PRIVACY POLICY

Last Updated: October 12, 2023

WE RESPECT THE PRIVACY OF EVERY INDIVIDUAL WHO VISITS THIS SITE

This Privacy Policy (“Policy”) explains how www.hardrock.com (the "Website") and any mobile applications that we may issue (the “Apps”) collect and otherwise process personally identifiable information, including Job Posting Information as defined below (collectively, "Personal Information"). Please note that this Policy does not apply to Personal Information collected under Unity by Hard Rock loyalty program (“Program”). For more detailed information about how we may collect and process your Personal Information under the Program please visit the Program’s Privacy Policy page at https://www.unitybyhardrock.com/privacy-policy

You may choose to submit Personal Information (such as your name, address, e-mail address and telephone number) to us at several different points on our Website and through the Apps. We collect, use and disclose Personal Information for business purposes only unless otherwise set out herein. We will not share this information in ways different from what is disclosed in this Policy. If you have any questions about this Policy, the Website or any Apps, please contact us at [email protected].


WHO IS COLLECTING YOUR INFORMATION

The Website is owned and operated by Hard Rock Cafe International (USA), Inc. ("Hard Rock", “we”, “us” or “our”). This Policy applies only to the Website and to our Apps (except for the Unity App, which is governed by the Unity by Hard Rock loyalty program’s Privacy Policy). Hard Rock is the sole owner of the information collected on the Website or through the Apps.


LINKS

The Website and the Apps contain links to other sites whose privacy policies may differ from those of Hard Rock which we recommend you carefully review and consider. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links from our Website or the Apps.


WHAT INFORMATION WE COLLECT

Personal Information from the Website or the Apps is gathered in two ways: (1) indirectly, i.e., certain Website information about you, such as domain name, IP address, browser type and page views, mobile device ID and type, and geolocation which is collected through our Website's or our Apps’ technology to provide certain functionality to you, to remember you when you return, to customize our Website to your preferences and manage content, and compile statistics about Website usage; and (2) directly, when (a) you voluntarily submit Personal Information such as, first and last names, addresses, email address(es), phone numbers, birthdate, marital status, number of children and their ages, social network and ‘handle’ data, preference information, or survey answers/opinions, in connection with various marketing and promotional activities, surveys or contests conducted on the Website or through the Apps; (b) when you enroll in our loyalty and reward programs; c) when you register to become a user of the Website or the Apps we will collect the password and security question/answer; and (d) when you submit resumes to the third party applicant tracking system described below and respond to job postings through the Website. When we collect this type of information, we will notify you as to why we are asking for information and how this information will be used either in this Policy or separately at the point at which the information is collected if not described in this Policy.


GEO LOCATION

If you have provided permission through your mobile device to allow us to collect location information through the Apps, Hard Rock may obtain your physical location information from technologies like GPS, Wi-Fi, or cell tower proximity. The App may use the geo-location features of the App (GPS or network-based) and geo-location information that is collected through the Apps to provide you information regarding Hard Rock cafes and hotels, events and promotional offers in or near your area or current location. You are able to withdraw your permission for Hard Rock to acquire physical location information from your mobile device through your mobile device settings, although Hard Rock does not control this process. If you have questions about how to disable your mobile device's location services, we recommend you contact your mobile device service provider or the mobile device manufacturer.


JOB POSTINGS

The Website may include job postings from time to time for various Hard Rock locations or our corporate offices. You may be given the opportunity to apply for job openings online through an applicant tracking system operated by iCIMS by creating an account and submitting an application via the Website, which is usually received by the human resources department of the hiring company (which may be Hard Rock or a Hard Rock affiliate or an independent entity). If submitted through that tracking system, your resume or CV and other Personal Information (collectively, “Job Posting Information”) will be made available to the owner, operator or manager of the Hard Rock location or Hard Rock office to which you are applying (which could be a different company from Hard Rock). In addition, your Job Posting Information will be stored in that tracking system in an electronic database maintained by iCIMS in the United States on behalf of Hard Rock and the operators, owners and managers of Hard Rock locations and corporate offices.

