Rock-Solid Privacy: Understanding the Unity™ by Hard Rock Privacy Policy

INTRODUCTION

1. This Privacy Policy, managed by Program Manager Seminole Hard Rock Support Services, LLC for Hard Rock Affiliated Parties, is your guide to understanding how your personal information is handled when you interact with the Unity by Hard Rock loyalty program. Think of this policy as the Rock Sign that guides our commitment to your data privacy within the Hard Rock universe.

2. This policy applies when you engage with Unity through various platforms:

   1. Visiting the Program Website, unity.hardrock.com.
   2. Using the Unity mobile application.
   3. Utilizing Hard Rock products or services connected to the Program.

3. Within this document, we detail how we collect, use, and share (“Process”) your Personal Information specifically for the Unity by Hard Rock loyalty program, also known as Unity™ or Unity by Seminole Gaming™ (“Program”). Our dedication to protecting your data is as steadfast as a rock sign in guiding your journey with us.

4. We are committed to transparency. This Privacy Policy also outlines your rights regarding your Personal Information and provides clear contact information should you have any questions or concerns.

5. Seminole Hard Rock Support Services, LLC, as the Program Manager, acts as the data controller for your Personal Information within the Program. Just as a rock sign clearly indicates the path, we are in control of how and why your data is collected and processed for the Program.

6. By using the Program Website, Unity App, or any Program benefits, and by providing your Personal Information, you agree to the terms outlined in this Privacy Policy.

7. To enhance your experience, we may utilize Personal Information from pre-existing Hard Rock loyalty programs you participated in, such as Seminole Wild Card, Hard Rock Rewards, Wild Card Rewards, or Hard Rock Casino Northern Indiana Loyalty Program, always in accordance with this Privacy Policy.

8. Providing Personal Information is voluntary, but it’s essential for accessing the full range of Program features and benefits. Choosing not to provide certain information may limit your access to specific Program functionalities.

9. This Privacy Policy may be updated periodically, with changes becoming effective on the date specified in the revised policy. We encourage you to regularly review this document to stay informed about our data privacy practices – your rock sign for staying updated.

10. Supplementary privacy notices may be provided for more detailed explanations of specific privacy practices where needed.

11. This Privacy Policy exclusively covers information collected by us within the Program. It does not extend to third-party websites, applications, or advertising linked to or accessible from the Program Website or Unity App. We recommend reviewing the privacy policies of any third-party platforms you interact with.

12. For easy navigation, this Privacy Policy is structured in a layered format. You can also download a PDF version for your convenience here.

