We are pleased to welcome you to our website www.7melons.ch. This website is operated by Grand Casino Kursaal Bern AG (hereinafter "GCKB," "us," "we"), a gaming company with its registered office in Bern.
In Switzerland we have a gaming licence (licence no. [516-005/03]) as well as a supplemental licence (no. [516-005/03-01]) for providing online games under the applicable Gaming Act (Geldspielgesetz [BGS]), granted to us by the Federal Coun-cil after examination and at the request of the Swiss Federal Gaming Board (ESBK).
3 Contact details
Grand Casino Kursaal Bern AG, Kornhausstrasse 3, 3000 Bern 22 is responsible for the data processing on www.7melons.ch and the 7 melons app. If you have any questions or concerns about data protection or if you wish to exercise your data subject rights, please contact us.
Your contact for data protection issues is:
Grand Casino Kursaal Bern AG
3000 Bern 22
4 Legal basis
As a provider of online gaming, we are obliged to comply with legal provisions. In connection with your personal data, we must in particular comply with the following laws:
- Anti-Money Laundering Act (AMLA)
- Anti-Money Laundering Ordinance (FINMA, AMLO-FINMA)
- Swiss Federal Gaming Board Ordinance on the due diligence obligations of gaming providers to combat money laundering and terrorist financing (Money Laundering Ordinance ESBK, AMLO-ESBK)
- Federal Gaming Act (BGS)
- Gaming Ordinance (VGS)
- EJPD Casino Ordinance (SPBV-EJPD)
- Swiss Code of Obligations (SCO)
- Swiss Federal Data Protection Act (DPA);
- Ordinance to the Federal Data Protection Act (DPO)
The current versions of the legal bases for operating casinos can be found here (no English version available) : https://www.esbk.admin.ch/esbk/de/home/rechtsgrundlagen/gesetzgebung.html
5 Processing of personal data
5.1 Definition of terms
- Personal data means data relating to an identified or identifiable person. A person is identifiable if his or her identity may be inferred from additional information.
- Personal data that needs to be specially protected (colloquially known as "sensitive personal data") is data concerning religious, ideological, political or trade union-related views or activities, health, intimate matters or racial origin, social security measures, or administrative or criminal prosecutions and sanctions. In addition, genetic and biometric data which uniquely identify a person are also considered to be particularly sensitive.
- Processing: This refers to any handling of personal data, regardless of the means and procedures used.
5.2 Processing principles
We attach great importance to compliance with the principles of data protection law. We therefore process your personal data only to the extent permitted and lawfully.
This means, namely, that we only process your personal data for the purposes set out by law, which we inform you of in a transparent manner or which are recognisable to you. Moreover, your personal data will only be processed to the extent necessary, confidentially, and by authorised persons.
We request your consent to process your data, unless we are obliged to process personal data by law or have an overriding interest to do so.
5.3 Collecting and processing personal data
5.3.1 Gaming account
In order to use our online gaming services, you must open a gamer account with us. For this we need to identify and register you prior to starting a game. To achieve this, we process the following data in particular:
- First name and surname
- Date of birth
- Address of domicile (or habitual residence)
- Email address
- Telephone number
- Earnings and wins
- Data regarding access bans
To enable you to use our online gaming services and so that we can pay out wins, we process information about your games and wins and losses as well as your account details and your credit card.
We require that you provide a valid official document (e.g. passport, ID, driver's ID) for identification purposes. We may also use your electronic identity (E-ID), video or online identification or any other legally accepted type of identification.
When you open your gamer account and register, we may match your identification and account verification information to information provided by third parties (e.g. credit reference agencies such as Crif-Teledata or KYC Spider and GBG ID3global). We do this to determine whether your address is correct and to assess your creditworthiness. We also match it to the national access ban register (veto). We check whether you are eligible to play or affected by an access ban or a participation restriction.
5.3.2 Social concept
We process your personal data in accordance with legal provisions on social responsibility and gamer protection, and to issue and implement access bans. Such measures are aimed at providing information, early detection, self-monitoring and access restrictions. For this, we also process the following personal data:
- Data on gaming behaviour
- Data on financial transactions
- Personal, professional and financial data
- Access ban data (reason, start and duration of the ban)
Switzerland maintains a game access ban register. In it we collect the following data from you:
- Surname and first name
- Date of birth
- Data regarding access bans
For the duration of the ban we are required to make this data available to other casinos or organisers of major game tournaments and online games.
