Privacy Policy

of Airport Casino Basel AG

www.goldengrand.ch

Valid from: 19.09.2024

Airport Casino Basel AG; ACB www.goldengrand.ch (hereinafter referred to as ACB) is committed to protecting your personal data. The privacy of all visitors and users of the website: www.goldengrand.ch is protected as far as possible within the legal framework.

With this privacy policy we would like to inform you about the collection of personal data when using our website and related services.

When processing data, we act in accordance with the Federal Data Protection Act (Bundesgesetz über den Datenschutz, DSG) and the associated Data Protection Regulation (Datenschutzverordnung, DSV). As part of the tracking measures, the European General Data Protection Regulation (GDPR) may also be applicable.

This privacy policy applies to the gaming platform www.goldengrand.ch, the entire range of games and all associated services.

Regarding data processing when visiting the casino on site, we refer to the General Data Protection Declaration of Airport Casino Basel AG at the following link: https://grandcasinobasel.com/datenschutz/

Regarding the use of the platform, we refer to the General Terms and Conditions, which you can access at the following link:

https://www.goldengrand.ch/en/terms-and-conditions

1 GENERAL INFORMATION

Personal data within the meaning of data protection laws is all information that relates to an identified or identifiable natural person, e.g. name, address, email addresses, etc.

"Processing" means any handling of personal data, regardless of the means and procedures used, in particular the acquisition, storage, use, reworking, disclosure, archiving or destruction of data, whereby "disclosure" means making personal data accessible, such as granting access, passing on or publishing.

Questions and complaints regarding the processing of your personal data

1.1 Responsible body

Airport Casino Basel AG, Flughafenstrasse 225, CH-4056 Basel

Email: support@goldengrand.ch

Website: www.goldengrand.ch

1.2 Rights of the data subjects

In accordance with the statutory provisions, the data subjects of the data processing may exercise the following rights with regard to the personal data concerning him or her:

Right to be informed regarding your personal data,
Right to limit the processing of your personal data,
Right to object to the processing of your personal data,
Right to rectification/correction or erasure of your personal data,
Right to data portability of your personal data (or their disclosure).

In addition, you can revoke your consent to data processing at any time.

These rights apply provided that no statutory retention periods or other legitimate interests conflict with the request. You also have the right to lodge a complaint with the competent data protection supervisory authority, if this applies to you.

To exercise your rights, you can contact us via the email address support@goldengrand.ch. We may request proof of identity to process your request.

1.3 Basis of processing

Personal data is processed in accordance with data protection principles. The data will only be processed within the legally justified framework for permissible data processing. This includes, among other things, the consent of users; processing for the provision of the services offered; processing to comply with the legal obligations applicable to ACB; or processing to pursue the legitimate interests of ACB, third parties or the public, unless the legitimate interests of the user outweigh them in the individual case.

ACB pursues legitimate interests in data processing, among others with regard to: (1) optimizing and improving the services offered; (2) tracking and preventing abuse on their websites or within the scope of their services; (3) enforcing contractual agreements and legal obligations; and (4) advertising and marketing activities (5) presentation of the website, optimization of the services and ensuring stability and security (6) responsible use of the services.

1.4 Specific legislation concerning casinos

As a casino, ACB is subject to the following laws and regulations on gambling, which legally prescribe and justify the collection and processing of personal data:

Federal Gambling Act (Bundesgesetz über Geldspiele, BGS)
Gambling Regulation (Verordnung über Geldspiele, VGS)
Federal Department of Justice and Police Regulation on Casinos (Verordnung des EJPD über Spielbanken, SPBV-EJPD)
Federal Act on Combating Money Laundering and Terrorist Financing (Geldwäschereigesetz, GwG)
Regulation on Combating Money Laundering and Terrorist Financing (Geldwäschereiverordnung, GwV)
Regulation of the Federal Gaming Board on the Due Diligence Obligations of Casinos to Combat Money Laundering and Terrorist Financing (ESBK, GwV-ESBK)

To fulfil its legal obligations, ACB processes the following data in particular:

Online registration or user account data;
Data on gaming behaviour and financial transactions;
Data on the personal and financial situation of users; and
Data on user blocking or game restrictions.

