DATA PROTECTION POLICY OF HIT d.d. NOVA GORICA

HIT d.d. Nova Gorica is aware that the right to privacy is one of the basic human rights, therefore we respect our customers’ privacy and handle their personal data responsibly, carefully and in accordance with the applicable legislation in force in the Republic of Slovenia and the company’s internal acts.

The present text is intended for your familiarization with the Data Protection Policy of HIT d.d. Nova Gorica in regard to the protection of our customers’ rights and to inform you of your rights in regard to the protection of personal data you entrusted us with and the purposes of its use.

A. WHY AND ON WHAT LEGAL GROUNDS WE USE PERSONAL DATA

1. Performance of Contracts

HIT d.d. Nova Gorica processes personal data in the context of and for the purposes of performance of contracts.

On the grounds of a contractual legal basis, personal data are processed in the necessary extent for preparing an offer, concluding of a contract, during the negotiation phase, after receiving an offer or the data subject's inquiries, for notifying about changes to conditions of sale, implementation of changes in a subscription or other contractual relationship, charging of services, resolving potential disputes and refunds, sending notices to data subjects in regard to the performance of the contractual relationship. To the extent necessary for authentication and identification of transactions, HIT d.d. Nova Gorica also processes data for the purposes of calculating commissions for contractual partners, who sell services to data subjects, as well as for defining their efficiency and for preparing reports and planning next sales activities.

Furthermore, HIT d.d. Nova Gorica processes personal data for the purpose of performing rights and obligations in regard to the loyalty program. Use of your personal data, needed for the purpose of performance of contract, covers the use of your personal data which is necessary for providing Privilege Club services, e.g. tracking of collecting and redeeming of points, comps at gaming tables and other benefits of the Membership Card and other activities you carry-out when using Privilege Card, as that allows us to, on the basis of further processing of your personal data, classify you in a specific member tier (silver, gold and black Membership Card and similar). You can read more about this in the General Terms and Conditions for the Privilege Club Operation

HIT d.d. Nova Gorica is not liable for potential abuse or disclosure of the data subject’s personal data, which is a result of the data subject’s improper conduct.

2. Fulfillment of Legal Requirements

Use of your personal data for fulfilling legal requirements covers especially the record keeping of safety events, recording of invoicing, hotel guests, entrance of players and non-players, ensuring video surveillance, maintaining surveillance videos about the activities in casino and other HIT premises, management of guests’ credit card data (for bookings, compensations for untimely cancelation, repayment of all or partial costs that incurred during the stay, etc.), record keeping of received cash prizes and gifts by the guests in the casinos, recordkeeping of players in the online casino, recordkeeping of casino guests who conduct transaction with non-cash means of payment, record keeping of other transactions performed in relation towards HIT Nova Gorica d.d. and guests who performed those transactions.

3. Use Your Personal Data on the Grounds of HIT d.d. Nova Gorica’s Legitimate Interest

HIT d.d. Nova Gorica also uses personal data on the grounds of legitimate interest pursued by HIT d.d. Nova Gorica or a third person, except when the interests or the fundamental rights and freedoms of the data subject, who requests the protection of their personal data, override the interests of HIT d.d. Nova Gorica.

In accordance with its legitimate interest, HIT d.d. Nova Gorica process personal data in a necessary and proportionate scope for the purposes of lowering the risk of a breach of the company’s website (ensuring information security, reducing the risk of an unauthorized access to important business information, personal data and information system) and for the statistical purposes intended to prepare reports for management, wherein such reports always include only anonymised data.

Other legitimate interests may include prevention of abuse, establishment of claims and defence against claims in administrative and legal proceedings.

HIT d.d. Nova Gorica may, in case of suspicion of abuse, to an appropriate and proportionate extent process the data of a data subject or the purpose of identification and prevention of potential scams or abuses and may, if appropriate, forward this data to the police, State Prosecutor's Office or other competent bodies.

4. Use of Personal Data on the Grounds of Consent

HIT d.d. Nova Gorica in specific cases asks their customers and other data subjects to give consent for processing of their personal data in order to assess several personal aspects of a data subject, such as analysis of personal taste, interests and behaviour of such data subject (profiling) for the purpose of creating and presenting personalized offers of goods and services to the data subject, including informing or direct marketing and for the purpose of conducting market research. In such cases, the processing of personal data is carried out within the framework of the consented to (with the data subject’s statement of consent) extent of personal data, purpose and agreed upon communication channels, until the withdrawal of such statement.

The consent can refer to informing about the offer and services, preparation of personalized offers or performing of services with added value. The informing is carried out via channels chosen by the data subject in the consent.

