The protection of personal data is very important to Grand Casino Baden AG (hereinafter referred to as «GCB» or also referred to as «we» or «us»). For this reason, we make every effort to protect the privacy of all visitors to our websites.
Separate data protection provisions apply to the website www.grandcasinobaden.ch and all other services of GCB, which can be found at https://www.grandcasinobaden.ch/datenschutzerklaerung.
1 DATA PROTECTION WITH JACKPOTS.CH
We process personal data in accordance with the provisions of Swiss law (Swiss Federal Act on Data Protection (FADP) and Swiss Ordinance on Data Protection (DPO)) and, where applicable, the European General Data Protection Regulation (GDPR). jackpots.ch was also the first Swiss casino to be ISO 27001 (international standard for information security) certified in 2019.
2.1 REPRESENTATION FOR DATA PROTECTION MATTERS IN SWITZERLAND
The party responsible for processing personal data is:
Grand Casino Baden AG
T +41 (0)56 204 07 07
E-mail: [email protected]
If you have any concerns about data protection, you can send them to us for all Stadtcasino Baden Group companies at [email protected].
2.2 DATA PROTECTION SUPERVISORY AUTHORITIES
The responsible data protection supervisory authority in Switzerland is:
Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter
Tel. +41 (0)58 462 43 95
3 LEGAL BASIS AND PURPOSE OF DATA PROCESSING
Casinos are subject to the following legal requirements, which also require the collection and processing of personal data:
- Federal Act on Gambling (BGS)
- Ordinance on Gambling (VGS)
- FDJP Ordinance on Casinos (SPBV-EJPD)
- Federal Act on Combating Money Laundering and Terrorist Financing (AMLA)
- FDJP Anti-Money Laundering Ordinance (GwV-EJPD)
- SFGB Anti-Money Laundering Ordinance (GwV-ESBK)
We use the personal data we collect primarily in connection with communication with you and to conclude and execute contracts with our customers and business partners. This applies in particular to our activities in connection with the operation of our online casino. This includes, for example, registering players, processing payments and organizing events. We thereby also fulfill our legal obligations, in particular to protect players from excessive gambling and to combat crime and money laundering, as well as our tax obligations. If your role includes working (e.g. as an employee or adviser) for one of our customers or business partners, your personal data may also be affected in this context.
In order to fulfill our legal obligations, we process the following data and may disclose it to the Swiss Federal Gaming Board (SFGB):
- Data collected from players during online registration
- Data about players’ gambling behavior and financial transactions
- Data about players’ personal, professional and financial situation
- Data about player suspensions
In addition, we process personal data from you and other persons, to the extent permitted and deemed appropriate, for the following purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:
- Offering and further developing our offers, services and websites, apps and other platforms on which we have a presence, including improving the user experience and personalizing offers
- Communicating with third parties and processing their inquiries (e.g. supervisory authority)
- Reviewing and optimizing processes for needs analysis for the purpose of addressing customers directly and collecting personal data from publicly accessible sources for the purpose of customer acquisition
- Advertising and marketing (including organizing events) and maintaining relationships, provided that you have not objected to the use of your data (if we send you advertising, you can object at any time; we will put you on a list to stop further advertising)
- Market research, to improve our services and operations, for product development, training and quality assurance purposes
- Asserting legal claims and defense in connection with legal disputes and official proceedings
- Preventing and investigating criminal offenses and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud)
- Ensuring and safeguarding our operations, in particular IT, our websites, apps and other platforms, as well as safeguarding our customers and employees
If you have given us consent to process your personal data for specific purposes (for example, when you subscribed to receive newsletters), we process your personal data within the scope of and on the basis of this permission unless we have any other legal basis and we require such a basis. Consent given can be withdrawn at any time, but this does not affect data processing that has already taken place.
4 COLLECTION OF PERSONAL DATA
4.1 DATA GATHERING
We primarily process personal data that we receive from our customers, business partners and other parties involved or that we collect from users when operating our website and other applications. This also includes contact details that you provide to us, e.g. via e-mail, the contact form or chat. This data will only be transmitted with your consent. You decide what data you want to enter into our web forms. If you provide your personal data, you also give us your consent for it to be processed by us.
For personalized services or access-protected areas, or for the processing of requests and administration of your player account, you may need to register and set up a user account. Certain personal data must be entered during registration. This includes your first and last name, gender, e-mail address, date of birth, address (full postal address, postcode, town/city), telephone number, username and password.
