loading
07:18
Responsible gamingHelp center
Circus
SportsCasinoLive casinoStrategyPromotionsClubWelcome offer
RegisterLog inMy account
Terms and conditions
Privacy policy

Privacy policy

Here at Circus, we value your privacy. We therefore use a secure system to process your personal data and to ensure it is safely transferred to our server.

Check out our privacy policy and our Cookie Policy to find out how your personal data is processed.

Your privacy and security are our priority

As well as ensuring your personal data is protected, the transactions you make at Circus are also 100% secure thanks to the various internationally renowned withdrawal and payment methods available.

Want to learn more about making a withdrawal or a deposit? Or are you interested in discovering the different payment and withdrawal methods available? Check out our FAQs.

Privacy Policy - Circus.nl

BETCA B.V. (hereinafter "CIRCUS") places great importance on the protection of personal data. Therefore, we do everything we can to protect the privacy of all visitors and users (hereinafter: the "Data Subjects") of the website for online games of chance and betting www.circus.nl (hereinafter: the "Site").

The Data Subjects can find below all provisions regarding the processing of personal data that apply during each visit to or use of the Site by the Data Subjects (hereinafter: the "Privacy Statement").

Privacy Statement

“Circus.nl”

1.            General

2.            Processing of personal data in connection with legal obligations, the performance of the agreement, and the legitimate interests of CIRCUS (no consent required)

2.1.          Which data are processed?

2.2.          What does the processing carried out by CIRCUS consist of?

2.3.          What are the purposes of this processing?

3.            Processing of personal data that requires the consent of the Data Subjects

3.1.          Which data is processed?

3.2.          What does the processing consist of? 

3.3.          What are the purposes of this processing?

4.            Rights of the Data Subject

4.1.          Information

4.2.          Right of access

4.3.          Right of rectification

4.4.          Right to object

4.5.          Right to erasure

4.6.          Right to restrict processing

4.7.          Right to dataportability

4.8.          Procedures

5.            Localization, storage, and retention period of personal data

6.            Liability of CIRCUS - Subcontractor

7.            Miscellaneous

7.1.          Register of Personal Data and Data Protection Manual

7.2.          Integrality - Changes to this Privacy Statement

7.3.          Evidentiary value

7.4.          Contact - Information on the identity of the Data Controller and the Data Protection Officer

7.5.          Data Protection Authority

1. General

CIRCUS processes personal data of Data Subjects of the Site for the purposes and within the boundaries of this Privacy Statement during each visit or use thereof.

CIRCUS ensures that the processing of these personal data complies with applicable laws and regulations, and in particular with the General Data Protection Regulation (GDPR) and the European Regulation (EU) 2016/679 of April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data (hereinafter, collectively: the "Regulation").

In this regard and in accordance with this Regulation, CIRCUS:

  • is legally obligated to carry out the processing of personal data of Data Subjects. This processing is described in article 2.1 of this Privacy Statement;
  • additionally processes personal data to enable Data Subjects to use the Site and for the necessary and legitimate purposes described in article 2.2 of this Privacy Statement;
  • processes personal data with the prior, free, and explicit consent of the Data Subjects according to the explicit purposes described in article 3 of this Privacy Statement.

By visiting and using the Site, the Data Subjects are deemed to have read and accepted this Privacy Statement. They further guarantee that the data and information provided to CIRCUS are accurate.

2. Processing of personal data in connection with legal obligations, the performance of the agreement, and the legitimate interests of CIRCUS (no consent required)

CIRCUS, based on legal obligations for authentication purposes and so that the Data Subjects can use the Site, processes the following personal data for the purposes described below. This processing of personal data by CIRCUS does not require the consent of the Data Subjects in accordance with article 6.1(b) and (c) of the Regulation.

Additionally, CIRCUS processes personal data for which no consent from the Data Subjects is required under article 6.1(f) of the Regulation.

The personal data submitted by the Data Subjects are recorded in a register, as described in article 7.1, which is managed by CIRCUS and is at all times under its responsibility.