The data processing is based on the legal basis of the statutory obligation (Art. 6 (1)(c) GDPR or Art. 31 (1) DSG).

This data may be passed on to the supervisory authority and other competent authorities.

The user data is transmitted in pseudonymized form to a data recording system located in Switzerland, which makes the data available to the supervisory authority. For the duration of storage, see section 3.

ACB is entitled to request proof of assets, pay slips or tax documents from the user in order to comply with legal obligations to combat money laundering and terrorist financing or for the purpose of early detection measures with regard to possible gambling addiction. The personal data may also be obtained from third parties (e.g. public registers, credit agencies, subcontractors).

2 DATA PROCESSING OF PERSONAL DATA

2.1 Data collection when visiting or accessing the website

An informational visit to the website, without transmitting any information, only leads to the collection of personal data that your browser transmits to our server and that is technically necessary for our legitimate interest in displaying the website, optimizing the services and ensuring stability and security. This data is therefore collected on the basis of Art. 6 (1) (f) GDPR, if applicable, or Art. 31 (1) DSG.

When you visit the ACB website, the system automatically collects information and stores it temporarily in log files. This includes, among others:

the IP address (which allows the identification of a specific user);
date and time of the website visit;
the operating system; and
the browser used.

This usage data forms the basis for statistical, anonymous evaluations, including for demographic purposes, so that our offerings can be improved accordingly based on trends. This data is also collected on the basis of Art. 6 (1) (f) GDPR or Art. 31 (1) DSG (optimization and improvement of the services offered).

The data collected may be passed on to external service providers/contractors (e.g. hosting, content management system) for processing in accordance with the required purposes (for the website).

2.2 Contact form

If you send us inquiries using the contact form, your details from the contact form, including the contact details you provided there, will be stored for the purpose of processing the inquiry and in case of follow-up questions. This is done on the basis of a legitimate interest (answering inquiries; Art. 6 (1)(f) GDPR or Art. 31 (1) DSG) and consent (Art. 6 (1)(a) GDPR or Art. 31 (1) DSG).

You can withdraw this consent at any time. All you need is to send us an informal email to request this. The legality of the data processing operations carried out before the withdrawal remains unaffected by the withdrawal. The data you enter in the contact form will remain with us until you request us to delete it or revoke your consent to storage. Mandatory legal provisions - in particular retention periods - remain unaffected.

2.3 Chat

If you contact us using the chat function and either use the LiveChat function or leave us a message or request a call back, we will process the data you provide there (in particular email address, name, message) and IP address for the purpose of processing your request.

This is done on the basis of a legitimate interest (answering inquiries; Art. 6 (1)(f) GDPR or Art. 31 (1) DSG) and consent (Art. 6 (1)(a) GDPR or Art. 31 (1) DSG).

2.4 Creating a user account

If you create a user account, your data will be used to process your registration, to maintain your user account and for contract-related communication. This data is therefore processed on the basis of the fulfilment of the contract with you (Art. 6 (1)(b) GDPR or Art. 31 (2)(a) DSG). The website can only be used with a user account (Art. 47 VGS).

The ACB is legally obliged (Art. 48 VGS) to collect users’ personal data during registration. This includes, among others:

First and last name;
Gender;
Residence;
Date of birth;
Nationality; and
Email address.

Users are responsible for keeping their personal data up to date at all times. The user guarantees the accuracy of his information.

Players may be required to provide additional documentation for identification purposes or to authenticate information.

For this purpose, ACB may also request information from third-party databases (e.g. public registers, credit agencies). It is legally obliged to verify the information provided by users (Art. 49 VGS). This serves, among other things, to comply with legal obligations according to Art. 3 and 13 GwV-ESBK.

2.5 Money transactions

The ACB website (www.goldengrand.ch) offers the possibility of financial transactions. Depending on the payment method chosen by the user, it may be necessary to process different personal data. This data is forwarded to third parties, namely payment providers, to process transactions.

This data is used for the purpose of contract execution and is therefore processed on the basis of the fulfilment of the contract with you (Art. 6 (1)(b) GDPR or Art. 31 (2)(a) DSG).

2.6 Data processing within the framework of the security and social concept

ACB also processes personal data for the personal protection of users, especially if there are signs of possible addiction.