In addition to the information marked as mandatory, you can voluntarily enter and store additional personal data. This data is then stored in our system. We also store data in connection with the use of our offers and services, such as game histories and scores. Additional data may be required for the use of additional services and will be requested from you in this case. This applies, for example, to preferred communication channels and language preferences.
We are also entitled to request salary statements, proof of income/asset or tax documents from you in order to comply with legal obligations under gambling laws and regulations on combating money laundering and terrorist financing. In order to comply with legal requirements, we may also collect and/or update personal data from third parties (public registers, credit agencies, subcontractors).
We record all communication between players via the gambling platform, in particular via the chat function. Every contact with jackpots.ch customer support is also recorded.
If you post contributions (comments, photos, videos, etc.) using the appropriate features in order to share them with other people, we may publish them and thus make them available to the general public. This also applies to your username. Please refer to our GTCs, which you explicitly agree to by opening a player account. We would like to point out that once such data has been published on the internet, it may still be accessible from third parties, for example via search engines, even in the event of deletion or anonymization by you or us.
4.2 LOG FILES
All access to websites operated by GCB in connection with jackpots.ch is logged and stored in the log files of the web servers used. Only the information that your internet browser automatically transmits to the server is stored in the log files. This includes in particular:
- The user’s IP address
- The date and time of the server request
- The operating system of your device
- The user’s browser type/version
- The user’s language settings
- The name of your internet service provider
- The website from which you came to our site
- The pages accessed on our websites, and
- The transmission protocol used.
The transmitted data is stored in server log files for a period of up to four weeks. The data is stored to ensure that processes and procedures, particularly in connection with the use of our website and the security and stability of our system, are secure.
4.3 OPENING A PLAYER ACCOUNT
In order to create a player account, we need the following information:
- First and last name
- Home address
- Date of birth
- E-mail address
- Mobile number
- Official ID
- Proof of residence
- Loss limit
This information is required in order to gain access to our online gambling services and to comply with our legal obligations.
4.4 CONTACT FORMS
Our website contains contact forms that can be used to get in touch with us. The data entered in the contact forms is transmitted in encrypted form (SSL encryption).
If you use our contact form, your data from the form will be processed by us in order to process and respond to your inquiry and in the event of follow-up questions. We usually require the following information:
- First and last name
- E-mail address
- Your inquiry
4.5 CONTACT BY E-MAIL
When you contact us by e-mail, we will store the data you provide (your e-mail address, if applicable your name, your telephone number and other information provided in the e-mail) in order to process your request or to answer your questions. Contacting us by e-mail is expressly voluntary and is carried out with your consent.
4.6 CONTACT BY CHAT
When you contact us by the chat function, we will store the data you provide (your e-mail address, if applicable your name, your telephone number and other information provided in the chat message) in order to process your request or to answer your questions. Contacting us by the chat function is expressly voluntary and is carried out with your consent.
In order to register for our GRANDWINNERS loyalty program, we need the following information:
- First and last name
- Home address
- Date of birth
- E-mail address
- Mobile number (optional)
- Official ID
Participation in our GRANDWINNERS program is expressly voluntary and with your consent.
You can configure your preferences and consent via the cookie banner or in your browser settings and, for example, refuse to accept cookies from other companies or reject all cookies. Please note that you may not be able to fully use all the features of our websites if you reject cookies.
4.9 WEB ANALYTICS
4.9.1 GOOGLE ANALYTICS
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland («Google»), to design, analyze and improve our website in line with requirements.
Google will use this information to analyze your use of GCB websites and applications for us, to compile reports on activities and to provide us with other services relating to your use of GCB websites and applications and of the internet. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.
4.9.2 TWITTER ANALYTICS
Our website uses services provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The party responsible for data subject rights within the EU/EEA is Twitter International Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland («Twitter»).
We use the web analytics service Hotjar to analyze the use of our website. Hotjar Ltd. (St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) complies with the provisions of the Data Protection Act, Chapter 440 of the Laws of Malta, which implements all relevant European Union directives on data protection.
For more information about Hotjar’s compliance with data protection, please see: https://www.hotjar.com/legal/policies/privacy/.
