Download PDF version



1. Scope

2. About the Lucien Barrière Group and SFCMC

3. Processing of personal data

4. Categories of personal data that we collect

5. The purposes of processing

6. The purposes and legal basis for processing

7. Sharing of information

8. Cookies

9. Minors

10. Data transfers

11. Data security

12. Third-party websites and functionalities

13. Storing collected data

14. Your rights

15. Contacts – Contact information of our Data Protection Officer (DPO)



This Policy applies to all data processing performed in all establishments, subsidiaries or managed companies of the Lucien Barrière Group and Société Fermière du Casino Municipal de Cannes (SFCMC), and operated under the Barrière brand. The list of establishments is updated regularly on our websites.



The Controller, Lucien Barrière Group, is a company with head offices located at 35, bld. des Capucines 75002 Paris, registered with the Paris Commercial Register of companies under the number 320 050 859.

The Controller, Société Fermière du Casino Municipal de Cannes, is a company with head offices located at 1 Espace Lucien Barrière 06400 CANNES, registered with the Cannes Commercial Register of companies under the number 695 720 284.

The Lucien Barrière Group and the Société Fermière du Casino Municipal de Cannes, their subsidiaries or managed companies, are collectively referred to hereafter as “Barrière" or “we”.

As Barrière is a company attentive to the needs of its customers in accordance with legal and statutory regulations, Barrière has established a privacy policy pertaining to personal data collected as part of its casino, hotel, restaurant, entertainment and leisure activities, such as spas, tennis, golf, thalassotherapy, kids’ clubs, etc. (hereafter referred to as the “Services”).

This Policy covers the collection of online and offline data, particularly information that we collect through our websites and applications, as well as our programmes and events in our establishments.

You may be accessing the websites from a PC or a mobile device (via an application on a smartphone or tablet for example). This policy specifies the manner in which information collected via our websites or in our establishments is used and protected.

We recommend that you consult this Policy often since we change and update it regularly. We try to keep you informed of any changes made.



Personal data is all information collected and saved in a format that allows you to be personally identified, directly or indirectly, as an individual.

Supplying information marked by an asterisk on the data collection forms is mandatory and required in order to process your request and provide you with the response or service solicited.

In addition to this information, we also collect information that you agree to provide us or that we collect in our legitimate interest or within the framework of our legal obligations.

Below you will find a general overview of the following:

 Categories of personal data pertaining to you that we use and save (or which third parties acting on our behalf have collected – for more information on processors acting on our behalf, see Clause 7 below);

 Purposes for which this information is collected;

 Applicable legal basis for processing data.



As part of our Services, we are led to collect, directly from you or via our tools in our establishments or websites, the following categories of personal data:

- Your identity, civil status and contact data,

- Information on your use, preferences, leisure activities, areas of interest, household, etc.

- Information on your bank card (to make transactions and reservations),

- Information on your browsing via our cookies and similar technologies used on our websites,

- You answers on surveys and market research

- Your image and voice (in the surveillance of our establishments).



We process your personal data for different reasons, primarily for:

- managing transactions in our establishments, and reservations and Services in general,

- managing your stays in and visits to our establishments, such as monitoring your use (telephone, bar, etc.) and managing access to your rooms,

- managing the sending of sales offers and marketing materials, contests, and targeted offers based on your preferences,

- cross-checking, supplementing, analysing and merging your collected data when making reservations or during your stay, in order to more accurately define your areas of interests and your profile, and enable us to send you personalised offers,

- managing our loyalty programmes:

- carrying out satisfaction surveys, research and generating statistics,

- improving our services by taking into account all comments that you may leave during your stays in or visits to our establishments,

- complying with our due diligence vis-à-vis our customers and public institutions (gaming prohibitions for example),

- managing your requests to exercise rights,

- personalising and optimising the usability of our websites,

- managing claims and disputes,

- internally managing lists of customers demonstrating inappropriate behaviour during their stays in our establishments, or having restricted access (aggressive behaviour, causing damage, cheating, etc.),

- ensuring the surveillance of our establishments, the security of people and property, the regularity of the gaming, and finally combating fraud.



Apart from cases in which you expressly agree to the processing of your data (the sending of marketing materials for example) or cases in which the processing of your data is necessary for us to comply with our legal obligations (such as due diligence, combating fraud), the processing of data may also be necessary to ensure the execution of the contract between us or to satisfy our legitimate interests. Indeed, it is in our legitimate interest to be able to manage claims and complaints in order to properly defend ourselves, be able to personalise and optimise our offers and websites for their improvement, and ensure the surveillance of our establishments, security and the regularity of the gaming in the casinos.



For the sole purpose of being able to provide you with complete satisfaction when using our Services, we are led to communicate your personal data to persons within and outside the Company.

Internal recipients:

This refers to all internal personnel that are required to intercede so that you can benefit from our establishments' Services: the personnel working the counters, booths, reception and customer service areas, and support staff such as those working in the computer, marketing and legal departments.

External recipients:

This refers to processors, subcontractors, service providers or banks. Information is transmitted for the sole purpose of ensuring the flawless execution of the Services that you have requested from Barrière in exclusive pursuit of your satisfaction.