For the purpose of implementing measures to ensure safe and transparent gaming operations and to combat crime, money laundering and terrorist financing, as well as for the purposes of early detection and self-monitoring, we process your personal data and particularly sensitive personal data. In this context, we must in particular check and store information about your stake and the payout of winnings. As part of the relevant investigations, it may require the completion of a questionnaire or the submission of financial or tax documents. The data generated through the use of the gaming offer, including the profiling of gaming behaviour, are processed in order to identify problematic gaming behaviour and take the necessary actions. It have to be ensured that the user is not included in a register of persons banned from playing.

The data processing is based on the legal basis of the statutory obligation (Art. 6 (1)(c) GDPR or Art. 31 (1) DSG). The ACB is obliged by law (Art. 76 to 81 BGS and Art. 87 to 91 VGS) to take measures and impose gaming bans as soon as there is suspicion of excessive indebtedness or overly risky behaviour.

If there is no legal obligation, the processing is carried out on the basis of the legitimate interest in the responsible use of the services (Art. 6 (1)(f) GDPR or Art. 31 (1) DSG).

We also need to process the following personal data:

Nationality
Data on gaming behaviour
Data on financial transactions
Data on personal, professional and financial situation
Data on game suspensions (reason, start and duration of the game suspension)
Address

A Switzerland-wide register is kept of gambling bans. We collect the following data from you:

Name and first name
Date of birth
Nationality
Data on game suspensions
Address

As long as a ban exists, we are obliged to make this data available to other casinos or organizers of large-scale games and online games.

Your data may be passed on to authorities due to legal obligations.

2.7 User profile / Marketing

ACB processes information collected through cookies, log files, clear gifs and/or through the support of third parties in order to create user profiles and to offer individual or personalized offers accordingly.

A profile contains information about an individual user, such as preferences and activities on the website. Profiles are used, among other things, to personalize the experience on the websites and to carry out targeted advertising. For example, data is collected on the games played, stakes, winnings, services used, events attended, payment transactions and correspondence. This serves to optimize the service.

The user account settings can be changed individually. Depending on the settings, personal data may be used for marketing activities through various channels, such as email or instant messaging. The data processing is carried out on the basis of a legitimate interest (direct marketing; Art. 6 (1)(f) GDPR or Art. 31 (1) DSG).

The processing for marketing activities can be revoked or restricted by the user at any time.

ACB reserves the right to publish gambling data (e.g. game results), users' first name, first letter of surname and user's country of origin on its websites, as long as the player cannot be directly or indirectly identified by publishing this information. The publication serves to advertise the services offered.

2.8 Cookies

During your use or visit to our website, cookies or similar technologies such as pixels (hereinafter "cookies") are used. Cookies are small text files that are stored by your browser on your device to store certain information. The next time you visit using the same device, the information stored in cookies will be sent back either to our website (“first-party cookie”) or to another website to which the cookie belongs (“third-party cookie”). This allows the website to recognize that it has already been accessed with the browser of your device. This information is used to optimally design and display according to your preferences. Only the cookie itself is identified on your device and no further personal data is stored.

This data is stored on the basis of Art. 6 (1)(f) GDPR or Art. 31 (1) DSG. We have a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are treated separately in this Privacy Policy.

You can adjust the cookie settings in your browser yourself and, if necessary, generally prevent cookies from being accepted. Please note that a general deactivation of cookies may lead to functional restrictions on our website.

2.9 Web beacons

We may use web beacons on our website or in our emails. Tracking pixels are also called web beacons. Web beacons are small, usually invisible images that are automatically retrieved when you visit our website or open our emails.

What data do we process?

Web beacons can be used to record the same information as log files. In addition, movement profiles of the entire session can be collected. In particular, tracking pixels are used by third parties whose services we use. These third-party services are explained in detail below in this statement.

For what purpose do we process the data?

Web beacons are used by various tracking services to analyse the use of this website and for statistical evaluation and continuous improvement. In addition, tracking pixels can be used for email tracking.

Who do we transfer the data to?

The transfer of data by us is governed by our statements on data transfer. Please also note the information in this privacy policy regarding the individual tracking services.

How can you prevent data processing?

To prevent data processing using tracking pixels, you can install suitable browser extensions and block external graphics in your email program.