2.1. Which data are processed?

The processed personal data are as follows:

  • Last name, first name(s), date and place of birth, language, gender, home address/mailing address, Citizen Service Number (or ID card or passport number), email address, fixed or mobile phone number, CRUKS code of the Data Subject;
  • Financial data including the source of funds and bank details used for deposits into and withdrawals from the gaming account;
  • Special categories of personal data, including data concerning the health of the Data Subject and the origin of funds;
  • Copies of personal documents enabling the authentication of the Data Subject, such as a photo of the ID card, a bank statement, a deposit slip, or any other document as proof of residence and/or domicile of the Data Subject;
  • Browsing and activity history on the Site including gaming history (casino and sports betting), transactions (wins and losses, deposits, withdrawals, bonuses, gifts, and other forms of rewards), connections (browser data, IP address), particularly through cookies;
  • Any other data that may be exchanged between CIRCUS and the Data Subject, especially via email or live chat, as part of their registration or the Data Subject’s use of the online games of chance and betting offered on the Site.

2.2. What does the processing carried out by CIRCUS consist of?

The processing of data consists of collecting, recording, storing, consulting, organizing, using, combining, or any other operation that is necessary or useful under the legal and regulatory provisions described in article 2.1. The processing may also include the transfer of personal data to:

  • judicial, administrative, and supervisory authorities, such as the Kansspelautoriteit.
  • to CIRCUS suppliers whose services are inextricably linked to the use of the Site and whose list is available upon request from the Data Protection Officer.
  • to third parties, provided that CIRCUS ensures they adhere to the same standards of personal data protection as CIRCUS itself, and whose list is available upon request from the Data Protection Officer.

2.3. What are the purposes of this processing?

1°)          CIRCUS is required to process the personal data described in article 2.1 to comply with the necessary legal and regulatory obligations, specifically the following legal requirements:

  • Money Laundering and Terrorist Financing Act of 22 April 2020 (‘WwFT’);
  • The Gambling Act (‘WOK’), the Remote Gambling Act (‘Wet KOA’), and the Policy Rules for the Licensing of Remote Gambling concerning gambling, betting, gambling establishments, and the protection of Data Subjects (general consumer protection and protection against gambling addiction), including the obligations imposed on operators regarding management and administration, the implementation of checks on the CRUKS (Central Register for Exclusion from Gambling), and its implementing regulations.
  • The Remote Gambling Decree (‘Besluit KOA’), the Remote Gambling Regulation (‘Regeling KOA’), the Decree on Recruitment, Advertising, and Addiction Prevention, the Regulation on Recruitment, Advertising, and Addiction Prevention (‘Bwrvk’), and the Policy Rules for Responsible Gambling.

2°)          CIRCUS also processes the personal data referred to in article 2.1 to grant Data Subjects access to the Site and to perform the agreement; this processing is thus carried out to ensure:

  • the management of registrations and accounts of Data Subjects;
  • the management of deposits and winnings of Data Subjects, and more generally, the provision of online gambling and betting services;
  • the data of the Data Subject related to the services offered by CIRCUS;
  • the management of customer service, including support services, particularly the 'risk & fraud' and the 'responsible gaming' departments;
  • the analysis and recording of the gambling behavior of Data Subjects;
  • the profiling of Data Subjects: CIRCUS uses profiling to assess whether the gambling behavior of a Data Subject aligns with their financial situation. Through profiling, CIRCUS can detect early signs of problematic gambling behavior and intervene accordingly (duty of care). Moreover, this is necessary for executing Addiction Prevention Policy and AML Policy.

3°)          CIRCUS also has a legitimate interest in processing the personal data referred to in article 2.1, namely:

  • the development of new games of chance and betting offers;
  • promotion, advertising, and marketing, including the management of membership and associated loyalty programs related to the offering of online games of chance and betting, including sending SMS messages, making phone calls, and sending newsletters;
  • participation in contests and promotions, including communication with winners;
  • conducting satisfaction surveys, statistical research, trend analysis, and market research with the aim of improving services related to online games of chance and betting, providing information to Data Subjects, or protecting Data Subjects to prevent gambling addiction, as well as for management, marketing, and reporting purposes (including profiling);
  • the ability to defend itself in a dispute or legal action against the Data Subject or third parties.