Definitions

13. Key terms used throughout this Privacy Policy are defined below for clarity:

“Account”	A Member’s personalized record within the Program, tracking Tier Credits, Unity Points, Program Benefits, and Member information.
“Account Credentials”	A Member’s unique login information: (a) Account number or email address and (b) chosen password.
“Additional Terms”	Supplementary rules and conditions governing Program aspects like Unity Point earning and redemption, found on the Program Website.
“Applicable Laws”	All relevant legal and regulatory frameworks governing the Program, Program Manager, Hard Rock Affiliated Parties, and Members.
“Approved Identification”	Valid government-issued photo ID (e.g., driver’s license, passport) or other forms of identification accepted by Management.
“Excluded Purchase”	Expenditures ineligible for earning Tier Credits and Unity Points, including gift card purchases, discounted stays, event tickets (unless specified), purchases at non-Participating Locations, third-party services, group events, taxes, gratuities, and illegal items.
“Game Play”	Gaming activities at Participating Locations, such as slot machines, table games, online gaming, bingo, poker, keno, and sports betting, as permitted by law.
“Hard Rock Affiliated Parties”	Entities connected to the Program Manager, including affiliates, subsidiaries, Participating Locations, franchisees, and licensees operating Participating Locations.
“Management”	The operational management of a Participating Location.
“Marketing Brands”	Brands used by Hard Rock Affiliated Parties for marketing, including Hard Rock®, Hard Rock Cafe®, Hard Rock Casino®, Hard Rock Hotel, Hard Rock Hotel & Casino®, Hard Rock Digital®, Rock Shop®, Seminole Gaming®, Reverb®, and Reverb by Hard Rock®.
“Member”	A registered participant in the Program.
“Membership”	Enrollment and participation in the Program, governed by Membership Terms.
“Membership Terms”	The Unity By Hard Rock™ Loyalty Program Terms and Conditions, Additional Terms, and any subsequent modifications.
“Non-Gaming Items”	Non-gaming products and services at Participating Locations, such as hotel stays, dining, spa treatments, retail purchases, and entertainment.
“Non-Qualifying Stay”	Hotel stays at Participating Locations that do not qualify for Program benefits, including bookings through third-party channels, opaque channels, wholesaler rates, stays exceeding 30 days, complimentary stays, and voucher redemptions.
“Participating Location”	Venues participating in the Program, such as Seminole Casinos, Hard Rock Hotels & Casinos, Hard Rock Cafes, Reverb Hotels, and Rock Shops. A current list is available on the Program Website.
“Personal Information”	Data relating to an identified or identifiable individual, as defined by applicable data protection laws.
“Privacy Policy”	This document and any future revisions.
“Program Benefits”	Tier Credits, Unity Points, and other rewards detailed on the Program Website.
“Qualifying Spend”	Eligible purchases at Participating Locations that earn Tier Credits and Unity Points, including Game Play and Non-Gaming Items, excluding Excluded Purchases.
“Qualifying Stay”	Hotel stays booked directly through official Hard Rock channels or authorized agents at eligible rates that qualify for Program benefits.
“Tier Credits”	Non-redeemable credits used to determine a Member’s Unity Tier level annually.
“Unity App”	The mobile application associated with the Program.
“Unity Card”	A physical or digital card issued to Members for Program participation.
“Unity Points”	Redeemable points earned through Qualifying Spend, subject to legal and location-specific rules.
“Unity Tier”	Program membership levels with associated benefits, determined by Tier Credits.
“We”, “we”, “Our” “our”, “Us”, or “us”	Refers to the Program Manager.
“You”, “you”, “Your”, or “your”	Refers to a Program Member or potential Member.

14. References to “Section” denote sections within this Privacy Policy. Singular words include plural and vice versa.

HOW WE COLLECT YOUR PERSONAL INFORMATION

15. We collect Personal Information directly from you through various interactions:

    1. Program Website access and usage.
    2. Unity App download and usage.
    3. Program registration and Account creation.
    4. Updating your Account profile via the Program Website, Unity App, or Unity Customer Care.
    5. Program participation, including earning Tier Credits and Unity Points, and redeeming Program Benefits.
    6. Receiving Tier Credits.
    7. Receiving and redeeming Unity Points.
    8. Utilizing additional Program Benefits.
    9. Using your Unity Card for Game Play.
    10. Managing and viewing your Program transactions in your Account.
    11. Making reservations (e.g., restaurant, hotel, events) through your Account.
    12. Applying for a digital wallet.
    13. Purchasing or selling virtual goods.
    14. Using our products or services at participating locations (e.g., co-branded payment devices).
    15. Participating in contests, promotions, or surveys.
    16. Attending Program events.
    17. Contacting Unity Customer Care.
    18. Communicating with us via letter, email, phone, text, chat, or other means.
    19. Requesting information about our products, services, Participating Locations, Program Website, Unity App, or the Program itself.
    20. Requesting marketing or promotional materials.
    21. Allowing someone to provide your Personal Information on your behalf (e.g., reservations).
    22. Connecting with us via social media or posting content related to the Program.
    23. Interacting with our staff at Participating Locations or using our digital services.

16. We may also collect Personal Information indirectly from:

    1. Publicly available sources, joint marketing partners, and other third parties.
    2. Credit information and reference agencies.
    3. Fraud prevention and detection organizations.
    4. Family, friends, travel agents, or employers making reservations for you.
    5. Partners providing goods, services, or offers based on your Participating Location activities.
    6. Marketing Brands within the Hard Rock network.
    7. Internet-connected devices and networks at Participating Locations, to personalize your experience.
    8. Organizations or services that share information with us under their privacy policies (e.g., marketing partners, social media platforms).

