Effective Date: October 1, 2020.
This Policy is subject to the Terms and Conditions that govern any Services. By accessing or using the Sites or Services, you consent to and agree to be bound by this Policy and, depending on the Services also the relevant Terms and Conditions. If you are a resident of California, additional provisions may apply to you under the CCPA as set forth on Hard Rock (herein after defined) California Privacy Rights page. If you are a resident of the European Union, additional provisions may apply to you as set forth in Section 17, Appendix A below.
1. Who Is Collecting Your Information
The Sites is operated, and the Services are provided, by Hard Rock Casino Cincinnati, which is the controller for all Personal Information collected through the Sites and Services and at the Hotel and Casino. Personal Information collected through the Sites or at the Hotel and Casino may be shared with our owners, licensors, and affiliated entities, including, but not limited to, Hard Rock Cafe International (USA), Inc. and its affiliated entities (collectively, “Hard Rock”), provided that they abide by the terms of this Policy. This Policy applies only to the Sites, the Services, and the Hotel and Casino. Other privacy policies may apply to certain other programs made available through the Sites such as, but not limited to, the Hard Rock Rewards Program, the Wild Card Rewards offered through the Hotel and Casino, the Hard Rock Social Casino, the booking engines used to make hotel reservations, and third-party job application systems (collectively, the “Other Programs”). Each of these Other Programs are discussed below.
2. Managing Your Information Preferences
You can review, correct, update, change, or request deletion of the Personal Information you provided to us by using this form. We will respond to your requests within the time period specified by applicable law, or if no time period is specified, we will use reasonable efforts to respond within forty-five (45) days of receipt of the request, subject to any limitations in applicable law. If you are California resident, please see our California Privacy Rights page for more information on the exercise of rights under the CCPA. If you are a resident of the European Union, please review Section 17 below.
If you wish to opt-out of receiving email marketing communications, you can use this form or click the unsubscribe mechanism at the bottom of each email.
Requests relating to the Other Programs must be made through the procedures specified in the privacy policies for those Programs. For example, as noted in the Job Posting Information section, you must contact iCIMS to access, correct, amend, or delete any Job Posting Information you may have submitted through their tracking system.
3. Information We Collect
Personal Information We Collect Directly From You
We collect Personal Information that you choose to provide us, such as when you register for email communications, reserve a room or use Services at the Hotel and Casino, or when you use one of the Other Programs offered through the Sites, such as when you register for the Wild Card Rewards program, register for the Hard Rock Rewards program, designate Hard Rock Casino Cincinnati as your home casino on the Hard Rock Social Casino, or apply for a job through the Sites. For what information we may collect in connection with each of these Other Programs, please see the respective section below.
By providing us your email address, you consent to receiving emails from us. You may revoke this consent at any time as described in the section on “Managing Your Information Preferences.”
We may also collect Personal Information (a) in connection with requests for proposals for weddings, meetings, and other special events at the Hotel and Casino by completing forms on the Sites; and (b) when you request certain services offered at the Hotel and Casino. When we collect this type of Personal Information, we will notify you as to why we are asking for Personal Information and how this Personal Information will be used. Providing this Personal Information is optional; however, if you choose not to provide the requested Personal Information, you may not be able to use some or all of the features of the Sites or Services.
From time to time, our Sites may request Personal Information from you via surveys, sweepstakes, or contests. Participation in these surveys, sweepstakes, or contests is completely voluntary. Contact Personal Information will be used to administer your participation in a contest or sweepstakes, notify the winners, and award prizes. Survey Personal Information will be collected and used for purposes of monitoring or improving the use, features, and performance of the Site and our other products and services.
Information We Collect Automatically
When you make a reservation online at the Sites, you will be asked to supply your name, email address, birthdate, telephone number, an employer or company name, and credit card, debit card or other form of payment information (collectively, “Reservation Information”).
