Patakaran sa Pagkapribado

Last Updated: June 6, 2023

The Graton Economic Development Authority, an unincorporated, wholly owned instrumentality of the Federated Indians of Graton Rancheria, d/b/a Graton Resort & Casino (“GRC” or “We” or “Us”) has a strong commitment to respecting the concerns about privacy of all of our customers (“Users”). We understand that Users of our website or mobile apps may have questions about whether and how we collect and use Users information, and we are committed to protecting our Users’ privacy. Consequently, we only use the personally identifiable information (“PII” or “personal information” or “personal data”) that you provide in accordance with the terms outlined below.

This Privacy Policy (“Privacy Policy”) covers personal information we obtain when you visit us, use our services, or access the features on the websites or apps that GRC owns or controls (today or in the future), including https://www.gratonresortcasino.com and our mobile app(s) (collectively, the “Sites”).

You can access the Sites in many ways, including from a computer, tablet, or mobile phone, and this Privacy Policy will apply.

This Privacy Policy also governs the use of personal information we obtain from you from any third-party site or application where we post content or invite your feedback or participation (“Third Party Sites”). GRC cannot control the privacy policies or practices of Third-Party Sites, or of companies we do not own or control, or the actions of third parties we do employ or manage. As a result, you should always check the privacy policies of Third-Party Sites and your privacy settings.

If you are in the United Kingdom (UK), or in any country in the European Economic Area (EEA) (which includes member states of the EU), please note that additional terms at the end of this Privacy Policy may apply to our handling of your personal information.

If you do not agree to the terms and conditions of the Privacy Policy, please do not use the Sites. By accessing the Sites, you confirm that you are over the age of twenty-one (21), and you agree to and will be bound by GRC Privacy Policy.

1. Principles for Processing Personal Information

We respect your privacy and wish to keep you informed. We are committed to protecting your personal information in compliance with applicable law by utilizing the following principles:

  • Data will be processed fairly and in accordance with applicable law.
  • Data will be collected for specified, legitimate purposes and not processed in ways incompatible with those purposes.
  • Data will be relevant to the purposes for which it is collected and used. For example, data may be rendered anonymous if deemed reasonable, feasible and appropriate, depending on the nature of the data and the risks associated with the intended uses.
  • Data subjects in the European Union (EU) will be asked to provide their clear and unequivocal consent for the collection, processing, and transfer of their personal data.
  • Data will be accurate and, where necessary, kept up to date. Reasonable steps will be taken to rectify or delete personal information that is inaccurate or incomplete.
  • Data will be kept only as it is necessary for the purposes for which it was collected and processed. Those purposes shall be described in this Privacy Policy.
  • Where allowed by law, Data will be deleted or amended following a relevant request by the concerned data subject, provided that each such notice complies with applicable law. Data will be processed in accordance with the individual’s rights described herein or as provided by law.

Appropriate technical, physical, and organizational measures will be taken to prevent unauthorized access, unlawful processing and unauthorized or accidental loss, destruction, or damage to data. In case of any such violation with respect to personal data, we will take appropriate steps to end the violation and will cooperate with the authorities to investigate and resolve the matter.

2. Information We Collect

Personal Information

The information GRC collects is referred to collectively as your “Personal Information”.

Users may be asked to provide their:

