Privacy

PRIVACY POLICY

The following Privacy Policy explains the processing of personal data of visitors that access and browse the web site www.gccb.com (hereinafter the “Website”).

 

PROCESSING OF DATA DERIVED FROM ACCESS AND USE OF THE WEBSITE

 

What type of data do we collect in the website?

Visiting the website and browsing through its different sections does not require you to provide any personal information or to register as a user.

 

The website has a registration form that you should complete to subscribe to the tournaments that are organized by GRAN CASINO COSTA BRAVA, S.L. When you use this means of communicating with us, or send us an email to any of the email addresses provided in the website, we collect and store your name and contact information (email address, telephone, address, etc.).

 

We use cookies that store information of the visitors to the website, as explained in our Cookie Policy [Link] and in the notice that you’ll find in the [top/bottom/right/left] section of our home page.

Who is responsible of the data collected?

GRAN CASINO COSTA BRAVA, S.L. (“GCCB”), with registered address in 298 Carretera de Castellar, 08226 Terrassa, Barcelona, is responsible of the personal data collected on the website

 

What do we use personal data for?

We use the data provided through the contact form or email with the purpose of handling your request. This means that we can contact you to the number or email address you provided to process your request.

 

Who do we share data with?

The different departments of GCCB implied in the processing of your request can access the personal data provided.

Furthermore, GCCB hires external service providers to carry out certain tasks (for example, customer support, technical maintenance of the website, etc). These service providers might change with time, but GCCB guarantees privacy and confidentiality of personal data through the signing of agreements, among other means, which comply with the appropriate security measures and personal data processing instructions.

 

How long do we keep your personal data?

Your personal data is stored for a period of 5 years.

Personal data of prize winners are stored for a period of 10 years, in compliance with the internal regulations for anti-money laundering.

DATA PROCESSING OF TOURNAMENT PARTICIPANTS

This privacy policy paragraph describes the treatment that GRAN CASINO COSTA BRAVA, S.L. does with data of people registered in the tournaments that it organizes (hereinafter, the “Tournament”).

The participation in each Tournament implies the acceptance of the rules of operation. The entrance to GRAN CASINO COSTA BRAVA and, in its case, the payment of prizes, shall require the collection of further personal data than that requested in the registration form, and you will be informed where applicable through additional documents (for example, video surveillance signs in the entrance to the facilities, visitor privacy policy available in the reception area, etc.).

It is mandatory to provide real and accurate information in the registration form. They will be checked for accuracy (your age in particular).

What data should you provide to participate in the tournament and with what purpose will they be processed?

To participate in the Tournament, you must complete the registration form stating the following:

Identification data: name, surnames and ID number. This information is strictly necessary to process your registration in the Tournament.

Other personal data. We ask that you provide your date of birth to verify that you are of legal age, as well as your nationality, given that this information is needed to comply with our internal regulations for anti-money laundering.

Contact details. You will be requested to provide a contact email address and/or a telephone number in order to send you operational communications (registration confirmation, times, etc.).

The data mentioned above is collected and used with the purpose of managing your participation in the Tournament. Additionally, your image/voice will be used with the proper authorization, for promotional purposes of the activities of GRAN CASINO COSTA BRAVA, S.L.

Given the limitations imposed by the Gaming regulations, your personal data shall not be used for marketing or publicity purposes, for example, to send comercial communications by electronic means. For this reason, we do not request your agreement or authorization for this particular purpose.

 

Who is responsible of for the personal data processing?

The entity responsible for the personal data processing is GRAN CASINO COSTA BRAVA, S.L. (hereinafter, the “Casino”), with VAT number B64105422 and registered address in 298 Carretera de Castellar, 08226 Terrassa, Barcelona.

 

Who can access your data?

Your data will be accessed by the staff of GRAN CASINO COSTA BRAVA and its external collaborators who are in charge of assisting the participants of the Tournament and its organization.

Following your authorization, your image and/or voice can be used in the Casino website, in social media, magazines in digital or paper versions and other means of communication, and therefore made available to the general public, granted you have authorized us to do so.

Which is the legal frame that allows the processing of your personal data?

Your data is processed based on the following criteria:

  • Your freely given consent when registering to the Tournament and the existence of a legal binding with GRAN CASINO COSTA BRAVA, derived from your acceptance to the corresponding operating regulations.
  • The legitimate interest of GRAN CASINO COSTA BRAVA to comply with the internal regulations of anti-money laundering.

