GDPR & Your Rights | Crown Elara Resort & Casino

← Back to Home

1. About This Page

This page explains your rights under the General Data Protection Regulation (GDPR) when you use our website celebrattropi.com. While Crown Elara Resort & Casino is based in Australia, we serve international guests and are committed to meeting GDPR standards for all visitors from the European Union and European Economic Area.

2. Data Controller

The data controller for the personal data collected through this website is:

Name: Crown Elara Resort & Casino
Website: celebrattropi.com
Address: 100 Eagle Street, Brisbane, QLD 4000, Australia
Email: [email protected]
Phone: +61 7 3000 1987

3. Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

Consent: You have given clear consent for us to process your data for a specific purpose (e.g., contact form submission, push notifications, analytics cookies).
Legitimate Interest: Processing is necessary for our legitimate business interests, such as improving our website, provided your rights do not override those interests.
Contractual Necessity: Processing is needed to fulfil a contract or pre-contractual steps at your request.
Legal Obligation: Processing is required to comply with applicable law.

4. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data. Below is a detailed explanation of each right.

4.1 Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you. This is sometimes called a "Subject Access Request." We will provide the data in a clear, readable format within 30 days of your request.

To make a request, email [email protected] with the subject line "Data Access Request." We may ask you to verify your identity before we release any data.

4.2 Right to Correction (Article 16)

If any personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct it. We will make the correction without undue delay.

Email [email protected] with the details of the data you want corrected.

4.3 Right to Deletion (Article 17)

Also known as the "right to be forgotten," you can ask us to delete your personal data in certain circumstances. These include:

The data is no longer needed for the purpose it was collected.
You withdraw your consent and there is no other legal basis for processing.
You object to the processing and there are no overriding legitimate grounds.
The data was processed unlawfully.

Note: We may need to keep some data to comply with legal obligations (e.g., financial records). We will inform you if this applies.

4.4 Right to Restriction of Processing (Article 18)

You can ask us to restrict (i.e., limit) how we process your data in certain cases. For example:

You contest the accuracy of the data (we will restrict processing while we verify it).
The processing is unlawful but you prefer restriction over deletion.
We no longer need the data but you need it for legal claims.
You have objected to processing and we are checking whether our legitimate grounds override yours.

4.5 Right to Data Portability (Article 20)

You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format (e.g., CSV or JSON). You can also ask us to transmit that data directly to another controller, where technically feasible.

This right applies to data processed based on consent or contractual necessity, and processed by automated means.

4.6 Right to Object (Article 21)

You have the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis. Upon receiving your objection, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

You can object to direct marketing at any time, and we will stop immediately.

5. How to Withdraw Consent

If you have given consent for us to process your data (e.g., by submitting our contact form, opting into push notifications, or accepting analytics cookies), you can withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing that occurred before the withdrawal.

5.1 Withdrawing Cookie Consent

You can manage your cookie preferences by:

Clearing your browser cookies and revisiting the site. The cookie consent banner will reappear, allowing you to make a new choice.
Adjusting cookie settings in your browser to block specific types of cookies.
Contacting us at [email protected] to request that we reset your cookie preferences.

5.2 Withdrawing Push Notification Consent

You can stop receiving push notifications by:

Adjusting your browser notification settings to block notifications from celebrattropi.com.
In Chrome: Settings > Privacy and Security > Site Settings > Notifications.
In Firefox: Settings > Privacy & Security > Permissions > Notifications.
In Safari: Safari > Preferences > Websites > Notifications.

5.3 Withdrawing Contact Form Consent

If you have submitted a contact form and wish to withdraw your consent for us to store and process that data, email [email protected]. We will delete your form data within 30 days.

6. Data We Collect and Process

For a full list of the data we collect and how we use it, please see our Privacy Policy. In summary:

Name, email, and phone number (from contact form, with your consent).
Browser and device data (from cookies, with your consent for non-essential cookies).
Push notification subscription data (with your consent via browser prompt).

7. Data Retention

We retain personal data only as long as needed:

Contact form submissions: 24 months.
Cookie consent records: 12 months.
Analytics data: 26 months (anonymised).
Push notification data: Until you unsubscribe.

8. International Data Transfers

Some of our service providers (e.g., OneSignal for push notifications) may process data outside the EU/EEA. Where this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

9. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

10. Data Protection Officer

Crown Elara Resort & Casino does not currently have a designated Data Protection Officer (DPO) as we are not required to under GDPR Article 37. However, all data protection queries can be directed to our privacy team at [email protected].

11. How to Make a Request

To exercise any of your GDPR rights, contact us by:

Email: [email protected] (preferred method)
Post: Crown Elara Resort & Casino, 100 Eagle Street, Brisbane, QLD 4000, Australia

Please include your full name and the email address associated with your enquiry or account. We will respond within 30 days. If your request is complex, we may extend this by an additional 60 days, and we will notify you of the extension.

12. Right to Lodge a Complaint

If you believe that we have not handled your data correctly, you have the right to lodge a complaint with a supervisory authority. For EU/EEA residents, this is the data protection authority in your country of residence. A list of authorities can be found at edpb.europa.eu.

For Australian residents, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

We would appreciate the chance to address your concerns before you contact a supervisory authority. Please reach out to us at [email protected] first.

13. Updates to This Page

We may update this GDPR information page from time to time. Any changes will be posted here with an updated "Last Updated" date. We recommend checking this page regularly.