Information on the processing and protection of customers' personal data

In accordance with the EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") and in accordance with the Act No. 18/2018 of 29 November 2017 on the protection of personal data and on amendments and supplements to certain acts (hereinafter referred to as "the Act"):

 

CARD CASINO s. r. o., Ivanská cesta 26, 821 04 Bratislava, ID No.: 36 721 492, is an operator within the meaning of the Act (hereinafter referred to as the "Operator"), which processes personal data in connection with the operation of gambling games pursuant to Act No. 30/2019 Coll. on gambling, as amended, and the provision of services related thereto.

The controller will only collect personal data for specifically identified, explicitly stated and legitimate purposes and will not further process personal data in a way that is incompatible with those purposes.

I. Contact details for information on the processing of personal data:

If the customer or the data subject has any questions regarding the processing of personal data or would like to exercise any of his/her rights related to the processing of personal data by the controller, he/she may contact the following contacts with his/her requests:

e-mail: info@cardcasino.sk or in writing to the address of the operator: CARD CASINO s. r. o., Ivanská cesta 26, 821 04 Bratislava.

II. Information about the personal data of Data Subjects processed by the Controller.

The data subject shall be a natural person regardless of nationality or place of residence in relation to the personal data processed.

 

The Controller hereby fulfils its information obligation towards its customers and contractual partners (hereinafter referred to as "Data Subjects") regarding the processing of their personal data.

The Controller processes the following personal data of Data Subjects, with the stated purpose of use and on the basis of the stated legal basis for the processing of personal data:

IS Customers - gamblers

Purpose of processing: for the purpose of the operation of gambling games by the operator, payment of winnings, performance and control of contractual and legal obligations of the operator and the player related to the operation of gambling games.

For this purpose, the controller processes the following personal data: name, surname, title, permanent or other residence (street and number, postcode, city). nationality; date of birth, birth number, email, telephone contact, login name, passwords, monetary institution, bank account number (IBAN), copy/scan of identity document (type of document, validity and issue of document, document number), photo of face on document, signature, information about participation in the game, prize information, player card, logos, IP addresses, cookies, complaints, self-exclusion of the player, respectively. Player's entry in the exclusion register, whether the player is a politically exposed person.

Natural persons under the age of 18 and natural persons registered in the Exclusion Register are prohibited from entering the gaming room. Under the Gambling Act, the operator is obliged, inter alia, to use the Excluded Persons Register and to verify the identity of any natural person entering the gaming room, and is entitled to request the production of an identity card; if it finds that a natural person has entered the gaming room as referred to in the first sentence, it is obliged to exclude that person from the gaming room.

The operator is according to Act No. 297/2008 Coll. on protection against money laundering, as amended, is obliged, without the consent of the Data Subject, i.a. to identify the Data Subject, to verify his/her likeness with the likeness in his/her identity document in his/her physical presence and to keep all information about the bets received and winnings paid, information about the accounts of the Data Subject, including the obligation to keep copies, respectively. scans of official documents, or other documents that have been used to identify the Client and to fulfil the Operator's due diligence obligation (basic or enhanced) under the law in question.

Legal basis - the processing of personal data is necessary according to a special regulation (in particular according to Act No.30/2019Z.z. on gambling as amended, Act No. No. 394/2012 on the restriction of cash payments, tax regulations, Act No. 297/2008 Coll. on the protection against the legalization of proceeds of crime, as amended).

 

Processing period: for the duration of the contractual relationship and subsequently for 5 years after its termination.

 

IS Internet Casino

purpose of processing: for the purpose of the operation of gambling games by the operator, payment of winnings, performance and control of the contractual and legal obligations of the operator and the player related to the operation of gambling games, verification of age and identity, verification of the register of persons excluded from participation in gambling games.

scope of processed personal data: name, surname and title of the natural person, email address, telephone number, birth number, if assigned, or date of birth, if no birth number is assigned, bank account number (IBAN), data from the identity card / other document (e.g. Passport, driving licence) including a scan of the ID and other valid document (type of document, validity and issue of document, document number), photo of face on the document, permanent residence or residence permit, nationality, Facebook/Google+ login (country, email address and age), IP address, player's device details, information about participation in the game, player's self-exclusion or entry in the exclusion register, whether the player is a politically exposed person.

