The protection of personal data is very important to Gamanza Group AG (hereinafter referred to as “Gamanza” or also referred to as “we” or “us”). For this reason, we make every effort to protect the privacy of all visitors to our websites.
Below, you will find all the information on the processing of personal data that apply to every visit or use of “gamanza.com”, “gamanza.games” or “gamanzaengage.com” (hereinafter “the websites”) or when you avail of our services (hereinafter referred to as “privacy policy”). This privacy policy is a binding part of the General Terms and Conditions of Use of our websites (hereinafter the “GTC”).
1. Data protection with Gamanza
Protecting your data and privacy is very important to us. In this privacy policy, we explain the nature, scope and purpose of the collection and other processing of personal data. Personal data is any information relating to an identified or identifiable natural person (Art. 5(a) Swiss Federal Act on Data Protection). Please note that our website may link to other websites for which different data protection rules may apply.
We process personal data in accordance with the provisions of Swiss law (Swiss Federal Act on Data Protection (FADP) and Swiss Ordinance on Data Protection (DPO)) and, where applicable, the European General Data Protection Regulation (GDPR). Gamanza is ISO 27001 (international standard for information security) certified.
2. Responsibility
2.1 Representation for data protection matters in Switzerland
The party responsible for processing personal data is:
Gamanza Group AG Haselstrasse 2 5400 Baden, Switzerland Email: [email protected]
If you have any concerns about data protection, you can send them to us for all Stadtcasino Baden Group companies at [email protected].
2.2 Representation for data protection matters in the EU
If Gamanza falls within the scope of the GDPR, the representative according to Art. 27 GDPR is:
Gamanza Services d.o.o. Vojkovo nabrezje 30
6000 Koper-Capodistra Slovenia.
2.3 Data protection supervisory authorities
The responsible data protection supervisory authority in Switzerland is:
Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter Feldeggweg 1 3003 Bern Tel. +41 (0)58 462 43 95 www.edoeb.admin.ch.
If Gamanza falls within the scope of the GDPR, the supervisory authority is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit The Information Commissioner (Informacijski pooblaščenec) (the “Commissioner”) Zaloška 59 SI-1000 Ljubljana Slovenia www.ip-rs.si
3. Legal basis and purpose of data processing
We primarily use the personal data we collect in connection with communication with you, to conclude and execute contracts with our customers and business partners, to provide and improve our services and to identify your preferences. This applies in particular to our activities in connection with the provision of our iGaming SuperstoreTM, as well as our Gamification and CRM tools.
In addition, we process personal data from you and other persons, to the extent permitted and deemed appropriate, for the following purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:
- Offering and further developing our offers, services and websites, apps and other platforms on which we have a presence, including improving the user experience and personalizing offers
- Communicating with third parties and processing their inquiries (e.g. supervisory authority)
- Reviewing and optimizing processes for needs analysis for the purpose of addressing customers directly and collecting personal data from publicly accessible sources for the purpose of customer acquisition
- Advertising and marketing (including organizing events) and maintaining relationships, provided that you have not objected to the use of your data (if we send you advertising, you can object at any time; we will put you on a list to stop further advertising)
- Market research, to improve our services and operations, for product development, training and quality assurance purposes
- Asserting legal claims and defense in connection with legal disputes and official proceedings
- Preventing and investigating criminal offenses and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud)
- Ensuring and safeguarding our operations, in particular IT, our websites, apps and other platforms, as well as safeguarding our customers and employees
If you have given us consent to process your personal data for specific purposes (for example, when you subscribed to receive newsletters), we process your personal data within the scope of and on the basis of this permission unless we have any other legal basis and we require such a basis. Consent given can be withdrawn at any time, but this does not affect data processing that has already taken place.
4. Collection of personal data
4.1 Data Gathering
We primarily process personal data that we receive from our customers, business partners and other parties involved or that we collect from users when operating our website and other applications. This also includes contact details that you provide to us, e.g. via email, the contact form or chat. This data will only be transmitted with your consent. If you provide your personal data, you also give us your consent for it to be processed by us.
When you attend our organized public events we may collect photos or videos of you for marketing purposes on our website or social media platforms to promote and represent our services.
4.2 Log Files
All access to our websites is logged and stored in the log files of the web servers used. Only the information that your internet browser automatically transmits to the server is stored in the log files. This includes in particular:
- The user’s IP address
- The date and time of the server request
- The operating system of your device
- The user’s browser type/version
- The user’s language settings
- The name of your internet service provider
- The website from which you came to our site
- The pages accessed on our websites, and
- The transmission protocol used
The transmitted data is stored in server log files for a period of up to 30 days. The data is stored to ensure that processes and procedures, particularly in connection with the use of our website and the security and stability of our system, are secure.
