Customer Privacy Policy

This Privacy Policy sets out and describes the way in which Tumas Gaming (hereinafter also the “Company” ; “we” ; “us” ; “our”) collects and processes the personal information and data the customer (hereinafter also “you” ; “your”) provides or is requested to provide to us when visiting our Casino.

We are committed to protecting our Customers' privacy and we will only collect and process any personal information about you in accordance with this Policy.

 

1. Data Controller

 

The Controller of your personal data is Tumas Gaming Limited, Level 3 Portomaso Business Centre, STJ4011, and St. Julian’s, Malta. Telephone Number: 00356 - 21372292; email : privacy@tumasgm.com.

 

2. Grounds and Purposes of the Processing

 

As a Company operating in the highly regulated gaming industry, we need to collect and process your data for:

- normal administrative and business purposes;

- to provide you with information and updates about promotional offers and our products and services, where you consented to;

- to comply with our legal and regulatory obligations;

- to pursue our legitimate business interests such as the prevention and detection of fraudulent activities, fraud attempts and provision of the relevant evidence detected;

-the detection of health and safety issues and prevention of accident;

- the resolution of possible disputes with customers arising out of and/or in connection with participation in gambling, the protection of our legal position in the event of legal

 

We only collect and process data and information that you provide to us voluntarily or in response to a specific  request or such data which derives therefrom or we otherwise are able to obtain from you (e.g. a profile based on your gaming habits).

 

Where we intended to process your data for one or more lawful purposes other than which it was collected, we will provide you with information on such purpose of the process and any other relevant details. In the event that any further process requires your consent, we will not start processing until we have explicitly obtained your consent thereof.

 

3. Categories of Personal Data we process

 

-         Registration

 

On your first visit to our Casino, you will be requested to register and therefore to provide  a number of personal information, such as your full name, your date and place of birth, your nationality, your address, your ID card your contact details and a photo shall be  taken by our receptionist (the “Registration Data”).

We are required by law to identify and verify the identity of our Visitors and therefore to collect and retain the Registration Data. If you do not provide this data, we may be unable to comply with our legal obligations and thus you may be denied access to our premises.

 

-          Gaming Sessions

 

Whenever you access our premises to engage in gambling activities we may collect certain information, relating to your gaming sessions, such as your playing preferences and patterns, the duration of your gaming sessions, your interactions with other players or with our staff; information

of your level of activities, such as the amount of your cash-ins and / or drops, the amount of your winnings, your average stake.

 

-          Transactions

 

Whenever you wish to cash-out your chips or request us certain services such as to issue  a winners cheques or a winning certificate or to fund your account, we may require additional personal information, such as your payment and bank details or information about your residential address or your professional profile.

If you do not wish to provide this data we may be unable to comply with our legal and regulatory obligations and / or to provide you with the requested services.

 

-          Surveillance and CCTV Operations

 

We monitor our premises on a 24/7 basis through a CCTV Surveillance System and if you access any areas of the Casino your image may be recorded. In certain areas of the Casino such as the Reception, the Cash-Desk and the Tables/Slot area, your voice may be recorded as well.

Further details about our Surveillance System may be found in the CCTV Privacy Policy prominently placed in our Casinos.

 

4. Data Security and Disclosure

 

We will take all reasonable steps to ensure that your information is kept secure and protected to the highest possible standards. We have appropriate, adequate and effective technical and physical safeguards as well as highly trained personnel to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

 

We are a very structured and articulated Group and therefore we may share your personal data between the parent Companies of the Group when it is necessary to better manage our business and your relationship with us, to comply with our legal and regulatory requirements or to facilitate the exercise of your rights as data subject and your personal data may be subject to internal audits and investigations as well.

 

Although any category of personal data in accordance with this Policy is processed by the relevant Department, your information may be disclosed, on a strict need-to-know basis, to line managers, auditors, senior management, internal enquiries and to our Money Laundering Reporting Officer or the Designated Employee.

 

For the purposes of preventing fraud and money laundering and for data verification purposes, we may use third parties, including credit reference agencies who will record any search your file. Where your information is processed on our behalf by any third party, we protect your personal data by implementing contractual clauses and undertakings to ensure a level of protection that is at least as appropriate and adequate as ours.

