On 21 May 2018, Adria Casino d.o.o. of Dubečka 1, Zagreb, PIN: 90180501899, issues these
Adria Casino d.o.o. of Dubečka 1, Zagreb, PIN: 90180501899 (hereinafter referred to as Adria Casino d.o.o.) is particularly committed to protecting personal data and privacy (hereinafter referred to as privacy protection) of its customers, suppliers, employees and other parties it may come in contact with (hereinafter referred to as customers) in accordance with the applicable legislation and best European practices. Protecting our customers’ privacy is an integral part of our services and how we conduct our business.
These Privacy Rules are intended to provide clear information about the processing and protection of personal data processed by Adria Casino d.o.o. and allow our customers to easily monitor and manage their personal data and consents.
These Privacy Rules apply as of 25 May 2018 and describe which personal data Adria Casino d.o.o. collects, how it processes them and for which purposes it uses them, for how long and how it retains them, as well as customers’ rights associated with their personal data.
Personal data controller: ADRIA CASINO d.o.o., Dubečka 1, Zagreb, PIN: 90180501899; e mail: firstname.lastname@example.org, 01/2922 390
Data Protection Officer: e-mail: email@example.com; phone: 01/2922 390
These Privacy Rules apply to all personal data collected, used or otherwise processed by Adria Casino d.o.o., directly or through its partners. Personal data is any data relating to a natural person identified or directly or indirectly identifiable.
Data processing is any action taken on personal data, for example their collecting, recording, storing, using, transferring, viewing, etc.
Adria Casino d.o.o. is the controller in relation to its customers’ personal data within the meaning of the applicable personal data protection legislation.
These Privacy Rules pertain to all natural persons coming in contact with Adria Casino d.o.o. in any capacity (employees, gaming club guests, suppliers…).
Adria Casino d.o.o. intends to be fully transparent and clear with respect to the processing of its customers’ personal data, which is the purpose of these Privacy Rules, and maintain with its customers a relationship based on trust.
Adria Casino d.o.o. acts in compliance with the applicable law when processing personal data.
Adria Casino d.o.o. only collects and processes personal data for specific and legitimate purposes and further processes them to meet the purpose they are collected for.
We always use only such customer data that are appropriate and necessary to fulfill a specific legitimate purpose and no other data.
Personal data are processed in a secure manner, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage (access to personal data is only allowed to authorized persons on a need-to-know basis, exclusive of any other employees).
We treat personal data we process as highly important. Personal data we process must be accurate, complete and up to date, so it is important that customers notify us of any change to their data immediately or as soon as possible. Adria Casino d.o.o. is and may not be responsible for any data provided to it by its customers that they later change without notifying it.
We only collect, store and process personal data for as long as this is necessary to fulfill a legitimate purpose, i.e. for as long as we are required to under the applicable legislation (operating documents are retained permanently, video recordings within a gaming club as a monetary institution are retained for 168 hours, etc.).
Adria Casino d.o.o. primarily collects personal data directly from its customers (future employees, gaming club customers, etc.). We also collect data via online portals – Moj posao, Posao.hr.
Any collection of personal data is conditional upon the existence of relevant legitimate interest.
Adria Casino d.o.o. only collects personal data based on legitimate interest, which is either lawful grounds or customer consent. The requests we use to collect data indicate the exact purpose they are collected for and where and for how long they are stored.
For the purpose of performing or if intending to enter into a contract, business negotiations and the like Adria Casino d.o.o. may collect the following personal data:
These data are retained for the period defined by a specific law depending on the type of the contract, such period being necessary to perform the contract, and are erased thereafter. In case a customer refuses to provide any requested data necessary to perform a contract, Adria Casino d.o.o. reserves the right to refuse to establish a business relationship with such customer.
In its gaming clubs, Adria Casino d.o.o. uses alternative methods of monetary institution protection and implements, pursuant to the Monetary Institutions Protection Act (Official Gazette No 56/15), all gaming club protection measures in accordance with the Project Documentation prepared by ADC – Alarmni Dojavni Centar, Letovanička 22, Zagreb, separately for each gaming club. Each gaming club has an installed video surveillance system within and outside the facility, which stores video recordings in digital format. The communication between the controller and ADC is conducted via a controlled and secure line. Access to the server and the monitor designed for viewing video surveillance is only allowed to authorized persons appointed by the controller. Video surveillance recordings are retained in accordance with the Monetary Institutions Protection Act.
Based on our obligation to conduct customer due diligence before establishing a business relationship, we are, pursuant to the Anti-Money Laundering and Terrorist Financing Act (Official Gazette No 108/2017), required to collect the following personal data:
Such data are retained for 10 years following the termination date of the business relationship, which period is defined by the Anti-Money Laundering and Terrorist Financing Act.