  • Name – first and last name.
  • Address of residence and other physical address (which may include your business address).
  • Electronic mail (e-mail) address.
  • Social security number, Government issued identification number, or national identification number.
  • Date of birth.
  • Driver’s license number or other identification number.
  • Geolocation information.
  • Phone number.
  • Employment history, including number of years employes at each business and salary and financial compensation amount(s).
  • Usernames, passwords, contact preferences, contact or authentication data.
  • Information that you provide to us about other people.
  • Payment card information.
  • Social media accounts.
  • Financial information such as credit card number, debit card number, bank account or other financial institution account number and financial transaction history.
  • Landlord information or mortgage information.
  • Your business information, including the business’ financial institution(s) information and mortgage information.
  • Other financial information.
  • Rewards card number.
  • Past gaming activity with GRC.
  • All ancillary Player Club data shared with GRC.
  • Information we are required to collect by law.
  • Certain information about devices used to access our Sites, such as IP address, browser information, device information, cookies, mobile advertising IDs, HTML5 local storage, and similar technologies.
  • Video surveillance information and threat detection systems to monitor gaming areas and other public and sensitive areas within and around our locations for safety, security, fraud prevention, and other purposes. Some surveillance systems may incorporate video surveillance footage, including images and audio via security cameras, facial recognition technologies, and magnetic sensor technology, all of which may be used for additional screening. Surveillance camera output is monitored by our employees and contractors and may be viewed by or shared with law enforcement and regulatory authorities.

In some circumstances, Users may visit some of our Sites anonymously. We will collect personal identification information from Users under such circumstances only if the Users voluntarily submit such information to us. Users may refuse to supply personal identification information; however, refusal to provide this information may prevent Users from engaging in certain activities on the Sites or prevent Users from accessing or utilizing certain Sites or features of Sites altogether.

Non-personal Information

From time to time, we may collect certain non-personal identification information about Users whenever they interact with our Sites. Non-personal identification information may include certain information such as the browser name, the type of computer and technical information about Users’ means of connection to our Sites, such as the operating system and the Internet service providers utilized, and other similar information.

Cookies and Other Technologies

When you visit the Sites, GRC will collect passive information about your visit. Passive information is any form of aggregate data, navigational data, tracking data, click-stream data, or historical data, which does not necessarily personally identify you (“Usage Data”). For example, each time you use the Sites, GRC automatically collects the type of web browser you use, your operating system, your internet service provider, your IP address, the pages you view, and the time and duration of your visits to the Sites. GRC uses this information to help GRC understand how patrons use the Sites, and to enhance the services its Service Providers offers to GRC’s patrons and other similar establishments.

GRC uses “cookies” (small text files placed on your computer to identify your computer and browser) and may use anonymous identifiers (a random string of characters that is used for the same purposes as a cookie) to enhance your experience with the Sites. If enabled in your browser, cookies may store small amounts of data that enable GRC to customize the content according to your preferences. GRC may use cookies or anonymous identifiers to: (1) keep count of your return visits to the Sites; (2) accumulate anonymous, aggregate, statistical information on Sites usage; and (3) save your password so you don’t have to re-enter it each time you visit the Sites. Cookies tell GRC nothing about you personally unless you specifically provide GRC additional information.

Most web browsers are initially set up to accept cookies. You may reset your web browser to refuse all cookies or to indicate when a cookie is being sent, however, certain features of the Sites may not work if you delete or disable cookies. Some of GRC’s Service Providers may use their own cookies in connection with the services they perform on GRC’s behalf. We, our service providers, and our business partners may also collect certain information about the use of Sites by automated means, such as cookies, web beacons, HTML5 local Storage, and other technologies. We may also collect information about online activities over time and across third-party websites.

The information that may be collected by automated means includes:

  • URLs that refer users to our website
  • Search terms used to reach our website.
  • Details about the devices that are used to access our website (such as IP address, browser type, operating system information, geolocation, and mobile device information)
  • Details about users’ interaction with our website (such as the date, time, frequency, and
    length of visits, and specific pages accessed during the visits)
  • Web browsers may offer users of our website the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our website may not function correctly. To support and enhance our Services, we may serve advertisements through our Services. These advertisements are sometimes targeted and served to particular users and may come from third party companies called “ad networks.” Ad networks include third party ad servers, ad agencies, ad technology vendors, and research firms. We are not responsible for the privacy practices of these ad networks and other parties. Advertisements served through the Services may be targeted to users who fit a certain general profile category, which may be inferred from information you provide to us, based on your Services usage patterns, or based on your online activities. We do not provide personal information to any ad networks for use other than in connection with our Services.