4.10 ADVERTISING AND MARKETING
4.10.1 GOOGLE MARKETING PLATFORM
Your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this service. According to Google, the integration of GMP informs Google that visitors have accessed the relevant part of our website or clicked on one of our ads. If visitors are registered with a Google service, Google can assign the visit to the respective user account. Even if visitors are not registered with Google or are not logged in, it is possible that the provider will obtain and store the IP address. The use of GMP may also result in the transfer of personal data to Google servers in the USA.
You can prevent the tracking process by adjusting the appropriate settings of your browser software or by adjusting your settings for personalized advertising ( https://myadcenter.google.com/personalizationoff?hl=en&sasb=true&ref=ad-settings).
Further information about the Google Marketing Platform can be found at https://marketingplatform.google.com/about/.
4.10.2 GOOGLE ADS
Our website uses Google conversion tracking. If you have accessed one of our websites via an ad placed by Google, Google Ads will place a cookie on your computer or mobile device. These cookies expire after 30 days and are not used to identify you. If you visit certain pages of our website and the cookie has not yet expired, we and Google can recognize that you have clicked on the ad and been redirected to that page. Each Google Ads customer receives a different cookie. This means that cookies cannot be tracked via the website of Ads customers. The information collected through the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. We learn the total number of people who have clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can be used to personally identify visitors.
For more information about the purpose and scope of data collection and its processing, as well as more information about your rights in this regard and setting options to protect your privacy, please contact: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
4.10.3 FACEBOOK (META) BUSINESS TOOLS/CONVERSIONS API
Our websites use the Facebook Conversions API, a server-side event tracking tool. You can find a detailed description of how the Conversions API works at : https://www.facebook.com/business/help/2041148702652965?id=818859032317965.
The service provider is the American company Meta Platforms Inc. The company Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European area.
User data is collected in strict compliance with the Best Practices for Conversions API of the Meta Business Help Center ( https://www.facebook.com/business/help/308855623839366?id=818859032317965), the best practices for privacy and data use for Meta Business Tools ( https://facebook.com/business/help/363303621411154?id=818859032317965), the Meta Business Tool Terms ( https://www.facebook.com/legal/terms/businesstools), the Data Processing Terms( https://www.facebook.com/legal/terms/dataprocessing) and the Cookie Consent Resource ( https://developers.facebook.com/docs/app-events/cookies?locale=en_EN). Personal information such as websites visited, device information, IP addresses, e-mail addresses and telephone numbers may be collected.
The Facebook Conversions API data interface enables us to better record the behavior of website visitors and forward it to Facebook for evaluation. This allows us to optimize our ads on Facebook. When using the Facebook Conversions API, we comply with the statutory provisions.
Facebook also processes your data in the USA, among other places, which means that the site operator can pass on personal data to a company in a third country outside the EU via the Conversions API. The standard contractual clause makes data transfers to the USA temporarily compliant with data protection. These clauses are based on an implementing decision of the European Commission. You can find the resolution and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.
Facebook’s data processing conditions, which comply with the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.
4.10.4 FACEBOOK CUSTOM AUDIENCE (FACEBOOK PIXEL)
Our websites use the visitor action pixel from Facebook, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland («Facebook») to track conversions.
This makes it possible to track the behavior of site visitors after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The data collected is anonymous for us as the operator of these websites; we cannot draw any conclusions about the identity of visitors. However, the data is stored and processed by Facebook, meaning that it is possible to make a connection to the respective user profile. Furthermore, Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Policy. This enables Facebook to place advertisements on Facebook pages as well as outside of Facebook. This use of this data cannot be influenced by us as the site operator.
You can also deactivate the «Custom Audiences» remarketing feature in the ads Settings area ( https://www.facebook.com/help/109378269482053/?helpref=hc_fnav). You need to be logged into Facebook to do this.
If you do not have a Facebook account, you can opt out of Facebook’s usage-based advertising on the European Interactive Digital Advertising Alliance website ( https://www.youronlinechoices.com/ch-de/praferenzmanagement).
4.10.5 X ADVERTISING
Further information about X Ads can be found at https://business.twitter.com/en/help/ads-policies.html.
4.10.6 MICROSOFT ADS
With this advertising, we aim to reach people who are interested in our website or who already use it. We transmit the relevant information – including personal information – to Microsoft (remarketing) for this purpose. We can also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking).