The operator is under the Act. 297/2008 Coll. on the protection against the legalization of proceeds of crime and on the protection against the financing of terrorism, as amended (hereinafter referred to as the "AML Act"), is obliged, without the consent of the Data Subject, i.a. identify the Concerned Person (when identifying the Concerned Person without his/her physical presence, use technical means and procedures that can verify the identification at a level that is similar to the verification in the physical presence in terms of the credibility of the verification result), keep all information about the bets received and winnings paid, information about the accounts of the Concerned Persons, including the obligation to keep copies, respectively. Scanning of official documents, or other documents that have been used to identify the client and to fulfil the operator's due diligence obligation (basic or enhanced) under the law in question.

The controller is obliged to process the data subject and other personal data under the AML Act whenever he/she deals with a politically exposed person or a person established in a country designated by the European Commission as high-risk, as well as when the data subject is not physically present for the purposes of identification and verification of identification.

For the purposes of performing this obligation, the Controller shall identify the Data Subject by means of additional documents, data or information (which the Controller is entitled to process even without the Data Subject's consent under the AML Law) and shall take other measures to verify or confirm the submitted documents under the AML Law.

Legal basis - fulfilment of the legal obligations of the controller - processing of personal data is necessary under a special regulation (in particular under Act No.30/2019Z.z. on gambling as amended, Act No. No. 394/2012 Coll. as amended on the restriction of cash payments, Act No. 394/2012 Coll. on the restriction of cash payments, Act No. 394/2012 Coll. 297/2008 Coll. on the protection against the legalization of proceeds of crime and on the protection against the financing of terrorism, as amended, tax regulations, etc.),

  performance of contractual obligations - the processing is necessary for the performance of a contract (game plan) to which the Data Subject is a party or to carry out pre-contractual measures at the request of the Data Subject.

 

Processing period: for the duration of the contractual relationship and subsequently for 5 years after its termination.

 

IS gamblers - participants in promotions, competitions, tournaments and loyalty schemes

purpose of processing: implementation of promotional events, competitions implemented by the operator, registration and participation of players in the loyalty systems of the operator.

 

The Operator has a number of legal obligations under applicable law (see Laws in the Legal Basis section below) relating to the Participation of the Concerned Person in gambling or his/her access to the gambling room. Pursuant to these legal obligations in connection with the obligation to identify and verify the player, the Controller processes the personal data listed below.

 

The processing of personal data by the operator also occurs in connection with the conclusion of a contractual relationship - the registration of the player in the loyalty system of the operator, or the issuance of a player card by the operator or the participation of the player in a competition, promotional event.

Participation in the loyalty system or competition can be withdrawn by the player at any time and the operator will cease to process the personal data of the player, which is processed in connection with the conclusion of the contractual relationship. This does not affect the lawfulness of the processing of personal data acquired prior to the withdrawal of the player's participation in the loyalty scheme or competition.

 

Scope of processing of personal data:

For this purpose, the controller processes the following personal data: first name, surname, title, permanent or other residence (street and number, postcode, city), nationality; date of birth, birth number, email, telephone contact, login name, passwords, name and link of Facebook profile, monetary institution, bank account number (IBAN), copy, respectively. scan of identity document (type of document, validity and issuance of the document, document number), photo of the face on the document, signature, dynamic biometric signature, information on participation in the game, player card and data on it (registration of points, various bonuses related to participation in the loyalty system), data on winnings, logs, IP addresses, cookies, complaints, self-exclusion of the player, or registration of the player in the register of excluded persons, the fact whether the player is a politically exposed person.