You can make decisions about your privacy and the ads you receive. You can control whether companies serve you on-line behavioral advertising by visiting the Digital Advertising Alliance website and using its opt-out: http://www.aboutads.info/choices/. The DAA opt-out requires that cookies not be blocked in your browser. To learn more about ad networks and to adjust your preferences you may also visit the Network Advertising Initiative: https://www.networkadvertising.org/understanding-online-advertising.

Because there is not yet a consensus on how companies should respond to web browser-based do not track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time.

Please note that not all tracking will stop even if you delete cookies.

3. How We Collect Information

We may collect personal information from Users in a variety of ways, including when you:

  • Voluntarily provide it to us.
  • Visit our Sites.
  • Sign up and create an account.
  • Register and enroll for a Player’s club card.
  • Sign up to receive or respond to emails, special promotions, offers, event information, newsletters, or other communications (e.g., social media sites).
  • Play games on our Sites.
  • From our service providers, partners, and third parties, such as those discussed in the “How We Use Your Information” and “How We Share Your Information” sections below.
  • Make purchases.
  • Communicate with us.
  • Submit a request for a Win/Loss Form.
  • Submit a request for an IRS Form W-2G, Form 1042S, or Form 1099.
  • Consent to receive text messages (we collect your mobile telephone number to send you
    the text messages, and you have the option to stop receiving text messages).
  • Contact us offline or submit information to us offline.
  • Apply for a job with us.
  • Use our kiosks.
  • Provide information to us through our Sites.
  • From other platforms that you may use to engage with us.
  • Automatically, from devices that you use to connect to our Sites.
  • In public areas, through our use of safety and security technologies that we may use when you visit our Sites.

While providing Services to advance limit applicants and GRC’s clients, GRC also collects Personal Information from the following sources, including, but not limited to: advance applications and other standard forms related to customer accounts, including name, address, social security number, asset information, bank account balances, and financial transactions; customer transactions and other interactions directly with GRC and the Sites; and information obtained from third-parties, such as advance reporting agencies and financial institutions, when verifying applications or other forms or receiving information about your advance history. This information may also be obtained from other third-parties or institutions with which you conduct non-financial transactions.

We may also collect personal information from Users in connection with other activities, services, features, or resources we make available on our Sites.

4. How We Use Collected Information
GRC collects and uses Users’ personal information to:

  • Personalize Users experience.
  • Facilitate purchases, transactions, and reservations.
  • Verify your eligibility for a credit card or line of credit.
  • Improve our Sites and customer service.
  • Share your information with third parties (see Section 7 (Sharing your personal information)).
  • Administer a contest, promotion, survey, or other features of our Sites.
  • Send Users information they agreed to receive about topics we think will be of interest to them.
  • Facilitate account creation and authentication (e.g. managing Users accounts).
  • Deliver service to Users and respond to Users’ inquiries.
  • To send periodic emails or mobile/SMS messages; and If a User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product, or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Sites or email us directly at privacy@gratonresortcasino.com.

We may also use information in the aggregate to understand how our Users as a group use the services and resources provided on our Sites.

If you apply for a job through our Sites, we may also use the information to assess your qualifications and personal experience to determine if it meets specific job requirements; and to help us inform candidates of future openings at GRC.

5. How We Protect Your Information

Keeping your information secure is a priority for GRC. GRC restricts access to your Personal Information to those employees and agents who need the information to assist in providing the Services. GRC maintains physical, electronic, and procedural safeguards that comply with applicable laws to protect your Personal Information. GRC trains its employees in the proper handling of your Personal Information.

We adopt appropriate data collection, storage and processing practices and security measures, including use of secured communication channels encrypted and protected with digital signatures, to protect against unauthorized access, alteration, disclosure or destruction of your personal information and other data stored on our Sites.

