Seminole Tribe of Florida
Privacy Policy

 

Last Updated: January 2025

 

General Statement

The Seminole Tribe of Florida is a federally recognized Indian tribe doing business as Seminole Gaming (“Seminole Gaming”, “us”, “our” or “we”), and has prepared this Privacy Policy to explain our practices regarding the collection, use and sharing (collectively, “Processing”) of Personal Information (defined below) through our websites (collectively, the “Sites”, listed below), and any services offered on or through the Sites (the Sites and the services are collectively referred to as the “Services”). Where additional detailed information is needed to explain our privacy practices, we provide supplementary privacy notices to describe how Personal Information is processed. This Privacy Policy does not apply to information collected by any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Sites. Please review the privacy policies of any third party website or application for more information about how they process your Personal Information.

  • Business Transfers. If we are acquired by, or merged with, another entity, if substantially all of our assets are transferred to another entity, or as part of a bankruptcy or reorganization proceeding, or if we are evaluating or in negotiations with respect to any such transaction, we may transfer, or make available, the Personal Information we have collected from you to the other entity or resulting legal entity.
  • In Connection with Legal Process. We also may disclose the Personal Information we collect from you in order to comply with applicable laws or regulations, a government investigation, a judicial proceeding, court order, or other legal process, such as in response to a subpoena.
    • To Protect Us and Others. We also may disclose the Personal Information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, suspected violations of this Policy, any applicable terms and conditions for Services provided through the Sites or at any hotel and casino owned or operated by Seminole Gaming, or as evidence in litigation in which we are involved.
  • Aggregated and De-Identified Information. We may share aggregate or de-identified Personal Information about users with third parties and publicly for marketing, advertising, research, or similar purposes.
  • Job Applications.  If you apply for a job position, some of your Personal Information may be shared with third parties, including but not limited to iCIMS (a recruiting software provider), in order to confirm education, work history, references, etc. For iCIMS’ privacy policy, please visit www.icims.com/legal/privacy-policy-website.

We do not disclose Personal Information to third parties, including for their direct marketing purposes, without your consent except as explained in this Privacy Policy.

Third Party Advertising and Links to Third Party Websites

Sites may include third party advertising. We do not provide your Personal Information to these third party advertisers; however, they may use technology to send the advertisements that appear on the Sites to your browser. In this process, the third party advertiser automatically receives your IP address. They may also employ cookies and web beacons to measure the effectiveness of their own advertisements and to personalize your interaction with them. We do not have access to or control over the cookies, web beacons or other technology these third party advertisers may use, and any information collected by these third party advertisers is not covered by this Privacy Policy. Please contact them directly for further information regarding their information privacy policies. For your reference, the Network Advertising Initiative offers useful information about internet advertising companies, including methods of “opting-out” of their information collection practices (https://thenai.org/about-online-advertising/faq/). 

The Sites may contain links to third party websites. These links are provided for your convenience. We are not responsible for and have no control over the content that appears on these other websites. Seminole Gaming makes no representations or warranties, express or implied, regarding the content of any of these linked websites. Please note that when you click on one of these links, you will leave the Sites and will be subject to the policies and privacy practices of the other websites, which may differ significantly from our Privacy Policy. Please review such third parties’ privacy policies before providing any Personal Information to them.

Data Retention and Disposal

Seminole Gaming keeps customer information for as long as is necessary for business purposes, or as legally required by applicable state, federal and local law . Retention periods vary depending on the type of information and how it is used. The criteria we use to determine the appropriate retention periods include:

  • How long we have a relationship with you and provide services or products to you.
  • Whether there is an applicable legal, contractual or similar obligation that requires us to keep your information for a certain period of time.
  • Whether you have consented to retention of your information for a longer period of time.
  • Whether the personal information is sensitive under applicable law.
  • When we no longer need to use or retain your Personal Information, both physical and electronic records are destroyed.

Data Security

We use reasonable and appropriate security safeguards to help protect Personal Information from unauthorized access, alteration, or disclosure. Despite these efforts, please understand that no system is perfect, and we cannot guarantee that unauthorized access or theft of data will not occur, so you should exercise caution when transferring personal and other sensitive information over the Internet. Please advise us immediately at [email protected] of any incident involving the loss of or unauthorized access to or disclosure of Personal Information that is in our custody or control. Seminole Gaming maintains Incident Response and Business Continuity Plans to address data incident situations.

