Privacy Policy
Purpose and Scope
This Privacy Notice provides an overview of how Spin and Win Lounge (“Resort”) processes your personal data. The Resort determines why and how we process your personal data. The Resort comprises of all the top resort in europe (collectively referred to as, “Company”, “we”, “us” or “our” in this Privacy Notice), which is active in the hospitality, gaming, and entertainment industry across various locations. “Personal Data” refers to any information relating to you that the Resort obtains from you or about you from other parties.
We are committed to protecting your privacy – in this Privacy Notice, we set out how we collect your Personal Data, how we use it, and what rights and choices you have in relation to the Personal Data we hold and process.
Who decides why and how we process your personal data?
The Resort determines why and how we process your Personal Data and as such is considered a Data Controller for the purposes of the applicable data protection legislation.
What personal data might we collect about you?
We collect different types of Personal Data for different reasons – this may include:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes data necessary for us to process payments and implement fraud prevention measures, including credit / debit card numbers, security code numbers and other such relevant billing details.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Profile Data includes your username and password for platforms maintained by the Resort (where you have access to any), purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Compliance Data includes personal data we may collected on you for the purposes of complying with our legal obligations.
- Recruitment Data such as previous employers, references by previous employers or colleagues, type of job held at other companies, previous or expected salaries, skills and qualifications obtained through education or experience. This Personal Data will help us make a decision on your suitability for employment and in case your application is for future vacancies the aforesaid personal data will help us to decide which department you may be most suitable in.
- Security Data includes data that is used for securing the use of our services and our premises, such as your employee ID, security logs, facility entry logs, CCTV footage and other information obtained through electronic means.
We may occasionally collect Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, information about your health and genetic and biometric data). In some instances, this may also include information about criminal convictions and offences.
When do we collect your personal data?
We may collect Personal Data about you in various cases, such as for example:
- When you or your organisation seek our products or services or use any of our services, including but not limited to our hotel, spa and/or fitness, transportation and housekeeping services or setting up a user account through our websites or by any other electronic means, and managing such account;
- When you or your organisation use our reservation facilities in relation to the Resort and its facilities / services;
- When you or your organisation make an enquiry through our website, in person, over email or over the telephone, including but not limited to applying for a position at the Resort;
- When you attend an event we may organise, or sign up to receive communications from us;
- When you participate in our entertainment activities, including but not limited to, booking and managing your participation through our proprietary mobile app, the Melco Club App;
- When a corporate entity engages us to provide services and you engage with us as representative of such entity or otherwise the entity shares your information with us for the purposes of us providing our services;
- When you or your organisation provide services to us, or otherwise offer to do so;
- When you or your organisation provide us with feedback;
- When we collect information based on your behaviour, preferences, patterns and similar to tailor our services and to enable us to provide you with privileges and special access on that basis;
- When we receive personal data such as Contact, Financial and Transaction data from third party providers of technical, payment and delivery services;
- When we record footage from the CCTV cameras installed across the premises of Adventure Park and in other areas of the Resort’s premises for security purposes and health and safety purposes -footage from CCTV is processed in accordance with applicable law and kept for the permissible timeframes).
- When delivering communications to you (including marketing communications and advertising);
- When you or your organisation call our Call Centre, we perform voice recording in order to provide better quality of services;
- When you request us to complete and manage travel bookings on your behalf using an outsourced booking platform;
- When you seek our services or use any of our services as a legal guardian on behalf of children, including but not limited to babysitting and childcare services and participating in the activities and attractions of our Adventure Park;
- When we use any of your products or services, we collect your Personal Data directly from you and/or the company with which you are working for the purpose of executing our contracts with you and/or your employer; and
- When you or your organisation provide services to us and we undertake the relevant assessments to ensure that our service providers meet our requirements.
How will we use your personal data?
We will use your Personal Data, for the following purposes (“Permitted Purposes”):
- Where we need to perform the contract we are about to enter into or have entered into with you.