2.10 Server log files

The ACB hoster/Internet provider automatically collects and stores information in so-called server log files, which your browser automatically transmits. These are:

Browser type and version
Operating system used
Assigned URL
Hostname of the accessing computer
Time of server request
IP address

This data will not be merged with other data sources. The basis for data processing is Art. 6 (1)(f) GDPR or Art. 31 (1) DSG. ACB has a legitimate interest in the technically error-free presentation and optimization of the website – for this purpose, the server log files must be recorded.

2.11 Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. Ireland Limited (“Google”) or Google Analytics by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in the United States. If IP anonymisation is activated on this website your IP address will however be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.

The storage of Google Analytics cookies and the use of this analysis tool are based on Art. 6 (1)(a) GDPR (consent) or Art. 31 (1) DSG.

You have the right to revoke your consent at any time. You can prevent cookies from being saved by adjusting the technical settings of your browser software accordingly. We would like to point out that in this case, not all functions of this website may be fully available.

Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html or at https://www.google.de/intl/de/policies/

2.12 Fusedeck (Capture Media)

The tracking solution fusedeck from Capture Media AG (hereinafter “Capture Media”) is integrated into this website. Capture Media is a Swiss company based in Zurich that measures the use of this website in the context of engagements and events. Tracking is anonymous, so that no reference can be made to specific or identifiable persons.

Further information on data protection and the rights of data subjects in connection with fusedeck, including the opt-out option, can be found in the privacy policy and objection instructions.

https://privacy.fusedeck.net/de/Oj0h5LRw3E

2.13 Social media

The ACB is active on social media. The ACB offers recommendation buttons for the following social networks on this website: Facebook, Instagram and YouTube. These enable you to recommend selected content from our website to other Internet users via the respective social network and to add it to your personal profile. The recommendation buttons are provided by the social media service providers.

If you use the corresponding link, the social media service provider will learn about your visit to our website and your IP address, regardless of whether you have a corresponding account with the service. If you have a corresponding account and are logged in, the data can be assigned to your social media profile. We would like to point out that ACB, as the provider of the pages, has no knowledge of the content of the transmitted data or its use by the various providers.

We base this on the legal basis of consent in accordance with Art. 6 (1)(a) GDPR or Art. 31 (1) DSG, provided you have clicked on the icon.

We would like to point out that due to the embedding of social media links, it is possible that your data will be processed both in the EU/EEA and in countries without an adequate level of data protection. If we use such providers in unsafe countries, the transmission is based on Art. 49 (1)(a) GDPR or Art. 17 (1)(a) DSG.

Further information can be found in the individual data protection declarations.

For Facebook: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
For Instagram: https://instagram.com/about/legal/privacy/
For YouTube: https://policies.google.com/privacy?hl=en

2.14 YouTube

The ACB website offers videos from YouTube, a site operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. On YouTube, ACB shows you locally stored preview images of videos, so the third-party provider does not receive any information about you. The cookie only appears when you click on the preview image and the third-party content is loaded. The provider receives the information that you have accessed the ACB website as well as technically necessary usage data. ACB relies on the legal basis of consent in accordance with Art. 6 (1)(a) GDPR or Art. 31 (1) DSG, provided that you have clicked on the preview image of the video.

ACB has no influence on how the provider processes your data. You can find more information on the handling of user data in YouTube's Privacy Policy:

https://policies.google.com/privacy?hl=en

3 Advertising and Marketing

3.1 Google Marketing Platform

The online marketing tool Google Marketing Platform (“GMP”) uses cookies to display relevant ads to website visitors, improve campaign performance reports, or prevent a person from seeing the same ads multiple times. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed multiple times. In addition, GMP can use cookie IDs to track conversions, i.e. whether a person sees a GMP ad and later visits the advertiser's website and purchases something there. According to Google, GMP cookies do not contain any personal information.

Your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected through the use of this service by Google. According to Google, through the integration of GMP, Google receives the information that visitors have accessed the corresponding part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your respective user account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and store your IP address. When using GMP, personal data may also be transferred to Google's servers in the USA.

You can prevent the tracking process by making the appropriate setting in your browser software or by adjusting your settings for personalised advertising (https://myadcenter.google.com/personalizationoff?hl=de&sasb=true&ref=ad-settings).

