1. PURPOSE

Our company collects and processes the personal data of Casino customers and its affiliates, with full respect and emphasis on their protection. The purpose of this Policy is to define and formulate the general framework and basic principles applied by the Florina Casino Consortium (hereinafter referred to as “the Company”) with respect to the processing of personal data and to the principles of security, confidentiality, integrity. and data availability.

2. SCOPE

This Policy applies to all personal data that the Company processes in the course of its business.

3. PEOPLE RESPONSIBLE FOR THE POLICY IMPLEMENTATION

• Administration
• Data Protection Officer
• The competent Company’s staff
• All affiliates who process and / or have access to personal data

4. DESCRIPTION

4.1 In General

Our Company recognizes and respects the importance of the personal data it handles in the course of its activity, and for this reason it has fully adapted its policy to the requirements of the General Data Protection Regulation (hereinafter GDPR) 2016/679 / EU.
With this statement our Company wishes to:
• inform its clients in what capacity, for what purpose and on what legal basis it processes personal data, ie information that can directly or indirectly identify persons.
• specify the categories of data, the sources of data (when the data is not provided by the person himself) and the criteria for determining the time period that personal data are kept.
• to inform data subjects on how to contact our Company for any issue regarding the processing of their personal data, the ability to exercise their personal data rights of access, correction and, where appropriate, deletion, limitation and objection the processing, as well as to report any infringement of their personal data-related rights to the Personal Data Protection Authority.
• determine the principles that govern the Company’s compliance with the relevant privacy and security policies.
For any question, or if you wish to obtain a copy of this statement, or if you wish to exercise any of your personal data rights, you may contact our Data Protection Officer (DPO), Company Advanced Quality Services Ltd., and contact directly with Mr. Evangelos Michaloliakos at +30 2106216997 and at the email address aqs@aqs.gr.

4.2 Data Controller, Data Controller Representative and Data Protection Officer details

Data Controller:
Company Name: Casino Florina Consortium
Address: Florina, Lofos Agiou Panteleimonos P.C. 53100
Telephone +30 23850 40800,
Email alex@casinoflorinas.gr
Data Protection Officer (DPO):
Company Name: Advanced Quality Services Ltd.
Person Responsible: Evangelos Michaloliakos
Address: Agios Stefanos Attikis, Sarantaporou 1a kai Tirnavou, P.C. 14565
Telephone: 2106216997
Email: aqs@aqs.gr

4.3 Who collects personal data?

Our company is a licensed gaming provider, providing also hotel facilities and entertainment services. This privacy statement determines the collection of personal information by our Company in the course of its business, including its presence on third party sites, platforms and applications under our Terms of Use. It is noted that when you visit our Company Website we collect simple data related to your interaction with the site and the installation of cookies (see Cookie Policy). Third-party sites generally apply their own terms of confidentiality and their own terms and conditions. We invite you to read them before using these sites.

4.4 How is my personal data collected?

We may collect personal data from a variety of sources, namely:
• Personal data provided to our Company directly by data subjects, for one of the following reasons:
1. Information you provide to us when you register with the Casino.
2. Information you provide to us when you subscribe via our Website to our Casino Newsletter.
3. Information you give us when you participate in various promotional activities (sweepstakes, contests, etc.)
4. Information you provide to us when contacting us or making a request.
5. Information you generally give us when concluding or executing a contractual relationship between us.
• We also receive personal information indirectly in the following instances:
1. Information we collect during the operation of our CCTV system at our Company’s premises. According to the current regulatory framework, Casinos are obliged throughout their operation to create audiovisual archives of the main and auxiliary areas of the Casino building.
• We also collect and store certain types of personal data each time anyone interacts with us online, when we use cookies and tracking technologies to collect personal data and also via the web browser as well as via other content displayed by the Company or on other sites

