PRIVACY POLICY

At Swiss 500, we are 100% committed to protecting the privacy and security of our customers and site visitors. We understand the trust you place in our business when you provide us with personal information. Our Privacy Policy sets out our privacy promise to you. We do not share your data with third parties for them to market their products/services to you. If you have any questions about how we Protect Your Privacy, please contact us at info@swiss500.co.uk When you interact with us through our website (or otherwise) you may provide, or we may collect, certain information from which you are personally identifiable (which is referred to as personal data). For the purposes of the General Data Protection Regulation or “GDPR” (and all other laws relating to the use your personal data), we are the “data controller”, meaning that we are responsible for deciding how your personal data is used and more importantly, for keeping your data safe and only using it for legitimate reasons. We are committed to protecting your privacy and will take all steps necessary to comply with our legal obligations when using your personal data.

This Privacy Policy explains how we fulfil this commitment, so please read this carefully.

WHAT THIS POLICY TELLS YOU 1. What types of personal data you provide to us (or which we collect from you) when using our website or when you directly interact with us on other occasions; 2. How and why we use this data and the reasons we are legally allowed to do so; 3. Who we share your data with; 4. Your rights over your data and how you can exercise those rights; and 5. How to contact us if you have any issues or want to find out more.

WHAT INFORMATION DO WE COLLECT AND WHAT DO WE USE IT FOR? You may provide us with the following types of personal information when you register with Swiss500 or otherwise when you directly interact with us (when using our website or otherwise): Identity - first name, surname, Swiss500 log-in information (password), country of residence Contact - email address, telephone numbers and address Financial - payment card details, billing address, purchase information, payment history Profile - your preferences for marketing, other website preferences and feedback on your swiss 500 experiences through reviews and surveys Social - if you choose to open a Swiss500 account using your Facebook, Twitter or Google account, we will use your contact information used for the relevant account to help populate your Swiss 500 registration page We may collect the following types of information from you when you use our website (using cookies or other tracking technologies): Usage - information about how you use our website, including time spent on page, click-through s', download errors Technical - IP address, browser type, hardware type, network and software identifiers, device information, operating system and system configuration

The information
below sets out how we use your personal data and our lawful basis for doing so. We may process your personal data for more than one lawful basis depending on the specific purpose for which we are using it. Importantly, we will only use your personal data when the law allows us to.

Reason why we use the data What data Legal ground for using the data Register you as a Swiss500 customer Identity, Contact, Profile, Social Performance of a contract with you Enable you to log-in to your Swiss500 account Identity, Contact, Social Performance of a contract with you Enable you to participate in a Swiss 500 competition Identity, Contact, Financial, Surprise Performance of a contract with you To process payments which you make through our website Identity, Contact, Financial Performance of a contract with you Arrange for the delivery of your prize if you have won a competition Identity, Contact, Surprise Performance of a contract with you For internal administration and record keeping purposes All Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (for effective business administration and service provision) Notify you of changes to our Privacy Policy, our Terms and Conditions or other changes to our services or products Identity, Contact Performance of a contract with you Necessary to comply with a legal obligation Answer your enquiries which may involve contacting you by post, e-mail or phone Identity, Contact Performance of a contract with you Necessary for our legitimate interests (to ensure our customers are informed and satisfied with our services) Get in touch with you about relevant Swiss500 competitions, products and services Identity, Contact, Profile Necessary for our legitimate interests (to develop our business, including our competitions, products and services) Consent Contact you about third party products and services which we believe may be relevant to you or pass your details on to third parties to contact you directly about the same (in each case, only where you have indicated you would like to hear about these) Identity, Contact, Profile Consent Improve and personalize your experience of the Swiss500 website by delivering more relevant content and advertising whilst you browse Identity, Contact, Profile, Usage, Technical Necessary for our legitimate interests (to develop our business, improve our website and overall user experience and inform our marketing strategy) Administer the Swiss 500 website, including website trouble shooting, testing and analysis and to enable you to participate in interactive features of our website All Performance of a contract with you Necessary for our legitimate interests (to ensure that our website is fully functional and operating in the most effective way for you) Verify your identity and detect fraud and security issues All Necessary for our legitimate interests (to prevent and detect fraudulent activity, security incidents and criminal activity) Give you the opportunity to provide us with feedback through reviews and surveys Identity, Contact, Profile, Usage, Technical Necessary for our legitimate interests (to develop our business, promote new products and services, obtain feedback from customers to improve our services) We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. In addition to the above, we may also anonymise and aggregate your personal data in a way which means you cannot be identified. This may be helpful to us for testing our internal systems, carrying out research and general customer data analysis. Because this is not personally identifiable, we can use this for any purposes.