Some pages of the Sites may use security measures to protect against the loss, misuse or alteration of information that is transmitted through the Sites. These pages use Secure Socket Layer (“SSL”) connections with at least 128-bit encryption for certain transactions and confidential data. However, you acknowledge that no transmission of data over the Internet or mobile phone devices or any other network can be guaranteed to be 100% secure, despite our efforts. We also cannot protect financial or personal information that is not under our control. AS A RESULT, WHILE GRC STRIVES TO PROTECT YOUR PERSONAL INFORMATION, GRC CANNOT ENSURE OR WARRANT THE SECURITY OF ANY INFORMATION YOU TRANSMIT, AS THERE IS ALWAYS A RISK. THEREFORE, PROVIDING INFORMATION TO GRC ON ITS SITES (OR A CLIENT OF GRC’S), IS AT YOUR OWN RISK.

6. Secure Shopping and Payment Card Information

We offer multiple options for processing credit card payments. GRC goes to great lengths to keep the financial information you provide to us private and safe. We use industry standard technology and protocols in transferring information to process your orders. All credit card transactions occur in a secure area of our Site, to protect you from any loss, misuse or alteration of information collected. When you have finished shopping and begin the checkout process, you will move into the secure area of our Site. You acknowledge, however, that no transmission of data over the Internet or mobile phone devices can be guaranteed to be 100% secure, despite our efforts. We also cannot protect financial or personal information that is not under our control. Thus, while we will use every means possible to ensure the security of the information you transmit to us, we cannot guarantee that such information will not be intercepted by third parties.

7. Sharing your personal information

From time to time, GRC may establish business relationships with other businesses that GRC believes to be trustworthy and who have confirmed that their privacy practices are consistent with GRC’s (collectively, “Service Providers”) specifically including, but not limited to,: Marker Trax, LLC and its subsidiaries, affiliates, consultants and contracted third parties “Marker Trax” (see Marker Trax’s Privacy Policy at http://www.markertrax.com/privacy-policy). Marker Trax assists GRC with analyzing and assisting with the development of GRC’s advance analysis software for determining a patron’s GRC advance limit. This information is important for GRC to continue the development of its advance analysis software.

Marker Trax and its subsidiaries, affiliates, consultants and contracted third parties use of your Personal Information is subject to their respective Privacy Policies, and you hereby release GRC from all liability regarding Marker Trax use of your Personal Information and expressly agree to be bound by the Marker Trax Privacy Policy concerning its access of and use of your Personal Information. Section 1542 of the California Civil Code provides: A general release does not extend to claims that the creditor or releasing party does not know or suspect to exist in his/her favor at the time of executing the release, and that, if known by him/her, would have materially affected his/her settlement with the debtor or released party. By signing this Agreement, you waive the provisions of Section 1542 and any similar state provisions.

GRC does and may contract with Service Providers to provide certain services, such as hosting and maintenance of the Sites, data storage and management, and marketing and promotions. GRC provides its Service Providers with the information necessary for them to perform these services on GRC’s behalf. Each Service Provider must agree to use reasonable security procedures and practices, appropriate to the nature of the information involved, to protect your Personal Information from unauthorized access, use or disclosure. Service Providers are prohibited from using Personal Information other than as specified by GRC. Since these Service Providers routinely change, it is not feasible for GRC to list every Service Provider.

We may share the information we collect, including:

  • Within our family of companies, our branded subsidiaries, joint ventures, and other
    companies in the United States under our common control (collectively, “Affiliates”).
  • With service providers that perform services for us or on our behalf, including, but not limited to, for the purposes of operating our Sites, assisting us to perform business functions and operations, and for fulfilling requests by you. For example, service providers include web hosting providers, app hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, and professional advisors such as accountants, solicitors, business advisors and consultants.
  • With third parties for our marketing purposes.
  • With your consent and at your direction.
  • When you voluntarily provide content for the purpose of it being shared with other users.
  • To verify your eligibility for credit, a credit card, or other services; and
  • To evaluate advance limit applications.
  • To communicate with financial institutions, including banks, advance unions, brokerage firms, and savings and loans.
  • To communicate with other third parties as necessary to make a full financial reporting on
    advance limit applications.
  • To communicate with GRC’s clients as consented to by you, either through GRC or GRC’s
    client.
  • To communicate directly with you in connection with your specific requests.
  • To validate your identity.
  • To record your gaming-related activity.
  • To conduct statistical or demographic analysis.
  • To comply with legal and regulatory requirements.
  • To protect payment transactions against fraud or identify theft.
  • To prevent fraud.
  • To satisfy contractual obligations.
  • To cooperate with law enforcement or other government agencies for purposes of national security, public safety, or matters of public importance when GRC believes that disclosure of information is necessary or appropriate to protect the public interest.
  • To provide you with products or services you have requested either directly or through a third-party that is a client of GRC.

We may also disclose personal information to assist with or otherwise enable our compliance with a legal or regulatory obligation, protect and defend our rights or property, and protect the safety of our Users or the public.

We reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our business or assets. If we engage in such a sale or transfer, we will make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Privacy Policy. After such a sale or transfer, you may contact the recipient with any inquiries concerning the recipient’s privacy practices.

THE RELATIONSHIPS BETWEEN GRC AND ITS SERVICE PROVIDERS, INCLUDING MARKER TRAX, LLC, DO NOT CREATE ANY AGENCY, PARTNERSHIP, JOINT VENTURE, TRUST OR OTHER RELATIONSHIP WITH DUTIES OR INCIDENTS DIFFERENT FROM THOSE OF PARTIES TO AN ARM’S-LENGTH CONTRACT. FURTHERMORE, NO AGREEMENT BETWEEN GRC AND ITS SERVICES PROVIDERS, INCLUDING MARKER TRAX, CONSTITUTES A “MANAGEMENT CONTRACT” OR “MANAGEMENT AGREEMENT” WITHIN THE MEANING OF 25 U.S.C. § 2711, OR DEPRIVES THE TRIBE OF THE SOLE PROPRIETARY INTEREST AND RESPONSIBILITY OF THE CONDUCT OF GAMING.

GRC will also provide your Personal Information to a third-party vendor, which could include, but is not limited to: Marker Trax, LLC and its subsidiaries, affiliates, consultants and contracted third parties “Marker Trax” (see Marker Trax’s Privacy Policy at https://www.markertrax.com/patents). Marker Trax assists GRC with analyzing and assisting with the development of GRC’s advance analysis software for determining a patron’s Casino advance limit. This information is important for GRC to continue the development of its advance analysis software. When participating in or applying for Fast Funds, GRC does not make any direct, indirect, manual or automated determinations regarding approval of financial transactions for you. If applicable, GRC may verify application information and submitted Personal Information, provide its recommended advance limit, and then returns such information to GRC’s client who ultimately determines and approves all advance limits and transactions. GRC’s client may also access your traditional consumer report through GRC, to which you hereby expressly agree and consent by using the Sites.

8. Third party websites

GRC Privacy Policy applies solely to the Sites, which may contain links to third-party websites that are not owned or controlled by GRC. GRC has no control over, and assumes no responsibility for the content, privacy policies or practices of any third-party websites. GRC will not and cannot control, prevent, censor, or edit the content of any third-party websites or information. ACCESSING THIRD-PARTY WEBSITES OR CONTENT IS AT YOUR OWN RISK. You should always read the privacy policy of third-party websites before providing any information to the website, and you assume all risk by entering and using any third-party websites. BY USING THE SITES, YOU SPECIFICALLY ACKNOWLEDGE AND AGREE TO RELEASE GRC FROM ALL LIABILITY ARISING FROM YOUR USE OF ANY THIRD-PARTY WEBSITES. Users may find advertising or other content on our Sites that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Sites. In addition, these third-party sites or services, including their content and links, may have their own privacy policies and customer service policies which are constantly changing. Browsing and interaction on any third-party website, including websites which have a link to our Sites, is subject to that third party website’s own terms and policies.

