PRIVACY POLICY
Scope of this Policy Celebrity Casinos, Inc. dba Crystal Casino (the “Company,” “our,” or “we”) has developed this privacy policy out of respect for the privacy of our customers and visitors to our website. This policy describes the personal information we collect, use, and disclose about individual consumers who visit or interact with our website, visit any of our offices, stores, facilities, or locations, purchase or inquire about any of our products or services, contract with us to provide services, or otherwise interact or do business with us. Any information or data covered by an exception to the California Consumer Privacy Act (CCPA), including but not limited to the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA) is not within the scope of the policy. Whenever you visit our website, we will collect some information from you automatically simply by you visiting and navigating through this site, and some voluntarily when you submit information using a form on the website or use any of the other interactive portions of our website. Through this website, we will collect information that can identify you and/or your activity. Additionally, whenever you communicate, interact, or do business with us, we will be collecting personal information from you or about you during our interaction or dealings with you. This policy does not apply to information collected from or about job applicants regarding their application for employment or candidacy. If you are a job applicant, contact our HR Department by sending an email to hr@thecrystalcasino.com for our Job Applicant Notice and Privacy Policy. This policy does not apply to our current and former employees and their family members, dependents, and beneficiaries; if you are a California resident who is a current or former employee of the Company or a family member, dependent, or beneficiary of any of our current or former employees, you may request access to our Employee Privacy Policy by sending an email to hr@thecrystalcasino.com. Collection of Personal Information and Sensitive Personal Information Based on your specific transactions and interactions with us or our website, we will or may collect, and we have in the last 12 months collected, the following categories of personal information about you. For each category of information, the categories of third parties, service providers, and contractors to whom we have disclosed the information in the last 12 months are detailed in the chart below. The examples provided for each category are not intended to be an exhaustive list or an indication of all specific pieces of information we collect from or about you in each category, but rather the examples are to provide you a meaningful understanding of the types of information that may be collected within each category. Category Personal Identifiers Examples Name, alias, social security number, date of birth, driver’s license, or state identification card number, passport number, customer ID numbers. Disclosed To in Last 12 Months Financial institutions Government agencies Third-Party Providers of Proposition Player Services that operate in our cardroom Consumer reporting agencies or credit reporting agencies Marketing support vendors and vendors that support managing or hosting the website Communication providers/vendors that facilitate, manage, and send/receive communications on our behalf via email, text/SMS, or phone Lead providers (referral sources) Transaction support vendors (e.g., check guaranty, payment processors) Consulting and investigation firms, including HR consultants, safety consultants, and workplace investigators Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants Insurance carriers, administrators, and brokers Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services) Casino management systems Hotel management companies and support vendors Booking and reservation processors, and hospitality vendors Rewards program vendor Sold To or Shared With Not sold for monetary or other valuable consideration and not shared for cross-context behavioral advertising.
Category Contact Information Examples Home, postal or mailing address, email address, home phone number, cell phone number. Disclosed To in Last 12 Months Financial institutions Government agencies Third-Party Providers of Proposition Player Services that operate in our cardroom Consumer reporting agencies or credit reporting agencies Marketing support vendors and vendors that support managing or hosting the website Communication providers/vendors that facilitate, manage, and send/receive communications on our behalf via email, text/SMS, or phone Lead providers (referral sources) Transaction support vendors (e.g., check guaranty, payment processors) Consulting and investigation firms, including HR consultants, safety consultants, and workplace investigators Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants Insurance carriers, administrators, and brokers Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services) Casino management systems Hotel management companies and support vendors Booking and reservation processors, and hospitality vendors Rewards program vendor Sold To or Shared With Not sold for monetary or other valuable consideration and not shared for cross-context behavioral advertising.
Category Protected Classifications Examples Race, ethnicity, national origin, citizenship or immigration status, sex, gender, sexual orientation, gender identity, religious or philosophical beliefs, age, disability, medical or mental condition, military status, familial status, union membership. Disclosed To in Last 12 Months Financial institutions Government agencies Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services) Hotel management companies and support vendors Sold To or Shared With Not sold for monetary or other valuable consideration and not shared for cross-context behavioral advertising.
