Privacy Policy

 

For Casinò Locarno SA (hereinafter “CLSA”, also “we” or “us”), the protection of personal data is very important. This privacy policy explains the nature, scope, and purpose of the collection and other processing of personal data each time you visit or use “Casineo” (hereinafter “the website”).

 

This privacy policy is a binding part of the General Terms and Conditions and Terms of Use for Casineo (hereinafter the “GTC”). By using the gaming platform, as well as by opening a player account and logging into the player account, you accept this privacy policy.

 

A separate privacy policy applies to the website www.casinolocarno.ch and all other CLSA services, which you can find at https://www.casinolocarno.ch/.


 

1 FOUNDATIONS

Personal data is any information relating to an identified or identifiable natural person (Art. 5 lit. a FADP). Our processing of personal data is based on the provisions of Swiss law (Federal Act on Data Protection (FADP) and the Ordinance on Data Protection (DPO)) and, where applicable, the European General Data Protection Regulation (GDPR). Casineo is ISO 27001 certified.

Our offering is exclusively aimed at persons who have reached the age of 18. We do not knowingly collect personal data from minors. If we determine that data of a minor has been submitted to us, it will be deleted immediately.


 

2 RESPONSIBILITY

2.1 CONTROLLER

Responsible for processing your personal data in connection with Casineo is:

Casinò Locarno SA 

Largo Zorzi 1 

6600 Locarno 

T +41 (0)91 756 30 30

 

For data protection concerns, you may contact us at datenschutz@scbgroup.com.


 

2.2 DATA PROTECTION SUPERVISORY AUTHORITY

The competent data protection authority in Switzerland is:

Federal Data Protection and Information Commissioner (FDPIC) 

Feldeggweg 1 

CH-3003 Bern 

Tel. +41 (0)58 462 43 95 

www.edoeb.admin.ch


 

3 LEGAL BASES AND PURPOSES

The operation of online casinos is subject to the Federal Act on Gambling (GamblA) as well as the Federal Act on Combating Money Laundering and the Financing of Terrorism (AMLA) and related ordinances, which also require the collection and processing of personal data. These regulations govern, among other things, the identification of players, the recording of playing behaviour, the protection against excessive gambling, exclusions, the prevention of money laundering, as well as various reporting and retention obligations.

 

We primarily use the personal data we collect to:

  • communicate with you and conclude and execute contracts with our customers and business partners – in particular related to the operation of our online casino (e.g. player registration, management of player accounts, processing deposits and withdrawals, organising events);
  • fulfil our legal obligations, in particular protecting players from excessive gambling, combating crime and money laundering, tax law obligations, as well as fulfilling information and reporting obligations toward authorities;
  • ensure the security and stability of our operations (e.g. IT and network security, fraud prevention);
  • develop our offerings, services, websites, apps and other platforms, and improve user-friendliness;
  • conduct advertising and marketing (including events and competitions) and maintain customer relationships, insofar as you have not objected to the use of your data for these purposes;
  • pursue market research and product development as well as training and quality assurance purposes;
  • assert legal claims or defend ourselves in legal and administrative proceedings;
  • prevent and investigate criminal offences and other misconduct (e.g. internal investigations, fraud prevention analyses).

To fulfil our legal obligations, we process in particular identification data of players, data on playing behaviour and financial transactions, data on personal, professional and financial circumstances, as well as exclusion data. We may disclose this data to the Federal Gaming Board (FGB).

 

Insofar as you have given us consent to process your personal data for specific purposes (e.g. receipt of newsletters), we process your personal data within the scope of this consent. You may withdraw your consent at any time with effect for the future; data processing carried out until the withdrawal remains unaffected.

We do not make automated individual decisions within the meaning of Art. 21 FADP that have legal effects or significantly affect you.