HIT d.d. Nova Gorica in case that a data subject gave appropriate consent, uses their personal data for:

INFORMING ABOUT BENEFITS

We use personal data of Privilege Club members acquired on the basis of the Privilege Club membership and activities in this regard, for informing them about benefits that members of the club are entitled to on the basis of the Privilege Club membership and other potential activities that they perform when using Privilege Club membership card. This applies to all benefits that we grant to all Privilege Club members, those that individual members are entitled to on the basis of their Privilege Club membership tier (owner of silver, gold or black Membership Card), as well as those that belong to members on the basis of potential daily, weekly, monthly, semi-annual colleting and redeeming of points, comps at gaming tables, other benefits on the basis of Membership Card usage and other valid promotions for individual business units in accordance with relevant conditions for specific business unit promotion.

DIRECT MARKETING

We also use personal data of data subjects who gave the appropriate consent for informing them about the current offer and personalized offers, new offers or services, prize contests and other business units’ news, as direct marketing can only be tailored to the data subject’s interests and wishes in such manner. Personal data, for which consent was given, are being processed, as well as personal data on the basis of the following:

- merging of members into individual groups on the basis of the processing of personal data, and

- analysis of personal data on an individual level, which is necessary for classifying members into the above-mentioned groups and preparing offers tailored to the needs of individual data subjects on the basis of that.

SURVEYS, ANALYSES AND RESEARCH

We use personal data, acquired on the basis of your Privilege Club membership and activities in relation to it, for conducting surveys, analyses and research that are not intended for marketing, but primarily for improving our business units’ offers and services and these include analyses of operation, visits, etc.

EXISTENCE OF COMPUTER (AUTOMATED) PROCESSING OF YOUR PERSONAL DATA

HIT d.d. Nova Gorica uses computer systems for the processing of personal data, which enable automatic processing of personal data. These systems are essential (and are used) for appropriate classification of Privilege Club members into groups (silver, gold, black Membership Card) on the basis of designed profiles, as well as for appropriate tracking of collected and redeemed points, comps at gaming tables and other Membership Card benefits, which are acquired by the members with their activities.

The notifying of individual Privilege Club members about acquired benefits, direct marketing on the basis of your personal data acquired in the context of your Privilege Club membership, as well as sending you surveys and performing analyses and research on the basis of the survey’s findings and other activities in the context of the Privilege Club is automated (i.e. exclusively on the basis of computer’s management) if you gave your consent for such processing.

Decisions on the basis of personal data, which are based only on the above-described automated processing of personal data in the context of Privilege Club membership, including the formation of segments and profiles on its basis, and decision which for the data subject entail certain legal effect or similarly affect the data subject’s position, they have the right to submit a request to annul such decision. This exception is valid if such a decision is necessary for providing services in regard to the membership in the Privilege Club, if there is an explicit legal basis on a national or EU level for such processing or if it is justified with the data subject’s explicit consent for that purpose.

In case of automated decision-making, segmenting and profiling, which is necessary for providing services related to the Privilege Club membership or is justified on the basis of the data subject’s explicit consent, the data subject has the right to request that the decision be personally reviewed by us (the right to obtain human intervention on the part of the controller), to express their point of view, as well as to contest the decision. The manner of exercising your rights in regard to the processing of your personal data is described below in the context of the section YOUR RIGHTS IN REGARD TO THE PROCESSING OF YOUR PERSONAL DATA.

5. Website and Online Services

HIT d.d. Nova Gorica only collects data from visitors on a voluntary basis and does not require users to provide information as a condition for visiting its websites.

We carefully protect the personal data collected through our websites and do not transfer the data to third persons.

HIT d.d. Nova Gorica may collect personal data acquired from the visitors of the websites, when you:

use our website,
use our services,
register for our loyalty program (Privilege Club) via the online casino or use My Privilege services on the website »www.hit.si/myprivilege/«,
get in contact with us,
receive our services,
register into HIT’s online casino.

HIT d.d. Nova Gorica uses personal data for the following purposes:

to provide visitors the requested information,
to improve the user experience in regard to our services and our website,
to inform about services, novelties and offers, insofar visitors gave their explicit consent or subscribed to receiving news,
to ensure a safe use of services.

We may collect the following types of information:

2. Data you Provided for via E-Forms and Inquires

contact data (name, surname, e-mail address, telephone number);
content of your message.

3. Automatically Collected Data by the Website’s Analytics

HIT d.d., Nova Gorica also collects personal data when visiting their websites via cookies for the purpose of ensuring better functionality and user experience, safety, uninterrupted functioning of the website or web portals and counting site visits.