4.5 What personal data collected?

Due to the nature of our Company’s activities, the Personal Data we collect relate mainly to the following categories of data subjects:
• Casino Clients: When you enter and complete your registration with the Casino, we collect your name, surname, date of birth, nationality, contact details (telephone and e-mail address), photo, profession, copy of ID (police ID card or passport, or driver’s license or personal health journal), image and audio data from the CCTV system, and, on a case to case basis, we collect statistical (performance per game or player group) data for statistical purposes in order to inform you about Casino activities, entertainment events, prizes, updates and promotions of new gaming products, loyalty rewards by providing free benefits and cash points and in order to generally promote our services.
• Casino Partners (suppliers and other affiliates in general): we collect their personal data and information relating to our contractual relationship, which includes identity and contact information, transaction data as well as financial data related to our Company’s compliance with its legal contractual obligations.
Please note that we do not collect personal data of special categories, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, which are categorized as special data categories and receive additional protection under European data protection law.

4.6 For what purposes is my data being processed?

The purposes of the processing is proportionate with the function performed. Particularly:
• The personal data of Casino customers is provided for the following purposes; to provide our services, namely their registration with the Casino and their participation in its games, to monitor the statistics and performance of the games (per player or player group), to help players participate or attend to poker tournaments, to provide information on various activities, entertainment events, free prizes, updates and promotions of new gaming products, loyalty rewards and customer engagement mmata loyalty and reward (loyalty club) by administering free benefits and cash value of points.
Specifically in order to issue the electronic membership card, which is subsequently used for the entry and / or participation of our customers in our games, in accordance with applicable law and M.D. 1071467/536/0015 (Government Newspaper B 1283/2006), we inform you that the card is strictly personal, non-transferable, non-transferable and non-credit.
• The personal data of our partners is provided for the purpose of concluding and executing a contractual relationship between us.

4.7 What is the legal basis for processing?

The collection and processing of personal data of is based on:
(a) the processing is necessary for the performance of the contract (ar. 6 par.1b GDPR). On this legal basis we rely for the registration of players in the Casino and our contractual relationship with our affiliates.
(b) processing is necessary for compliance with a legal obligation to which the controller is subject (ar. 6 par.1c GDPR), in this respect, for the Casino’s compliance with the legal framework governing the operation of casinos, but also in compliance with its general tax and other legal obligations.
(c) the processing is based on the subject’s prior consent (ar.6 par.1a GDPR). We rely on this legal basis to process all information we collect from you voluntarily and to promote our services to you.

4.8 Profiling

Our Company has the ability to install and operate auxiliary computerized systems for statistical monitoring and performance of its board and electronic gambling games, per player or team of players, in order to achieve further control of its operations, more efficient management and to provide our customers with rewards or free services. Players’ profiling can be legally drafted in accordance with all applicable legal framework (Ar. 22 par. 2 GDPR and ar. 7 par. 8 M.D. 303/2018)

4.9 Transfers of Data to Third Parties: To whom will my data be disclosed?

The Company does not normally disclose personal data to third parties, except in the following cases. Particularly:
• Your personal information may be processed on behalf of the Casino by an external partner, a security services provider. The personal security of the casino is governed exclusively by our in-house procedures.
• For marketing purposes (PR and marketing actions) your data may be transferred to an external partner (marketing company etc.) who is contractually committed for the protection of your personal data.
We note that the abovementioned partners can only access the minimum personal data necessary to perform their functions, and they are contractually prohibited from using them for any other purposes. In addition, they have previously committed in written with our Company regarding their compliance obligations, the use of data for purposes other than the agreed processing, the confidentiality of data, and the compliance with the relevant legal framework in general.

4.10 For How long is my personal data held?

The retention period of personal data depends primarily on the purpose of the processing, and the mere keeping of it constitutes a processing act, which is permitted only if it is governed by the general principles of processing. After the retention period, personal data is deleted. Particularly:
• The time period for the retention of the personal data of our Company’s customers and associates is determined on a case-by-case basis in accordance with applicable law.
• Contact information of our customers is maintained until each customer withdraws his / her consent to the Casino.
• Employee and visitor personal data coming from the closed-circuit video surveillance system operating at our premises, including the entrance and selected workplaces, are kept for at least (30) days, with the possibility of extending this interval in the event of a security incident, according to applicable legislation.

