PASINO.ch prioritises players’ privacy and the protection of their personal data. When a player plays on PASINO.ch, they must be able to do so safely.
Casino du Lac Meyrin SA (hereinafter referred to as “Casino du Lac” or “the operator”) wishes to provide users (hereinafter referred to as “player”) with a secure, customised and socially responsible online gambling offer. To provide this offer and services related to it on the PASINO.ch website (hereinafter referred to as “the gambling platform”), the operator shall process players’ personal data. The operator undertakes to protect players’ privacy and personal data.
The operator shall act in accordance with Swiss legislation, including laws and regulations on data protection, and in particular the Federal Law on the Protection of Data (LPD). The operator is furthermore certified by the ISO/IEC 27001:2013 standard for Information Security Management.
1.1 Entity responsible for data processing
Casino du Lac is responsible for collecting and processing personal data. Players may contact the Casino du Lac customer service for any questions regarding data protection, via the following channels:
- Post: Casino du Lac, Online gambling customer service, Route de Pré-Bois 20, 1215 Geneva 15, Switzerland
- Email: [email protected]
- Integrated Website Chat
1.3 Legal and regulatory bases for the processing and transfer of data
The following Swiss laws and regulations apply to Swiss casinos that hold a licence; they also provide for the collecting and processing of players’ personal data:
- The Gambling Act
- The Ordinance of Money Games
- The Federal Department of Justice and Police decree on gambling houses (DFJP, OMJ-DFJP)
- The Federal Act on Combating Money Laundering and Terrorist Financing (Anti-Money Laundering Act, AMLA)
- The Ordinance of the Federal Gaming Board of 12 November 2018 on the Diligence of Casinos in Combating Money Laundering and the Financing of Terrorism (AMLO-FGB)
The following data are processed by the operator, which is legally obliged to communicate such data to the supervisory authority:
- Data collected when players register on line.
- Data on players’ gambling habits and financial transactions.
- Data on players’ personal, professional and financial situation.
- Data on gambling restrictions imposed on or requested by players.
Players’ data are transferred to the supervisory authority through a data recording system located in Switzerland in an anonymised format. Data is stored for the period indicated in paragraph 5.
2.1 Data supplied by the player to the operator
In creating a player account, the player provides personal data to the operator.
When opening a player account, the player indicates their first name(s), surname, data of birth, gender and nationality, as well as their address (street, postcode, town, country).
A copy of an official identity document with photograph (passport, identity card) will be asked of the player to validated their player account. A proof of address (e.g. a bank/post-office account or an electricity, water or landline telephone bill) may also be asked for the same purpose. These documents are used to check the supplied personal data and contact detail.
The personal data supplied by the player are collected by the operator for the management of the gambling platform, in particular for the processing of transactions and payments.
The player also provides data to the operator in the following cases: contacting the operator, or participating in events organised by the latter.
By virtue of its legal obligations with regard to the prevention of money-laundering and the financing of terrorism, and with regard to protecting players against excessive gambling, the operator is entitled to request information and documents from the player concerning their income and/or capital, as well as tax documents.
2.2 Other sources of data collected by the operator
In addition to data supplied directly by the player, personal data can also be collected and updated via third-parties (public registers, credit bureaus, or subcontractors). This concerns the following personal data:
- Identification data (in particular surname, first name, date of birth and address), to check the accuracy of data provided by the player.
- Gambling providers’ data on the player's gambling habits (including segmented data, profile data and information on any fraud committed or other violations of applicable rules).
- Data that the operator is legally obliged to check, for example concerning politically exposed persons in terms of the law on the prevention of money-laundering and the financing of terrorism.
- Data that are relevant for combating crime, inadequate behaviour towards other players or the operator, or fraud; this includes relevant data for assessing the risk of fraud and for ascertaining possible fraudulent behaviour in the past, by means of checking devices that are connected to the Internet.
