Personal data protection policy, regarding data of the participants in the games, licensed and organized pursuant to the Gambling Act by “BHM CASINO BULGARIA“ OOD


The personal data protection policy reflects the requirements of Regulation 2016/679 (EU) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR), with respect to the processing of personal data and Personal Data Protection Act, as well as other special requirements of the legal regulations, applicable to Company’s operations, including, but not limited to: the Gambling Act, the Anti Money Laundering Measures Act /AMLMA/, any relevant regulations, as well as the mandatory gaming conditions, rules and requirements for the organization of gambling games by “BHM CASINO BULGARIA“ OOD, operating under the trademarks MONTE CASINO and MONTE GAMING CLUB (referred to hereinafter as „MONTE CASINO”), as approved by the State Commission on Gambling.

This personal data protection policy refers to the processing of personal data of natural persons for the purposes of participation and receiving winnings in cash and in kind from the games in the land-based gambling facilities, organized by the companies, operating under the trademark MONTE CASINO.

What kind of information we collect and why?

We may collect personal data about you, when you visit one of our gambling facilities. In most cases we request your personal data for the purpose of providing a service, in order to comply with a legal requirement or to protect our legitimate interest. If you do not provide us with identification data, we would not be able to provide you with the respective service. Depending on the services that you use, we may collect and process the following information about you:

When visiting land-based gambling facilities (gambling rooms)

  1. PIN of each visitor for the purpose of checking for entry in the register of vulnerable persons under art. 10d of the GH and admission to the sites of MONTE CASINO. When using a card reader connected to the NRA’s system to consult the Register, the client’s data is not stored. The reader only extracts from the provided ID card the PIN of its holder and makes an automatic check in the NRA Register, the result of which is displayed on the screen of the person who performs the reference. Data from the ID card are not stored and the ID card is returned to its holder immediately after the check.
  • Names and date of birth, so that we can confirm your identity and you can participate in bonus games, while at the same time we fulfil our legal obligations;
  • email address, for receiving marketing messages;
  • telephone number, for receiving marketing messages;
  • in case of registration in the Register as per art. 74 of the Gambling Act /GA/, and/or betting of a total amount, equal to or exceeding the equivalence in BGN of EUR 2000 or the respective equivalence of the said amount in another currency, whether the operation or transaction is carried out in a single operation or in several related operations, purchasing, exchange or cashing chips or other tokens for the confirmation of a profit to the total amount equal to or exceeding the equivalence in BGN of EUR 2000 or the respective equivalence of the said amount in another currency, performed during participation in the gambling games, organized by the respective gambling room: full name, PIN, address, nationality, place of birth, type and number of the ID document, date and issuer, copy of the ID document, as well as information, regarding the origin of the funds and whether or not the respective person is a prominent political figure, in accordance with the AMLMA and the GA.
  • in case of payment of cash winnings, amounting to more than BGN 5 000 from the participation in the gambling games, organized by the respective gambling room: document, evidencing a winning participant’s bank account, to be kept at the gaming casino or at organizer’s accounting department (art. 12, para. 2 of the General Mandatory Rules on the Organization of the Operations and Financial Control).
  • Records from video cameras, when you visit our sites, intended to ensure our and your safety and security and/or to ensure regulatory compliance.

The purpose of processing your personal data

In most cases personal data are required, in order to comply with a legal requirement, to ensure contractual performance or based on a legitimate interest. Of course, in part of our services, you would provide such information yourself, choosing and agreeing to do so.

The personal data that we collect and process are most often intended for the following purposes:

In carrying out our business operations, we request and process data, based on number of regulatory obligations, such as:

  • Gambling Act, Anti Money Laundering Act, other relevant legal regulations, as well as the mandatory gaming conditions, rules and requirements, regarding organized gambling games, adopted by the State Commission on Gambling;
  • Income Taxation of Natural Persons Act;
  • Accountancy Act and Tax and Social Security Procedure Code and other relevant regulations, concerning the proper and lawful bookkeeping;
  • obligations for the provision of information to all governmental commissions and regulatory authorities;
  • obligations for ensuring video surveillance in our gambling rooms;
  • obligations for the provision of information to the court and law enforcement authorities.