WHO DO WE SHARE YOUR DATA WITH? Importantly, we do not pass your personal data onto any third parties for them to market their products/services to you. If in the future we decide that we want to, we will only do so if we have your consent. We do however share your personal data with third parties to help us deliver our products and services to you in the most effective way possible.
These include third parties who assist us with: Delivering relevant Swiss500 email and text marketing (to the extent you have not unsubscribed) Our customer reviews and surveys Personalising the content on our website to ensure a tailored user experience Delivering relevant targeted and re-targeted advertising to keep you up to date with our services Detecting fraud or criminal activity Creating your Swiss500 account (being your social media companies who you have used to provide log-in information as part of the sign-up process) Running our competitions, such as our auditors, judges, professional advisers Other aspects of our service delivery, such as hosting our website and processing customer payments If we share personal data with third parties, we will ensure that access is limited on a strictly need to know basis and is subject to suitable obligations relating to confidentiality and security. Please note that certain of these third party service providers use cookies or other tracking technologies, which are explained more fully in our cookies policy. In addition to the above, we may also be required to share your personal data with third parties if required by law or regulation. In such circumstances, we will make sure that the disclosure is only to the extent required by law or regulation.

DO WE SEND ANY OF YOUR DATA OUTSIDE OF THE EEA? The European Economic Area or “EEA” is deemed to have good standards when it comes to data privacy. As such, we consciously limit the occasions when we may need to transfer or handle your data outside of the EEA. Where we do, for example where our service providers are based outside of the EEA, we make sure that your data is still treated fairly and lawfully in all respects (including making sure we have a legal ground for sending your data outside the EEA and putting in place all necessary safeguards for such arrangement). Where relevant, you will have the right to see a copy of any safeguards we put in place for international transfers of your data.


Article 13 – Information to be provided where personal data are collected from the data subject Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information: the identity and the contact details of the controller and, where applicable, of the controller’s representative; the contact details of the data protection officer, where applicable; the purposes of the processing for which the personal data are intended as well as the legal basis for the processing; where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party; the recipients or categories of recipients of the personal data, if any; where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available. In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing: the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period; the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability; where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; the right to lodge a complaint with a supervisory authority; whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data; the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2. Paragraphs 1, 2 and 3 shall not apply where and insofar as the data subject already has the information


YOUR RIGHTS
In certain situations, you are entitled to: access a copy of your personal data; correct or update your personal data, which you can do yourself by logging into your account or if you would prefer, please contact us and we can help you out; erase your personal data; object to the processing of your personal data where we are relying on a legitimate interest (as set out in the above information ); restrict the processing of your personal data; request the transfer of your personal data to a third party; or where you have provided your consent to certain of our processing activities, in certain circumstances, you may withdraw your consent at any time (but please note that we may continue to process such personal data if we have legitimate legal grounds for doing so). If you want to exercise any of these rights, please Contact Us.

You don’t have to pay a fee to exercise your rights, unless your request is clearly unfounded, repetitive or excessive (in which case we can charge a reasonable fee). Alternatively, we may refuse to comply with your request in these circumstances. Where your request is legitimate, we will always respond within one month (unless there is a legal reason to take longer, such as where your request is particularly complex).
We may also need you to confirm your identity before we proceed with your request if it is not clear to us who is making the request. In addition to the above, you may get in touch with our DPO as outlined below.


CONTACT US If you would like to discuss anything in this policy or if you want to exercise your rights, please get in touch: Email: play@swiss500.com

Please write to us at: The Customer Services Manager Swiss 500 130 130 Old Street London EC1V 9BD