Personal data protection policy

The website of General Automatic Amusement NV (registered office located at 1120 Brussels, Avenue des Croix de Guerre 120, company number 04.07.052.085). GAA places great importance on the confidentiality and security of your personal data.

This personal data protection policy aims to inform you in a clear, simple, and transparent manner about the processing carried out on the personal data you entrust to us, or that we may collect during your browsing on our web or mobile sites https://www.gaa.be/ (hereinafter referred to as the “Site”), their possible transfer to third parties, and the rights and options available to you to control your personal information and protect your privacy.

The Site is published and operated by General Automatic Amusement NV.

https://www.gaa.be/ is operated by BWC, registered with the CBE under number 0842.448.364, with its registered office at 1120 Brussels, Avenue des Croix de Guerre 120, Belgium.

GAA is hereinafter referred to as “the Operator”.

By posting a comment or a reaction on the Site, the User provides personal data (hereinafter “the Data”) to GAA, which processes it.

GAA is the data controller for the personal data collected on the Site within the meaning of the applicable personal data regulations, in particular Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”).

I. What is personal data?

Personal data means any information relating to an individual who can be identified directly or indirectly by reference to one or more elements specific to them, such as their name, first name, national register number, bank account, postal or email address, or an IP address, etc.

II. Why does GAA collect my personal data?

GAA collects and processes your data in order to:

• allow you to react to certain articles or information published on the Site;
• allow you to comment on certain articles or information published on the Site;
• manage and optimise your user experience, in particular to enable you to comment and react more easily;
• ensure a respectful and responsible environment on the Site;
• classify and/or store comments according to various criteria such as their date of publication or their relevance;
• carry out effective moderation of comments and reactions on the Site;
• carry out statistical analyses to develop monitoring, measurement, and reporting tools in order to adapt and improve the activity of the Site;
• ensure the exercise of your rights in accordance with Article VIII below.

GAA informs you that you may modify your communication preferences on the Site at any time by emailing info@GAA.be.

III. When may we collect your personal data?

We may collect your personal data on the occasion of:

• your comments on articles or information published on the Site;
• your reactions to articles or information published on the Site;
• surveys or satisfaction questionnaires regarding your user experience;
• interaction with our company via its official page or via private messages on social networks;
• your exchanges with our Customer Service via the Site, by phone or by email;
• your browsing on our Site through cookies or similar technologies (hereinafter “Cookies” as defined in the cookie use policy below) or when you click on advertisements relating to our sales.

IV. What personal data may we collect?

In the course of our activities, we may collect certain data directly from you for the purposes detailed in point II of this policy.

The information we may collect includes:

• first and last names;
• email address;
• IP address;
• connection history;
• information you may provide to our Customer Service in handling your information requests or complaints;
• information you enter when leaving a review, comment, or reaction on an article or information on our Site;
• information relating to your use of our Site, including your browsing (IP address, pages, products and services visited or searched, links clicked, etc.). Similarly, we may collect data relating to the consultation of emails we send you for statistical and commercial prospecting purposes. Some of this information may be collected through Cookies placed on your device when browsing our Site. For more details on Cookies, please see our cookie policy.

V. What are the legal grounds for processing your data?

GAA processes your personal data on the following legal grounds:

• Performance of the contract: processing your data is necessary for the performance of the contract concluded between you and GAA when you browse the Site, by accepting GAA’s General Terms and Conditions;
• Legitimate interest: GAA also processes User Data on the basis of a legitimate interest, proportionate to the User’s rights, to provide its services, ensure proper service operation, and improve services to meet Users’ needs;

• Consent: GAA carries out processing following your express consent, for specific purposes such as sending general or personalised offers via newsletters, SMS, emails, or letters. You may withdraw your consent at any time by emailing info@GAA.be;

• Compliance with legal obligations: GAA may process data to comply with its legal obligations.

VI. Who receives your personal data and to whom may it be disclosed?

Your personal data is processed by GAA staff. We ensure that only authorised persons within GAA have access to your personal data when necessary to manage our commercial relationship or comply with our legal obligations.

We may also share your personal data:

• with GAA service providers for the operation of the Site;
• with potential business partners after obtaining the User’s consent;
• with subcontractors, such as:
  • our hosting and maintenance providers for the Site and our digital solutions for collecting personal data;
  • our fraud prevention and anti-fraud providers;
  • our marketing solution providers;
  • our commercial prospecting and social media communication providers;
  • our customer service providers.

GAA may also share your data with third parties to comply with legal, regulatory, or contractual obligations, or to respond to requests from duly authorised authorities (including administrative or judicial authorities).

