On 27 April 2016, the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC was adopted, (General Data Protection Regulation – GDPR, hereinafter referred to as the “Regulation”). This regulation came into effect on 25 May 2018 in all the Member States of the European Union.
The business corporation ALEKS CZ A.S., company number: 26212013, with the registered office at Václavské náměstí 43, Nové město, 110 00 Praha 1 (“OPERATOR”), fully respects the seriousness and necessity of the protection of personal data as well as the scope of this issue and, in accordance with the Regulation, ensures sufficient protection of all personal data processed thereby according to the principles set out in this document.
ALEKS CZ a.s., is a gambling Operator within the meaning of Act No. 186/2016 Sb., on Gambling (hereinafter referred to as the “Gambling Act”), in particular the Operator of technical games according to Section 3 (2)(e) of the Gambling Act and live games according to Section 3 (2)(f) of the Gambling Act. When dealing with personal data, there are obligations arising from the legal regulations regarding the operation of gambling, in particular, from the Gambling Act and Act no. 253/2008 Sb., on Certain Measures against Money Laundering and Terrorist Financing.
Within the meaning of the above-mentioned legal regulation, personal data is any information on natural person which facilitates his/her identification. Personal data are, in particular, the name, surname, gender, age and date of birth, birth identification number, photo, contract number, file number, but also for example the IP address. For the purposes of our activities, personal information may also include financial transaction information.
An essential principle that governs our activities is the principle of minimizing the processing of personal data, i.e. that personal data are processed only to the extent necessary.
Personal data may only be processed lawfully, so there must be a clear purpose and a legal title. Such a legal title could be, for example, processing on the basis of an obligation imposed by law, on the basis of concluded contract, public interest or voluntary consent of the data subject.
Only accurate personal data may be processed, therefore it is necessary to update them regularly and strictly observe the processing time, after this time has elapsed, it is necessary to destroy such data in an appropriate way (shred, rewrite the discs, process by grinding or crushing, etc.). The data subject may also request the erasure of personal data, in which case it must be done without undue delay, provided that this is not prevented by further processing based on a legal obligation.
Data protection controller
The data protection controller of our Clients is the above mentioned business corporation ALEKS CZ a.s., company number: 26212013, with the registered office at Václavské náměstí 43, Nové město, 110 00 Praha 1. The contact details are available at the website http://www.casinoaleks.cz/.[EH1]
Our activities of the gambling Operator are related to the obligation to process and store the personal data of our Clients based on the legal title of a legal obligation, in particular on the basis of the Gambling Act and Act No. 253/2008 Sb., on Certain Measures against Money Laundering and Terrorist Financing ( hereinafter referred to as the “AML Act”).
This processing of personal data is therefore not based on the consent of the persons concerned but is based on the compliance with the legal obligations of a gambling operator within the meaning of the relevant provisions of the Czech legal regulations (with the exception of consent to take a photo, Loyalty Program etc., see below).
In order to enter the casino premises, the identity of each visitor must be verified in accordance with the provisions of Section 71 of the Gambling Act and relevant provisions of the AML Act. This can be done by presenting an identity card or a user card.
PARTICIPATION IN GAMBLING
Each person is obliged to register with the Operator in order to participate in gambling. For the process of registration for participation in gambling, the Client is obliged to provide the following identification data: name, surname or maiden surname, if appropriate, residence, citizenship, gender, birth dentification number (or date of birth if no birth identification number was assigned) and place of birth.
The Participant shall also provide the following contact details upon registration: mailing address (if different from the residence address), telephone number and e-mail address. As part of this process, the Operator shall record and verify the above stated identification data of the Participant from the identity card (if they are indicated there), and shall also record the type and number of the identity card, the state or the issuing authority and the period of validity. At the same time, it shall verify the match of the participant’s appearance with the picture in the identity card.
For the purpose of creating a user card a photo is taken with the user’s consent.
Under the AML Act, during the identification there will be a record of an entry of a politically exposed person or person who is subject to international sanctions applied by the Czech Republic according to Act no. 69/2006 Sb., on Implementation of International Sanctions, as amended, This obligation also arises from the provisions of the AML Act and it is identical for all gambling operators in the territory of the Czech Republic.