You are responsible for keeping your account login credentials confidential. You should not share such login credential with any other person as you are responsible for all activity on your account. Be sure to sign off when finished if you are using a shared device. You must immediately notify us if you are aware or suspect any unauthorized use of your account. Please note that Seminole Gaming will never ask for a password other than on the log-in page of an official Seminole Gaming site. Links are available on these Sites to request assistance.

Age Policy

The Sites are not intended for use by or directed to any person under the age of 18. Any use of the Sites by persons under the age of 18 should only be under the direct supervision of that minor’s parent or legal guardian. We do not knowingly collect information from persons under the age of 18 through the Sites. If you believe we have received Personal Information belonging to someone under age 18, please email [email protected] and, after reasonable confirmation, we will delete the Personal Information of the minor.

We strongly support parental control of the internet. If you are a parent and want to prevent your children from using the Sites or the Services, then you may want to consult the filtering software companies, such as Net Nanny and Cybersitter. Net Nanny and Cybersitter are third party service providers that are not affiliated with us or any of our subsidiaries or affiliates and we have no responsibility for the services provided by such providers.

Pursuant to applicable law, persons under the age of 21 are not permitted to gamble at our property or loiter in casino areas. Notwithstanding the foregoing, persons who have obtained age of 18 may participate in class 2 poker and class 2 bingo games at our properties. Seminole Gaming will not grant credit to anyone under the age of 21. Persons younger than 21 years of age are not allowed to accept offers or win contests related to gambling (except that persons 18 years of age and older may enter contests for poker tournaments), and we do not knowingly collect information from such persons.

User Generated Content

We may invite you to post content on or through public areas of our Sites, including your comments, photos, videos, pictures, and any other information that you would like to be available on our Sites. Please note, however, that if you post such content to public areas of our Sites, all of the information or content that you post may be available to other visitors or users of our Sites. Your postings and content may become public and we cannot prevent such information from being used in a manner that may violate this Privacy Policy, applicable law, or your personal privacy. Further, please note that all such content you post must comply with our Terms & Conditions of Use or it is subject to removal.

Access, Correction, and Choice

You have choices about the collection, use, and sharing of your Personal Information, including:

  • Deletion: You can request that we erase or delete all or some of your Personal Information (for example, it is no longer necessary to provide services to you).
  • Change or Correct: You can review and edit your Personal Information by logging onto the Sites and visiting your account at any time.
  • Object to or Restrict Use: You can request that we stop using some or all of your Personal Information or restrict our use of your Personal Information.
  • Access: You can access the Personal Information you submit to our Sites via your account at any time.
  • Copy: You can request a copy of your Personal Information.
  • Right to Portability – provides the ability to request Personal Information in machine readable format.
  • Marketing: Users who no longer wish to receive our newsletter or promotional materials may opt-out of receiving these communications by clicking the unsubscribe link at the bottom of the email.
  • Withdrawing Consent: If we have collected or processed your Personal Information with your consent, you may withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information based on other lawful processing grounds.

If you request access, correction, amendment or deletion of your Personal Information and you have more than one account with us, you will need to instruct us on each account separately. Reasonable access to Personal Information will generally be provided within thirty (30) calendar days at no cost to you, subject to limited exceptions prescribed by applicable law or excessive requests. For your protection, we may need to verify your identity before fulfilling your request. Please note that we may need to retain certain information for recordkeeping purposes or to complete requests or transactions that occurred prior your request. We will also retain your Personal Information if reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, maintain security, detect or prevent fraud and abuse, and enforce the Terms and Conditions of Use. We may also need to retain your Personal Information if required by applicable law, federal tax statutes and other legal requirements (e.g., information on our customers who self-report; tax reporting documents; player winnings, and any statistics, reports or listings that are required to protect our casino properties).

If Personal Information  covered by this Privacy Policy is to be used for a new purpose that is materially different from that for which the Personal Information  was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party in a manner not specified in this Policy, Seminole Gaming will be provide you with an opportunity to choose whether to have your personal data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Information  should be sent to us as specified in the “Contact Information” section below.

Certain Personal Information , such as information about medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, is considered “Sensitive Information.” Seminole Gaming will not use Sensitive Information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless Seminole Gaming has received your affirmative and explicit consent (opt-in).