- To provide you with services or other similar services you may have requested, including but not limited to personal services such as spa and/or fitness, transportation and housekeeping services or online services, as instructed or requested by you or your organisation;
- To manage and administer your or your organisation’s business relationship with us, including processing payments, accounting, billing and collection or support services;
- For compliance with our legal or tax obligations (such as regulatory purposes or tax reporting);
- To analyse and improve our services and communications to you;
- To process complaints in relation to our services and products;
- To communicate with you through the channels you have approved to keep you up to date on the latest developments, announcements, and other information about our services, products and technologies at the Resort as well as events we may organise;
- To record footage from the CCTV cameras installed across the premises of Adventure Park and in other areas at the Resort’s premises for security purposes and health and safety purposes -footage from CCTV is processed in accordance with applicable law and kept for the permissible timeframes;
- To monitor and analyse electronic communications sent or received by you, including to tailor our communications accordingly and measure our marketing efforts;
- To comply with court orders and exercises and/or defend our legal rights;
- To review your application for an employment position with us;
- To complete and manage travel bookings on your behalf using an outsourced booking platform;
- To provide you or your children with services or other similar services you may have requested for yourself or as a legal guardian on behalf of your children, including but not limited to babysitting and childcare services and participating in any activity and attraction at the Adventure Park; and
- To use any of your products or services, we may undertake any of the following processing activities: execute contracts; analyse and verify the provision and the quality of your products and/or services; process payment instructions; undertake marketing and promotional activities; administer and maintain records to comply with our obligations to register your information and monitor our communications with you as shall be agreed with you or as required by law from time to time.
- Where you have expressly given us your consent, we may process your Personal Data also for the following purposes:
- For customer surveys, marketing campaigns, market analysis, contests or other promotional activities or events; or
- To collect information about your preferences to create a user profile to personalise and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics).
- With regard to newsletters, legal updates and other general communications, you will always have the option to opt out of receiving such communications at any time.
- Information on our promotional offers
- We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have consented to it or if you have requested information or purchased services from us or if you provided us with your details when you entered a competition or registered for a promotion and in each case, you have not opted out of receiving marketing communications.
Treatment of third-party marketing
We will always get your express opt-in consent before we share your Personal Data with any company outside the Company for marketing purposes.
Legal grounds for processing
Depending on which of the above Permitted Purposes we use your Personal Data for, we may process your Personal Data on one or more of the following legal grounds provided for under applicable data protection legislation:
- Where processing is necessary for the performance of a contract with you or your organisation.
- Where we need to comply with a legal or regulatory obligation.
- Where it is necessary for our or our contractors’ (where applicable) legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Examples of the ‘legitimate interests’ referred to above are:
1) Fraud detection and prevention (crime prevention;)
2) Ensuring the integrity of the Resort’s information, systems, network and cyber security;
3) Processing of employment data;
4) Product development and enhancement; and
5) General Corporate Operations.
- When we have your consent to do so, where you have expressly given this to us.
- Where it is needed in the public interest or for official purposes.
- Where it is necessary to do so to protect your or someone else’s interests.
How might we share your personal information?
We may disclose your Personal Data where we may instruct service providers within or outside the Resort (including affiliates and group companies), domestically or abroad, e.g. IT services or server providers, to process Personal Data for the Permitted Purposes on our behalf and in accordance with our instructions only. In certain cases, this may also mean that your Personal Data may be transferred to locations outside the EU or EEA. The Resort will retain control over and will remain fully responsible for your Personal Data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your Personal Data when engaging such service providers.
We will otherwise only disclose your Personal Data when you direct us or give us permission to do so or otherwise as required by law to government departments and judicial authorities, such as for meeting legal and tax obligations.
We may also share your personal data with potential or actual investors /buyers if we are acquired by a third party or where we may seek to acquire other businesses or merge with them. We will only do this if the third party agrees to keep your personal data safe and private.
Website third-party links
The Resort and Melco websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of the website you visit.
Transfers of personal data abroad
Melco is active across the world – this means that we may transfer your Personal Data abroad if required to do so for the Permitted Purposes. In certain cases, this may include transferring data to countries or regions which do not offer the same level of protection as the laws of your country (such as for example the data protection legislation of the EU/EEA), including (without limitation) Hong Kong and Macau.