In some cases, the Website might list the email address of a contact person at the applicable hiring company. If that hiring company is Hard Rock or a Hard Rock affiliate, any Job Posting Information sent to that email address will be maintained in accordance with this Policy. If that email address is for an independent entity that owns, manages or operates that Hard Rock location, then it will be maintained in accordance with their information practices. If you have any questions about those practices, please contact iCIMS directly at www.icims.com.

All such Job Posting Information may be used by the applicable hiring company for the purpose of assessing your suitability for current and future job vacancies and to pursue your recruiting process. HARD ROCK MAKES NO REPRESENTATIONS AND WARRANTIES REGARDING THEIR INFORMATION SECURITY OR PRIVACY PRACTICES. PLEASE NOTE THAT HARD ROCK DISCLAIMS ANY AND ALL RESPONSIBILITY OR LIABILITY RELATING TO USE OF YOUR JOB POSTING OR OTHER PERSONAL INFORMATION (INCLUDING RESUMES AND CVS) BY ANY INDEPENDENT OWNER, MANAGER OR OPERATOR OF A HARD ROCK LOCATION.

You will also be required to create an account with a user name and password when using the applicant tracking system. You are solely responsible for maintaining the confidentiality of that username and password, and for any unauthorized access or use of your user name and password, except where due to the negligence or other fault of Hard Rock.

If at any time you want your Personal Information, resume or CV to be deleted, you simply need to notify the hiring Hard Rock Hotel operator or management company, and in the case of information submitted through the iCIMS tracking system to an independent owner, manager, or operator of a Hard Rock location, you should notify the independent owner, manager, or operator of a Hard Rock location. You may also contact iCIMS directly as stated in the iCIMS privacy policy, www.icims.com/legal/privacy-policy-website.


RIGHT NOT TO PROVIDE INFORMATION

In certain jurisdictions, you may have the right not to provide Personal Information. However, if you elect not to provide such information, you may not be able to utilize certain services on the Website or the Apps.


DATA RETENTION AND DISPOSAL

Hard Rock keeps customer information for as long as is necessary for business purposes, or as legally required by appropriate state, federal and regulatory bodies. Retention periods vary depending on the type of information and how it is used.  The criteria we use to determine the appropriate retention periods include:

  • How long we have a relationship with you and provide services or products to you.
  • Whether there is a legal, contractual or similar obligation that requires us to keep your information for a certain period of time.
  • Whether you have consented to retention of your information for a longer period of time.
  • Whether the personal information is sensitive.
  • When we no longer need to use or retain your personal information, records, both physical and electronic, are destroyed.

COOKIES/ONLINE TRACKING

Some information that we collect about you is collected passively through the use of "cookies." Cookies are small files of information, which save and retrieve information about your visit to the Website - for example, how you entered and navigated our Website, and what information was of interest to you. We use this information to remember you when you return and to customize our Website to your preferences.

There are two types of cookies: session and persistent cookies.

Session Cookies. Session cookies exist only during an online session. They disappear from your computer when you close your browser or turn off your computer. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Site. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Site.

Persistent Cookies. Persistent cookies remain on your computer after you have closed your browser or turned off your computer.

Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies will be able to browse certain areas of the Site, but some features may not function.


DO NOT TRACK SIGNALS

Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in the Cookies section (e.g., by disabling cookies). Please note that Hard Rock does not collect, and is not aware of third parties that collect, from users of the Website personal information about users’ online activities across third party websites.


CLEAR GIFS, PIXEL TAGS AND OTHER TECHNOLOGIES

Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Website to, among other things, track the activities of Website visitors, help us manage content, and compile statistics about Website usage. You may view and change your preferences at any time by using the ‘Privacy Settings’ link found in the footer of our website. We and our third party service providers also use clear GIFs in HTML e-mails to our customers, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.


THIRD PARTY ANALYTICS/TRACKING

We use automated devices and applications, such as Google Analytics, to evaluate usage of our Site. We also may use other analytic means to evaluate our services. We use these tools to help us improve our services, performance and user experiences. These entities may use cookies, tracking pixels and other tracking technologies to perform their services. We do not share your personal information with these third parties.


