Terms and conditions
Personal data policy
Casino Munkebjerg operates the following under CBR no. 14 44 73 77 and hereafter named the company.
One of the Company's overall objectives is to maintain the highest level of security for our guests, customers and employees. This is also true when it comes to the protection of personal data.
With this policy the Company would like to map in a clear and transparent way how the Company processes your personal data.
1. Data controller
The Company is data controller.
The Company's contact details are:
- info@casinomunkebjerg.dk Attn.: CFO
The company performs all processing of personal data in accordance with applicable legislation.
The Company delivers a wide range of services. Each service is subject to individual terms and conditions.
When you order one or more of these services, you give your personal data to the Company and you also give your consent that your personal data can be processed by the Company.
2. How does the Company collect personal data?
The company collects personal data as follows:
- When you choose to buy and/or request one of the Company's services;
- From persons acting on your behalf;
- On the B2B market, for example, in a sales situation where a request is submitted for a quotation on one of the Company's services and/or a cooperation agreement;
- Via browser cookies and web beacons;
- In connection with the use of the Company's electronic services;
- When you subscribe to newsletters from the Company;
- From competitions and likes on social media, advertising and analysis suppliers as well as public registers;
- Via TV surveillance.
The collection of personal information and its processing will comply at all time with the law.
TV surveillance is set up as security precaution for employees and guests.
In principle, surveillance will take place at the Company's entrance, parking lot, in guest and employee areas, at the front desk and bar as well as at goods delivery.
3. What data does the Company collect?
The Company collects the following personal data:
- Name, address, telephone number, email address and date of birth as well as other general person data;
- Credit card details - possibly as a guarantee for your reservation;
- Demographic data;
- Purchase history and other electronic services;
- Feedback via our customer surveys;
- Feedback on social media and other electronic platforms;
- Browser information.
You may choose to give the Company personal data in addition to the general personal data, which you consider important either for safety reasons and/or to allow the Company to customise the service specifically for you.
This can include, for example, details about:
- Disability;
- Allergy;
- Special food preferences;
- Medical condition.
4. Online credit card purchases
The Company uses e-pay, Danish Internet Payment System (DIBS, www.dibs.dk), Nets and Teller in connection with your purchases of goods and credit card payments. All of the above are approved and certified by Teller.
Besides to complete your order, the data you have provided will only be used if you e.g. contact us with questions or if there is an error in the order.
5. What is the purpose of data collection?
The Company collects only personal data that is necessary for the purposes described in the separate terms and conditions for the service in question as well as in this personal data policy.
It is each individual service that determines both what personal data the Company collects and the purpose of the collection.
The company's objective with personal data collection may be one or more of the following:
- To process your reservations and purchases of Company services;
- To contact you before, during or after your stay;
- To fulfil your request for services;
- To improve and develop Company services;
- To customise Company communication and marketing to meet your needs;
- To analyse your user behaviour and for re-marketing purposes;
- To customise Company communication and marketing to meet your needs;
- To manage your relationship with the Company;
- To comply with regulatory requirements.
6. Legal grounds for the processing of personal data
The legal grounds on which the Company's processing of your personal data is based are listed below.
The Company can, for example, process your personal data because it is necessary to fulfil a contract that you are party to. It can, for example, be in connection with a hotel stay, meeting arrangement and/or cooperation agreements.
In addition, the Company can process your personal data in order to be able to complete certain actions and/or preparations at your request prior to entering into a contract.
Processing of personal data can also take place because the Company might be pursuing a legitimate interest, unless your interest has priority.
Legitimate interests pursued by the Company can include statistics, customer surveys, interest-based marketing and analysis of general user behaviour with i.a. the aim to improve your benefits, your experience and the quality of the Company's services.
If you inform the Company about special preferences and considerations such as health information, disability, religious conviction or the like, the Company will use the data to customise the service based on your instructions as well as your stay at the Company in general.
In some cases the company will receive personal data from third parties, for example, in connection with a group reservation and/or an individual accommodation arranged by the third party - for example by an assistant or the like.
In these cases, the party responsible for the group and/or the reservation is required to inform the relevant guests about the Company’s terms and conditions as well as about this personal data policy.
The Company is also required by law to process your personal data. This is the case, for example, in connection with guest registration at check-in, where the law states what personal data the Company is required to register.
7. Your rights
Pursuant to the General Data Protection Regulation, you have a number of rights.
These are as follows:
- You have the right to be informed about what personal data the Company processes about you.
- You have the right to have the personal data the Company processes about you supplemented and updated.
- You have the right to have the Company delete the personal data it has registered about you. If you want to have your personal data deleted, the Company will delete all data, which the Company is not required to store by law.
- If the processing of personal data is subject to your consent, you have the right to withdraw your consent, which means that the processing will then stop unless the Company is required to process personal data by law.
However, access may be limited considering the protection of other people’s private life, trade secrets and intellectual property rights.
Upon written request to the Company you can receive a print-out of your personal data, have your personal data updated, make objections or ask to have your personal data deleted.
The request must be signed by you and must contain your name, address, telephone number and email address.
You can also contact the Company if you believe that your personal data is processed in violation of the law or other legal obligations.