Category Commercial Transactional Data Examples Information regarding products or services provided, purchasing history, player account history, and gaming information. Disclosed To in Last 12 Months Financial institutions Marketing support vendors and vendors that support managing or hosting the website Communication providers/vendors that facilitate, manage, and send/receive communications on our behalf via email, text/SMS, or phone Lead providers (referral sources) Transaction support vendors (e.g., check guaranty, payment processors) Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants Insurance carriers, administrators, and brokers Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services) Casino management systems Hotel management companies and support vendors Booking and reservation processors, and hospitality vendors Rewards program vendor Sold To or Shared With Not sold for monetary or other valuable consideration and not shared for cross-context behavioral advertising.
Category Credit/Financing Application Data Examples Information collected through credit or financing applications, including employment history, company name, role, salary, dates of employment, bank accounts, income sources. Disclosed To in Last 12 Months Financial institutions Government agencies Consumer reporting agencies or credit reporting agencies Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services) Sold To or Shared With Not sold for monetary or other valuable consideration and not shared for cross-context behavioral advertising.
Category Form and other Electronic Submission Data Examples Data submitted through the website including Contact Us forms. Disclosed To in Last 12 Months Marketing support vendors and vendors that support managing or hosting the website Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants Sold To or Shared With Not sold for monetary or other valuable consideration and not shared for cross-context behavioral advertising.
Category Internet Network and Computer Activity Examples Date and time of your visit to this website; webpages visited; links clicked on the website; session identifiers; browser ID; browser type and characteristics; device ID and characteristics or attributes; referring URLs; mobile phone make, model and serial number; mobile service provider; operating system; form information downloaded; domain name from which our site was accessed; search history; interaction-level telemetry; cookies; and internet or other electronic network activity information related to usage of Company networks, servers, intranet, or shared drives, as well as Company-owned computers and electronic devices, including system and file access logs, security clearance level, browsing history, search history, and usage history. Disclosed To in Last 12 Months Marketing support vendors and vendors that support managing or hosting the website Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants Sold To or Shared With Not sold for monetary or other valuable consideration and not shared for cross-context behavioral advertising.
Category Geolocation Data Examples IP address. Disclosed To in Last 12 Months Marketing support vendors and vendors that support managing or hosting the website Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants Sold To or Shared With Not sold for monetary or other valuable consideration and not shared for cross-context behavioral advertising.
Category Visual, Audio, or Video Recordings Examples Your image when recorded or captured in surveillance camera footage or pictures of you taken on our premises or at our events or that you share with us; video and audio recordings of calls and virtual meetings as disclosed to you at the time of the call. Disclosed To in Last 12 Months Government agencies Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants Hotel management companies and support vendors Sold To or Shared With Not sold for monetary or other valuable consideration and not shared for cross-context behavioral advertising.
Category Pre-Contract Information – Independent Contractors Examples Information gathered on independent contractors as part of background screening, reference checks, pre-contract drug test results, information gathered as part of vendor evaluation and other assessments of your qualifications to provide services to the Company, and voluntary disclosures by you. Disclosed To in Last 12 Months Consumer reporting agencies or credit reporting agencies Sold To or Shared With Not sold for monetary or other valuable consideration and not shared for cross-context behavioral advertising.
Category Professional Related Information – Independent Contractors Examples Information on independent contractors contained in tax forms/1099 forms, safety records, licensing and certification records, and performance records, and information related to services provided by independent contractors, including in statements of work. Disclosed To in Last 12 Months Financial institutions Transaction support vendors (e.g., check guaranty, payment processors) Consumer reporting agencies or credit reporting agencies Sold To or Shared With Not sold for monetary or other valuable consideration and not shared for cross-context behavioral advertising.
