Your privacy is important
Your privacy is important to us and Crown is dedicated to protecting your personal information across all areas of our business. Personal information is information or an opinion about you.
This policy also contains information about how you can access the personal information Crown holds about you, how you can ask Crown to correct your personal information and how you can make a complaint if you have concerns about how Crown managed your personal information.
You can find more information by contacting Crown (please refer to the “How to Contact Crown” section of this policy).
Collection of personal information
Crown collects (either directly or via its related bodies corporate) your personal information so that we can perform our functions or activities and offer or inform you about our services to you. Crown’s functions, activities and services are many and varied and include the Crown Sydney Resort, which includes the Crown Residences at One Barangaroo, a Restricted Gaming Facility, hotels, restaurants and bars, entertainment, retail, marketing, competitions, financial transactions, complaint handling, health and safety and security and surveillance.
Personal information includes things such as your name, image, date of birth, phone number, postal address and email address. The type of personal information we collect from you depends on your interaction with us and may include some or all of the following:
- your name, title, gender, date of birth and identification details (eg. passport or driver’s licence) which may include your image;
- contact details such as your home address, telephone number and email address;
- payment details such as credit or debit card number and expiry date;
- CCTV images captured in our casinos and other premises;
- health and dietary information that are relevant to your use of our products and services;
- if you use our website or mobile applications, your geo-location, IP address, mobile telephone number or ID, and details of how you use our website or app and any third-party sites that you have accessed from them;
- if you use Wi-Fi in our casino or hotel, we collect information about you, your device and how you use the Wi-Fi service;
- details about any incidents that you are either involved in or that you witness, in connection with your use of any of our products or services;
- our interactions with you such as any feedback, complaints, compliments, responses to market research, claims you have made, records of any correspondence and interactions with us and our staff (including in person, online, by telephone or email and via social media); and
- information used to prevent and detect fraud: an assessment of whether your transaction is potentially fraudulent, including the historical and other information used by our service provider to make this assessment.
Depending on the transaction, if Crown does not collect your personal information, we may not be able to provide you with an offer or service or grant you access to certain parts of our premises.
Collecting sensitive personal information
Sensitive personal information is information or an opinion about an individual’s racial or ethnic origin, political opinions or memberships, religious beliefs or affiliations, philosophical beliefs, sexual preferences, criminal record, health information, genetic information or membership of a trade union.
Crown’s general approach is not to collect, use or disclose sensitive information. However in limited circumstances, Crown will collect sensitive information from you where it is necessary for one of Crown’s functions or activities and either you have consented to the collection of that information or the collection is required or authorised by law. For example:
- when you request or access special medical assistance;
- if you tell us you have specific dietary requirements relating to your religious beliefs; or
- where we collect health information from you before performing a treatment at Crown Spa.
Whilst Crown does not collect health information as part of Crown’s COVID-19 processes, entry to Crown’s premises is subject to Crown’s Conditions of Entry, including Crown’s COVID-19 Safety Policy, as applicable at the time of entry. Please see Crown’s website for more details.
Collection from you
It is Crown’s usual practice to collect your personal information directly from you. For example, you provide us your personal information when you stay at a Crown hotel, join Crown Rewards, enter a competition, write to us, join a mailing list, or make a restaurant reservation.
Collection from public sources and collection from, or disclosure to, third parties
Where relevant, Crown will collect personal information about you from publicly available sources (such as other websites). Crown collects from, or discloses your personal information (including sensitive information) to, third parties, including:
- credit agencies and related service providers;
- third parties in order to undertake identification, security and probity checks which may include digital verification, politically exposed persons checks, sanctioned persons checks and adverse media checks;
- government agencies and regulators as part of our statutory obligations;
- Crown’s associated entities;
- any third parties that provide services to Crown; and
- other casinos.
We may also collect information about you via data matching activities conducted by us or our trusted service providers.
Collecting information required by law
Crown also collects your personal information where we are required or authorised to do so by an Australian law or court or tribunal order, for example, and in particular, pursuant to the Casino Control Act 1992 (NSW) and the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth).
Using and disclosing your personal information
Crown operates a range of businesses that handle personal information. We may use and disclose your personal information that we collect for a number of different purposes, including for:
- identifying and contacting you and manage our relationship with you;
- marketing purposes: to tell you about things at Crown that you may be interested in (such as updates, offers, events and competitions) via newsletters and other communications;
- managing and administering our services to you, including where applicable, your participation in our loyalty programs, such as Crown Rewards;
- conducting and improving our businesses and improving the customer experience;
- maintaining security and safety in our venues;
- preventing or investigating any actual or suspected misconduct, fraud or unlawful activity;
- verifying your credit worthiness, including to obtain a credit report about you;
- considering any concerns or complaints you may raise against Crown;
- complying with our legal obligations as required by relevant laws, regulations and codes of practice; and
- performing identification, security, and probity checks, including but not limited to digital identification documentation verification, politically exposed persons checks, sanctioned persons checks and adverse media checks.
Disclosing your personal information
We understand how important it is to keep your personal information private. We will use and disclose your personal information for the purposes we collected it as well as purposes that are related, where you would reasonably expect us to. We will also disclose your personal information when:
- you agree to the disclosure; or
- the disclosure is required or authorised by law.
