Privacy Policy
Privacy policy in accordance with the GDPR.
I. Name and address of the controller
François-Blanc-Spielbank GmbH
Bad Homburg v. d. Höhe
Kisseleffstr. 35
61348 Bad Homburg v. d. Höhe
Germany
Telephone: +49 (0)6172 170 10
Email: info@casino-bad-homburg.de
Website: https://www.spielbank-bad-homburg.de
is the controller referred to in the EU General Data Protection Regulation (GDPR) and other national data protection laws.
II. Name and address of the data protection officer
The data protection officer for the controller is
AGOR AG
Hanauer Landstr. 151-153
60314 Frankfurt am Main, Germany
Telephone: +49 (0)69 9043 7965
Email: info@agor-ag.com
Website: www.agor-ag.com
III. General information regarding data processing
1. Scope of processing of personal data
We collect and use personal data from users of our homepage in principle only to the extent necessary to provide a functioning website, our content and services.
We collect and use personal data from our users in principle only after they have given consent. An exception to this principle exists in cases where a processing of the data is allowed by legal requirements or where it is not possible to obtain prior consent for practical reasons.
2. Legal basis for the processing of personal data
The legal basis for the processing of personal data stems in principle from:
- Article 6, paragraph 1 (a) of the GDPR where consent has been obtained from the data subject.
- Article 6, paragraph 1 (b) of the GDPR for processing that serves to perform a contract to which the data subject is party. This includes processing operations that are required to implement pre-contractual measures.
- Article 6, paragraph 1 (c) of the GDPR for processing that is necessary for compliance with a legal obligation.
- Article 6, paragraph 1 (d) of the GDPR, if the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person.
- Article 6, paragraph 1 (f) of the GDPR, if the processing is necessary in relation to the purposes of the legitimate interests pursued by the controller or by a third party, and the interests, fundamental rights and freedoms of the data subject do not override the previously named interests.
3. Data erasure and period of storage
The personal data of the user will be deleted or made unavailable as soon as the purpose for which it was stored no longer applies. The data may be stored beyond this period if this was provided for by European or national lawmakers in Union legal directives, laws or other regulations to which the controller is subject. The data will also be made unavailable or deleted if a period for which the personal data is stored that is prescribed by the standards named above is reached, unless it is necessary to continue to store the data in order to complete or perform a contract.
4. Data transmission outside of the EU
The GDPR ensures a consistent high level of data protection throughout the European Union. When selecting our service providers, we therefore choose European partners wherever possible in the case that processing of your personal data is required. Only in exceptional cases will we have data processed outside of the European Union with the use of third-party services. We only allow your data to be processed in a third country in accordance with the specific requirements of Art. 44 et seq. GDPR. This means that your data can then only be processed in accordance with special guarantees, such as the determination of a level of data protection corresponding to the protection within the EU as officially recognised by the EU Commission or the observance of officially recognised special contractual obligations, known as standard data protection clauses.
Moreover, please be advised that processing of your data is carried out in the USA in relation to individual cookies and service providers. The European Court of Justice has deemed the USA to have an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and monitoring purposes, possibly without any means of redress.
IV. Use of our website, general information
1. Description and scope of the data processing
Upon every visit to our website, our system automatically collects data and information from the computer of the user. In the process, the following data is collected:
(1) information about the browser type and version used
(2) the user’s operating systems
(3) the user’s Internet service provider
(4) the user’s IP address
(5) date and time of access
(6) websites from which the system of the user came to our website
(7) websites accessed by the user’s system via our website
The data described here is stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Disclosure of data to third parties
Our website is maintained by an advertising agency which is contracted by us to process data as referred to in Article 28 of the GDPR and obliged to preserve data secrecy, and which has access to our server for this purpose: burnthebunny GmbH, Christian-Pleß-Straße 11–13 | Haus 1, 63069 Offenbach am Main, Germany.
The server hardware necessary for this purpose is rented from a hosting service provider, which nevertheless has no regular opportunity to access the server: Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4–6, 32339 Espelkamp, Germany.
