Privacy Policy of the participants in the licensed and organized games under the Gambling Act by BHM CASINO BULGARIA LTD

The Privacy Policy reflects the requirements of Regulation 2016/679 EU on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation” or GDPR), in relation to the processing of personal data and the Personal Data Protection Act, as well as other special requirements of the regulations applicable to our activities,  Including. but not limited to: the Gambling Act, the Measures Against Money Laundering Act, the by-laws, as well as the mandatory gaming conditions, rules and requirements adopted by the NRA for the organized gambling games by BHM CASINO BULGARIA LTD, operating under the trademark MONTE CASINO and MONTE GAMING CLUB (hereinafter referred to as “MONTE CASINO”).

This personal data protection policy applies to the processing of personal data of individuals for the purposes of participating in and receiving monetary and material winnings from the games on the ground in the gaming halls organized by the companies operating under the MONTE CASINO brand.

What information do we collect and why?

We may collect personal data about you when you visit our gaming halls. In most cases, we require your personal data for the purpose of providing a service, to comply with a legal obligation or to protect our legitimate interest. If you do not provide us with identification data, we may not be able to provide you with the relevant service. Depending on the services you use, we may collect and process the following information about you:

When visiting a ground gambling facility (gaming halls)

  • Personal identification number of each visitor for the purposes of checking for entry in the register of vulnerable persons under Art. 10d of the GA, and admission to the sites of MONTE CASINO. When using a card reader connected to the NRA’s system to perform the due checks at the Register, the client’s data is not saved. The reader only extracts from the provided ID card the personal identification number of its holder and makes an automatic check in the NRA Register, the result of which is visualized on the screen of the person who makes the inquiry. The ID card is returned to its holder immediately after the check is made.
  • names and date of birth so that we can identify you and participate in bonus games while fulfilling our legal obligations;
  • email address to receive marketing messages;
  • phone number, to receive marketing messages;
  • upon entry in the Register under Art. 74 of the Gambling Act, and/or the implementation of bets of a total value equal to or exceeding the BGN equivalent of EUR 2000 or their equivalent in another currency, regardless of whether the operation or transaction is carried out through one operation, or through several related operations, purchase, exchange or redemption of tokens or other certifying signs to confirm the profit of a total value, equal to or exceeding the BGN equivalent of EUR 2000 or their equivalent in another currency, regardless of whether the operation or transaction is carried out through a single operation, or through several connected operations carried out when participating in the gambling games organized by the particular gaming hall: names, personal identification number, address, citizenship, place of birth, type and number of identity document, date and issuer,  a copy of an identity document, as well as information about the origin of the funds and whether the person is/is not a prominent political person, according to the Law on Money Laundering and the Law on Money Laundering.
  • upon payment of cash winnings worth more than BGN 5,000 from participation in the gambling games organized by the particular gaming hall: a document for the bank account of the winning participant, which is kept in the gaming casino or in the accounting of the organizer (Art. 12, para. 2 of the General Mandatory Rules for the Organization of Work and Financial Control).
  • Video camera recordings when you visit our sites in order to ensure our and your security and/or comply with a regulatory obligation.

The purpose of processing your data

In most cases, personal data is required in order to comply with a legal obligation, to perform a contract or on the basis of a legitimate interest. Of course, with some of our services, you yourself provide us with this information, choosing and agreeing to it.

The personal data we collect and process is most often for the following purposes:

In carrying out our business, we request and process data on the basis of a number of statutory obligations, such as:

  • The Gambling Act, the Measures Against Money Laundering Act, by-laws, as well as the mandatory gaming conditions, rules and requirements for organized games of chance adopted by the NRA;
  • Income Taxation of Natural Persons Act;
  • Accountancy Act and the Tax and Social Security Procedure Code and other related normative acts, in connection with the keeping of correct and lawful accounting;
  • obligations to provide information to all state commissions and regulatory bodies;
  • obligations to carry out video surveillance in our gaming halls;
  • obligations to provide information to the court and law enforcement authorities.

Data processing based on your consent

  • When we process your data for direct marketing purposes for our products and services, as well as for participation in bonus games and raffles, we will need your explicit consent.

 

Processing of data based on our legitimate interest

  • video surveillance in our administrative sites;
  • Sound recording during a telephone conversation with the call center in order to improve the quality of the services provided, as well as to resolve disputes and protect legitimate interests.

Who can we share your data with?

The provision of personal data in some cases is mandatory in order to comply with our legal requirements. Depending on the games organized by MONTE CASINO in which you take part, we may provide your data to the following categories of recipients:

  • National Revenue Agency, State Agency for National Security, in fulfillment of statutory requirements and obligations related to the conducted games of chance. These authorities have the right to receive information about registered users, bets placed, winnings paid, as well as other data, in the cases and form provided for by law;
  • Banks, payment institutions, postal money transfer companies, identified specifically, in the relevant rules for organizing and conducting the games, in fulfillment of the requirements and obligations for making bets and paying out winnings;
  • Providers of systems/services for the provision of games, management and maintenance of the activity and quality of services, incl. those related to the information technologies with which we have concluded a contract (e.g. IT suppliers, software suppliers, computer support providers, suppliers of prizes, etc.), in fulfillment of the requirements and obligations for maintenance of the statutory functionalities of the system, identification of participants, placing bets, determining results and payment of winnings;
  • State bodies/institutions, persons with public functions, regulators and supervisory authorities (including the Ministry of Internal Affairs, the State Commission for Criminal Investigation, the National Revenue Agency, the National Agency for National Security, the Prosecutor’s Office and the Investigation Agency, the Commission for Protection of Consumer Protection, the Commission for Protection of Protection of Human Rights, the Commission for Personal Data Protection and others), if we have sufficient grounds to believe that their access, use, preservation or disclosure is necessary for: the implementation of an applicable law or other normative act of a mandatory nature; in response to an inquiry made by a supervisory authority, regulator or other state institution in connection with or in connection with the performance of its statutory functions or initiated inspection, complaint, audit, etc.; detection, prevention or other actions in connection with fraud, money laundering, terrorist financing, technical or security problems.

