Image

European Privacy Seal for ADMIRAL Card-System

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk. For more information please go to EuroPriSe Terms & Conditions.

Recertification: 02/2017

ADMIRAL Casinos & Entertainment AG (ACE) proved that its IT-based service ADMIRAL-Card-System complies with EU data protection law. Customers of ACE (gamers) are provided with a card that allows them to enter the casinos. In addition, their gaming behaviour is monitored for the purpose of prevention and combating of gambling addiction as required by Austrian law. Gamers can be sure that the processing of their personal data is in line with the demanding provisions of EU data protection law.

Product/Version

ADMIRAL-Card-System

Function as provided in January 2017

Qualification: IT-based service

View the Admiral Card-System Certificate 

Cert. No.

EP-S-7MGLMG

Version of Certification Criteria

11/2011 (95/46/EC)

Validity

16/02/2017 - 28/02/2019

Initial certification on 29/10/2014

Monitoring

10/2017 (O.K.)

06/2018 (O.K.)

Public report

Recertification 2017: ADMIRAL-Card-System Short Public Report Image 

Initial certification: ADMIRAL-Card-System Short Public Report Image Image

Manufacturer/Provider

Bild

ADMIRAL Casinos & Entertainment AG (ACE)
Griesfeldstr. 15
2351 Wiener Neudorf
Austria

BEST

The ADMIRAL-Card-System adheres to the principle of data minimisation: The processed data are necessary to identify a visitor, to monitor his gaming habits in order to prevent / tackle gambling addiction, to recognise threats to gamers' subsistence minimum due to excessive losses and to keep track of access bans to ADMIRAL casinos. Flyers with basic information about the ADMIRAL-Card-System are available in 11 languages.

ATTENTION:

The ADMIRAL-Card is a contactless smart card that is issued by ACE to visitors of its gambling casinos. It cannot be ruled out completely that a card's ID is read out abusively and that a card is cloned by unauthorised persons with the aid of the intercepted ID. Since competent staff conducts a visual control of each person who wants to enter a casino, the risk of a successful abusive use of a cloned card is very low. Nevertheless, ACE advises visitors to purchase and use protective covers preventing an abusive readout of the card's ID.

Summary

The ADMIRAL Casinos & Entertainment AG (ACE) operates entertainment casinos at several locations in Austria. As a consequence of fundamental amendments of the Österreichisches Glücksspielgesetz (federal law) and relevant federal state laws, high requirements regarding prevention of gambling addiction must be met by casino operators. ACE therefore developed the ADMIRAL-Card-System, based on the NOVOCARD-Ampelsystem that was awarded the European Privacy Seal back in 2011. The ADMIRAL-Card-System is a computer-assisted system with procedures for access control and countermeasures against gambling addiction that are based on the gaming behaviour of a person. Like its predecessor, the ADMIRAL-Card-System is based on the research results of the Department for Addiction Research & Treatment of the Medical University/General Hospital of Vienna. 

The ADMIRAL Card-System is a step-by-step warning system for recognizing gambling addicts and imposing an access ban on them. Basis for the status of a data subject is the monthly screening process based on continuous monitoring of gambling behaviour.

Level GREEN signals "uncritical", YELLOW "potentially endangered", and RED equals "no more access". The screening process distinguishes between age groups, namely age-group 1 with data subjects from 18 - 25 years and age-group 2 with data subjects ≥ 26 years. The amount of net losses is considered, for age-group 1 a threshold value of EUR 500,00 and for age-group 2 a threshold value of EUR 1.000,00 has been set. This calculation is carried out on the basis of net losses in the last three months. As an additional parameter, the number of days of attendance is considered, for age-group 1 a threshold value > 90 attendances and for age-group 2 a threshold of > 120 attendances per half year is set. When net losses reach the relevant threshold value, a credit screening is gathered. The data subject is informed about the fact that a credit screening is carried out as well as about the result. 

Details

Recert 201702

In January 2016, ACE shifted its headquarters from Gumpoldskirchen to Wiener Neudorf. This move did not only concern office spaces, but also server rooms / data centers that are used - among others - for the provision of the ADMIRAL-Card-System. The new server room is located in the basement of the new headquarters and run by ACE itself. The appropriateness of the technical and organisational measures that ACE implemented in respect of the new server room was evaluated by the EuroPriSe Experts during Monitoring No. 2 in March and April 2016. The experts found that the TOMs do indeed ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected as required by Article 17 of Directive 95/46/EC.  

