Data Protection

Data protection information for customers of the Swiss Bankers Prepaid Services Group regarding data processing on the basis of the EU General Data Protection

Privacy policy for the use of the website

This Privacy Policy applies to visitors to our website, existing and potential clients, shareholders, investors, distributors, contractors, service providers, suppliers and other third parties (collectively "Business Partners") and provides an overview of the collection and processing of personal data by the Swiss Bankers Prepaid Services Group, consisting of Swiss Bankers Prepaid Services AG, CH-Grosshöchstetten and Swiss Bankers Prepaid Services (Liechtenstein) AG, FL-Vaduz.

The following information provides an overview of how we process personal data and what rights you have as our Business Partners under the applicable data protection laws and regulations. It will largely depend on the requested or agreed services which personal data is being processed in detail and how it is used.

 

1. Responsible persons and contact information

Swiss Bankers Prepaid Services AG, Kramgasse 4, CH-3506 Grosshöchstetten, Switzerland

Phone: +41 31 710 11 11

E-mail address: info@swissbankers.ch

 

Swiss Bankers Prepaid Services (Liechtenstein) AG, Austrasse 56, FL-9490 Vaduz, Liechtenstein

Phone: +423 233 31 41

E-mail address: info@swissbankers.li

 

2. Sources and categories of personal data

We process personal data that we receive from our Business Partners and other persons involved in the course of our business relationship or that we collect from the respective users when operating our websites, apps and other applications.

To the extent permitted for the provision of our services, we also process personal data that we collect from publicly accessible sources (e.g. public registers, publicly accessible debtor directories, public social media platforms, land registers, commercial and association registers, from the press or the Internet) or that is legitimately transmitted to us by other companies of the Swiss Bankers Prepaid Services Group or by other third parties (e.g. credit agencies, sanctions lists, providers of risk management or intelligence solutions).

The categories of personal data processed include the following:

  • Master data such as name, address, telephone numbers, E-Mail address,
  • other contact details, date of birth, place of birth, gender, marital status,
  • data on the type of partner (employee/self-employed) and nationality,
  • legitimation data and information on compliance with legal requirements such as anti-money laundering (e.g. ID data, national insurance number) and
  • export restrictions as well as authentication and certification data.

In addition, this may also include the following data:

  • order data (e.g. card charge),
  • data from the fulfilment of our contractual obligations (e.g. turnover data),
  • information on the financial situation (e.g. creditworthiness data, scoring/rating data, origin of assets),
  • advertising and sales data (including advertising scores),
  • documentation data (e.g. telephone logs),
  • technical data on the use of media offered via us (e.g. time of access to our websites, apps or newsletters, pages clicked on by us or entries, relevant metadata, IP addresses, types and versions of browser plug-ins, cookies, external and internal identifiers, logging data) as well as
  • other data comparable to the aforementioned categories, or
  • other data that are voluntarily transmitted or made available to us (e.g. by subscribing to a newsletter or using certain services).

 

3. Purpose of the processing and legal basis

This privacy policy is designed to meet the requirements of the Swiss Federal Data Protection Act of 25 September 2020 and its implementing ordinance (“CH-DPA”) and, where applicable, the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC ("GDPR"). However, whether and to what extent these laws are applicable depends on the individual case.

a) Compliance with contractual obligations

Personal data is processed with regard to the provision of pre-contractual measures and our services - in particular for the performance of contracts with you and the execution of your orders - as well as all activities required in connection with our business operations and administration.

The purposes of data processing depend primarily on the specific product or service requested from us by the data subject (e.g. use of prepaid card, ordering banknotes, cash transfers).

b) Based on the balancing of interests

Where necessary, and unless the interests of the clients in the protection of their personal data prevail, we process personal data beyond the actual performance of the contract in order to protect the legitimate interests of us or of third parties, for example as follows:

  • Consultation and exchange of data with information centres or other third parties (e.g. debtors' registers),
  • advertising or market and opinion research, unless the use of the personal data has been objected to (see also section 7.3),
  • Statistical purposes,
  • Ensuring the security of information technology,
  • assertion of legal claims and the defending of legal disputes,
  • Prevention and investigation of criminal offences,
  • Video surveillance or similar measures to protect the owner's rights on premises to prevent the intrusion of unauthorised persons,
  • to collect evidence in cases of robbery and fraud;
  • other measures for the security of buildings and premises (e.g. access controls),
  • Measures to reduce typical business risks.

c) Based on consent

Insofar as we have been granted consent to process personal data for specific purposes (e.g. evaluation of payment transaction data for marketing or market research purposes), this processing is lawful on the basis of this consent. Any consent given can be revoked at any time. The revocation of consent does not affect the lawfulness of the data processed until the revocation. Any processing that took place before the revocation remains unaffected by this.

d) Due to legal requirements or based on public interests

As a financial institution, we are subject to various local and global legal obligations, i.e. statutory requirements (e.g. CH Banking Act/FL Money Laundering Act, CH Money Laundering Act/FL Due Diligence Act, tax laws) as well as supervisory requirements (e.g. of the Swiss FINMA or the FMA Liechtenstein).