The User declares that GAA has fully informed them of the rules relating to the use of the Site and its Services.

GAA advises the User not to disclose any personal data by email or fax unless expressly requested by the Operator. It is the User’s responsibility to verify carefully and beforehand that such requests indeed originate from the Operator.

VII. How long do we retain your data?

GAA has defined retention periods for your personal data in accordance with its legal obligations and the recommendations of the competent data protection authorities.

User Data is stored on GAA’s gaming servers and in Data Centres in Belgium. All Data is stored in encrypted and secured files. No third party may access this Data. In the event that a third party gains access to these files, GAA undertakes to make every effort to ensure that the information in these files remains unreadable.

For marketing, legitimate interest, and service purposes, Data is kept for the time necessary to fulfil the processing purpose.

VIII. What are your rights and how can you exercise them?

In accordance with the applicable regulations, including the GDPR, you have the right to access and rectify your personal data, the right to request their erasure, to object to their processing, and to obtain restriction of processing for legitimate reasons or portability where applicable.

You also have the right to give instructions on the retention, erasure, and disclosure of your personal data after your death.

1) Right of access

You have the right to obtain from GAA confirmation as to whether or not Data concerning you is being processed and to access such Data, as well as the information referred to in Article 15 of the GDPR.

2) Right to rectification

Under Article 16 GDPR, you have the right to have inaccurate Data rectified without undue delay and to have incomplete Data completed.

3) Right to erasure (“right to be forgotten”)

You have the right to request that GAA delete your Data without undue delay and GAA has the obligation to erase such Data where one of the following grounds applies:
a) The Data is no longer necessary for the purposes for which it was collected or otherwise processed;

b) You withdraw consent on which the processing is based and there is no other legal ground for processing;

c) You object to automated processing (profiling) and there are no overriding legitimate grounds for processing, or you object to processing for marketing purposes;

d) The Data has been unlawfully processed;

e) The Data must be erased to comply with a legal obligation under Union law or the law of the Member State to which GAA is subject.

This right does not apply where processing is necessary, in particular (a) to comply with a legal obligation requiring processing under Union law or the law of the Member State to which GAA is subject; b) for the establishment, exercise, or defence of legal claims.

4) Right to restriction of processing

You have the right to obtain restriction of processing from GAA where:

a) The Data is inaccurate;

b) Processing is unlawful and you oppose erasure and request restriction instead;
c) GAA no longer needs the Data for processing purposes but it is still required by you for legal claims;

d) You have objected to processing pending verification of whether GAA’s legitimate grounds override yours.

5) Right to data portability

You may request that Data provided to GAA be transferred to another controller without hindrance from GAA in accordance with Article 20 GDPR.

6) Right to object to processing

You may object at any time to processing necessary for the performance of a task carried out in the public interest or for legitimate interests pursued by GAA.

You may also object at any time to processing for marketing purposes, including profiling.

These rights may be exercised directly with GAA:

• By email at info@GAA.be
• By post to: GAA Automatic Amusement NV, Avenue des Croix de Guerre 120, 1120 Brussels

A response will be provided within one (1) month of receipt of your request.

You also have the right to lodge a complaint with the competent data protection authority:

• Belgium: Data Protection Authority / Rue de la Presse 35, 1000 Brussels / +32 (0)2 274 48 00 / contact@apd-gba.be

IX. Data Protection Officer (DPO) contact details and right to lodge a complaint

Pursuant to Article 37 GDPR, a Data Protection Officer has been appointed: Mr Serge Sacré.
For any questions regarding Data processing, the Data Protection Officer can be reached by phone at 02/201.11.77 or by email at serge.sacre@goldenpalace.be.

X. Data Security

In accordance with the GDPR, the Operator undertakes to take all necessary measures, in view of the nature of the data and the risks related to processing, to preserve the security of User Data and, in particular, to prevent such Data from being altered or accessed by unauthorised third parties. Technical measures include anonymisation, and organisational measures include internal audits.

When GAA uses subcontractors to carry out processing, GAA ensures that they provide sufficient guarantees regarding the implementation of technical and organisational measures.

When processing is likely to result in a high risk to the rights and freedoms of Users, GAA conducts a Data Protection Impact Assessment before processing in accordance with Article 35 GDPR.

XI. Cookies

GAA uses cookies on its website. You can find more information in our cookie policy.

XII. Changes

GAA may amend this data protection policy at any time. If GAA makes significant changes to the way it processes your personal data, its data protection policy, or its cookie policy, GAA will inform you on the Site or by other means such as email, so that you can take note of the changes before browsing the Site.

Last updated: 13.08.2025