3. Purpose and legal basis for the data processing
The temporary storage of the IP address is required by our system in order to deliver the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage in log files occurs to ensure the functionality of the website. The data moreover serves to optimise the website and to guarantee the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context.
The legal basis for the temporary storage of the data and the log files is Article 6, paragraph 1 (f) of the GDPR.
The legal basis for the temporary storage of the data is Article 6, paragraph 1 (f) of the GDPR.
Collecting your personal data in order to make our website available and storing that data in log files is absolutely necessary for the operation of the website. The user therefore has no possibility to object.
4. Period of storage
Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Your data is collected in order to ensure the delivery of the website, and it will be deleted when the respective session is ended.
If your data is stored in log files, it will be deleted after no longer than seven days. The data may be stored beyond this period, although in this case the user’s IP address will be deleted or made unrecognisable. It is therefore no longer possible to attribute the data to the client accessing the page.
V. General information about the use of cookies
We use cookies on our website. Cookies are text files that are stored within an Internet browser or by the Internet browser on the user’s computer system. If you access a website, this may store a cookie on your operating system. This cookie contains a unique string of characters that enables an unequivocal identification of the browser upon subsequent access of the website.
We use cookies to make our homepage more user-friendly. Several elements of our website require that it be possible to identify the browser even after the user has changed pages.
In the process, the following data is stored and transmitted:
- language settings
The legal basis for the processing of personal data in connection with the use of cookies stems from Article 6, paragraph 1 (f) of the GDPR. The purpose of using technically necessary cookies is to simplify the use of our website.
We wish to point out that isolated features of our website can only be offered through the use of cookies. This applies to the following applications:
- MailMunch
- WordPress
We do not use user data collected through technically necessary cookies to create user profiles.
Cookies are stored on the user’s computer, which transmits them to our page. As a user, you ultimately have control over the use of cookies. You can limit or deactivate the transfer of cookies by changing the settings in your Internet browser. In your browser settings, you can also delete cookies that have been stored. Please note that you may not be able to use all features of our website if you deactivate cookies.
.
VI. Your rights/rights of the data subject
Under the EU General Data Protection Regulation, you as the data subject have the following rights:
1. Right to access
You may obtain information from us as the controller as to whether we are processing personal data concerning you. You may furthermore obtain the following information:
(1) the purposes of the processing
(2) the categories of personal data concerned
(3) the recipients or categories of recipient to whom the personal data has been or will be disclosed
(4) the envisaged period for which the personal data concerning you will be stored, or, if not possible, the criteria used to determine that period
(5) the existence of the right to request from the controller rectification or erasure of personal data concerning you, the right to restriction of processing of personal data or to object to such processing
(6) the right to lodge a complaint with a supervisory authority
(7) where the personal data is not collected from the data subject, any available information as to their source
(8) the existence of automated decision-making, including profiling, referred to in Article 22, paragraph 1 and 4 of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
Finally, you have the right to obtain information about whether your personal data is being transferred to a third country or to an international organisation. In this context, you have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.
You can exercise your right to access by writing an email to info@spielbank-bad-homburg.de.
2. Right to restriction
The right to restriction of processing of personal data concerning you can be exercised in the following cases:
(1) the accuracy of the personal data is contested by the data subject for a period, enabling the controller to verify the accuracy of the personal data
(2) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead
(3) the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims
(4) the data subject has objected to processing pursuant to Article 21, paragraph 1 of the GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject
If processing of personal data concerning you has been restricted, such personal data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained restriction of processing on the principles represented here, you will be informed by us before the restriction of processing is lifted.
3. Right to erasure
If the following grounds apply, you can obtain the erasure of the personal data concerning you without undue delay. The controller has the obligation to erase this data without undue delay. The reasons are:
(1) The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
(2) You withdraw consent on which the processing is based according to Article 6, paragraph 1 (a) or Article 9, paragraph 2 (a) of the GDPR. A further condition is that there is no other legal ground for the processing.
(3) You object to the processing pursuant to Article 21, paragraph 1 of the GDPR and there are no overriding legitimate grounds for the processing. A further possibility is that you object to the processing pursuant to Article 21, paragraph 2 of the GDPR.