Adria Casino d.o.o. only collects data it uses for marketing purposes, such as creating a database in its CRM application which customers use to obtain various benefits, on the basis of consent given by the individual whose data are being collected.
If it becomes necessary to collect other personal data or if new legitimate interest arises based on which Adria Casino d.o.o. should collect personal data, it shall supplement these Privacy Rules and publish them on its website.
When downloading content from Senator Hit the Jackpot application ( voucher ), it is necessary to enter personal information: Nickname, personal name, surname, date of birth and number of ID. By entering personal information and downloading vouchers you are giving us your approval for collecting and processing your personal data.
Personal data that we have collected via Senator Hit the Jackpot application will be used only for marketing purposes, for measuring the success of promotions, and all personal data will be treated in accordance with General data protection regulation EU (2016/679)
Data are processed in a fair and lawful manner, to the extent necessary. Adria Casino d.o.o. collects and processes personal data of its business partners, customers and the like for the purpose of entering into and performing a business cooperation contract, in cases defined by law, and subject to customer consent, exclusively for the purpose such consent is given for.
Customer consent is customer’s voluntary, specific, informed and unambiguous expression of desire whereby a customer makes a clear statement or takes a confirmatory action to indicate his agreement to the processing of his personal data for specific purposes (e.g. a specific promotion).
The customer may manage his expressions of his intentions and his consents based on his needs and interests, so he may deny his consent at any time, easily and free of charge, personally within the business unit where he gave his consent or by an e-mail sent to the address dedicated to data protection.
Adria Casino d.o.o. notifies its customers that it has a photographer who takes photographs of each promotion event, birthday party, etc. within each gaming club and that they may tell the gaming club manager directly if they prefer not to be photographed and posted on the official website and official Facebook profile. If a customer fails to tell the gaming club manager that he prefers not to be photographed, he may contact our Data Protection Officer at firstname.lastname@example.org and such photograph shall be removed as soon as practicable.
The required technical measures and procedures have been undertaken and access to personal data is controlled and only allowed to authorized persons in accordance with the Personal Data Protection Act. The latest security procedures are used for data collection and processing, including servers, databases, backup, firewalls, encryption, surveillance systems and physical and software-based access control to provide protection against loss or abuse of personal data.
8.1. Physical security of data
8.2. Digital protection of data
Our security includes systems for the prevention of viruses and other malware, scripts and code parts, sending and receiving of such applications, etc.
Backup is performed on a regular basis on all systems relevant to business and where legally prescribed.
Computer access to any system is restricted in several ways. The security methods used include but are not limited to the restriction of access rights on the user account level and to allowing access to databases to authorized persons only. This helps protect our systems against unauthorized access, installation of unwanted applications, deliberate causing of data loss, etc.
As the personal data controller, Adria Casino d.o.o. has contracts in place with several processors that act in compliance with the Regulation and treat all personal data exactly as prescribed therein and defined by the contracts we have in place with them and the relevant annexes thereto.
The processors Adria Casino d.o.o. deals with are:
Adria Casino d.o.o. is required to forward all personal data it collects pursuant to the applicable legislation to the relevant authorities within the scope of their statutory activities (Ministry of Finance, Ministry of the Interior, Anti-Money Laundering and Terrorist Financing Office, etc.).
All data collected by Adria Casino d.o.o. are treated as confidential information and may only be disclosed in the cases provided for by the law.
Pursuant to the General Data Protection Regulation, each customer is allowed to:
1) request from the controller access to his personal data and to rectify or erase such personal data in accordance with the provisions of these Rules and the relevant statutory provisions;
2) request from the controller to restrict the processing of data relating to him as a subject in accordance with the provisions of these Rules and the relevant statutory provisions;
3) object to the processing of his personal data, including the use of personal data for direct marketing and automated decision-making purposes, including profiling, in accordance with the provisions of these Rules and the relevant statutory provisions;
4) request from the controller to transfer any personal data relating to him in accordance with the provisions of these Rules and the relevant statutory provisions; and
5) withdraw his consent to the processing of his personal data at any time.
Such withdrawal of customer’s consent shall not affect the lawfulness of the processing of his personal data collected based on his consent before its withdrawal.
In case a customer has any questions or complaints or wishes to submit a request or exercise his rights in connection with the protection of any personal data specified in the Regulation or in the preceding section, he may contact our Data Protection Officer or controller electronically at email@example.com or in writing at:
Adria Casino d.o.o., Dubečka 1, Zagreb.
You may at any time contact us and view, alter or modify/rectify such data in accordance with your rights under the applicable laws.
The customer may at any time submit a complaint to the personal data protection supervisory authority:
Personal Data Protection Agency
Martićeva ulica 14, 10000 ZAGREB