2.3 Data generated when the player uses the gambling platform
Data regarding the player’s way of using the gambling platform (for example, games that they have played, amounts betted by the player, amounts won by the player, services used, special offers used, events that they have attended, payment transactions performed by/to external payment system providers, and correspondence between the player and the operator) are processed and stored by the operator.
In so far as it its required by law, by contractual commitments made by the operator, or by the latter’s legitimate interests, the operator shall collect and process players’ personal data. An overview of the purposes for which the operator collects and processes personal data is shown in the table below.
The table does not indicate cases where data processing pertains directly to the conclusion or execution of a contract between the player and the operator.
|Opening a player account
|The opening of a player account, which is necessary in order to access the gabling offer, cannot be done without processing these data.
|Ordinance of Money Games Art. 47: Player account - Any person who wishes to access an online gambling offer must have a player account with the operator.
|Authentication of the supplied ID
|The identity document provided by the player is transferred to Jumio. This company verifies the authenticity of identity documents.
|Compliance with the legal obligation to check the identity of player-account holders (Ordinance of Money Games Art. 49, paragraph 1).
|Checking with credit bureaus any information supplied by the player when opening an account, to verify if the player exists and whether their address or regular place of residence is in Switzerland. For the same reason, a copy is required of an official identity document or an electricity, water or landline telephone bill.
|Compliance with the legal obligations stipulated in the Ordinance of Money Games Art. 47 – It is necessary to collect and process personal data to enable the operator to fulfil their legal obligations in terms of checking.
|Management of the gambling offer and players’ data
|Processing is required in order to offer the player personalised content on the gambling platform, as well as specific or promotional offers.
|Compliance with the legal requirements stipulated in AMLO-FGB Art. 3 and 13.
|Quality customer service
|Using information provided by the player to resolve issues, investigating and answering complaints regarding the gambling platform, and offering customer support by instant messaging, electronic mail and telephone. Recording of conversations with customers to ensure the quality of the customer service, and for training purposes, to improve and develop the customer service.
See introductory comment.
In the event of contact with persons who are not customers, processing is necessary in order to meet the interests of the operator and of players in resolving an issue.
|Preventing the inappropriate use of the gambling platform and any damage to the operator and/or players. Possible investigations
The prevention and suppression of fraud, illicit attempts to log in to players’ accounts, and other prohibited acts require the processing of players’ personal data.
Providing a secure gambling offer, improving and developing the IT environment of the operator, and protecting the player and their player account against attacks and intrusions, also justify such processing.
|When processing is not necessary to fulfil the agreement between the player and the operator, it can be justified by the legitimate interest of preventing misuse of the gambling platform and violations against the operator and/or players.
The operator shall process personal data when the player uses the following features and offers: features and services of the operator that enable the player to make informed decisions regarding their gambling habits (for example limiting bets, temporarily stop playing, and reminders regarding their gambling activities).
The operator may also require the player to fill in a questionnaire and/or self-check, and/or to provide financial and/or tax documents, to assess their gambling attitude. The operator shall also process data generated by the use of the gambling offer, including for the profiling of gambling habits, in order to detect, combat and prevent problematic gambling behaviour.
Data processing also serves to ensure that the player is not registered on a list of people covered by a ban, and to suspend gamblers who request it. The operator is obliged by law to suspend a gambler if there is cause to believe that the latter is over-indebted, does not honour their financial obligations, or is placing bets that are disproportionate to their income and capital.
The operator shall process data in anonymised format in order to evaluate the efficiency of its social measures and to further research on the prevention of addictions.
Compliance with legal obligations as stipulated in Gambling Act Art. 76 to 81, and Gambling Act Art. 87 to 91.