AUTOMATED DECISION MAKING AND PROFILING

Automated Decision Making refers to a decision which is taken solely on the basis of automated processing of your personal data. This means processing using, for example, software code or an algorithm, which does not require human intervention.  As Profiling uses automated processing, it is sometimes connected with automated decision making. Not all profiling results in automated decision making.  Hard Rock does not use any automated decision making or profiling in its business processes.


ACCESS, CORRECTION, AND CHOICE

You have choices about the collection, use, and sharing of your personal information, including:

  • Deletion: You can request that we erase or delete all or some of your personal information (e.g., it is no longer necessary to provide services to you).
  • Change or Correct: You can review and edit your personal information by logging onto the Site and visiting your account.  Please note that personal profile information supplied by you at the Site can be accessed by you online at any time and at no charge.
  • Object to or Restrict Use: You can request that we stop using some or all of your personal information or restrict our use of your personal information.
  • Access and/or Take: You can request a copy of your personal information.
    • Right to Portability – provides the ability to request personal information in machine readable format (i.e. CSV).
  • Marketing: Users who no longer wish to receive our newsletter or promotional materials may opt-out of receiving these communications by clicking the unsubscribe link at the bottom of the email.
  • Withdrawing Consent: If we have collected or processed your personal information with your consent, you may withdraw your consent at any time.  Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information based on other lawful processing grounds. 

If you request access, correction, amendment or deletion of your Personal Information and you have more than one account with us, you will need to instruct us on each account separately. Reasonable access to Personal Information will generally be provided within thirty (30) calendar days at no cost to you, subject to limited exceptions prescribed by law or excessive requests.

For your protection, we may need to verify your identity before fulfilling your request.  Please note that we may need to retain certain information for recordkeeping purposes or to complete transactions that occurred prior your request.  We will also retain your personal information if reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce the  Terms and Conditions of Use. We may also need to retain your personal information if required by gaming industry regulations, federal tax statutes and other legal requirements (e.g., information on our customers who self-report; tax reporting documents; player winnings, and any statistics, reports or listings that are required to protect our casino properties).

We aim to keep our information about you as accurate as possible. If you would like to access, update, review or change the details you have supplied us with, please contact us as set out below.


SUBSCRIBERS/ORDERS

In order to use and participate in certain programs or services offered by Hard Rock via the Website or the Apps, you must first complete a registration form. In order to use or participate in such programs and services, we will need to collect certain Personal Information about you, such as your name, email address and contact details, and, if applicable, credit card payment information. This information is used to communicate with you about specific services, offers, benefits and features on our Website or Apps for which you have expressed interest or registered. For some Website or App services, you may be asked to provide a password and user identification. This information is collected to confirm eligibility for use of the online services and to establish the identity of the authorized user. You are responsible for maintaining the confidentiality of that password and user identification.


SURVEYS & CONTESTS

From time-to-time our Website or Apps may request information from you via surveys or contests. Participation in these surveys or contests is completely voluntary. Requested data may include your contact data, data of birth, marital status, number of children and their ages, and your opinion/answers. Contact information will be used to administer your participation in a contest, notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use and satisfaction of the Website and Apps and our other products and services.


HOW WE SHARE YOUR INFORMATION AND WHO WE SHARE IT WITH

During the course of business, we may disclose, transfer or otherwise make available Personal Information to our affiliates and third-party service providers who have been legally contracted to provide services on our behalf, and are prohibited from using it for any other purpose. Job Posting Information is shared with independent operators and/or managers of the Hard Rock locations, and Hard Rock and its affiliates as discussed above.

Your Personal Information may be maintained and processed by our affiliates and other third party service providers in the US, Canada or other jurisdictions. Third-party vendors that may receive personal data include payment card processors and financial institutions for transactions and financial management; on-line Rock Shop and retail product vendors, prize fulfillment company, travel agency, on-line reservation service provider, on-line job applicant service provider, survey research firm, and website analytics firm. We may share your Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or to comply with legal, regulatory or administrative requirements. We may also share your Personal Information with an investigative body in case of a breach of an agreement or contravention of law, or as otherwise required by Canadian, the U.S. or other law. We may also disclose your Personal Information where necessary for the establishment, exercise or defense of legal claims, to investigate or prevent actual or suspected loss or harm to persons or property, or as otherwise permitted by law.