The purposes of processing include, but are not limited to, identity verification, combating fraud, money laundering and terrorist financing (e.g. automatic exchange of information with foreign tax and law enforcement authorities, etc.), the fulfilment of control and reporting obligations under tax law or regulatory disclosure, notification or reporting obligations to authorities and courts, and the assessment and management of risks within the Swiss Bankers Prepaid Services Group.

 

4. Recipients of the personal data

As a financial institution, we are obliged to maintain professional secrecy. We may only disclose your personal data to other companies in the Swiss Bankers Prepaid Services Group or to third parties that need it to fulfil the purposes set out in section 3 or for risk management services, and if there is a corresponding legal basis for doing so. Service providers and vicarious agents employed by us may also receive data for these purposes if they maintain banking secrecy or business confidentiality. These are companies in the categories of IT services, logistics, printing services, telecommunications, video identification, consulting, auditing, banks, stock exchanges, clearing houses, collection services, payment card processing, risk controlling, expense reports as well as sales and marketing. With regard to the disclosure of data to recipients outside the authorised companies, we are obliged to maintain confidentiality about all client-related facts and evaluations of which we become aware. We may only pass on information about clients if they have given their consent, if this is required by law, or if we are authorised to provide information. Under these conditions, recipients of personal data may be, for example:

  • public bodies and institutions (e.g. FINMA/FMA Liechtenstein, financial authorities, law enforcement agencies) in the event of a legal or official obligation;
  • other financial services institutions or comparable institutions to which we transfer personal data in order to carry out the business relationship with you.
    (e.g. payment processors);
  • other companies within the Swiss Bankers Prepaid Services Group to manage risk due to legal or regulatory obligations.

Further data recipients may be those entities for which we have been granted consent to transfer data or for which we have been released from banking or business secrecy pursuant to an agreement or consent.

 

5. Transfer of personal data abroad

For clients domiciled in Switzerland, personal data may be transferred outside Switzerland or the EU/EEA if this is necessary for the provision of our services (e.g. for payment orders or maintenance and security of our products and services) or is required by law (e.g. as part of the automatic exchange of information), in the context of order processing, if the transfer is necessary for the exercising, assertion or defense of legal claims, or on the basis of consent. In each case, we ensure (e.g. by concluding corresponding contracts) that the service providers concerned guarantee an appropriate level of data protection comparable to that in Switzerland.

For clients domiciled in a member state of the EU or in the EEA: Data transfer to third countries (states outside the European Economic Area - EEA; e.g. Switzerland) takes place in accordance with Art. 44 ff. DSGVO for the execution of your orders to Swiss Bankers Prepaid Services AG (registered office in CH-3506 Grosshöchstetten), if the data transfer is necessary or provided for by law, in the context of order processing, if the transfer is otherwise permissible under the applicable data protection laws and regulations or if you have given us your consent.

Swiss Bankers Prepaid Services AG, Austrasse 56, 9490 Vaduz, acts as the representative of Swiss Bankers Prepaid Services AG in the EU or EEA pursuant to Art. 27 of the GDPR.

In the context of data processing, your personal data will only be transferred to third countries if the relevant country (or the data protection agreement applicable to such country) is deemed by the competent authorities and institutions to have an adequate level of data protection or, in the absence of such an adequacy decision, forwarding only takes place if the recipient ensures adequate protection based on appropriate safeguards in accordance with applicable data protection laws and regulations (e.g. the standard contractual clauses of the European Commission, adapted where appropriate to local law, or legal exceptions apply in accordance with data protection laws and regulations), e.g. the European Commission's standard contractual clauses, adapted to local law where applicable) or legal exceptions under data protection laws and regulations apply (e.g. explicit consent).

 

6. Retention period

We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation that is intended to last for years. We have procedures in place to review the different categories of personal data we hold at different times. This ensures that we do not store them for an excessively long period of time. If the data is no longer required for the purposes of processing, or if we are otherwise legally obliged to delete the personal data, it is regularly deleted, unless its - temporary - further processing is required for the following purposes: Compliance with legal retention obligations: The Swiss Code of Obligations (CO), the Business Records Ordinance and the Anti-Money Laundering Act (AML) are worth mentioning. The retention and documentation periods specified there are ten years.