 

Loyalty system

When participating in the loyalty system, we also process the number of points or bonuses earned as a result of participating in the gambling game. We also send information to players about organised promotions, competitions, bonuses and news provided under the loyalty programme, also by electronic means, in particular by e-mail, telephone, SMS, MMS, Facebook account or application notifications.

 

You can withdraw your consent to participate in the loyalty program at any time. You may also withdraw your consent to receive information about news, promotions, contests, etc. at any time in accordance with applicable law. Withdrawal is only valid for the future and by withdrawing your consent we will no longer be entitled to process information under the loyalty program and your participation in the loyalty program will also cease.

 

Competition, tournament:

If you participate in or enter a competition or tournament (hereinafter referred to as "Competition"), the data controller processes the above personal data for the purpose of your participation in the Competition.  The competitions in which you participate may be interlinked and are provided as a comprehensive service based on the consent provided by you. The results of some competitions may be made available on the website and social networks used by the operator and its marketing partners (Facebook, YouTube, Instagram, etc.).

 

Legal basis -       the processing of personal data is necessary pursuant to a special regulation (in particular pursuant to Act No. 30/2019Z.z. on gambling as amended, Act No. No. 394/2012 Coll., as amended, on the restriction of cash payments, tax regulations),

the processing is necessary for the performance of a contract to which the Data Subject is a party or to carry out pre-contractual measures at the request of the Data Subject.

 

The legal basis for the purpose - processing of image and audio-visual records of the Data Subject and for sending information about the organization of competitions, events, tournaments and other events, or information relating to the loyalty program is the consent of the Data Subject - Article 6, paragraph 1. letter a) of the GDPR (see more in point E) of this document below).

The processing of the biometric signature is necessary for archiving purposes in the public interest within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) as well as for identification purposes pursuant to Act No. 298/2008 Coll. On the basis of the consent of the Data Subject.

Processing period: for the duration of the promotion, competition or player's participation in the loyalty system and subsequently for 5 years after its termination.

IS Register of excluded persons

Purpose of processing: to fulfil the legal obligations of the operator and to carry out the verification of the player in the register of excluded persons under the Gambling Act.

 

Individuals registered in the Exclusion Register are prohibited from entering the gaming room. Under the Gambling Act, the operator is obliged, inter alia, to use the Excluded Persons Register and to verify the identity of any natural person entering the gaming room, and is entitled to request the production of an identity card; if it finds that a natural person has entered the gaming room as referred to in the first sentence, it is obliged to exclude him/her from the gaming room.

 

For this purpose, the operator processes the following personal data: the player's registration in the register of excluded persons, name, surname, title, birth number, date of birth, date of registration of the natural person in the register of excluded persons, reason for registration of the natural person in the register of excluded persons, identification data of the player from the identity card.

 

Legal basis - the processing of personal data is necessary pursuant to a specific regulation (in particular the Gambling Act as amended).

 

Processing period: for the duration of the contractual relationship and subsequently for 5 years after its termination, unless otherwise provided for by specific legislation.

 

IS Marketing

purpose of processing: to determine customer satisfaction, to promote the operator and its products and activities, to send commercial notifications about the operator's offers and services, to send marketing notifications and notifications to customers - players registered in loyalty programs or marketing contests, to send information about the organization of contests, tournaments, social events.

 

Information is sent to Data Subjects on the basis of their consent, in particular by electronic means, in particular by e-mail, telephone, SMS, MMS messages, Facebook account or application notifications.

 

For this purpose, the controller processes the following personal data: first name, last name, nickname, email, telephone contact, Facebook account (or similar account on social networks), signature, dynamic biometric signature, consent to the processing of personal data, cookies, electronic communication, IP address.

 

The data subject may withdraw his/her consent to marketing outreach or to receiving information about news, promotions, competitions, etc. at any time.

 

Photos from organized events, competitions and tournaments

 

The operator or the operator's marketing partners also organise various competitions, tournaments, social events, which are usually attended by various public figures in addition to players (e.g. poker tournaments, corporate and marketing parties, etc.).

