Privacy Policy
COVIFIL strives to protect personal data. We therefore take all the necessary action to protect the privacy of those who visit and use (hereinafter referred to as the “Users”) the online gaming and betting site www.casino-magic.be (hereinafter referred to as “the Site”).
Users will find below the provisions regarding the processing of personal data which apply during any visit to or use of the Site by the Users (hereinafter referred to as the “Privacy policy”).
1. Background
COVIFIL processes personal data belonging to Users of the Site for the purposes and within the limits of the Privacy policy, during any visit to or use of the Site.
When processing personal data, COVIFIL takes care to comply with current laws and regulations, namely Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter “the Regulation”).
In this respect, and pursuant to this Regulation, COVIFIL:
- Is legally bound to process the personal data of Users. This processing is explained in Article 2.1 of the Privacy policy;
- Also processes personal data to enable Users to use the Site and for the necessary and legitimate purposes set out in Article 2.2 of the Privacy policy;
- Processes the personal data set out and for the purposes given in Article 3, further to the prior, free and express consent of Users.
By accessing and using the Site, Users are deemed to have read and accepted the Privacy policy. Furthermore, they guarantee that the data and information provided to COVIFIL is accurate.
2. Processing of personal data that does not require the consent of Users
2.1. Legal obligations of COVIFIL and data processing required for use of the Site
COVIFIL is bound by the legal and regulatory obligations to which all online gaming and betting operators are subject to, on the one hand, and for the purposes of authenticating Users and enabling them to use the Site, on the other hand, to process the following personal data for the reasons set out below. This processing of personal data carried out by COVIFIL does not require the consent of Users under Article 6.1.b) and c) of the Regulation.
Personal data provided by the User is held in a record which is controlled by and remains the responsibility of COVIFIL at all times, as set out in Article 7.1.
a. What personal data is processed?
The following personal data is processed:
- surnames, first name/s, date of birth, language, sex, domicile/address, national identification number (or identity card or passport number), email address, landline or mobile telephone number;
- bank details when transactions are made on the Site to deposit sums and withdraw winnings;
- copies of personal documents enabling User authentication, such as the identity card photograph, a statement of account, delivery note or any other document proving the domicile and/or address of the User;
- the User’s browsing history and activities on the Site, including betting history (casino and sports bets) their transactions (wins and losses, deposits, withdrawals), visits (browser data, IP address), particularly through the use of cookies;
- any other information that may be exchanged between COVIFIL and the User, namely by email or live chat, during the User’s registration or use of online gaming and betting offered on the Site.
b. What data processing does COVIFIL carry out?
The data processing consists of collecting, recording, retaining, consulting, organising, using, cross- referencing or any other transaction that becomes necessary or useful under the legal and regulatory provisions set out in Article 2.1.c). Processing may also consist of transferring personal data:
- to judicial and administrative authorities, including, namely, the Commission des jeux de hasard (The Belgian Gaming Commission) or the Cellule de Traitement des Informations Financières - CTIF (Financial Information Processing Unit);
- to COVIFIL’ suppliers, whose services are required for use of the Site and who are cited on a list that may be requested from the contact person detailed in Article 7.5;
c. What are the purposes of this data processing?
1°) COVIFIL is required to process personal data as per Articles 2.1.a) and b) in order to comply with the legal and regulatory obligations by which it is bound, namely the following legal provisions:
- the law of 18 September 2017 on the prevention of money laundering and terrorist financing and the restriction on the use of cash;
- the law of 7 May 1999 on games of chance, bets, gaming establishments and the protection of players, in particular the obligations it places on operators in terms of management and administration, and its implementing orders, including the Royal Decree of 15 December 2004 on the access register for class I and class II gaming establishments.
2°) COVIFIL also processes personal data set out in Article 2.1.a) to authenticate Users and allow them to access and use the Site. This processing is then carried out in order to:
- manage User registrations and accounts;
- manage User deposits and winnings and more generally supply online gaming and betting services;
- keep Users informed about services offered by COVIFIL
- manage customer services, including the support service and risk and fraud.
2.2. Other data processing that does not require the consent of Users
COVIFIL also processes the following personal data for the legitimate purposes set out below. This processing of personal data carried out by COVIFIL does not require the consent of Users under Article 6.1.f) of the Regulation.
Personal data provided by the User is held in a record which is controlled by and remains the responsibility of COVIFIL at all times, as set out in Article 7.1.
a. What personal data is processed?
