PRIVACY POLICY – Borgata Online
Last Updated December 17, 2024
This privacy policy (“Policy”) describes how BetMGM, LLC and its applicable affiliates and subsidiaries (collectively, “BetMGM”, “Borgata Online”, “we,” “our” or “us”) collect, use, protect and share personal information we collect or receive in connection with your access and use of: (1) BetMGM-operated gaming websites and mobile gaming applications, including all features, functionalities, applications, browser extensions and other services available through them (collectively, our United States “Gaming Operations”); and (2) other websites that we operate, including, without limitation, our corporate website, located at www.betmgminc.com, and other websites or mobile applications we operate that provide a link directly to this Policy, including all features, functionalities, applications, browser and extensions and other services available through them (collectively, our “Corporate Websites” and, together with our Gaming Operations, our “Online Offerings”). This Policy also applies to any personal information we collect or receive in connection with any other interactions we have with you outside of our Online Offerings related to our business operations, such as when you contact us or use other services we provide (collectively, together with our Online Offerings, our “Services”).
You can access our Online Offerings in many ways, including from a computer or mobile device, and this Policy will apply regardless of the means of access. To the extent we provide you notice through our Online Offerings of different or additional privacy policies or practices (e.g., at the point of collection), those additional terms shall govern such data collection and use in addition to this Policy.
Please read this Policy carefully. If you do not want us to collect, use or disclose your personal information in the ways described in this Policy, please do not use our Services, provide us with your personal information, or authorize a third party to make your personal information available to us. By using our Services, providing us with your personal information or otherwise making your personal information available to us, you acknowledge that you understand that we may use your personal information as described in this Policy. Please note, as described in this Policy, we may receive your personal information from third parties who have not expressly advised you that they will disclose your personal information to us. If you have any questions about how we collect, use, protect, disclose or otherwise process personal information, including whether we have received your personal information from a third party, please contact us via e-mail, or via our Customer Care portal (chat feature is included).
The Services currently operate under and pursuant to the Interactive Gaming Operator license issued to BetMGM by the Pennsylvania Gaming Control Board, pursuant to and in accordance with Subpart L. Interactive Gaming of the Pennsylvania Code. BetMGM is authorized to conduct Online Wagering in the state of Pennsylvania. The Services are provided by BetMGM (where BetMGM is an indirect, partially-owned subsidiary joint venture of MGM Resorts International (“MGM”)) and are marketed under brands owned by MGM. These Agreements are at all times subject to the authority of the Pennsylvania Gaming Control Board.
Except as otherwise stated in this Policy, this Policy does not apply to the websites, online gaming services and other services operated, controlled or offered by MGM Resorts International (“MGM”). Furthermore, this Policy does not apply to our privacy practices with respect to our collection, use, storage, disclosure, and protection of personal data relating to our employees and job applicants.
I. GENERAL INFORMATION ABOUT OUR COLLECTION AND USE OF PERSONAL INFORMATION
When we refer to “personal information” in this Policy, we mean information that identifies, relates to, describes or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular individual. Please note, as used in this Policy, “personal information” does not include publicly available information from government records or information that has been deidentified or aggregated in a way that it cannot be used to identify a specific individual (“Deidentified Data”).
We commit to maintaining Deidentified Data in its deidentified form and not to attempt to reidentify the Deidentified Data, except and solely for the purpose of determining whether our deidentification processes satisfy the requirements of applicable laws.
Our primary goals in collecting personal information are to provide and improve our Online Offerings, to conduct our business operations, to provide our Services, to communicate with you, and to enable visitors to our Online Offerings to enjoy and easily navigate them.
The categories of personal information we collect and use in connection with our Services may fall into one or more of the categories described below. Please note, the types of personal information provided as examples for each category are not a representation that we will actually collect that specific type of personal information about you.
- Identifiers, such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, e-mail address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
- Customer records, such as a name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information. Please note, for purposes of the California Consumer Privacy Act (“CCPA”), this category of personal information constitutes any personal information described in subdivision (e) of Cal. Civ. Code 1798.80.
- Legally protected characteristics, such as gender identity, gender expression, and age. Please note, for purposes of the CCPA, this category of information constitutes characteristics of protected classifications under California or federal law.
- Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Biometric information,
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
- Geolocation data,
- Audio, electronic, visual or similar information,
- Professional or employment-related information,
- Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
- Inferences, drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Depending on how you use our Services or otherwise interact with us, the following chart provides a general summary about the categories of personal information we may collect about consumers, the categories of sources from which the personal information is collected, our business or commercial purposes for collecting the personal information and the categories of third parties to whom we may disclose such personal information.