International Data Transfers

We are located in the United States. Please be aware that, depending on your location, your Personal Information and communications may be transferred to and maintained on servers or databases located outside your state, province, or country. If you are located outside of the United States, please be advised that we store all Personal Information in the United States. By using the Sites or Services, you agree that the collection, use, transfer, and disclosure of your Personal Information and communications will be governed by the applicable laws in the United States.

We may transfer your Personal Information to other countries in compliance with applicable laws. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those countries may have access to your Personal Information. 

EU-U.S. Data Privacy Framework (DPF) and UK Extension to the EU-U.S. Data Privacy Framework (DPF) Compliance

Seminole Gaming participates in and complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK Extension of the EU-US DPF as approved by the European Commission in its adequacy decision issued on July 10, 2023.

Seminole Gaming complies with the Data Privacy Framework Principles, that were developed by the U.S. Department of Commerce in consultation with the European Commission in order to provide organizations in the United States with a reliable mechanism for personal data transfers to the United States from the EU and UK while ensuring that EU data subjects and UK data subjects continue to benefit from effective safeguards and protection as required by European legislation with respect to the processing of their personal data when they have been transferred to non-EU countries.

To learn more about the EU-U.S DPF and the UK Extension of the EU-U.S DPF and view our certification, please visit the Data Privacy Framework website at https://www.dataprivacyframework.gov/s/participant-search

If there is any conflict between the policies in this privacy policy and the EU-U.S. DPF and the UK Extension of the EU-U.S. DPF Principles, the Data Privacy Framework Principles shall govern.

In compliance with the EU-U.S. DPF and the UK Extension of the EU-U.S. DPF, Seminole Gaming commits to resolve complaints about your privacy and our collection or use of your Personal Information.

If you have any question or complaint regarding our participation in the EU-U.S. DPF and the UK Extension of the EU-U.S. DPF or the processing of your Personal Information you may contact us as indicated below in the section of this Privacy Policy “HOW TO CONTACT US”.

Dispute Resolution and Arbitration

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Seminole Gaming . commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to the International Centre for Dispute Resolution, the internation division of the American Arbitration Association (ICDR-AAA) as an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.dataprivacyframework.gov/s/participant-search for more information or to file a complaint. The services of alternative dispute resolution found at https://go.adr.org/dpf_irm.html are provided at no cost to you.

Arbitration

Under certain limited conditions and as a last resort, the individual can invoke binding arbitration. The Federal Trade Commission has jurisdiction over Seminole Gaming’s compliance with the EU-U.S. DPF and the UK Extension of the EU-U.S. DPF.

If Seminole Gaming transfers your Personal Information to a third party, we will ensure the third party is contractually obligated to process your data only for limited, specific purposes consistent with this policy, to apply the same level of protection to that data as the EU-U.S. DPF and the UK Extension of the EU-U.S. DPF Principles, and notify us if it makes a determination that it can no longer meet this obligation. Upon notice, Seminole Gaming will take reasonable and appropriate steps to stop and remediate unauthorized processing. In cases of onward transfer to third parties of Personal Information received pursuant to the EU-U.S. DPF and the UK Extension of the EU-U.S. DPF, Seminole Gaming is potentially liable.

Privacy Policy Changes

We may change this Privacy Policy from time to time. If we decide to change this Privacy Policy, we will inform you by posting the revised Privacy Policy on the Sites. By continuing to use the Sites, the App or Services on or after the Last Updated date, you consent to the revised Privacy Policy.

Interpretation of this Privacy Policy

This Privacy Policy does not create or confer upon any individual any rights, or impose upon Seminole Gaming any rights or obligations outside of, or in addition to, any rights or obligations imposed by applicable country, state, and other privacy laws, as applicable. Should there be, in a specific case, any inconsistency between this Privacy Policy and applicable privacy laws, this Privacy Policy shall be interpreted in that case to give effect to, and comply with, such privacy laws.

Severability

The provisions of this Privacy Policy are intended to be severable. If for any reason any provision of this Privacy Policy shall be held invalid or unenforceable in whole or in part in any jurisdiction, such provision shall, as to such jurisdiction, be ineffective to the extent of such invalidity or unenforceability without in any manner affecting the validity or enforceability thereof in any other jurisdiction or the remaining provisions hereof in any jurisdiction.

Contact Information

You may address all communications to:

Seminole Hard Rock Support Services, LLC,
Attn: Global Data Protection and Risk Office (GDPRO),
5701 Stirling Road, Davie, Florida 33314, or email to [email protected].