Cookies, which are used on the majority of websites both locally and around the world, enable quick, friendly and easy collaboration between you and the website, as well as provide you a user-friendly experience if you consent to their use. Certain cookies enable us to sample and segment visitors and thus ensure that content is tailored to the interests and preferences of every individual web user.

HIT d.d. Nova Gorica uses the following cookies:

Name of the Cookie	Purpose	Duration	Origin
_utma	Statistic of site visits	2 years	Google Analytics
_utmb	Statistic of site visits	30 minutes	Google Analytics
_utmc	Statistic of site visits	until closing of the browser	Google Analytics
_utmz	Statistic of site visits	6 months	Google Analytics

In addition to the above-mentioned cookies, we use cookies to monitor visitors’ reactions to the notice about cookies (hit) and cookies for monitoring sessions (laravel_session).

Cookies that we use do not include personally identifiable data, such as name, telephone number, address, e- mail address, bank link or credit card data.

You can read more about cookies on the website https://www.hit.si/en/corpo-links/cookies.

You can read more about behavioral advertising on the following link: http://www.youronlinechoices.c....

4. Information about Using My Privilege Services

Privilege Club is available on the websites »https://webr.hit.si/MyPrivileg... and https://my-privilege.com/« (henceforth: “My Privilege”), through which a Member can check their balance of points, comps at gaming tables, list of benefits available through their particular membership card, list of comps they can redeem in regard to the number of collected points, a valid price list of benefits that the Member receives on the basis of specific number of collected points, a list of business units that participate in the Privilege Club, etc.

Categories of personal data that are being processed in the context of online service regarding the user of the My Privilege online service:

· data related to the user:

o number of the Privilege Club card,

o date of birth,

o e-mail address.

You can learn more about the service and rules for using the online service in General Terms and Conditions for the Privilege Club Membership and Operation.

6. Social Networks

HIT d.d. Nova Gorica uses the following social networks and manages the following websites:

· Facebook:

o Perla Resort & Entertainment - fb.com/perla.novagorica

o Park Hotel & Entertainment - fb.com/park.novagorica

o Drive-in, Restaurant & Entertainment - fb.com/drivein.novagorica

o Mond, Casino & Hotel – fb.com/mond.sentilj

o Korona, Resort & Entertainment – fb.com/korona.kranjskagora

o Fontana, Bar & Entertainment – fb.com/fontana.rogaskaslatina

o Aurora, Restaurant & Entertainment – fb.com/aurora.kobarid

o Poker room Perla – fb.com/pokerroomperla

o Poker room Mond – fb.com/mondpokerroom

o Poker room Korona – fb.com/korona.pokerroom

o Poker room Fontana – fb.com/fontanapokerroom

o Club Perla – fb.com/clubperlaslovenia

o Hotel Lipa – fb.com/lipa.hotel

o Hotel Sabotin – fb.com/sabotin.hotel

o Hotel Špik – fb.com/spik.hotel

o Hitstars.it - fb.com/stelleHIT

· Twitter: https://twitter.com/Hituniverseofun

· Twitter: https://twitter.com/HitStars_it

· LinkedIn: https://www.linkedin.com/compa...

· Instagram: http://instagram.com/hituniverseoffun (and open accounts that correspond to the above mentioned Facebook pages).

· LinkedIn: https://www.linkedin.com/company/hit-d-d-

YouTube: https://www.youtube.com/user/u...

Participating and posting on social networks is voluntary.

We kindly invite you to follow HIT d.d. Nova Gorica on social networks!

B. WHO CAN ACCESS PERSONAL DATA

Access to personal data is granted only to authorized employees and contractual processors, with whom the company concluded a data processing agreement in the scope and for purposes necessary to conduct work processes, providing company’s services and fulfilling rights and obligations from concluded contractual relationships.

The company’s employees and contractual employees are bound to respect provisions regulating data protection and HIT d.d. Nova Gorica general acts, as well as concluded data processing agreements. Customers’ personal data are the company’s trade secret.

CONTRACTUAL PROCESSORS OF PERSONAL DATA

In addition to HIT d.d. Nova Gorica, personal data is being processed on behalf of the company and for it by contractual processors or contractual processors’ employees, who provide technical support for the company’s processing of personal data.

Data subjects’ personal data are being processed by:

competent legal bodies and holders of public authorizations for implementing legal competences,
contractual processors of HIT d.d. Nova Gorica (developers of computer applications, websites and information services and personnel tasked with maintaining them; developers and initiators of software solutions; processors, engaged by HIT d.d. Nova Gorica to provide services needed for the performance of contracts; printing workshops; insurance companies; courier services; points of sale managers; external marketers; intermediates; marketing, research and analytics companies; external marketing agencies and event organizers; representatives of HIT d.d. Nova Gorica for conducting and implementing contracts, including collection of debt and legal proceedings),
other persons with legal grounds for acquiring and processing of personal data.