9. Advertising

Ads appearing on our site may be delivered to Users by third party advertising partners, who may set cookies. These cookies allow the ad server to recognize your computer or other device each time they send you an online advertisement to compile non personal identification information about you or others who use your computer or device. This information allows ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you. Our Privacy Policy does not cover the use of cookies by any advertisers.

10. Persons Under Age 21

The Sites and Services comply with the Children’s Online Privacy Protection Act of 1998 (“COPPA”) and are not directed to persons under the age of 21. GRC does not knowingly or intentionally collect personally identifiable information from anyone in violation of COPPA or anyone under 21 years of age. If you believe a person under age 21 has provided us with information, contact us at privacy@gratonresortcasino.com.

11. Communications

E-mail

We may periodically contact you via e-mail and provide information about special offers and promotions that may be of interest to you. We may also use a third-party e-mail service provider to send e-mails. This service provider is prohibited from using your e-mail address for any purpose other than to send GRC related e-mail. In addition, every time you receive an e-mail you will be provided with the choice to opt-out of future e-mails.

12. Your Rights

You have the right to be provided with information as to the nature of the personal information stored or processed about you by GRC and may request deletion or amendments where allowed by applicable law.

You may email privacy@gratonresortcasino.com to review, update, and revise your personal information.

If access is denied, you have the right to be informed about the reasons for denial. You may resort to the dispute resolution described in this Privacy Policy as well as in any competent regulatory body or authority. GRC shall handle in a transparent and timely manner any type of internal dispute resolution procedure about personal information.

If any information is inaccurate or incomplete, you may request that the data be amended. It is your responsibility to provide us with accurate personal information about yourself and to inform us of any changes. (e.g. new home address or change of name).

If GRC does not make the requested change, you may file a written statement of dispute with GRC. GRC will include the written dispute in future disclosures of that Personal Information. GRC will send the written dispute to anyone you request who received your Personal Information from GRC in the past two (2) years. To exercise these rights, please send GRC a written request by mail or email. Please include your name, address, account number, daytime phone number, and the Personal Information that you would like access to or that you believe needs correction. GRC may charge a small fee to collect, copy, and send the Personal Information to you. To protect your Personal Information, GRC may ask you to verify your identity and to provide other details to respond to your request.

If you demonstrate that the purpose for which the data is being processed is no longer legal or appropriate, the data will be deleted, unless the applicable law requires otherwise. You also have the right to request the deletion of your personal data for any reason by emailing. privacy@gratonresortcasino.com.

If at any time, you believe that your personal information has been processed in violation of this Privacy Policy, you may report the concern to GRC directly. If you have any inquires or complaints about the use or limitation of use of your personal information, you may contact us at:

Graton Resort Casino
630 Park Court
Rohnert Park, CA 94928
Or e-mail us at privacy@gratonresortcasino.com.

If you experience difficulties accessing or changing your Personal Information or have questions or concerns regarding GRC Privacy Policy, please e-mail GRC at the above email address.

13. California Privacy Rights

If you are a California resident, you have the right to request information from us regarding the way GRC shares certain categories of personal information with third parties for their direct marketing purposes, in addition to the rights set forth above. Under California law, you have the right to send us a request at the designated address listed below to receive the following information:

  • The categories of information we disclosed to third parties for their direct marketing purposes during the preceding calendar year.
  • The names and addresses of the third parties that received the information; and
  • If the nature of the third party’s business if it cannot be determined from their name,
    examples of the products or services marketed.

This information may be provided in a standardized format that is not specific to you. The
designated email address for these requests is: privacy@gratonresortcasino.com.