If you are in the European Union (EU), you may address all communications to our Data Privacy Representative in EU by using the following contact details:

EU Data Privacy Representative
Studio Legale PANETTA
Via Arenula, 83
00186 Roma RM, Italy
[email protected]

If you are in the United Kingdom (UK) you may address all communications to our Data Privacy Representative in UK by using the following contact details:

Debbie Galbraith
Hard Rock International
148 Old Park Lane, London W1K 1QY, UK
[email protected]

Please include your name, address and phone number or email in all communications and state clearly the nature of your request. If you wish to make a request to access the Personal Information we collect and store about you, complete this form.

Appendix A - Additional Provisions Applicable to European Economic Area Data Subjects

This Appendix outlines certain additional information that we must provide to persons in the European Economic Area as well as certain rights such residents have with respect to the processing of their Personal Information under the European Union’s General Data Protection Regulation (GDPR). For persons in European Economic Area, the term Personal Information means information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

A. Legal Bases for Processing of Personal Information

We process the personal Information collected for the purposes described in the sections entitled “Collection of Personal Information and Other Data,” “Use of Personal Information,” and “Sharing of Information” in our Policy. The legal bases for our processing activities include processing Personal Information as necessary to comply with our contractual obligations, compliance with our legal obligations, protecting the safety of our employees, guests and others, for our legitimate business interests, and pursuant to your consent. The particular legal basis for the processing of your Personal Information is based on the purpose for which such information was provided or collected.

We use Personal Information, such as name, address, email and credit card information, as necessary to perform Services, such as fulfilling ticket purchases or making reservations at properties owned or operated by Seminole Gaming. In some instances, we are not able to provide our Services and products according to our contracts unless you provide us with certain necessary Personal Information. This collection and processing of the Personal Information is based on Article 6 para. 1 (b) GDPR (necessary for the performance of a contract with you).

We may also process your Personal Information if we have received your consent, to respond to requests from you or to take actions in our legitimate interest, such as for marketing purposes or to otherwise inform you of our business operations, and to improve our products and services. Please note that if we rely on consent, you may withdraw your consent at any time, but such withdrawal will not affect the lawfulness of the processing of your Personal Information prior to the withdrawal.

B. Data Retention

See “Data Retention And Disposal” above for our retention policies.

C. Data Subject Rights

Data subjects of the European Economic Area have the following rights:

  • Access, Correction and Erasure Requests: You have the right to:

1. Contact us to confirm whether we are processing your Personal Information;

2. Receive certain information on how your Personal Information is processed;

3. Obtain a copy of your Personal Information;

4. Request that we update or correct your Personal Information; and

5. Request that we delete your Personal Information in certain circumstances.

  • Right to Object to Processing: You have the right to request that we cease processing of your Personal Information based on our legitimate business interests, including profiling, unless we are able to demonstrate a compelling legitimate basis for such processing or we need to process your Personal Information for the establishment, exercise, or defense of a legal claim. You also have the right to object, at any time, to processing of your Personal Information for direct marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to Restrict Processing: You have the right to request that we limit the processing of your Personal Information:

1. While we are evaluating or in the process of responding to a request by you to update or correct your Personal Information;

2. Where such processing is unlawful and you do not want us to delete your data;

3. Where we no longer require such data, but you want us to retain the data for the establishment, exercise, or defense of a legal claim; and

4. Where you have submitted an objection to processing based on our legitimate business interests, pending our response to such request.

  • Data Portability Requests: You have the right to request that we provide you or a third party that you designate with certain of your Personal Information in a commonly used, machine-readable format. Please note, however, that data portability rights apply only to Personal Information that we have obtained directly from you and only where our processing is based on consent or the performance of a contract.

If you believe our processing of your Personal Information violates the GDPR, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work, or the place of the alleged violation.

D. Submitting Requests

European Economic Area data subjects can submit requests by completing this form. We will respond to all such requests within the timeframe required under the GDPR. Please note, however, that certain Personal Information may be exempt from such rights pursuant to the GDPR. In addition, we will not respond to any request unless we are able to appropriately verify the requester’s identity. We may charge you a reasonable fee for subsequent copies of Personal Information that you request. In addition, if we consider that a request is manifestly unfounded or excessive, we may either request a reasonable fee to respond to the request or deny the request.