Sources of Personal Information |
Categories of Personal Information Collected |
Business or Commercial Purposes for Collecting Personal Information |
Third Parties with Whom Personal Information May be Disclosed |
Directly from individuals or otherwise generated directly by an individual’s use of the Services or other interactions with us |
· Identifiers · Customer records · Legally protected characteristics · Commercial information · Biometric information · Audio, electronic, visual or similar information · Inferences |
· Provide the Services · Assess and improve the Services · Track usage of the Services · Create and update customer profiles · Determine eligibility for offers · Internal market research and analytics · Provide notifications about promotions and special offers · Generate statistical studies · Ensure the fairness, security and safety of the Services · Protect our rights and property · Respond to inquiries · Perform background checks · Process financial transactions · Responsible gambling assessments · Predict preferences, interests and future gaming and spending activities ·Meet our legal and regulatory obligations |
· Third-party service providers · Third-party business partners · Government agencies and related entities · Credit reporting agencies · Data analytics providers |
Automatically through our Online Offerings (including through the use of cookies and other tracking technologies) |
· Identifiers · Internet or other electronic network activity information · Geolocation data · Inferences |
· Provide the Services · Assess and improve the Services · Track usage of the Services · Create and update customer profiles · Internal market research and analytics · Protect our rights and property · Ensure the fairness security and safety of the Services · Detect security incidents · Responsible gambling assessments · Predict preferences, interests and future gaming and spending activities ·Meet our legal and regulatory obligations |
· Third-party service providers · Third-party business partners · Government agencies and related entities · Digital advertising providers · Internet service providers · Operating system and platform providers |
From third-party service providers, third-party business partners and government agencies and related entities |
· Identifiers · Customer records · Legally protected characteristics · Commercial information · Geolocation data · Audio, electronic, visual or similar information · Inferences |
· Provide the Services · Assess and improve the Services · Track usage of the Services · Create and update customer profiles · Internal market research and analytics · Generate statistical studies · Ensure the fairness security and safety of our Services · Protect our rights and property · Respond to inquiries · Perform background checks · Process financial transactions · Detect security incidents · Responsible gambling assessments · Predict preferences, interests and future gaming and spending activities · Meet our legal and regulatory obligations |
· Third-party service providers · Third-party business partners · Government agencies and related entities · Credit reporting agencies · Data analytics providers · Digital advertising providers |
II. INFORMATION WE COLLECT
In addition to the general information provided above, this section describes specific personal information collection and use activities related to certain portions of the Services.
A. Information You Provide. In order to access and use our Gaming Operations, you must register for an online wagering account (a “Wagering Account”). When you register for a Wagering Account, we will access and collect the personal information you provide (including your name, postal address, e-mail address, and date of birth). We may also ask you for additional information, including your mobile phone number, Social Security number, and a government-issued photo identification such as your driver’s license, state identification card, or passport.
We will also verify whether you have a current MGM Rewards Account. If you do not have a current MGM Rewards Account, an MGM Rewards Account will be created for you as part of the registration process. You can learn more about the MGM Rewards program by visiting https://mgmresorts.com. You can review the terms and conditions for the MGM Rewards program here and MGM’s privacy practices with respect to the MGM Rewards program here. For more information about how BetMGM, Borgata Online and MGM utilize and share information in connection with your Wagering Account and MGM Rewards Account, please see the “How to Opt Out” section below.
When you access, participate in, or otherwise interact with our Services, or otherwise engage with us in connection with our Services, such as requesting more information about our Services or communicating with us, we may ask you to provide us with additional personal information. Some of this information may be required for us to collect to meet our legal and/or regulatory obligations. Please note, if you do not provide us with personal information that is required for a particular feature of our Services, such as information we are legally required to collect when you register for a Wagering Account, you may not be able to access, participate in, or otherwise use our Services or certain portions of our Services.
B. Location, Gaming, and Transaction Information. When you use the Services, we and our third-party service providers may collect information about your precise physical location, your gaming activity, and all transactions associated with your Wagering Account.
C. Device Information. When you use the Services, we and our third-party service providers may use cookies (see below), web beacons, tracking pixels, scripts, e-tags, and other technologies (“Tracking Technologies”) to collect and analyze information about you, your device, and your activity. Information collected through Tracking Technologies may include the type of device; browser and operating system you are using; your device identifiers, such as your MAC address; the name you have associated with your device; the unique number associated with your Internet connection; your (mobile) telephone number; the websites you visit; your precise geographic location; and your activities within the Services including the links you click, the pages or screens you view, the bandwidth you use, your session time, the number of times you click a page/screen or use a feature of the Services, the date and time you click on a page or use a feature, and the amount of time you spend on a page or using a feature. Information collected through Tracking Technologies is stored in log files. We respond to “Do Not Track” signals as required by law.
D. Cookies/Session Replay. We may use cookies to store some information on your computer, laptop, tablet or mobile device when you access and use the Services. Cookies are small text files that are stored on your computer or equipment when you visit certain online pages and record your preferences. Cookies allow us to remember things about your visits across the Services, but cannot access or use other information on your device. We do not use flash cookies to remember or use directly identifying personal information about you such as your name or e-mail address. We use cookies to track use of the Services. We also may use cookies and third-party cookies to monitor traffic to the Services, improve the Services, and make it easier and/or more relevant for your use.