3. Processing of personal data that requires the consent of the Data Subjects

By using the CIRCUS Site, the Data Subject demonstrates their free will to expressly consent to CIRCUS processing personal data in accordance with the Regulation, under the conditions and for the purposes mentioned below, and without prejudice to the processing referred to in article 2.

The personal data submitted by the Data Subject are recorded in a register, as described in article 7.1, which is managed by CIRCUS and always falls under its responsibility.

The Data Subject also has rights, including the right to withdraw their consent at any time, in accordance with the provisions and conditions set out in article 4.

3.1. Which data is processed?

The data processed by CIRCUS is as follows:

  • Last name, first name(s), date of birth, language, gender, home address/mailing address, national register number (or ID card or passport number), email address, fixed or mobile phone number;
  • Browsing and activity history of the Data Subject on the Site, including game history (casino and sports betting), transactions (wins and losses, deposits, withdrawals, bonuses, gifts, and other forms of rewards), connections (browser data, IP address), particularly through cookies;
  • Data about the income and/or financial resources of the Data Subject;
  • Any other data that may be exchanged between CIRCUS and the Data Subject, especially via email or live chat, as part of the registration or the use by the Data Subject of the online games of chance and betting offered on the Site.

The personal data submitted by the Data Subject are recorded in a register, as described in article 7.1, which is managed by CIRCUS and always falls under its responsibility.

3.2. What does the processing consist of?

The processing consists of collecting, recording, storing, consulting, organizing, using, and combining the personal data described in article 3.1. It also includes the transfer of such personal data to third

parties, provided that CIRCUS ensures they adhere to the same standards of personal data protection as CIRCUS itself, and whose list is available upon request from the Data Protection Officer.

3.3. What are the purposes of this processing?

Personal data are collected and processed by CIRCUS for the following purposes:

  • promotion, advertising, and marketing, including the management of membership and associated loyalty programs related to the offering of online games of chance and betting, including sending SMS messages, making phone calls, and sending newsletters;
  • participation in contests and promotional games of chance, including communication with winners.

4. Rights of the Data Subject

Without prejudice to articles 2 and 5, Data Subjects have the rights mentioned in this article 4 regarding the processing of their personal data by CIRCUS.

4.1. Information

CIRCUS will notify the Data Subject of any deletion or correction of data carried out in accordance with articles 4.3 and 4.4, unless such notification is impossible or requires disproportionate effort. This notification will be made by email or post, based on the contact details provided by the Data Subject.

4.2. Right of access

a.         Data Subjects have the right to request access at any time to all their personal data referred to in article 3.1 that is processed. This access can be partially obtained through the player account and by contacting the Data Protection Officer.

b.         Data Subjects have the right to receive a copy of the personal data that is the subject of processing. For any additional copies requested, CIRCUS reserves the right to charge for all costs associated with this new request; these costs will be calculated based on the administrative expenses incurred by the request and will not exceed 20 euros.

c.         Data Subjects have the right to obtain this access or copy in a structured format, such that the personal data are provided to them in a format that meets the technical standards applicable at the time of the access request; this format will therefore enable machine readability.

4.3. Right of rectification

CIRCUS guarantees and requires Data Subjects to update and correct their personal data if such data is inaccurate or incomplete.

This right to rectification can be exercised by submitting a request to the Data Protection Officer.

4.4. Right to object

Data Subjects have the right to object to the processing of their personal data in the following cases:

  • if their personal data is inaccurate;
  • if the processing is no longer necessary for the purposes for which the data was collected;
  • if the Data Subject withdraws their consent;
  • if the personal data are subject to unlawful processing
  • Data Subjects also have the right to object to:

o        Automated decision-making based on the processing of their personal data (including profiling), unless CIRCUS has compelling legitimate grounds for the processing;

o        Any processing of their personal data for marketing purposes, including profiling, if related to marketing.

This right to object can be exercised by submitting a request to the Data Protection Officer.