Further information about the nature, scope and purpose of data processing can be found in Microsoft’s Privacy Statement ( https://privacy.microsoft.com/en-us/privacystatement). You can object to personalized advertising ( https://account.microsoft.com/privacy/ad-settings/signedout?ru=https%3A%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings).
4.10.7 TRADE DESK
Our website uses retargeting technology from The Trade Desk, Inc. 42. N. Chestnut Street Ventura, California 93001, USA («The Trade Desk»). This feature is used to present interest-based advertisements to visitors to the website as part of the The Trade Desk advertising network. Cookies are stored on the browser of the person visiting the website. On these websites, visitors can then be shown advertisements that relate to content that the person has previously viewed on websites that use The Trade Desk’s retargeting technology. According to its statements, The Trade Desk collects pseudonymized data during this process and no personal data is collected or stored.
You can object to the processing of the cookie data generated by The Trade Desk at any time at https://www.adsrvr.org/. Further information on The Trade Desk’s data protection can be found at https://www.thetradedesk.com/general/privacy-polic.
The information generated by cookies and pixel tags about the use of this website and the the display of advertising formats is transmitted to a Tradedoubler server and stored there. This information may be shared by Tradedoubler with Tradedoubler’s contractual partners. However, Tradedoubler will not merge your IP address with any other data stored about you.
You can object to the processing of data by Tradedoubler at https://publisher.tradedoubler.com/include/functions/optout.html. This places an opt-out cookie that prevents the future collection of your data when you visit this website. The opt-out cookie is stored on your device and is only valid in the browser in which you set it and only for our website. If you delete the cookies from your browser, you must set the opt-out cookie again.
4.10.9 MY AFFILIATES
We use My Affiliates as an affiliate marketing platform on our website. My Affiliates allows us to partner with different publishers to promote our products and services and increase traffic to our website. By clicking on affiliate links on the publisher websites, personal data such as IP addresses and cookie information may be collected and transmitted to My Affiliates. This data is used to measure the effectiveness of our marketing campaigns and to reward us for successful transactions generated by affiliate links.
4.11 WEBSITE OPTIMIZATION
4.11.1 GOOGLE TAG MANAGER
For more information about Google Tag Manager, see https://www.google.com/intl/de/tagmanager/use-policy.html.
Our website uses the testing and web analytics service Kameleoon provided by Kameleoon SAS, 12 Rue de la Chaussée d’Antin, 75009 Paris. This service allows us to analyze user behavior based on user segmentation. This enables us to evaluate the visiting behavior of individual user segments and carry out A/B tests in order to continuously improve our website. For the analyses, the browser’s local storage and cookies are used, which are linked to a pseudonymized ID.
Your IP address is fully anonymized and is not stored. The information generated by the cookie about your use of this website is transmitted to a Kameleoon server in Germany and stored there in aggregated and pseudonymized form. In some cases, Kameleoon may also store usernames when they are used on our website. The IP address transmitted by your browser as part of Kameleoon will not be merged with other data held by Kameleoon.
4.12 SOCIAL MEDIA
We offer recommendation buttons for the following social media on our website: Facebook, X (formerly Twitter), Instagram and YouTube. These allow you to recommend selected website content to other internet users via the relevant social media and add the content to your personal profile. The recommendation buttons are provided by the operators of the social media.
By integrating these plugins into our website, the operators of the relevant social media may receive the information that you have accessed our website. If you are logged in to one of the aforementioned social media during your visit to our website, the operator may assign this visit to your user account. If you do not want such information to be assigned to your profile, we recommend that you log out of social media before visiting our website.
4.13 CUSTOMER REVIEWS AND FEEDBACK
Our website uses Trustpilot, a user feedback and review service provided by Trustpilot, Inc. (245 5th Avenue, 4th floor, New York, NY 10016, USA), or Trustpilot for short.
Trustpilot provides a form for submitting feedback about our website and reviewing your user experience and product quality. If you use this option, all information is entirely voluntary and the results are published on https://www.trustpilot.com/ under a pseudonym of your choice. Product reviews can also be published on our website or in Google search results. More information about Trustpilot’s data protection can be found at https://legal.trustpilot.com/end-user-privacy-terms.