4.11 DATA PROTECTION AND SECURITY STATEMENT

Mandatory personal data provided by Casino customers is stored in our IT systems obtained by the Greek Casino Supervisory Authority, licensed for use by Casino Businesses. These systems provide adequate security and are used by specially trained and authorized employees (users) in order to achieve the maximum possible protection of the stored data in the modern digital environment.
The same security ethics apply to optional personal data.
The security and protection of all data is enhanced by the use and coexistence of additional security programs.
Further, we apply strict organizational measures and procedures for the protection of personal data against possible corruption, loss, unintended or illegal processing, on the one hand by installing servers on premises where restricted and controlled access is allowed and on the other hand by limiting user rights to the level of access that is absolutely necessary.

4.12 What are my rights?

The processing of your personal data is also linked to your respective rights, which are, without prejudice to any provisions restricting the exercise of such information:
The processing of your personal data is also linked to your respective rights, which, subject to any provisions that may restrict the exercise of these rights, are:
• Right to information: You have the right to receive clear, transparent and comprehensible information about how we use personal data and what your rights are. To this end we provide you with the information in this Privacy Statement and urge you to contact us for any clarifications.
• Right of access: You can ask to confirmation as to whether or not personal data concerning you are being processed, and ask to receive of copy of your data.
• Right to rectification: You may request to rectify or supplement your data if it is incomplete or contains inaccuracies
• Right to Data Portability: You may request that we provide or transfer to a third party electronically specific information you have provided to us.
• The right to erasure: In some cases, you may request that all or part of your data be deleted (if, for example, the data is no longer necessary for the purposes for which it was collected, etc.).
• The right to restriction of processing: You have the right to restrict the processing of your personal data.
• The right to withdraw your consent: If you have given your consent to the processing of your personal data, you have the right to withdraw your consent at any time by contacting us with the information provided herein.
• Right to object: You may object to the processing of your data in pursuit of our legitimate interests, as set forth above.
• The right to lodge a complaint with the Personal Data Protection Authority: You have the right to lodge a complaint directly with your local supervisory authority, the Personal Data Protection Authority, about how we process your personal data.
• Rights related to automated decision making: You have the right not to be subject to a decision that is based solely on automated processing and has legal or other material consequences for you. In particular, you have the right to:
• human intervention,
• express your opinion,
• to explain the decision that resulted from an evaluation,
• challenge this decision.
If you exercise any of these rights, we will take all possible steps to satisfy your request within a reasonable time and no later than (1) month after identifying your request and we will notify you in written about your request, for any reasons that may hinder the exercise of this right, or the satisfaction of one or more of your rights, in accordance with the General Data Protection Regulation. Please note that in some cases your request may not be met, such as when the right is blocked by a legal obligation or conflicts with a contractual legal basis for processing your data. You will find the details of our Data Protection Officer at the beginning of this post.
If, however, you believe that any of your rights or legal obligations to our Company in relation to the protection of Personal Data are being infringed and you have previously addressed the Company’s Data Protection Officer (DPO) for the matter, meaning that you have in effect exercised your rights to the Company and either you did not receive a reply within one month (extending the deadline to two months in case of a complex request), or you consider that the response you received from the Company is not satisfactory and your question has not been resolved, you can lodge a complaint with the competent supervisory authority, ie, the Data Protection Authority (DPA), 1-3 Kifissias Ave., TK 115 23 Athens, email: complaints@dpa.gr, fax 2106475628.

4.13 How is my personal data protected?

We have taken appropriate organizational and technical measures to protect your personal information from destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. The measures we use include the implementation of appropriate measures in access control and technical information security.
Access to your personal data is only permitted by our competent employees and associates and only if this isnecessary to support the operation of our Company and is subject to strict contractual confidentiality obligations when outsourced and processed by third parties.

4.14 How can I contact the Company?

You can contact us at our headquarters, Agios Panteleimonas Hill. 53100, Florina or email dpo@casinoflorinas.gr or make a request using the Contact form on our website.

4.15 Update of this Privacy Policy

This statement will be revised if necessary, to adapt to legislative changes, to respond to comments and needs of personal data subjects and to possible changes in our Company’s products, services and internal processes. Any changes will be published with a concurrent review of the latest update at the top of this Privacy Policy.