We use session replay software on our Online Offerings so we can better understand each individual user’s experiences on our Online Offerings (like how much time users spend on which pages, which links they click, what they like and don’t like) and use that knowledge to fix bugs on our Online Offerings, improve your user experience on our Online Offerings, and improve the functionality of our Online Offerings. Session replay software allows us to record and play back a user’s journey through our website or mobile app. These session replay services use cookies and other technologies to collect data about the behavior of our users and their devices, in particular the IP address of the device, screen size, device type (“Unique Device Identifiers”), information about the browser used, location (country only), preferred language for displaying our Online Offerings, in addition to mouse movement, click information, and text you enter as you navigate through our Online Offerings.
Most web browsers automatically accept cookies, but, if you prefer, you can usually modify your browser setting to decline cookies. The Help menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. You can also modify your Flash Player settings to prevent the use of flash cookies.
If you choose to decline cookies, you may not be able to experience all of the interactive features available through the Services. You can visit www.allaboutcookies.org in order to obtain more information on deleting or controlling cookies. Please note that by deleting our cookies or disabling future cookies, you may not be able to access certain areas or features of the Services. You can find additional information about Our use of cookies here.
E. Wi-Fi and Location Information. There are federal law prohibitions and restrictions relating to wagering on the Internet (including such prohibitions and restrictions set out in 18 U.S.C. §§ 1084 et seq. (“The Wire Act”) and 31 U.S.C. §§ 3163 through 3167 (“UIGEA”)). Each of our Gaming Operations is offered for a specific state or other jurisdiction. It is a federal offense for persons physically located outside of the state or other jurisdiction in which a specific Gaming Operation is offered to engage in any Internet wagering activity through such Gaming Operation. We and our service providers utilize several current technologies, and may use future technologies, that enable us and our service providers to determine the location of devices that engage, or attempt to engage, in any wagering activity through or in connection with our Gaming Operations (collectively, “Location Tracking Technologies”). Location Tracking Technologies allow us to: (i) verify your physical location when you engage, or attempt to engage, in any wagering through or in connection with a specific Gaming Operation; and (ii) improve the location-based services utilized by our Services. Without limiting anything else in this Policy, the Location Tracking Technologies are capable of identifying the precise or near-precise physical location of the computers or Internet-connected devices that engage, or attempt to engage, in any wagering activities through or in connection with our Gaming Operations by accessing the device’s IP address, MAC address, RFID, hardware embedded article/production number, embedded software number (such as UUID, Exif/IPTC/XMP or modern steganography), Wi-Fi positioning system, or device GPS coordinates (collectively, “Location Information”). Without limiting anything else in this Policy, the Location Tracking Technologies will report the Location Information for each any every device you use to engage, or attempt to engage, in any wagering activities through or in connection with our Gaming Operations to us, our service providers and/or regulatory bodies and other applicable government agencies and related entities to ensure you are located in the applicable state or other jurisdiction for the applicable Gaming Operation.
The normal operation of the Location Tracking Technologies and our Gaming Operations transmit Location Information via Transport Layer Security (TLS) technology and Location Information is stored in password protected servers managed by us and our geolocation and operating partners. Neither us nor our partners will disclose, transfer or resell your Location Information to any additional third parties except:
- where required by law, including, without limitation, as necessary to satisfy any law, regulation or government agency request.
- as necessary or appropriate to investigate, respond to and defend against legal claims, including, without limitation, to protect us against liability.
- to protect our property and rights.
- for the safety of the public or any person.
- to stop any unfair, illegal, unethical, fraudulent, abusive or legally actionable activity.
- to protect the security and integrity of our Gaming Operations and any equipment used to make our Gaming Operations available.
- in the event of a merger, acquisition, bankruptcy or other sale of all or a portion of our assets.
You may opt out of, or otherwise withdraw your consent to, our use of the Location Tracking Technologies to collect and report Location Information at any time by turning off the location settings on your applicable devices or by notifying us in writing that you would like to opt out or otherwise withdraw your consent. If you turn off the location settings or opt out or otherwise withdraw your consent, you may be able to access your account and view our webpage, but will not be able to place any internet wagers or access real money games and tournaments via the applicable Gaming Operations.
Location Information is retained for up to ten (10) years as required by applicable regulatory bodies and other government agencies and related entities, as well as state and federal regulations.
F. Affiliate and Third-Party Information. We may obtain information about you from MGM and casinos, resorts, platforms, and properties that are owned, operated, managed by or affiliated with MGM (collectively “MGM Affiliates”), from our other parent and affiliated companies, including, but not limited to, Entain plc (collectively, with the MGM Affiliates, our “Affiliates”) and from third parties, including our business partners and other companies and individuals that refer you to our Services. This information may include, among other things, information related to your MGM Rewards Account that we need to make the Services available to you, information to set up your Wagering Account and information necessary to connect your Wagering Account to your account with one or more of our business partners. It may also include information to assist us in meeting our legal and regulatory obligations and ensuring the fairness, security and safety of our Services.
III. HOW WE USE THE INFORMATION WE COLLECT AND OPT-OUT OPTIONS
A. Use by BetMGM / Borgata Online
Marketing Purposes. We may use the information we collect for our own marketing purposes, including notifying you of special promotions, offers, and events via push notifications, e-mail, and other means. We may also link personal information (including your name, mobile phone number, and e-mail address) with non-personal information (including information collected through Tracking Technologies and Wi-Fi services) and use such information for our own marketing purposes. We and our marketing providers may also use identifiers derived from a hashed or encrypted version of personal information, such as your e-mail address or phone number, to tailor advertising to you or to measure the performance of our advertising. If you do not want us to use your personal information for marketing purposes, you may opt out in accordance with the “How to Opt Out” section below.
