GDPR Policy | Velvet Mirage Casino & Hotel

1. Introduction

This policy explains how Velvet Mirage Casino & Hotel handles your personal data under the General Data Protection Regulation (GDPR). Even though we are based in Australia, we respect the rights of all visitors, including those from the European Economic Area (EEA).

We are committed to protecting your data and being clear about how we use it.

2. Data Controller

The data controller responsible for your personal data is:

Velvet Mirage Casino & Hotel
Website: souveniralpi.com
60 Vanguard Street, Quilpie, QLD 4480, Australia
Email: [email protected]

For all data protection enquiries, please email [email protected].

3. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you. We will provide this within 30 days of your request.

Right to Correction

If your data is wrong or incomplete, you can ask us to correct it. We will update our records promptly.

Right to Deletion

You can ask us to delete your personal data. We will do so unless we have a legal reason to keep it.

Right to Restriction

You can ask us to limit how we process your data. For example, while we verify its accuracy.

Right to Data Portability

You can request your data in a standard, machine-readable format (such as CSV or JSON) so you can transfer it to another service.

Right to Object

You can object to us processing your data based on legitimate interest. We will stop unless we have strong grounds to continue.

To exercise any of these rights, send an email to [email protected]. Include your full name and the specific right you wish to exercise. We will respond within 30 days.

4. How We Collect Your Data

We collect data through:

Contact forms: When you submit your name, email, and phone number.
Cookies: When you browse our site (with your consent).
Push notifications: When you opt in via OneSignal.
Analytics: Anonymous usage data about how you interact with the site.

5. Legal Basis for Processing

We process your data under the following legal bases:

Consent (Article 6(1)(a)): When you submit a form, accept cookies, or opt in to push notifications.
Legitimate Interest (Article 6(1)(f)): To improve our website and services, and to protect against fraud.
Legal Obligation (Article 6(1)(c)): When required by Australian or international law.

6. Withdrawing Consent

You can withdraw your consent at any time. Here is how:

For Cookies

You can manage cookies through your browser settings. Clear your cookies and reload the site. Our cookie consent banner will appear again, and you can choose "Essential Only".

Common browser cookie settings:

Chrome: Settings > Privacy and Security > Cookies
Firefox: Settings > Privacy & Security > Cookies
Safari: Preferences > Privacy > Manage Website Data
Edge: Settings > Cookies and Site Permissions

For Push Notifications

You can unsubscribe from push notifications through your browser settings:

Chrome: Settings > Privacy and Security > Site Settings > Notifications
Firefox: Settings > Privacy & Security > Permissions > Notifications
Safari: Preferences > Websites > Notifications

Find souveniralpi.com in the list and set it to "Block" or "Deny".

For Email Communications

Email [email protected] with the subject line "Withdraw Consent". We will process your request within 30 days.

7. Data Retention

We keep your data only as long as needed:

Contact form data: Up to 24 months.
Cookie data: Up to 365 days (depending on the cookie).
Push notification subscriptions: Until you unsubscribe.
Analytics data: Up to 26 months.

After these periods, data is deleted or made anonymous.

8. Data Security

We protect your data with:

SSL/TLS encryption on all website traffic.
Restricted access to personal data (staff only on a need-to-know basis).
Regular security reviews and updates.
Secure third-party processors with their own GDPR commitments.

9. International Data Transfers

Your data may be transferred to countries outside the EEA (for example, to our servers in Australia or to third-party services like OneSignal in the United States). We ensure that adequate safeguards are in place, including standard contractual clauses approved by the European Commission.

10. Third-Party Processors

We use the following third-party services that may process your data:

OneSignal (USA): Push notifications and user tagging. Privacy Policy
Google Fonts (USA): Web font delivery. Privacy Policy

11. Data Breach Notification

If a data breach occurs that is likely to risk your rights, we will:

Notify the relevant data protection authority within 72 hours.
Notify affected individuals without undue delay.
Document the breach and the steps we took to address it.

12. Children's Data

Our Site is not intended for anyone under 18. We do not knowingly collect data from children. If we find that we have, we will delete it immediately.

13. Complaints

If you believe we have not handled your data correctly, you can:

Contact us at [email protected].
Lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
If you are in the EEA, lodge a complaint with your local data protection authority.

14. Updates to This Policy

We may change this policy from time to time. We will post updates on this page with a new date. We encourage you to review this page regularly.

15. Contact

For any questions about this GDPR policy or your data rights:

Velvet Mirage Casino & Hotel
60 Vanguard Street, Quilpie, QLD 4480, Australia
Email: [email protected]
Website: souveniralpi.com