Category Facility & Systems Access Information Examples Information identifying you, if you accessed our secure company facilities, systems, networks, computers, and equipment, and at what times, using keys, badges, fobs, login credentials, or other security access method. Disclosed To in Last 12 Months Consulting and investigation firms, including HR consultants, safety consultants, and workplace investigators Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants Hotel management companies and support vendors Sold To or Shared With Not sold for monetary or other valuable consideration and not shared for cross-context behavioral advertising.
Category Financial Information Examples Depending on the nature of your interaction with us: Credit card or other payment/financial information, information sufficient to run a credit check, background check, and extend lines of credit; information from player bank accounts. Disclosed To in Last 12 Months Financial institutions Government agencies Transaction support vendors (e.g., check guaranty, payment processors) Hotel management companies and support vendors Consumer reporting agencies or credit reporting agencies Rewards program vendor Sold To or Shared With Not sold for monetary or other valuable consideration and not shared for cross-context behavioral advertising.
Category Inferences Examples Based on analysis of your activity on the website or at the cardroom, we may develop inferences regarding your interests and preferences for our products and services. Disclosed To in Last 12 Months Not Disclosed. Sold To or Shared With Not sold for monetary or other valuable consideration and not shared for cross-context behavioral advertising.
What Sensitive Personal Information We Collect Of the above categories of Personal Information, the following are categories of Sensitive Personal Information the Company may collect from or about consumers, independent contractors, or applicants:
Personal Identifiers (social security number, driver’s license or state identification card number, passport number) Protected Classifications (racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, union membership, or sexual orientation)
Personal information does not include: Publicly available information from government records. Information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer, independent contractor, or applicant, or from widely distributed media. Information made available by a person to whom the consumer, independent contractor, or applicant has disclosed the information if the consumer, independent contractor, or applicant has not restricted the information to a specific audience. Deidentified or aggregated information. Sources of Personal Information We may collect your personal information from the following sources: You the consumer or independent contractor when you visit our casino, when you purchase or inquire about any of our products or services, when you enter into a contract to perform services for us Our employees, contractors, vendors, suppliers, guests, visitors, players, and other consumers based on your interactions with them (if any) We utilize cookies to automatically collect information about our website visitors Surveillance cameras at our physical locations Lead generators and referral sources Credit and consumer reporting agencies Company-issued computers, electronic devices, and vehicles Company systems, networks, software applications, and databases you log into or use Company systems, networks, software applications, and databases you log into or use in the course of interacting with us in any capacity, including from vendors the Company engages to manage or host such systems, networks, applications or databases Hotel management companies and support vendors Third-Party Providers of Proposition Player Services To Whom We Disclose Personal Information: We may disclose your personal information to the following categories of service providers or contractors:
Financial institutions Government agencies Marketing support vendors and vendors that support managing or hosting the website Communication providers/vendors that facilitate, manage, and send/receive communications on our behalf via email, text/SMS, or phone Lead providers (referral sources) Transaction support vendors (e.g., check guaranty, payment processors) Consumer reporting agencies or credit reporting agencies Consulting and investigation firms, including safety consultants, and workplace investigators Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants Insurance carriers, administrators, and brokers Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services) Casino management systems Hotel management companies and support vendors Rewards program vendor Third-Party Providers of Proposition Player Services
Reasons Why We Collect, Use, Retain, and Disclose Personal Information: We may collect, use, and disclose your personal information for any of the following business purposes:
