2. Notice of Collection of Personal Information
“Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.
We have collected each of the following categories of Personal Information from one or more persons in the last 12 months.
(A) Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
(B) Any personal information described in subdivision (e) of Section 1798.80, which means any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information,
(C) Characteristics of protected classifications under California or federal law. This includes sex, gender (including pregnancy), gender identity, age, race, color, religion, disability, medical conditions, marital status, citizenship, primary language, military or veteran status, and immigration status.
(D) Commercial information, including records of personal and real property, products or services purchased.
(E) (left blank)
(F) Internet or other electronic network activity information, including, but not limited to, information regarding interaction with an internet website application, or advertisement, internet or
network activity information, such as use of our wifi and interactions with our website or systems.
(G) Geolocation data.
(H) Audio, electronic, visual, or similar information, such as images and audio, video or call recordings created in connection with our business activities.
(I) Professional or employment-related information, such as business or work history.
(J) Travel information including whether you’ve recently traveled to a restricted area under a Travel Advisory, locations traveled to within 14 days prior to coming to the workplace and dates spent
in those locations.
(K) Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, predispositions,
behavior, attitudes, and abilities.
We have also collected information from public websites and public records.
“Sensitive personal information” we collect includes Personal information that reveals:
(A) A consumer’s social security, driver’s license, state identification card, or passport number.
(B) A consumer’s financial account, debit card, or credit card number in combination with credentials allowing access to an account in the case of counter checks or credit transactions.
We use this information to process transactions, comply with Title 31 laws and other laws and regulations, and to assist law enforcement or claims handling. We also use the subpart (A) information for job applicants, hiring and contracting decisions.
Sensitive Information and Personal Information as used in this policy does not include publicly available information, or information that is “aggregate consumer information” or information that is “deidentified” as defined in Cal. Civ. Code sec. 1798.140(b) and (m).
Personal Information That You Provide To Us. You provide us information when you:
1. provide us with your personal information for any reason;
2. join our email list;
3. register for or participate in one of our events, surveys, contests or promotions;
4. use casino services, including cash advance, ATM, players’ bank, check cashing, credit, counter checks, chip advance, ACH or wire payment, or food and beverage services where you provide personal information, including a credit or debit card, bank information or tax identification number;
5. provide identification which we may scan, copy or record;
6. provide us information or we record information in order to comply with legal requirements respecting financial transactions;
7. enter the premises, parking area, or nearby areas and are recorded on video;
8. visit our website at www.oakscardclub.com
9. view digital ads;
10. enable location services when using your phone;
11. use our Wi-Fi services;
12. engage with us on social media;
13. register under a problem gambling program;
14. provide services to us as an independent contractor; or,
15. apply for employment or to work as an independent contractor or vendor. For example, a job applicant may supply information about education, employment, employment history, financial information, medical information and health information, and the identification of relatives that work here.
We also collect data from:
1. Consumer and credit reporting agencies;
2. Government agencies;
3. Security and risk management vendors;
4. Marketing agencies and vendors;
5. Social media platforms; and,
6. Staff, other players and consumers when you interact with them and they submit information about you to us.
Information That We Collect From You Automatically.
We may collect information from you automatically when you visit our website, use the Internet or your phone, your web browser, or operating system, which may transmit certain information to servers. The information may include the unique number assigned to your server or Internet connection, your geographic location, or your movement within a website including what pages you look at and what information you download.
3. Use of Information
The Casino may use the information collected by us: (1) to respond to your inquiries or requests for service, including financial services and third party financial services; (2) for marketing purposes, including, but not limited to, providing you with e-mail or notification of future the Casino events, food specials and services that may be of interest to you; (3) to process and fulfill registrations, awards or participation in games, gaming activities or promotions; (4) to organize and facilitate events, communications or offers; (5) to process and fulfill transactions; (6) to respond to complaints and other communications; (7) to comply with laws and regulations, legal requirements and internal control policies, including to respond to subpoenas, court orders, legal process, or to exercise our legal rights or defend against legal claims; (8) for hiring and for management of employees; (9) for demographic purposes; (10) to investigate incidents, insurance claims or other claims; (11) to assist law enforcement; (12) to generate information from our website use to generate aggregate statistics about visitors to our website; (13) to investigate, prevent or take action regarding, or to keep records regarding prior, possible illegal activities, suspected fraud, situations involving potential threats to any person’s personal safety, or other incidents involving reasonably suspected criminal activity or violations of law, or policies; (14) to cooperate with law enforcement, insurance companies or regulators in an on-going investigation, and (15) for use in hiring or contracting. Hiring uses include compliance with laws and regulations, the evaluation of job candidates, background checks, insurance coverage and rules, and to aggregate data to perform workforce analytics, hiring data and benchmarking. In the prior 12 months, personal information has been put to each of these uses.
In the future, personal information could be shared in connection with a business transaction involving a sale, purchase, reorganization, or transfer to a third party of any of the assets of the Casino or Casino website. For example, we may transfer customer lists to a buyer of the Casino.