The list of categories of contractual processors is evident from the list of contractual processors of HIT d.d. Nova Gorica.

C. PERSONAL DATA STORAGE

The period for which the personal data will be stored varies according to the criteria for each category of personal data. Personal data is stored only as long as it is needed to achieve the purpose of processing for which it was collected or processed further or until the legally required storage period expires.

After the fulfilment of the purpose of processing or after the expiry of the storage period, personal data is deleted, destroyed, blocked or anonymised if they are not, on the basis of legislation regulating archival material and archives, classified as archival material or if the Data Protection law does not state otherwise for specific category of personal data.

D. DISCLOSURE OF YOUR PERSONAL DATA

HIT d.d. Nova Gorica guarantees that the received customers’ personal data and all other data processed in pursuance of their legal interests that override the interest of a data subject, will be protected against unauthorized disclosure and transfers of data to unauthorized third persons in accordance with applicable data protection legislation.

Per law enforcement agency's request, in case of any abuse or breaches, personal data, e-mail addresses and IP-addresses of users can be submitted to the police and other competent bodies for a follow-up.

MEASURES USED TO PROTECT PERSONAL DATA

1. Protection of Premises

Premises, in which personal data carriers, hardware and software are located, are carefully protected with organizational and/or technical measures, which prevent unauthorized persons from accessing personal data.

2. Encryption

For collecting and transferring of sensitive data we use SSL encryption (Secure Sockets Layer) with a 128-bit encryption code. SSL encryption ensures that the data sent is illegible to everyone but us.

SSL protocol also ensures complete authenticity of HIT d.d. Nova Gorica websites.

3. Sending E-Mails

E-mail address provided by the data subject is used explicitly for sending requested information to the data subject.

We do not send unencrypted notices about our customers’ data via e-mail. If the content of your message is relevant to the contractual relationship, the message will be stored.

Before sending us an unprotected e-mail via your internet service provider, please note that its content might not be protected online against unauthorized reading, forgery, etc.

External service providers, who filter incoming e-mail or spam or malicious software in order to guarantee protection of HIT d.d. Nova Gorica, may gain access to your electronic message.

4. Protection of Access

The data processing network of HIT d.d. Nova Gorica is protected against the outside world via state-of-the-art firewall. The company’s internal applications are accessible only by logging in with a username and password. In applications, user rights are limited to business use via access systems, in such a manner that personal data are accessible exclusively to those employees, who are authorized for working with personal data; we strive to limit the number of such employees to a minimum necessary number.

HIT d.d. Nova Gorica regularly checks if the systems are protected against attempts of unauthorized access.

PROVIDING ACCURATE, COMPLETE AND UP-TO-DATE DATA

HIT d.d. strives to ensure that the data subject’s personal data are accurate and up-to-date, which it may do in accordance with regulations and/or on the basis of a data subject’s consent. Complete and up-to-date data can only be used for purposes set forth in the applicable legislation and not for other purposes, insofar that you did not give consent for such use or such use is not permissible in accordance with legislation.

Notwithstanding the above, data subjects must strive to inform HIT d.d. Nova Gorica about the changes of personal data relevant to them and important for the performance of contract. We will rectify and amend data as soon as we are informed about such a change.

G. RIGHTS IN REGARD TO THE PROCESSING OF YOUR PERSONAL DATA

In this section, we are presenting you with your rights that you can exercise in regard to our processing of your personal data and ensuring its legal and transparent processing.

In case of any confusion in regard to your rights, you can always request an additional explanation from us or our Data Protection Officer.

1. Right to Withdraw Consent

Insofar that a data subject wishes to withdraw the already given consent, they may do so anytime by sending a written request to the address: HIT d.d. Nova Gorica, Delpinova 7A, 5000 Nova Gorica or via e-mail to info@hit.si

The data subject can also withdraw their consent in regard to the Privilege Club membership anytime by filling out a short form at all Privilege Points in business units which participate in the Privilege Club loyalty program, either via website http://www.hit.si when using an e-mail and received password or via e-mail to info@hit.si when using the e-mail address given for the purpose of the Privilege Club membership.

The withdrawal of the consent does not affect the legitimacy of the processing on the basis of your prior consent.

2. Right to Access

A data subject can always access their personal data that we process in a simple manner and in reasonable time intervals free of charge, on the basis of a submitted written request.