5.3.3 Security concept
We are legally obliged to implement a security concept. We process your personal data in this regard as well. This includes, among other things, taking measures to ensure secure and transparent gaming operations and to combat crime, money laundering and terrorist financing. In order to implement these measures, we may process personal data and highly sensitive personal data from you. In this regard, we are required to review and store information about your gaming and winnings history. Your data can also be passed on to the authorities to satisfy a legal obligation. We can moreover impose access bans on security grounds.
5.3.4 Marketing, communication and customer support
We process data that you have disclosed to us orally, in writing or electronically, or that are publicly accessible, and create profiles. This applies in particular to data you disclose to us when registering, as well as the data generated by your use of the gaming offers (particularly gaming behaviour), and your payment and transaction data.
We can contact you via telephone, email, post or the chat function for marketing and support purposes. This includes informing you about our online gaming offers and services, as well as the availability and security thereof.
We process your personal data in order to send you customised information relating to our offers and services for marketing purposes, unless you object to this. We will also send you promotional information by email if you disclosed your email address upon registration and you did not object to receiving promotional emails.
If you do not wish to receive promotional information, please write to the contact address specified in Section 3 or to the Customer Service. Each promotional email contains an unsubscribe link you can use to stop us sending you promotional emails.
Calls can be recorded for quality assurance purposes, training and evidence.
5.3.5 Profiling and automated individual decision-making
We perform partly automated processing of your personal data to evaluate certain personal aspects (profiling). We generate profiles to satisfy our legal obligations relating to social responsibility and to combat money laundering. In addition, we run automated evaluations of your data to provide you with customised information and advice about our products. We use evaluation tools, including market and opinion research, that enable us to communicate and advertise in accordance with your needs.
To satisfy legal requirements, we process your personal data, on an automated basis, when you register or log in to use the website to determine whether you are eligible to play at that time.
5.4 Use of the website and app
5.4.1 Visiting the website and opening the app
When you visit our website www.7melons.ch and use our 7 Melons App, data such as your IP address is transferred to us. This information provides us with specific data about the end device you use to visit our website, the browsers you use and your visiting times. This information helps us assess the attractiveness of our website and to make the website content more interesting while continuously improving it.
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.
Cookies are small text files that a web server places on your computer or mobile device when you visit our website. Cookies help in many ways to make your visit to our website easier, more enjoyable and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website.
Most internet browsers accept cookies automatically. You may however configure your browser at any time in such a manner that no cookies are saved on your computer or that an indication always appears when you receive a new cookie. The corresponding support websites of the most popular browser providers (Microsoft IE; Firefox; Google Chrome; Apple; Safari etc.) provide information about the necessary configurations.
If you disable cookies, you may not be able to use all the functions of our website.
5.4.3 Tracking tools
We use tracking technologies to customise and continuously optimise our website. Our website uses the web analysis service Google Analytics. Pseudonymised user profiles are generated and small text files that are stored on your computer ("cookies") are used for this. The information generated by cookies about your use of this website is transferred to the servers of the providers of these services, stored there and prepared for us. This may provide us with the following information:
- the navigation path followed by a user on the website,
- the duration of the visit to the website or subpage,
- the subpage from which the website was left,
- the country, region or city from which the access occurred,
- the end device (type, version, colour depth, resolution, width and height of the browser window) and
- whether you are a recurring or new visitor
The information is used to analyse website use, to compile reports on website activity and to provide further services related to website and internet use for market research and to customise the website's design. This information may also be transferred to third parties to satisfy legal requirements or for the processing of this data by third party service providers.
The provider of Google Analytics is Google Inc., a company of the holding company Alphabet Inc., which is based in the USA. Prior to transferring the data to the provider, the IP address is shortened by the activation of the IP anonymization ("anonymizeIP") on this website within the Member States of the European Union (EU) or in other Contracting States of the Agreement on the European Economic Area (EEA). The anonymised IP address transmitted from your browser by Google Analytics is not combined with other data held by Google. Only in exceptional cases will the full IP address be transferred to and abbreviated by one of Google's servers in the USA. In such cases, we have contractual guarantees in place to ensure that Google Inc. maintains an adequate level of data protection. According to Google Inc. the IP address will not under any circumstances be associated with any other data concerning the user.
Further information about the web analytics service used is available on the website of Google Analytics. You can find instructions on how to opt out of data processing by the web analytics service at: http://tools.google.com/dlpage/gaoptout?hl=de.
