Privacy Policy of Grand Casino Kursaal Bern AG
1. Our company
Thank you for visiting our website www.grandcasino-bern.ch. This website is operated by Grand Casino Kursaal Bern AG (hereinafter referred to as “GCKB”, “us”, “we”), a gambling firm headquartered in Bern.
We have a licence to operate a casino in Switzerland (licence No. [516-005/03]) as well as an addition licence (No. [516-005/03-01]) to operate an online gambling platform in accordance with the applicable Swiss Gambling Act.
Our online casino services are not included in this Privacy Policy. If you are interested in our online casino games, we kindly request that you consult the Privacy Policy of our online casino.
2. Principles
By using our website and services, you provide us with personal data. In this Privacy Policy, we will inform you which personal data we process when you visit the Grand Casino Bern or our website www.grandcasino-bern.ch, and in what ways and for what purposes we process this data. Moreover, this Privacy Policy provides you with information about your rights as the subject of our data processing. For this reason, we kindly ask that you carefully read this Privacy Policy.
3. Contact information
The organisation responsible for data processing is Grand Casino Kursaal Bern AG, Kornhausstrasse 3, 3000 Bern 22. If you have any questions or concerns regarding data protection or if you want to assert any of your rights as the data subject, we are happy to help. Please do not hesitate to contact us.
Your contact person for all matters related to data protection is:
Grand Casino Kursaal Bern AG
Mathias Moser
Kornhausstrasse 3
3000 Bern 22
[email protected]
4. Legal foundation
As casino operators, we are obligated to comply with the relevant legal provisions. When processing your personal data, we must comply with the following laws and ordinances, in particular:
- Swiss Gambling Act (Geldspielgesetz – BGS)
- Swiss Gambling Ordinance (Geldspielverordnung – VGS)
- The Swiss Federal Department of Justice and Police (FDJP) Gambling Ordinance (Spielbankenverordnung des Eidgenössischen Justiz- und Polizeidepartements (EJPD) – SPBV-EJPD)
- Anti-Money Laundering Act (Geldwäschereigesetz – GwG)
- Anti-Money Laundering Ordinance (Geldwäschereiverordnung EJPD – GwV-EJPD)
- Ordinance of the Swiss Federal Gaming Board (FGB) on the Diligence of Casinos in Combating Money Laundering and the Financing of Terrorism (Anti-FGB-Money Laundering Ordinance; Geldwäschereiverordnung der Eidgenössischen Spielbankenkommission (ESBK) – GwV-ESBK)
- Data Protection Act (Bundesgesetz über den Datenschutz – DSG)
- Ordinance to the Federal Act on Data Protection (Verordnung zum Bundesgesetz über den Datenschutz – VDSG)
- Swiss Code of Obligations (Obligationenrecht – OR)
- Swiss Telecommunications Act (Fernmeldegesetz – FMG)
- Federal Act on Unfair Competition (Bundesgesetz gegen den unlauteren Wettbewerb – UWG)
You can find the latest versions of the legal foundation for the operation of casinos at the following website (available in German, French and Italian): www.esbk.admin.ch/esbk/de/home/rechtsgrundlagen/gesetzgebung.html
5. Processing personal data
5.1 Definitions
- Personal data is information relating to a specific or identifiable person. An “identifiable person” is a person who can be identified based on additional information regarding their identity.
- “Sensitive personal data” is data on an individual’s religious, ideological or political beliefs or activities; membership in any trade unions; an individual’s health, private sphere, race or ethnic background; receipt of any social assistance; administrative or criminal proceedings and sanctions. Furthermore, genetic and biometric data that can be used to unequivocally identify an individual are also considered to be sensitive personal data.
- “Processing” is understood to refer to any handling of personal data, regardless of the means and procedures used.
5.2 Processing principles
We attach great importance to ensuring that we comply with the principles of data protection. For this reason, we only process your personal data to the extent and manner permissible by law.
This means, among other things, that we only process your personal data for the purposes that are legally prescribed and about which we have transparently informed you or which are clear to you at the time of provision of data. Moreover, your personal data will only be processed to the extent necessary, in a confidential manner, and by authorised persons.