For additional copies or in cases of clearly unjustified or repetitive requests, we reserve the right to charge a reasonable fee for costs of administrative labor and materials.

3. Right to Rectification

Per data subject’s request, we rectify or amend any incorrect or old personal data that we process, without undue delay.

4. Right to Erasure

Personal data:

(i) which are no longer necessary in relation to the purposes for which they were collected or otherwise processed,

(ii) which are being processed on the basis of a withdrawn consent and there are no other legal grounds for processing,

(iii) for which you objected to the processing and there are no overriding legitimate grounds for the processing, or those

(iv) which were processed unlawfully

will be erased without undue delay per your request.

5. Right to Restriction of Processing

Per your request, we restrict the processing of personal data, when:

(i) a data subject contests the accuracy of the personal data (for a period enabling the controller to verify the accuracy of the personal data),

(ii) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead,

(iii) we no longer need the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims,

(iv) or a data subject filed an objection against data processing (pending the verification whether the legitimate grounds of the controller override those of the data subject).

When processing has been restricted, such personal data will, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims, to ensure rights of other natural or legal persons.

We will always notify the data subject before terminating any restrictions of processing.

6. Right to Data Portability

Per the data subject's request, we will forward the personal data provided by the data subject to another controller, when processing is consensual or a contract and when it is technically feasible.

7. Right to Object

If a data subject's personal data is being processed on the basis of our legitimate grounds or for the purposes of direct marketing, which includes profiling, then the data subject can object to such processing.

8. Right to File a Complaint with the Information Commissioner

If we do not answer your request within 1 month or if we deny your request, you can file a complaint, the resolution of which is the Information Commissioner's responsibility.

A complaint due to a denial has to be submitted to the controller within 15 days from expiry of a 1-month period, or receipt of a negative answer. A customer can submit a request or a complaint using a special form, which is published on the Information Commissioner’s website.

1. EXERCISING OF RIGHTS IN REGARD TO DATA PROTECTION AND CONTACT DETAILS OF DATA PROTECTION OFFICER

HIT d.d. Nova Gorica guarantees data subjects’ exercising of their rights without undue delay and at the latest within 1 month from the receipt of the request, wherein the deadline for exercising of data subject’s rights can be extended for 2 additional months at most, taking into account the complexity and volume of requests. Should HIT d.d. Nova Gorica extend the deadline, it will inform the data subject about such extension and reasons for it within one month from receiving the request.

If the data subject’s request are clearly unjustified or excessive, especially due to their repetition, HIT d.d. Nova Gorica may:

- charge a reasonable fee for cost of labor and materials, wherein administrative costs of sending the information or message or implementation of the requested measure are considered or

- deny to act in accordance with the request.

2. CONTACT DETAILS OF THE DATA PROTECTION OFFICER

A data subject may, via a written request sent to the Data Protection Officer for HIT d.d. Nova Gorica, request an access to, supplementation, rectification, blocking or restriction of processing or deletion of personal data, object to the processing of data that are being processed and request a transfer of data. The data subject may sent the request to:

Maja Erjavec
Odvetniška pisarna Čehovin in Erjavec d.o.o.
E-mail: dpo@hit.si t 05 333 09 80

J. RECOMMENDATIONS FOR DATA PROTECTION

We recommend that you also protect your privacy and personal data yourself.

Every individual is responsible for:

the safety of the username and password, which should be kept appropriately and only be disclosed only to persons who they completely trust,
the safety of their e-mail address,
and appropriate software protection (anti-virus) of their computer or other devices for accessing different content.

K. CHANGES TO THE DATA PROTECTION POLICY

HIT d.d. Nova Gorica reserves the right to update the Data Protection Policy in accordance with the changes of services, on the basis of users’ feedback and due to legislation changes from time to time. Date of last update will be specified at the end of the Data Protection Policy.

In case of significant changes or plans for changes in regard to how HIT d.d. Nova Gorica uses personal data, the company will, before implementing any changes, notify users on its website or via e-mail (if a consent for such manner of informing is given).

We recommend that users regularly check this Policy, in order to gain information about how HIT d.d. Nova Gorica protects their privacy.

L. ADDITIONAL INFORMATION AND CONTROLLER’S CONTACT DETAILS

For additional information about processing of personal data or your suggestions for improving our services, you can contact us via e-mail address info@hit.si or write to the address: HIT d.d. Nova Gorica, Delpinova 7A, 5000 Nova Gorica.

This Data Protection Policy is used until its cancellation or potential update.

Nova Gorica, May 2018
HIT d.d. Nova Gorica