5.4.4 Social media plugins
Our website uses social media plugins. The plugins can be recognised by the rele-vant social network's logo. The plugins used are set up through a double-click pro-cess. This means that the relevant plugins are only activated if you click on the pro-vider's logo. If you visit our website, which contains an activated plugin, your brows-er directly connects to the provider's servers. The plugin's content is transmitted by the respective provider directly to your browser and integrated into the web page. The incorporation of the plugin enables certain information to be transmitted to the third party provider and stored by it. Even if you are not a member of a social net-work, the networks may still collect and store your IP address via the social media plugin. If you are logged into a social network, the third party provider can assign your visit to our website to your personal social media profile. If you interact with the plugins, for example by pressing the "like", "+1", "twitter" or "instagram" buttons, the information is also transmitted directly to a third party server and stored there. Fur-thermore, the information is published on your social media profile and displayed there to your contacts. For information about the purpose and scope of the data col-lection and the further processing and use of the data by the third party providers, as well as about your related rights and configuration options for protecting your priva-cy, please consult the third party providers' privacy policies. To prevent Google, Fa-cebook, Twitter or Instagram from associating the data collected through our website with your profile in the applicable social network, you have to log out of that network before visiting our website. You can also entirely prevent the loading of plugins us-ing specialized add-ons for your browser, such as for example "NoScript" (noscript.net) or "Ghostery" (ghostery.com).
5.4.5 Social media
You can also visit us on our Facebook fan page 7 Melons. We are jointly responsible with Facebook for the data processing on the Facebook fan page. For more information on Facebook data processing, please visit: https://www.facebook.com/legal/terms/information_about_page_insights_data.
6 Data transfer
We transfer your data to third parties as far as we are legally obliged to do so and as far as this is necessary to use the website and app, for the performance of the contract or to run the gaming operations.
In so doing, we contractually ensure that our service providers offer appropriate safeguards for the security and protection of personal data and that they process such data solely for the purposes we are authorised to do so.
In order to satisfy our legal obligations and to protect gamers from excessive gaming as well as to combat crime and money laundering, we transfer the following data to the supervisory authorities, in particular: registration data, data regarding your gaming behaviour, financial transactions, your personal, professional and financial situation, as well as access bans. In the event of an access ban, we are also legally required to share the data with the other casinos; this is done via a central database. Finally, when you make a credit card payment on the website, we forward your credit card information to both your credit card issuer and the credit card acquirer. If you decide to pay by credit card, you will be asked to enter the necessary information every time. As regards the processing of your credit card information by these third parties, we invite you to also consult the general terms and conditions of business as well as the privacy statement of your credit card issuer.
7 Data transmission abroad
Your data will be forwarded to our service providers in the following countries:
- South Africa
- Isle of Man
If we transfer data to a country that does not provide adequate legal data protection, we contractually ensure (e.g. through so-called standard contract clauses) that the protection of your personal data equals that in Switzerland.
To operate the online gaming platform, we work with the following service providers, who receive access to personal data accordingly:
Digital Outsource Services Pty Ltd
1 Waterview Close
Prima Networks Limited
The George Complex
8 Storage period of the personal data
We process and store your personal data only for as long as is needed to fulfil our contractual and legal obligations, for evidentiary purposes, or to process data in accordance with purposes specified by us or a circumstantial purpose.
For example, we are legally required to store data for combating money laundering and terrorist financing, for accounting and account reporting purposes, for at least 10 years. Access ban data are stored so long as the access ban is in effect and are subsequently deleted after 5 years or destroyed, unless an access ban is otherwise justified. In such case, the data are kept until the end of the licence period.
9 Your rights
You have the right to request a copy of the personal information we hold about you and are using for processing purposes. You also have the right to have incorrect or unnecessary data rectified, erased or permanently deleted. We may however refuse to rectify, erase or permanently delete data because of our legal obligations or if we have an overriding interest to process them without alteration. This includes storing data for longer periods for legal or contractual reasons or to secure evidence. You may object to our processing of your personal data, e.g. for marketing purposes. You may file a request to exercise your data protection rights with the contact person in Section 3. Please enclose a copy of a valid official identity document to ensure the information is not accessed by an unauthorised third party.
10 Data security
We design and protect our IT system with adequate technical and organisational safeguards to ensure that we can provide you with our services while maintaining data confidentiality, integrity and availability (IT security). In order to achieve this, we create internal IT security concepts regulating in particular the following points: IT system access control (access rights, monitoring, administration) for employees, data backup, archiving) and network security (confidential networks, encryption, password protection, connection by a third party, internet access).
GCKB has been certified with the data protection quality guarantee mark [email protected]® which is issued by SQS. A maintenance audit is carried out annually and a recertification audit every three years. We operate an information security management system (ISMS) which is ISO 27001 certified.
In the event of any differences between the different language versions, the German version will prevail.