Unless we are required to process any personal data as the result of legal obligations or because we have an overriding interest in the processing of this data, we will obtain your consent before we process your personal data.
5.3 Collection and processing of personal data
5.3.1 Identification
We are legally obligated to identify you when you enter the casino and before you begin playing any casino games on the basis of a valid proof of identity that was issued by an official authority (e.g. passport, ID, driving licence). We will make a copy of the proof of identity that we are presented with and will keep this copy for our records.
5.3.2 Customer loyalty cards
With your written permission, we will collect your personal data in conjunction with our customer loyalty cards (Bonus Club programme). We process the following data for this purpose:
- First and last name
- Date of birth
- Address
- Mobile phone number (optional)
- E-mail address
- Information about your gambling habits (e.g. visits, levels, points, etc.)
5.3.3 Social responsibility policy
We process your personal data within the context of the legally prescribed measures for social and player protection as well as to implement and execute gambling suspensions. The purpose of this data processing includes, in particular, gathering information, early detection, self-control and gambling restriction. For this purpose, we also process the following personal data:
- Nationality
- Data on your gambling habits
- Data on financial transactions
- Data on your personal, professional and financial situation
- Data on gambling suspensions (reason, start date and duration of the gambling suspension)
A Switzerland-wide registry is maintained for the execution of gambling suspensions. We will enter the following data in this registry:
- First and last name
- Date of birth
- Nationality
- Data on gambling suspensions
As long as there is a gambling suspension in place, we are obligated to make this data available to other casinos or other operators of games of chance and online gambling platforms.
5.3.4 Security concept
We are legally obligated to implement a security concept. We also process your personal data within this context. This includes, among other things, that we introduce measures that guarantee secure, transparent casino operation and prevent criminality, money laundering and terrorist financing. For the purpose of implementing these measures, we are entitled to process your personal data and sensitive personal data. In this context, we are obligated to review and store information on your bet amounts as well as the winnings disbursed at the casino. Moreover, on the basis of legal obligations, your data may be transferred to the relevant authorities. In this context, we are also authorised to issue gambling suspensions.
We are legally obligated to continuously monitor the following rooms and processes here at the casino by means of a camera surveillance system:
- The entrance area of the casino
- The gambling rooms of the casino
- The casino cash desk area
- Rooms in which money, chips/tokens and equipment for the games is kept, stored, transported or counted
- Game tables
- Transactions at the casino cash desk
- Counting of money, chips/tokens and tips
- Transactions involving money and chips/tokens moving between automated games (slots), game tables, tip jars, cash desks, payout machines and the vaults
Every game table is recorded by our camera surveillance system. The system may also be equipped to record audio. We do this in order to prevent any unauthorised actions or to identify such actions early on. Criminal offences will be recorded and the Swiss Federal Gaming Board (FGB) will be notified.
We are obligated to inform you of the fact that you are being recorded by our camera surveillance system when you enter any of these rooms or spend any time in any of these locations. All the above-mentioned camera recordings are monitored by employees in our camera surveillance room.
The recordings will be saved in a suitable format and stored securely for at least 28 days on the premises on our own internal servers. The only persons who have access to the camera recordings are those who require this access in order to carry out their work.
5.3.5 Marketing, communication and customer support
We process data that you provide to us orally, in writing or electronically, or data that is publicly available in order to create profiles. This applies, in particular, to data that you disclose during registration as well as data that arises during your use of our casino games. If you are a Bonus Club member, we also process your data in terms of your gambling behaviour as well as your payment and transaction data.
We may contact you by phone, mail or e-mail for marketing and support purposes. This happens, for example, when we provide you with information about the games and services we offer, as well as about the availability and security of the games we offer.
We will process your personal data in order to provide you with tailored information about our offers and services for marketing purposes, provided that you do not object to this processing. Furthermore, we will also send you marketing information via e-mail when you disclose your e-mail address during registration and if you have not objected to receiving marketing e-mails.