In accordance with the AML Act, we are entitled to make and store copies or extracts of the above stated documents. In compliance with the Gambling Act, we are obliged to keep records of all payment transactions related to the purchase or exchange of value tokens, including the date and time of the transaction and identification data of the gambling Participant executing the transaction. We are obliged to store the mentioned personal data for 10 years.
Furthermore, in case of technical game, the applicant’s registration cannot be completed without an individual setting or individual refusal of self-limiting measures pursuant to Section 15 (2) of the Gambling Act. The self-limiting measures are the following:
- Maximum amount of bets per day,
- Maximum amount of bets per calendar month,
- Maximum amount of net loss per day,
- Maximum amount of net loss per calendar month,
- Maximum amount of logins to the user account per calendar month,
- Maximum daily login time spent on the user account until its automatic logout,
- Maximum time during which the gambling Participant will be disabled to take part in a technical game counted from the Participant’s logout from the user account.
2. SUSPICIOUS ACTS
We are required to monitor and store the details of each performed gambling for a period of 10 years from the execution of each transaction; or alternatively, from the end of registration to the participation in the technical game.
3. RECORDS OF THE DEPOSITS
The Operator is obliged to keep records of all bets, wins and deposits on the user account, as well as withdrawals of funds from the user account on the basis of a legal obligation pursuant to the Gambling Act and AML Act for a period of 10 years from the end of registration of the Participant.
4. MONITORING OF THE GAMBLING PREMISES
It is our legal duty to monitor all the Gambling Premises by a camera system with video and audio recording and to retain the recordings for 2 years.
5. PERSONAL DATA
For specified purposes, we process the following personal data:
- identification data according to the AML Act – name, surname or maiden surname, if appropriate, residence, citizenship, gender, birth identification number, or date of birth, if no birth identification number has been assigned, and place of birth, type and number of the identity card, the State or, where appropriate, the authority which issued it and its period of validity);
- identification information and contact details according to the Gambling Act – name(s), surname or maiden surname, if appropriate, residence, citizenship, birth identification number or date of birth, if the birth identification number was not assigned to the registrant, correspondence address, if different from the address of residence, telephone e-mail number and address – e-mail and electronic data mail box identifier;
- self-limiting measures pursuant to the Gambling Act, if they are set in a technical game;
- data concerning participation in the game – bets, winnings, game time, etc.;
- data concerning the user account – deposit, withdrawal etc.;
- monitoring system shoots pursuant to the Gambling Act.
For membership in the Loyalty Program, it is necessary to agree to the General Terms and Conditions, the provisions of the Loyalty Program and to fulfil the conditions for participation in gambling. The membership is voluntary and may be terminated any time.
The personal data of the Participant are processed based on the consent, namely contact and identification data, data relating to the participation of a member in individual games of chance, including his / her deposits, bets and winnings, playing time, etc. and data relating to the Participant’s loyalty user account. Data are processed for the duration of membership. Due to their membership, the members receive information messages (email, sms), various marketing communications concerning various bonus benefits or current news.
When using the http://www.casinoaleks.cz/ website, some anonymous data may be processed by cookies, which are used in particular for the purpose of optimizing, statistics and analysing the traffic to the above-mentioned website.
Recipients of the personal data, personal data sharing, processors
Personal data may be transferred to processors as third parties on the basis of a processing contract, in particular:
- to suppliers of IT support systems and related services
- to external auditors, tax advisors or legal representatives
- to public authorities – Ministry of Finance of the Czech Republic, customs etc.
Personal data protection, security
In order to ensure the standard of protection of personal data, internal organizational and technical measures have been put in place which, on the whole, ensure a very high level of privacy for all our Clients. In this respect, available modern technologies are used to ensure proper protection of the personal data of all our Clients, including protection against loss, destruction, disclosure, alteration of the Client’s personal data or unauthorized third party access.
