Privacy policy

jackpots.ch privacy policy

The protection of personal data is very important to Grand Casino Baden AG (hereinafter referred to as «GCB» or also referred to as «we» or «us»). For this reason, we make every effort to protect the privacy of all visitors to our websites.

Below, you will find all the provisions on the processing of personal data that apply every time you visit or use «jackpots.ch» (hereinafter «the website») (hereinafter referred to as the «privacy policy»).

This privacy policy is a binding part of the General Terms and Conditions of Use of jackpots.ch (hereinafter the «GTC»). By using the gambling platform and by opening and logging into a player account, you accept this privacy policy. Please, therefore, read this privacy policy carefully.

Separate data protection provisions apply to the website www.grandcasinobaden.ch and all other services of GCB, which can be found at https://www.grandcasinobaden.ch/datenschutzerklaerung.

1 DATA PROTECTION WITH JACKPOTS.CH

Protecting your data and privacy is very important to us. In this privacy policy, we explain the nature, scope and purpose of the collection and other processing of personal data. Personal data is any information relating to an identified or identifiable natural person (Art. 5(a) Swiss Federal Act on Data Protection). Please note that our website may link to other websites for which different data protection rules may apply.

We process personal data in accordance with the provisions of Swiss law (Swiss Federal Act on Data Protection (FADP) and Swiss Ordinance on Data Protection (DPO)) and, where applicable, the European General Data Protection Regulation (GDPR). jackpots.ch was also the first Swiss casino to be ISO 27001 (international standard for information security) certified in 2019.

2 RESPONSIBILITY

2.1 REPRESENTATION FOR DATA PROTECTION MATTERS IN SWITZERLAND

The party responsible for processing personal data is:

Grand Casino Baden AG

Haselstrasse 2

5400 Baden

Tel. +41 (0)56 204 07 07

If you have any concerns about data protection, you can send them to us for all Stadtcasino Baden Group companies at [email protected].

2.2 DATA PROTECTION SUPERVISORY AUTHORITIES

The responsible data protection supervisory authority in Switzerland is:

Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter

Feldeggweg 1

3003 Bern

Tel. +41 (0)58 462 43 95

www.edoeb.admin.ch

3 LEGAL BASIS AND PURPOSE OF DATA PROCESSING

Casinos are subject to the following legal requirements, which also require the collection and processing of personal data:

• Federal Act on Gambling (BGS)
• Ordinance on Gambling (VGS)
• FDJP Ordinance on Casinos (SPBV-EJPD)
• Federal Act on Combating Money Laundering and Terrorist Financing (AMLA)
• FDJP Anti-Money Laundering Ordinance (GwV-EJPD)
• SFGB Anti-Money Laundering Ordinance (GwV-ESBK)

We use the personal data we collect primarily in connection with communication with you and to conclude and execute contracts with our customers and business partners. This applies in particular to our activities in connection with the operation of our online casino. This includes, for example, registering players, processing payments and organizing events. We thereby also fulfill our legal obligations, in particular to protect players from excessive gambling and to combat crime and money laundering, as well as our tax obligations. If your role includes working (e.g. as an employee or adviser) for one of our customers or business partners, your personal data may also be affected in this context.

In order to fulfill our legal obligations, we process the following data and may disclose it to the Swiss Federal Gaming Board (SFGB):

• Data collected from players during online registration
• Data about players’ gambling behavior and financial transactions
• Data about players’ personal, professional and financial situation
• Data about player suspensions

In addition, we process personal data from you and other persons, to the extent permitted and deemed appropriate, for the following purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

• Offering and further developing our offers, services and websites, apps and other platforms on which we have a presence, including improving the user experience and personalizing offers
• Communicating with third parties and processing their inquiries (e.g. supervisory authority)
• Reviewing and optimizing processes for needs analysis for the purpose of addressing customers directly and collecting personal data from publicly accessible sources for the purpose of customer acquisition
• Advertising and marketing (including holding events and competitions) and maintaining relationships, unless you have objected to the use of your data;
• Market research, to improve our services and operations, for product development, training and quality assurance purposes
• Asserting legal claims and defense in connection with legal disputes and official proceedings
• Preventing and investigating criminal offenses and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud)
• Ensuring and safeguarding our operations, in particular IT, our websites, apps and other platforms, as well as safeguarding our customers and employees

If you have given us consent to process your personal data for specific purposes (for example, when you subscribed to receive newsletters), we process your personal data within the scope of and on the basis of this permission unless we have any other legal basis and we require such a basis. Consent given can be withdrawn at any time, but this does not affect data processing that has already taken place.