 

4 COLLECTION OF PERSONAL DATA

We primarily process the personal data we receive from you, from our customers and business partners, and from other involved persons, or that we collect when operating our website and other applications. This includes in particular:

 

Registration and account data: Information such as name, address, date of birth, nationality, gender, e-mail address, telephone number, username, password, as well as official identification documents and proof of residence. The specification of a loss limit is legally required. This data is necessary for the creation and management of your player account, access to our online gambling offering, and for fulfilling our legal and regulatory obligations (e.g. identity verification under the Federal Act on Gambling/AMLA).

 

Communication data: Information you send us via contact forms, e-mail, chat or other channels, including records of support requests. Transmission is encrypted (SSL). Communication data is deleted after completion of processing and expiration of any statutory retention periods.

 

Usage data: Technical information regarding the use of the website and app (e.g. IP address, device information, timestamps, interactions), as well as gaming history, deposits, withdrawals and information on gaming intensity.

 

Supplementary data: In specific cases, we may request additional evidence (e.g. on income or assets) to fulfil our legal obligations. To meet our due diligence obligations (AMLA), we may match your data with information from public registers (e.g. commercial register, debt enforcement register) and compliance databases (e.g. PEP lists).

 

Server log files: Each time our website is accessed, technical data (IP address, date and time of access, URL of the requested resource, referring website, browser type/version, device) is automatically recorded and stored. This data is technically necessary for proper display of the website and ensures stability and security. In anonymised form, we use this information to analyse and optimise the website. Log data is stored for a maximum of four weeks and then deleted.

 

Language settings: These are automatically determined from your browser or URL data and cannot currently be adjusted manually. Notification settings (SMS, e-mail, telephone) are enabled by default and can be adjusted in your profile.

 

Loyalty programme: By opening a player account, you automatically participate in our loyalty programme. You can end participation at any time by contacting us. For the loyalty programme, we use the data already collected for your player account; no additional data collection takes place. Cancellation has no effect on the use of our other services.

 

Biometric authentication: If you activate it in the app settings, you can log in using biometric authentication (e.g. Face ID or Touch ID). Recognition takes place solely via your device’s operating system. We never receive access to your biometric data. Use is voluntary and can be deactivated at any time in your device settings.


 

5 THIRD-PARTY PROVIDERS AND SERVICE PROVIDERS

5.1 COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies on our website that can identify your browser or device. Cookies are small text files stored by your internet browser on your computer or mobile device. In addition to temporary “session cookies”, which are deleted after your visit, “permanent cookies” may also be used. Cookies serve to optimise our online presence and offerings.

 

We use CCM19 to manage your cookie settings. When you first visit our website, you can select via the cookie banner which cookies you accept. You can adjust your settings at any time in your player profile. Please note that rejecting cookies may limit your ability to use all website features.


 

5.2 TYPEWISE

For our customer support, we use the AI platform of Typewise AG, Buckhauserstrasse 36, 8048 Zurich, Switzerland. The platform can partially automate responses to customer inquiries in live chat and by e-mail. More complex inquiries are forwarded to our staff. Data you provide (message, e-mail address, name) is stored for processing. Use is voluntary.

More information: https://www.typewise.app/privacy-policy


 

5.3 GAMANZA ENGAGE

For customer relationship management and our loyalty programme, we use Gamanza Engage, a CRM and gamification platform of Gamanza Group AG, a company of the Stadtcasino Baden Group. Gamanza Engage processes player data such as playing behaviour, transactions, and interactions in order to provide personalised offers and campaigns.

Gamanza Engage processes data on our behalf based on a data processing agreement.

More information: https://www.gamanzaengage.com/legal?type=privacy


 

5.4 PAYMENT SERVICE PROVIDERS

To process deposits and withdrawals, we work with various payment service providers (e.g. TWINT, credit cards, PostFinance). Depending on the payment method selected, your payment data is transmitted directly to the respective provider. Payment service providers process your data for payment processing; their respective privacy policies apply.


 

5.5 GOOGLE ANALYTICS

To design, analyse and improve our website according to user needs, we use Google Analytics, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service uses cookies. Information about your use of the website is transmitted to Google servers to compile activity reports. The IP address transmitted by your browser is not merged with other Google data.