To fulfill or meet the purpose for which you provided the information. To process, complete, and maintain records on transactions. To retain your selection for Text, opt in/opt out to ensure customers who opted out are not sent any text messages. To schedule, manage and keep track of customer appointments and reservations. To maintain records of when customers decline a service or sale. To respond to consumer inquiries, including requests for information, phone calls, and on-premises inquiries. To provide interest-based and targeted advertising. To contact you by email, telephone calls, mail, SMS, or other equivalent forms of communication regarding updates or informative communications related to the functionalities, services, or other information you requested or asked the Company to provide to you. To manage our rewards program. To manage promotions and drawings. To run tournaments. To manage player bank accounts. To manage debarment, self-exclusion, and our Self-Restricted Program. To extend a line of credit to our gaming customers. To promote the Company on social media. To comply with federal, state, and local law, including laws relating to reporting certain financial transactions, laws relating to gambling, hotels, and restaurants, as well as licensing and regulatory requirements. To detect security incidents. To ensure the security of our facility. To cooperate with law enforcement in investigating criminal conduct. To protect against malicious or illegal activity and prosecute those responsible. To verify and respond to consumer requests. To prevent identity theft. INDEPENDENT CONTRACTOR AND BUSINESS-TO-BUSINESS PURPOSES: To fulfill or meet the purpose for which you provided the information. To comply with state and federal law and regulations requiring businesses to maintain certain records (accident or safety records, and tax records/1099 forms). To engage the services of independent contractors and compensate them for services. To evaluate, make, and communicate decisions regarding an independent contractor, including decisions to hire and/or terminate. To grant independent contractors access to secure Company facilities, systems, networks, computers, and equipment, and maintain information on who accessed such facilities, systems, networks, computers, and equipment, and what they did therein or thereon. To implement, monitor, and manage electronic security measures on independent contractor devices that are used to access Company networks and systems. To evaluate, assess, and manage the Company’s business relationship with vendors, service providers, and contractors that provide services to the Company. To improve user experience on Company computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems. To reduce the risk of spreading infectious diseases in or through the workplace. We do NOT and will not sell your personal information in exchange for monetary or other valuable consideration. We do not share your personal information for cross-context behavioral advertising. We do NOT and will not use or disclose your sensitive personal information for any purposes that give rise to a right to limit the use or disclosure of your sensitive personal information under the California Consumer Privacy Act (CCPA), if it applies and you are a California resident. Retention of Personal Information We will retain each category of Personal Information in accordance with our established data retention policy and practice. In deciding how long to retain each category of personal information that we collect, we consider many criteria, including, but not limited to: the business purposes for which the Personal Information was collected; relevant federal, state and local recordkeeping laws; applicable statutes of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations.
We apply our data retention procedures on an annual basis to determine if the business purposes for collecting the personal information, and legal reasons for retaining the personal information, have both expired. If so, we will purge the information in a secure manner. Third Party Vendors We may use other companies and individuals to perform certain functions on our behalf. Examples include administering e-mail services and running special promotions. Such parties only have access to the personal information needed to perform these functions and may not use or store the information for any other purpose. Business Transfers In the event we sell or transfer a particular portion of its business assets, information of consumers, contractors and applicants may be one of the business assets transferred as part of the transaction. If substantially all our assets are acquired, information of consumers, contractors and applicants may be transferred as part of the acquisition. Compliance with Law and Safety We may disclose specific personal and/or sensitive personal information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect our employees or the public. Use of Cookies, Pixels, and Other Tracking Technologies Cookies are small files that a website may transfer to a user’s computer that reside there for either the duration of the browsing session (session cookies) or on a permanent, until deleted, basis (persistent cookies) that may be used to identify a user, a user’s machine, or a user’s behavior. We make use of cookies under the following circumstances and for the following reasons: Provide you with services available through the website and to enable you to use some of its features Identify if users have accepted the use of cookies on the website You may delete cookies from your web browser at any time or block cookies on your equipment, but this may affect the functioning of or even block the website. You can prevent saving of cookies (disable and delete them) by changing your browser settings accordingly at any time. It is possible that some functions will not be available on our website when use of cookies is deactivated. Check the settings of your browser. Below you can find some guidance: Safari Opera Internet Explorer Google Chrome Mozilla Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals. External Links Our website contains links to other sites. We are not responsible for the privacy practices or the content of such websites. To help ensure the protection of your privacy, we recommend that you review the Privacy Policy of any site you visit via a link from our website.
