Online Privacy Statement of Swisscard AECS GmbH

1. What is this Privacy Statement about?

In this Privacy Statement, Swisscard AECS GmbH (“Swisscard” or “we”), sets out how Swisscard processes your data in connection with the use of www.swisscard.ch, other websites operated by us or our apps (jointly referred to as the “Website”). That concerns all users of the Website even if they are not Swisscard customers.

Further information on data protection at Swisscard can be found on our website (www.swisscard.ch/dataprotection). There you will also find our other privacy statements. If you have any questions, please do not hesitate to contact us (Section 2).

2. Who is responsible for processing your data?

Swisscard is the data controller responsible for data processing under this Privacy Statement, meaning that it is the entity responsible for data protection under data protection law. If you wish to contact us in this regard, please write a letter to the following address:

Swisscard AECS GmbH
Data Protection
Neugasse 18
P.O. Box
8810 Horgen

3. What data do we process?

We process various data from multiple sources, particularly the following data:

• Technical data: When you use our Website, we collect your IP address and certain other technical data for technical reasons and to ensure the performance and security of our Website. This also includes logs in which the use of our systems is recorded and data in connection with the devices you use (e.g. information on the device manufacturer and type, the operating system or a device ID). To ensure the proper performance of the Website, we may also assign an individual code to you or your system (e.g. in the form of a cookie, see Section 8). This code is stored for the predetermined time and will often only remain in place for the duration of your visit. The technical data does not in itself allow any conclusions to be drawn about your identity. However, in the context of user accounts, registrations or the processing of contracts, the data may be linked to other data categories (and thus possibly to your person).
• Registration data: To use certain offers (e.g. competitions) and services (e.g. rewards shop), you must create a user account or register. To do so, you must provide certain data about yourself.
• Communication data: When you contact us by email or by other means of communication, we will collect the information exchanged, including your contact details and the peripheral data of the communication (e.g. time).
• Behavioral and preference data: Depending on our relationship with you, we try to get to know you better and to better tailor our products and services to you. To that end, we collect and use data about your behavior and your preferences. We do this by analyzing your use of the Website and by sometimes supplementing this information with details from third parties. Based on this we can, for example, calculate the probability that you want, need or do certain things. We already know some of the data required for this (e.g. where and when you use our services) or we obtain it by recording your behavior (e.g. how you use our Website).
• Other data: We may process other data that we collect or receive in connection with a card relationship or other contractual relationship with you, e.g. financial, risk and transaction data.

You provide us with much of this data yourself (via forms, communication with us, contracts, use of the Website). As a rule, you are not obliged to do so. If you conclude contracts with us or use our services, you must provide us with data as part of your contractual obligation, in particular contact and registration data. When using our Website, technical data then inevitably arises.

4. For what purposes do we process your data?

We process the data listed in Section 3 for the following purposes:

• in order to communicate with you and to contact you in the event of queries or for the purpose of making enquiries. For this purpose we will particularly use communication data and registration data. We store the data in order to be able to subsequently document our communication with you, as well as partly for training purposes, for quality assurance and for subsequent enquiries;
• for the establishment, administration and processing of contractual relationships;
• to comply with laws, directives and recommendations of authorities and internal regulations (compliance);
• for our risk management and as part of prudent corporate governance, including operational organization and corporate development;
• for purposes of market research, marketing and relationship management. For example, we will provide you with information, advertising and product offerings from Swisscard and from third parties (e.g. insurance companies), as printed matter, electronically or by telephone. Like most companies, we also personalize marketing and other communications to provide you with information and offers that are relevant to you. We therefore collect data on preferences as the basis for these personalisations (see Section 3).
• to improve our services and for product development purposes. For example, we analyse which products are used by which groups of people and how.
• to ensure appropriate IT security. Such processing includes, for example, analyses, tests, error checks and backup copies;
• to the extent necessary for other purposes such as, for instance, training and education purposes, internal processes and administrative purposes (e.g. management of data, accounting and record-keeping), enforcement of our rights and defence against claims (e.g. by securing evidence, legal assessments and participating in court or administrative proceedings), and preparing and processing purchases and sales of companies and assets as well as safeguarding other legitimate interests.
• To the extent that we ask for your consent for certain types of processing, we will inform you separately of the relevant purposes of the processing. You may revoke your consent at any time by giving us written notice thereof.

We base the processing of your personal data on the fact that it is necessary for the initiation or execution of a contract, that it is required or permitted by law, that it is necessary for legitimate interests on our part or those of third parties (e.g. processing for administrative and security-related purposes, to carry out credit checks and for purposes of market research, marketing, improvement of our services and product development) or that you have separately consented to the processing.

You may object to the processing for marketing purposes at any time by notifying us, including for individual communication channels (e.g. only advertising via e-mail) or for individual advertising campaigns or newsletters. This does not apply to automatically generated messages that cannot be individually adjusted. Further information about your rights can be found in Section 10.