4 COLLECTION OF PERSONAL DATA

4.1 DATA GATHERING

We primarily process personal data that we receive from our customers, business partners and other parties involved or that we collect from users when operating our website and other applications. This applies in particular to:

• Registration and account details: information such as name, address, date of birth, nationality, gender, e-mail address, telephone number, username, password, official identification documents and proof of residence. This data is necessary to create and manage your player account and to fulfill legal obligations (e.g. loss limits, identity verification in accordance with the Gambling Act/Anti-Money Laundering Act).
• Communication data: information that you provide to us via contact forms, e-mail, chat or other channels, including records of support requests.
• Usage data: technical information on the use of the website and app (e.g. IP address, device information, timestamps, interactions), as well as game histories, deposits, withdrawals and game intensity information.
• Supplementary data: in special cases, we may request further proof (e.g. of income or assets) to comply with our legal obligations to combat money laundering and excessive gambling.

We may also supplement your personal data with information from public registers or commissioned third parties (e.g. credit agencies) insofar as this is necessary to fulfill a contract or comply with legal requirements.

Your language settings are automatically determined from your browser or URL data and cannot currently be changed manually. Notification settings (e.g. SMS, e-mail or phone) are enabled by default and can be changed in the profile.

Content such as comments or profile information that you share publicly may still be found via external search engines even after deletion. Please also note our General Terms and Conditions: https://www.jackpots.ch/en/terms-conditions.

4.2 LOG FILES

Each time our website is accessed, technical data is automatically recorded and stored in the server log files. In particular, this includes:

• IP address of your connection
• Date and time of access
• Name and URL of the retrieved resource
• Referring website (referrer)
• The user’s browser type/version
• Type and operating system of your device

This data is technically necessary to display our website correctly and serves to ensure the stability and security of our system. Additionally, we use this information in anonymized form to further develop the website, analyze its use and make optimizations.

The log data is stored for a maximum of four weeks and then routinely deleted.

4.3 OPENING A PLAYER ACCOUNT

To open a player account on jackpots.ch, we require various information for identification and communication purposes, including personal data such as name, address, date of birth, nationality and contact details. Official identification documents and proof of residence are also required. A loss limit must be specified by law. This data collection is necessary to give you access to our online gambling services and to comply with our legal and regulatory obligations.

4.4 GRANDWINNERS Loyalty-Program

All registered users are automatically enrolled in our GRANDWINNERS Loyalty-Program. Participation is voluntary and can be canceled at any time upon request. We process basic identification and contact data for participation. Unsubscribing does not affect the use of our other services.

4.5. BIOMETRIC AUTHENTICATION

If you activate this in the app’s settings, you can log in using biometric authentication (e.g. Face ID or Touch ID). Detection is done exclusively by your device’s operating system. At no point do we have access to your biometric data.

Use of this feature is optional and can be deactivated at any time in the device settings.

4.6 COMMUNICATION

4.6.1 CONTACT FORMS

Our website contains contact forms that can be used to get in touch with us. The data entered in the contact forms is transmitted in encrypted form (SSL encryption).

If you use our contact form, your data from the form will be processed by us in order to process and respond to your inquiry and in the event of follow-up questions. We usually require the following information:

• First and last name
• Email address
• Subject
• Your inquiry

4.6.2 CONTACT BY EMAIL

When you contact us by email, we will store the data you provide (your email address, if applicable your name, your telephone number and other information provided in the email) in order to process your request or to answer your questions. Contacting us by email is expressly voluntary and is carried out with your consent.

4.6.3 CONTACT BY LIVE CHAT

When you contact us by the chat function, we will store the data you provide (your email address, if applicable your name, your telephone number and other information provided in the chat message) in order to process your request or to answer your questions. Contacting us by the chat function is expressly voluntary and is carried out with your consent.

4.7.2 USER INTERACTION AND AUTOMATED COMMUNICATION TOOLS

4.7.2.1 ULTIMATE.AI CHATBOT SERVICE

Our website uses a chatbot from the service provider Ultimate.ai GmbH, Paul-Lincke-Ufer 39/40, 10999 Berlin, Germany («ultimate.ai») in order to offer you more efficient customer support. The information you enter will be processed.

Use of the chatbot is voluntary. You alone decide what personal data you disclose during the chat. If you decide not to use the chatbot, you can alternatively contact us via the aforementioned communication channels, such as e-mail.

Further information about data processing by Ultimate.ai can be found in its privacy policy at https://www.ultimate.ai/security-privacy.