More information on terms and data protection: https://marketingplatform.google.com/about/analytics/terms/us/ and https://www.google.com/intl/en/policies/.


 

5.6 GOOGLE TAG MANAGER

We use Google Tag Manager, a service of Google LLC, USA, to manage website tags. The Tag Manager itself is a cookie-less domain and does not process personal data. It triggers other tags that may collect data under certain circumstances.

More information: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/


 

5.7 HOTJAR

To optimise our website, we use Hotjar, a web analytics service of Hotjar Ltd., St Julian's STJ 1000, Malta. Hotjar allows us to analyse user behaviour (clicks, mouse movements, scroll behaviour) in anonymised form. It is not possible to identify individual persons.

More information: www.hotjar.com/legal/policies/privacy 


 

5.8 NEXOYA

To optimise our advertising campaigns, we use Nexoya, a marketing analytics platform of Nexoya AG, Konradstrasse 32, 8005 Zurich, Switzerland. Nexoya analyses the performance of our ads and optimises budget allocation using machine learning.

More information: https://www.nexoya.com/en/privacy-policy/


 

5.9 CLOUDFLARE

To protect our website against cyberattacks, we use Cloudflare, a service of Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA. Cloudflare acts as a Content Delivery Network (CDN) and firewall, processing IP addresses, request timestamps, requested URLs, browser and device types. Cloudflare may set cookies to prevent attacks.

More information: https://www.cloudflare.com/privacypolicy/


 

5.10 GOOGLE MARKETING PLATFORM GOOGLE ADS

We use the Google Marketing Platform and Google Ads from Google Ireland Ltd., Dublin, Ireland, to deliver and measure the effectiveness of online advertising. Information about your use of our website is collected to display targeted ads. Google Ads uses cookies.

More information: https://marketingplatform.google.com/about/ and https://policies.google.com/privacy.


 

5.11 MICROSOFT ADVERTISING

We use Microsoft Advertising, an online advertising service of Microsoft Corporation, Redmond, USA, to deliver and measure advertising performance. Information such as IP address or click behaviour may be collected.

More information: https://privacy.microsoft.com/en-en/privacystatement.


 

5.12 META (FACEBOOK, INSTAGRAM)

We use the Conversions API and Facebook Pixel from Meta Platforms Ireland Ltd., Dublin, Ireland, to measure the effectiveness of our Facebook ads and deliver targeted advertising. Data may be transmitted to Meta and associated with your Facebook account.

More information: https://www.facebook.com/privacy/policy/.


 

5.13 BANNERFLOW

We use Bannerflow, a service of Bannerflow AB, Klarabergsviadukten 90, 111 64 Stockholm, Sweden, to manage our display advertising. Bannerflow processes IP addresses and cookies to track ad interactions.

More information: https://www.bannerflow.com/privacy


 

5.14 TRUSTPILOT

We use Trustpilot from Trustpilot, Inc. (245 5th Avenue, 4th floor, New York, NY 10016, USA), to allow reviews and display them on our website.

More information: https://legal.trustpilot.com/end-user-privacy-terms.


 

5.15 SOCIAL MEDIA PLUGIN

We provide social media recommendation buttons for Facebook, Instagram, and LinkedIn. When these plugins are embedded, the operators of the networks may receive information that you accessed our website. If you are logged in to any of these networks during your visit, the operator may associate the visit with your account. If you do not wish this assignment, we recommend logging out before visiting our website.

Privacy notices of the operators:

Facebook: http://en-en.facebook.com/policy.php

Instagram: https://help.instagram.com/155833707900388

LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=d_checkpoint_rm_rememberMeOrganicLogin_ft_privacy_policy


 

6 DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

We work with various service providers and partners who support us in operating our systems and services (IT providers, hosting providers, mailing services, payment service providers). These process personal data on our behalf or act as independent controllers. Where we engage service providers, we contractually oblige them to use personal data only in accordance with applicable data protection law and to take appropriate security measures. We also use IT services from our Swiss parent company Stadtcasino Baden AG.

