top of page

PRIVACY POLICY

Collection, processing and protection of personal data

 

INTRODUCTION

GLOBUS EXCLUSIVE doo, Ulica kneza Branimira 29, 10000 Zagreb, OIB: 98067501790, pays particular attention to the protection of personal data and privacy (hereinafter: privacy protection) of its clients, suppliers, employees and other entities with which it enters into relations (hereinafter: clients), in accordance with applicable regulations and best European practices (Regulation (EU) 2016/679 of the European Parliament). Protecting the privacy of our clients is an integral part of our services and way of doing business.

 

With our privacy policy, we want to provide clear information about the processing and protection of personal data processed by GLOBUS EXCLUSIVE doo and enable clients to easily monitor and manage their personal data and consents.

 

This Privacy Policy describes what personal data GLOBUS EXCLUSIVE doo collects, how it processes it and for what purposes it uses it, how long and how it stores it, as well as the rights of clients (data subjects) related to their personal data.

 

Personal data controller:

GLOBUS EXCLUSIVE d.o.o., Ulica kneza Branimira 29, 10000 Zagreb,

OIB: 98067501790,

E mail: info@casino-diamondpalace.hr

 

Personal Data Protection Officer:

e mail: gdpr@globus-exclusive.hr

​

 

1. Scope of application

The Privacy Policy applies to all personal data that GLOBUS EXCLUSIVE doo collects, uses or otherwise processes, directly or through its partners. Personal data is any information relating to a natural person whose identity is determined or can be determined, directly or indirectly.

Data processing is any operation performed on personal data, such as collection, recording, storage, use, transfer of personal data, insight into personal data, etc.

 

GLOBUS EXCLUSIVE doo is the data controller in relation to the personal data of its clients in terms of applicable personal data protection regulations.

 

The privacy rules apply to all natural persons who enter into a relationship with the company GLOBUS EXCLUSIVE doo in any respect.

 

2. Principles of personal data processing

Trustworthiness

GLOBUS EXCLUSIVE doo wants to be completely transparent and clear regarding the processing of clients' personal data, which is the purpose of these Privacy Rules, and to have a relationship with its clients based on trust.

 

Lawfulness of data processing

When processing personal data, GLOBUS EXCLUSIVE doo acts in accordance with the law - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Act on the Implementation of the General Data Protection Regulation ("Official Gazette" No. 42/18) and internal rules and procedures relating to the protection of personal data.

 

Limited purpose of processing

GLOBUS EXCLUSIVE doo collects and processes personal data only for a specific and lawful purpose and further processes them only in a manner that is consistent with the purpose for which they were collected.

 

Data reduction

We always use only customer data that is appropriate and necessary to achieve a specific legitimate purpose, and no more data than that.

 

Integrity and confidentiality

Personal data is processed securely, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage (only authorized persons who need it to perform their jobs have access to personal data, but not other employees).

 

Quality of personal data

We attach great importance to the personal data we process. The personal data we process must be accurate, complete and up-to-date, and it is therefore important that clients notify us of any changes to their data immediately or as soon as possible.

 

Limited storage time

We collect, store and process personal data for as long as prescribed by the law on which the obligation to collect personal data is based, for as long as determined by consent, which clients are informed about when signing the consent itself, or for as long as determined based on the previously established legitimate interest of GLOBUS EXCLUSIVE doo.

 

3. Method of collecting personal data

GLOBUS EXCLUSIVE doo collects personal data directly from clients. There is a legal basis for each processing of personal data. The legal bases on which the processing of personal data is based are: the legal obligation of the controller, the processing is necessary for the performance of the contract, or the processing is carried out at the request of the client for the purpose of carrying out preparatory actions prior to the conclusion of the contractual relationship, the client's consent, the legitimate interest of the controller or the request of a public authority. In accordance with the Regulation, when we base the processing of personal data on a legitimate interest, we conduct a proportionality test in order to determine the existence of a legitimate interest.