Where there is no legal obligation, processing shall correspond to a legitimate interest of the operator for the reasonable use of its services.
|Organising promotional offers, events, operations, competitions and tournaments, including trips and award ceremonies.
|The player may be invited to participate in promotional offers, competitions, tournaments and events organised by the operator. In this case, for organisational purposes, relevant personal data may be processed.
|See introductory comment.
|Promoting the gambling offer
|The promotion of products, services, special offers, “profiling” for the purpose of proposing offers to players, and personalised marketing offers justify processing. The player may at all times refuse to receive personalised offers generated by profiling, and choose through which communication channels they want to receive such offers, by using the personalised marketing settings in their player account.
|The legitimate interest of promoting the gambling offer, and different events organised or sponsored by the operator.
|The operator communicates with the player through various communication channels: electronic mail, mobile phone, notifications on the gambling platform, messages in the player’s inbox on the gambling platform, etc. The operator may send messages containing information on the operator, the availability and security of the gambling offer, reminders and marketing notices from the operator and its commercial partners. Players may change their communication settings at all times, subject to service notices from the operator containing information on the customer, security instructions and legal information from which players cannot unsubscribe.
Contract compliance – Certain communications are indispensable for the operator to perform its contractual obligations, such as the obligation to provide information on security and legal questions.
The legitimate interest of sending information on the operator, its products and services, and its promotional offers.
|Development of the gambling offer, surveys, sales analyses, and statistical calculations
The development and improvement of the gambling offer, and providing a user-friendly gambling experience require processing.
In particular, the way in which the gambling offer is used by the player is analysed by the operator for improvement and development purposes.
|Legitimate interest in view of improving and developing the operator’s business, in particular the gambling offer, and providing players with a user-friendly gambling experience.
|List of people banned from gambling
The personal data of a player who requests to be excluded or who must be banned from gambling are recorded in a national register.
This register must be checked each time a player attempts to access the gambling offer.
|Compliance with legal obligations in terms of due diligence as stipulated in Gambling Act Art. 76 to 82 and Gambling Act Art. 87 to 91.
|Compliance with the operator’s legal obligations in general
To comply with its legal obligations (those stemming from case law and decisions by public authorities), including laws on security guarantees and the transparency of operating gambling activities, protection against compulsive gambling, crime prevention, and the prevention of money laundering and the funding of terrorism, the operator must process
|Compliance by the operator with its legal obligations.
Personal data are in principle only processed for the purpose for which they have been collected. Data may however also be processed for other purposes if required by law or the pursuit of a goal that is compatible with the initial purpose.
The period for which data may be stored by the operator is limited to the time that the specific purposes require. In accordance with its legal obligations in this respect and, if necessary, to ensure the continuity of operations if the player returns to the operator, and respectively to provide assistance to players, the operator shall in principle store personal data for up to 6 years after the contractual relationship has ended. Once this period is over, the operator shall delete or anonymise the data in order to dissociate it from the player’s identity. Anonymity may be introduced before the 6-year period is over if the contractual relationship has ended and if the operator’s legal obligations do not require data to be kept in their current state.
Personal data may be kept for less than 6 years after the end of the contractual relationship if the purpose of their processing or related legal obligations allow it. This is for instance the case with personal data collected when the player participates in events, promotions, competitions or tournaments, including trips and award ceremonies, as soon as these are over and the related follow-up has been done.
On the other hand, other personal data, for example, part of the data regarding exclusion from gambling (voluntary or imposed), or data regarding the prevention of money laundering and the financing of terrorism (AMLO-FGB Art. 21), must be kept for more than 5 years after the contractual relationships has ended. Such data include the following documents:
- List of all identified gamblers
- Copies of identity documents
- Documents regarding recorded transactions
- Players’ declarations on the real beneficiary
- Documents regarding notes on the results of specific inquiries
- Documents that include notes on the classification of risks and results of the application of risk characteristics
Personal data may be processed for longer only if this is justified by the purpose.
If a legal proceeding is pending, personal data may also be processed by the operator for more than 6 years after the contractual relationship has ended.
Documents regarding the communication of suspected money laundering are kept for a period of five years after the date of the communication, and are destroyed immediately after.
Recordings of conversations between the operator and the customer are kept for 90 days.
If the player does not wish to receive information on the operator’s marketing activities or has withdrawn their consent, the operator shall cease the processing of personal data for this purpose.