COOKIES AND AUTOMATED TECHNOLOGIES

17. When you interact with the Program Website or Unity App, we automatically collect technical data about your device, browsing behavior, and usage patterns using cookies and other automated technologies, as detailed in Sections 19-39. This data helps us analyze website usage, improve features, and enhance your browsing experience.

(a) Cookies

18. We use “cookies” on the Program Website to understand popular sections and user preferences. Cookies also help analyze traffic patterns, improve functionality, enhance communication effectiveness, customize your experience, and improve convenience. Like a rock sign that consistently points the way, cookies help us understand user journeys on our website.

19. Cookies are unique identifiers that help websites track visitor numbers, repeat visits, and visit sources. You can disable cookies in your browser settings, but this may affect certain Program Website features.

20. We use Session and Persistent Cookies, categorized as Strictly Necessary, Performance, Functional, and Targeting Cookies.

21. Session Cookies: Active only during your online session, these cookies are removed when you close your browser or device. They identify you uniquely during a session, enabling transaction processing and identity verification as you navigate the Program Website. Disabling session cookies as a guest will require you to opt-out again for each session.

22. Persistent Cookies: These cookies remain on your device after you close your browser or device.

23. Strictly Necessary Cookies: Essential for website functionality, these cookies cannot be disabled. They are set in response to your actions, such as privacy preferences, logins, or form submissions. While you can block them in your browser, some site parts will not function. They do not store Personal Information.

24. Performance Cookies: These cookies collect anonymous, aggregated data on website visits and traffic sources to measure and improve site performance. They help identify popular pages and visitor navigation patterns. Disabling these cookies prevents us from monitoring site performance based on your visits.

25. Functional Cookies: These cookies enhance website functionality and personalization, set by us or third-party providers whose services we use. Disabling them may impair the function of some or all of these services.

26. Targeting Cookies: Set by our advertising partners, these cookies build a profile of your interests to display relevant ads on other sites. They uniquely identify your browser and device but do not directly store Personal Information. Disabling these cookies results in less targeted advertising.

(b) Clear GIFs or Web Beacons

27. Clear GIFs (web beacons, web bugs, or pixel tags) are small graphics with unique identifiers, similar to cookies. They are embedded invisibly on web pages, unlike cookies stored on your device. We use them to track Program Website visitor activity, manage content, and compile usage statistics.

28. We and our service providers also use clear GIFs in HTML emails to track email response rates, email views, and email forwarding.

29. Emails may contain links to Program Website content. Clicking these links routes information through our web server before reaching the destination page. We track this data to gauge interest in topics and assess communication effectiveness.

30. To avoid tracking, refrain from clicking links in our emails. You can also adjust your preferences in your browser’s ‘Privacy Settings’.

(c) Server Log Files

31. The Program Website automatically gathers and stores information in server log files, including IP addresses, browser type, operating system, ISP, referring/exit pages, date/time stamps, clickstream data, and viewed content. Server logs record your IP address, visit time, duration, and pages viewed. Traffic sources (paid ads, links, search engines, direct traffic) are also captured. Server log files are analyzed in aggregate, not individually.

(d) Geolocation

32. With your permission (opt-in) via the Unity App, we may collect your physical location using GPS, Wi-Fi, or cell tower data. This geolocation information helps us provide you with details about nearby Participating Locations, events, and promotions.

33. You can withdraw location permission through your device settings. Contact your device provider for assistance disabling location services.

(e) Do Not Track Signals

34. Our systems do not currently recognize browser “do-not-track” requests. However, you can disable tracking through cookie settings as described in the Cookies section. We do not collect, nor are we aware of third parties collecting, Personal Information about your online activities on third-party websites from the Program Website.

(f) Third-Party Analytics

35. We use tools like Google Analytics to analyze Program Website, Unity App, and online service usage. Learn about Google’s practices at https://policies.google.com/privacy and opt-out of Google Analytics. These tools use cookies and tracking technologies to help us improve our services and user experience. We do not share your Personal Information with these third parties.

(g) Unity App

36. When you download or register for the Unity App, you may provide Personal Information like name, email, phone number, username, password, and registration details.

37. We may automatically collect technical information about your device, unique device ID, mobile network, browser type, and Unity App usage patterns.