Please send your request to:
- info@casinomunkebjerg.dk Attn.: CFO
Within 1 month after receiving your print-out request, the Company will send the print-out to you.
In case of requests for correction and/or deletion of your personal data the Company will examine whether the conditions are met and if so, it will make the changes or deletions as soon as possible.
The Company may reject applications that are unreasonably repetitive, require disproportionate technical effort (e.g. to develop a new system or considerably modify an existing practice), affect the protection of other people's personal data or in situations where the desired action must be considered highly complicated (e.g. requests for information available exclusively as backup).
8. If you apply for a job at the Company
When you apply for a job at the Company, the data you have given the Company in connection with your application will be processed.
Typically, it will cover general person information such as name, address, telephone number and email address, information on educational background as well as information about current and previous employment.
The Company uses the information to assess whether the Company wants to offer you the job, as well as to communicate with you in connection with the recruitment process.
If you are employed at the Company, your data will be stored in accordance with Company’s personal data policy for employees, which you will find in the Company’s personnel handbook.
Applications from candidates that are not offered employment are generally stored for 6 months after rejection notice.
In some cases, the Company may also disclose your personal data if so required by law, a court decision or applicable law.
If you want access to the data the Company processes about you, either in connection with an update of your information or because you want the Company to delete your data, you can contact the HR function at the Company.
You can object to the additional processing of your data at any time.
9. Storage security and sharing of your personal data
The Company protects your personal data and has adopted the internal rules on data security, which contain instructions and measures to protect your personal data against unauthorised disclosure and against the risk of unauthorised access.
The Company has established procedures for the allocation of access rights to those of our employees who process sensitive personal data and data that uncovers information about personal interests and habits. The Company controls their actual access through logging and supervision.
To avoid loss of data, the Company backs up its data set.
In the event of security breach that results in a high risk for you of discrimination, identity theft, financial loss, loss of reputation or another major inconvenience, the Company will notify you of the security breach as soon as possible.
The Company's security procedures will be regularly reviewed in line with the latest technological developments.
In addition to the Company's internal systems the Company uses external providers of IT services, IT systems, payment solutions etc.
The Company has entered into data processing agreements with all its providers in accordance with EU's General Data Protection Regulation (GDPR). This ensures a high level of protection of your personal data.
In order to provide the highest level of service, the Company shares at your request selected personal information, with external suppliers such as restaurants, hotels etc.
Where necessary, the Company also shares and forwards your personal information internally within the Company. The purpose of the sharing is to give you the most optimal service, no matter which hotel or Company department you contact.
In certain cases, the Company may also be required to disclose personal data by law or by a decision of a public authority.
The Company deletes your personal data when the Company is no longer required to store the data or when the processing no longer serves any purpose.
Pursuant to the provisions of the Aliens Order and the Passports Order, the Company registers different data about its guests. For foreign visitors, this data must be stored for not less than 1 and not more than 2 years, while for Danish guests it must be stored for 1 year. This is done for the sole purpose of ensuring that it is possible to make this information available to the police.
The Company can legitimately use a guest’s email address for marketing of own services similar to the one the guest has purchased, e.g. an overnight stay, provided that the provisions of Section 10 of the Marketing Act have been complied with. In other words, the guest must be informed that, for example, an email address can be used for marketing purposes and that the guest will subsequently be given the opportunity to opt out of this. In addition, the guest can easily unsubscribe from such marketing at a later time.
Sending of newsletters requires the consent of the guest.
The company must store guest information for longer than what is stated above, only if used for statistical purposes. In this case, the information must be anonymised.
The company must store personal data for a longer period provided that such storage serves a legitimate purpose. For example, it can be legitimate to store information about job seekers who did not get an advertised position, for example, in order to disprove any discrimination allegations. The company may also ask for consent to store data in order to contact the relevant person about a future job posting.
When an employee resigns, it may be legitimate to store his/her HR folder for a longer period in order to address any subsequent back-payments claims from employees who have resigned. Post-processing cases are subject to a 5-year limitation period, i.e. claims can be made retroactively, going back 5 years.
If the Company stores personal data for a longer period of time, this is data that the Company might. Other data is deleted.
10. Whistle-blower Policy (WBP)
The company has also established a WBP, which aims to ensure openness and transparency in relation to illegal behaviour and serious irregularities at the Company.
WBP contains the following elements:
-
Its purpose is to ensure that the relevant persons are promptly and confidentially informed about serious offences, or suspicion thereof, which may have an impact on the company as a whole or on individual persons’ life or health.
-
Collection, registration, deletion and, depending on the specific circumstances, possibly disclosure takes place.
-
If the Company uses data processors, these must act solely on behalf of the Company and as instructed by it.
-
The Company will observe statutory regulations.
-
Only people affiliated to the Company, e.g. employees, board members, accountants, lawyers, suppliers, customers etc., may submit reports.
-
Only data about persons affiliated with the company, e.g. employees, directors, accountants, lawyers, suppliers etc. may be reported.
-
No sensitive information other than information about criminal offences and other purely private relationships will be processed.