MONTE CASINO uses third parties to support certain contractual activities or in the fulfillment of a legal obligation. We do not provide your personal data to third parties until we have made sure that all technical and organizational measures have been taken to protect this data, and we strive to exercise strict control over the fulfillment of this purpose. Some of these recipients of personal data may be:

  • courier companies, external consultants and specialists, other companies operating under the trademark MONTE CASINO, collection companies and law firms, banks, security companies, persons who maintain equipment, software and hardware used for the processing of personal data by MONTE CASINO, telecommunication companies providing SMS and other services, hosting companies and commercial agents, etc.

Information about us

The personal data of the participants in the organized games may be processed by the following controllers:

When you participate in land-based games in our gaming halls, the data is processed by the respective gaming hall you have visited. Information about the specific gaming hall can be found on the mandatory information board placed in a visible place at the entrance of each gaming hall.

Technical and organizational security measures

In order to ensure the maximum level of protection of the personal data of the subjects, the companies operating under the MONTE CASINO brand jointly apply the following technical and organizational security measures, such as:

  • Protection of the collected personal data from unjustified use and monitors their processing;
  • Support of secure computer systems through which personal data is processed. Adequate control mechanisms for data separation and management are applied to our systems;
  • Adopting strict policies and procedures applicable to its staff to minimize the risks of personal data processing;
  • The employees of MONTE CASINO are familiar with the applicable rules and are trained to process personal data with the utmost care and compliance with established good practices;
  • In carrying out its activities, MONTE CASINO works only with established organizations and avoids working with companies that it believes may threaten the security of personal data of individuals;
  • Adopted good practices in the implementation and administration of security systems and tracking technological developments in terms of possible risks to the security of information in the company;
  • Observance of the security of computer systems and the personal data contained therein, including the possibilities for access to certain types of personal data by its employees;
  • Providing access only to those personal data that are necessary for the performance of the work of the respective employee.

The companies operating under the MONTE CASINO brand have adopted procedures for the effective recognition, reporting and investigation of personal data breaches. In the event of a personal data breach, each of the companies will take immediate action to limit the effect of the breach, as well as to inform the affected data subjects and the supervisory authority for personal data protection.

What are your rights and how can you exercise them?

Your rights

You have the right to information, access and receive a copy of your personal data that is processed by MONTE CASINO. If you believe that the information about you that MONTE CASINO holds is inaccurate or incomplete, you can request the redaction of your personal data.

 

You can also exercise the right to correct or update the personal data provided by you by accessing your user profile on the MONTE CASINO website.

 

In addition, you have the right to:

  • to object to the processing of your personal data;
  • request deletion/deletion of your personal data when the legal basis for their processing has ceased to exist;
  • request restrictions on the processing of your personal data; and/or
  • withdraw your consent when MONTE CASINO processes your personal data on the basis of consent (without such withdrawal affecting the lawfulness of the processing carried out before the withdrawal);
  • of a complaint to the supervisory authority – CPDP (Sofia 1592, blvd. “Prof. Tsvetan Lazarov” No2 or www.cpdp.bg).

 

Monte Casino will comply with requests, withdrawals or objections, as required by the applicable data protection rules, but these rules are not absolute: they are not always applicable and there may be exceptions. In response to a request, you need to confirm your identity and/or provide additional information to help better understand your request.

Where you have re-exercised the right of access to information or a copy of the data in a machine-readable format, MONTE CASINO may charge a reasonable fee based on the administrative costs required to provide it.

How to exercise them?

Each of the rights provided for by law can be exercised by submitting a request for the exercise of the respective right. A request for exercising the rights of personal data subjects can be submitted in the following way:

  • Electronically to the following email address: dpo@montecasino.bg.
  • At the head office of BHM CASINO BULGARIA LTD at the address: Sofia, 29 Slavyanska Str., floor 2 or in any gaming hall/gaming casino

The request for the exercise of personal data rights should contain the following information:

  • Identification of the person – names and personal identification number;
  • Contacts for feedback – address, phone, e-mail;
  • Request – description of the request.

MONTE CASINO shall provide information on the actions taken in connection with a request to exercise your rights within one month of receipt of the request.

If necessary, this period may be extended by a further two months, taking into account the complexity and number of requests from a particular person. MONTE CASINO shall inform the person of any such extension within one month of receipt of the request, also stating the reasons for the delay. The information provided to the subject and any communication and actions to exercise the rights of the data subject shall be provided free of charge (except in case of abuse of the rights granted).

We may request the provision of additional information necessary to verify your identity when there are concerns about the identity of the individual submitting the request.

MONTE CASINO is not obliged to respond to a request in case it is unable to identify the data subject.

Where the request is submitted by electronic means, if possible, the information shall be provided by electronic means, unless you have requested otherwise explicitly.

Use of cookies

MONTE CASINO collects or processes personal data through functional cookies, and more information can be found in the Cookie Policy on the MONTE CASINO website.

Data Protection Officer

       The Personal Data Protection Officer of all companies that use the MONTE CASINO brand is Desislava Dimitrova, e-mail: dpo@montecasino.com.

       Updating the privacy policy

       This policy may be subject to change by MONTE CASINO and was last updated on 20.06.2023. Any future changes or additions to this policy will be duly noted.