(4) The personal data has been unlawfully processed.
(5) The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data has been collected in relation to the offer of information society services referred to in Article 8, paragraph 1 of the GDPR.
Where we have made the personal data public and are obliged pursuant to Article 17, paragraph 1 of the GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to and copies or replications of this personal data.
We wish to point out that there is no right to erasure to the extent that the processing is necessary:
(1) for exercising the right of freedom of expression and information
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
(3) for reasons of public interest in the area of public health in accordance with Article 9, paragraph 2 (h) and (i) as well as Article 9, paragraph 3 of the GDPR
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89, paragraph 1 of the GDPR in so far as the right referred to in (a)[W+W1] is likely to render impossible or seriously impair the achievement of the objectives of that processing
(5) for the establishment, exercise or defence of legal claims
4. Right to information
Where you have exercised the right to rectification, erasure or restriction of processing, the controller is obligated to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You furthermore have the right to be informed by the controller about those recipients.
5. Right to data portability
Under the GDPR, you furthermore have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You moreover have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:
- the processing is based on consent pursuant to Article 6, paragraph 1 (a) or Article 9, paragraph 2 (a) of the GDPR or on a contract pursuant to Article 6, paragraph 1 (b), and
- the processing is carried out by automated means
In exercising this right to data portability, you finally have the right to have the personal data transmitted directly from one controller to another where technically feasible and where this does not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
6. Right to withdraw consent regarding data protection
You have the right to withdraw your consent to this privacy policy at any time. We wish to point out that withdrawing consent does not affect the lawfulness of the processing that occurred with your consent before consent was withdrawn.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6, paragraph 1 (e) or (f) of the GDPR. The right to object includes the right to object to profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data concerning you is processed for direct marketing[W+W1] purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
You may further exercise your right to object in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, by automated means using technical specifications.
8. Automated individual decision-making, including profiling
Under the EU General Data Protection Regulation, you also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. An exception to this principle nevertheless applies if the decision:
(1) is necessary for entering into, or performance of, a contract between the data subject and a data controller
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or
(3) is based on the data subject’s explicit consent
If the processing occurs in the scope of the cases named in paragraphs (1) and (3), the data controller will implement suitable measures to safeguard your rights and freedoms and legitimate interests. This includes at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Decisions referred to in paragraphs (1) to (3) may not be based on special categories of personal data referred to in Article 9, paragraph 1 of the GDPR, unless Article 9, paragraph 2 (a) or (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
9. Right to lodge a complaint with a supervisory authority
If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
VII. Newsletter
The newsletter feature has been deactivated.
VIII. Contacting us electronically
In case you would like to contact us, we have provided a contact form on our homepage that you can use to do so electronically. If you do so, the data you enter into the input field is transmitted to us, where it is stored. This data includes:
- first and last name (required information)
- email address (required information)
- information about your tournaments (required information)
- subject line (required information)
- individual message (required information)
At the time your message is sent, the following data is additionally stored:
- the user’s IP address
- date and time of the registration
- message
- email address
You may also contact us at the email address we have provided. In this case, the personal data of the user which is sent with the email is stored.
Your data is not disclosed to third parties in this context. The data is used exclusively for processing your request for communication.
The legal basis for the processing of the data where the user has given consent is Article 6, paragraph 1 (a) of the GDPR. The legal basis for the processing of the data which is transmitted in the course of sending an email is Article 6, paragraph 1 (f) of the GDPR. If the intention of the email contact is to enter into a contract, the additional legal basis for the processing is Article 6, paragraph 1 (b) of the GDPR.
The processing of personal data in this context serves only for us to process your contact request. In the case of contact by email, there is also a necessary legitimate interest to process the data.
Should other personal data be processed as part of the sending process, this processing will serve only to prevent misuse of the contact form and to ensure the security of our information systems.
Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case for personal data from the input field of the contact form and from poker reservations, and for the data which was sent by email when the respective conversation with the user is ended. The conversation is ended when the situation indicates that the issue at hand has been finally resolved. The personal data collected in connection to reservations for poker tournaments will be deleted after the respective tournament.