38. With your consent, we may also access information stored on your device, including contacts, geolocation data, and other digital content.

PURPOSE OF PROCESSING PERSONAL INFORMATION & TYPES OF PERSONAL INFORMATION PROCESSED

39. The following table outlines the purposes for processing your Personal Information and the types of information we may collect and process.

Purpose of Processing Activity	Types of Personal Information Processed
Member Registration. To register you as a Program Member, assessing eligibility.	– Name, address, contact details. – Account Credentials (including PIN). – Approved Identification.
Program Operation. To manage the Program, including Qualifying Spend tracking and Unity Point redemption at Participating Locations.	– Account number and validation information (PIN if needed). – Qualifying Spend details. – Unity Point redemption details.
Benefit Entitlement Assessment. To determine your eligibility for Program Benefits.	– Name, address, contact details. – Account number. – Approved Identification. – Qualifying Spend details. – Program Benefits awarded and redeemed. – Account transaction history. – Information relevant to irregular activity or Membership Terms compliance.
Program Change Communication. To inform you about Program updates, Membership Terms, Privacy Policy changes, Account status, Unity Tier, Unity Points, Program Benefits, and related information.	– Name, address, contact details. – Account number. – Approved Identification. – Qualifying Spend and Unity Point redemption details. – Account transaction details.
Program Offering Enhancement. To improve Membership service and personalize offers based on transaction analysis and identified interests.	– Name, address, contact details. – Account number. – Qualifying Spend and Unity Point redemption details. – Account transaction details.
External Product and Service Offers. To offer products/services from Hard Rock Affiliated Parties or select partners that may interest you.	– Name, address, contact details. – Qualifying Spend and Unity Point redemption details. – Account transaction details.
Product/Service Delivery. To provide, deliver, charge for, and evaluate products/services utilized at Participating Locations.	– Name, address, contact details. – Qualifying Spend and Unity Point redemption details.
Request Response. To respond to your service, information, data, and concierge requests.	– Name, address, contact details. – Account transaction details. – Request details.
Communication. To send printed or digital communications about Program applications, Membership, Program operation, changes, offers, products/services, and request responses.	– Name, address, contact details. – Relevant Account details.
Market Research. To conduct periodic satisfaction, service quality, or market research surveys.	– Name, address, contact details. – Date of birth. – Marital status. – Number of children and ages. – Opinions/answers.
Competition Participation. To enable participation in prize draws, sweepstakes, contests, and competitions, including administration, winner notification, and prize awarding.	– Name, address, contact details. – Details related to activity participation.
Credit Applications. To review and evaluate submitted credit applications.	– Name, address, contact details. – Account transaction details. – Identifier information for credit checks (e.g., SSN). – Financial information submitted.
Identification. To verify your identity for information provision, Account updates, or redemptions.	– Name, address, contact details. – PIN. – Date of birth. – Approved Identification.
Business Governance. To manage and protect our business, Program, Program Website, and Unity App (troubleshooting, data analysis, testing, maintenance, support, reporting, hosting).	– Your Account and transactions.
Web Content & Advertising. To deliver relevant website and Unity App content and ads, and measure advertising effectiveness.	– Browsing and Program Website/Unity App usage information. – Responses to marketing emails and ads.
Safety. To ensure the safety and security of staff, Members, guests, and visitors.	– Name, address, contact details. – Approved Identification.
Security & Compliance. To prevent, detect, and investigate fraud, cyber incidents, and illegal activities.	– Name, address, contact details. – Account transactions.
Business Analytics. To improve the Program, Program Website, Unity App, products/services, marketing, guest relationships, and Member experiences through data analytics.	– Your Account and relevant information/transactions.
Loyalty Data Migration. To transfer data from pre-existing loyalty programs (Seminole Wild Card, Hard Rock Rewards, etc.).	– Name, address, contact details. – Account Credentials (including PIN). – Approved Identification. – Account number(s) and validation information. – Transactions and data from prior loyalty programs.

40. Our legal bases for processing your Personal Information include: (i) your consent; (ii) contractual obligations; (iii) legal obligations; (iv) protection of vital interests; and (v) legitimate business interests.