 

For the purpose of informing about these events as well as for the purpose of further presentation of the services and offers of the operator, image and audio-visual recordings may be made and processed by means of their acquisition, making, collection on personal data carriers (physical and data carriers), viewing, arranging, storing and publishing on the website and social networks used by the operator and its marketing partners (Facebook, YouTube, Instagram, etc.), in particular for the purpose of promoting the Operator, tournaments, competitions and other events held on the Operator's premises and for marketing and promotional purposes.

 

In the event that the Data Subject does not consent to the processing of visual and audio-visual records or withdraws this consent, he/she is not entitled to participate in competitions, tournaments and social events of the Operator.

 

The Company shall ensure that the following conditions are met when the Concerned Person gives consent

consent to the processing of personal data must be freely given, specific, informed and unambiguous.

the request for consent must be presented in a way that is clearly distinguishable from these other facts, in a comprehensible and easily accessible form and formulated in a clear and simple manner.

The data subject shall have the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal. The Data Subject must be informed of this fact before consent is given. Withdrawal of consent must be as simple as providing it.

Legal basis - Article 6(1)(a) GDPR - The data subject has consented to the processing of his or her personal data for at least one specific purpose.

Processing of the dynamic biometric signature necessary for archiving purposes in the public interest within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

Processing period: the controller processes the personal data of the Data Subjects only for the duration of the contractual relationship or until a maximum of 5 years after the consent has been given, at the latest until the Data Subject withdraws his/her consent (or notifies the controller of his/her opposition to the sending of commercial communications or objects to this method of processing personal data).

IS Tax and Accounting

purpose of processing: fulfilment of accounting and tax obligations under applicable legislation (in particular Act No. 222/2004 Coll. on value added tax, as amended, and for the purpose of fulfilling obligations under Act No. 461/2002 Coll. on accounting, as amended, etc.) and also levy obligations related to the operation of gambling games under applicable legislation.

 

For this purpose, the controller processes the following personal data: identification data (in particular, name, surname, title, residential address), information about the delivered services or product, monetary institution, bank account number (IBAN) and other payment data (data necessary for the performance of payment of delivered goods and services, as well as for the payment of taxes, fees, prizes, performance, etc.), other personal data strictly necessary for the defined purpose within the meaning of the applicable legislation.

 

Legal basis - according to Article 6(1)(c) GDPR - fulfillment of a legitimate reason.

 

Processing period: for 10 years following the year to which the accounting documents or records relate, or 10 years following the year in which the documents were last used.

 

 

IS Protection against money laundering

 

purpose of processing: performance of the legal obligations of the controller pursuant to Act No. 297/2008 Coll. as amended on protection against money laundering.

 

For this purpose, the operator is obliged to monitor player behaviour and unusual trades. The Controller is also obliged to verify that the Data Subject does not handle funds that are clearly not in line with his/her assets and income. The operator is required by the aforementioned law to verify the origin of the funds used to participate in the game of chance.

In the event that the operator identifies suspicious behaviour, it is obliged to discontinue participation in the gambling game, is entitled to discontinue the use of the player card or account, or to prevent the deposit or withdrawal of funds, as the case may be.

 

For this purpose, the controller processes the following personal data: identification data (in particular name, surname, title, residential address), nationality, date of birth, date of birth, birth number, email, telephone contact, monetary institution, bank account number (IBAN), login name, passwords, copy or scan of the identity document (type of document, validity and issue of the document, document number), photo of the face on the document, signature, dynamic biometric signature, information about participation in the game, winnings data, logs, IP addresses, cookies, information on participation in the game, whether the Data Subject is a politically exposed person, origin of the Client's funds, whether or not the Customer is a person against whom the Slovak Republic applies international sanctions under the Sanctions Act, data on the end user of the benefits, data on the trade/business transaction, other personal data strictly necessary for their processing for the defined purpose.

 

Legal basis - the processing of personal data is necessary pursuant to a specific regulation (in particular Act No. 297/2008 Coll. on the protection against the legalization of proceeds from crime and on the protection against the financing of terrorism, as amended).