When making such transfers, we will ensure that they are subject to appropriate safeguards in accordance with the General Data Protection Regulation (Regulation 2016/679) or other relevant data protection legislation, or that we otherwise comply with the requirements and standards under Regulation 2016/679 for transferring Personal Data abroad. For example, in some cases we may rely upon your explicit consent when transferring your Personal Data abroad if required to do so for the Permitted Purposes, pursuant to Article 49(1)(a) of Regulation 2016/679. Please get in touch at spinandwinlounge if you wish to obtain further information on the appropriate safeguards which we are adhering to.
Can you refuse to share your personal data with us?
In general, we receive your Personal Data where you provide this on a voluntary basis, and there will typically be no detrimental effect for you if you wish not to provide this or otherwise withhold your consent for it to be processed. However, there are certain cases where we will unfortunately be unable to act without receiving such data, for example where we need that information to provide the requested services or require such data to process your instructions or orders or otherwise to provide you with our online services or communications.
Where it is not possible for us to provide you with what you request without the relevant Personal Data, we will let you know accordingly.
How do we keep your personal data safe?
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach in accordance with applicable legal procedures.
Personal data we receive from you about other people
Where you provide us with the Personal Data of other people, such as your employees, directors of your companies, corporate guests or other persons you may have dealings with, you must ensure that you are entitled to disclose that Personal Data to us and furthermore that, without being required to take further steps, we can collect, use and disclose that data in the manner described in this Privacy Notice.
How long do we keep your personal data for?
We delete your Personal Data once it is no longer reasonably necessary for us to keep it for the Permitted Purposes, or, where we have relied on your consent to keep your Personal Data, once you withdraw your consent for us to do so, and we are not otherwise legally permitted or required to keep the data. We will in any event not keep your Personal Data for longer than seven (7) years.
In relation to CVs and related information which we may receive for potential employment with the Resort or an affiliated company in relation to the casinos in Cyprus, unless we receive a specific request for erasure, we will delete such information from company records after the lapse of three (3) years.
Importantly, the Resort will keep your Personal Data as necessary for the purposes of defending or making legal claims until the end of the period during which we may retain the data and otherwise until the settlement of any such claims, as relevant.
For further information on how long we may keep your data for please get in touch at spinandwinlounge
What rights do you have?
Subject to certain circumstances under applicable legislation, you have the right to:
- Request a copy of the Personal Data which we hold about you or in certain cases request us to transfer the data we hold about you to another provider;
- Have any inaccurate data we hold about you corrected;
- Object or restrict our use of your Personal Data, including but not limited to object to our use of automated decision making in certain cases;
- Submit a complaint if you have concerns about the way in which we are handling your data;
- Request that we delete the Personal Data we hold on you;
- Where we have relied on consent to process your Personal Data, to withdraw your consent; and
- Request that we transfer your data to another provider.
To do any of the above, please contact us at spinandwinlounge. To enable us to process your request, we may require that you provide us with proof of your identity, such as by providing us with a copy of a valid form of identification – this is to protect the Personal Data we hold from unauthorised access requests and comply with our security obligations.
We may charge a reasonable administrative fee for any excessive requests we may receive.
Corrections, updates and complaints
Where any Personal Data you have provided us with has changed, or where you believe the Personal Data we hold is inaccurate, or where you wish to make a complaint regarding our handling of your Personal Data, please let us know at spinandwinlounge
In relation to complaints, we will promptly respond to your requests and complaints. In the event that you are unhappy with our response, you may submit a complaint to the relevant privacy regulator. We can provide details of the relevant privacy regulator upon request.
In addition, please note that if you have certain relationships with us a third party entity to which we provide services, you and/or the third party entity may have a contractual or legal obligation to notify us of any change within a prescribed time period. We cannot be responsible for any loss that may arise due to us having any inaccurate, incomplete, inauthentic or otherwise deficient Personal Data which you or a third party entity have provided to us. Please also let us know if you wish to withdraw any request.
Get in touch
We would be happy to hear your views about our website and this Privacy Notice – please let us know any questions, comments or clarifications you may have at spinandwinlounge
Changes to our Privacy Notice
This Privacy Notice was last updated in January 2024. We have the right to update the contents of this Privacy Notice from time to time to reflect any changes in the way in which we process your Personal Data or to reflect legal requirements as these may change. In case of updates, we will post the revised Privacy Notice on our website. Changes will take effect as soon as the revised version is made available on our websites.