure

  • You have the right to request that we erase your personal data in certain circumstances.
  • These circumstances are where:
    • our retention is no longer necessary in relation to the purposes for which they were collected;
    • if we are processing your data with your consent, you wish to withdraw that consent
    • if we are processing your data in our legitimate business interests and we have not demonstrated overriding legitimate grounds to continue to process your data in the event that you have objected to such processing (see below);
    • if your personal data have been unlawfully processed;
    • if we are required to erase your data in compliance with a legal obligation.
  • It is of note that, other than data collected exclusively through our preference centre (where no membership or commercial relationship exists alongside this) we do not process your data with your consent. Requests for erasure based on the withdrawal of consent alone outside these circumstances are unlikely to be complied with. We will delete your data when you opt-out of marketing if the only data we hold is within the preference centre.
  • We will not delete your personal data if we still have a valid fraud, anti-money laundering, legal or regulatory obligation to retain it, unless the courts or our regulators require us to do so.
  • If you wish to exercise this right, please contact us at info@casinosunborn.com

 

Your right to restrict our processing of your personal data

  • You have the right to require that we restrict our processing of your personal data in certain circumstances.
    • These circumstances are where:
      • you have contested the accuracy of your personal data (restriction for a period to enable us to verify the accuracy of the personal data);
      • our processing is unlawful and you oppose the erasure of your personal data;
      • we no longer need the personal data but you require it for the establishment, exercise or defence of a claim;
      • you have objected to our processing of the data, pending the verification whether our legitimate grounds override yours.
    • In instances where we have restricted our processing of your personal data, we will inform you when the restriction of such processing has been lifted.

 

Your right to data portability

  • If we are processing your data with your consent or because our processing is necessary for the performance of a contract to which you are a party and such processing in carried out by automated means, you have the right to receive your personal data from us in a commonly used and machine readable format and to transmit this data to another data controller.
    • If you wish to exercise this right, please contact us at info@casinosunborn.com
    • Please note that the information we will provide in response to a request under this right is limited to:
      • Personal contact details held
      • Gaming history records held or booking records held
      • Payments made or withdrawn.

 

Your right of objection to certain processing activities

  • If we are processing your data in our legitimate business interests you have the right to object to such processing on grounds relevant to your particular situation at any time.
    • In instances where you object we are obliged to cease our processing of your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
    • As we explain in the section ‘Our use of your personal data ’, the majority of the activities we undertake are central to our business so were you to object it will usually mean that you wish to terminate your membership. Even in this instance we may have to retain certain information for a longer period of time to ensure we comply with our legal and regulatory obligations or for anti-money laundering purposes.
    • You can object to our use of your data for direct marketing purposes by following the instructions in any marketing communication we send to you. Your personal data will no longer be used for such purposes.

We are obliged to comply with, or respond to, any requests you make to exercise your rights free of charge and within one month of receipt of the request.

  • We will require you to provide us with proof of identity before we comply with your requests and will not consider the request valid until this has been provided.
  • If we do not uphold your request we will explain why.
  • In certain circumstances we can extend the period within which we are obliged to comply by two further months. We will inform you of any such extension within one month.
  • If your request to exercise your rights is manifestly unfounded or excessive, in particular because of its repetitive character, we may either charge a fee taking into account our administrative costs of providing the information or refuse to act on the request.

 

Your right to complain to the regulator

  • You have the right to complain to the privacy regulator if you believe that we have infringed your privacy rights or disagree with a decision we have made about your privacy rights.
    • We are based in Gibraltar so our principal regulator is the Gaming Commission of Gibraltar.
      • You can contact the GGC at here.
      • You can find a list of national data protection authorities and their contact details here.