Your privacy is important
Your privacy is important to us, and Crown is dedicated to protecting your personal information across all areas of its business. Personal information is information or an opinion about you.
This policy also contains information about how you can access the personal information Crown holds about you, how you can ask Crown to correct your personal information and how you can make a complaint if you have concerns about how Crown managed your personal information.
You can find more information by contacting Crown (please refer to the “How to Contact Crown” section of this policy). If we change our personal information handling practises, we will update this policy on our websites.
Application of policy
Collection of Personal Information
Crown collects (either directly or via its related bodies corporate) your personal information so that we can perform our functions or activities and offer or inform you about our services to you. Crown’s functions, activities and services are many and varied and include casinos, the Crown Rewards loyalty program, hotels, residences, restaurants and bars, entertainment, retail, marketing, competitions, financial transactions, complaint handling, health and safety, recruitment and security and surveillance.
Personal information includes things such as your name, image, date of birth, phone number(s), postal address and email address. The type of personal information we collect from or about you depends on your interaction with us and may include some or all of the following:
- your name, title, gender, date of birth and identification details (eg. passport, driver’s licence or other identification details) which may include your image;
- contact details such as your home and postal address, telephone number and email address;
- payment details such as credit or debit card number and expiry date;
- source of wealth information;
- CCTV images captured in our casinos and throughout and around our Resorts;
- health and dietary information that are relevant to your use of our products and services;
- if you use our website or mobile applications, your geo-location, IP address, mobile telephone number or ID, and details of how you use our website or app and any third-party sites that you have accessed from them;
- if you use Wi-Fi in our casinos or hotels, we collect information about you, your device and how you use the Wi-Fi service;
- details about any incidents that you are either involved in or that you witness, in connection with your use of any of our products or services;
- our interactions with you such as any feedback, complaints, compliments, responses to market research, claims you have made, records of any correspondence and interactions with us and our staff (including in person, online, by telephone or email and via social media); and
- information used to prevent and detect fraud: an assessment of whether your transaction is potentially fraudulent, including the historical and other information used by our service provider to make this assessment.
Depending on the transaction, if Crown does not collect your personal information, we may not be able to provide you an offer or service or grant you access to certain parts of our premises.
Collecting sensitive personal information
Sensitive personal information is information or an opinion about an individual’s racial or ethnic origin, political opinions or memberships, religious beliefs or affiliations, philosophical beliefs, sexual preferences, criminal record, health information, genetic information or membership of a trade union.
Crown’s general approach is not to collect, use or disclose sensitive information. However, in limited circumstances, Crown will collect sensitive information from you where it is necessary for one of Crown’s functions or activities and you have consented to the collection of that information, or the collection is required or authorised by law. For example:
- when you request or access medical assistance;
- if you tell us you have specific dietary requirements relating to your religious beliefs; or
- where we collect health information from you before performing a treatment at Crown Spa.
How we collect your personal information
It is Crown’s usual practice to collect your personal information directly from you. For example, you provide us your personal information when you stay at a Crown hotel, join Crown Rewards, enter a competition, write to us, join a mailing list or make a restaurant reservation.
Collection from public sources and collection from, or disclosure to third parties
Where relevant, Crown will collect personal information (including sensitive information) about you from a publicly available source (such as other websites), as well as from law enforcement, government or regulatory bodies. Crown collects from, or discloses your personal information (including sensitive information) to, third parties, including:
- credit agencies and related service providers;
- third parties in order to undertake identification, security and probity checks which may include digital verification, politically exposed persons checks, sanctioned persons checks and adverse media checks;
- government agencies and regulators;
- law enforcement bodies;
- Crown’s associated entities;
- any third parties that provide services to Crown; and
- other casinos.
We may also collect information about you via data matching activities conducted by us or our trusted service providers.
Collecting information required by law
Crown also collects your personal information where we are required or authorised to do so by an Australian law or court or tribunal order, for example, and in particular, pursuant to the Casino Control Act 1991 (Vic), the Casino Control Act 1992 (NSW), the Casino Control Act 1984 (WA) and the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth).
Using and Disclosing Your Personal Information
Crown operates a range of businesses that handle personal information. We use and disclose your personal information that we collect (and share it with related bodies corporate) for a number of different purposes, including:
- to identify and contact you and manage our relationship with you;
- for marketing purposes: to tell you about things at Crown that you may be interested in (such as updates, offers, events and competitions) via newsletters and other communications;
- to manage and administer our services to you, including where applicable, your participation in our membership programs, such as Crown Rewards and Crown Sydney VIP membership;
- to conduct and improve our businesses and improve the customer experience;
- to provide responsible gaming services in accordance with our Codes of Conduct;
- to maintain security and safety in our venues;
- to prevent or investigate any actual or suspected misconduct, fraud or unlawful activity;
- verifying your credit worthiness, including to obtain a credit report about you;
- to consider any concerns or complaints you may raise against Crown;
- to comply with all laws and Crown’s policies and procedures relating to anti-money laundering, counter terrorism financing and financial crime;
- to comply with our legal obligations as required by relevant laws, regulations and codes of practice; and
- to perform identification, security, and probity checks, including but not limited to digital identification documentation verification, politically exposed persons checks, sanctioned persons checks and adverse media checks.
Disclosing your personal information
We understand how important it is to keep your personal information private. We will use and disclose your personal information for the purposes we collected it as well as purposes that are related, where you would reasonably expect us to. We will also disclose your personal information when:
- you agree to the disclosure; or
- the disclosure is required or authorised by law.