The following personal data is processed:
- surnames, first name/s, date of birth, language, sex, domicile/address, language, email address, landline or mobile telephone number;
- the User’s browsing history and activities on the Site, including betting history (casino and sports bets) their transactions (wins and losses, deposits, withdrawals), visits (browser data, IP address), particularly through the use of cookies;
- any other information that may be exchanged between COVIFIL and the User, namely by email or live chat, during the User’s registration or use of online gaming and betting offered on the Site.
b. What data processing does COVIFIL carry out?
The processing consists of collecting, recording, retaining, consulting, organising, using, cross-referencing of personal data set out in Article 2.2.a). It also consists of transferring this personal data to third parties, a list of whom may be accessed on request from the contact person detailed in Article 7.5.
c. What are the legitimate purposes of the data processing?
COVIFIL processes personal data set out in Article 2.2.a) for the following legitimate purposes:
- to promote, advertise and market its offering of new online gaming and betting services, which includes sending text messages, telephone calls, paper or electronic newsletters;
- to conduct satisfaction surveys, statistical studies, trend analyses, and market research in order to improve online gaming and betting services or to inform or protect Users and prevent gambling addiction.
3. Processing of personal data that requires the consent of Users
By using the COVIFIL Site, for any reason whatsoever, the User expresses their free, individual, informed and unambiguous consent to expressly authorise COVIFIL to process personal data pursuant to the Regulation, within the limits of and for the purposes set out below and without prejudice to the data processing stipulated in Article 2.
Personal data provided by the User is held in a record which is controlled by and remains the responsibility of COVIFIL at all times, as set out in Article 7.1.
The User shall also have certain rights, including the right to withdraw their consent at any time, according to the terms of Article 3.4.
3.1. Nature of the personal data processed
COVIFIL processes the following personal data:
- surnames, first name/s, date of birth, language, sex, domicile/address, national identification number (or identity card or passport number), email address, landline or mobile telephone number;
- bank details when transactions are made on the Site to deposit sums and withdraw winnings;
- copies of personal documents enabling User authentication, such as the identity card photograph, a statement of account, delivery note or any other document proving the domicile and/or address of the User;
- the User’s browsing history and activities on the Site, including betting history (casino and sports bets) their transactions (wins and losses, deposits, withdrawals), visits (browser data, IP address), particularly through the use of cookies;
- any other information that may be exchanged between COVIFIL and the User, namely by email or live chat, during the User’s registration or use of online gaming and betting offered on the Site.
Personal data provided by the User is held in a record which is controlled by and remains the responsibility of COVIFIL at all times, as set out in Article 7.1.
3.2. The data processing
The processing consists of collecting, recording, retaining, consulting, organising, using, cross-referencing of personal data set out in Article 3.1. It also consists of transferring this personal data to third parties, a list of whom may be accessed on request from the contact person detailed in Article 7.5.
3.3. Purposes of the personal data processing
The personal data is collected and processed by COVIFIL for the following purposes:
- Promotion, advertising and marketing activities, including membership and management of loyalty programs relating to the offering of online gaming and betting services, which includes sending text messages, telephone calls, paper or electronic newsletters that does not fit within the framework of article 2.2.c), such as COVIFIL’s offline casino business, games of chance and betting, including the advertising, marketing and management of membership and relevant loyalty programmes;
- Preparing competitions and promotional offers, including communication regarding winners;
- Developing new gaming and betting offerings;
- Conducting satisfaction surveys, statistical studies, trend analyses, and market research for management, marketing and reporting purposes, including profiling that does not fit within the framework of the provision described in article 2.2.c)
4. Rights of the User
Without prejudice to Articles 2 and 5, Users may exercise their rights to request that their data be rectified, to object to it being processed and to limit the processing, according to the terms and within the limits set out below.
4.1. Right of access
a. COVIFIL can provide Users with the following information:
- the name and contact details of the data controller:
- the contact details of data protection officer;
- the personal data processed;
- the purposes for which the personal data is being processed and the legal basis for this processing;
- the recipients or categories of recipients of personal data, as appropriate;
- and, if relevant, the fact that the data controller intends to transfer personal data to a country outside the European Union and: either the fact that the European Commission has adopted an adequacy decision (or not), and if such a decision has not been adopted, the guarantees offered by the non-EU country and the resources in place for obtaining copies of the personal data.