MARKETING COMMUNICATIONS AND YOUR COMMUNICATION PREFERENCES

41. We may send marketing communications about the Program, promotions, offers, contests, products, services, and other information we believe may interest you.

42. You can manage your communication preferences, including opting in or out of marketing communications and choosing communication methods (mail or email), in your online Account or by contacting Unity Customer Care.

Promotional Offers

43. We analyze your Personal Information to understand your potential needs and interests to tailor relevant product, service, and promotional offers (marketing).

44. You may receive marketing communications if you have requested information, purchased services, and haven’t opted out, or if you have explicitly agreed to receive them. Hard Rock also offers mobile marketing messages; terms are available here.

Third-Party Marketing

45. To provide enhanced services, we may share your Personal Information with select third parties for direct communication with you. Jurisdictions may require separate consent for this. You can manage these communications by contacting us or using the “unsubscribe” link in marketing emails.

Communication Preferences

46. You can change your marketing communication preferences (including opting out) at any time by: (a) adjusting settings in your online Account or (b) contacting us. You can also unsubscribe from marketing emails via the “unsubscribe” link within them.

47. Even if you opt out of marketing communications, you will still receive essential communications regarding Program operation, your Account, and transactional information.

48. If you have consented to third-party marketing, you can withdraw consent by: (a) completing the online form or (b) calling our toll-free number at 1-833-970-1536.

49. For mobile marketing messages, see terms here.

WHO WE SHARE YOUR PERSONAL INFORMATION WITH AND WHY

50. We may share your Personal Information with specific third parties for defined purposes, as detailed below.

Recipients	Purpose for sharing Personal Information
Hard Rock Affiliated Parties, Participating Locations, and Marketing Brands.	– For purposes described in the “Purpose of Processing and Types of Personal Information Processed” section.
Service providers (e.g., CRM, marketing, financial, cloud, IT services).	– Program, offer, promotion, and event management support. – Data analysis, Program Website/Unity App development, digital/physical marketing support. – Program information and Member data storage. – Tier Credit and Unity Point processing. – Gaming Play account funding.
Professional service providers (e.g., accountants, lawyers).	– Professional services for business function support, reviews, advice, Program compliance, and interest protection.

51. The above excludes text messaging opt-in data and consent, which will not be shared with third parties.

52. We may disclose your Personal Information to third parties when necessary: (a) to comply with Applicable Laws; (b) for legal processes; (c) to respond to government/public authority requests; (d) to enforce Membership Terms; (e) to protect our operations (reorganization, merger, sale, etc.); (f) to protect rights, privacy, safety, or property of Hard Rock Affiliated Parties, you, or others; (g) to protect Hard Rock Affiliated Parties’ tangible/intangible property; (h) to pursue available remedies to protect our/Member interests; and (i) to prevent or limit potential damages.

53. We may share your Personal Information with new owners if we sell, transfer, or merge business parts or assets.

54. We may sell your Personal Information to partners for enhanced guest experiences or offers we believe are valuable to you. As of this Privacy Policy’s effective date, we have not sold any Personal Information.

HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION FOR?

55. We retain Personal Information only as long as reasonably necessary for collection purposes, including legal, regulatory, tax, accounting, or reporting requirements, and potentially longer for complaints or litigation prospects.

56. Retention periods are determined by the nature, sensitivity, and purpose of the Personal Information, potential harm risks, and applicable legal requirements. Generally, we do not retain Personal Information longer than seven (7) years.

57. In some cases, we may anonymize Personal Information for historical research or statistical purposes, using this data indefinitely without notice.

58. When Personal Information is no longer needed, physical and electronic records will be securely destroyed.

INTERNATIONAL TRANSFERS OF YOUR PERSONAL INFORMATION

59. As a global entity, we may transfer your Personal Information internationally among Hard Rock Affiliated Parties (including US headquarters), Participating Locations, service providers, and partners.

60. Your Personal Information may be stored and/or processed in the United States, Canada, or other jurisdictions.

61. Some jurisdictions may have different privacy protection levels than your local jurisdiction. For transfers outside the EEA or UK, we rely on the EU-US Data Privacy Framework (DPF) and the UK extension to the EU-U.S. DPF, and implement safeguards to ensure protection similar to the country of origin.