-
Reporting is possible in cases of serious offences, or suspicion thereof, which may affect the company as a whole, or which may have a significant impact on the individual persons' life or health. For example, this can include suspicion of serious economic crime, including corruption, fraud, falsification of documents etc.
-
Reporting is possible to the extent required pursuant to the American Sarbanes Oxley Act, i.e. regarding irregularities in the areas of accounting, internal account supervision, auditing and in case of suspicion of corruption and crime in the banking and financial sector.
-
Other examples in which reporting is possible can include cases of environmental pollution, serious breach of safety at work as well as serious circumstances directed against an employee, e.g. violence or sexual assault.
-
On the other hand, it is possible not to report minor wrongdoings, for example harassment, difficulties in cooperation, incompetence, absence, infringement of guidelines for e.g. dressing, smoking/alcohol, use of email/internet etc. In these cases, the Company's ordinary communication paths must be used instead.
-
Depending on the specific circumstances, the following can receive information: The police and other public authorities as well as any relevant entities in affiliated companies etc.
-
Transmission takes place only to the extent the disclosure provisions of the Danish Personal Data Act are complied with in the case in question.
-
Security measures will be taken in accordance with the standard WBP terms of the Danish Data Protection Agency, as well as any additional conditions laid down by the Danish Data Protection Agency. The terms can be found at www.datatilsynet.dk.
Deletion procedures:
- If the report falls outside the scope of WBP or proves to be unfounded, in general, the data shall be deleted immediately, but see below.
- If a report is filed with the police or other relevant authorities, in general, the data shall be deleted immediately after the case is finalised by the responsible authorities, but see below.
- If, based on the information collected, a disciplinary sanction is imposed on an employee of the Company or there are grounds to believe that it is necessary for the Company to keep information about the employee, the information will be stored in the employee's HR folder subject to the legislation currently in force.
- If the data concerns an employee of another company, e.g. another company in the same group, and there is basis to disclose data to this company, the data shall be deleted immediately after this disclosure.
- The data will also be deleted, if no report has been filed with the police or other relevant authorities within 2 months after the completion of the investigation of the alleged claims, or if the information has not been transferred to an employee's HR folder by that deadline.
As it appears, this policy allows you to submit data in a safe and confidential way. Furthermore, the intention is to use the information submitted constructively for improvement, prevention and removal of errors and irregularities at the Company, including the management.
You should always first consider whether the problems could be solved by contacting, for example, an immediate manager, an HR department or a representative. The policy is therefore an alternative that can be used if you do not feel comfortable using the conventional channels - or if you e.g. have approached the management about a serious circumstance and it has not been addressed.
WBP works on maintaining due respect towards representatives and the labour legislation system. The policy is therefore merely a supplement to your options to contact representatives and trade unions regarding serious conditions at the workplace.
11. Cookies
The Company and personal data (privacy policy)
The Company collects information about all visits to the Company's websites. At the same time, we encourage users in many places actively to provide information. Collection of information at casinomunkebjerg.dk is hereinafter referred to as the "the Company's website" and is subject to applicable legislation.
Below you can read more about why we collect information and for what we use it.
What information do we collect?
The Company's website collects information about users and their visits in two ways:
- Using the so-called cookies.
- Using the information provided by the user.
Why do we use cookies?
Every visit to the Company's website is registered with the help of cookies. Each time, you – or more precisely – your computer visits the company's website, the cookie tells us about your visit.
The cookie tells us, for example, how long you visit the website for, which sections and how many articles you read, whether your computer has visited us before, what browser and operating system you use etc.
The information is anonymous and is collected together with all other users’ data so that we get a statistical overview of the use of the Company's website.
At the same time, cookies ensure that you do not see the same ads repeatedly, just as all clicks on ads are being recorded.
In addition, we use the statistics in editorial work for further developing the Company's website.
What is a cookie?
When you visit the Company's website, your computer automatically receives one or more cookies, which are transferred from the Company's website to your Internet browser. The Company's website then records your visit and your use of the website.
A cookie is a small text file. It contains no personal data and the information we receive is therefore anonymous.
Most internet browsers allow you to delete cookies, block them or warn you and ask for your acceptance before saving a cookie.
Depending on the browser you use, you can find out in its settings and help features on how to configure your browser to process cookies.
Personal Data
In addition to cookies, several of the Company's services require you to provide personal data.
In general, we only ask for personal data when you, for example, sign up for our newsletters or book a hotel stay via the company's website.
Online credit card purchases
The Company’s booking and gift card systems use e-pay, Danish Internet Payment System (DIBS, www.dibs.dk), Nets and Teller in connection with your purchases of goods and credit card payments. Both DIBS and the Company's systems are approved and certified by Teller.dk.
12. Contact
If you have questions, comments or complaints about the Company's processing of personal data, please contact:
info@casinomunkebjerg.dk, Attn.: CFO
If this does not resolve the problem, you can file a complaint with the Danish Data Protection Authority, Borgergade 28, Floor 5, 1300 Copenhagen K, telephone 3319 3200, email dt@datatilsynet.dk.
Any changes to the personal data policy will be announced by publishing new terms and conditions on the Company's website.