 

4. Purpose and processing of personal data:

Data is processed fairly and legally, and is not collected to a greater extent than is necessary.

We also collect and process personal data in cases specified by law for the purpose of fulfilling legal or contractual obligations and/or with the user's consent for the purpose for which they gave consent and/or for the purpose of concluding and executing a contract concluded between the user and GLOBUS EXCLUSIVE doo, or on the basis of our legitimate interest; as well as in other cases specified by law.

The collected personal data is used for:

  • provision of our services / execution of the contract

  • identification purposes and verification

  • statistical analysis and research

  • regulatory and legislative compliance

  • marketing, profiling and market research

  • protection of our rights and property

  • protection of minors through the prohibition of participation in games of chance

  • protection of persons and property in our casino and branches (betting shops)

 

5. Types of data we collect

Below is a list of what personal data we collect, the legal basis on which we collect it, and how long we store it.

 

5.1. Contractual data

GLOBUS EXCLUSIVE doo may collect the following personal data for the purposes of contract execution, intention to conclude a contract, business negotiations, etc.:

 

  • Name and surname of natural persons, representatives of companies or owners of real estate and the like, i.e. name and surname of natural persons with whom we conclude a contract

  • OIB

  • Residence

  • Email address

  • Real estate ownership information

  • Data on the giro/current account number

  • The fact whether a natural person (president of the board, director, members of the board/supervisory/management board, beneficial owner) or the legal entity itself is on a particular sanction list of the United Nations, the European Union, the Government of the Republic of Croatia or other international organizations, or whether restrictive measures are applied to any of these persons in accordance with the Law on Restrictive Measures ("Official Gazette" No. 133/23) - we collect the aforementioned data on the legal basis arising from the Law on Restrictive Measures, and not as data necessary for concluding a contract (they are listed here only because they are collected for the same purpose - the purpose of concluding a contract)

 

This data is kept for the period prescribed by the respective Act depending on the type of contract concluded, the period required for the execution of the contract, and after the expiry of that period it is deleted. In relation to contractual relationships under which GLOBUS EXCLUSIVE doo permanently acquires some property for itself, the aforementioned contracts (and accordingly the above-mentioned data) are kept permanently, while we keep data from other contracts for 11 years from the last payment made under the contract, all in accordance with accounting regulations. In the event that the client refuses to provide some of the requested data, which is necessary for the execution of the contract, GLOBUS EXCLUSIVE doo reserves the right to refuse to enter into a business relationship with the client. Also, if, before entering into a business relationship, we determine that a natural or legal person is on a particular sanctions list of the United Nations, the European Union, the Government of the Republic of Croatia or other international organizations, or that restrictive measures are applied to that person in accordance with the Law on Restrictive Measures, in accordance with the aforementioned Act, we may not enter into a business relationship with that person, or, if we are already in a business relationship with that person, we must exit it immediately upon learning of the aforementioned fact.

 

5.2. Personal data collected in the Casino:

We are obliged to collect data on a legal basis (the Law on Games of Chance in relation to the data that the organizer is obliged to collect when registering players in a casino; the Law on Anti-Money Laundering and Terrorism Financing in relation to the same data with the addition of a copy of the identity card collected according to that Law, and the Law on Games of Chance and the Ordinance on Spatial and Technical Conditions for Organizing Games of Chance in Casinos, on Slot Machines and Betting Deposit Sites in relation to data collected by the video surveillance system) when a client accesses the casino premises, and are the condition for access to the casino premises and games of chance that are organized in the casino premises.