If you are not interested in receiving any marketing information from us, you can notify us of this by sending a message to the contact address specified under section 3 or to our customer service team. Moreover, every marketing e-mail contains a link that you can click on to remove your e-mail address from our marketing e-mail list.
Related communication may be recorded for training purposes, for quality assurance or for evidentiary purposes.
5.3.6 Profiling and automated decision-making
We process your personal data, in part automatically, with the goal of evaluating certain personal aspects (profiling). We mainly use profiling in order to meet our legal obligations in combination with our social responsibility policy and the fight against money laundering. We also automatically evaluate your data to inform you about and advise you on our products in a targeted manner. To do this, we use evaluation tools that allow for responsive communication and advertising, including market and opinion research.
In order to comply with legal requirements, we automatically process personal data from users every time they register with us and log in to our website or enter our casino. We use this information to determine whether you are authorised to gamble at this point in time.
5.4 Use of our website
5.4.1 Accessing our website
When you visit our website, www.grandcasino-bern.ch, we receive data such as your IP address. This data provides us with information, in particular, about the end device that you are using to access our website, which browser you are using, and what time you accessed our website. This information helps us to evaluate the attractiveness of our website and to continually improve the content of our website and make it more interesting to our target users.
The provider of our website automatically collects and saves information in what are known as “server log files”, which your browser automatically transfers to us.
5.4.2 Cookies
Cookies are small text files that a web server places on your computer or mobile device when you use our website. Among many other things, cookies help us to make your visit to our website easier, more convenient and more useful for you. Cookies are information files that your web browser automatically saves on the hard drive of your computer when you access our website.
For example, we use cookies to temporarily save the services you have selected and the entries you have made when filling in a form on the website so that you do not have to enter this information a second time when accessing a different subpage. Once you have registered on the website, cookies may also be used to identify you as a registered user so that you do not have to log in again when accessing a different subpage of the website.
Most web browsers accept cookies automatically. However, you can configure your browser so that no cookies are saved to your computer or so that you are always shown a notification whenever you receive new cookies. The corresponding support websites of the most common web browsers (Microsoft Internet Explorer, Firefox, Google Chrome, Apple Safari, etc.) contain information about the different configurations.
If you deactivate cookies, you may not be able to use all of the functions of our website.
5.4.3 Tracking tools
We use tracking technology for the purpose of ensuring user-friendly design and allowing for continuous optimisation. We use the web analytics service from Google Analytics. In this context, pseudonymised user profiles are created and small text files that are saved on your computer (cookies) are used. The information about your use of this website generated by the cookies is sent to the host’s server, stored there and prepared for us. We may receive the following information:
- The path that a user took to access the website
- The amount of time a user spent on the website or one of its pages
- The page from which the user left the website
- The country, region or city where the user accessed the website
- The end device (type, version, colour depth, resolution, width and height of the browser window)
- Whether the user is a repeat visitor or visiting the website for the first time
This information is used to evaluate the use of the website, to compile reports on website activity, and to provide additional services connected with the use of the website and the Internet in general for the purposes of market research and user-friendly design of this website. This information may also be transferred to third parties as long as this is legally required or as long as these third parties process this data on our behalf.
No IP addresses from the member states of the European Union (EU) or in other states that are party to the Agreement on the European Economic Area (EEA) are affected by the tracking tools that GCKB uses on its website.
The provider of Google Analytics is Google LLC, a company of the holding company Alphabet Inc., headquartered in the US. Before the data is transferred to the provider, the IP address is truncated through the activation of IP anonymisation (“anonymizeIP”). The anonymised IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data. The full IP address will only be transmitted to a Google server in the US and truncated there in exceptional cases. In these cases, we ensure on the basis of contractual guarantees that Google LLC maintains a sufficiently high level of data protection. According to Google LLC, the IP address is never combined with any other data concerning the user.
For more information about the web analytics service used, please refer to the Google Analytics website. For instructions on how to prevent your data from being processed by the web analytics service, click here: http://tools.google.com/dlpage/gaoptout?hl=en.
GCKB also uses the Facebook pixel on its website. The Facebook pixel is operated by the social network Facebook, which belongs to Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as “Facebook”).
