Privacy

Contents
1. Scope
2. About Groupe Lucien Barrière and SFCMC
3. Processing of personal data
4. Categories of personal data that we collect
5. Purposes of the processing
6. Purposes of processing operations and legal bases
7. Information sharing
8. Cookies
9. Minors
10. Data transfers
11. Data security
12. Third-party Websites and Functionalities
13. Retention of data collected
14. Your rights
15. Contacts – Contact details of our Data Protection Officer (DPO)

1. Scope
This Policy applies to all data processing operations implemented in the establishments, subsidiaries or companies managed by Groupe Lucien Barrière and Société Fermière du Casino Municipal de Cannes (SFCMC), and operated under the Barrière brand. The list of establishments is regularly updated on our websites.

2. About Groupe Lucien Barrière and SFCMC
The data controller, Groupe Lucien Barrière, is a company whose head office is located at 33 Rue d’Artois, 75008 Paris, France. It is enrolled in the Paris Trade and Companies Register under number 320 050 859.
The data controller, Société Fermière du Casino Municipal de Cannes, is a company whose head office is located at 1 Espace Lucien Barrière, 06400 Cannes, France. It is enrolled in the Cannes Trade and Companies Register under number 695 720 284.
Groupe Lucien Barrière and Société Fermière du Casino Municipal de Cannes, their subsidiaries and managed companies, are together referred to as “Barrière” or “we”.
Barrière is a company that listens to the needs of its customers in compliance with existing regulations and legislation. As such, we have implemented a privacy policy applicable to the personal data collected in connection with our casinos, hotels, catering services, entertainment and leisure activities such as spas, tennis, golf, thalassotherapy, children’s clubs, etc. (hereinafter, the “Services”).
This Policy covers online and offline data collection, including information we collect through our websites and apps, as well as programs and events held in our establishments.
You may access websites from a computer or a mobile device (e.g. from an app on a smartphone or tablet). This Policy details how the information collected via our websites or in our establishments is used and protected.
We recommend that you review this Policy regularly, as we update and amend it on a regular basis. We endeavor to keep you informed of any changes made.

3. Processing of personal data
Personal data is any information collected and saved in a format that makes it possible to identify you personally as an individual, whether directly or indirectly.
Provision of items of information indicated by an asterisk on the data collection forms is mandatory. It is required in order to consider your request and provide you with the requested response or service.
In addition to this information, we also collect information that you agree to communicate, or that we collect in our legitimate interest or in connection with our legal obligations.
The following gives a general overview:
– Categories of your personal data that we use and store (or that third party data processors acting on our behalf have collected – for more information on data processors acting on our behalf, see Article 7 below);
– The purposes for which this information will be collected;
– The legal bases applicable to data processing.

4. Categories of personal data that we collect
As part of our Services, we collect the following categories of personal data from you, either directly or via tools used in our establishments or on our websites:
– Your identity, title and contact details;
– Information about your consumer behavior, preferences, leisure activities, interests, household, etc.;
– Credit card information (for transaction and booking purposes);
– Information about your browsing via our cookies and similar technologies used on our websites;
– Your responses to surveys or market research;
– Your image and voice (as part of security surveillance in our establishments).

5. Purposes of the processing
We process your personal data for various reasons. These are mainly to:
– manage transactions in our establishments, bookings, and Services in general;
– manage your stay and your visit to our establishments, such as monitoring your consumption (telephone, bar, etc.) and managing access to rooms;
– manage the sending of commercial and marketing offers, competitions, and targeted offers according to your preferences;
– perform cross-referencing or enrichment, analyses and combinations of your data collected during the booking or your stay, in order to specify your interests, determine your customer profile, and enable us to send you personalized offers;
– manage our loyalty programs;
– carry out satisfaction surveys, perform studies, and produce statistics;
– improve our services by taking into account all comments left by you during your stay or visit to our establishments;
– comply with our duty of care towards our customers and public bodies (e.g. gambler blacklists);
– manage your requests to exercise your rights;
– personalize and optimize our websites for maximum ease of use;
– manage claims and disputes;
– manage internally a list of customers who have behaved inappropriately during their stay in our establishments, or who have had their access restricted (e.g. for assault, damage, cheating, etc.);
– monitor our establishments, the security of property and people, the fair conduct of games, and lastly, combating fraud.