Automated decisions, particularly with regard to the opening of the gambling offer to players, are made by the operator based on a check of some of their personal data.
To prevent problematic gambling behaviour, alert players to their gambling habits, and identify gambling problems, the operator may also make decisions in an automated manner. These may for example consist of suspending players or transactions on players’ accounts.
The operator may also terminate the customer relationship or suspend a player account if a player is inactive, or if there is a significant likelihood that the player is not using the gambling offer.
7.1 Transmission of personal data
Moreover, legal or regulatory duties oblige the operator to transmit personal data, in particular when a breach is suspected.
7.2 Outsourced data processing
The operator outsources data processing to the following subcontractors, i.e. companies that process personal data on behalf of the operator according to the latter’s instructions to provide a part of the gambling offer:
- Gambling providers;
- IT companies that provide operational, technical-support and customer-service solutions, as well as maintenance of the operator’s gambling offer and other activities;
- Companies that provide payment solutions, such as banks, buyers and other payment service providers;
- Companies that provide services to counter and detect fraud, violations and/or other illegal behaviour;
- Marketing companies, such as communication and advertising agencies and affiliated companies.
The processing of personal data is outsourced to subcontractors only for the purpose for which they were collected by the operator, for example, with respect to the operator’s fulfilment of its contractual obligations.
The operator undertakes to check and guarantee, for example, by means of written agreements regulating the contractual relationship between the operator and the subcontractor, that each data-processing subcontractor sufficiently ensures the security, protection and confidentiality of the processing of personal data. The regulatory standards followed by data-processing subcontractors shall be at least equivalent to those of Swiss data-protection laws.
7.3 Transmission within the operator’s group
7.4 Other companies (independent data processors)
The operator may also transmit personal data to other companies with which it works, but that do not act as data-processing subcontractors. As independent data processors, these companies will then autonomously decide how the personal data will be processed. Such transfers are made to the attention of the following independent data processors:
Companies that provide payment solutions, such as banks, buyers and other providers of payment services, companies providing travel-booking services, airlines, hotels, etc., companies awarding prizes to players for their participation in an event or other activity organised by the operator, and certain gambling providers that supply games to the gambling platform.
The operator transmits anonymised data to research institutes to contribute to research on the prevention of gambling addiction.
Where personal data are transmitted to a company that processes them independently from the operator, the privacy policies and personal-data processing procedures of that company shall apply. The player may contact the operator for more information on companies that process personal data independently from it.
7.5 Transfer of personal data
Data protection is of vital importance to the operator. Data are by preference processed in Switzerland, the European Union (EU), and the European Economic Area (EEA), and mainly in a datacentre located in Switzerland and a datacentre located in the EU. In cases where personal data must be transferred outside of Switzerland and the EU/EEA, for example, to transmit personal data to a data processing subcontractor that stores, or that outsources to a subcontractor the storage of personal data outside Switzerland and the EU/EEA, or that owns subsidiaries outside of Switzerland and the EU/EEA, the operator shall take the necessary and appropriate legal, technical and organisational measures to guarantee a level of protection that is equivalent to the level of protection guaranteed in Switzerland.
If personal data must be transferred outside of Switzerland, the level of protection is guaranteed by the list of States issued by the Federal Commissioner for data protection and transparency, which includes countries where the legislation ensures an adequate level of protection, or by the fact that the company is linked to Switzerland by the “Swiss-US Privacy Shield” agreement.
Codes of conduct approved in the country of destination and the application of strict internal company regulations are also considered to be adequate protection measures.
8.1 Access rights
Players may at all times access their personal data that are processed by the operator, under the following cumulative conditions: a) they do not affect a third party’s rights and freedoms, b) no legal provision (for example the law against money-laundering and financing of terrorism) prohibits access to personal data, c) the transfer of personal data does not compromise the outcome of a criminal investigation or other proceedings.