The Facebook pixel allows Facebook to define visitors to our website as a target group to be shown certain ads (Facebook ads). Correspondingly, we use the Facebook pixel to show the ads we run on Facebook only to those Facebook users that have shown an interest in our offers on our website, or who demonstrate certain characteristics (e.g. are interested in certain topics or products that can be determined based on the websites these users access) that we specify to Facebook (custom audiences). Furthermore, with the Facebook pixel, we can determine the effectiveness of our Facebook advertisements for statistical and market-research purposes by seeing whether users are transferred to our website after clicking on a Facebook ad (conversion).
For more information about Facebook and the Facebook pixel, please refer to the Facebook website and, in particular, to Facebook’s Data Policy: https://en-gb.facebook.com/business/learn/lessons/overview-of-how-facebook-pixels-work?ref=ahc_lwe#
5.4.4 Social-media plug-ins
We use social-media plug-ins on our website. The plug-ins can be identified by the logo of the respective social network. The plug-ins used are set up with what is referred to as “two-click activation”. This means that the plug-ins are only activated when you click on the icon of the provider. When you access a page on our website that contains an active plug-in, the browser connects directly to the servers of the provider. The content of the plug-in is directly communicated to your browser and integrated into the page by the respective provider. The integration of plug-ins on our website means that certain information is transferred to third-party providers and stored by them. If you are not registered with the respective social network, there is still a chance that this social network could obtain your IP address via the social-media plug-in and save it on their servers. If you are logged in to one of the social networks when you visit our website, third-party providers can directly associate your visit to our website with your personal social-media profile. When you interact with the plug-ins, for example by clicking the “Like”, “+1”, “Tweet” or “Share” button, the corresponding information is also directly transferred to a server of the third-party provider and stored there. Furthermore, this information will be published on your social-media profile and shown to your contacts there. For information on the purpose and scope of the data collection and further processing and utilisation of the data by the third-party providers as well as information on your rights in this regard and your configuration options for protecting your privacy, please refer to the privacy policies of the respective third-party providers. If you would like to prevent Google, Facebook, Twitter or Instagram from associating the data collected via our website with your personal profile on the respective social network, you must log out of the corresponding social network before accessing our website. You can also use specialised add-ons for your browser to completely prevent plug-ins from loading, for example NoScript (http://noscript.net) or Ghostery (www.ghostery.com).
5.4.5 Social networks
You can visit us on our Facebook page “Grand Casino Bern”. Together with Facebook, we are responsible for data processing on our Facebook page. For further information on how Facebook processes your data, click here: www.facebook.com/legal/terms/information_about_page_insights_data
5.5 Online shop
When you place orders in our online shop, we require the following data:
- First name
- Last name
- E-mail address
- Billing address
- Shipping address
- Information about your preferred payment method
We will only use this information to complete your order. If you create a user account, you have the option to change or delete the data in your user account at any time.
5.6 Table reservations
You can reserve a table online at www.grandcasino-bern.ch. For table reservations, we require and process the following data:
- First name
- Last name
- Phone number
5.7 Contact form
You have the option of using a contact form in order to get in touch with us. We require the following mandatory information for this purpose:
- Salutation
- First and last name
- Address
- E-mail address
- Your message
We will only use this information as well as the telephone number that you voluntarily disclose to respond to your enquiry individually and in the best possible way.
5.8 Newsletter
You have the option to subscribe to our newsletter. We require the following information for this purpose:
- Salutation
- First and last name
- Address (optional)
- Date of birth
- E-mail address
If you are not interested in receiving any marketing information from us, you can notify us of this by sending a message to the contact address specified above or to our customer service team. Moreover, every marketing e-mail contains a link that you can click on to remove your e-mail address from our marketing e-mail list.
6. Data transfer
We will only transfer your data to any third parties in the event that we are legally obligated to do so. For example, we will share your data with the following authorities provided the legal requirements for such transfer of data are met:
- Supervisory authorities (e.g. the Swiss Federal Data Protection and Information Commissioner or the Swiss Federal Gaming Board)
- Police and public prosecutors’ offices
- Courts
- Etc.