Non-Marketing Purposes. We may use the information we collect for non-marketing purposes (collectively “Non-Marketing Purposes”) including:
- validating your identity.
- providing and facilitating our Online Offerings.
- sending you push notifications or e-mails to provide you with alerts and updates about your account and the Services.
- monitoring, accessing, and recording gaming-related activity.
- conducting statistical or demographic analysis.
- processing and tracking gaming and non-gaming transactions.
- complying with legal and regulatory requirements, including, without limitation, responding to subpoenas, search warrants and other inquiries from our regulators.
- customizing your experience with the Services.
- protecting and defending BetMGM, MGM, and all other MGM Affiliates against legal actions or claims.
- preventing fraud.
- debt collection.
- satisfying contractual obligations.
- responsible gambling assessments.
- responding to Customer Care requests.
- safety, security and fairness purposes, including cooperating with law enforcement or other government agencies for purposes of national security, public safety, or matters of public importance when we believe that disclosure of information is necessary or appropriate to protect the public interest.
Text Messages. Without limiting the other purposes described herein, if you have provided us with your consent to receive communications via phone calls or text messages, we may use your information to send text messages to any mobile device connected to your cell phone number. You may opt out from marketing text messages by replying STOP to any marketing text messages you receive from us. Once you cancel, we may send one additional confirmation text message stating that you have opted out of receiving marketing text messages from us. Please note that certain transactional text messages, including those related to account security, are not subject to opt-out. Further information is available in our Texting Program Terms and Conditions.
B. Sharing with Affiliates
We may share the information we collect with Affiliates for marketing purposes and for Non-Marketing Purposes. If you do not want us to share your personal information with Affiliates for marketing purposes, you may opt out in accordance with the “How to Opt Out” section below.
Regarding sharing of information with MGM about your MGM Rewards Account, we will provide MGM with certain information (subject to compliance with applicable laws and with your consent where required) related to your gaming activity for MGM to administer your MGM Rewards Account, including, but not limited to: (1) the amount of money credited to, debited from or present in your Wagering Account; (2) the amount of money you wagered on any game or gaming device; (3) your Wagering Account number and secure personal identification method that identifies you; (4) the identities of particular entities on which you are wagering or have wagered on in the past; and (5) your name, address or other information that BetMGM and Borgata Online possess that would identify you to anyone other than BetMGM, Borgata Online or applicable gaming regulators (“Account Information”). The Account Information we will provide to MGM represents the information MGM needs to provide you with certain benefits and rewards as more fully described in the terms applicable to your MGM Rewards Account. For opt out information specific to your MGM Rewards Account and its connection with your Wagering Account, please see the “How to Opt Out” section below.
C. Sharing with Business Partners, Market Access Partners, and Other Third Parties
We may share the information we collect with our business partners and other third parties for joint marketing purposes and/or our business partners’ (or our own) marketing purposes. Specifically, when we are permitted to operate in a jurisdiction based on our relationship with a third party (“Market Access Partner”), we may be required to share information with that third party for Marketing or Non-Marketing purposes. We may also share information with third-party providers for rewards redemption or to provide prizes to promotion winners. Even if you opt out of permitting us to share your personal information with our business partners and other third parties for marketing purposes, we may still share the information we collect with them for Non-Marketing purposes such as processing transactions, fulfilling your requests, responding to your inquiries, etc.
D. Service Providers
We engage service providers to provide certain services to us or to perform certain services on our behalf including analytics, marketing, fulfillment, and to meet our other business needs. In some cases, service providers may collect or be provided with access to your information as reasonably necessary to perform such services on the condition that they not use or disclose your personal information for other purposes.
We also engage service providers to provide identity verification services; in some cases, these service providers may use biometric information to perform such services. Your consent will be requested before your biometric information will be collected; you may choose not to participate in such collection and we may be able to verify your identity in another way. The collection and retention of the biometric information collected will be subject to the service provider’s retention policies, which will be available to you prior to processing.
E. Fraud Prevention and Security
We are committed to taking all reasonable measures to ensure the fairness, security and safety of our Services. We share information with our affiliates, service providers, state regulators and other government agencies, sports governing bodies, and other similar third parties to detect, discourage and report fraud, unsafe gambling, and other potentially unethical or illegal betting-related activity.
F. Certain Business Transactions
We may share all information we collect with any successor to all or part of our business in connection with a transaction involving a sale, purchase, reorganization, merger, or transfer of any our assets or the assets of Affiliates.
