• RO
  • EN
  • Privacy Policy

    Privacy Policy concerning Personal Data Processing

    Protection of personal data stands for a main commitment for GRAND CASINO. Consequently we will make every effort necessary to process your data in entire compliance with the Rules (EU) 2016/670 (“General Rules concerning Data Protection” or “GDPR”) as well as with any other legislation applicable across Romania territory. We hereinafter would like to inform you about the mode how we process and protect your personal data whenever you interact with us.

    We reserve the right to periodically update this Privacy Policy in order to highlight as closely as possible any amendment in the mode how we process your personal data. Should we carry out any changes, then we will display on our website the amended version of the Privacy Policy for which reason you are asked to periodically check out its contents.

    About Us and How You can contact Us

    Within the GRAND CASINO there are two companies operating that have for scope of activity to organise gambling as well as one company having for scope of activity the foreign exchange.

    The Development Service System (DSS) is a legal person of Romanian nationality established under the form of limited liability company with registered office in 90, Calea 13 Septembrie, mezzanine, rooms 2A, 2B and 2C district 5, with J40/3028/16.03.2012, CUI: 29924603 operating the “live games” activity.

    The Star Service Provider (SPP)  is a legal person of Romanian nationality established under the form of limited liability company with registered office in 90, Calea 13 Septembrie, mezzanine, rooms 2A, 2B and 2C district 5, with J40/3045/16.03.2012, CUI: 29925030 operating the “slot machine” activity.

    The Grand Exchange (GEX) is a legal person of Romanian nationality established under the form of limited liability company with registered office in 90, Calea 13 Septembrie, mezzanine, rooms 2A, 2B and 2C district 5, with J40/ 8259/2014, CUI: 33373367 operating the activity of “foreign exchange”.

    In respect of provisions under the Rules (EU) 2016/679 (“General Rules concerning Data Protection ”or“GDPR”, the above-mentioned companies are personal data operators whenever they process your personal data.

    The categories of Personal Data we process

    We gather your personal data directly from you whenever you come to our premises, so that to provide you with control on the type of information you offer us as well as regarding the destination of the information.  For an example, we receive information from you in the following cases:

    Whenever you request access in the area of ”live games” in order to take part in gambling organised by DSS. The access in the area of ”live games” is achieved based on registration in the database managed jointly by DSS, SSP and GEX. On the occasion of registration you transmit us: family name and given name, face image (photo), address, series and number of identity card, your CNP (national identification code);

    On the occasion of getting access within the GRAND CASINO, we will process your face image and voice in consideration of our legal obligation to video and audio monitor under 24/7 regime both the area of ”live games” and the area of ”slot machine”. The video-audio records shall be kept during 30 days following which, on reaching the 30th day, to be deleted automatically.   

    There is possibility to collect and process further on certain information concerning your behaviour during your visit at the GRAND CASINO in view of establishing a ”costumemmer profile” with an aim at assuring customized services for certain categories of clients (gold clients, silver clients and platinum clients).    

    We will process your personal data on the occasion of performing the foreign exchange, on which occasion we will collect: family name and given name,  address, series and number of identity card, your CNP (national identification code), country, resident/non-resident status, the amount levied from client on the occasion of performing the foreign exchange operation and the face image.

    Given the specific of activities deployed within the GRAND CASINO, we will process your personal data in order to fulfil our legal obligations. 

    Which are the Purposes and Grounds of processing

    We will process your personal data for the following purposes:

    1. To assure the accuracy of your data in order to verify the age, prevent any fraud, deceit or money laundry, lower the business hazards and protect our games integrity. 
    2. We process your personal data on the occasion of your entering the GRAND CASINO, in order to identify the client and to keep records in compliance with the legal provisions in the matter, respectively art. 36 and 49 of DECISION no. 111/2016.
    3. To observe laws, legal obligations and to answer the demands from the government authorities. They are mainly stipulated in the financial laws, laws against money laundry and laws concerning responsible gambling. They may include a certain degree of building a profile based on your registration data and your data concerning the gambling activity.
    4. To protect our legitimate rights and interests including those of our associated parties. In certain cases we may deem it necessary including in good-faith to record and disclose data in order to: (i) protect ourselves, exert or defend the legal rights, privacy, safety or property, (ii) protect the clients’ safety, privacy and security, as well as the public ones, or  (iii) manage business risks ;

    How long We keep your Personal Data

    As a general rule your personal data will be processed on such timing as required by the conditions they were gathered, as applicable: during the entire period of time that we have the legal obligation to keep each category of data apart. In order to fulfil our legal obligation of audio-video records, you are herewith announced that we will record and keep the audio-video records for 30 calendar day period of time. After expiry of the 30 day term the deletion of all images is automatically carried out by means of the hardware equipment deleting software.