Rights of the Clients as data subjects and the exercise thereof
The following rights are in particular included among the rights of the data subjects (Clients of the Operator):
- right to be informed
- right of access to their personal data pursuant to Article 15 of the Regulation,
- right to rectification of their personal data pursuant to Article 16 of the Regulation,
- right to erasure of personal data without undue delay where the grounds pursuant to Article 17 of the Regulation apply,
- right to restriction of processing personal data in cases pursuant to Article 18 of the Regulation,
- right to data portability in cases pursuant to Article 20 of the Regulation,
- right to object to processing pursuant to Article 21 of the Regulation,
- right to withdraw the consent to personal data processing pursuant to Article 7 (3) of the Regulation,
- right to lodge a complaint pursuant to Article 77 of the Regulation.
RIGHT TO BE INFORMED
In accordance with the principle of transparency, we have an obligation to provide information, i.e. obligation to provide contact details of the controller, the purpose for which the personal data are processed, the period for which the data will be stored, the intention to transfer the data to a third country and to inform about the existence of other listed rights.
RIGHT OF ACCESS
Right of access is provided on the basis of a request. It is the right to obtain information as to whether or not the personal data are being processed and which categories of personal data are concerned, together with the purpose for which the data are processed and the period for which the data will be processed. A free copy of the data processed, or access thereto, shall be granted upon request. This approach makes it possible to check that data are not being handled unlawfully.
RIGHT TO RECTIFICATION
The Client has the right to the accuracy of personal data, therefore we take all measures necessary to process only accurate and up-to-date data. The Client shall have the right to rectification or have incomplete personal data completed without undue delay.
In this respect, the Client may contact __ at any time.
RIGHT TO ERASURE
The Clients have right to be forgotten, i.e. right to erasure. This right gives them the possibility to request that their personal data be erased and no longer be stored unless there is another legal impediment, for example due to public interest or a legal obligation that requires processing. Should such an exception occur, we are obliged to inform about this fact within 1 month.
RIGHT TO RESTRICTION OF PROCESSING
The Client has the right to request the restriction of personal data processing in several cases. The first case is the inaccurate data, in which case processing of these data shall be restricted for a period enabling the verification of the accuracy of such data. The other cases are unlawful processing and when the data are no longer needed for the purposes of processing, if it is not in the interest of the Client to have the data erased. The last ground is the objection to processing pending the assessment of the objection.
RIGHT TO PORTABILITY
This right provides the Client with the possibility of transferring the obtained (processed) personal data to a third party in case the processing by the Operator is based on the Client’s consent or on a contract and is carried out by automated means.
The data may be provided to the third party in a structured, commonly used and machine- readable format.
If the Client wishes the Operator to send the above mentioned personal data to a third party, it is necessary to submit a request to __. The Operator shall consider the request and inform the Client about the result.
RIGHT TO OBJECT
Any Client may object to processing of personal data concerning him or her at any time. If the Operator subsequently fails to prove legitimate grounds for the processing of the Client’s personal data, the Operator will no longer process the data, or alternatively delete or anonymize the data.
The Client may lodge the objection to _ .
RIGHT TO WITHDRAW THE CONSENT
Any client may withdraw an already granted consent to the processing of their personal data. He /she may do so in person at the registered office of the Operator, or at the address __.
However, withdrawal of the consent does not affect the lawfulness of the processing of personal data prior to the withdrawal of consent by the Client.
RIGHT TO LODGE A COMPLAINT
Any client has the right to lodge a complaint against the processing of personal data with the Office for Personal Data Protection at the address below.
Úřad pro ochranu osobních údajů (Office for personal data protection), the address: Pplk. Sochora 27, 170 00 Praha 7, website: www.uoou.cz.
If the Client exercises any of their rights regarding the above, the Operator always informs the Client about the measures taken or informs him/her why the requested measures could not be taken from its side.
Any client wishing to exercise some of their rights may do so at the address __.
It is possible that due to the necessity to verify the identity of each Client without any doubt, the physical presence of the Client at the Operator’s registered office, whose address was stated in the introductory part of this document, will be necessary.
The Operator’s response time is 30 days; in complicated cases, this time limit may be extended, whereof the Client will always be notified.
In Prague on 1.9.2019