G. How to Opt Out of Marketing from Us and How to Opt Out of having Your Personal Information Shared with Others for Marketing Purposes
If you wish to opt out of receiving marketing communications from us via postal mail, e-mail, telephone, and text messaging, you can opt out within the ‘Communication Preferences’ tab of your account Settings or via e-mail. If you do not want us to share your personal information for marketing purposes with our business partners, third parties or Affiliates, please e-mail us at optout@betmgm.com or write to us at:
BetMGM
Attn: Borgata Online Privacy Policy
Harborside Plaza 2, Suite 700
200 Hudson Street
Jersey City, NJ 07311
You can also unsubscribe from receiving marketing SMS messages as described in the “Text Messages” section above, including by replying STOP to any marketing text message you receive from Us.
Although you may opt out of the use and sharing of personal information for marketing purposes, we may still use and share information we collect for Non-Marketing Purposes.
Please note, if you would like to submit a request to opt out from marketing relating to your MGM Rewards Account, please submit your request to MGM via e-mail to optout@mgmresorts.com; via telephone at 866-761-7111; by clicking the “unsubscribe” link at the bottom of each email; or via postal mail, with your specific request(s), to:
MGM Resorts International
Corporate Compliance Department
Attn: Opt-Out
71 E. Harmon
Las Vegas, Nevada 89109
H. Your Consent or Instructions
We may share your personal information with any third party to whom you consent or instruct us to provide your personal information.
I. No Additional Disclosures
We will not share the information we collect with third parties, other than as described in this Policy. Any information that we collect that we do not disclose to third parties as described in this Policy will be kept confidential, except where the release of that information is required by law.
IV. HOW LONG WE KEEP YOUR PERSONAL INFORMATION/ACCOUNT DELETION
The length of time we retain personal information depends on the reason the personal information was originally collected, how we use the personal information in connection with our operations, and requirements applicable to the personal information. This may include, without limitation, retaining personal information to:
- complete the transaction for which the personal information was collected,
- continue our ongoing business relationship with you,
- ensure the security and integrity of our Services, and
- satisfy applicable legal, regulatory, tax, accounting, or reporting requirements.
To determine the appropriate retention period for individual categories of personal information we collect, we consider the nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of the personal information, the purposes for which we process that personal information and whether we can fulfill those purposes through other means, and applicable legal, regulatory, tax, accounting, reporting or other requirements.
Requests to close or delete your account may be made by logging into your account and selecting Service Closure. Due to regulatory requirements under state gaming laws, federal tax laws and other legal obligations, and as necessary to complete certain transactions, we are required to retain your account information for a certain period of time, which may vary by state. We may also retain your account information to engage in ongoing fraud prevention and detection and to exercise and defend against legal claims. Provided you do not re-open your account in the future, we will delete your account information once we no longer need to retain it for the purpose(s) for which it was retained.
Once we determine that we no longer need to retain such personal information, pursuant to applicable law, such personal information will be securely erased from hard disks, magnetic tapes, solid state memory, and other devices, as applicable, or we will aggregate, anonymize, or otherwise de-identify such personal information so that it no longer identifies you.
V. STATE SPECIFIC RIGHTS
This section describes the rights certain states provide residents of those states with respect to their personal information (“State Privacy Rights”). Please note, if you are not a resident of any state described below, the rights described for such states do not apply to you, but many of these options are available via your account settings when logged into our Services, or through our Customer Care team.
A. California, Colorado, Connecticut, Massachusetts, North Carolina, Oregon, Texas, Utah and Virginia Consumer Privacy Rights.
The California Consumer Privacy Act of 2018 as amended and including any regulations (collectively, “CCPA”) grants certain privacy rights to California consumers, including the right to: (a) know what categories of personal information we have collected about California consumers during the preceding 12 months, including the categories of sources from which that information was collected, the business or commercial purpose for which it was collected, and the categories of third parties with whom the information was shared; (b) request to know what personal information we have collected, used, disclosed, and sold about you during the preceding 12 months; (c) request that we delete your personal information; and (d) opt out of the sale of your personal information to third parties.
The Colorado Privacy Act and its regulations (“CPA”) grants certain privacy rights to Colorado consumers, including the right to: (a) opt out of the processing of personal information concerning targeted advertising, the sale of personal information, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer; (b) access the consumer’s personal information, in a portable manner; (c) correct inaccuracies in the consumer’s personal information; and (d) request the deletion of personal information held regarding the consumer.
The Connecticut Data Privacy Act (“CTDPA”) grants certain privacy rights to Connecticut consumers, including the right to: (a) request to confirm whether we are processing your personal information and to access that personal information; (b) request that we delete your personal information; (c) request to correct your inaccurate personal information; (d) request to obtain a portable copy of your personal information; (e) opt out of the processing of your personal information for certain purposes; and (f) to appeal any adverse decision we make regarding your request to exercise your privacy rights.
Massachusetts Sports Wagering Laws grant certain privacy rights to Massachusetts residents, including the right to request: (a) a description as to how their personal information is being used; (b) access their personal information; (c) update or correct their personal information; (d) restrict the use of their personal information; and (e) erase personal information when it is no longer required to be retained by applicable law or court order.
North Carolina Sports Wagering Laws grant certain privacy rights to North Carolina consumers, including the right to: (a) request the names of third parties with whom your personal information was shared; (b) opt out of the processing of your personal information for certain purposes; and (c) request that we delete or cease use of your personal information and other data collected and instruct our agents and affiliates to do the same.