  • first and last name

  • residence

  • date and place of birth,

  • identification document number, number and name of the document issuer

  • a copy or scan of an identification document (for the purposes of conducting an in-depth analysis in accordance with the Law on Anti-Money Laundering and Terrorism Financing in the case of payment/disbursement in the amount of EUR 2,000.00 or more)

  • a copy or scan of an identification document (based on the legitimate interest of the data controller during the first registration of the client upon entering the casino)

  • date and time of entering the casino

  • photograph of the player's face (based on the legitimate interest of the controller)

  • personal identification number (OIB)

  • citizenship

  • data on participation in games of chance (deposits and withdrawals)

  • data on political exposure (when completing the form on political exposure of persons in accordance with the Law on Anti-Money Laundering and Terrorism Financing)

  • method of exposure (when filling out the form on political exposure of persons in accordance with the Law on Anti-Money Laundering and Terrorism Financing)

  • type of public duty (when filling out the form on political exposure of persons in accordance with the Law on Anti-Money Laundering and Terrorism Financing)

  • basis of political exposure - public office, family member, close associate (when filling out the form on political exposure of persons in accordance with the Law on Anti-Money Laundering and Terrorism Financing)

  • data on the duty performed (when filling out the form on political exposure of persons in accordance with the Law on Anti-Money Laundering and Terrorism Financing)

  • date of appointment or time of performance of prominent public office (when completing the form on political exposure of persons in accordance with the Law on Anti-Money Laundering and Terrorism Financing)

  • source of assets (when completing the form on political exposure of persons in accordance with the Law on Anti-Money Laundering and Terrorism Financing),

  • The fact whether a natural person is on a particular sanctions list of the United Nations, the European Union, the Government of the Republic of Croatia or other international organizations, or whether restrictive measures are applied to any of these persons in accordance with the Law on Restrictive Measures ("Official Gazette" No. 133/23.)

The retention period for personal data collected during registration is prescribed by the  Law on Games of Chance and is 10 years in relation to the above data.

We are obliged to keep the data that we are required to collect when conducting customer due diligence (for deposits or withdrawals in an amount equal to or greater than EUR 2,000.00) for 10 years, in accordance with the Law on Anti-Money Laundering and Terrorism Financing. When conducting due diligence, the same set of data is collected as during registration upon entry, with the additional obligation to collect a copy of your identification document, which is our obligation in accordance with the regulations governing the prevention of money laundering and the financing of terrorism. Also, if you declare that you are a politically exposed person or we independently determine this through verification, you are obliged, in accordance with the regulations governing the prevention of money laundering and the financing of terrorism, to share with us an additional set of data (type of exposure, type of public office, basis of political exposure - public office - family member, close associate, information about the office you perform, date of appointment or time of performance of prominent public office, source of assets).

We collect data on whether a natural person is on a particular sanction list of the United Nations, the European Union, the Government of the Republic of Croatia or other international organizations, or whether restrictive measures are applied to any of these persons in accordance with the Law on Restrictive Measures ("Official Gazette" No. 133/23.) by comparing the above-mentioned and collected data with data from current and publicly published consolidated lists of the United Nations, the European Union and decisions made by the Government of the Republic of Croatia. We carry out the aforementioned check during the registration of each user and after registration, on a daily basis, given the fact that, pursuant to the Act, we are obliged to disable registration for a user who is on a sanction list, or to terminate the business relationship with a previously registered user if he is subsequently included on one of the lists after registration.

We collect your photo during your first registration in the casino based on our legitimate interest for the purpose of easier identification each time you come to the casino.

 

5.3. Personal data collected when visiting the website

The following data is collected from each visitor to the website, in order to improve the user experience and system security:

  1. time and date of website visit

  2. pages that the visitor views

  3. type of internet browser

  4. Computer IP address

  5. cookie ID whose collection you have allowed by consent

  6. device type and operating system version

  7. other (depending on the cookies you have allowed on your device)

 

5.4. Personal data collected through video surveillance

For the purpose of protecting the persons and property of employees, users, players and visitors, video surveillance is used. It is installed in accordance with the following regulations:

  • The Law on Games of Chance and the Ordinance on Spatial and Technical Conditions for Organizing Games of Chance in Casinos, on Slot Machines and Betting Sites (in relation to video surveillance installed in those parts of the casino premises in relation to which the aforementioned Law and Ordinance regulate that video surveillance must be installed)

  • Legitimate interest of the data controller – for video surveillance at the company's headquarters and in areas intended for employees in casinos and betting shops.