 

Your data is being processed to comply with our legal and regulatory obligations, we might be required to disclose your information to Regulatory bodies and Organisations, such as the Malta Gaming Authority, the Financial Intelligence Analysis Unit and other competent public Authorities.

 

We will not disclose your personal information to any third-party nor will we transfer it to any third- Country or international organisations.

 

 

5. Retention Period

 

As a general principle, we keep your personal data stored only for the time that is strictly necessary to the processing for the purposes stated in this Policy. In relation to  different categories of data or, where you gave your consent for the processing, we retain your data until the time we consider to keep it necessary, or until the time you withdraw it.

 

Nevertheless, in some cases we are legally required to retain personal data for a given period of time. In general, your data will be retained, in accordance with this policy, up to 5 years following your last gaming session. However, Data can be retained for longer if deemed necessary by the relevant authorities.

 

CCTV Recordings are retained up to 30 days from the date of the recording unless we are required by the competent Authorities to keep them for a longer period due to a pending investigation.

 

6. Your Rights

 

In respect of any of your personal data processed by us in accordance with this Policy, you have the right to:

- Access your personal data and periodically obtain a free of charge copy thereof;

- Rectify your personal data;

- Oppose to the processing where you deem that the pursuit of our legitimate business interests is overridden by your rights as data subject;

- Request the restriction of processing your personal

- Where you have given your consent to processing, in addition to the rights stated above, at any time you have the right to:

- Withdraw the consent to processing without affecting the lawfulness of the processing based on consent before withdrawal;

- Request the erasure of your personal

- In order to exercise your rights you might be asked to provide us with a form of identification.

 

You may obtain further information on how to exercise your rights or to request access to or rectification or erasure of your data or to oppose to the processing by sending an email at: privacy@tumasgm.com.

 

If, at any time, you think that the processing of your personal data is not being conducted in compliance with this Policy or with any applicable law, you may lodge a complaint with the Data Protection Officer:

 

Information and Data Protection Commissioner, Floor 2, Airways House, Triq Il-Kbira, Sliema. Tel. 00356-23287100; email: idpc.info@idpc.org.mt.

 

7. Changes to this Policy

 

We will periodically review this Policy. Any changes we may make to our Privacy Policy in the future will be posted on this page and any such changes will become effective upon posting of the revised Privacy Policy.

 

Summary:

 

Category of Data Subject

Categories of Data

Casino Customers

Registration Data

Payment Data

Profile

Transactions Data

Due Diligence Data

Marketing Data

CCTV

 

 

Casino Visitors

Visit Log Data

CCTV

 

Where to Retrieve the Data - Customers

 

Department and

Contact Person

Categories

Paper Archive

Digital Archive (Local)

Digital Archive (On-Line)

Casino, Operations - 

Patrick Demanuele

Registration,

Verification

No

No

Yes (BO)

Casino, Cash desk -

Dorianne Spiteri

Payment,

Transactions

No

Yes

Yes (BO)

Casino, MLRO –

Abigail Fenech 

Profile,   

Due Diligence

Yes

Yes

No

Casino, Surveillance - 

Petra Pracharova

CCTV

No

No

Yes

Casino, Marketing – Duncan Cachia

Marketing

Yes

TBD

Yes (TBD)

 

 

Where to Retrieve the Data – Visitors

 

 

Department and Contact Person

Categories

Paper Archive

Digital Archive (Local)

Digital Archive (On-Line)

Casino, Reception – Ioseph Gafa

Visit Log

Yes

No

No

Casino, Surveillance – Petra Pracharova

CCTV

No

Yes

No

 

 

Retention Period

 

 

Category of Data

 

Retention Period

Registration Data

TBD / Until MGA requires

Payment Data

Up to 5 years following the last transaction

Profile

Up to 5 years following the last transaction

Transactions Data

Up to 5 years following the last transaction

Due Diligence Data

Up to 5 years following the last transaction

Marketing Data

Until the consent is withdrawn

CCTV Data

Up to 30 days following the acquisition

Visits Log

TBD / Until MGA Requires

 

Data Subject Rights:

 

Right

Way it is granted(*)

 

Access

 

Mail, Downloadable form

Rectification

Erasure

 

 

Withdrawal of Consent

 

Mail, Opt-out

 

 

Opposition

 

 

TBD