The Oregon Consumer Privacy Act (“OCPA”) grants certain privacy rights to Oregon consumers, including the right to: (1) confirm whether we process or have processed your personal data and the categories of personal data we are processing or have processed; (2) obtain a list of third parties to which we have disclosed your data; (3) obtain a copy of your data; (4) correct inaccuracies in your personal data; (5) request deletion of your personal data; and (6) opt out of or object to the processing of personal data for the purposes of: (a) targeted advertising; (b) the sale of personal data; or (c) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.
The Texas Data Privacy and Security Act (“TDPSA”) grants certain privacy rights to Texas consumers, including the right to: (1) confirm whether we process your personal data; (2) access your personal data; (3) correct inaccuracies in your personal data; (4) request deletion of your personal data; (5) obtain a copy of your personal data; and (5) opt out of or object to the processing of personal data for the purposes of: (a) targeted advertising; (b) the sale of personal data; or (c) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.
The Utah Consumer Privacy Act (“UCPA”); grants certain privacy rights to Utah consumers, including the right to: (a) request to confirm whether we are processing your personal information and to access that personal information; (b) request that we delete your personal information; (c) request to obtain a portable copy of your personal information; and (d) opt out of the processing of your personal information for certain purposes.
The Virginia Consumer Data Protection Act (“VCDPA”) grants certain privacy rights to Virginia consumers, including the right to: (a) request to confirm whether we are processing your personal information and to access that personal information; (b) request that we delete your personal information; (c) request to correct your inaccurate personal information; (d) request to obtain a portable copy of your personal information; (e) opt out of the processing of your personal information for certain purposes; and (f) to appeal any adverse decision we make regarding your request to exercise your privacy rights.
This section uses certain terms that have the meanings given to them by the CCPA as amended, unless otherwise specified.
These rights, which are discussed more fully below, are subject to some important exceptions, which are intended, among other things, to let us meet its regulatory obligations to maintain certain personal information and protect the integrity and privacy of your personal information. You have the right not to be discriminated against for exercising your privacy rights. You also have the right to designate an authorized agent to exercise your rights on your behalf.
If you need information on how to exercise your rights in an alternative, accessible format due to a disability, please send an e-mail with your name and contact information, or contact us via our Customer Care portal (chat feature is included).
1. Access Requests
You have the right to request that we disclose to you, for the 12-month period preceding the date we receive your request, the following: (1) the categories of personal information we have collected about you, (2) the categories of sources from which personal information was collected about you, (3) the business or commercial purpose for which your personal information was collected or sold, and (4) the categories of third parties to whom we have sold or disclosed your personal information. In addition, you have the right to request that we disclose to you the specific pieces of personal information we have about you. All access requests are subject to verification of your identity.
2. Deletion Requests
You have the right to request that we delete your personal information, subject to certain exceptions such as our need to comply with legal obligations, fulfill orders, complete transactions, etc. All deletion requests are subject to verification of your identity. Please note that deletion requests are subject to certain permitted exemptions, including compliance with our state data retention requirements. If we verify your request and delete your personal information pursuant to the request, we will also instruct our service providers (if any) to delete your personal information from their records, subject to applicable legal requirements.
3. Correction Requests
You have a right to request that we correct your inaccurate personal information. If you request that we correct inaccurate personal information about you, we will use commercially reasonable efforts to correct it. If necessary, we may ask that you provide documentation showing that the information we retained is inaccurate.
4. Requests To Opt Out of Sale or Sharing, or other Processing
Depending on your state of residence, you may also have the right to opt out of having certain types of processing, such as your personal information sold or shared with third parties for targeted advertising purposes, and certain types of automated processing or profiling, as defined by applicable law. We do not sell (as “sell” is traditionally defined) your personal information; we do not provide your name, phone number, address, email address or other personally identifiable information to third parties in exchange for money. But under California law, certain sharing of information for advertising purposes may be considered a “sale” of “personal information”. We use cookies for targeted advertising in certain jurisdictions; all visitors to Borgata Online’s website and app may control the use of cookies by using links at the bottom of our pages (website) or through our account settings page (website and app). Please note that even if you opt out of the selling or sharing of your personal information, we may still: (1) share your personal information with service providers and other entities for business purposes consistent with state privacy laws, and (2) share your personal information in connection with certain business transactions.
Borgata Online also uses computerized algorithms, machine learning and other systems that analyze patron information to meet our regulatory requirements, prevent fraud, and improve internal decision-making. Residents of states where the right to opt out of profiling exists may not opt out of certain types of profiling; please note that you may not opt out of legally required profiling.
Additionally, for residents of the states that have implemented this right, we honor the Global Privacy Control (GPC) as set through various browsers or browser plug-ins. You can find more about how to enable the GPC on your browser on the GPC website. When we receive a valid signal sent through GPC, we honor that communication as a valid request to opt out of the sale or sharing of Personal Information associated with that browser or device. We may notify you if your request to opt out sent through GPC conflicts with your previous consent to the sale or sharing of your Personal Information.