EU-U.S. DATA PRIVACY FRAMEWORK (DPF) AND THE UK EXTENSION TO THE EU-U.S. DPF COMPLIANCE

62. Hard Rock complies with the EU-U.S. DPF and UK Extension DPF Principles approved by the European Commission, providing a mechanism for personal information transfers from the EU and UK to the US while ensuring EU and UK data subject protections as required by European legislation.

63. In case of policy conflicts with EU-U.S. DPF and UK Extension DPF Principles, the EU-U.S. DPF and UK Extension DPF Principles will govern.

64. For more on EU-U.S DPF and UK Extension DPF and our certification, visit https://www.dataprivacyframework.gov/s/participant-search.

65. Hard Rock commits to cooperate with EU DPAs and the UK ICO and comply with their advice regarding HR data transfers from the EU and UK in employment contexts.

66. Hard Rock and listed US subsidiaries comply with EU-U.S. and UK Extension DPF Principles.

67. In compliance with EU-U.S. DPF and UK Extension to the EU-U.S. DPF, Hard Rock resolves complaints about privacy and Personal Information collection/use.

68. For questions or complaints regarding our EU-U.S. DPF and UK Extension DPF participation or Personal Information processing, contact us as indicated in “HOW TO CONTACT US”.

DISPUTE RESOLUTION AND ARBITRATION

69. When other avenues are exhausted, binding arbitration is available. Hard Rock Cafe International (USA), Inc. provides a US-based independent recourse mechanism (ICDR®/AAA®EU-U.S. DPF) for individual complaint/dispute resolution, covering all Personal Information except HR data. Visit https://www.icdr.org/dpf for details. ICDR/AAA services are free to you.

70. Under limited conditions, binding arbitration can be invoked as a last resort. The FTC has jurisdiction over Hard Rock’s EU-U.S. DPF compliance.

71. For third-party Personal Information transfers, Hard Rock ensures contractual obligations for limited, specific, policy-consistent processing, applying EU-U.S. DPF Principle protection levels, and notification if obligations can’t be met. Hard Rock will take steps to stop/remediate unauthorized processing upon notice. Hard Rock is potentially liable in cases of onward transfer to third parties.

YOUR RIGHTS

Overview

72. Under data protection laws, you have rights regarding your Personal Information. These rights may not apply in every situation. Contact us to exercise your rights using details in the “HOW TO CONTACT US” section.

73. The table below outlines your rights. We take these rights seriously but may be unable to comply in certain situations, such as legal/regulatory non-compliance. We will explain any inability to satisfy your request.

YOUR RIGHTS	DESCRIPTION
Right of Access	Known as a “data subject access request,” you can inquire about our Personal Information processing, types of data, processing methods, and receive a copy of your Personal Information.
Right to Rectification	You can request correction of incomplete or inaccurate Personal Information. We strive for accuracy and require you to provide complete and accurate information and update it promptly. You can update details in your Account profile on the Program Website or Unity App or by contacting Unity Customer Care. We may need to verify new data accuracy and require supporting documents for certain changes (e.g., legal name changes).
Right to Erasure or Right to be Forgotten	In certain cases, you can request deletion of your Personal Information, including when data is no longer needed for the original purpose, you withdraw consent, you successfully object to processing, unlawful processing, or legal obligations to erase data. We may not always be able to comply due to factors like legal obligations, dispute resolution, security, fraud prevention, or Membership Term enforcement. Gaming regulations, tax laws, and other legal requirements may also necessitate retention.
Right to Restriction	You can request suspension of Personal Information processing in scenarios like disputing data accuracy, unlawful use where you oppose erasure, needing data for legal claims even if we no longer require it, or objecting to processing while we verify legitimate grounds.
Right to Data Portability	You can request data transfer to you or a third party in a structured, machine-readable format. This right applies to automated processing based on your consent or contract performance.
Right to Object	You can object to Personal Information processing in certain cases. We may refuse if we have compelling legitimate grounds outweighing your rights. You can control direct marketing extent and request cessation of marketing messages anytime (see “Marketing Communications And Your Communication Preferences”). Even if you object to marketing, you may still receive essential Program, Account, and transactional communications.
Right not to be subject to a decision based solely on Automated Decision-Making, including Profiling	We may use your Personal Information for “profiling” to analyze/predict aspects of your situation (economic status, health, preferences, etc.) and group you with similar individuals for marketing efficiency and benefit offers. You can opt-out of Personal Information sharing for profiling at any time. We may also use your Personal Information for “lookalike audiences” to target ads to potential customers with similar interests on platforms like Facebook. Data is encrypted and anonymized for this, and Facebook deletes the data list after use. We don’t access identities in lookalike audiences unless they interact with our ads.