DATA PROCESSING REGARDING THE ETHICAL CHANNEL

The website has a specific section called “Ethical Channel”, where you can read the Ethical Channel of Conei Corporación Group, to which GRAN CASINO COSTA BRAVA, S.L. belongs, and file a claim or allegation by filling in the corresponding form.

The use of this reporting system requires previous registration of the user for security reasons.

Below is described the processing that is done with any personal data collected through the reporting system (from whistleblowers as well as the people referred to in the claim text).

 

Who is responsible of the data collected? Who can access this data?

The responsible entity for your personal data processing is the company of Cirsa Gaming Corporation with who you lodge the complaint, which you choose in the drop-down menu when you fill in the form (we refer to these companies jointly as “CIRSA”).

The compliance systems of the different companies in the Group, among which is GRAN CASINO COSTA BRAVA, S.L., are managed in the capacity of data processing, by CIRSA GAMING CORPORATION, which also has its own Compliance System for which its responsible for the treatment.

On the other hand, the entity 115INNOVA24H, S.L. manages the technical platform used to lodge complaints online, also in the capacity of managing the data treatment.

All complaints are examined by the Compliance Committee, which has been created for this purpose, and is treated with the utmost confidentiality. Only in exceptional circumstances will personal data be communicated to third parties (for example, once the investigation is done there is evidence that a crime has been committed, and for this reason, state security forces and bodies must be informed about this circumstance).

Any company of Conei Corporacion Group may be contacted at the following postal address:  298 Carretera de Castellar, 08226 Terrassa, Barcelona.

 

What type of data is collected?

Identification data. Data included in the claims of allegations that are presented.

Information regarding the alleged acts. The acts made known to CIRSA may contain information about a breach to the Ethical Code, possible wrongdoing and, in general, inappropriate conduct that is linked to a person. In this sense, the whistleblower is responsible for the accuracy and authenticity of the information in the claim.

 

What is the purpose of data processing?

Personal data provided will be used with the purpose of evaluating, analyzing and replying to the complaint submitted, and in its case, carry out the corresponding actions by CIRSA.

 

Legitimacy of data processing

Data is processed according to the following legal foundations:

  1. If you complete the registration form and decide to file a complaint with your name and surname, we understand that we have your consent to process this data.
  2. We process personal data regarding third parties (for example, whistleblowers) with the understanding that there is a legitimate interest to investigate claims and allegations that affect us and that are interposed by means of our Compliance System. Likewise, we consider that our legitimate interest enables us to act upon unlawful or inappropriate conducts, and the non-compliance of our policies. We guarantee absolute confidentiality in the treatment of the complaints, which will be investigated with precision and professionalism.
  3. If you are an employee of any Company of Cirsa Gaming Corporation, they can process your data by virtue of the contractual relation that you maintain with them to veil for the adequate Compliance of its internal rules and Ethical Code.

How long is data stored for?  

Unless the Company of Cirsa Gaming Corporation decides that it has the legal obligation to keep them, personal data regarding claims that are inadmissible, and therefore will not be investigated, will be eliminated immediately.

Personal data regarding admitted claims that end due to the reported circumstances not being proven shall be eliminated in a maximum period of three months from the closing of the case.

However, personal data collected during the investigation of claims that lead to the imposition of penalties or disciplinary actions will be kept, duly blocked, for a period of ten years from the closing of the case.

EXERCISE OF RIGHTS AND CONTACT WITH THE DATA PROTECTION RESPONSIBLE

Your rights

According to the data protection current regulations, you can exercise different rights with GRAN CASINO COSTA BRAVA, S.L.:

  • Request to have access to your data file and obtain a copy.
  • Request that your data is rectified and/or deleted in some cases.
  • Oppose to the creation of a personalized profile.
  • Request limitations to the processing of your data.
  • Request portability of the data you provided.

Furthermore, you have the possibility to file a complaint to the person Responsible for Data Protection (email: protecciondedatos@cirsa.com).

In case you consider that the processing of your personal data fails to comply with current regulations, you can file a complaint to the Spanish Agency of Data Protection.

To exercise your rights, you can contact us by any of these means:

  • Send us a letter by post to the following address: 298 Carretera de Castellar, 08226 Terrassa, Barcelona.
  • Send us an email: protecciondedatos@cirsa.com