4.3 Contact Forms
Our website features contact forms that provide a straightforward way for you to get in touch with us. When you submit a contact form, your information is sent to us using SSL Encryption, ensuring the secure transmission of your data over the internet.
By using our contact form, you consent to the collection and processing of the data entered in the form. This data is used exclusively for the purpose of addressing and responding to your inquiry, as well as for any related follow-ups. The information we typically request includes:
- First and last name
- Email address
- Company name
- Details of your inquiry
Please note that while we take all reasonable steps to protect your personal information, the transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
4.4 Contact by Email
When you contact us by email, we will store the data you provide (your email address, and if applicable, your name, your telephone number, and any other information you include in the email) to process your request or to answer your questions. Contacting us by email is a clear affirmative action which constitutes consent to the processing of your personal data for these purposes.
Please be aware that this data will be stored and processed based on your consent. We will retain this information only for as long as necessary to fulfil your request or to continue our conversation, and in accordance with our data retention policy or as required by applicable law.
4.5 Cookies
We use cookies and similar technologies on our website to identify your browser or device. Cookies are small text files that are stored on your computer or mobile device by your internet browser when you visit our websites. They allow us to recognize you when you return to our website. We utilize both temporary
“session cookies,” which are deleted after your visit, and “permanent cookies,” which remain on your device for a set period of time to save user settings and other information.
Cookies help us optimize our websites and our services. Necessary cookies, which are functional and technical, are essential for you to use our website as intended. For instance, they include cookies that remember your consent to the use of cookies that require it. The deployment of these cookies is grounded on our legitimate interest in providing a fully functional website.
You can configure your preferences and consent in your browser settings and, for example, refuse to accept cookies from other companies or reject all cookies. Please note that you may not be able to fully use all the features of our websites if you reject cookies.
4.6 Web Analytics
Google Analytics
We use Google Analytics and Firebase, web analytics services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), to design our website and app to be more user-friendly and continuously improve them.
Google Analytics and Firebase use cookies to help analyze how users interact with our website or app. The information generated by the cookies about your use of our website or app can be transmitted to and stored on a Google server in the United States. Due to the activation of IP anonymization on our website, your IP address will be truncated by Google within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
Google will use this information on our behalf to evaluate your use of our website or app, compile reports on activity for us, and provide other services related to website and app activity and internet usage. The IP address provided by your browser as part of Google Analytics or Firebase will not be merged with other Google data.
The data processing through Google Analytics and Firebase is based on your consent. You have the right to withdraw your consent at any time, but this will not affect the lawfulness of the processing carried out before the withdrawal of consent.
You can prevent the storage of cookies by selecting the appropriate settings in your browser. Furthermore, you can prevent Google from collecting data generated by cookies about your use of our website or app by downloading and installing a browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
For further information on terms of use and data protection with respect to Google Analytics and Firebase, please visit https://marketingplatform.google.com/about/analytics/terms/us/.
4.7 Advertising and Marketing
4.7.1 Google Marketing Platform
The online marketing tool Google Marketing Platform (“GMP”) uses cookies to display ads that are relevant to users, improve campaign performance reports, or prevent users from seeing the same ads multiple times. Google uses a cookie ID to track which ads appear in which browser and to ensure they’re not shown more than once. Additionally, GMP may track “conversions” with cookie IDs, which indicate whether a user saw a GMP ad and later visited the advertiser’s website and made a purchase. Google asserts that GMP cookies do not contain personal information.
When you visit our website, your browser automatically establishes a direct connection with Google’s server. We do not control the extent and further use of the data collected by Google through this service. Google’s integration of GMP notifies them that you have visited our website or clicked on an ad. If you are logged into a Google service, Google may associate your web activity with your Google account. Even if you are not registered with Google or not logged in, there is a possibility that Google may obtain and store your IP address.
The use of GMP may result in the transfer of personal data to Google servers located in the USA. We ensure that appropriate safeguards are in place for such transfers as required by the GDPR.
The processing of your data through GMP is based on your consent. You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You can prevent tracking by GMP by configuring your browser settings or by disabling personalized advertising at https://myadcenter.google.com/personalizationoff?hl=de&sasb=true&ref=ad-settings. For more detailed information on GMP, please visit https://marketingplatform.google.com/about/.
4.7.2 Google Ads
We use the Google Ads service on our website, an online advertising service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Ads allows us to display advertisements in Google search results and the Google advertising network.
When you visit our website, Google may place a cookie on your device if you have clicked on a Google ad. These cookies are not used to identify you personally but are used to target advertising more effectively. The use of Google Ads may involve the transmission of certain user data, such as IP address and cookie identifiers, to Google servers located in the United States.
The processing of data through Google Ads is based on your consent. You may withdraw your consent at any time by disabling cookies in your browser settings or by managing your preferences through Google’s Ads Settings.