To comply with our legal obligations, to protect gamblers from excessive gambling, and to combat criminality and money laundering, we will transfer the following data, in particular, to the supervisory authorities:
- Registration data
- Data on your gambling habits
- Data on financial transactions
- Data on your personal, professional and financial situation
- Data on gambling suspensions. In the event of a gambling suspension, we are also legally obligated to share this data with other casinos. This is done via a central database.
Moreover, we involve external service providers within the context of use of our website and app, the processing of contracts, or for the purpose of operating the casino.
In this regard, we share your personal data with the following categories of service providers, in particular:
- IT service providers
- Marketing service providers
- Etc.
When involving external service providers (processors), we ensure by means of a contract that our service providers offer suitable safeguards in terms of the security and protection of personal data, and that they will only process the data for the purposes that we specify and within the scope and in the manner in which we are permitted to process said data.
When you pay by credit card, either in the casino or on our website, we transfer your credit card information to your credit card issuer and to the credit card acquirer. When you choose to pay by credit card, you will be asked to enter all of the mandatory information. In terms of the processing of your credit card information, we kindly ask that you read the General Terms and Conditions and the Privacy Policy of your credit card issuer.
If data transfer is not required on the basis of a legal foundation or it occurs within the context of order processing, we will only share your data if you have authorised us to do so.
7. Data transfer outside of Switzerland
We may also transfer your data to third parties (contracted service providers) outside of Switzerland for the purpose of data processing as described in this Privacy Policy. These third parties are obligated to protect your data to the same extent that we are. If we transfer data to a country without a suitable legal data protection law in place, we ensure by means of a contract (e.g. through standard contract clauses) that your personal data is protected to the same extent as in Switzerland.
8. Retention period
We process and store your personal data for as long as necessary in order to comply with our contractual and legal obligations, for evidentiary purposes, or for the fulfilment of the purposes of data processing specified by us or as evident from the relevant circumstances.
For example, we are legally obligated to store data for the purpose of combatting money laundering and terrorist financing as well as for bookkeeping and accounting purposes for a minimum period of 10 years. Data concerning gambling suspensions is stored as long as the gambling suspension is in place and then deleted or destroyed after five years, as long as there are no additional reasons for a gambling suspension. In this case, the data will be stored until the expiration of the licence.
9. Your rights
You have the right to request information from us as to what personal data we are processing. Moreover, you have the right to have incorrect or unnecessary data corrected, deleted or destroyed. However, we may refuse to correct, delete or destroy data on the basis of legal obligations or because we have an overriding interest in continuing to process the data in its current state. This applies, in particular, when we need to store data for longer periods of time for legal or contractual reasons, or for evidentiary purposes. You may revoke your consent to the processing of your personal data for marketing purposes, for example. You may assert your desire to exercise your rights by contacting the person specified under section 3 and addressing your concerns pertaining to data protection to this contact person. Please include a copy of your valid official proof of identity with this message so that we can ensure that your information does not end up in the hands of unauthorised third parties.
10. Data security
We have designed and protect our IT system using suitable technical and organisational measures to ensure that we can provide you with our services while guaranteeing the confidentiality, integrity and availability of your data (information security). To achieve this, we have created internal information security concepts in which the following points, in particular, are regulated: control of employee access (authorisation, monitoring, management) to the IT systems, data protection (backups, archiving) and network security (reliable networks, encryption, password protection, connection of third-party companies, Internet access).
11. Certifications
GCKB is certified in accordance with the registered quality guarantee mark GoodPriv@cy®, which is issued by SQS. There is an annual audit to check that standards are being maintained and a recertification audit every three years. Our information security management system (ISMS) is certified in accordance with ISO 27001.
12. Amendments to this Privacy Policy
We reserve the right to make changes to this Privacy Policy at any time without prior notice. The most current version of the Privacy Policy, which is published on our website, www.grandcasino-bern.ch, applies.
In the event of any discrepancies between different translated versions of this Privacy Policy, the German version is binding.