 

Processing of the dynamic biometric signature necessary for archiving purposes in the public interest within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) as well as for identification purposes pursuant to Act No. 298/2008 Coll. on protection against money laundering, is based on the consent of the Data Subject.

 

Processing period: to be processed for a period of 5 years from the end of the contractual relationship or the execution of the transaction between the Data Subject and the Controller within the meaning of Act No. 297/2008 Coll. as amended, and for a longer period if requested by the financial intelligence unit.

 

 

IS SK PAY Cards

The operator cooperates with the company SKPAY, a. s., based in Nám. SNP 35, 811 01 Bratislava, ID No.: 46 552 723, registered in the Commercial Register of the District Court Bratislava I, Section: Sa, Insert No.: 5488B (hereinafter referred to as "SKPAY"), which issues prepaid cards for third parties. The Operator presents its clients - players with the possibility to conclude a contract on the issue of a SKPAY prepaid card via the website https://mojakarta.skpay.sk/auth/request-card.

 

purpose of processing - to enable the conclusion of a contract for the issue of a SKPAY prepaid card with SKPAY, which will be used to pay winnings from gambling games operated by the operator to the Concerned Person - player.

 

For this purpose, the Operator processes the following personal data of the Data Subjects - players:

name and surname, address

date of birth, birth number

phone number, email address

check for banned players - found: yes/no

black list - found: yes/no

Identity document (ID) data, including date of issue, expiry date, check for theft - found: yes/no,

Scan identity documents (ID),

client identification data within the meaning of Act No. 297/2008 Coll. as amended on protection against money laundering, in particular the origin of client funds + identification of PEP - found: yes/no, check of OFAC sanctions lists + World Compliance - found: yes/no,

details and confirmation of the winnings, including the amount of the winnings,

the details of the SKPAY card allocated with the variable symbol.

Legal basis - the processing of personal data is necessary according to a special regulation (in particular according to Act No.30/2019Z.z. on gambling as amended, Act No. 297/2008 Coll. as amended),

the processing is necessary for the performance of a contract to which the Data Subject is a party.

 

Processing period: to be processed for 5 years from the end of the contractual relationship or the execution of the transaction between the Data Subject and the Controller within the meaning of the Act. 297/2008 Coll. as amended.

 

The Controller provides the processed personal data of Data Subjects to third parties, including processors who are contractually entrusted with the processing of personal data. These persons have the legal status of recipients. SKPAY is also in the position of a processor that processes the personal data of the Data Subject.

 

 

 

 

IS Camera system

 

purpose of processing: protection of the rights and property of the operator, its employees as well as protection of the property and health of the operator's customers - monitoring of the gaming room and casino area - the operator's premises.

 

All of the operator's facilities are equipped with a closed-circuit camera security system. The operator shall inform persons entering the environment about the installed CCTV system by means of an information board: 'The premises are monitored by CCTV'.

 

For this purpose, the operator processes the following personal data: visual, audio and visual-sound recordings of the customer - gambling player and the operator's employees and other data if required by applicable law.

 

Legal basis - Article 6, paragraph 1, letter f) GDPR - the processing of personal data is necessary for the purpose of the legitimate interests of the controller or a third party.

 

The monitored area shall be clearly marked by the operator.

 

Duration of processing: only for the purpose and for the period of time prescribed by law, i.e. the record made may only be used for the purposes of criminal or misdemeanour proceedings, unless a special law provides otherwise. The controller must destroy the record which is not used for the purposes of criminal or offence proceedings within 15 days of the day following the day on which the record was made, unless a special law provides otherwise.

 

 

IS Payroll and HR

 

purpose of processing: personnel and payroll records and fulfilment of legal obligations related to the personnel and payroll agenda of the operator.