- The option to object to the automated processing of their data, including profiling, unless there are justified grounds requiring COVIFIL to process this data, as well as the option to object to any processing of their personal data for marketing purposes.
b. Users have the right to request to see the information referred to in this Article and in Article 3.1. at any time via the contact person detailed in Article 7.5. COVIFIL shall respond to such requests for information within one month.
c. Users may obtain a copy of personal data that is processed. COVIFIL reserves the right to claim payment for any expenses incurred in this request. These expenses shall be calculated on the basis of administrative costs incurred in the request and shall not exceed 20 euros.
d. Users shall have the right to access the information or a copy thereof in a structured format, such that the personal data is provided to them in a format that meets technical standards in place when the request for access was made. This format shall therefore allow for automatic readability.
4.2. Right to request rectification
COVIFIL guarantees and compels Users to update and rectify their personal data if this data becomes incorrect or incomplete.
The right to rectify data may be exercised by contacting the person detailed in Article 7.5.
4.3. Right to object to the processing of data
COVIFIL allows Users to object to their personal data being processed in full or in part on the following grounds:
- the data is inaccurate;
- the processing is no longer required for the purposes for which the data was collected;
- the User has withdrawn consent;
- the data has been processed illegally.
- In addition, COVIFIL allows Users to object to:
- the automatic processing of their data, including profiling, unless there are justified grounds requiring COVIFIL to perform this processing.
- any processing of their personal data for marketing purposes, including profiling if it is linked to this marketing.
The right to object to the processing of data may be exercised by contacting the person detailed in Article 7.5.
4.4. Right to be forgotten
COVIFIL also undertakes to follow up any request to erase personal data at the earliest opportunity (right to be forgotten), when:
- the processing is no longer required for the purposes for which the data was collected;
- the User has withdrawn consent;
- the data has been processed illegally or must be erased pursuant to a legal obligation.
- the User objects to the automatic processing of their data, such as profiling, and there are no justified grounds requiring COVIFIL to perform this processing.
- the User objects to the processing of their personal data for marketing purposes, such as profiling, if it is linked to this marketing.
4.5. Right to limit the processing of data
Users also have the right to limit COVIFIL’s processing of their personal data when:
- the User believes the personal data to be inaccurate, whilst COVIFIL checks the accuracy of the information;
- the processing is illegal and the User does not wish for their data to be erased but requests to limit the processing thereof;
- the User objects to automatic processing, including profiling or to the processing of their personal data for marketing purposes and it is necessary to verify the legitimacy of COVIFIL’ reasons for seeking to continue this processing;
- COVIFIL no longer requires the personal data processed but the data subject would like it to be held to establish, exercise or defend legal claims;
The right to limit the processing of data may be exercised by contacting the person detailed in Article 7.5.
4.6. Transferring data to a data controller
Users may transfer their personal data to another data controller without objection from COVIFIL.
For such a transfer to be technically possible, Users may ask COVIFIL that it be performed directly by its data controller.
4.7. Modalities
The rights recognized by COVIFIL to the User must be exercised in accordance with the modalities defined by article 7.5.
4.8. Notification
COVIFIL shall notify the User of any data that is erased or rectified in accordance with Articles 4.2 and 4.4, unless such notification proves impossible or involves disproportionate efforts.
This notification shall be sent by letter or email, using the contact details provided by the User.
5. Location, retention and retention period of personal data
5.1. COVIFIL retains Users’ personal data appropriately and securely in a form which enables it to be identified and made available.
The data is retained and hosted in Belgium at the Data Center. COVIFIL provides all of the required or useful security assurances with regard to current technical standards.
5.2. Users’ personal data is retained by COVIFIL for the purposes set out in Articles 2 and 3. It is retained for a period of 10 years for all of the purposes governed by Article 2.a); COVIFIL therefore reserves the right to retain Users’ personal data for any reasons imposed by law due to the fact that its business is that of online gaming and betting. Users declare that they have been informed of this and agree that, by reference to the Royal Decree of 15 December 2004 on the access register for class I and class II gaming establishments, COVIFIL is required to retain a photocopy of the User’s identity card or the document used for identification for at least ten years from the date of the player’s last activity on the Site.
For all of the cases governed by Article 2.2. and 3., personal data is only retained for the period required for the purpose of the processing. The data is then erased from COVIFIL’s files on the User’s request sent to the contact person referred to in Article 7.5.
6. Liability of COVIFIL – Data processor
6.1. COVIFIL undertakes to ensure that the processing of personal data is carried out in a lawful, loyal and transparent manner with regard to the User concerned. Any data processing operation performed by COVIFIL shall comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, and this Privacy policy.
COVIFIL shall implement all reasonable and appropriate means to ensure the confidentiality, integrity and availability of the personal data it processes. These namely technical and organisational measures are explained in the data protection manual which may be obtained from the contact person detailed in Article 7.5.
Technical measures include the anonymisation and encryption of personal data, depending on the purpose.