5. What are the rules on profiling?

We can process and evaluate your data automatically in accordance with Section 3 for the purposes mentioned in Section 4 and thereby collect data on preferences. This includes what is known as profiling, i.e. automated analyses of data for analysis and forecasting purposes. The most important examples are profiling to combat money laundering and terrorist financing, to prevent fraud, to check credit ratings, and to manage risk, for customer care and for marketing purposes.

6. Whom do we disclose your data to?

We may also disclose your personal data to third parties in connection with our contracts, the Website, our services and products, our legal obligations or otherwise to protect our legitimate interests and the other purposes set out in Section 4.

This Section 6 explains the most frequent cases of data disclosure, indicating in each case which data may be disclosed. Further information can be found in Sections 3 and 4.

• Service providers: We work with service providers in Switzerland and abroad (e.g. for IT services) and provide them with the data required for their services. These service providers are subject to contractual and/or statutory confidentiality and data protection obligations.
• Partners: If you are a cardholder and your card bears the name or logo of third parties or if the card relationship includes bonus programs or insurance or other third-party services, Swisscard may exchange data with these partners to the extent necessary. These partners process the data received according to their own terms and conditions and may also use it for marketing purposes. By signing the card agreement, you also authorize these partners to provide us with corresponding information, e.g. on points balances in bonus programs or on insurance claims.
• Other disclosures: Data may also be disclosed to other recipients, e.g. to courts and government agencies in the context of proceedings and statutory duties of disclosure and cooperation, to purchasers of companies and assets, to financing companies in case of securitisations and to debt collection companies.

If data is transmitted via open networks (e.g. Internet or mobile networks), several providers (e.g. network operators, operators of operating systems) are involved in the transmission who can create a traffic profile and thus track when you contacted whom. It cannot be ruled out that third parties may access and also use transmitted data unlawfully. Sensitive data such as means of identification (especially card number, expiration date, card security code and PIN) should therefore never be transmitted by e-mail. As a cardholder, please note the due diligence obligations under the general terms and conditions applicable to the card product in question as well as any additional product and service conditions. Moreover, even in the case of encrypted transmission, the names of the sender and recipient remain identifiable. Third parties (in the event that apps and online platforms are used this may, for example, include Google or Apple) may be able to draw conclusions about existing or future business relationships. When using or installing an app or online platform, third parties (e.g. Apple or Google) may infer the existence of a customer relationship with Swisscard and certain content.

The aforementioned disclosures in Switzerland and abroad (see Section 7) are necessary for legal or operational reasons.

7. When do we disclose personal data to foreign countries?

As explained in Section 6, your personal data is processed not only by us but also by other entities, e.g. IT service providers. These may be located outside of Switzerland. Your data may also be transferred abroad and processed worldwide, including outside the EU or the European Economic Area (in so-called third countries such as the USA). The laws of many third countries do not currently guarantee a level of data protection complying with Swiss law. We therefore take contractual precautions to contractually compensate for the weaker statutory protection, unless disclosure is otherwise permitted by data protection law on a case-by-case basis. These precautions particularly include standard contractual clauses issued or recognized by the European Commission and the Swiss Data Protection and Information Commissioner (FDPIC). Additional information and a copy of these clauses can be found at https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html.

Please also note that data exchanged over the Internet is often transmitted via third countries. Your data may therefore be transferred abroad even if the sender and recipient are located in the same country.

8. What online tracking and online advertising techniques do we use?

We use various techniques on our Website that enable us and third parties brought in by us to recognize you when you use the Website again (including over multiple visits). Please refer to this Section for further information.

We want to be able to distinguish between access by you (via your system) and access by other users, and thus ensure the functionality of the Website and be able to carry out analyses and controls. The aim is not to draw conclusions about your identity, even if we could do so if we or the third parties we bring in are able to identify you by combining the data with registration data. Even without registration data, however, the technology is designed in such a way that you are recognized as an individual user each time you access the site, for example by our server (or the servers of the third parties) assigning you or your browser a unique identifier (known as a cookie).

Cookies and their purpose on our websites

Cookies are small files that are stored on your device in order to track your visit to the Website and your preferences when you navigate between various pages and sometimes in order to store settings in between your visits. The statistical data collected via cookies help us to make the Website more useful and user-friendly.

In addition to cookies, other techniques may be used to recognize you to a greater or lesser degree (i.e. distinguish you from other users); one example is “fingerprinting”: by combining your IP address, the browser you use and the screen resolution (this information is communicated by your system to any server on request) you can be recognized even without cookies. From a legal point of view, these techniques are mostly treated the same as the use of cookies. In the following, when we refer to “cookies” we also mean comparable techniques. We use cookies for the following:

• Recording the number and type of visits on the Website and its sub-pages so that we can determine whether and what parts of the Website must be improved;
• Displaying personalized content on this Website;
• Remarketing of advertisements;
• Display of personalized adverts and offers;
• Storing of settings in between your visits;
• Collecting statistical data on the number of visitors and their usage habits and to improve the speed and performance of the Website pages. 