 

For this purpose, the controller processes the following personal data: personal data of employees - first name, surname, maiden name, title, address of permanent and temporary residence (street and number, postcode, city), date of birth, nationality, citizenship, birth number, bank account number (IBAN), name of health insurance company, supplementary pension savings fund, number of OP, marital status, email, telephone contact, highest completed education, basic salary, personal evaluation, sick leave, leave, doctor, entitlement to pension, changed work, workplace, workplace, workplace, workplace, workplace, workplace, workplace, workplace. ability, information on whether the employee has been registered at the employment office, information on the employee's financial obligations to 3rd parties, information on pending executions, criminal proceedings, prohibition of the employee's activity and other data if required by the applicable law.

 

The operator also processes information on whether the employee or job applicant is on the Excluded Persons Register, or whether he/she is one of the persons excluded from participation in gambling within the meaning of the Gambling Act.

 

Personal data of employees' family members - names, surnames, addresses and birth numbers of family members, a copy of the birth certificate of the employee's child, ...

Personal data of job applicants (name, surname, title, education, work experience, email, telephone contact, marital status, whether the job applicant is on the register of excluded persons, or whether he/she is excluded from participation in gambling under the Gambling Act).

 

Legal basis - Article 6, paragraph 1. letter c) GDPR - the processing of personal data is necessary pursuant to a special regulation (in particular Act No. 311/2001 Coll., the Labour Code, Act No. No. 171/2005 Coll., Act No. 595/2003 Coll. on Income Tax as amended, Act on Social Insurance, Act on Health Insurance, etc.).

 

Processing period: for the duration of the contractual relationship and subsequently for 10 years after its termination, unless otherwise provided for by a specific law.

 

J) IS Customers - purchase and sale contracts and other commercial and contractual relations concluded with the operator

 

Purpose of processing: concluding contractual relations with business partners, issuing tax documents in connection with the concluded contractual relations, resolving claims and liability relations.

 

For this purpose, the controller processes the following personal data: name, surname, title, function, e-mail, telephone contact, information about the services or product delivered, monetary institution, bank account number (IBAN) and other payment data, or other personal data strictly necessary for the defined purpose within the meaning of the applicable legislation.

 

Legal basis - the processing of personal data is necessary according to a specific regulation (in particular the Commercial Code),

- Article 6(1)(b) GDPR, the processing is necessary for the performance of a contract to which the Data Subject is a party.

 

Processing period: for the duration of the contractual relationship and subsequently for 5 years after its termination.

 

III. Ensuring the protection of processed data

The controller undertakes to put in place, prior to the processing of personal data and during the processing of personal data, specifically designed data protection measures consisting of the adoption of appropriate technical and organisational measures, for example also in the form of pseudonymisation, to effectively implement adequate safeguards for the protection of personal data and compliance with the GDPR.

The controller undertakes to take into account the state of the art in the protection of personal data, the cost of implementing the measures, the nature, scope, context and purpose of the processing of personal data and the risks of processing personal data of varying likelihood and severity that the processing of personal data poses to the rights of the Data Subject when specifically designing the protection of personal data.

The controller undertakes to implement standard personal data protection, which consists in the adoption of appropriate technical and organisational measures to ensure that personal data are processed only for a specific purpose, minimising the amount of personal data collected and the scope of their processing, the retention period and the availability of personal data.

 

The servers and the handling of the gaming and financial data contained therein comply with the technical requirements for an information security management system, which are set out in the technical standard STN ISO/IEC 27001: 2014 Information technology - Security techniques - Information security management systems - Requirements.

 

The operator has a server located in a data centre, which is designed for the location of information and communication technology in continuous operation and ensures stable operation of the server without environmental influences. The physical security of the server is ensured by providing protection at the level of the building in which the data centre is located.

The operator ensures that unauthorised access to the data centre is prevented and the server is secured against damage, theft or misuse of the server or interruption of its operation.

 

To ensure physical security, we use mechanical barriers, electrical safety signalling devices, fire prevention devices, fire prevention devices, fire prevention devices, access control systems, CCTV systems, devices to ensure protection against power supply failure and devices to ensure optimum operating conditions.

Data transfer from the administration interface is done via https protocol.  The data itself is encrypted on the server.