We may transfer your Personal Information as an asset in connection with the sale or transfer of all or part of the business (including transfers made as part of insolvency or bankruptcy proceedings) or as part of a corporate reorganization or other change in corporate control.


CHOICE/OPT-IN

Our users are given the opportunity to 'opt-out’ to having their Personal Information used for purposes not directly related to the purposes for which it has been collected. For example, our online Rock Shop retail merchandise order form has an 'opt-out' mechanism so users who buy a product or register for a service from us, but do not want any marketing material, can keep their email address off of our lists. Some jurisdictions may require ‘opt-in’ only.


HARD ROCK – 3RD PARTY DISCLOSURE POLICY

We may, under limited circumstances, send you offers for related products or services from affiliated Hard Rock companies or jointly offered by Hard Rock together with select third parties. These offers are sent only to those users who have indicated their acceptance to receiving marketing materials from Hard Rock.


INTERNATIONAL DATA TRANSFERS

As a global organization, data we collect may be transferred internationally throughout Hard Rock's worldwide organization and to Hard Rock’s headquarters in the United States. Some of the jurisdictions to which data is transferred may not provide the same level of privacy protection as your local jurisdiction. By using and purchasing services and submitting Personal Information through the Website or the Apps, you consent to such transfers of your Personal Information. Without such consent, Hard Rock is not able to provide you with access to its online services and other programs made available on the Website or through the Apps.

EU-U.S. DATA PRIVACY FRAMEWORK COMPLIANCE

Hard Rock participates in and complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK Extension of the EU-US DPF as approved by the European Commission in its adequacy decision issued on July 10, 2023.

Hard Rock complies with the  EU-U.S. Data Privacy Framework Principles, that were developed by the U.S. Department of Commerce in consultation with the European Commission in order to provide organizations in the United States with a reliable mechanism for personal data transfers to the United States from the EU while ensuring that EU data subjects continue to benefit from effective safeguards and protection as required by European legislation with respect to the processing of their personal data when they have been transferred to non-EU countries.

To learn more about the EU-U.S DPF and view our certification, please visit the EU-US DPF website at https://www.dataprivacyframework.gov/s/participant-search

If there is any conflict between the policies in this privacy policy and the EU-U.S. DPF Principles, the EU-U.S DPF Principles shall govern.

Hard Rock commits to cooperate with the EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.

Hard Rock and the following U.S. subsidiaries comply with the EU-U.S. DPF  Principals:

  • Boardwalk 1000, LLC
  • Hard Rock Café International (STP), Inc.
  • Hard Rock Café International (Hollywood), Inc.
  • Hard Rock Café International (Orlando), Inc.
  • Hard Rock Café Merchandise, Inc.
  • Hard Rock Casino Cincinnati, LLC
  • Hard Rock Hotel Licensing, Inc.
  • Seminole Hard Rock Support Services, LLC
  • Hard Rock Sacramento FM, LLC
  • Seminole Hard Rock Digital, LLC
  • Seminole Hard Rock Entertainment, Inc.
  • Spectacle Gary Holding, LLC

In compliance with the EU-U.S. DPF, Hard Rock commits to resolve complaints about your privacy and our collection or use of your Personal Information.

If you have any question or complaint regarding our participation in the EU-U.S. DPF and the UK Extension of the EU-U.S. DPF or the processing of your Personal Information you may contact us as indicated below in the section of this Privacy Policy “HOW TO CONTACT US”.