Please note that even if you opt out of the selling or sharing of your personal information, we may still: (1) share your personal information with service providers and other entities for business purposes consistent with state privacy laws and our legal and regulatory obligations and (2) share your personal information in connection with certain business transactions consistent with the uses outlined above. If you opt out of certain profiling, we may still use automated processing to meet our legal and regulatory requirements, engage in ongoing fraud prevention and detection and to exercise and defend against legal claims.
5. Right to Appeal
If you disagree with our refusal to take action on your request to exercise your State Privacy Rights, you have the right to ask us to reconsider. Appeal requests should be submitted by directly responding to our denial of your privacy request available through our online portal. You must submit your request within 60 days of your receipt of our denial. Once we receive your request, we will acknowledge and start processing your request. Within 45 days of receiving your request, we will inform you in writing of any action taken or not taken in response to your request, including a written explanation of the reasons for our decision. If you are not satisfied with the outcome of that process, you may contact your applicable regulator to submit a complaint. State specific appeal information is listed in the “Other State-Specific Privacy Rights” section below.
6. Non-Discrimination
We will not discriminate against you for exercising any of your State Privacy Rights. Unless permitted by state privacy laws, if you exercise your rights under state privacy laws, we will not:
- deny you goods or services,
- charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties,
- provide you with a different level or quality of goods or services, or
- suggest that you may receive a different price or rate for goods or services or a different level of quality of goods or services.
However, we may offer discounts, coupons, survey rewards and sweepstakes or contest rewards (“Promotions”) from time to time. In exchange, we will collect, use, share and retain certain personal information from you for us to implement the Promotions. We will also maintain and utilize the personal information you provide for future marketing purposes. These financial incentives are reasonably related to the value of the personal information you provide.
7. Additional Uses or Disclosures of Sensitive Personal Information
We do not use or disclose sensitive personal information for any purpose other than our own business purposes.
B. How to Submit a Privacy Request
If your state is subject to these rights and you wish to submit one of the above requests, please click here or call 1-844-604-4423 and provide the identifying information requested. All requests are subject to verification of your identity to protect the privacy and security of your personal information. We are required to fulfill these requests no more than twice within a 12-month period.
You may only make a request to exercise your rights on behalf of yourself. If you are a California resident, a person that you authorize to act on your behalf may make a request related to your Personal Information.
Requests to opt out of sale or sharing. In addition to submitting a request as noted above, you must access the Borgata Online Cookie Settings page available here and turn off Targeting Cookies (or broadcast the Global Privacy Control (“GPC”) signal) to fully exercise your sale or sharing opt-out rights. The cookie preference tool is device and browser specific. If you delete or clear cookies or change devices or browsers, you will need to reset your cookie preferences using the tool. Please note that even if you opt out of the sale or sharing of your Personal Information, we may still disclose your Personal Information to service providers, contractors, and other entities for business or commercial purposes consistent with state law and in certain business transactions with our service providers.
C. Verification Procedures
In order to verify State Privacy Rights requests, we may require two (2) or more pieces of identifying information that match information maintained by us or, if you have a Wagering Account, to verify your identity through your Wagering Account. In some cases, we may require additional identifying information and a signed declaration attesting to your identity. In situations where we receive a request from an authorized agent on your behalf, we may require written proof that the agent is, in fact, authorized to act on your behalf and we may take additional steps to verify your identity and the authorized agent’s identity. A request to opt out need not be verified. However, if we have a good-faith, reasonable basis to believe that an opt-out request is fraudulent, we may deny the request and provide an explanation of the reason for the denial.
In certain circumstances, we may decline a request described above, particularly where we are unable to verify your identity or are permitted or required to maintain the personal information we have collected about you. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.
California’s Shine the Light Law. Under California’s Shine the Light law, certain businesses are required to respond to requests from California residents asking about the disclosure of personal information to third parties for third-party marketing purposes. Alternately, such businesses may adopt a policy of not disclosing personal information to third parties for marketing purposes if a California resident has opted out of such information sharing. We have adopted an opt-out policy. If you wish to opt out of our sharing your personal information with third parties for marketing purposes, please follow the instructions in the section entitled “How to Opt Out” above.
California Sensitive Information. You have the right to request that we limit our use or disclosure of Sensitive Personal Information (as defined by California law) about you to certain uses authorized by the CCPA. We do not disclose Sensitive Personal Information beyond such authorizations.
Nevada Do Not Sell. Nevada law gives consumers in Nevada the right to restrict certain businesses from selling certain personal information to unaffiliated third parties if those third parties will license or sell such personal information to additional third parties. We do not sell the personally identifiable information of Nevada consumers as defined by Nevada law. If you are a Nevada resident and would like to put your name on a list to restrict any such sales in the future, please click here, follow the instructions and provide the requested information, including your complete name, street address, city, state, zip code, and e-mail address.
Virginia Appeal Rights: If you are a Virginia resident and your appeal related to your privacy request is denied, you may submit a complaint to the Virginia Attorney General.