4.5. Right to erasure

CIRCUS is committed to responding to any request for the deletion of personal data as quickly as possible, if:

  • the processing is no longer necessary for the purposes for which the data were collected;
  • the Data Subject withdraws their consent;
  • the data have been unlawfully processed or need to be erased under a legal obligation;
  • the Data Subject objects to the automated processing of their data, such as profiling, and there are no legitimate grounds that make this processing necessary for CIRCUS;
  • the Data Subject objects to the processing of their personal data for marketing purposes, including profiling, if it is related to marketing.

4.6. Right to restrict processing

Data Subjects also have the right to obtain from CIRCUS a restriction on the processing of their personal data if:

  • The Data Subject believes their personal data are inaccurate, and this is for a period needed by CIRCUS to verify the accuracy;
  • The processing is unlawful and the Data Subject does not want the data to be erased, but wishes to have its processing restricted;
  • The Data Subject objects to automated decision-making based on the processing of their personal data (including profiling) or to the processing of their personal data for marketing purposes, and it is necessary to verify the legitimacy of the reasons why CIRCUS intends to maintain this processing;
  • CIRCUS no longer needs the processed personal data, but the Data Subject wants them to be retained for the establishment, exercise, or defense of legal claims.

This right to restriction can be exercised by submitting a request to the Data Protection Officer.

4.7. Right to dataportability

Data Subjects are authorized to transfer the personal data processed by CIRCUS based on its legitimate interest and based on the Data Subject's consent to another data controller without CIRCUS blocking this transfer.

To the extent that such transfer is technically possible, Data Subjects have the right to request that CIRCUS facilitates this transfer directly by the data controller.

4.8. Procedures

The rights granted to the Data Subject by CIRCUS must be exercised according to the procedures outlined in article 7.4.

CIRCUS will respond to Data Subject requests within one month and will maintain a register for this purpose.

5. Localization, storage, and retention period of personal data

5.1.             CIRCUS stores the personal data of Data Subjects in a form that allows identification and availability, using appropriate and secure means.

The data is stored and hosted at data centers in the Netherlands and Luxembourg; these facilities have all the necessary and useful security guarantees according to the applicable technical standards.

5.2.             The personal data of Data Subjects is stored by CIRCUS for the purposes defined in articles 2 and 3. They are retained for a period of 10 years for all purposes outlined in article 2.3, parts 1 and 2. CIRCUS reserves the right to retain the personal data of Data Subjects for any purposes that may be mandated by law concerning online gambling and betting. Data Subjects acknowledge and agree that CIRCUS is required to keep a photocopy of their ID card or identification document for five years after the closure of their player account.

Otherwise, personal data are retained for a period not exceeding what is necessary to achieve the purposes of processing specified in articles 2 and 3, taking into account the specific nature of the services offered by CIRCUS. This period also considers cases where CIRCUS, at the initiative of the Kansspelautoriteit, a judicial authority, or a third party, is required to initiate or defend a legal claim related to the personal data of the Data Subjects.

6. Liability of CIRCUS - Subcontractor

6.1.             CIRCUS is committed to ensuring that the processing of personal data of the involved Data Subjects is conducted lawfully, fairly, and transparently. All processing by CIRCUS will comply with the requirements of the Regulation and this Privacy Statement.

CIRCUS implements all reasonable and appropriate measures to ensure the confidentiality, integrity, and availability of the personal data it processes. These technical and organizational measures are described in the Data Protection Manual, which is available from the Data Protection Officer.

Technical measures include, in particular, anonymization and encryption of personal data, depending on the required purpose.

Organizational measures include conducting internal audits, in addition to the controls that CIRCUS may be subjected to by the Kansspelautoriteit and the Data Protection Authority.

If necessary, CIRCUS, with the assistance of the Data Protection Officer, will conduct an impact assessment when processing may pose a high risk to Data Subjects.

6.2.             The personal data of Data Subjects is not disclosed to third parties except to CIRCUS’s suppliers and partners, and only for the purposes described in articles 2 and 3, and if:

  • The transfer is required by law, regulation, or order from an administrative or judicial authority;
  • The transfer proves necessary for the provision of online gambling and betting services or for maintenance services;
  • CIRCUS has a legitimate interest in sharing personal data;
  • The Data Subject has consented to such a transfer.

