GDPR Compliance

Last Updated: May 1, 2025

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy that applies to all individuals within the European Union and the European Economic Area. It addresses the export of personal data outside the EU and EEA areas.

At Prism Resorts, we are committed to ensuring the protection of your personal data and compliance with the GDPR. This page explains how we implement GDPR requirements and outlines your rights regarding your personal data.

2. Our Role Under GDPR

Under the GDPR, Prism Resorts acts as a "data controller" for personal data collected from our guests, website visitors, and service users. This means we determine the purposes and means of processing your personal data.

Our details as a data controller are:

Prism Resorts - Casino & Fine Dining
ul. Przykładowa 123
00-001 Warsaw, Poland
Email:
Phone: +48 123 456 789

3. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions regarding this privacy policy and our GDPR compliance. If you have any questions about this policy or how we handle your personal data, please contact our DPO at:

Data Protection Officer
Prism Resorts - Casino & Fine Dining
ul. Przykładowa 123
00-001 Warsaw, Poland
Email:
Phone: +48 123 456 789

4. Your Rights Under GDPR

Under the GDPR, you have various rights regarding your personal data. These include:

4.1. Right to Access

You have the right to request copies of your personal data. We may charge a small fee for this service if the request is clearly unfounded, repetitive, or excessive.

4.2. Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or incomplete.

4.3. Right to Erasure

You have the right to request that we erase your personal data, under certain conditions. These include:

  • The personal data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal ground for processing
  • You object to the processing and there are no overriding legitimate grounds
  • The personal data has been unlawfully processed

Note that in some cases, we may have legal obligations that prevent us from immediately deleting your data.

4.4. Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

4.5. Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

4.6. Right to Object

You have the right to object to our processing of your personal data, under certain conditions, including processing for direct marketing purposes.

4.7. Rights Related to Automated Decision-Making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.

5. How to Exercise Your Rights

To exercise any of the rights mentioned above, please contact our Data Protection Officer using the contact details provided above. We will respond to all legitimate requests within one month. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

6. Data Protection Principles

We adhere to the principles set out in the GDPR, which require that personal data be:

  • Processed lawfully, fairly, and in a transparent manner
  • Collected for specified, explicit, and legitimate purposes
  • Adequate, relevant, and limited to what is necessary
  • Accurate and kept up to date
  • Kept for no longer than necessary
  • Processed in a manner that ensures appropriate security

7. Lawful Basis for Processing

Under the GDPR, we must have a lawful basis for processing your personal data. The lawful bases we rely on include:

  • Consent: You have given clear consent to process your personal data for a specific purpose.
  • Contract: Processing is necessary for a contract we have with you or because you have asked us to take specific steps before entering into a contract.
  • Legal obligation: Processing is necessary for us to comply with the law (not including contractual obligations).
  • Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

For detailed information about the specific lawful basis we rely on for different types of data processing, please refer to our Privacy Policy.

8. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing operations that are likely to result in a high risk to the rights and freedoms of individuals. These assessments help us to identify and minimize data protection risks.

9. Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. In the case of a breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the appropriate supervisory authority within 72 hours of becoming aware of it. If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify those concerned directly.

10. International Data Transfers

We primarily process your personal data within the European Economic Area (EEA). However, in some cases, your personal data may be transferred to, and processed in, countries outside the EEA. In such cases, we ensure appropriate safeguards are in place to protect your data, as described in our Privacy Policy.

11. Complaints

If you have any concerns about how we handle your personal data, we encourage you to contact us first so that we can address your concerns. However, you also have the right to lodge a complaint with a supervisory authority.

In Poland, the supervisory authority is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych):

Urząd Ochrony Danych Osobowych
ul. Stawki 2
00-193 Warsaw, Poland
Website: https://uodo.gov.pl/
18+

Age Verification Required

You must be at least 18 years old to visit Prism Resorts website.

By entering this site, you confirm that you are of legal age in your jurisdiction.