Data protection information for customers of the Swiss Bankers Prepaid Services Group regarding data processing on the basis of the EU General Data Protection
The following information provides an overview of how we process personal data and what rights you have as our Business Partners under the applicable data protection laws and regulations. It will largely depend on the requested or agreed services which personal data is being processed in detail and how it is used.
1. Responsible persons and contact information
Swiss Bankers Prepaid Services AG, Kramgasse 4, CH-3506 Grosshöchstetten, Switzerland
Phone: +41 31 710 11 11
E-mail address: firstname.lastname@example.org
Swiss Bankers Prepaid Services (Liechtenstein) AG, Austrasse 56, FL-9490 Vaduz, Liechtenstein
Phone: +423 233 31 41
E-mail address: email@example.com
2. Sources and categories of personal data
We process personal data that we receive from our Business Partners and other persons involved in the course of our business relationship or that we collect from the respective users when operating our websites, apps and other applications.
To the extent permitted for the provision of our services, we also process personal data that we collect from publicly accessible sources (e.g. public registers, publicly accessible debtor directories, public social media platforms, land registers, commercial and association registers, from the press or the Internet) or that is legitimately transmitted to us by other companies of the Swiss Bankers Prepaid Services Group or by other third parties (e.g. credit agencies, sanctions lists, providers of risk management or intelligence solutions).
The categories of personal data processed include the following: Master data such as name, address, telephone numbers, E-Mail address and other contact details, date of birth, place of birth, gender, marital status, data on the type of partner (employee/self-employed) and nationality, legitimation data and information on compliance with legal requirements such as anti-money laundering (e.g. ID data, national insurance number) and export restrictions as well as authentication and certification data. In addition, this may also include order data (e.g. card charge), data from the fulfilment of our contractual obligations (e.g. turnover data), information on the financial situation (e.g. creditworthiness data, scoring/rating data, origin of assets), advertising and sales data (including advertising scores), documentation data (e.g. telephone logs), technical data on the use of media offered via us (e.g. time of access to our websites, apps or newsletters, pages clicked on by us or entries, relevant metadata, IP addresses, types and versions of browser plug-ins, cookies, external and internal identifiers, logging data) as well as other data comparable to the aforementioned categories, as well as other data that is transmitted to us if it is voluntarily transmitted or made available to us (e.g. by subscribing to a newsletter or using certain services).
3. Purpose of the processing and legal basis
a) Compliance with contractual obligations
Personal data is processed with regard to the provision of pre-contractual measures and our services - in particular for the performance of contracts with you and the execution of your orders - as well as all activities required in connection with our business operations and administration.
The purposes of data processing depend primarily on the specific product or service requested from us by the data subject (e.g. use of prepaid card, ordering banknotes, cash transfers).
b) Based on the balancing of interests
Where necessary, we process personal data beyond the actual performance of the contract in order to protect the legitimate interests of us or of third parties, unless the interest of the customers in the protection of their personal data prevails.
c) Based on consent
Insofar as we have been granted consent to process personal data for specific purposes (e.g. evaluation of payment transaction data for marketing or market research purposes), this processing is lawful on the basis of this consent. Any consent given can be revoked at any time. The revocation of consent does not affect the lawfulness of the data processed until the revocation. Any processing that took place before the revocation remains unaffected by this.
d) Due to legal requirements or based on public interests
As a financial institution, we are subject to various local and global legal obligations, i.e. statutory requirements (e.g. CH Banking Act/FL Money Laundering Act, CH Money Laundering Act/FL Due Diligence Act, tax laws) as well as supervisory requirements (e.g. of the Swiss FINMA or the FMA Liechtenstein).
The purposes of processing include, but are not limited to, identity verification, combating fraud, money laundering and terrorist financing (e.g. automatic exchange of information with foreign tax and law enforcement authorities, etc.), the fulfilment of control and reporting obligations under tax law or regulatory disclosure, notification or reporting obligations to authorities and courts, and the assessment and management of risks within the Swiss Bankers Prepaid Services Group.
4. Recipients of the personal data
As a financial institution, we are obliged to maintain professional secrecy. We may only disclose your personal data to other companies in the Swiss Bankers Prepaid Services Group or to third parties that need it to fulfil the purposes set out in section 3 or for risk management services, and if there is a corresponding legal basis for doing so. Service providers and vicarious agents employed by us may also receive data for these purposes if they maintain banking secrecy or business confidentiality. These are companies in the categories of IT services, logistics, printing services, telecommunications, video identification, consulting, auditing, banks, stock exchanges, clearing houses, collection services, payment card processing, risk controlling, expense reports as well as sales and marketing. With regard to the disclosure of data to recipients outside the authorised companies, we are obliged to maintain confidentiality about all client-related facts and evaluations of which we become aware. We may only pass on information about customers if they have given their consent, if this is required by law, or if we are authorised to provide information. Under these conditions, recipients of personal data may be, for example:
Further data recipients may be those entities for which we have been granted consent to transfer data or for which we have been released from banking or business secrecy pursuant to an agreement or consent.