DISPUTE RESOLUTION AND ARBITRATION

When other dispute resolution avenues are exhausted, you may invoke the binding arbitration. Hard Rock Cafe International (USA), Inc. has provided a private sector independent recourse mechanism (located in the United States) to investigate and expeditiously resolve individual complaints and disputes. This dispute mechanism will cover all Personal Information except for human resource data. For more information, visit the website for ICDR®/AAA®EU-U.S. DPF: International Centre for Dispute Resolution®, the international division of the American Arbitration Association® (ICDR/AAA) at https://www.icdr.org/dpf. The services of ICDR/AAA are provided at no cost to you.

Under certain limited conditions and as a last resort, the individual can invoke binding arbitration. The Federal Trade Commission has jurisdiction over Hard Rock’s compliance with the EU-U.S. DPF.

If Hard Rock transfers your Personal Information to a third party, we will ensure the third party is contractually obligated to process your data only for limited, specific purposes consistent with this policy, to apply the same level of protection to that data as the EU-U.S. DPF Principles, and notify us if it makes a determination that it can no longer meet this obligation. Upon notice, Hard Rock will take reasonable and appropriate steps to stop and remediate unauthorized processing. In cases of onward transfer to third parties of Personal Information received pursuant to the EU-U.S. DPF, Hard Rock is potentially liable.


PUBLIC FORUMS

The Website or the Apps may make chat rooms, forums, message boards, and/or news groups available to its users. Please remember that any information you disclose in a public forum will be available to other visitors to our Website or other users of the Apps. To the extent you disclose your Personal Information in public forums, the use of the information by third-parties will not be subject to this Policy.


PROTECTING CHILDREN

Hard Rock is mindful of the privacy of children as children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data. For these reasons, promotions activities by Hard Rock addressed to children always receive specific attention and protection Hard Rock always rely on consent as lawful basis for processing of children information, and we always get consent from whoever holds parental responsibility for the child.


HOW TO ACCESS AND UPDATE USER INFORMATION

Users who no longer wish to receive our newsletter or promotional materials may opt-out of receiving these communications by clicking the unsubscribe link at the bottom of the email or contacting customer care.

We aim to keep our information about you as accurate as possible. If you would like to access, update, review or change the details you have supplied us with, please complete this form. If you want to update information in the iCIMS tracking system, please contact iCIMS as noted in their privacy policy. In some cases, we may need to use Personal Information obtained previously to verify your identity.


HOW WE ENSURE THE SECURITY OF YOUR DATA

We have implemented technical, physical and administrative measures, as well as policies and procedures designed to safeguard your Personal Information from unauthorized access, use, disclosure, modification or destruction and will continue to update these measures as new technology becomes available. Although we take efforts to protect your Personal Information, we cannot guarantee the security of your Personal Job Posting Information collected by the independent owners and operators of the Hard Rock locations. Any transmission of Personal Information is at your own risk.


HOW TO CONTACT US

You may address all communications to:

Hard Rock Cafe International (USA), Inc., Seminole Hard Rock Support Services, LLC,

Attn: Global Data Protection and Risk Office (GDPRO), 5701 Stirling Road,

Davie, Florida 33314, or e-mail to [email protected].

If you are in the European Union (EU), you may address all communications to our Data Privacy Representative in EU by using the following contact details:

Hard Rock EU Data Privacy Representative

Studio Legale PANETTA

Via Arenula, 83

00186 Roma RM, Italy

[email protected]

If you are in the United Kingdom (UK) you may address all communications to our Data Privacy Representative in UK by using the following contact details:

Debbie Galbraith

Hard Rock International

148 Old Park Lane, London W1K 1QY, UK
[email protected]

Please include your name, address and phone number or e-mail in all communications and state clearly the nature of your request.

If you wish to make a request to access the Personal Information we collect and store about you, complete this form.


CHANGES TO OUR PRIVACY POLICY

 If we make any changes to our Policy, we will post the updated Policy to the Website, provided on an updated homepage link, and may post it to other places we deem appropriate. Users who have authorized e-mail communication will be notified via e-mail of any material changes to the Policy. We will use Personal Information in accordance with the Policy under which it was collected.

YOUR CALIFORNIA PRIVACY RIGHTS / NOTICE FOR CALIFORNIA RESIDENTS (www.hardrock.com/ccpa)