Processing of the data, based on your consent.

When we process your data for the purposes of direct marketing of our products and services, as well as for the participation in bonus games and raffles, we will need your express consent.

Processing of the data based on our legitimate interest

  • Video surveillance at our administrative facilities;
  • sound recording of phone calls with the call centre, in order to improve the quality of services that we provide, as well as to settle any arising disputes and for the protection of legitimate interests.

With whom we can share your data?

The disclosing of personal data is mandatory in some cases, so that we can meet our legal requirements. Depending on the games, organized by MONTE CASINO, in which you take part, we may disclose your data to the following categories of recipients:

  • State Commission on Gambling, National Revenue Agency /NRA/, State Agency National Security /SANS/, in compliance with the regulatory requirements and obligations, related to the organizing of gambling games. These authorities may obtain information, regarding the registered users, the bets made, the winnings paid, as well as any other data, in the cases and in the form, as stipulated for by the law;
  • Banks, payment institutions, companies for postal money transfers, properly identified, in the relevant gambling games organization rules, in compliance with the requirements and obligations for betting and the payment of winnings;
  • The providers of systems/services, required for the games, the management and support of the operations and service quality, including those, related to information technologies, with whom we have signed contracts (e.g. IT service/product providers, software product suppliers, computer support providers, in-kind prize suppliers, etc.), in compliance with the requirements and obligations, regarding the support and maintenance of the regulatorily established system functionalities , participant identification, betting, determining the results and the payment of winnings;
  • Governmental authorities/institutions, persons with public functions, regulators and supervisory bodies (including the Ministry of Youth and Sports, the State Commission on Gambling, the National Revenue Agency, SANS, the bodies of the court, prosecutor’s offices and the investigation, the Consumer Protection Commission, the Competition Protection Commission, the Commission for Personal Data Protection /CPDP/ etc.), if we have sufficient reasons to believe that the access, use, storage and disclosure of such data is necessary for: ensuring compliance of applicable laws or other regulations of compulsory nature; for responding to inquiries by supervisory bodies, regulator or another governmental institution with respect to or based on the performance of their legally established functions or initiated inspections, complaints, audits etc.; disclosure, prevention or other actions, related to fraud, money laundering, terrorism financing, technical issues or security-related issues.

MONTE CASINO uses third parties for support in certain contractual activities or for ensuring regulatory compliance. We do not disclose your personal data to any third parties, before having ensured that all technical and organizational measures for the protection of such data have been taken, always striving to ensure strict supervision of the achievement of this goal. Some of these recipients of personal data may be:

  • courier companies, external consultants and specialists, other companies, operating under the trademark MONTE CASINO, collector companies and law offices, banks, security companies, persons, assigned with the maintenance and support of equipment, software and hardware, used in the processing of personal data by MONTE CASINO, telecommunication companies, providing SMS and other services, hosting companies and business agents, etc.

Information about us

The personal data of the participants in the organized games, may be processed by the following data controllers:

When you take part in land-based games in our gambling rooms, the data are processed by the respective gambling room that you are visiting. You can find the relevant information, regarding a particular gambling room, on the mandatory information board, prominently displayed at the entrance of each gambling room.

Technical and organizational security measures

In order to ensure maximum level of protection of data subjects’ personal data, the companies, operating under the trademark MONTE CASINO, jointly apply the following technical and organizational security measures, such as:

  • Protection of the collected personal data against unauthorized use and monitoring their processing;
  • Maintaining secure computer systems, used for the processing of personal data. Adequate control mechanisms for data separation and management are applied to our systems;
  • Adoption of strict policies and procedures, applicable to its personnel for the minimization of the risks, related to the personal data processing;
  • MONTE CASINO’S employees are fully aware of the applicable rules and are trained to process personal data, applying the highest level of care and in strict compliance with the implemented good practices;
  • IN carrying out its operations, MONTE CASINO only works with established organizations and avoids working with companies, which it considers to jeopardize the security of relevant persons’ personal data;
  • Adopted good practices in the implementation and administration of security systems and monitoring their technological developments, related to the possible information security risks at the company;
  • Observing he security of the computer systems and the personal data, contained therein, including opportunities for access to individual types of personal data by its employees;
  • Ensuring that only personal data, required for the performance of the relevant employee’s tasks and obligations are accessed.
  • The companies, operating under the trademark MONTE CASINO have adopted procedures for the efficient recognition, reporting and investigation of personal data security breaches. In case of a data security breach, each company shall undertake immediate actions to mitigate the effect of such breach, as well as to inform the affected data subjects and the supervisory body for personal data protection.

What are your rights and how you can exercise them?

Your rights

You have the right to information, access and obtaining a copy of your personal data, processed by MONTE CASINO. If you believe that information about you, which is at the disposal of MONTE CASINO, is inaccurate or incomplete, you may request the rectification of your personal data.

You can also exercise your right to rectification or updating of the personal data you have provided, by accessing your user profile on MONTE CASINO’s website.

Furthermore, you have the right:

  • to object to the processing of your personal data;
  • to request the deletion of your personal data, if the legal basis for their processing no longer exists;
  • to request restrictions on the processing of your personal data; and/or
  • to withdraw your consent, when MONTE CASINO processes your data, based on consent (without such withdrawal affecting the lawfulness of processing, performed prior to the withdrawal);
  • to lodge a complaint with the supervisory authority – CPDP (2, Tsvetan Lazarov Blvd, 1592 Sofia or

Monte Casino shall fulfil any and all requests, withdrawals or objections, in accordance with the requirements of the applicable rules on personal data protection, but such rules are not absolute: they are not always applicable and exceptions are possible. In response to a relevant inquiry, you may be required to confirm your identity and/or provide additional information, which would help us better understand your request.

When you have again exercised your right to access information or a copy of the data in a machine-readable format, MONTE CASINO may apply a reasonable fee, based on the administrative costs, required for the provision of such information or copy.

How to exercise your rights?

Each of the legally established rights may be exercised by submitting a request for the exercising of the relevant right.

Requests for exercising data subjects’ rights may be submitted, as follows:

  • Electronically, at the following email address:
  • To the head office of „BHM CASINO BULGARIA“ OOD at the following address: 29, Slavyanska St, fl. 2, Sofia

Each and every request for exercising personal data rights, must contain the following information:

  • Identification of the person – names and PIN;
  • Contact details for feedback – address, telephone number, email address;
  • Request – description of the request.
  • MONTE CASINO shall provide information, regarding the actions, undertaken with respect to the request for exercising your rights, within one month of receiving the request.

If necessary, this time period may be extended by further two months, taking into consideration the complexity and number of the requests, made by a certain person. MONTE CASINO shall notify the respective person of each such extension within one month of receiving the request, specifying the reasons for the respective delay. The information, provided to the data subject, as well as any communication and actions, related to the exercising of the data subject’s rights, shall be provided free of charge (apart from cases of abuse of the granted rights).

We may request the disclosing of additional information, required to confirm your identity, in case of doubt, regarding the identity of a person, submitting a request.

MONTE CASINO is not required to respond to a request, if it is unable to identify the data subject.

If the request is submitted through electronic means, if possible, the information is also provided through electronic means, unless it is expressly requested otherwise.

Use of cookies

MONTE CASINO collects or processes personal data through the functional cookies, as you can find further information in the Cookies Policy on MONTE CASINO’S website.

Data protection officer

The data protection office of all companies, using the trademark MONTE CASINO is Attorney-at-Law Desislava Dimitrova, email address:

Updating the data protection policy

This policy may be subject to change by MONTE CASINO, as it has been last updated on 20.06.2023. Any and all future changes or supplements to this policy shall be duly notified.