The personal data additionally collected in the course of the sending process will be deleted after a period of no longer than seven days.
You may withdraw your consent at any time to the processing of your personal data. You may also object at any time to the storage of your personal data when you contact us by email. We wish to point out, however, that in this case the conversation cannot be continued.
In this case, all personal data which has been stored in the course of establishing contact will be deleted.
Job vacancies
Job vacancies are posted on this website at irregular intervals, for which interested parties can apply by post or email. When we receive an application, we process the data received from the applicant exclusively for the purposes of potentially filling the vacant position.
The primary legal basis for this is Art. 88 GDPR in conjunction with Section 26 (1) of the Federal Data Protection Act.
Within our company, only those who are involved in the application procedure and who make decisions about the result of the application will have access to your personal data.
Your personal data will not be shared with third parties.
We will delete your personal data as soon as it is no longer required for the purposes specified above. If we enter into an employment relationship with an applicant, the data transmitted will be stored for the purposes of processing the employment relationship in accordance with legal regulations. If no employment contract is concluded with the applicant, the application documents shall be deleted no later than six months after the notification of the rejection decision, provided that no other legitimate interests on the part of the controller prevent such deletion. Other legitimate interest in this sense includes, for example, a duty to provide evidence in proceedings under the German General Equal Treatment Act (AGG - Allgemeines Gleichbehandlungsgesetz).
IX. Web analytics
1. Use of Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. (hereinafter: ‘Google’). Google Analytics uses cookies, which are text files that are stored on your computer to help analyse your use of the website. As a rule, the cookie-generated data regarding your use of this website will be forwarded to a Google server in the USA and stored there. However, if IP anonymisation is enabled on this website, your IP address will first be truncated by Google within the member states of the European Union or other parties to the agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports for the website operator on website activity as well as providing other services relating to website activity and Internet usage.
Google will not link the IP address transferred by your browser as part of Google Analytics with any other data held by Google.
You can prevent storage of these cookies by selecting the appropriate settings in your browser software. However, if you do this we wish to point out that you may not be able to use all the features of this website. Furthermore, you can prevent Google from collecting data generated by the cookie and related to the usage of the website (including your IP address) and processing this data by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the extension ‘_anonymizeIp()’. This extension truncates IP addresses before they are further processed, preventing data from being linked to a specific person. Insofar as the data gathered from you can be linked to a specific person, this link is immediately removed and the personal data therewith quickly deleted.
We use Google Analytics in order to analyse and regularly improve the use of our website. The statistics we gain help us to improve our offering and make it more interesting for you as a user. The legal basis for the use of Google Analytics is Article 6, paragraph 1, sentence 1 (f) of the GDPR.
Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1)436 1001. Terms and conditions of use: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html and the privacy policy: http://www.google.de/intl/de/policies/privacy.
This website also uses Google Analytics to analyse visitor streams across multiple devices which are carried out via one user ID. You may deactivate the analysis across multiple devices in your customer account in ‘My data’, ‘Personal data’.
2. Use of Google Fonts
On the basis of our legitimate interests in accordance with Article 6(1)(f) GDPR, we integrate fonts (‘Google Fonts’) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Our objective is to optimise our website and operate it economically. The provider’s privacy policy can be found at: https://www.google.com/policies/privacy/, https://www.google.com/policies/privacy/. An opt-out can be set at: https://adssettings.google.com/authenticated
3. Use of Typekit fonts from Adobe
On the basis of our legitimate interests (i.e. interests in the analysis, optimisation and economical operation of our online offering within the meaning of Article 6(1)(f) GDPR), we use external Typekit fonts provided by Adobe Systems Software Ireland Limited, 4–6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. The provider, Adobe, is certified under the Privacy Shield Framework in compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active).“
4. Google AJAX Search API
Our website uses the Google AJAX Search API through JavaScript code. By using the search field located on this website, data will be transmitted to Google. Google’s privacy policy applies in this case (https://www.google.com/intl/en_gb/policies/privacy/). In order to prevent the execution of the JavaScript code, you can install a JavaScript blocker (e.g. www.noscript.net).
X. Cookies
(Most recent update: 17 December 2020)