The casino uses personal information for the purposes listed above which may be determined to be other than those specified in Reg section 7027, subsection (m) and Regs. Sec. 7011(e)(1)(K). You may limit your use of such information through our website form at the site or by contacting us at email@example.com. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We also have video and audio surveillance in and outside our facility in order to comply with laws and regulations, to provide patron security, to assist law enforcement and to improve our operations. We do not use customer images for commercial use unless we have obtained consent, we have posted notice that at certain times we are filming commercials or recording images for advertising and persons present may be imaged, or unless the use is inadvertent.
Information Sharing and Disclosure with Third Parties and Purposes. We allow specific third parties to access Personal Information and/ or Sensitive Information for business purposes only. When you provide us with a credit card, we use third party payment processors to process your credit card for food and beverage sales. We use the Cobblestone system to track floor transactions in order to comply with federal laws and regulations known as Title 31. If you use the ATM or cash advance system you will be providing information to Everi, the operator of those systems, in order to complete your transaction. Website usage information is seen by our marketing agency. We use this information to improve our marketing. We share information with companies and persons that assist us in fulfilling our “customer due diligence” and Title 31 obligations, including independent auditors. We share demographic information with our ad agency for marketing but without customer names, phone numbers, email addresses or residential house numbers or street names. We may run credit checks using a third party credit agency as part of a transaction, hiring or employment decision. You should know that where it is possible to do so, third parties may link available information to your Personal Information. When we provide personal information to our business partners and other third parties for such purposes, we require them to the extent feasible to exercise reasonable care to protect your Personal Information and restrict the use of your Personal Information to the purposes for which it was provided to them.
We encourage our customers to “Play Responsibly.” While most individuals gamble for entertainment purposes, some individuals may develop a gambling problem. The Casino offers a voluntary Self-Restriction program with materials available in our Casino. Individuals who sign up for this program and identify means of contact (such as an email address) may not receive any direct marketing materials or information about products or services during their self-restriction period.
We also participate in the state-wide Self-Exclusion program. More information can be found in our Casino, by calling 1-800-Gambler, or at the Office of Problem Gambling website: http://problemgambling.ca.gov/ccpgwebsite/default.aspx
In order to comply with regulations and laws, information disclosed to us under our Self-Restriction program may be shared with law enforcement and regulators if we need assistance from law enforcement to remove you from the premises, and may also be shared or upon the request of a government agency. Information disclosed to us under the statewide Self-Exclusion program is shared with other cardrooms and the Bureau of Gambling Control, and may be shared with law enforcement if we need assistance from law enforcement to remove you from the premises, or shared upon request of a government agency.
4. Underage Persons
Persons under the age of 21 are not permitted in our establishment. If you are under the age of 21, we ask that you do not provide any Personal Information to us or follow us on social media. We do not knowingly sell or share, let alone collect, the personal information of anyone under 16 years of age.
5. Retention Periods.
We are subject to the regulations of government agencies, including the California Gambling Control Commission. We retain personal information for financial transactions as required in those regulations for up to seven years. We retain complaint, incident and investigation records for seven years or more. Other electronic records, such as video recordings, computer activity, cookies, and geo location data is retained for weeks and up to a year. We retain other data for the period in which a claim may be brought under the applicable statute of limitations, or the periods or periods determined by management for the Company’s legitimate business or commercial purposes that is reasonably necessary and compatible with the context in which the information was collected. We retain records for job applicants for three years, the period in which a claim may be brought under the applicable statute of limitations, or the periods or periods determined by management for the Company’s legitimate business or commercial purposes that is reasonably necessary and compatible with the context in which the information was collected.
These periods are subject to change by management and subject to government regulation and changes in regulation. You may request a copy of the then current record retention policy as provided under Contact Us in this policy.
6. Data Security
The Casino has security measures in place to protect against the loss, misuse, and alteration of the information under our control. While we make every effort to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will be fool proof or prevent third-parties including “hackers” from illegally obtaining this information.
7. Exercising Your Rights – California Residents
The CCPA and CPRA provides consumers (California residents) with specific rights regarding their personal information. This section describes your rights and explains how to exercise those rights.
The right to know includes the right to know what personal information the business has collected about the consumer or person, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom the business discloses personal information, and the specific pieces of personal information the business has collected about the consumer.
You also can request:
- Our business or commercial purpose for collecting or selling your personal information.
- The categories of third parties with whom we shared your personal information.
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights, below), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies under Regulation 7027(m), which provides in subparts (1)-(8):
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
(1) To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services. For example, a consumer’s precise geolocation may be used by a mobile application that is providing the consumer with directions on how to get to specific location. A consumer’s precise geolocation may not, however, be used by a gaming application where the average consumer would not expect the application to need this piece of sensitive personal information.
(2) To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information. For example, a business may disclose a consumer’s log-in information to a data security company that it has hired to investigate and remediate a data breach that involved that consumer’s account.