Wild Card Rewards
Hard Rock Rewards
The Sites or the website at www.hardrockhotels.com (“HRH Site”) may include job postings from time to time for our Hotel and Casino. You may be given the opportunity to apply for job openings online through an applicant tracking system operated by iCIMS by creating an account and submitting either via the Sites or the HRH Site, which is usually received by the human resources department of the hiring company. If submitted through that tracking system, your resume and other Personal Information (collectively, “Job Posting Information”) will be made available to us or the manager or operator of the hiring hotel if that is a separate entity. In addition, your Job Posting Information will be stored in that tracking system in an electronic database maintained by iCIMS in the United States on behalf of Hard Rock Casino Cincinnati and Hard Rock.
In some cases, the HRH Site might list the email address of a contact person at the applicable hiring hotel. If that hiring hotel is Hard Rock Casino Cincinnati, any Job Posting Information sent to that email address will be maintained in accordance with this Policy.
All such Job Posting Information may be used for the purpose of assessing your suitability for current and future job vacancies and to pursue your recruiting process.
You will also be required, by the applicant tracking system, to create an account with a user name and password when using an applicant tracking system. You are solely responsible for maintaining the confidentiality of that user name and password, and for any unauthorized access or use of your user name and password.
4. How We Use Your Information
We use your Personal Information for the following business purposes:
To provide our Sites and Services to you, including reservations and services you request at our Hotel and Casino, to communicate with you about your use of our Sites and Services, to respond to your inquiries, to process job applications, to fulfill your orders, and for other customer service purposes.
To tailor the content and information that we may send or display to you, to offer location customization, personalized help and instructions, and to otherwise personalize your experiences while using our Sites or Services.
To notify you about marketing and promotional opportunities. For example, we and Hard Rock may use your information, such as your email address, to send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our Sites and related services on third-party websites.
To conduct promotions, such as sweepstakes, contests and giveaways, and to administer and operate the Wild Card Rewards and Hard Rock Rewards Programs.
To better understand how users access and use our Sites and Services, both on an aggregated and individualized basis, in order to improve our Site and Services and respond to user desires and preferences, and for other research and analytical purposes.
5. How We Share Your Information
We may share your Personal Information as follows:
Affiliates. We may disclose the Personal Information we collect from you to Hard Rock and its affiliates.
Service Providers. We may disclose the information we collect from you to third-party vendors, service providers, contractors or agents who perform functions on our behalf (“Service Providers”). For example, we may contract with Service Providers to provide certain services, such as hosting and maintenance, data storage and management, property management, and marketing and promotions. We only provide our Service Providers with the information or access to information necessary for them to perform these services on our behalf. Each Service Provider must agree to use commercially reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect your Personal Information from unauthorized acquisition, access, use, or disclosure. Service Providers may only use the Personal Information to provide services to Hard Rock and Hard Rock Casino Cincinnati and are prohibited from using Personal Information other than as authorized by Hard Rock and Hard Rock Casino Cincinnati under this Policy.
Business Transfers. If we are acquired by, or merged with, another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, or if we are in negotiations with respect to any such transaction, we may transfer, or make available, the Personal Information we have collected from you to the other company or resulting legal entity.
In Response to Legal Process. We also may disclose the Personal Information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a subpoena.
To Protect Us and Others. We also may disclose the Personal Information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of any applicable Terms and Conditions for Services provided through the Sites, at the Hotel and Casino or this Policy, or as evidence in litigation in which we are involved.
Aggregate and De-Identified Information. We may share aggregate or de-identified Personal Information about users with third parties and publicly for marketing, advertising, research, or similar purposes.
6. Retention of Personal Information
We retain Personal Information about you for the time necessary to accomplish the purpose for which such information was collected, usually for the duration of any contractual relationship or as long as you use or are registered for any of the Services and for any period thereafter as legally required or permitted by applicable law. Our retention policies respect applicable statute of limitation periods and legal requirements. When we no longer need to use or retain your Personal Information for any business, commercial or lawful purpose, we will endeavor to destroy all records, both physical and electronic, containing your Personal Information.
Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies), and change your preferences at any time by using the ‘Privacy Settings’ link found in the footer of our Site, but such disabling might impair use of the Site and Services.
Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Sites and Services, while others are used to enable a faster log-in process or to allow us to track your activities at our Sites and Services. For a complete description of the cookies that we use, please see our Cookie Statement.
Disabling Cookies. In certain jurisdictions, you will be asked to provide consent for your cookies when accessing our website. The request does not always reappear when you revisit the site. You may click to revise your cookie settings.
8. Advertising and Online Tracking
We may allow third-party companies to serve ads and collect certain anonymous information when you visit the Sites. These companies may use non-personally identifiable information (e.g., click stream information, web browser type, time and date, subject of advertisements clicked or scrolled over) during your visits to the Sites and other websites in order to provide advertisements about goods and services likely to be of interest to you. We are not responsible for, and expressly disclaim any liability related to, the content of these ads or the activities of these third-party companies.
We maintain physical, technical, and administrative safeguards to protect the security of information transmitted to us through the Sites or Services. However, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through the Sites or Services, we cannot and do not guarantee the security of any information you transmit on or through the Site or Services, and you do so at your own risk. You are also responsible for maintaining the security of any password or user login credentials you are provided in connection with the Sites or the Services.
10. Links to Other Websites
11. Children’s Privacy
The Sites and Services are intended for users who are 21 years old or older. In addition, we never collect or maintain information at our Sites from those we actually know are under 13 (or 16 in the case of European Union residents). If we are notified that we have collected Personal Information from a person under 13 (or 16 in the case of European Union residents), we will delete that Personal Information. Our Sites are general audience websites.
12. Processing in the United States
Please be aware that, depending on your location, your Personal Information and communications may be transferred to and maintained on servers or databases located outside your state, province, or country. If you are located outside of the United States, please be advised that we store all Personal Information in the United States. The laws in the United States may not be as protective of your privacy as those in your location. By using the Sites or Services, you agree that the collection, use, transfer, and disclosure of your Personal Information and communications will be governed by the applicable laws in the United States.
13. How to Contact Us
You may address all communications to 1000 Broadway Street, Cincinnati, Ohio 45202, or email to [email protected] Please include your name, address, and phone number, or email in all communications and state clearly the nature of your request.
14. EU/US Privacy Shield Compliance
Hard Rock comply with the EU/US Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union members and treaty countries, and the United Kingdom. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.
Please include your name, address and phone number or e-mail in all communications and state clearly the nature of your request or concern. If you wish to make a request to access the personal information we collect and store about you, complete this form.
Hard Rock Casino Cincinnati and Hard Rock Cafe International (USA), Inc. has provided a private sector independent recourse mechanism (located in the United States) to investigate and expeditiously resolve individual complaints and disputes. This dispute mechanism will cover all personal data except for human resource data. For more information, visit the website for ICDR®/AAA® EU-U.S. Privacy Shield: International Centre for Dispute Resolution®, the international division of the American Arbitration Association® (ICDR/AAA) at go.adr.org/privacyshield.html. The services of ICDR/AAA are provided at no cost to you. Under certain limited conditions and as a last resort, the individual can invoke binding arbitration. The Federal Trade Commission has jurisdiction over Hard Rock Casino Cincinnati’s and Hard Rock’s compliance with the Privacy Shield.
If Hard Rock Casino Cincinnati or Hard Rock transfers your personal data to a third party, we will ensure the third party is contractually obligated to process your data only for limited, specific purposes consistent with this policy, to apply the same level of protection to that data as the EU-U.S. Privacy Shield Principles, and notify us if it makes a determination that it can no longer meet this obligation. Upon notice, Hard Rock Casino Cincinnati and Hard Rock will take reasonable and appropriate steps to stop and remediate unauthorized processing. In cases of onward transfer to third parties of data received pursuant to the EU-US Privacy Shield, Hard Rock Casino Cincinnati and Hard Rock are potentially liable.