Massachusetts Complaints/Appeal Rights: If you are Massachusetts resident, you may file a complaint concerning the use or storage of your personally identifiable information with the Massachusetts Gaming Commission, the Office of Consumer Affairs and Business Regulation, the Office of the Attorney General, or any other law enforcement entity regarding the use of the of your personally identifiable information
Colorado Appeal Rights: If you are a Colorado resident and you have concerns related to your privacy appeal, you may submit a complaint to the Colorado Attorney General.
VI. SECURITY
We store certain non-gaming information and non-live gaming data collected through the Services on secure servers located in the United States. Internet wagering and live game play data collected by us through the Services for a specific jurisdiction where our Gaming Operations are offered is stored on secure servers located within the jurisdiction for the applicable Gaming Operation and may, subject to applicable laws, also be stored in other jurisdictions where our Gaming Operations are offered. Our servers may not offer a level of privacy protection as great as that offered in other jurisdictions. We make no representation that the practices described in this Policy are compliant with laws outside of the United States.
We have measures in place to prevent the unauthorized or unnecessary disclosure of the Personal Information we collect. Our servers are protected by firewalls and other industry standard security measures. These security measures are intended to protect our servers from unauthorized access. However, no security system is impenetrable, and these systems could become accessible in the event of a security breach. We have controls in place that are designed to detect potential data breaches, contain and minimize the loss of data, and conduct forensic investigations of a breach.
Our staff is required to take reasonable measures to ensure that unauthorized persons cannot view or access your personal information. Employees who violate our privacy practices are subject to disciplinary action, up to and including termination of employment.
We cannot enforce or control the security of the computers, electronic devices, or electronic communication methods that you may use to send e-mails and submit information to us over the Internet. You are responsible for ensuring that the computers, electronic devices and electronic communication methods you use will provide adequate security for communicating with us. We are not responsible for the disclosure or interception of information that you send us before we receive it.
As a standard security practice, we will take reasonable steps which are generally recognized in the industry to ensure that the communication methods used to support the Services do not permit connection or communication by methods that have known security weaknesses or vulnerabilities. As such, if you experience trouble using the Services, it may be an indication that you need to upgrade your Internet browsing tool or application to a newer version that supports more secure communication methods.
In situations where your personal information is collected by third parties under contract with us for performance of their contractual duties and other purposes, we require such third parties to exercise reasonable care to protect that information and restrict the use of your personal information to the purposes for which it was provided. When we share your personal information with MGM Affiliates or third parties in accordance with this Policy, we require them to exercise reasonable care to protect such information and restrict the use of such information to the purposes for which it was provided to them.
VII. ACCESS TO AND DELETION OF PERSONAL INFORMATION
With respect to personal information associated with your Wagering Account (“Wagering Account Personal Information”), we will retain such Wagering Account Personal Information as long as your account is active. When your Wagering Account is terminated, we will retain applicable Wagering Account Personal Information for as long as necessary to comply with our legal and regulatory obligations, resolve disputes, reasonably manage our business, and enforce contractual agreements. Once we determine that we no longer need to retain such Wagering Account Personal Information, pursuant to applicable law, all such Wagering Account Personal Information will be securely erased from hard disks, magnetic tapes, solid state memory, and other devices, as applicable, before the device is properly disposed of by us. If erasure is not possible, the device will be destroyed.
Provided that we have not erased or otherwise destroyed your Wagering Account player information, you may access, update, and correct inaccuracies in your Wagering Account Personal Information that is in our custody and control. All personal information can only be updated by contacting our Customer Care team via e-mail and providing the required personal information and identity verification documents that are requested by the Customer Care team.
For all other personal information that we collect in connection with our Services, we will retain such personal information for as long as necessary to fulfill the purposes for which it was collected, comply with our legal and regulatory obligations, resolve disputes, reasonably manage our business, and enforce contractual agreements. Once we determine that we no longer need to retain such personal information, pursuant to applicable law, such personal information will be securely erased from hard disks, magnetic tapes, solid state memory, and other devices, as applicable, or we will aggregate, anonymize or otherwise de-identify such personal information so that it no longer identifies you.
VIII. OTHER WEBSITES
We are not responsible for the information collection or privacy practices of other websites, including websites accessible through the Services. You should review and understand the privacy policies posted on any linked sites you visit before using those sites or providing any personal information on them.
IX. INTERNATIONAL TRANSFERS
Information collected on the Services may be stored and processed in any country in which we or our affiliates, suppliers, third-party electronic payment processors and/or financial institutions or agents maintain facilities. By using the Services, you expressly consent to any transfer of information outside of your country (including to third countries that may not have been assessed as having adequate privacy laws). Nevertheless, we take steps to ensure that our agents, affiliates and suppliers comply with our standards of privacy regardless of their location.
X. PERSONS UNDER 21
The Services are for use by persons 21 or older. If you are under 21, you may not access, attempt to access, or use the Services. We do not knowingly collect or allow the collection of personal information via the Services from persons under 21. If you know someone under the age of 21 who is registered with us, please contact us immediately.
XI. CHANGES TO THIS POLICY
We may revise this Policy from time to time in our sole discretion. We will notify you of any material revisions by placing notice of the revised Policy on the Services or any place through which you access the Services, by sending you an email, or by communicating with you in any other legally permissible manner.