To the extent permitted by law, we may also disclose information about you to:
Crown’s related companies (including Crown London Aspinalls in the United Kingdom) who comply with this Policy;
- identification, security and probity check providers;
- third parties who provide services to Crown from time to time such as Crown’s nominated agent for sales of the Residences at One Barangaroo, Knight Frank Australia Pty Ltd, mail-house providers, customer research agencies, debt collectors, advertising agencies and our advisers;
- government agencies and regulators as part of our statutory obligations; and
- other casino operators.
We may also disclose your personal information to respond to complaints and claims, and investigate and protect ourselves and third parties against any activity that we reasonably suspect to be fraudulent.
Disclosing your personal information overseas
Crown may share your personal information with overseas recipients located in a number of countries where Crown or a related body corporate, or our service providers (including identification, security and probity check providers) has staff or a business, including without limitation, the United Kingdom. Such disclosure is more likely if you are a customer residing outside of Australia.
For international gaming patrons, we may also share your personal information overseas in relation to the assessment of your financial circumstances.
Where applicable Crown will use your personal information to contact you via mail, SMS, email, telephone or online to tell you about news, special offers, products and services that you might be interested in. We do this where you have consented to receiving such information or it is related to the purpose for which we collected your personal information. You can contact us to update your marketing preferences at any time and we will include an unsubscribe facility on marketing communications sent to you.
Crown’s venues are subject to constant CCTV and audio surveillance to maintain security and safety in our venues at all times. Details of suspected or actual illegal or improper conduct may be shared with regulators, law enforcement bodies and other casinos.
Security of personal information
Crown takes steps to protect the personal information it holds against loss, interference, unauthorised access, use, modification or disclosure and against other misuse.
Your personal information is held on Crown and/or its related bodies corporate premises and systems or offsite using trusted third party providers. Our employees and service providers are required to maintain the confidentiality of any personal information held by Crown.
Our security safeguards include:
- staff training on obligations with regard to your information;
- ensuring appropriate data handling and security arrangements are in place when we disclose information overseas or use third parties to handle or store data;
- system security such as encryption, firewalls and intrusion detection systems and surveillance;
- complex security such as CCTV and audio surveillance and our security and surveillance staff; and
- destroying personal information when no longer required.
Access and correction of your personal information
Subject to some exemptions, you may ask Crown to provide you access to the personal information that we hold about you. To do so, please contact our Privacy Manager (see below).
Once Crown has collected your personal information it will provide you with a copy of it in person or by way of email, subject to verifying your identity.
A copy of your information will generally be made available to you within 30 days unless we are not required to give you access to your personal information pursuant to an exception in the Privacy Act.
Where applicable, we will inform you in advance of any fees for Crown to find the information you have requested.
If you find that your personal information is inaccurate or out-of-date, please let us know. For further information about how to request access or changes to the information Crown holds about you or to update your marketing preferences or unsubscribe please contact us (please refer to the “How to Contact Crown” section of this policy).
Website, devices and cookies
Where applicable, Crown will also collect the following information from you:
where devices are enabled to connect to, or are identifiable by, the Crown infrastructure (for example Wi-Fi networks or Bluetooth infrastructure), we and our third-party providers may automatically collect data from those devices including usage, type of device, location within the complex and arrival and departure time;
- the fully qualified domain name from which you accessed our websites, or alternatively, your IP address;
- the web browser that you are using and the pages you accessed;
- device ID number (MAC address);
- the date and time you accessed each page on our websites;
- the URL of any webpage from which you accessed our websites or by using the complex Wi-Fi, and the details of any mobile Apps you have accessed from a device using the complex Wi-Fi;
- publicly accessible social media posts and any personal information you allow us to collect by linking your account on our website with a third-party social-networking site including but not limited to Facebook, Twitter, or Google+; and
- cookies which track your visits to the our web sites (see below).
Where applicable, we are collecting this information (and may use or hold this information) to provide, improve and develop our services to you and the customer experience.
Crown may use this anonymised data to inform our promotional and marketing strategies, as well as for research and profiling purposes including customer demographics, interests and behaviours based on personal information and other information provided to us. This research may be compiled and analysed on an aggregate basis, and we may share this aggregate data with our related bodies corporate, service providers, agents and business partners. This aggregate information does not identify you personally. We may also disclose aggregated information in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.
Crown may connect information you provide to us for one purpose with other information for use for one or more of the above purposes.
If you access or log-in to the complex Wi-Fi service, and we already hold other information (both personal or non-personal) that can be associated to you or the device on which you are accessing the Wi-Fi service (including, but not limited to a device ID number (MAC address)), then that information may be linked with personal information we hold about you as set out in this policy, and will be treated in the same manner as the personal information to which it has been linked.
Making a privacy complaint
Crown takes its obligations under the Privacy Act (the Act) seriously. Individuals may complain about a breach of the Act by Crown by submitting their complaint in writing to Crown’s Privacy Manager (using the address in the “How to Contact Crown” section of this policy).
Any complaint should set out in as much detail as possible, all the relevant particulars relating to the complaint, including why the individual says that Crown has breached the Act.
Upon receiving a written complaint, Crown will acknowledge receipt of the complaint in writing within 7 days. Crown will investigate the matters described in the complaint and then provide a substantive written response within 28 days from the date the written complaint was received by Crown.
How to contact Crown
Version 3 – 2 May 2022