Video surveillance is installed at the entrance and inside the facilities, including  casino and the company's headquarters, and is based on a project approved by an authorized entity.

Recordings are stored on separate hard drives located in separate locations. Access to this data is strictly limited and enabled only at the request of competent state authorities. Such information is submitted exclusively with the official record.

The retention period for recordings in casinos: 60 days.

 

 

5.5. Personal data collected based on the obligation under the  Law on Anti-Money Laundering and Terrorism Financing

When it comes to transactions (payments/withdrawals related to games of chance) for which, in accordance with the Law on Anti-Money Laundering and Terrorism Financing, it is mandatory to keep prescribed records, we are obliged to collect the following data:

  1. first and last name

  2. residence,

  3. day, month and year of birth,

  4. personal identification number if visible from the identification document,

  5. name and number of the identification document,

  6. name and country of the issuer,

  7. citizenship/citizenships

  8. scan/photo/copy of identification document

For players who are politically exposed persons, the following data is also collected:

  • Basis of political exposure (public office, family member, close associate)

  • Information about the duties performed

  • Date of appointment or time of holding a prominent public office

  • The source and funds that are the subject of the transaction

The data is kept for the period prescribed by individual laws, i.e. for a minimum period of 10 years from the date of termination of the business relationship, and will be deleted upon expiry of that period. When the user refuses to provide personal data prescribed by law, the organizer is obliged to refuse to provide the service to the user, i.e. to suspend the transaction and inform the Anti-Money Laundering Office and to deny access to the premises where it organizes games of chance (casino).

 

5.6. Personal data collected when establishing an employment relationship

Data processing based on legal basis

We use this legal basis for data processing in relation to all personal data that we collect from you at the time of establishing an employment relationship based on labor law regulations. Namely the Labour Act ("Official Gazette" no. 93/14, 127/17, 98/19, 151/22, 64/23), the Regulation on the Content and Method of Keeping Records of Employees ("Official Gazette" no. 55/24). and accounting regulations, regulations in the field of tax law and health insurance, which refer to the registration/deregistration of workers, prescribe obligations that we as an employer must fulfill.

  • first and last name

  • OIB

  • sex

  • day, month and year of birth

  • citizenship

  • residence or domicile

  • residence and work permit or work registration certificate, if the third-country national worker is required to have one

  • professional education and special exams and courses that are a requirement for performing the job, credentials, licenses, certificates, etc.

  • start date

  • job title, or the nature or type of work for which the worker is employed

  • type of employment contract concluded

  • date and reason for termination of employment, or termination of work for seconded workers

  • date of application submission (start, change, termination) for mandatory insurance of workers as insured persons based on employment, including voluntary pension insurance, if the employer participates in paying for it, and mandatory health insurance while working abroad

  • all employment contracts in writing or a confirmation of the employment contract concluded with the employee, all amendments and supplements to the employment contract

  • agreements between employer and employee, consents and written statements of employees, decisions on dismissal

  • forms for registration (start, change, termination) of mandatory pension and health insurance

  • public and private documents that provide evidence of the accuracy of data on professional education, training, advanced training and other data on which the exercise of rights and obligations arising from or in connection with the employment relationship depends

  • public and private documents, decisions, certificates, calculations, etc. related to the obligations of calculation and payment of salary, and payment of taxes and contributions

  • decisions, private documents, certificates, records, etc. related to safety and protection at work, injuries at work and occupational diseases

  • decisions, private documents, certificates, etc. related to the exercise of pension insurance rights, including rights based on insurance years calculated with an increased duration

  • decisions, private documents, certificates, records, etc. related to exercising rights under mandatory health insurance

  • public and private documents, decisions, certificates, etc. related to the exercise of the right to personal care or any other right from general labor regulations, as well as the exercise of maternity and parental rights

  • requests from workers for protection of employment rights, with decisions, acts and letters of the employer issued in the proceedings regarding such requests