Children Under the Age of 16 We do not knowingly sell or share the personal information of consumers under 16 years of age. How We Protect the Information that We Collect The protection of the information that we collect about visitors to this website is of the utmost importance to us and we take every reasonable measure to ensure that protection, including: Encryption of data in transit via HTTPS/SSL. Logical separation between automatically collected technical data and voluntarily submitted information where applicable. Use of commercially reasonable tools and techniques to protect against unauthorized access. Restricted access to private information on a need-to-know basis. International Visitors We do not target, market to, or offer our products or services to consumers outside of the United States. You agree not to submit your personally identifiable information through the website if you reside outside the United States. If we become aware that a person residing inside the European Economic Area, European Union, Great Britain, or Switzerland has submitted their personal information to us, we will delete it.
Rights Under the CCPA If you are a California resident, you have the following rights pursuant to the CCPA: Right to Know. The right to request, up to 2 times in a 12-month period, that we identify to you (1) the categories of personal information we have collected about you, (2) the categories of sources from which the personal information was collected, (3) the business or commercial purpose for collecting, selling, or sharing this information, and (4) the categories of personal information that we have disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose; Right to Access. The right to request, up to 2 times in a 12-month period, that we disclose to you, free of charge, the specific pieces of personal information we have collected about you. Right to Delete. The right to request, up to 2 times in a 12-month period, that we delete personal information that we collected from you, subject to certain exceptions. Right to Correct. The right to request that we correct inaccurate personal information (to the extent such an inaccuracy exists) that we maintain about you. The right to designate an authorized agent to submit one of the above requests on your behalf. See below for how you can designate an authorized agent; and The right to not be discriminated or retaliated against for exercising any of the above rights, including an applicant’s and independent contractor’s right not to be retaliated against for exercising the above rights. You can submit any of the above types of consumer requests through any of the options below: Call our privacy toll-free line at 888-385-7278. Send us an email at hr@thecrystalcasino.com. Gramm-Leach-Bliley Act Exemption Portions of our services may be subject to the Gramm-Leach-Bliley Act. When we are extending credit, or providing financial advice or counseling, those activities are covered by the Gramm-Leach-Bliley Act. The CCPA does not apply to personal information to the extent that we collect, process, sell, or disclose it subject to the Gramm-Leach-Bliley Act. Therefore, certain rights under the CCPA may be limited to the extent such requests to exercise CCPA rights relate to the collection, processing, selling, or disclosure of personal information in connection with financial activities covered by the Gramm-Leach-Bliley Act.
How We Will Verify That it is Really You Submitting the Request If you are a California resident, when you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct request through one of the methods provided above, we will ask you to provide some information to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us. Responding to Your Right to Know, Right to Access, Right to Delete, and Right to Correct Requests Upon receiving a verifiable request from a California resident, we will confirm receipt of the request no later than 10 business days after receiving it. We endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessarily information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent. If You Have an Authorized Agent: If you are a California resident, you can authorize someone else as an authorized agent who can submit a request on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney or (b) provide other written, signed authorization that we can then verify. When we receive a request submitted on your behalf by an authorized agent who does not have a power of attorney, that person will be asked to provide written proof that they have your permission to act on your behalf, and we will also contact you and ask you for information to verify your own identity directly with us and not through your authorized agent. We may deny a request from an authorized agent if the agent does not provide your signed permission demonstrating that they have been authorized by you to act on your behalf. Consent to Terms and Conditions By using this website, you consent to all terms and conditions expressed in this Privacy Policy.
Changes to Our Privacy Policy As our services evolve and we perceive the need or desirability of using information collected in other ways, we may from time to time amend this Privacy Policy. We encourage you to check our website frequently to see the current Privacy Policy in effect and any changes that may have been made to them. If we make material changes to this Privacy Policy, we will post the revised Privacy Policy and the revised effective date on the website. Please check back here periodically or contact us at the address listed at the end of this Privacy Policy. Consumers With Disabilities This policy is in a form that is accessible to consumers with disabilities. Questions About the Policy If you have any questions about this Privacy Policy, please contact us at hr@thecrystalcasino.com or call 888.385.7278. **This policy was last updated December 31, 2025.