To the extent permitted by law, we may also disclose information about you to:
- Crown’s related companies (including Crown London Aspinalls in the United Kingdom);
- identification, security and probity check providers;
- third parties who provide services to Crown from time to time such as mail-house providers, customer research agencies, debt collectors, advertising agencies and our advisers;
- government agencies and regulators as part of our regulatory obligations;
- law enforcement bodies; and
- other casino operators.
We may also disclose your personal information to respond to complaints and claims, and investigate and protect ourselves and third parties against any activity that we reasonably suspect to be illegal or fraudulent.
Disclosing your personal information overseas
Crown may share your personal information with overseas recipients located in a number of countries where Crown or a related body corporate, or our service providers (including identification, security and probity check providers), has staff or a business, including without limitation, the United Kingdom. Such disclosure is more likely if you are a customer residing outside of Australia.
For international gaming patrons, we may also share your personal information overseas in relation to the assessment of your credit worthiness, if applicable. Full details are available in Crown’s Credit Reporting Policy.
Where applicable Crown will use your personal information to contact you via mail, SMS, email, telephone or online to tell you about news, special offers, products and services that you might be interested in. We do this where you have consented to receiving such information or it is related to the purpose for which we collected your personal information. You can contact us to update your marketing preferences at any time and we will include an unsubscribe facility on all marketing communications sent to you.
For the safety and security of all staff and guests, all persons’ movements within and around Crown’s venues are subject to video and audio monitoring and recording by security and surveillance systems, including CCTV, facial recognition technology and audio and body worn video recordings. Details of suspected or actual illegal or improper conduct may be shared with regulators, law enforcement bodies and other casinos.
Security of Personal Information
Crown takes steps to protect the personal information it holds against loss, interference, unauthorised access, use, modification or disclosure and against other misuse.
Your personal information is held on Crown and/or its related bodies corporate premises and systems or offsite using trusted third-party providers. Our employees and service providers are required to maintain the confidentiality of any personal information held by Crown.
Our security safeguards include:
- staff training on their obligations with regard to your information;
- ensuring appropriate data handling and security arrangements are in place when we disclose information overseas or use third parties to handle or store data;
- system security such as encryption, firewalls and intrusion detection systems and surveillance;
- complex security such as CCTV and audio surveillance and our security and surveillance staff; and
- destroying personal information when no longer required.
Access and Correction of your Personal Information
Subject to the exemptions contained in the Privacy Act, you may ask Crown to provide you with access to the personal information that we hold about you. To do so, please contact Crown (see the “How to Contact Crown” section of this policy) and complete Crown’s request for personal information form.
If Crown has collected your personal information, it will provide you with a copy of it in person at Crown or by email subject to verifying your identity.
A copy of your information will generally be made available to you within 30 days unless we are not required to give you access to your personal information pursuant to an exception in the Privacy Act.
Where applicable, we will inform you in advance of any fees for Crown to find the information you have requested.
If you find that your personal information is inaccurate or out-of-date, please let us know. For further information about how to request access or changes to the information Crown holds about you or to update your marketing preferences or unsubscribe please contact us (please refer to the “How to Contact Crown” section of this policy).
Websites, Devices and Cookies
Where applicable, Crown will also collect the following information from you:
- where devices are enabled to connect to, or are identifiable by, the Crown complex infrastructure (for example Wi-Fi networks or Bluetooth infrastructure), we and our third-party providers may automatically collect data from those devices including usage, type of device, location within the complex and arrival and departure time;
- the fully qualified domain name from which you accessed our websites, or alternatively, your IP address;
- the web browser that you are using and the pages you accessed;
- device ID number (MAC address);
- the date and time you accessed each page on our websites;
- the URL of any webpage from which you accessed our websites or by using the complex Wi-Fi, and the details of any mobile Apps you have accessed from a device using the complex Wi-Fi;
- publicly accessible social media posts and any personal information you allow us to collect by linking your account on our website with a third-party social-networking site including but not limited to Facebook, Twitter, or Google+; and
- cookies which track your visits to our web sites (see below).
Where applicable, we are collecting this information (and may use or hold this information) to provide, improve and develop our services to you and the customer experience.
Crown may use this anonymised data to inform our promotional and marketing strategies, as well as for research and profiling purposes including customer demographics, interests and behaviours based on personal information and other information provided to us. This research may be compiled and analysed on an aggregate basis, and we may share this aggregate data with our affiliates, agents and business partners. This aggregate information does not identify you personally. We may also disclose aggregated information in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.
Crown may connect information you provide to us for one purpose with other information for use for one or more of the above purposes. If you access or log-in to the complex Wi-Fi service, and we already hold other information (both personal or non-personal) that can be associated to you or the device on which you are accessing the Wi-Fi service (including, but not limited to a device ID number (MAC address)), then that information may be linked with personal information we hold about you as set out in this policy, and will be treated in the same manner as the personal information to which it has been linked.
Making a Privacy Complaint
Crown takes its obligations pursuant to the Privacy Act 1988 (Cth) (Privacy Act) seriously. Individuals may complain about a breach of the Privacy Act by Crown by submitting their complaint in writing to Crown (using the address in the “How to Contact Crown” section of this policy).
Any complaint should set out in as much detail as possible, all the relevant particulars relating to the complaint, including why the individual says that Crown has breached the Privacy Act.
Upon receiving a written complaint, Crown will acknowledge receipt of the complaint in writing within 7 days. Crown will investigate the matters described in the complaint and then provide a substantive written response within 28 days from the date Crown received the written complaint.
How to contact Crown
Privacy Manager Crown Sydney
1 Barangaroo Avenue, Barangaroo