  • other documents and acts related to the exercise of rights from the employment relationship, i.e. in connection with the employment relationship

  • CV and job application

  • copy of certificate, diploma and other proof of professional training

  • tax card

  • ID card information or passport copy, bank account information

  • Certificate of service with the HZMO

  • work and residence permit in the case of a worker who is a foreign citizen

  • signed confidentiality statement

  • signed statement of employee consent to receive salary, salary compensation and severance pay documents electronically

  • signed consent of the employee for the processing of certain types of personal data for certain purposes

  • a copy of the lease agreement for an employee for whom the Employer bears the housing costs, an agreement regulating rights and obligations under the apartment lease agreement

  • certificate of training for safe work

  • for workers who were temporarily assigned to the employer by companies affiliated with it and for workers who were assigned to the employer as a beneficiary by temporary employment agencies, the following additional documentation must be submitted:

    • the assignment agreement between the employer and the related employer and the written consent of the employee

    • the assignment agreement between the agency and the beneficiary and the referral by which the temporary employment agency refers the worker to the  beneficiary

    • certificates of professional competence in accordance with obligations under occupational safety regulations

    • other documents and acts related to the realization of rights from the employment relationship, i.e. in connection with the employment relationship and rights based on the assignment of workers.

  • written review of employee data

 

We store data collected in this way in accordance with legal retention periods, while we store employee payrolls permanently, and we store all payments made to employees (including the personal data of employees related to such payments) in accordance with accounting regulations for 11 years from each payment made.

The legal retention periods for the aforementioned data are as follows:

​

5.7. Personal data collected when applying for a job vacancy

The personal data we collect and process are as follows:

  • general and contact information (name and surname, date of birth, residential address, telephone and/or mobile phone number, email address, personal photo, skills, URL to social network profile, e.g. LinkedIn (optional) and other information specified in the CV and/or application)

  • data on competences (academic education, work experience, knowledge of certain technologies and solutions, knowledge of certain business processes, organizational skills, teamwork, hobbies, knowledge of foreign languages)

  • In the event that we invite you to an interview, we use data on the results of the interview

  • IP address

  • Internet browser information

 

Legal basis for the collection and processing of personal data:

  • Taking action at your request before concluding an employment contract (§6.1(b) GDPR) – participation in the job application process

  • Consent to store the personal data of the data subject for the purpose of contacting them for future job vacancies that match the data subject's qualifications (§6.1(a) of the General Data Protection Regulation) - if, after a completed application process (in which you were not selected for the applied position), you give us your consent allowing us to continue to process your personal data for the purpose of contacting you again.

 

5.8 Participation in events organized by the data  controller

As part of the events we organize, we use the legal basis - legitimate interest to photograph the event and publish images on our social networks. The purpose of this processing is to document and promote the event, as well as to inform the public about our activities, thereby ensuring transparency and raising awareness of our services and initiatives.

Also, in the case of prize games or similar activities, we may publish the name and surname of the winner on social networks, based on legitimate interest, for the purpose of public communication of the results and confirmation of the authenticity of the activities carried out. Also, the winners of prize games may be asked to give their consent to be photographed as winners and to publish these photos on the social networks of the data controller. The aforementioned consent is voluntary, you are not obliged to give it and not giving consent in any way cannot and will not affect your participation in the prize game or the receipt of the prize that you have validly won.

This processing of personal data is carried out with due regard to the rights and interests of the participants, while ensuring that there is no disproportionate impact on the privacy of individuals. If you believe that this processing threatens your rights or interests, you have the right to object to such processing in accordance with applicable data protection legislation.

For additional information on the method of data processing or to submit a complaint, please feel free to contact us through the available communication channels listed at the beginning of the document (contact)

 

6. Transfer of personal data to third parties

GLOBUS EXCLUSIVE doo is obliged, in certain cases, to forward your personal data collected on the basis of the legal grounds set here to competent state bodies for the purpose of fulfilling legal obligations (Ministry of Finance, Ministry of the Interior, Anti-Money Laundering Office, Ministry of Labour, Pension System, Family and Social Policy, Personal Data Protection Agency, police departments, etc.).