(3) To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions. For example, a business may use information about a consumer’s ethnicity and/or the contents of email and text messages to investigate claims of racial discrimination or hate speech.
(4) To ensure the physical safety of natural persons. For example, a business may disclose a consumer’s geolocation information to law enforcement to investigate an alleged kidnapping.
(5) For short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a consumer’s current interaction with the business, provided that the personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business. For example, a business that sells religious books can use information about its customers’ interest in its religious content to serve contextual advertising for other kinds of religious merchandise within its store or on its website, so long as the business does not use sensitive personal information to create a profile about an individual consumer or disclose personal information that reveals consumers’ religious beliefs to third parties.
(6) To perform services on behalf of the business. For example, a business may use information for maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business.
(7) To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by the business. For example, a car rental business may use a consumer’s driver’s license for the purpose of testing that its internal text recognition software accurately captures license information used in car rental transactions.
(8) To collect or process sensitive personal information where such collection or processing is not for the purpose of inferring characteristics about a consumer. For example, a business that includes a search box on their website by which consumers can search for articles related to their health condition may use the information provided by the consumer for the purpose of providing the search feature without inferring characteristics about the consumer.
Common reasons why we may keep your personal information include:
- We cannot verify your request.
- To complete your transaction, provide a reasonably anticipated product or service, or for certain liability purposes.
- For certain business security practices.
- For certain internal uses that are compatible with reasonable consumer expectations or the context in which the information was provided
- To comply with legal obligations, exercise legal claims or rights, or defend legal claims.
- If the personal information is certain medical information, consumer credit reporting information, or other types of information exempt from the CCPA.
- Where deletion proves impossible or involves disproportionate effort, as provided in Civil Code sections 1798.105(c). See Civil Code sections 1798.105(d) and 1798.145 for additional exceptions.
The additional statutory exceptions under 1798.105(d) include:
1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
3. Debug to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
7. To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.
8. Comply with a legal obligation.
You may request that the Casino not collect your personal information by opting out. Opting-out will not prevent your Personal Information from being used for purposes specified in Section 4, including where legally required. Opting-out also may not protect you from future data collection if you continue to visit our website, casino or continue to use our services.
Exercising Access, and Deletion Rights
We have pre-printed forms for you to complete for CCPA requests. You can start the process by:
1. Using the form and submitting it in person at the cage.
2. Filling out the same form on our website at https://www.oakscardclub.com/information-request-form
3. Calling this toll-free number: 800-966-0949,
4. Emailing the form or a request to firstname.lastname@example.org, or
5. All requests must contain the following information:
(1) Your full and complete legal name, and any alias or other names or nicknames you use:
(2) Your contact information, including mailing address, email and phone. We need your email to speed up communications between us in processing your request, and because some records we maintain may be searchable by or contain only an email address.
A description of the services you used and personal information you provided us with the circumstances, approximate dates and times. For example, did you use cash advances or check cashing?
Verifying Consumer Request and Agency.
We also will need to verify your identity before releasing any personal information about you, except a request to opt-out need not be a verifiable consumer request and a request to limit also need not be a verifiable request. For other requests, including requests to know, delete or correct, we will ask for visual verification of your identity using government issued identification. This may be done in person, or over communications facilities, or a means that is practical for the consumer or requestor. We will attempt to match the verification to the personal information we have. We shall delete any new personal information collected for the purposes of verification as soon as practical after processing the consumer’s request, except as required to comply with regulation section 7101. We do not require the consumer or the consumer’s authorized agent to pay a fee for the verification of their request to delete, correct or know. For requests to correct, we will make an effort to verify the consumer based on personal information that is not the subject of the request to correct.
An authorized agent may make a request on a consumer’s behalf with written evidence of authority.
Response Timing and Format.
For a request to opt out, we must stop selling and sharing personal information as soon as feasibly possible, but no later than 15 business days from the date we receive the request. We must also notify all third parties to whom we have sold or shared personal information within that same 15 business day period that the consumer has made a request to opt-out of the selling and sharing of personal information.
For requests to limit, we must stop using and disclosing consumer’s sensitive personal information except for permissible purposes as soon as feasibly possible, but no later than 15 business days from the date we receive the request. Further, we must notify all our service providers, contractors, and third parties that use or disclose the consumer’s sensitive personal information for other than the permissible purposes as soon as feasibly possible, but no later than 15 business days from the date you receive the request.
For other requests, we endeavor to confirm receipt of your request within 10 days of receiving the request and we may take 45 days from the initial request to respond. We can add 45 days to our response time only if there is good cause to do so, such as the customer not supplying us with adequate information to use to verify identity and locate personal information, and we provide notice to the customer of the extension within the original 45 day response period. The information we will provide is through the date the request is received.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. There are no limits on the number of requests to delete. For other requests, a maximum of two requests may be made in a 12 month period.
For persons who are not California residents, please submit your requests using the form and means described herein.
8. Other California Privacy Rights
Or by email at email@example.com with “Privacy” in the subject field.
9. Revisions to This Policy
Rev. April 4, 2023