One of the cookies that we use primarily serves the operation of portions of the Website and was already placed. Not all parts of this Website will function without this cookie.

Cookies of third parties and partners on our websites

Occasionally we use third-party services in order to improve user experience and our online advertising campaigns. In order to enable these third parties to provide their services, we may integrate their plug-ins and other third-party components. These components can likewise use cookies for similar purposes. Neither such third parties nor Swisscard have access to the data collected by the respective other party through the use of cookies.

We use cookies in order to display adverts of Swisscard to its partners when you visit websites of third parties with whom we have a marketing relationship. 

These third parties may collect anonymised information regarding your use of our and third-party websites and provide this anonymised data to us, including but not limited to geographical details, your user behavior on a website or the names of websites on which you were shown advertisements.
We use this information in order to display more relevant and useful advertisements and to improve the effectiveness of our advertising measures.

Deleting cookies

You can decide against using cookies at any time by deleting the cookies that were set by the Website and by blocking any other cookies. This is possible using the settings in your Internet browser. However, not all parts of this Website will function without cookies.

Tracking technologies on our websites

IP anonymisation was activated on this Website: the tracking code was extended in order to allow the anonymised collection of IP addresses (known as IP masking).

Services from Google

We use Google Analytics to automatically collect anonymised user data when you visit this Website. This information helps Us to determine in aggregated form how visitors use the Website and how often and how long they visit individual pages.

Google Analytics

This Website uses Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses cookies, i.e. text files that are stored on your computer and help analyse how you use the Website. The information generated by the cookies on your use of this Website is generally transferred to a Google server in the USA and stored there.

Link Google Analytics Data Protection

Disable Google Analytics

Google DoubleClick Digital Marketing Platform

This Website uses DoubleClick Digital Marketing Platform, a web analysis service from Google. DoubleClick sets cookies when you look at an advertisement or click on an advertising banner from Us that is located on partner websites. This occurs in order to display banners that are more interesting to you. Using the cookie, we can register specific data regarding the interaction of your browser with a particular overlay. It also records whether you have looked at an advertisement, clicked on it, and whether this resulted in registration with Us. The data are collected and stored in anonymized form. If you do not wish for this information to be collected, you can deactivate the use of cookies in your browser.

Link Google Data Protection Policy

Disable Google data collection

Google Adwords Digital Marketing Platform

This Website uses the online advertising program "Google Adwords" to improve the Website and its advertising activities and in that context, conversion tracking. The cookie for conversion tracking is set when a user clicks on an advertisement placed by Google. These cookies become invalid after 30 days and are not used for personal identification. If the user visits particular pages of this Website and the cookie has not yet expired, We and Google can detect that the user has clicked on the advertisement and was forwarded to this page. Each Google AdWords customer receives a different cookie. Therefore, cookies cannot be tracked across the websites of AdWords customers. The information obtained using the conversion cookie is used to prepare conversion statistics for AdWords customers that have decided for conversion tracking. The customers receive the total number of users that have clicked on their advertisement and were forwarded to a page provided with a conversion tracking tag. However, they do not receive any information that allows the user to be personally identified.

Link Google Data Protection Policy

Disable Google data collection

Adtelligence Platform

On our Website we use the software Adtelligence Platform from ADTELLIGENCE GmbH, www.adtelligence.com. This allows target-group-specific targeting in order to personalise our online business. For this purpose, the data of visitors to the Website is collected and assigned to specific target groups by means of cookies and pixel counters. The target-group-specific characteristics are recorded by Adtelligence and transmitted to the system in anonymised form and stored on servers in Germany. On this basis, pages or content displayed to you are controlled in order to present you with personalized and relevant website content. We will not transfer this information to third parties. If you do not want cookies to be stored on your computer, you can prevent their installation by setting your browser software accordingly or deleting cookies that have already been stored. In this case, however, it is possible that you will not be able to use all the functions of the Website.

Should you wish to object to this procedure, please do so by clicking on the following opt-out link:

https://optout.adtelligence.com/swisscard/EN

Matomo

Adtelligence uses the open-source analysis software Matomo (formerly Piwik) to track visitor actions.

If you do not agree to the storage and use of your anonymised data by Matomo, you can deactivate the storage and use here. In this case, an opt-out cookie will be stored in your browser, which prevents Matomo from storing usage data. If you delete your cookies, this will mean that the Matomo opt-out cookie will also be deleted. The opt-out must be reactivated when you visit our site again.

Services of social media platforms Facebook pixel

This Website uses the Facebook-Pixel of Facebook for statistical purposes. A cookie is used to understand how our marketing measures are received on Facebook and how they can be improved. You can disable this function on your user account on Facebook. 

Link Facebook Inc. data privacy

Link Facebook advertising campaigns and their administration

9. How long do we store your data?

We store your data for as long as required by applicable statutory requirements or by the purpose of its processing. The duration of storage is therefore based on statutory retention obligations and the processing purposes (see Section 4), which also include safeguarding our legitimate interests.