For more information about the Google Marketing Platform, visit https://marketingplatform.google.com/about/.

3.2 Google Ads

Our website uses Google Conversion Tracking. If you have reached one of our websites via an ad placed by Google, Google Ads will place a cookie on your computer or mobile device. These cookies expire after 30 days and are not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, we and Google can recognize that you clicked on the ad and were redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across the websites of Ads customers. The information collected using the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. We learn the total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.

Further information on the purpose and scope of data collection and processing as well as further information on your rights and setting options for protecting your privacy can be obtained from: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. https://policies.google.com/?hl=en

3.3 Meta (Facebook) Business Tools / Conversion API

Our website uses the Facebook Conversion API, a server-side event tracking tool. For a detailed description of how the Conversions API works, see: https://www.facebook.com/business/help/2041148702652965?id=818859032317965.

The service provider is the American company Meta Platforms Inc. The company Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European area.

User data is collected in strict compliance with the “Conversions API Best Practices” of the Meta Business Help Centre (https://www.facebook.com/business/help/308855623839366?id=818859032317965), the Meta Business Tools Privacy and Data Protection Best Practices (https://de-de.facebook.com/business/help/363303621411154?id=818859032317965), the Facebook Business Tools Terms of Use (https://www.facebook.com/legal/terms/businesstools), the Data Processing Policy (https://www.facebook.com/legal/terms/dataprocessing) and the Cookie Consent Resource (https://developers.facebook.com/docs/app-events/cookies?locale=de_DE). Personal data such as websites visited, device information, IP addresses, email addresses and telephone numbers may be collected.

Using the Facebook Conversion API data interface, we can record the behaviour of website visitors more accurately and forward it to Facebook for evaluation. This allows us to optimize our ads on Facebook. We adhere to the legal regulations when using the Facebook Conversion API.

Facebook also processes your data in the USA, among other places, which means that page operators can transfer personal data to a company in a third country outside the EU via the Conversion API. The standard contractual clauses allow data transfer to the USA temporarily in compliance with data protection regulations. These clauses are based on an implementing decision of the EU Commission. The decision and the corresponding standard contractual clauses can be found at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The Facebook data processing conditions corresponding to the standard contractual clauses can be found at https://www.facebook.com/legal/terms/dataprocessing.

For more information about the data processed through the use of the Facebook Conversions API, please see Facebook’s privacy policy (https://www.facebook.com/privacy/policy/).

3.4 Meta (Facebook) Custom Audience (Facebook Pixel)

Our website uses the visitor action pixel from Facebook, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) to measure conversions.

This makes it possible to track the behaviour of site visitors after they have been redirected to the provider's corresponding website by clicking on a Facebook ad. This allows the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The data collected is anonymous to us as the operators of these websites; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy. This allows Facebook to place advertisements both on Facebook pages and outside of Facebook. We as website operators have no influence on this use of data.

You can find more information on protecting your privacy in Facebook's data protection information (https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0).

You can also deactivate the “Custom Audiences” remarketing function in the advertising settings field (https://www.facebook.com/help/109378269482053/?helpref=hc_fnav). To do this you must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance (https://www.youronlinechoices.com/ch-de/praferenzmanagement).

3.5 Microsoft (Bing) Ads

We use Microsoft Ads to specifically advertise our offering on the Bing search engine or in the Microsoft Advertising Network. Bing Ads is a service provided by Microsoft Ireland Operations Limited in Ireland and the American Microsoft Corporation. Cookies are also used when using Microsoft Ads.

With this advertising we would particularly like to address people who are interested in our online offering or who already use our online offering. For this purpose, we transmit corresponding information – possibly also personal information – to Microsoft (remarketing). We can also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking).

Further information about the type, scope and purpose of data processing can be found in Microsoft’s privacy policy https://privacy.microsoft.com/en-gb/privacystatement. It is also possible to object to personalized advertising (https://account.microsoft.com/privacy/ad-settings/signedout?ru=https%3A%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings).

4 DATA STORAGE

The data will only be stored for as long as it is necessary to fulfil the purpose, the contractual relationship continues or you withdraw your consent or request us to erase it. Statutory retention periods apply. We have a legitimate interest in processing contact data in accordance with legal requirements, for internal review or in accordance with the respective communication request. By providing your information, you give permission for the data required for invoicing to be forwarded to both the institution issuing the invoice and the institution responsible for any debt collection or, in the event of a legal dispute, to the lawyer involved and the responsible state authorities.