4.7.2.2 ONESIGNAL

In our app, we use the push notification tool provided by OneSignal, a service provided by OneSignal Inc., 2850 S Delaware St #201, San Mateo, CA 94403, USA. OneSignal allows us to send you targeted information about our offers and services via various channels. We also use analysis functions that allow us to better understand your interests and show you relevant content.

OneSignal may process personal data such as your name, IP address, telephone number or email address. This processing takes place only with your prior express consent in accordance with Art. 6 para. 6 FADP. You can revoke this consent at any time.

Processing may also take place in the USA. OneSignal has committed itself to the Standard Contractual Clauses (SCC), which are recognized by the Federal Data Protection and Information Commissioner (FDPIC). This ensures an appropriate level of data protection within the meaning of Art. 16 para. 2(d) FADP.

You can find more information about data processing by OneSignal at: https://onesignal.com/privacy_policy.

4.7.3 PERSONALIZATION AND ANALYSIS

4.7.3.1 FROSMO

We use the tool Frosmo, a service of Frosmo Ltd., based in Malminkatu 16, 00100 Helsinki, Finland, to show you contextual content, product recommendations and other targeted modifications. Pseudonymized data about your surfing behavior is processed.

Further information on data processing by Frosmo can be found at: https://www.frosmo.com/privacy-policy.

4.7.3.2 GOOGLE ANALYTICS

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland («Google»), to design, analyze and improve our website in line with requirements.

Google Analytics and Firebase use cookies. Typically, the information generated by cookies about your use of websites is transmitted to a Google server in the US and stored there.

Google will use this information to analyze your use of GCB websites and applications for us, to compile reports on activities and to provide us with other services relating to your use of GCB websites and applications and of the internet. The IP address transmitted by your browser as part of Google Analytics or Firebase will not be merged with other data held by Google.

Further information on Google Analytics’ terms of use and data protection can be found at https://marketingplatform.google.com/about/analytics/terms/us/, https://firebase.google.com/support/privacy and https://policies.google.com/?hl=us&gl=de.

4.7.3.3 GOOGLE TAG MANAGER

To manage website tags via an interface, we use Google Tag Manager, a service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Tag Manager itself (which implements the tags) is a cookie-free domain and does not process any personal data. However, the service triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this will remain in place for all tracking tags implemented with Google Tag Manager.

For more information about Google Tag Manager, see https://www.google.com/intl/de/tagmanager/use-policy.html.

4.7.3.4 KAMELEOON

We use Kameleoon, a web analytics service provided by Kameleoon SAS, 12 Rue de la Chaussée d’Antin, 75009 Paris, France, to perform A/B tests and to analyze user behavior by segments. Cookies and local storage are used to store anonymous and pseudonymized information.

The IP address is anonymized and the data is stored on servers in Germany.

Further information can be found in the Kameleoon privacy policy: https://www.kameleoon.com/privacy-policy.

4.7.3.5 HOTJAR

We use the web analysis service Hotjar to optimize our website. It is provided by Hotjar Ltd., St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta. Hotjar allows us to analyze user behavior (e.g. clicks, mouse movements, scrolling behavior) in an anonymized form to improve user-friendliness. Cookies and similar technologies are used for this purpose. It is not possible to draw conclusions about individuals. The legal basis is our overriding interest in improving our online offering.

You can find more information about data processing by Hotjar at: www.hotjar.com/legal/policies/privacy

Information on the cookies used: https://help.hotjar.com/hc/en-us/articles/115011789248-Cookies-on-hotjar-com

4.7.4 ADVERTISING AND CONVERSION TRACKING

4.7.4.1 GOOGLE MARKETING PLATFORM

We use the Google Marketing Platform of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, to place and measure the success of online advertising. Information about the use of our website is collected in order to display targeted advertisements and to analyze their impact.

Data may be disclosed to Google LLC servers in the USA.

Further information about the Google Marketing Platform can be found at https://marketingplatform.google.com/about/.

4.7.4.2 GOOGLE ADS

On our website, we use the service Google Ads, an online advertising service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Ads enables us to place advertisements in Google search results and in the Google advertising network.

Google Ads uses cookies. The information generated by cookies about your use of websites is transmitted to a Google server in the US and stored there.

Further information on the purpose and scope of data collection and its processing can be found at https://policies.google.com/privacy.

4.7.4.3 MICROSOFT ADVERTISING

On our website, we use Microsoft Advertising, an online advertising service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052–6399, USA, to display and measure the success of advertising. Information about the use of our website, such as IP address or click behavior, may be collected and transmitted to the US.