 

7. Personal data processors

The personal data controller, GLOBUS EXCLUSIVE doo, has concluded contracts with several personal data processors, which are in line with the General Regulation and handle all personal data we transfer to them in accordance with the Regulation. The above obligations are additionally regulated by personal data processing contracts that we have concluded with them, as well as standard contractual clauses for data transfers to third countries, in cases where these processors are located in third countries. In relation to all transfers of personal data to third countries, we also conduct an assessment of the transfer of personal data to these countries, in order to determine whether the aforementioned transfers meet the standards set by the General Regulation.

In the course of its daily work, the Processor has no business need, nor is it authorized, to access the personal data of the Controller. The Processor and its authorized employees are authorized to access the personal data of natural persons contained in the Controller's databases when maintaining the system and databases for the purpose of establishing the technical correctness of the system and conducting the necessary tests for this purpose.

Examples of our processors:

  • Software systems and solutions that we use in everyday business for the purpose of accounting and bookkeeping and jobs related to personnel department

  • Personal protection service providers at the casino entrance

  • Employment mediation service providers

 

8. Measures to protect your personal data

In order to protect your personal data, and in accordance with the obligations arising from applicable regulations on the protection of personal data, prescribed technical measures and procedures have been taken, and access to personal data is controlled and only authorized and professional persons are allowed to do so.

The latest security measures and technical solutions are used in the collection and processing of data, including databases, backups, firewalls, encryption, surveillance systems and access control systems, both physical and software content, to ensure protection against loss or misuse of your data.

 

9. Physical data protection

Physical protection encompasses a set of methods and means used to protect information system hardware from unauthorized physical access to the system itself and the use of its resources, as well as its protection from external events that cannot be predicted, e.g. lightning strikes, power outages, protection from floods, earthquakes, excessive dust, explosive devices etc.

  1. In accordance with applicable regulations, the company's premises are protected by technical and physical protection in the premises of the company's headquarters where the servers are located, and at casino locations. In addition to physical protection, security services are available upon automatic alarm notification to their center or upon call, after which security goes out to the field. All locations are equipped with the prescribed technical protection equipment. In addition to the automatic alarm system, all locations also have the option of manually activating a silent alarm.

  2. Within the locations where the data centers are located, there is physical and digital physical access control for the protected areas.

  3. The server equipment on which the data is stored is located in the server rooms which are protected in the previously mentioned ways, and in addition there are lockable server cabinets inside the room. Data is periodically archived on physical media for permanent data storage. Such media are stored in safes located within protected premises.

  4. The premises of the company, especially the areas for data processing and storage (server rooms, etc.) are equipped with appropriate equipment for fire protection, which includes smoke sensors, a fire alarm system, and automatic fire extinguishing systems, while the servers are secured against voltage surges and sags, and sudden interruption of the mains supply, using an uninterruptible power supply (UPS). In addition to the primary method of protection (UPS, Uninterrupted Power Supply) for short-term and sudden oscillations and interruptions in the mains supply, the system is also equipped with aggregates that provide power during a longer interruption in the mains supply.

 

10. Digital data protection

  1. Password - a secret nformation that must be known in order to access certain resources, information, etc. It is used as a general mechanism of digital protection at multiple levels within an information system - for access to computers, a specific system, subsystem, application, database, protected files, archive copies, etc. Password complexity rules and periodic change policies are prescribed separately for separate applications and systems.

  2. Firewall - a combination of software and hardware that isolates the internal network of an information system from the Internet, allowing some packets to pass while blocking others. It is used at all locations at the level of the entire network, as part of the available protection of network devices, and on individual computers, either as part of the operating system or additional applications installed on the computer itself or server.

  3. Rules for handling network traffic are defined for each computer and network separately, depending on the communication needs of the systems located on those computers and networks, and only authorized persons have access to databases.

