logo-club-winner-deg-gold

EXTENDED PERSONAL DATA PROTECTION POLICY FOR WEBSITE USERS

CIRSA provides users of the corporate website www.clubwinner.com (hereinafter, the “Users”) with this extended information on personal data protection (hereinafter, the “Privacy Policy”), which transparently, comprehensively, and clearly provides all legally required information regarding the processing of Users’ personal data. This Privacy Policy will always be available on the website www.clubwinner.com (hereinafter, the “Website”).

1. DATA CONTROLLER AND DATA PROTECTION OFFICER CONTACT DETAILS

The data controller is CIRSA Gaming Corporation, a company incorporated under Spanish law, with registered office at Carretera de Castellar no. 298, 08226 Terrassa (Barcelona), with CIF number A08511149, registered in the Mercantile Registry of Barcelona under volume ——— (hereinafter, “CIRSA”).

Users wishing to request information about their privacy or clarify any doubts regarding CIRSA’s processing of their personal data, or to exercise their data protection rights, may contact our Data Protection Officer by emailing: protecciondedatos@cirsa.com.

2. WHAT IS PERSONAL DATA AND WHAT IS PROCESSING?

Personal data is any information about an identified or identifiable natural person, such as a name, identification number, location data, IP address, contact details, health data, an image, or one or more elements specific to the physical, economic, or social identity of that person.

Processing of personal data means any operation or set of operations performed on personal data, such as collection, recording, storage, use, deletion, and/or disclosure to third parties.

3. THROUGH WHICH CHANNELS DO WE COLLECT PERSONAL DATA?

CIRSA may collect Users’ personal data via the following channels:

  • Through the pre-registration form provided to begin the User’s registration as a CLUB WINNER member. Additional information is available in the CLUB WINNER Privacy Policy and Terms and Conditions available on the Website.

  • By email to info@clubwinner.com, used as a customer service channel to make suggestions, resolve incidents, file complaints, or submit inquiries.

  • Through the subscription form for receiving marketing communications.

  • Through the User’s interaction with the Website, collecting browsing and usage data via cookies and similar technologies. More details are available in our Cookie Policy.

4. WHAT DATA PROCESSING DO WE PERFORM?

Below is detailed information about how CIRSA processes personal data, including purposes, legal basis, and retention periods:

1. Management of CLUB WINNER Membership

Purpose:

  • Register and open a membership account.

  • Analyze play habits and spending to classify Users and assign benefits.

  • Profile Users based on playing behavior and preferences.

  • Grant exclusive CLUB WINNER benefits (points, discounts, promotions).

  • Design targeted advertising campaigns based on profiling.

Data Processed:

  • Identification data: full name, signature, biometric data.

  • Social data: full address, nationality.

  • Contact data: email, phone number.

  • Loyalty data: points, promotions, offers used.

  • Gaming data: bet history, game sessions, prizes, preferences, and achieved status.

Legal Basis:

  • Execution of CLUB WINNER membership contract.

  • Right to object to profiling is recognized, but opting out means leaving the program.

Retention:

  • Data will be retained as long as the membership is active.

  • Deactivation occurs after 5 years of inactivity.

  • Post-deactivation: data is blocked for legal/statutory periods, then anonymized or deleted.

2. Sending Commercial Communications

Purpose:

  • Send promotional communications by email, SMS, phone, social media, etc.

Data Processed:

  • Name, email, and phone number.

Legal Basis:

  • Consent given through the newsletter subscription form.

  • Users may withdraw consent at any time via the opt-out link or by emailing protecciondedatos@cirsa.com.

Retention:

  • Until consent is withdrawn.

  • Afterwards, data is blocked for statutory periods, then anonymized or deleted.

3. Website Usage Analysis and Optimization

Purpose:

  • Recognize returning Users.

  • Ensure website functionality, personalization, and security.

  • Display content correctly and improve usability based on usage patterns.

Data Processed:

  • IP address.

  • Browsing behavior: login data, page views, session duration, browser/device data.

Legal Basis:

  • User consent (cookies).

  • CIRSA’s legitimate interest (technical and preference cookies).

Retention:

  • For the duration of each cookie’s lifecycle or until consent is withdrawn.

  • Blocked data retained for 2 years, then anonymized or deleted.

4. Data Suppression and Blocking

Purpose:

  • Maintain a suppression list of Users who have opted out or requested deletion.

  • Comply with legal obligations.

Data Processed:

  • Name, email, phone/address, date of deletion or objection.

Legal Basis:

  • Compliance with legal obligations under GDPR (Regulation EU 2016/679).

Retention:

  • While the relationship remains or until a right is exercised.

  • Blocked data retained for 3 years, then anonymized or deleted.

5. WHAT RIGHTS DO USERS HAVE?

Users may freely and at any time exercise the following rights:

  • Access: Know if CIRSA processes your data and what data is being processed.

  • Rectification: Correct inaccurate or incomplete data.

  • Objection: Oppose data processing under specific legal conditions.

  • Erasure: Request deletion of data (blocked, not deleted outright).

  • Portability: Receive and transfer your data to another controller.

  • Restriction: Request limited processing under certain conditions.

To exercise these rights, Users should email protecciondedatos@cirsa.com, indicating the specific right they wish to exercise. Identification may be required. If a User believes their rights have not been respected, they may file a complaint with the Spanish Data Protection Agency (https://www.aepd.es/en).

6. WHO DOES CIRSA SHARE USER DATA WITH?

Data may be shared in order to:

  • Fulfill legal obligations or respond to lawful requests.

  • Defend CIRSA’s legitimate interests (economic, legal, reputational).

Third parties may include:

  • Legal advisors

  • Courts

  • Tax authorities

  • Consumer agencies

  • Spanish Data Protection Agency

  • Law enforcement

  • Public administrations

If CIRSA or its assets are acquired, personal data may be one of the transferred assets.

7. WHO HAS ACCESS TO USER DATA?

CIRSA works with service providers for the proper operation of the Website and IT systems. Some may access personal data solely to provide contracted services, under strict data processing agreements that include confidentiality, security, and return or deletion clauses.

8. ARE USER DATA SECURE?

CIRSA implements adequate technical and organizational measures to ensure the security of personal data, including secure servers and strict access protocols. Our providers are also required to maintain GDPR-compliant data security standards. CIRSA does not transfer data outside the European Economic Area.

9. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy may change due to:

  • Evolving criteria of supervisory authorities

  • Legislative changes

  • Relevant court rulings

CIRSA reserves the right to amend this Privacy Policy accordingly.

Effective date: April 4, 2025