Your privacy is important
Collection of Personal Information
Crown collects your personal information so that we can perform our functions or activities and offer our services to you. Crown’s functions, activities and services are many and varied and include the casino, the Crown Rewards loyalty program, hotels, restaurants and bars, entertainment, retail, marketing, competitions, financial transactions, complaint handling, recruitment and security and surveillance. Personal information includes things such as your name, image, date of birth, phone number(s), postal address and email address. The type of personal information we collect from you depends on your interaction with us. Depending on the transaction, if Crown does not collect your personal information, we may not be able to provide you an offer or service.
Collection from you
It is Crown’s usual practice to collect your personal information directly from you. For example, you provide us your personal information when you stay at a Crown hotel, join Crown Rewards, enter a competition, write to us, join a mailing list or make a restaurant reservation.
Collection from public sources or third parties
Where relevant, Crown will collect personal information about you from a publicly available source (such as other websites) or from third parties, for example:
- credit reporting bodies (if we request information about your credit history);
- other casinos; and
- Crown’s related entities.
Collecting sensitive personal information
Sensitive personal information is information or an opinion about an individual’s racial or ethnic origin, political opinions or memberships, religious beliefs or affiliations, philosophical beliefs, sexual preferences, criminal record, health information, genetic information or membership of a trade union. Crown’s general approach is not to collect, use or disclose sensitive information. However in limited circumstances, Crown will collect sensitive information where it is necessary for one of Crown’s functions or activities and you have consented to the collection of that information. For example, Crown will collect health information from you before performing a massage at Crown Spa.
Collecting information required by law
Crown also collects your personal information where we are required or authorised to do so by an Australian law or court or tribunal order, for example, pursuant to the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth).
Using and Disclosing Your Personal Information
Crown operates a range of businesses that handle personal information. We use and disclose your personal information that we collect (and share it with related companies) for a number of different purposes, including:
- to identify and contact you and manage our relationship with you;
- to tell you about things at Crown that you may be interested in;
- to manage and administer our services to you;
- to conduct and improve our businesses and improve the customer experience;
- to maintain security and safety in our venues;
- to prevent or investigate any actual or suspected misconduct, fraud or unlawful activity;
- in relation to your credit worthiness, including to obtain a credit report about you;
- to consider any concerns or complaints you may raise against Crown; and
- to comply with our legal obligations as required by relevant laws, regulations and codes of practice.
Disclosing your personal information
We understand how important it is to keep your personal information private. We will use and disclose your personal information for the purposes we collected it as well as purposes that are related, where you would reasonably expect us to. We will also disclose your personal information when:
- you agree to the disclosure; or
- the disclosure is required or authorised by law.
- Crown’s related companies;
- third parties who provide services to Crown from time to time such as mail-house providers, customer research agencies, debt collectors, advertising agencies and our advisers;
- government agencies as part of our statutory obligations; and
- other casino operators.
Disclosing your personal information overseas
For international customers, Crown may share your personal information with overseas recipients located in countries where Crown or an associated entity, has staff or a business, including without limitation, the United Kingdom, America and Hong Kong. For international gaming patrons, we may also share your personal information overseas in relation to the assessment of your credit worthiness. Full details are available in the Credit Reporting Policy which is included with the Application for Credit Form.
Where applicable Crown will use your personal information to contact you via mail, SMS, email, telephone or online to tell you about news, special offers, products and services that you might be interested in. We do this where you have consented to receiving such information or it is related to the purpose for which we collected your personal information. You can contact us to update your marketing preferences at any time.
Crown’s venues are subject to CCTV and audio surveillance to maintain security and safety in our venues at all times. Details of suspected or actual illegal or improper conduct may be shared with Crown’s regulators, law enforcement bodies and other casinos.
Security of Personal Information
Crown takes steps to protect the personal information it holds against loss, interference, unauthorised access, use, modification or disclosure and against other misuse. Your personal information is held on Crown premises and systems or offsite using trusted third party providers. Our employees and service providers are required to maintain the confidentiality of any personal information held by Crown. Our security safeguards include:
- staff training on their obligations with regard to your information;
- ensuring appropriate data handling and security arrangements are in place when we disclose information overseas or use third parties to handle or store data;
- system security such as encryption, firewalls and intrusion detection systems and surveillance;
- complex security such as CCTV and audio surveillance and our security and surveillance staff; and
- destroying personal information when no longer required.
Access and Correction of your Personal Information
Subject to some exemptions, you may ask Crown to provide you access to the personal information that we hold about you. To do so, please attend Crown with photo identification and complete Crown’s request for personal information form.
Once Crown has collected your personal information it will provide you a copy of it in person at Crown subject to verifying your identity. A copy of your information will generally be made available to you within 30 days unless we are not required to give you access to your personal information pursuant to an exception in the Privacy Act 1988 (Cth) (Privacy Act). Where applicable, we will inform you in advance of any fees for Crown to find the information you have requested.
If you find that your personal information is inaccurate or out-of-date, please let us know. For further information about how to request access or changes to the information Crown holds about you or to update your marketing preferences or unsubscribe please contact us (please refer to the “How to Contact Crown” section of this policy).
Websites, Devices and Cookies
Where applicable, Crown will also collect the following information from you:
- where devices are enabled to connect to, or are identifiable by, the Crown complex infrastructure (for example Wi-Fi networks or Bluetooth infrastructure), we and our third party providers may automatically collect data from those devices including usage, type of device, location within the complex and arrival and departure time;
- the fully qualified domain name from which you accessed Crown’s websites, or alternatively, your IP address;
- the web browser that you are using and the pages you accessed;
- device ID number (MAC address);
- the date and time you accessed each page on Crown’s websites;
- the URL of any webpage from which you accessed Crown’s websites or by using the complex Wi-Fi, and the details of any mobile Apps you have accessed from a device using the complex Wi-Fi;
- publicly accessible social media posts and any personal information you allow us to collect by linking your account on our website with a third-party social-networking site including but not limited to Facebook, Twitter, or Google+; and
- cookies which track your visits to Crown’s websites (see below).
Where applicable, we are collecting this information (and may use or hold this information) to provide, improve and develop our services to you and the customer experience. Crown may use this anonymised data to inform our promotional and marketing strategies, as well as for research and profiling purposes including customer demographics, interests and behaviours based on personal information and other information provided to us. This research may be compiled and analysed on an aggregate basis, and we may share this aggregate data with our affiliates, agents and business partners. This aggregate information does not identify you personally. We may also disclose aggregated information in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.Crown may connect information you provide to us for one purpose with other information for use for one or more of the above purposes. If you access or log-in to the complex Wi-Fi service, and we already hold other information (both personal or non-personal) that can be associated to you or the device on which you are accessing the Wi-Fi service (including, but not limited to a device ID number (MAC address)), then that information may be linked with personal information we hold about you as set out in this policy, and will be treated in the same manner as the personal information to which it has been linked.
Making a Privacy Complaint
Crown takes its obligations pursuant to the Privacy Act seriously. Individuals may complain about a breach of the Privacy Act by Crown by submitting their complaint in writing to Crown’s Privacy Manager (using the address in the “How to Contact Crown” section of this policy). Any complaint should set out in as much detail as possible, all the relevant particulars relating to the complaint, including why the individual says that Crown has breached the Privacy Act. Upon receiving a written complaint, Crown will acknowledge receipt of the complaint in writing within 7 days. Crown will investigate the matters described in the complaint and then provide a substantive written response within 28 days from the date the written complaint was received by Crown.