  4. Antivirus protection - includes systems for preventing the operation of viruses and other malicious applications, scripts and parts of program code, sending or receiving such applications, etc.
    Also, antivirus protection includes blocking the communication of certain content via email communication, and automatic systems check the content of email communication and automatically block any unwanted communication, either externally or within protected systems.
    It is used at all locations at the level of the entire network, and on individual computers, either as part of the operating system or additional applications installed on the computer itself or the server.

  5. Backups – necessary to ensure uninterrupted availability and the ability to continue operating the information system due to unforeseen circumstances, e.g. in cases of natural disasters (fire, earthquake, flood, sabotage, etc.) or other causes of interruption of work.
    In addition to the above, another reason for creating backups is the legal obligation to preserve financial and other similar data, therefore, backups are made regularly on systems important for business, and where required by law.

  6. When connecting two or more remote locations, VPN (Virtual Private Network) tunnels or ISPEC are used to protect network communication. All traffic within such a VPN or ISPEC tunnel is encrypted, and is not available to network users outside the two networks connected by these tunnels.

  7. Computer access to all systems is restricted:

    • limiting access rights at the user account level

    • Access to databases is allowed only to authorized persons.

  8. All with the aim of protecting the system from unauthorized access, installation of unwanted applications, unintentional data loss, etc.
    When possible and justified, redundancy (duplication) of critical system components is applied to increase the reliability of computer systems, both at the physical level (equipment), and at the logical and digital level. Redundant systems operate in such a way that in the event of a failure of one part of the system (component), the functionality is taken over by another identical part of the system.

 

11. Rights of the data subject

According to the General Data Protection Regulation (EU 2016/679), the rights of data subjects are:

  1. access to personal data and correction or deletion of personal data, all in accordance with the provisions of this policy and legal provisions.

  2. limiting processing related to them as a data subject, all in accordance with the provisions of this policy and legal provisions.

  3. objection to the processing of personal data, including the use of personal data for direct marketing purposes and automated decision-making, including profile creation, all in accordance with the provisions of this policy and legal provisions.

  4. transfer of personal data elated to them, all in accordance with the provisions of this policy and legal provisions.

  5. withdrawal of consent to the processing of personal data provided with consent based on this policy.

The data controller is obliged to inform you regarding the correction or deletion of personal data or the restriction of processing in accordance with Article 19 of the Regulation.

In the event of a breach of your personal data, we will notify you in accordance with Article 34 of the General Regulation within a maximum of 72 hours.

For all questions, complaints, submission of requests, as well as exercising their rights related to the protection of personal data under the provisions of the Regulation, the user can contact the Personal Data Protection Officer via email at the following address:
gdpr@globus-exclusive.hr or to the data controller in writing at the address
GLOBUS EXCLUSIVE doo, Ulica kneza Branimira 29, 10000 Zagreb.

 

12. Complaints

The user has the option to file a complaint with the supervisory authority for personal data protection at any time:

Personal Data Protection Agency (AZOP)
Ulica grada Vukovara 54, 10 000 ZAGREB

 

13. Final provisions

By registering with the controller or accessing the premises and games of chance in the casino, the user confirms that he/she is aware of:

  • the purpose and legal basis for collecting personal data, and that in the event of refusal to provide the legally required personal data, the data controller is unable to provide the service

  • the purpose and legal basis for collecting personal data that is collected based on the client's consent

  • that by giving his consent, they agree that their personal data may be used for the purposes specified in each individual consent they have given

  • and accepts the rules of casino games and the general terms and conditions of the games of chance of the company GLOBUS EXCLUSIVE doo, Ulica kneza Branimira 29, 10000 Zagreb,

  • that their data, as a condition for the performance of the contract, may be transferred to a processor in third countries, and that the transfer of data is regulated on the basis of standard data protection clauses prescribed by the European Commission.

 

Zagreb, 03.02.2023

bottom of page