We also use the Google Ads conversion tracking feature, which allows us to determine how successful individual advertising measures are. This is done by analyzing the actions users take after clicking on one of our ads. However, we do not receive any information that can be used to personally identify users.
You have the right to object to this form of data processing. You can opt out of interest-based advertising by Google by visiting https://www.google.com/settings/ads and adjusting your settings accordingly.
For more information about the purpose and scope of data collection and its processing, as well as more information about your rights in this regard and setting options to protect your privacy, please visit Google’s Privacy Policy at https://policies.google.com/privacy.
4.8. Google Tag Manager
For the management of website tags through an interface, we use the Google Tag Manager, a service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The Google Tag Manager itself (which implements the tags) does not record personal data as it operates on a cookie-less domain. However, the service triggers other tags which may collect personal data. Google Tag Manager does not access this data. If deactivation has been performed at the domain or cookie level, it will persist for all tracking tags that are implemented with Google Tag Manager.
The processing of personal data by the tags managed by Google Tag Manager is based on your consent. You have the right to withdraw your consent at any time.
By using Google Tag Manager, certain data from your browser may be transmitted to Google, potentially including your IP address and information about your browser usage. This may result in the transfer of personal data to Google servers in the USA. We ensure that appropriate safeguards are in place for such transfers as required by the GDPR.
For more information about how Google Tag Manager uses and processes your data, please visit Google’s tag use policy at https://www.google.com/intl/en/tagmanager/use-policy.html.
5. Disclosure of Data to Third Parties
Insofar as we outsource certain parts of our data processing (e.g. to IT service providers, mailing services), we contractually oblige such contractor(s) to process personal data only in accordance with the requirements of the applicable data protection laws and to ensure the protection of the rights of the data subject. We also use (IT) services from our Swiss parent company Stadtcasino Baden AG. We also engage (IT) service providers from the EU as well as from the US. With all non-EU providers, we enter into corresponding agreements using the revised standard contractual clauses issued by the European Commission and implement technical and organizational measures to ensure an appropriate level of protection. We prioritize selecting IT service providers with server locations in Switzerland or the EU whenever possible.
If a recipient is located in a country without adequate statutory data protection, we ensure compliance with applicable data protection law through contractual obligations (using European Commission’s standard contractual clauses), unless they are subject to a legally recognized set of rules ensuring data protection or an exemption applies. Exemptions may include necessary disclosures for legal proceedings abroad, cases of overriding public interest, performance of a contract, your consent, or if you have made the data publicly available and have not objected to its processing.
Under their legal mandate, the SFGB and other authorities may request access to our stored data. We handle such requests in accordance with legal obligations and ensure that any disclosure of personal data complies with data protection principles.
Data subjects have rights under GDPR and FADP which include access, rectification, erasure, restriction of processing, data portability, and the right to object. If you believe that our processing infringes on your data protection rights, you have the right to lodge a complaint with a supervisory authority.
For further clarification on our technical and organizational measures or if you wish to exercise your rights as a data subject, please contact us.
6. Retention Period for personal data
We process and store your personal data for the duration necessary to fulfill our contractual and legal obligations, to achieve the purposes for which the data was collected, and for as long as required by applicable laws and regulations. This includes retaining personal data for the period during which claims can be asserted against our company, as required by law, or as justified by our legitimate business interests.
In accordance to GDPR and FADP, we do not keep personal data longer than needed. The specific retention period for personal data depends on the nature of the obligation or the purpose of the processing. For example, we retain financial data for a minimum of ten years to comply with tax and accounting requirements.
Once the retention period has expired, or if personal data is no longer necessary for the purposes for which it was processed, we will take steps to delete or anonymize the data as part of our standard processes, unless further processing is necessary for compliance with a legal obligation to which we are subject, or for the establishment, exercise, or defense of legal claims.
7. Data Security
To protect your personal data against unauthorized access and misuse, we take appropriate technical and organizational security measures, such as issuing directives, providing training, implementing IT and network security solutions, access monitoring and restrictions, encrypting data carriers and transmissions, and using pseudonymization or anonymization and controls.
8. Rights of Data Subjects
Within the scope of the data protection law applicable to you, such as the GDPR, you have various rights concerning your personal data. These rights include:
- The right of access to your personal data,
- The right to rectification,
- The right to erasure (“right to be forgotten”),
- The right to restrict processing under certain conditions,
- The right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority, direct marketing (including profiling), and processing for purposes of scientific/historical research and statistics,
- The right to data portability, which allows you to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
9. Changes to this Data Protection Information
We reserve the right to amend this data protection information at any time in accordance with the applicable data protection regulations. Changes are published on our websites and come into effect when they are activated. The current version is valid as of September 2024.
If you have any questions about the processing or security of your personal data, you can directly contact the data protection officer in accordance with Section 2 above.