Also, please note that we have not yet developed a response to browser “Do Not Track” signals, and do not change any of our data collection practices when we receive such signals. We will continue to evaluate potential responses to “Do Not Track” signals considering industry developments or legal changes.

14. Obligations to Data Protection Authorities (“DPAs”)

We will respond diligently and appropriately to requests from DPAs about this Privacy Policy or compliance with applicable data protection privacy laws and regulations. We will, upon request, provide DPAs with names and contact details of the individuals designated to handle this process. Regarding transfers of personal information, we will (i) cooperate with inquiries from the DPA responsible for the entity exporting the data and (ii) respect its decisions, consistent with applicable law and due process rights. Regarding transfers of data to third parties, we will comply with DPAs’ decisions relating to it and cooperate with all DPAs in accordance with applicable legislation.

15. Your Consent and Updates to this Policy

You acknowledge that this Privacy Policy is part of the Terms of Use for your use of the Sites, and you agree that using the Sites signifies your assent to this Privacy Policy. GRC reserves the right to change this Privacy Policy at any time. If we decide to change our Privacy Policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it and under what circumstances we disclose it. As we may make changes from time to time without notifying you, we suggest that you periodically consult this Privacy Policy. Your continued use of the Sites after the effective date of any modification to the Privacy Policy will be deemed to be your agreement to the changed terms.

If you have any questions about your privacy or security on our Sites, please contact us using the
following information:

Graton Resort Casino
630 Park Court
Rohnert Park, CA 94928
Or e-mail us at privacy@gratonresortcasino.com

16. Collection, Storage, and Use

Our Sites are operated from within the United States, and by submitting your Personal Information to us, either through our Sites, or by other means, you consent to the transfer, collection, usage, storage, and processing of your Personal Information in the United States as outlined in this Policy. Please note that your Personal Information may be used by us in the country where it was collected, as well as in the United States, where laws regarding the use of Personal Information may be less strict than the laws in your country.

In addition, we may send Personal Information outside of your state, province, or country for the purposes set out above, including for processing and storage by service providers in connection with such purposes.

Our Privacy Policy may be supplemented by local privacy policies that contain more detail specific to countries outside of the United States or European Union. Local privacy policies will supersede any definitions, processes or guidance provided in this Privacy Policy. Review the privacy policy applicable to the specific website you are visiting where you will find the local rules and regulations that apply to your personal information.

To the extent that any Personal Information is out of the country, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.

With respect to our Sites, this Privacy Statement applies to the websites located within the United States. Other sites are not covered under this policy. These sites have their own privacy statements. In addition, there are several places throughout the Sites that may link to other websites that do not operate under this Privacy Policy. When you link to other websites, our privacy practices no longer apply. For this reason, we encourage visitors to review each site’s privacy policy before disclosing any Personal Information.

How We Protect Information

We maintain administrative, technical, and physical safeguards designed to protect personal information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

GRC cooperates with government and law enforcement officials to enforce and comply with the law, including the applicable gaming commissions and control boards such as, but not limited to, the Federated Indians of Graton Rancheria Tribal Gaming Commission. GRC may disclose Personal Information and any other information about you to government or law enforcement officials if, in GRC’s discretion, it believes it is necessary or appropriate under applicable laws and regulations, in order to respond to legal requests (including court orders and subpoenas), to protect the safety, property or rights of GRC or of any third-party, to prevent or stop any illegal, unethical or legally actionable activity or to comply with the law.

Content Submitted By You

Some features of the Sites may allow you to post content on our Sites or social media pages, such as photos. Content that you provide may be shared publicly or with other users or third parties.