6. Purposes of processing operations and legal bases
In addition to cases where you expressly consent to the processing of your data (e.g. sending marketing messages), or cases where the processing of your data is necessary for us to comply with our legal obligations (e.g. due diligence, anti-fraud obligations), data processing may be necessary to ensure the performance of our mutual agreement or to satisfy our legitimate interest. It is in our legitimate interest to be able to manage complaints and grievances in order to defend ourselves properly, to be able to customize and optimize our offers and websites with a view to improving them, and to monitor our establishments and the security and fair conduct of casino games.

7. Information sharing
In the sole context of seeking your complete satisfaction when using our Services, we are required to communicate your personal data to internal and external persons.
Internal recipients:
This concerns all internal staff whose work enables you to benefit from our establishments’ services, including staff at customer reception areas/windows, and support services such as IT, marketing and legal.
External recipients:
These are subcontractors, service providers or banks. The sole purpose of transmitting the information is for Barrière to perform the Services that you have requested in full and to seek your satisfaction.
Local or national administrative and judicial authorities may also request disclosure of your personal data insofar as required by law. This type of disclosure may be required in connection with any lawsuit, request or investigation, governmental application, legal order, enforcement of legal rights (e.g. contractual terms, intellectual property rights, etc.), an anti-money matter, security issue, or other similar legal or security matter. While it is not a regular event for your information to be shared in this way, it may occur at any time. We will ensure that the types and volumes of information we may be obliged to share for legal purposes are limited to that which is reasonably necessary. Similarly, we will ensure that any data transfer outside of the European Union is carried out on an appropriate legal basis.
We may share (or receive) information about you, including your personal contact details, in the event of any sale, acquisition, merger, restructuring, bankruptcy, or other similar circumstance involving Barrière. In the event of this happening, we will take reasonable steps to stipulate that your data should be processed in accordance with this Policy, unless it is impossible or prohibited to do so. Similarly, we will ensure that any data transfer outside the European Union is carried out on an appropriate legal basis.

8. Cookies
We use cookies on some of our websites.
What is a cookie?
A cookie is a small text file that is saved on your device (computer, tablet, smartphone, etc.) when you visit a website or view an advertisement. These are intended in particular to collect information relating to your web browsing for analytical purposes. The aim is to be able to offer you personalized services or to facilitate your browsing. For example, a cookie may collect your device’s IP address.
How long does a cookie last?
With the exception of technical cookies, your consent is required to store cookies on your device. This consent is valid for a period of 13 months.
What cookies do we use?
The cookies we use on our website are for the purposes described below. They are subject to your chosen browser settings during your visit to our website, which you can change at any time.
⮚ Technical cookies
These cookies are necessary to navigate the website. The website would not function properly without them. They allow us, for example, to adapt the website presentation to the display preferences of your device (language used, display resolution), or remember passwords and other information relating to a form you have completed on the website (such as when setting up or logging in to your account).
⮚ Statistical cookies
These cookies compile statistics and volumes relating to visits and uses of the various elements comprising our website (sections and content visited, route, time of visit). They allow us to enhance the value and ergonomics of our services.
⮚ Social media cookies
These cookies allow us to advertise or share our content with other people on social networks such as Facebook, Twitter, LinkedIn, etc. Even if you have not used these sharing buttons or applications, social networks may track your browsing if your account or session is activated on your device at that time. If you do not want the social network to link the information collected via our website to your user account, you must log out of the social network beforehand.
⮚ Advertising cookies
These are cookies used to show you advertisements or to send you information tailored to your interests, either on our website itself or externally when you browse the Internet. In particular, they are used to limit the number of times you see an advertisement and help measure the effectiveness of an advertising campaign. These cookies rely mainly on advertising agencies.
Managing cookies: accept or reject
You can choose to disable these cookies at any time. Your browser can be set to notify you of cookies stored on your computer and give you the option of accepting them or not.
You can accept or reject cookies on a case-by-case basis, or reject them systematically and permanently.
You can change your mind at any time by clicking on the “Cookie preferences” button available directly on the website.