If you feel that Hard Rock Casino Cincinnati has not complied with the policies outlined in this Policy, please contact us at1000 Broadway Street, Cincinnati, Ohio 45202, or email to [email protected] Please include your name, address, and phone number, or email in all communications and state clearly the nature of your request. The Company will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this Policy within forty-five (45) days of receiving the complaint, unless a shorter period is required by law. European Union residents may also follow the procedure outlined in Section 14 above under the Privacy Shield.
We may change this Policy from time to time. If we decide to change this Policy, we will inform you by posting the revised Policy on the Site. Those changes will go into effect on the “Revised” date shown in the revised Policy. By continuing to use the Site or Services, you consent to the revised Policy.
17. Appendix A - Provisions Applicable to European Union Data Subjects
This Appendix outlines certain additional information that Hard Rock Casino Cincinnati is obligated to provide to data subjects of the European Union as well as certain rights such residents have with respect to the processing of their Personal Information under GDPR. For European Union residents, the term Personal Information means information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
A. Legal Bases for Processing of Personal Information
We process the personal Information collected for the purposes described in the sections entitled “Information We Collect” and “How We Use Your Information” in our Policy. The legal bases for our processing activities include processing Personal Information as necessary to comply with our contractual obligations, compliance with our legal obligations, protecting the safety of our employees, guests and others, for our legitimate business interests, and pursuant to your consent. The particular legal basis for the processing of your Personal Information is based on the purpose for which such information was provided or collected.
For example, we use Personal Information, such as name, address, email and credit card information, as necessary to perform Services, such as making reservations at our Hotel and Casino. For example, we are not able to provide our Services and products according to our contracts unless you provide us with certain necessary Personal Information. This collection and processing of the Personal Data is based on Art. 6 para. 1 (b) GDPR (necessary for the performance of a contract with you).
We may also process your Personal Information if we have received your consent, to respond to requests from you or to take actions in our legitimate interest, such as for marketing purposes or to otherwise inform you of our business operations, and to improve our products and services. Please note that if we rely on consent, you may withdraw your consent at any time, but such withdrawal will not affect the lawfulness of the processing of your Personal Information prior to the withdrawal.
B. Data Retention
See Section 6 for our retention policies.
C. Data Subject Rights
Data subjects of the European Union have the following rights:
Access, Correction and Erasure Requests: You have the right to:
contact us to confirm whether we are processing your Personal Information;
receive certain information on how your Personal Information is processed;
obtain a copy of your Personal Information;
request that we update or correct your Personal Information; and
request that we delete Personal Information in certain circumstances.
Right to Object to Processing: You have the right to request that we cease processing of your Personal Information based on our legitimate business interests, including profiling, unless we are able to demonstrate a compelling legitimate basis for such processing or we need to process your Personal Information for the establishment, exercise, or defense of a legal claim. You also have the right to object, at any time, to processing of your Personal Information for direct marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to Restrict Processing: You have the right to request that we limit the processing of your Personal Information:
while we are evaluating or in the process of responding to a request by you to update or correct your Personal Information;
where such processing is unlawful and you do not want us to delete your data;
where we no longer require such data, but you want us to retain the data for the establishment, exercise, or defense of a legal claim; and
where you have submitted an objection to processing based on our legitimate business interests, pending our response to such request.
Data Portability Requests: You have the right to request that we provide you or a third party that you designate with certain of your Personal Information in a commonly used, machine-readable format. Please note, however, that data portability rights apply only to Personal Information that we have obtained directly from you and only where our processing is based on consent or the performance of a contract.
If you believe our processing of your Personal Information violates the GDPR, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work, or the place of the alleged violation.
D. Submitting Requests
EU data subjects can submit requests by completing this form. We will respond to all such requests within the time frame required under GDPR. Please note, however, that certain Personal Information may be exempt from such rights pursuant to GDPR. In addition, we will not respond to any request unless we are able to appropriately verify the requester’s identity. We may charge you a reasonable fee for subsequent copies of Personal Information that you request. In addition, if we consider that a request is manifestly unfounded or excessive, we may either request a reasonable fee to deal with the request or refuse to deal with the request.