Further information about the nature, scope and purpose of data processing can be found in Microsoft’s Privacy Statement (https://privacy.microsoft.com/en-us/privacystatement).

4.7.4.4 META CONVERSIONS API

We use the Conversions API from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to measure the effectiveness of our ads on Facebook and deliver targeted advertising. Usage data, such as pages visited or interactions, may be transmitted to Meta.

Meta may transfer the data to the US. Data is transferred in accordance with the standard contractual clauses recognized by Meta.

You can find out more about the data processed through the use of the Meta Conversions API in Meta’s privacy policy (https://www.facebook.com/privacy/policy/).

4.7.4.5 FACEBOOK CUSTOM AUDIENCE (PIXEL)

Our websites use Facebook Pixel from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to track page visits and enable personalized advertising on Facebook. This sends data to Meta, which may be linked to your Facebook account.

Here, too, data may be transmitted to the US. Further information can be found in Meta’s privacy policy: https://www.facebook.com/privacy/policy.

4.7.4.6 TRADE DESK

Our website uses retargeting technology from The Trade Desk, Inc. 42. N. Chestnut Street, Ventura, California 93001, USA («The Trade Desk»). This feature is used to present interest-based advertisements to visitors to the website as part of the The Trade Desk advertising network. Cookies are stored in the browser of the person visiting the website. On these websites, visitors can then be shown advertisements that relate to content that the person has previously viewed on websites that use The Trade Desk’s retargeting technology. According to its statements, The Trade Desk collects pseudonymized data during this process and no personal data is collected or stored.

You can object to the processing of the cookie data generated by The Trade Desk at any time at https://www.adsrvr.org/. Further information on The Trade Desk’s data protection can be found at https://www.thetradedesk.com/general/privacy-policy.

Further information about the nature, scope and purpose of data processing can be found in Microsoft’s Privacy Statement (https://privacy.microsoft.com/en-us/privacystatement). You can object to personalized advertising (https://account.microsoft.com/privacy/ad-settings/signedout?ru=https%3A%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings).

4.7.4.7 TRADEDOUBLER

Our website uses components from Tradedoubler, an affiliate advertising service of Tradedoubler GmbH, Herzog-Wilhelm-Strasse 26, 80331 Munich, Germany. Information about the use of our website is collected in order to enable the delivery of advertisements and to measure their success. Tradedoubler may also pass this data on to contractual partners.

You can find more information about how we use your data in Tradedoubler’s Privacy Policy (https://www.tradedoubler.com/de/privacy-policy/).

4.7.4.8 MY AFFILIATES

We use My Affiliates as an affiliate marketing platform on our website. My Affiliates allows us to partner with different publishers to promote our products and services and increase traffic to our website. By clicking on affiliate links on the publisher websites, personal data such as IP addresses and cookie information may be collected and transmitted to My Affiliates. This data is used to measure the effectiveness of our marketing campaigns and to reward us for successful transactions generated by affiliate links.

You can find more information about the use and processing of your data by My Affiliates in its Privacy Policy: https://www.myaffiliates.com/privacy-policy/.

4.7.5 CUSTOMER RATINGS

4.7.5.1 TRUSTPILOT

We use Trustpilot from Trustpilot, Inc. (245 5th Avenue, 4th floor, New York, NY 10016, USA) to give you the opportunity to submit reviews and display them on our website.

More information about Trustpilot’s data protection can be found at https://legal.trustpilot.com/end-user-privacy-terms.

4.7.6 SOCIAL MEDIA

We offer recommendation buttons for the following social media on our website: Facebook, X (formerly Twitter), Instagram and YouTube. These allow you to recommend selected website content to other internet users via the relevant social media and add the content to your personal profile. The recommendation buttons are provided by the operators of the social media.

By integrating these plugins into our website, the operators of the relevant social media may receive the information that you have accessed our website. If you are logged in to one of the aforementioned social media during your visit to our website, the operator may assign this visit to your user account. If you do not want such information to be assigned to your profile, we recommend that you log out of social media before visiting our website.