IV. Categories of recipients of personal data

The Data Controller provides and shares personal data of Data Subjects mainly with the following categories of recipients:

Intermediaries: these are persons through whom the controller carries out specified activities in the course of its business (e.g. agents acting for the controller as principal or other suppliers of the controller);

 an accounting service provider that manages the operator's accounting, payroll and personnel agenda;

legal service provider;

delivery service provider;

the audit firm carrying out the audit for the operator;

provider of IT systems and related services

Banks;

tax office;

court, bailiff and law enforcement authorities;

The Ministry of Finance of the Slovak Republic, the Office for Gambling Regulation and other public authorities, if required by specific legislation.

V. Cookies 

When using the website of the operator, the processing of personal data of the visitor of the website may occur through the use of cookies.

Cookies are small text files that we use mainly for the purpose of securing the operation of websites and also to measure their traffic. They improve the use of the website by, for example, enabling recognition of previous visitors when logging in to the user environment, remembering the visitor's choice when opening a new window, measuring website traffic or how the website is used. You can prevent the storage of these files on your device at any time by adjusting your web browser settings. However, by blocking cookies, you may limit the functionality of some websites (especially if a login is required). Your browser settings are deemed to be your consent to the use of cookies on our website within the meaning of Section 55 (5) of the Electronic Communications Act. Consent to the use of cookies is not required within the meaning of that provision for"...the technical storage of or access to data, the sole purpose of which is to transmit or facilitate the transmission of a message over a network."

 

VI. Transfer of personal data to a third country

The Data Controller will not transfer the personal data of the Data Subjects to third countries (outside the European Union) or to an international organisation.

 

VII. Rights of the Data Subject in relation to the protection and processing of personal data

a) the right of the Data Subject to access to personal data, 

(b) the right to request confirmation as to whether or not personal data about the Data Subject is being processed,

(c) the right to rectification of personal data,

(d) the right to erasure of personal data,

(e) the right to restrict the processing of personal data,

(f) the right to object to the processing of personal data,

(g) the right to data portability,

h) the right to request a list of the Data Subject's personal data that are subject to processing,

(i) the right to have personal data completed, blocked,

(j) the right to institute proceedings under section 100 of the Act.

 

The data subject may at any time withdraw his or her consent to the processing of personal data and has the right to request their destruction in accordance with the Act, based on a written request sent to the controller at the contact specified in point I. of this document. The data subject may withdraw consent in a manner similar to that in which he or she gave it.

 

The Data Subject acknowledges that the Controller shall immediately terminate the processing of his/her personal data which he/she has processed on the basis of the Data Subject's consent and shall also properly dispose of such personal data. However, if there is another purpose for the processing of the Data Subject's personal data which is based on a legal basis other than the Data Subject's consent, e.g. pursuant to Article 6(1)(c) GDPR - fulfilment of a legitimate interest, the Controller must continue to process the personal data after the Data Subject's consent has been withdrawn.

 

The data subject may withdraw consent at any time and request their disposal in accordance with the law, based on a written request sent to the email of the operator: info@cardcasino.sk or to the address of the operator: CARD CASINO s.r.o., Ivanská cesta 26, 821 04 Bratislava.

 

The data subject may inform the controller whether the provision of personal data is a legal or contractual requirement or a requirement necessary for the conclusion of a contract, whether the data subject is obliged to provide personal data, as well as the possible consequences of the failure to provide such data.

 

With regard to the nature, scope and purpose of the processing of personal data by the controller, the controller declares that it has taken appropriate technical and organisational measures to ensure and demonstrate that the processing of personal data is carried out in accordance with the GDPR and the Act.

VIII. Validity of information

This Information on the processing and protection of customers' personal data may be periodically updated by the controller. Changes to the terms and conditions of processing and protection of personal data are published on the Internet in the section "Privacy Policy" by updating this information.

 

This information was updated on 1.1.2023.

 

The current version of this information is published on the website of the operator www.cardcasino.sk.