74. Exercise your rights by contacting us using details in “How to Contact Us”. We may need to verify your identity for security, requiring proof of identification and potentially requesting more information to assist with your request.

75. If you have multiple accounts and exercise your rights, you must instruct us separately for each account.

No Fee Usually Required

76. Accessing your Personal Information or exercising your rights is generally free. However, we may charge a reasonable fee or refuse excessive, unfounded, or repetitive requests.

Response Time

77. We aim to respond to legitimate rights requests within one (1) month, but complex or numerous requests may take longer. We will notify and update you in such cases.

THIRD-PARTY LINKS

78. The Program Website and Unity App may link to Third-Party Platforms with different privacy policies.

79. Clicking these links may allow third parties to collect or share your Personal Information. We advise reviewing Third-Party Platform privacy policies when leaving our platforms.

80. We are not responsible for the privacy policies, statements, and practices of Third-Party Platforms, even if accessed through our links. We disclaim responsibility and liability for these platforms.

HOW WE KEEP YOUR PERSONAL INFORMATION SECURE

81. We use industry-standard security measures to protect Personal Information from unauthorized access, alteration, or disclosure. Access is limited to employees, agents, contractors, service providers, and third parties with a business need, who are bound by confidentiality and process data according to our instructions. However, no system is foolproof, and we cannot guarantee absolute security. Exercise caution when transmitting sensitive information online.

82. Immediately report any loss, unauthorized access, or disclosure of Personal Information in our custody to [email protected]. We maintain Incident Response and Business Continuity Plans for data incidents.

83. Keep your Account Credentials confidential and do not share them. You are responsible for all Account activity. Sign off shared devices after use. Notify us immediately of unauthorized Account use. We will only request passwords on the Unity online account login page. Contact us for login assistance via links on the Program Website and Unity App.

PROTECTING CHILDREN

84. We prioritize children’s privacy, recognizing their potential vulnerability. Promotions and activities directed at children receive specific attention and protection. We rely on consent as the lawful basis for processing children’s Personal Information, always obtaining consent from the custodial parent or guardian.

UPDATES TO THIS PRIVACY POLICY

85. We reserve the right to update, change, revise, modify, amend, supplement, or replace this Privacy Policy (“Changes”) at any time by posting the revised Privacy Policy on the Program Website. We may also, at our discretion, notify Members of Changes via email. Continued access or Program participation after revised Privacy Policy posting or email notification implies acceptance of Changes and the revised Privacy Policy becomes binding from the effective date. Review our Privacy Policy periodically for updates.

86. If you disagree with the revised Privacy Policy, your sole recourse is to withdraw from the Program and terminate your Membership as per Membership Terms.

U.S. STATE-SPECIFIC PRIVACY LAWS

87. Residents of U.S. states with comprehensive data privacy laws have additional disclosures and rights in the U.S. State-Specific Privacy Laws section, supplementing this Privacy Policy. Check this link regularly for updates.

HOW TO CONTACT US

88. Global Data Protection & Risk Office. Oversees this Privacy Policy. For questions or to exercise your rights, contact the Global Data Protection & Risk Office using details below or submit the online form.

To:	Global Data Protection & Risk Office Seminole Hard Rock Support Services, LLC d/b/a Unity Global Services
Postal address:	5701 Stirling Road, Davie, Florida 33314 United States of America
Email address:	[email protected]
Telephone number:	+1-833-970-1536 (U.S. toll-free); or +1-954-498-9834
Website:	unity.hardrock.com
Online Form Link:	Exercising My Rights

89. Include your name, address, phone, email, account/reference number, and clearly state your request or concern. For rights requests, specify the right you wish to exercise in the subject line. We may verify your identity and require proof of identification. If we decline action, we will provide justification and appeal instructions.