    Whom We transmit your Personal Data to

    As applicable, we can transmit or offer access to certain personal data to the following categories of consignees:

    Access of third parties to your data is limited to the information required in order for them to fulfil their specific function on our behalf or according to the law requirements. They shall be subject to the privacy and protection obligations for the data as stipulated by law and to the extent that we deem it necessary.

    You can contact us in case you need more information concerning the data operators at our e-mail address : dpo@grand-casino.ro

    Which Countries We transfer your Personal Data to

    At the present we are storing and processing your personal data exclusively across Romania territory.

    You may contact us at any time by using the contact details exposed in the end of section in order to learn more information related to the transfer of your personal data as well as the warranties we have enforced regarding such transfers.

    How We protect security of your Personal Data

    We commit to assure personal data security by implementing adequate technical and organisational actions as per the industry standards.

    Collection, storage and transfer of your personal data is done by using the cutting edge encryption algorithms, secured storage servers, assuring at the same time data redundancy.

    In spite of all the efforts made in order to protect your personal data, you are herewith warned that information transmittal through Internet, in general, or by means of other public networks, is not completely sure and there is risk that your data be seen and used by third parties, which are not authorised. We do not undertake responsibility for vulnerabilities of systems that we cannot have under control.

    What your Rights are

    The Rules (EU) 2016/679 (“General Rules on Data Protection”) institutes a series of rights related to your personal data. In general terms, you may request access to your personal data, correction of any errors in our files and/or you may oppose to your data processing. Also you can exert your right to file complaints to the competent supervision authority or address the law court. Under the Rules terms, you may benefit by the right to request deletion of your personal data, the right to restrictions in data processing as well as right to data portability.

    You will be able to exert your rights provided in the Rules in the following conditions:

    Identity. In case that we deem it necessary, we reserve our right to check out your identity by requesting extra information having for purpose to get the identity confirmed.

    Reply duration. We propose ourselves to reply any valid requests/queries within maximum one month time, save the case that such reply needs extra time or in case of several queries coming from a same person, in which case we are to reply within maximum two month time. 

    Third parties’ rights. We reserve  the right not to settle certain applications in case they would affect adversely other concerned people’s rights and liberties.

    Concerned rights



    You can demand us:

    • to acknowledge whether we process your personal data;
    • to make available to you a copy of these data;
    • to offer you other information about your personal data such as: data we have, what we use them for, whom we disclose them to, whether we transfer them abroad and how we protect them, how long we keep them, what your rights are, how you could file complaints, where we have obtained your data from, to the extent that information have not already been provided to you by this information notice.


    You can ask us to correct or supplement your personal data, for being inaccurate or incomplete.

    It is possible for us to try to check out the data accuracy prior to their correction

    Data deletion

    You can ask us to have your personal data deleted but only in case that: 

    • they are no more necessary for the purposes for which they have been collected;
    • you exert your legal right to oppose to your personal data processing;
    • your personal data have been illegally processed;
    • there is legal obligation in our charge to such respect.

    We do not have the obligation to comply with your request for personal data deletion in case that the personal data processing is necessary:

    • for due observance of a legal obligation;
    • in order to find out, exert or defend a right before court;
    • in order to protect our rights.

    Restriction of data processing

    You may request restriction of personal data processing but only in case that:

    • their accuracy is contested (see the section for correction) in order to allow us to check their accuracy;
    • their processing is illegal, but you do not wish your data were deleted;
    • they are no more necessary for the purposes for which collected, but you need them in order to defend a right before the court;
    • you have exerted your right of opposition and the verification is in progress whether our rights are prevailing.

    We can continue using your personal data further to a request for restriction in case that: 

    • we have your consent;
    • in order to find out, exert or assure defence of a right before the court;
    • to protect our rights ;

    Data portability

    You can ask us to supply your personal data into a structured format used currently and that can be automatically read, or you can request it to be “ported” directly to another data operator, but in each case only if: 

    • processing is based on your consent or on concluding or execution a contract; and
    • processing is done by automated means.


    You can oppose – at any time for motives related to the particular situation you are in, to processing your personal data based on our legitimate interest in case that you deem that your main rights and liberties are prevailing over such interest.

    Automated decision making

    You are not subject to a decision exclusively based on the automated processing of your personal data.


    You have the right to file complaints with the supervision authority regarding your personal data processing. In Romania the contact data of the supervision authority monitoring data protection are as follows:

    National Personal Data Processing Supervisory Authority

    28-30, G-ral. Gheorghe Magheru Blvd, District 1, post code 010336, Bucharest, Romania

    Phone #: +40.318.059.211 or +40.318.059.212;


    Without having affected your right of contacting at any time the supervisory authority you are kindly asked to contact us beforehand and we promise you we will make every necessary effort to solve any issue on amicable way.

    – by e-mail to the address : dpo@grand-casino.ro

    – by correspondence to the address : Calea 13 Septembrie, Nr.90

    – by phone at number : 0754.444.444