A partner is not considered a subcontractor unless they process the personal data of Data Subjects on behalf of CIRCUS. CIRCUS disclaims all responsibility for the processing of personal data by third parties who provide their own services in their own name and for their own account, or if CIRCUS can demonstrate that the processing causing the damage is not attributable to it.

In the event that CIRCUS acts as a subcontractor of the partner, it is agreed that CIRCUS cannot be held liable for damage caused by the processing of personal data in violation of the Regulation or this Privacy Statement if it has not fulfilled the obligations of the Regulation that specifically apply to subcontractors or if it has acted outside or contrary to the lawful instructions of the partner. Similarly, CIRCUS’s liability cannot be invoked if it demonstrates that the damage caused is not attributable to it.

6.3.             CIRCUS ensures that when the processing is carried out by a third party on behalf of CIRCUS, that third party provides (contractual) sufficient guarantees regarding the implementation of appropriate technical and organizational measures and, more generally, regarding compliance with the requirements of the Regulation. CIRCUS requires the subcontractor to specifically comply with the Regulation and to maintain a record accordingly.

6.4.             CIRCUS undertakes to report any security incidents related to the processed data that may pose a risk to the rights and freedoms of Data Subjects to the data protection authority, as described in article 7.5, as soon as possible and, if feasible, within 72 hours from the date the incident occurs.

CIRCUS records each security incident and takes the necessary organizational and technical measures to resolve the issues as quickly as possible.

CIRCUS will also inform the affected Data Subjects, if the data breach represents a high risk to their rights and freedoms; this information will be sent via email or postal mail to the contact address provided by the Data Subject.

7. Miscellaneous

7.1. Register of Personal Data and Data Protection Manual

As the data controller, CIRCUS maintains a register of all its processing activities. This register includes the following information:

  • a description of the purposes of the processing;
  • a description of the categories of data subjects and categories of personal data;
  • the categories of recipients with whom the personal data has been or will be shared, including recipients in third countries or international organizations;
  • the periods provided for the deletion of the various categories of data;
  • a general description of the technical security measures.

Additionally, CIRCUS holds the ISO 27001 certification. To this end, the company has published a Data Protection Manual that includes all technical and organizational measures to ensure data security within CIRCUS, including the protection of personal data. This manual is available from the Data Protection Officer.

7.2. Integrality - Changes to this Privacy Statement

This Privacy Statement includes all contractual provisions applicable to data subjects, without prejudice to the general terms contained in the Site's Terms and Conditions of Use, of which it is an integral part. The Site's Terms of Use therefore remain applicable to all matters not related to the protection of personal data.

CIRCUS also reserves the right to amend this Privacy Statement. Any revised version will be binding on the data subjects as soon as it is published on the Site. The date on which the changes take effect is indicated at the bottom of this Privacy Statement.

7.3. Evidentiary value

The data subject acknowledges that the electronic documents exchanged and the electronic data collected as part of the registration or use of the Site have the same evidentiary value as if these documents and data were provided or collected on paper. Therefore, the Data Subject agrees not to challenge their validity or evidentiary value due to their electronic format.

7.4. Contact - Information on the identity of the Data Controller and the Data Protection Officer

You can contact CIRCUS regarding any questions about the protection of personal data as follows:

Requests related to the exercise of the rights mentioned in article 4 should be directed to: [email protected]

CIRCUS has also appointed a Data Protection Officer (DPO) in accordance with article 37 of the Regulation. You can contact the DPO via email at: [email protected]. The DPO is responsible for overseeing and ensuring compliance with the processing of personal data by CIRCUS.

7.5. Data Protection Authority

In accordance with the Regulation, the data subject has the right to request additional information or to file a complaint with the Data Protection Authority. The contact details are as follows:

Address: Bezuidenhoutseweg 30, 2594 AV The Hague

Phone: +31 88-1805250

Website: www.autoriteitpersoonsgegevens.nl

Note: In the event of discrepancies between the English and Dutch versions of this Privacy Statement, the Dutch version shall prevail.