5. Transfer of personal data abroad / to an international organisation
For customers domiciled in a member state of the EU or in the EEA: Data transfer to third countries (states outside the European Economic Area - EEA; e.g. Switzerland) takes place in accordance with Art. 44 ff. DSGVO for the execution of your orders to Swiss Bankers Prepaid Services AG (registered office in CH-3506 Grosshöchstetten), if the data transfer is necessary or provided for by law, in the context of order processing, if the transfer is otherwise permissible under the applicable data protection laws and regulations or if you have given us your consent.
Swiss Bankers Prepaid Services AG, Austrasse 56, 9490 Vaduz, acts as the representative of Swiss Bankers Prepaid Services AG in the EU or EEA pursuant to Art. 27 of the GDPR.
In the context of order processing, your personal data will only be transferred to third countries if the relevant country (or the international data protection agreement applicable to such country) is deemed by the competent authorities and institutions to have an adequate level of data protection or, in the absence of such an adequacy decision, if the recipient ensures adequate protection based on appropriate safeguards in accordance with applicable data protection laws and regulations (e.g. the standard contractual clauses of the European Commission, adapted where appropriate to local law, or legal exceptions apply in accordance with data protection laws and regulations). e.g. the European Commission's standard contractual clauses, adapted to local law where applicable) or legal exceptions under data protection laws and regulations apply (e.g. explicit consent).
6. Retention period
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation that is intended to last for years. We have procedures in place to review the different categories of personal data we hold at different times. This ensures that we do not store them for an excessively long period of time. If the data is no longer required for the purposes of processing, or if we are otherwise legally obliged to delete the personal data, it is regularly deleted, unless its - temporary - further processing is required for the following purposes: Compliance with legal retention obligations: The Swiss Code of Obligations (CO), the Business Records Ordinance and the Anti-Money Laundering Act (AML) are worth mentioning. The retention and documentation periods specified there are ten years.
7. Your data subject rights
Based on the applicable data protection laws and regulations, data subjects have, under certain conditions, the right to information, the right to access, the right to rectification, the right to erasure, the right to restriction of processing, the right to object and, where applicable, the right to data portability.
The exercise of such rights usually requires that you clearly prove your identity (e.g. by means of a copy of your identity card if your identity is otherwise not clear or cannot be verified). To exercise your rights, you can contact us at the address given in section 1.
In addition, every data subject has the right to enforce his or her claims in court or to lodge a complaint with the competent data protection authority.
7.2 Right to object (general)
You have the right to object at any time, on the grounds of your particular situation, to the processing of your personal data carried out on the basis of processing in the public interest and for the purposes of safeguarding legitimate interests; this also includes any profiling for the purposes of specific regulation. If you object, we will no longer process your personal data unless we can demonstrate the compelling legitimate grounds for processing which override your interests, rights and freedoms, or where the processing is for the enforcement, exercise or defence of interests. Please note that in such cases we may no longer be able to provide our services or maintain the business relationship.
7.3 Right to object to data processing for marketing purposes
In certain cases, we may process your personal data for direct marketing purposes. You have the right to object to the processing of your personal data for such direct marketing purposes at any time, including profiling where it is related to direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes.
The objection can be made form-free and should be addressed to: Swiss Bankers Prepaid Services AG, Kramgasse 4, CH-3506 Grosshöchstetten or to Swiss Bankers Prepaid Services (Liechtenstein) AG, Austrasse 56, FL-9490 Vaduz.
8. Obligation to provide personal data
Within the scope of our business relationship, you as our customers must provide such personal data as is necessary for the establishment and performance of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we would not be able to enter into or perform a contract, or we might no longer be able to perform an existing contract and would have to terminate it. In particular, we are obliged under money laundering regulations to identify clients by means of an identity document before the business relationship is established. In particular, we must collect and record the name, place of birth, date of birth, nationality, effective residence address and identification document data. In order for us to comply with the laws on combating money laundering and the financing of terrorism, you must provide us with the necessary information and documents. If there are any changes to this data in the course of the business relationship, you must notify us immediately. If you do not provide us with the necessary information and documents, we may not enter into or continue the business relationship with you.
9. Automated decision-making in individual cases, including profiling
As a rule, we do not make any decisions on the establishment and implementation of a business relationship based exclusively on fully automated processing. Should we use these procedures in individual cases, we will separately inform you about this if this is required by law. In such cases, you have the right, under certain conditions, to object, to state your own position and/or to request that the decision be reviewed by a natural person.
In some cases we may automatically process your personal data to assess certain personal aspects relating to you ("profiling") We use profiling, for example, in the following cases:
10. Data security
All Swiss Bankers Group personnel who process personal data must comply with our internal guidelines and rules on the processing of personal data in order to protect them and to maintain their confidentiality.
We have also implemented appropriate technical and organisational measures to protect personal data against unauthorised, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing. These security measures are implemented taking into account the state of the art, the implementation costs and the risks associated with the processing and the nature of the personal data, with particular care for personal data requiring special protection.
11. Cookies and web analytics services
12. List of data collections and processing via third parties
Mobile Event App (Plazz AG)
Google Analytics, Google Adwords, Google Search Console, Google Tag Manager
Facebook, Instagram, TikTok
Advertiser Plista, Sizmek, Target Performance
My Card App (Opentech)
Agencies: Afca, Contexta, Four, Nemuk, Opentech, Baker Street