If you use the buttons, the corresponding information is transmitted to the relevant social media and stored there. For more information on the purpose and scope of data collection, further processing and use of the data and settings options to protect your privacy, please refer to the privacy policy of the social media:

Facebook: http://facebook.com/policy.php

X: https://twitter.com/en/privacy

Instagram: https://help.instagram.com/155833707900388

YouTube: https://policies.google.com/privacy?hl=en-US

5 DISCLOSURE OF DATA TO THIRD PARTIES

Insofar as we outsource certain parts of our data processing (e.g. to IT service providers, mailing services), we contractually oblige such contractor(s) to process the personal data only in accordance with the requirements of the applicable data protection law and to ensure that the rights of the data subject are protected. We also use (IT) services from our Swiss parent company Stadtcasino Baden AG. We use (IT) service providers from the EU as well as IT service providers from the US, with whom we conclude corresponding contracts and take technical and organizational measures to ensure an appropriate level of protection. Whenever possible, we select IT service providers with server locations in Switzerland or the EU (such as Zendesk).

If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection law (for this purpose, we use the revised standard contractual clauses of the European Commission), unless they are already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exempt provision. An exception may apply in particular to legal proceedings abroad as well as in cases of overriding public interest, or if the performance of a contract requires such disclosure, if you have consented, or if the data has been made generally available to the public by you and you have not objected to its processing.

Within the scope of fulfilling their legal mandate, the SFGB and other authorities may request access to our stored data.

We are required by law to make the identity of persons subject to a gaming ban available to other casinos in Switzerland. In addition, the date of issue, the type of suspension and the name of the casino that imposed the suspension will be disclosed. This obligation to provide information is fulfilled by storing the information in a central database to which all Swiss casinos have access.

We work with an addiction prevention center and a therapy facility in order to implement the social concept. During cooperation, personal data is exchanged on a case-by-case basis. If a gambling suspension is lifted, we are entitled to pass on the information about the player that is required to verify the lift to a cantonally recognized specialist or specialist authority.

If there are indications of money laundering, terrorist financing or funds of criminal origin or criminal organizations, we are authorized to forward all necessary data to the Swiss Money Laundering Reporting Office.

We disclose the personal data required to open your player account (see GTCs) to third parties in Switzerland and abroad, in particular in the event of suspected fraud, money laundering or other criminal conduct, for the purpose of clarifying the suspicion, initiating criminal, civil or administrative proceedings and complying with government orders during and outside pending proceedings, insofar as this is permitted under Swiss data protection law.

Personal data may also be disclosed to the specialist unit of SRO Casinos as part of investigations in connection with the prevention of money laundering and terrorist financing.

jackpots.ch maintains a data recording system in Switzerland for the gambling platform that records the above-mentioned player data and provides it to the supervisory authority.

6 RETENTION PERIOD FOR PERSONAL DATA

We process and store your personal data for the duration of the fulfillment of our contractual and legal obligations for as long as it is necessary to achieve the purposes for which the processing was carried out and for as long as we are legally obliged to store and document your personal data. We may retain personal data for as long as claims may be asserted against our company or for as long as we are otherwise required to do so by law or for as long as legitimate business interests require it. If your personal data is no longer required for the aforementioned purposes, it will be deleted or anonymized as part of our usual processes to the extent possible.

7 DATA SECURITY

To protect your personal data against unauthorized access and misuse, we take appropriate technical and organizational security measures, such as issuing directives, providing training, implementing IT and network security solutions, access monitoring and restrictions, encrypting data carriers and transmissions, and using pseudonymization or anonymization and controls.

8 RIGHTS OF DATA SUBJECTS

Within the scope of the data protection law that applies to you and to the extent provided for therein, you have the right of access, rectification and deletion and the right to otherwise object to our data processing and otherwise the right to object to our data processing, in particular data processing for direct marketing, profiling and other legitimate interests in processing, as well as the right to the disclosure of certain personal data for the purpose of transferring it to another body («data portability»). Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in it (insofar as we may invoke it) or require it to assert claims. We will let you know in advance if you will incur any costs. We have already informed you about the option of withdrawing your consent in Section 3. Please note that the exercise of these rights may conflict with contractual agreements and this may lead to consequences such as early termination of the contract or cost implications. In this case, we will inform you in advance where this is not already contractually stipulated.

In order to exercise these rights, you generally need to prove your identity clearly (e.g. by means of a copy of your ID). To assert your rights, you can contact us at the address provided in Section 2.

In addition, every data subject has the right to assert their claims in court or to file a complaint with the competent data protection authority.

9 CHANGES TO THIS DATA PROTECTION INFORMATION

We reserve the right to amend these provisions at any time in accordance with the applicable data protection regulations. Changes are published on our websites and come into effect when they are activated. The current version is valid as of September 2025.

If you have any questions about the processing or security of your personal data, you can directly contact the data protection officers in accordance with Section 2 above.