5 DISCLOSURE OF DATA TO THIRD PARTIES
Insofar as we outsource certain parts of our data processing (e.g. to IT service providers), we contractually oblige such contractor(s) to process the personal data only in accordance with the requirements of the applicable data protection law and to ensure that the rights of the data subject are protected. We also use (IT) services from our Swiss parent company Stadtcasino Baden AG. We use (IT) service providers from the EU as well as IT service providers from the US, with whom we conclude corresponding contracts and take technical and organizational measures to ensure an appropriate level of protection. Whenever possible, we select IT service providers with server locations in Switzerland or the EU (such as Zendesk).
If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection law (for this purpose, we use the revised standard contractual clauses of the European Commission), unless they are already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exempt provision. An exception may apply in particular to legal proceedings abroad as well as in cases of overriding public interest, or if the performance of a contract requires such disclosure, if you have consented, or if the data has been made generally available to the public by you and you have not objected to its processing.
Within the scope of fulfilling their legal mandate, the SFGB and the authorities may request access to our stored data.
We are required by law to make the identity of persons subject to a gaming ban available to other casinos in Switzerland. In addition, the date of issue, the type of suspension and the name of the casino that imposed the suspension will be disclosed. This obligation to provide information is fulfilled by storing the information in a central database to which all Swiss casinos have access.
We work with an addiction prevention center and a therapy facility in order to implement the social concept. During cooperation, personal data is exchanged on a case-by-case basis. If a gambling suspension is lifted, we are entitled to pass on the information about the player that is required to verify the lift to a cantonally recognized specialist or specialist authority.
If there are indications of money laundering, terrorist financing or funds of criminal origin or criminal organizations, we are authorized to forward all necessary data to the Swiss Money Laundering Reporting Office.
We disclose the personal data required to open your player account (see GTCs) to third parties in Switzerland and abroad, in particular in the event of suspected fraud, money laundering or other criminal conduct, for the purpose of clarifying the suspicion, initiating criminal, civil or administrative proceedings and complying with government orders during and outside pending proceedings, insofar as this is permitted under Swiss data protection law.
Personal data may also be disclosed to the specialist unit of SRO Casinos as part of investigations in connection with the prevention of money laundering and terrorist financing.
jackpots.ch maintains a data recording system in Switzerland for the gambling platform that records the above-mentioned player data and provides it to the supervisory authority.
6 RETENTION PERIOD FOR PERSONAL DATA
We process and store your personal data for the duration of the fulfillment of our contractual and legal obligations for as long as it is necessary to achieve the purposes for which the processing was carried out and for as long as we are legally obliged to store and document your personal data. We may retain personal data for as long as claims may be asserted against our company or for as long as we are otherwise required to do so by law or for as long as legitimate business interests require it. If your personal data is no longer required for the aforementioned purposes, it will be deleted or anonymized as part of our usual processes to the extent possible.
7 DATA SECURITY
To protect your personal data against unauthorized access and misuse, we take appropriate technical and organizational security measures, such as issuing directives, providing training, implementing IT and network security solutions, access monitoring and restrictions, encrypting data carriers and transmissions, and using pseudonymization or anonymization and controls.
8 RIGHTS OF DATA SUBJECTS
Within the scope of the data protection law that applies to you and to the extent provided for therein, you have the right of access, rectification and deletion and the right to otherwise object to our data processing and otherwise the right to object to our data processing, in particular data processing for direct marketing, profiling and other legitimate interests in processing, as well as the right to the disclosure of certain personal data for the purpose of transferring it to another body («data portability»). Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in it (insofar as we may invoke it) or require it to assert claims. We will let you know in advance if you will incur any costs. We have already informed you about the option of withdrawing your consent in Section 3. Please note that the exercise of these rights may conflict with contractual agreements and this may lead to consequences such as early termination of the contract or cost implications. In this case, we will inform you in advance where this is not already contractually stipulated.
In order to exercise these rights, you generally need to prove your identity clearly (e.g. by means of a copy of your ID). To assert your rights, you can contact us at the address provided in Section 2.
In addition, every data subject has the right to assert their claims in court or to file a complaint with the competent data protection authority.
9 CHANGES TO THIS DATA PROTECTION INFORMATION
We reserve the right to amend these provisions at any time in accordance with the applicable data protection regulations. Changes are published on our websites and come into effect when they are activated. The current version is valid as of September 2023.
If you have any questions about the processing or security of your personal data, you can directly contact the GCB data protection officer in accordance with Section 2 above.