We are legally obliged to retain data, in particular data processed for bookkeeping and accounting purposes, as well as to combat money laundering and terrorist financing, for at least 10 years. The data will then be deleted or anonymized so that it can no longer be linked to the person, unless there are statutory retention periods to the contrary or ACB must continue to retain the data on the basis of another legal basis or an overriding interest of its own.

5 DISCLOSURE OF PERSONAL DATA

If we are legally obliged to do so, we will pass on your data to various authorities (e.g. supervisory authorities such as ESBK, police or public prosecutors, etc.).

For the purpose of fulfilling our legal obligations, protecting players and combating crime and money laundering, we forward the following data to the supervisory authorities:

Registration data
Data on gaming behaviour
Data on financial transactions
Data on personal, professional and financial situation
Data on game suspensions.

We also engage external service providers for the purpose of gaming operations.

ACB works with the data processors listed below. These are companies that, on behalf of ACB and in accordance with contractual instructions, process personal data for the provision of services:

Platform providers
Game providers;
IT companies for technical support;
Payment service providers;
Address verification service providers
Companies that offer services for the detection and combating of criminal or illegal activities of any kind; and
Companies in the marketing/sales sector (e.g. communications and advertising agencies).

The data will only be passed on for the purposes for which the data was collected, for example to fulfil contractual obligations.

We select our service providers carefully and ensure that they only process the data in the same way that we would be allowed to do so ourselves. You are also obliged not to process the data for your own purposes or to pass it on to unauthorized third parties.

5.1 Third-party games on the ACB websites

As part of the ACB services, games may be provided by third parties. In this regard, the data protection provisions of the relevant third-party provider apply.

5.2 Transfer of personal data

The processing of personal data preferably takes place within Switzerland, the European Union (EU) and the European Economic Area (EEA). A data centre in Switzerland and a data centre in the EU are primarily used to process personal data. In cases where it is necessary to transfer personal data outside Switzerland or the EU/EEA, e.g. for the transfer of personal data to a data processor (or its subcontractors) in a country outside Switzerland or the EU/EEA, the necessary and appropriate legal, technical and organizational measures will be taken to ensure that the level of protection corresponds to that in Switzerland. If we use such providers in unsafe countries, the transmission is based in particular on Art. 46 (1)(c) GDPR or Art. 16 (2)(d) DSG or Art. 17 (1)(a) DSG or Art. 49 (1)(a) GDPR. Other appropriate safeguards include approved codes of conduct in the recipient country and the application of internal binding company policies.

6 DATA SECURITY

Access to the ACB website is at your own risk and responsibility. ACB makes every effort to ensure secure operation of the website and to protect it from unauthorized access and unauthorized processing of data. However, defects such as data loss or data corruption, virus infection, operational interruption, etc. cannot be completely ruled out.

To protect personal data when communicating with the web browser, ACB uses the encryption technology of a trusted certification company. In addition, online transactions are protected by the security system of a globally accredited partner. In addition, all player data is protected from unauthorized access by firewall and intrusion prevention systems.

ACB accepts no liability for damages or consequential damages resulting from the use of the website or individual parts thereof (such as downloaded documents), their use (or the inability to access them) or links to other websites.

The following measures are taken, among others: (1) the greatest possible restriction of the group of persons who are authorized to access personal data; (2) the restriction of the possibilities for those authorized to make changes; and (3) technical obstacles to violations, including encryption during transmission and storage, firewalls, strict password requirements and alarm functions with notification of attempted violations. If possible, the data will be pseudonymized to protect privacy as best as possible.

7 AUTOMATED INDIVIDUAL DECISION-MAKING

We do not carry out automated decision-making in individual cases in accordance with Art. 22 GDPR or automated individual decision-making in accordance with Art. 21 DSG.

8 UPDATES AND CHANGES

In case of differences between different language versions, the German version shall prevail. Due to further development of the website or due to changed legal requirements, it may become necessary to change this data protection declaration. We reserve the right to adapt the data protection declaration at any time in compliance with current legal requirements.