Responsable Gaming

We encourage you to gamble responsibly. GRC strongly supports and promotes responsible gaming practices. If you or someone you know has a gambling problem, we urge you to contact any of these organizations for help:

Gamblers Anonymous
1-855-222-5542
www.gamblersanonymous.com

Gam-Anon International
1-718-352-1671
www.gam-anon.org

Data Retention

We retain personal information for as long as necessary in accordance with applicable local, state and federal laws regarding use, storage and disclosure of Personal Information, including, but not limited to, the Fair Advance Reporting Act, 15 U.S.C. § 1681 et. seq. (“FCRA”) and the Gramm-Leach-Bliley Act of 1999 (“GLBA”) or where we are legally required to retain the personal information for a minimum period. When we no longer need the personal information we collect, we either anonymize the information or securely destroy the information.

All Personal Information voluntarily submitted by you or provided by your accounts pursuant to the access you permit, becomes the property of GRC for its limited use as provided in the Privacy Policy.

You agree that We may use, retain and/or disclose such Personal Information, subject to the Privacy Policy, without financial consideration to you.

17. Notice to UK/EEA (EU) Residents

This Privacy Policy is intended to provide adequate and consistent safeguards for the handling of personal information in accordance with Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“the Directive”) and all the relevant transposing legislation of the Directive in the European Union/European Economic Area, the Swiss Federal Data Protection Act, as such laws may from time to time be amended and valid during the application of this Policy, the Privacy Shield, and any other privacy laws, regulations and principles concerning the collection, storage, use, transfer and other processing of personal data transferred from the European Economic Area or Switzerland to the United States including but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“the General Data Protection Regulation”) as of its entry into force on 25 May 2018.

IF YOU ARE IN THE EUROPEAN ECONOMIC AREA OR UNITED KINGDOM

If you are in the EEA (which includes the countries of the European Union) or UK, then these terms may apply in addition to the terms above.

LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

Under applicable law of the EEA and UK, we require a legal basis to process your personal information. We will rely on one or more of the following:

  • Performance of a contract – we may need to collect and use your personal information to enter a contract with you or to perform our obligations under a contract with you.
  • Legitimate interest – we may use your personal information for our legitimate interests or those of another party. Examples of our legitimate interests include facilitating and arranging your booking/reservation with us, handling complaints about our services, or responding to queries and requests.
  • Compliance with law or regulation – we may use your personal information as necessary to comply with applicable law/regulation.
  • Consent – we may (but usually do not) need your consent to use your personal information. An example of is where you have given us consent to market to you.

TRANSFERS OUTSIDE THE EEA OR UK

Your personal information may be transferred to entities located outside the EEA or UK, such as to us in the United States, for the purposes described in this Privacy Policy. This includes countries where data privacy laws may not be equivalent to, or as protective as, the laws in your home country. In these cases, we will ensure it is protected and transferred in a manner consistent with applicable law.

This can be done in several different ways, for instance:

  • The recipient may have signed a contract based on “standard contractual clauses” approved by the European Commission, requiring the protection of your personal information.
  • The country to which the personal information is sent may be approved by the European Commission.

In other circumstances, applicable law may permit the transfer of your personal information outside the UK or the EEA, for example because it is necessary for the performance of a contract with you or to take steps to enter a contract with you.

You can obtain more details of the protection given to your personal information when it is transferred outside the UK or the EEA (including a sample copy of standard contractual clauses) by contacting us using the details set out above,

YOUR RIGHTS

Where our handling of your personal information is covered by UK/EEA data protection law, you have number of rights:

  • Requesting information regarding the processing of your personal information and access to the personal information which we hold about you.
  • Requesting that we erase your personal information in certain circumstances.
  • Requesting that we correct your personal information if it is inaccurate or incomplete.
  • Objecting to, and requesting that we restrict, our processing of your personal information in certain circumstances.
  • Withdrawing your consent, although this will not affect the lawfulness of the processing before the withdrawal.

In some circumstances, receiving some personal information in a structured, commonly used, and machine-readable format and/or requesting that we transmit that information to a third party where this is technically feasible. Please note that this right only applies to personal information which you have provided to us.

Please note that there may be circumstances where we are legally entitled to refuse a request. You may also lodge a complaint with the data protection supervisory authority in your country of residence.