90. UK Contact Information. For UK residents, contact our UK Data Privacy Representative:

To:	UK Unity Data Privacy
Postal address:	148 Old Park Lane, London W1K IQY United Kingdom
Email address:	[email protected]
Telephone number:	+44-020-7514-1700

91. UK residents can complain to the ICO (www.ico.org.uk), the UK data protection regulator. Contact us first to address your concerns.

92. EEA Contact Information. For EEA residents, contact our EEA Data Privacy Representative:

To:	EEA Unity Data Privacy Studio Legale PANETTA
Postal address:	Via Arenula, 83 00186 Roma RM, Italy
Email address:	[email protected]
Telephone number:	+39-06-6821-0129

93. EEA residents can complain to a supervisory authority in their EEA country of residence, work, or alleged data protection law infringement.

94. We will do our best to address all questions and resolve complaints to your satisfaction.

Appendix 1 (China)

This Appendix supplements the Privacy Policy for residents within the People’s Republic of China (excluding Hong Kong, Macau, and Taiwan).

Mini-program. This Appendix and the Privacy Policy govern Personal Information processing by the Program Website and our WeChat Mini program (“Mini-program”). Submitting Personal Information (name, ID, address, email, birthdate, phone) at Participating Locations, Program Website, or Mini-program signifies consent to collection, storage, use, processing, transfer, provision, deletion, and other processing for Program services and business purposes as detailed in the Privacy Policy, unless otherwise legally permitted. Information sharing will adhere to the Privacy Policy. Contact us at [email protected] for questions about this Appendix, Privacy Policy, Website, or Mini-program.

• Personal Information Rights.

Change or Correct: You can request Personal Information changes or corrections. Account holders can review and edit details online via the Website or Mini-program. Profile information is accessible and editable online at no charge.

Withdrawing Consent. You can withdraw consent for consent-based Personal Information collection/processing at any time, without affecting prior lawful processing or processing based on other legal grounds.

Explanation. You can request clarification of our Personal Information processing rules.

Access, correction, amendment, deletion. For access, correction, amendment, or deletion requests across multiple accounts, separate instructions are needed per account. Reasonable access is generally provided within 30 calendar days at no cost, with exceptions for legal limitations or excessive requests.

We may retain Personal Information for recordkeeping, transaction completion, legal compliance, regulatory adherence, dispute resolution, security, fraud prevention, and abuse prevention as legally permissible.

• Right not to provide information.

You can choose not to provide Personal Information, but this may limit access to Program services.

• Sensitive Information.

PERSONAL INFORMATION COLLECTED AND PROCESSED MAY INCLUDE SENSITIVE PERSONAL INFORMATION, HIGHLIGHTED IN UPPERCASE IN THE PRIVACY POLICY FOR YOUR ATTENTION, INCLUDING IDENTIFICATION CARD NUMBER, ADDRESSES, PAYMENT INFORMATION, GEOLOCATION, AND PERSONAL INFORMATION OF CHILDREN UNDER 14. Sensitive Personal Information processing is for specific, necessary purposes as described in the Privacy Policy, with strict security measures and minimal impact on your rights. YOU EXPRESSLY AND VOLUNTARILY CONSENT TO OUR PROCESSING OF YOUR SENSITIVE PERSONAL INFORMATION AS DESCRIBED IN THE PRIVACY POLICY.

• Data Sharing and Transfers.

To the extent permitted by Chinese law, we may share Personal Information with local, state, federal, and foreign entities for reporting mandates, and with government authorities for legal, regulatory, or administrative compliance, or as required by U.S. or other law. In such cases, we will notify you of foreign recipient details, processing purposes/methods, Personal Information types processed, and other legally required information. Disclosure may also occur to prevent actual or suspected harm or loss or as otherwise legally permitted.

---

Alt text for potential images (assuming images from the original document are used, and imagining relevant Hard Rock branding images):

(Assuming an image of the Hard Rock logo)
“

(Assuming an image of a Hard Rock Cafe exterior sign)
“

(Assuming a generic image of a lock or security symbol)
“