If a request for access to personal data is received, the player may be asked to provide further information to ensure the efficient processing of the request, as well as the transfer of data to the right person.
8.2 Right to correct and complete data
The player may correct and complete his or her personal data depending on the purpose for which they are processed. This is done by contacting the operator’s customer service.
8.3 Right to oblivion
A player may request the deletion or anonymisation of his personal data, if, for example, the original purpose for which it was collected does not require its retention.
If processing is undertaken by the operator in compliance with the legal obligations applicable to the operator (e.g. Gambling Act, Anti-Money Laundering Act), deletion or anonymisation may be refused. If the operator has to establish, exercise or defend its rights, or if the operator has a legitimate interest in processing the data, the deletion or anonymisation of personal data may be refused.
8.4 Right to the limitation of processing
The player may demand the processing of personal data to be limited in certain cases, for example when the player asserts that the personal data are incorrect, when the processing thereof is illegal, or when the person in question refuses the deletion of the data but demands a limitation of the use thereof.
If this procedure is essential for the operator to establish, exercise or defend its rights or to protect the rights of other natural or legal persons, or when public interest requires it, the operator may proceed with the storage and processing of personal data for the duration of the limited processing demanded by the player. In such cases, the data may be processed even against the wishes of the player.
8.5 Right to object
Unless the operator has a legitimate interest to the contrary, the player has the right to oppose the processing of their personal data.
The player may choose the communication channels used by the operator to send advertisements by adjusting the settings of their player account. If the player does not wish to receive such communications, the operator shall cease to send information of this kind to them and to process personal data for this purpose.
The processing of personal data may however, continue if the operator puts forth an important reason or if the operator’s interests override those of the player until the legal situation has been clarified. Nevertheless, if the player opposes such processing, the operator may process personal data only for the purpose establishing, exercising and defending its own rights.
8.6 Revocation of consent
Where the processing of personal data depends on the player’s consent, this consent may be revoked by the interested party at any time and free of charge by contacting the operator’s customer service.
The revocation of the aforementioned consent shall have no impact on the legality of any previous processing.
Cookies are small text files stored permanently or temporarily when a website is visited. Five types of cookies are used, of which two are third-party cookies:
- Session cookies allow the operator to collect and store data when a player visits the gambling platform. Session cookies are deleted from the player’s peripheral when the web browser is closed. These cookies are often necessary for the proper functioning of the website and are used to improve its user-friendliness.
- Persistent cookies allow the operator to store data (e.g. choice of language) and to access these data the next time the player visits the gambling platform.
- Analytic cookies (third-party cookies) enable the operator to determine the number of visitors on the gambling platform. These cookies serve to carry out statistical surveys on the use of services. Their purpose is to improve the services that are offered. Such cookies are also used to improve products, measure marketing activities, and develop the activity.
- Advertising cookies (third-party cookies) allow the operator to analyse players’ preferences and to adapt marketing content to their specific interests. This type of cookie enables the player to be informed of current campaigns or offers by means of advertising banners on partner sites. These cookies are also used for the targeted management and the assessment of advertising on other websites.
The deactivation of cookies may affect user-friendliness. For example, features and games may be disrupted on certain parts of the gambling platform.
Cookies installed on the player’s peripheral may be authorised, blocked or deleted at any time using the web browser settings. All web browsers show information on cookies so that players can see which cookies are installed.
Changes to browser cookie settings may affect all websites that are visited, and not only those of the gambling platform, except if the cookies are deactivated or deleted individually.
The site does not currently allow the “Stop tracking” browser feature.
Useful measures are taken by the operator to protect personal data against unauthorised access, illegal or unauthorised processing, and the theft, deletion, modification, disclosure and transfer of personal data. Such measures include: a) limiting the maximum number of persons authorised to access personal data, b) limiting authorised persons’ scope for modification, and c) technical barriers against breaches, including encryption during transmission and storage, firewalls, strict password requirements, and alert features with notifications of attempted breaches.
Data are anonymised as far as possible to protect players’ privacy to the maximum.