9. Minors
In relation to our casino and gaming services, we only collect personal data from adults. Please contact us at the address below if you believe that we are processing data from minors so that we can delete it, if necessary.
We may collect the personal data of minors for Services other than casino and gaming Services, where this has been communicated by a legal representative of these minors, either to manage bookings or to provide these minors with specific services (children’s clubs, activities, etc.), or in response to your specific request. When providing us with personal data about a minor, you guarantee Barrière that you are an adult, parent, or legal representative of this minor.

10. Data transfers
Where the processing of your data involves a transfer outside the European Union, such transfers are subject to appropriate guarantees. Where the sharing of this information involves transfer to the United States, the said transfer is carried out on the basis of Privacy Shield certification or standard European Union contractual clauses.
For booking purposes, transfers to our establishments located outside of the European Union are made on the basis of the European Commission’s standard contractual clauses. You can request a copy of these documents by contacting our Data Protection Officer at: dpo@groupebarriere.com

11. Data security
Barrière uses appropriate means to protect the security and confidentiality of data. This entails both physical and digital protection procedures, including data encryption.
We also process your personal data on servers hosted by third parties (network operators or infrastructure service providers), and we implement the necessary means to ensure our service is secure.
Similarly, we require our service providers or subcontractors who have access to your personal data solely in connection with the Services to comply with the same data security and privacy conditions.

12. Third-party Websites and Functionalities
Our website may offer links or functionalities to other third-party websites (in particular third-party social networks), which we do not own or control. If you click on any of these links or use these functionalities, you do so under your own responsibility. We are not liable for the content or practices of any third-party website, application or functionality.

13. Retention of data collected
We store your information for a period commensurate with the purpose of its processing, to meet legal and regulatory requirements, and in compliance with legal and regulatory limits.
For commercial communications and marketing, your data is retained for a maximum period of three years from the end of our commercial relationship if you are a customer of our Services, or for a period of three years from your last contact if you are not a customer but simply a visitor to the website or a subscriber to our newsletters.
In accordance with Article L561-13 of the French Monetary and Financial Code and Decree No. 2016-774 of June 10, 2016 setting the profit threshold, your names and addresses are retained for a period of five years from their verification date.
Video and audio recordings made in our casinos are kept for a period of one month, unless extended due to investigations, particularly those linked to suspicions of fraud.
Your bank card data is deleted from our operational databases after the transaction has been completed. However, it may be archived for a period of 13 months after its collection to guard against any dispute relating to the transaction.

14. Your rights
Pursuant to the French Data Protection Act of January 6, 1978, as amended, and the General Data Protection Regulation (2016/679) (the “GDPR”), you have the following rights as a data subject:
a) the right of access to the personal information we hold about you;
b) the right to ask us to update or correct any personal information concerning you that is outdated or inaccurate;
c) the right to withdraw your consent at any time, when processing is based on your consent;
d) the right to object to receiving commercial communications;
e) the right to erasure, when the conditions of Article 17 of the GDPR are met;
f) the right to restriction of processing, when the conditions of Article 18 of the GDPR are met;
g) the right to data portability, insofar as the conditions of Article 20 of the GDPR are met;
h) the right to provide instructions regarding what happens to your personal data after your death;
i) the right to object to the processing of personal data concerning you, insofar as the conditions of Article 21 of the GDPR are met; and
j) the right to lodge a complaint with a regulatory authority, which in France is the French Data Protection Authority, the CNIL (https://www.cnil.fr/fr/plaintes);
You can exercise these rights at any time by emailing us at: dpo@groupebarriere.com.

15. Contacts – Contact details of our Data Protection Officer (DPO)
If you have any questions or complaints about this privacy policy or about the processing of your data by Barrière, you can contact the Barrière Data Protection Officer by email to: dpo@groupebarriere.com or by letter to the following postal address: GROUPE LUCIEN BARRIÈRE DPO, 33 Rue d’Artois, Paris 75008, France.
To ensure the confidentiality and protection of your personal data, we ask that you enclose a copy of an official document identifying you along with your request (e.g. ID card, passport, driver’s license). Your request will then be processed as soon as possible and in accordance with the applicable legislation.