 

We disclose personal data to the following recipients:

  • Federal Gaming Board (FGB) and other supervisory authorities as part of their statutory duties
  • Tax authorities for fulfilling tax obligations 
  • Law enforcement authorities in cases of suspected criminal offences (money laundering, fraud) 
  • Other casinos in Switzerland: we are legally obliged to make the identity of persons subject to a gaming ban and other exclusion information available via a central database 
  • Anti-money laundering reporting office and SRO Casinos specialist office in cases of suspicion of money laundering, terrorism financing, or criminal funds 
  • Social responsibility institutions (addiction prevention and therapy centres): personal data may be exchanged on a case-by-case basis 
  • IT service providers and hosting providers 
  • Payment service providers for processing deposits and withdrawals 
  • Marketing and analytics providers to optimise our services 
  • Advisors (lawyers, auditors) where necessary 
  • Other third parties in Switzerland and abroad in cases of suspected fraud or criminal conduct, insofar as permitted and necessary for investigations or procedures 

 

We may disclose data to recipients in Switzerland, the European Economic Area (EEA), and third countries. In the USA, we transfer data to Google (Analytics, Ads, Tag Manager, Firebase), Microsoft (Advertising), Meta (Facebook, Instagram), Cloudflare (CDN/Firewall) and Trustpilot (reviews). We use EU Standard Contractual Clauses (SCC) recognised by the FDPIC and/or rely on the recipients’ Data Privacy Framework (DPF) certification. We transfer data to Bannerflow in Sweden; Sweden is part of the EEA and has an adequate level of data protection.

 

Casineo maintains a data recording system in Switzerland for the gambling activities offered on the platform, which records relevant player data and makes it available to the supervisory authority.


 

7 RETENTION PERIOD OF PERSONAL DATA

We process and store your personal data for as long as necessary to fulfil our contractual and legal obligations, achieve the purposes for which the data was collected, and comply with statutory retention and documentation obligations. Specifically:

  • Player and transaction data is stored for 10 years after the business relationship ends in accordance with gambling and anti‑money laundering regulations.
  • Data relating to exclusion procedures is stored for the duration of the exclusion and 10 years thereafter.
  • Communication data is usually deleted after 2 years unless longer retention is required.
  • Logfile data is deleted after 4 weeks.
  • Marketing data is stored until you withdraw your consent.

 

After these periods expire, your data is deleted or anonymised unless longer retention is required by law or justified interests exist.


 

8 DATA SECURITY

We take appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse, such as issuing internal policies, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymisation or anonymisation, and regular checks.


 

9 DATA SUBJECT RIGHTS

Under applicable data protection law and where provided therein, you have the right to access, rectification, deletion, restriction of processing, and the right to object to our processing – in particular processing for direct marketing purposes. You also have the right to the transfer of certain personal data to another controller (data portability).

 

Please note that we reserve the right to apply statutory restrictions. Your rights may be restricted where legal retention obligations apply (e.g. Federal Act on Gambling, AMLA: 10 years for identification, playing behaviour and financial transaction data), where the data is required for legal claims, or where overriding public interests exist (e.g. money laundering prevention, player protection). In these cases, we will inform you about the reasons for the restriction. If costs apply, we will inform you beforehand. We have already informed you about the right to withdraw consent under section 3.

 

Exercising these rights generally requires proof of identity (e.g. ID copy). To assert your rights, contact us at the address given in section 2.

 

Additionally, each data subject has the right to enforce claims in court or lodge a complaint with the competent data protection authority.


 

10 CHANGES TO THIS PRIVACY POLICY

We reserve the right to amend this privacy policy at any time, subject to applicable data protection laws. Changes will be published on our website and take effect upon posting. The current version is from February 2026.

If you have any questions regarding the processing or security of your personal data, you may contact the data protection officer listed in section 2 above.

Privacy Policy | casineo.ch