The recent re-evaluation that was conducted by the experts from 09/2016 until 01/2017 showed that ADMIRAL-Card-System continues to meet all applicable EuroPriSe requirements. Further information can be found in the short public report that is available here:

Initial Cert 201410

The ToE includes

  • ADMIRAL-Card-System Services
    − Registration and creation of the customer (card)
    − Logging of times of attendance
    − Logging of stakes
    − Queries
    − Issuing and cancellation of prevention of access or prohibition of entry
    − Processing of log data
    − Credit screening
    − PEP-Check ("politically exposed person")
  • Operation of own servers located at new headquarters (new in 02/2017 recertification) 
  • Interfaces of the ADMIRAL-Card-System
  • Interface to the Federal Data Processing Centre
  • Interface/connections to the internet

The ToE does not include

  • Other processes carried out by the data processing centre
  • Third party networks (e.g. internet)
  • ACE-Hotline
  • Server housing at provider A1 (new in 02/2017 recertification: not in use anymore) 
    ACE-Backup Servicecenter in 2352 Gumpoldskirchen, Wiener Str. 158 (new in 02/2017 recertification)
  • Video surveillance of the turnstiles

Technical Evaluator

Mag. Jürgen Stöger
c/o Secur-Data BetriebsberatungsgesmbH
Fischerstiege 9
1010 Wien
Austria

Legal Evaluator

Prof. Hans-Jürgen Pollirer
c/o Secur-Data BetriebsberatungsgesmbH
Fischerstiege 9
1010 Wien
Austria

Formerly Certified Versions

n.a.

© 2008 - 2019 | EuroPriSe GmbH - European Privacy Seal | Handelsregister-Nr. (Commercial Register No.): Bonn HRB 20387

No responsibility for the accuracy of the information. Contact | Privacy Notice | Imprint

Product/Version

REISSWOLF f.i.t.

v1.5; service function as provided in 05/2018

Qualification: IT product and IT-based service (processor service)

View the REISSWOLF f.i.t. certificate

Version of Certification Criteria

11/2011

Cert. No.

EP-S-X5TSCN

Validity

24/05/2018 - 31/05/2020

Monitoring

01/2019

09/2019

Public Report

f.i.t. Short Public Report Image Image 

Manufacturer/Provider

REISSWOLF Systems GmbH

Im Heegen 13
22113 Oststeinbek
Germany

BEST

Access policies can be used to restrict system usage to specific times of the day and/or IP addresses to reduce the attack vector for third-party access. A user session is controlled by means of a cross-tab synchronised session countdown.

ATTENTION

Regarding the processing of personal data on third persons by means of f.i.t., it must be highlighted that the (usually) corporate users of the service qualify as controllers whereas REISSWOLF Systems GmbH acts as a processor on behalf of the users. Customers are advised that the legitimate use of the service may require the collection of the data subject's consent and/or declaration of release from confidentiality.

SUMMARY

REISSWOLF f. i. t. is a web-based archiving system for data storage and access. It serves the purpose of uploading, storing, managing and exchanging data in the sense of a document management system. f.i.t. is a web application that can be used with common internet browsers. 

DETAILS

REISSWOLF f. i. t. is primarily designed for commercial use. It is distributed by REISSWOLF Systems GmbH and operated as Software as a Service (SaaS) in a data center in Germany.

The ToE includes

  • The web-based service REISSWOLF f.i.t. (for details, please cf. the short public report)

It does not include

  • REISSWOLF f.i.t. mobile app
  • REISSWOLF f.i.t. hotfolder
  • Office module
  • Teamviewer
  • Other alternative interfaces to clients

Technical + Legal Evaluator

Ann-Karina Wrede
Innungsstraße 7
21244 Buchholz
Germany

Initial Certification: 05/2018

REISSWOLF f.i.t. provides a web-based service that enables companies to upload, store, manage and exchange data in the sense of a document management system. Users of the service are controllers in respect of personal data on third persons that is processed by means of f.i.t.. The service is designed in a way that facilitates the users' compliance with EU data protection law.

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk.

Image

European Privacy Seal for REISSWOLF f.i.t.