Organisational measures include carrying out internal audits, in addition to audits to which COVIFIL may be subject by the Commission des jeux de hasard in particular.
If necessary, COVIFIL and the data protection officer shall carry out an impact assessment when the data processing is likely to pose a high risk for Users.
6.2. Users’ personal data is not sent to any third parties other than suppliers and partners of COVIFIL, except for the purposes set out in Articles 2.1, 2.2 and 3 and, consequently, if:
- The data transfer is made mandatory by a law or regulation or when ordered by an administrative or judicial authority;
- The data transfer proves necessary for the supply of online gaming and betting services, or maintenance services;
- The User has consented to such a transfer;
The partner shall not be deemed a data processor unless they process Users’ personal data on behalf of COVIFIL. COVIFIL shall not be held liable for the processing of User’s personal data by partners who supply their own services in their own name on their own behalf or if it proves that it is not responsible for the event that gave rise to the damage.
It is understood that in the event that COVIFIL acts in the capacity of the processor’s partner, COVIFIL shall be liable for damage caused by processing personal data contrary to the Regulation or this Privacy policy only where it has not complied with obligations of the Regulation or this Privacy policy directed to processors, or where it has acted outside or contrary to lawful instructions of the partner. Similarly, COVIFIL shall not be held liable if it proves that it is not responsible for the event that gave rise to the damage.
6.3. COVIFIL shall ensure that when the processing is carried out by a processor on behalf of COVIFIL, the processor shall provide sufficient assurances that appropriate technical and organisational measures have been implemented and, more generally, that the Regulation has been complied with. In particular, the processor is required to comply with the Regulation and, therefore, keep a record of processing activities.
6.4. COVIFIL undertakes to ensure that in the event of a security problem related to data processed which may affect the confidentiality thereof, COVIFIL shall report the incident at the earliest opportunity to the data protection authority stipulated in Article 7.4.
COVIFIL shall also inform the Users concerned, insofar as the personal data breach poses a high risk to the rights and freedoms of the User; the User shall be informed by letter or email using the contact details that they have provided.
7. Miscellaneous
7.1. Record of personal data and data protection manual
As a personal data controller, COVIFIL keeps a record of all of its data processing activities. This record contains all of the information about the type of data processed, data subjects, potential data recipients, the purposes of the data processing and how long the data shall be retained for, as well as a general description of technical and organisational security measures in place.
Personal data provided by the User, any processing of this data and the purposes of such processing are held in a record which is controlled by and remains the responsibility of COVIFIL at all times. In addition to the information above, this record includes:
- a description of the purposes of the processing;
- a description of the categories of data subjects and categories of personal data;
- the categories of recipients to whom the personal data has been or shall be sent, including recipients in non-EU countries or international organisations;
- the deadlines for erasing various categories of data;
- a general description of technical security measures.
7.2. Entire agreement - modification of the Privacy policy
The Privacy policy contains all of the contractual provisions binding Users, without prejudice to the general provisions in the Terms and Conditions of Use of the Site of which they form an integral part. The Terms and Conditions of Use of the Site shall remain applicable for any matters that do not relate to the protection of personal data.
In addition, COVIFIL reserves the right to modify the Privacy policy. Any updates are enforceable against Users once published on the Site. COVIFIL undertakes to state the date on which the Privacy policy that appears on the Site was placed online.
7.3. Probative value
The User acknowledges that the electronic documents exchanged and electronic data collected during their registration or use of the Site have the same probative value as if these documents and data had been sent or communicated on paper. They therefore undertake to not dispute their force or probative value due to the fact that they are in electronic form.
7.4. Data protection authority
Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, and the Law of 8 December 1992, the User has the right to request additional information or lodge a complaint with the data protection authority. The data protection authority is the Commission pour la protection de la vie privée (Commission for the protection of privacy). Contact details are as follows:
Address: Rue de la Presse, 35, 1000 Brussels, Belgium Telephone: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
Email: [email protected]
7.5. Contact – Information on the identity of the data controller and data protection officer
COVIFIL may be contacted for any questions regarding the protection of Users’ personal data via the following:
- Letter: Avenue du Parc, 22 – 4650 HERVE, Belgique
- Email: [email protected]
- Telephone: +32. 87.31.30.30
The data controller within COVIFIL is M. Claude KREIT.
COVIFIL has also appointed a data protection officer under Article 37 of the Regulation cited above. This person may be contacted by email: [email protected] They are responsible for ensuring that processing of Users’ personal data by COVIFIL is monitored and complies with legal requirements.
Language