The local or national administrative and legal authorities may also solicit your personal data to the extent required by law. This type of disclosure may be required as part of any legal proceedings, petition or investigation, government request, legal ruling, the enforcement of legal rights (for example, contractual terms and conditions, intellectual property rights, etc.), matters pertaining to combating money laundering, security or any other similar security or legal issue. Sharing your information in this regard is not a common occurrence, but it may happen at any time. We will attempt to limit the type and amount of information that we may have to share for legal reasons to that which is reasonably necessary, and will try to make sure that any transfer outside the European Union is done under the appropriate laws.

We can share (or receive) information concerning you, particularly your personal contact information, in the event of any assignment, acquisition, fusion, restructuring, bankruptcy or other similar circumstance involving Barrière. If such an event occurs, we will take reasonable measures to demand that your information be processed according to this Policy, unless it is impossible or prohibited to proceed accordingly, and we will try to make sure that any transfer outside the European Union is done under the appropriate laws.



We utilise cookies on some of our websites. For more information, please consult our cookie policy in the websites’ legal notices.



For our casino and gaming Services, we only collect personal data from adults. Please contact us at the address below if you think that we are processing data from minors so that we can delete it if necessary.

We can collect personal data from minors for Services other than casino and gaming Services provided that such data were communicated by a legal guardian of these minors, either to manage reservations or provide services specific to these minors (kids’ club, activities, etc.), or fulfil a particular request on your part. By providing us with personal data regarding a minor, you guarantee to Barrière that you are an adult and the parent or legal guardian of this minor.



When processing your data entails its transfer outside the European Union, these transfers are carried out only with the appropriate guarantees provided. When sharing this information entails its transfer to the United States, this transfer is carried out under the Privacy Shield Certification framework or according to standard European Union contractual clauses.

For reservations, transfers to our establishments located outside the European Union are carried out according to standard contractual clauses established by the European Commission. You can request a copy of these documents by contacting our Data Protection Officer at the following email address:



Barrière has implemented appropriate measures to maintain the security and privacy of data using physical and digital protection processes such as data encryption.

We also process your personal data on servers hosted by third parties (network operators or infrastructure as a service (IaaS) providers) and implement the measures necessary to secure our service.

Likewise, we impose the same security and privacy conditions on our service providers, processors or subcontractors having access to your personal data within the strict framework of the Services.



Our website may propose links to other third-party websites (particularly third-party social networks) and their functionalities, which we neither possess nor control. If you click on one of these links or use these functionalities, you are responsible for doing so. We are not responsible for the content or practices of any third-party site, application or functionality.



We store your information for a period commensurate with the purposes for which we process it, in order to meet the legal and regulatory requirements and comply with the limits they impose.

With regard to marketing communications, your data is stored for a maximum period of three years as from the end of our commercial relationship if you are a customer of Barrière Services, or three years as from your last contact with us if you are not a customer but just a visitor to the website or a subscriber to our newsletters.

In accordance with Article L561-13 of the Monetary and Financial Code and Decree n° 2016-774 of 10 June 2016 setting the profit threshold, your names and addresses are stored for a period of five years as from their verification date.

Video and audio recordings made in our casinos are stored for a period of one month unless extended due to pertinent investigations, particularly those dealing with suspicions of fraud.

Data pertaining to your bank card are deleted from our operational databases after completing the operation, but they may be stored in our archival records for a period of 13 months after their collection to guard against any eventual challenge to the transaction.



In accordance with the law relative to data processing, data files and individual liberties of 6 January 1978 and the General Data Protection Regulation (2016/679) (GDPR), as the data subject, you have the following rights:

a) right of access to the personal information that we possess concerning you;

b) the right to demand that we update or correct any personal information concerning you that is outdated or incorrect;

c) the right to withdraw your consent at any time when processing is based on your consent,

d) the right to object to receiving marketing communications.

e) the right to erasure when the conditions of Article 17 of the GDPR are met;

f) the right to restriction of processing when the conditions of Article 18 of the GDPR are met;

g) the right to restriction of processing to the extent which the conditions of Article 20 of the GDPR are met;

h) You have the right to provide instructions relative to the fate of your personal data upon your death.

i) the right to object to the processing of personal data concerning you to the extent which the conditions of Article 21 of the GDPR are met; and

j) The right to file a complaint with a regulatory authority, which in France is the CNIL (;

You can exercise these rights at any time by sending us an email at


15. CONTACTS – Contact information of our Data Protection Officer (DPO)

If you have any questions or claim pertaining to this privacy policy or the processing of your data by Barrière, you can contact Barrière’s Data Protection Officer by email at or the following postal address: GROUPE LUCIEN BARRIERE DPO, 35 Boulevard des Capucines à Paris (75002).

In the interest of protecting and maintaining the confidentiality of your personal data, we request that you attach a copy of an official document enabling us to identify you (ID card, passport, driving licence) in support of your request. Your request will then be processed as quickly as possible and in accordance with applicable laws.

D_Mentions Légales