 

7. Your data subject rights

7.1 General

Based on the applicable data protection laws and regulations, data subjects have, under certain conditions, the right to information, the right to access, the right to rectification, the right to erasure, the right to restriction of processing, the right to object and, where applicable, the right to data portability.

The exercise of such rights usually requires that you clearly prove your identity (e.g. by means of a copy of your identity card if your identity is otherwise not clear or cannot be verified). To exercise your rights, you can contact us at the address given in section 1.

In addition, every data subject has the right to enforce his or her claims in court or to lodge a complaint with the competent data protection authority.

 

7.2 Right to object (general)

You have the right to object at any time, on the grounds of your particular situation, to the processing of your personal data carried out on the basis of processing in the public interest and for the purposes of safeguarding legitimate interests; this also includes any profiling for the purposes of specific regulation. If you object, we will no longer process your personal data unless we can demonstrate the compelling legitimate grounds for processing which override your interests, rights and freedoms, or where the processing is for the enforcement, exercise or defence of interests. Please note that in such cases we may no longer be able to provide our services or maintain the business relationship.

 

7.3 Right to object to data processing for marketing purposes

In certain cases, we may process your personal data for direct marketing purposes. You have the right to object to the processing of your personal data for such direct marketing purposes at any time, including profiling where it is related to direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes.

The objection can be made form-free and should be addressed to: Swiss Bankers Prepaid Services AG, Kramgasse 4, CH-3506 Grosshöchstetten or to Swiss Bankers Prepaid Services (Liechtenstein) AG, Austrasse 56, FL-9490 Vaduz.

 

8. Obligation to provide personal data

Within the scope of our business relationship, you as our clients must provide such personal data as is necessary for the establishment and performance of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we would not be able to enter into or perform a contract, or we might no longer be able to perform an existing contract and would have to terminate it. In particular, we are obliged under money laundering regulations to identify clients by means of an identity document before the business relationship is established. In particular, we must collect and record the name, place of birth, date of birth, nationality, effective residence address and identification document data. In order for us to comply with the laws on combating money laundering and the financing of terrorism, you must provide us with the necessary information and documents. If there are any changes to this data in the course of the business relationship, you must notify us immediately. If you do not provide us with the necessary information and documents, we may not enter into or continue the business relationship with you.

 

9. Automated decision-making in individual cases, including profiling

As a rule, we do not make any decisions on the establishment and implementation of a business relationship based exclusively on fully automated processing. Should we use these procedures in individual cases, we will separately inform you about this if this is required by law. In such cases, you have the right, under certain conditions, to object, to state your own position and/or to request that the decision be reviewed by a natural person.

In some cases we may automatically process your personal data to assess certain personal aspects relating to you ("profiling") We use profiling, for example, in the following cases:

  • to comply with our ongoing regulatory compliance requirements (e.g. anti-money laundering, anti-fraud, anti-terrorism and tax legislation), e.g. by reviewing how and from which geographical locations you use our applications or other Swiss Bankers services;
  • Use of evaluation and assessment tools, these enable needs-based communication and advertising including market and opinion research
  • As listed elsewhere for the particular product or service.

 

10. Data security

Access to personal data is restricted to the personnel of the Swiss Bankers Group who need to know this personal data in order to offer products and services or in connection with the website. In addition, Swissbankers' internal guidelines and rules on the processing of personal data must be complied with and to maintain their confidentiality.

We have also implemented appropriate technical and organisational measures (e.g. firewalls, personal passwords and encryption technologies), to protect personal data against unauthorised, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing. These security measures are implemented taking into account the state of the art, the implementation costs and the risks associated with the processing and the nature of the personal data, with particular care for personal data requiring special protection.

 

11. Cookies and web analytics services

Various types of cookies and web analytics services are used on the websites. For more information on the use of cookies and web analytics, the Cookies and Web Analytics Tool can be consulted: Cookie Policy - Legal Information | Swiss Bankers

 

12. List of data collections and processing via third parties

Newsletter (Emarsys)

Microsoft AX (Microsoft Corporation)

Mobile Event App (Plazz AG)

Mastercard Inc.

Google Analytics, Google Adwords, Google Search Console, Google Tag Manager (Alphabet, Inc.)

Facebook, Instagram (Meta Platforms, Inc.)

Advertiser Plista GmbH, Target Performance GmbH

Samsung

Apple, Inc.

My Card App (Opentech)

Agencies: Afca AG, Contexta AG, Four Werbeagentur AG, Nemuk AG, Opentech Payment Services AG, what AG, Gamned!, exanic AG

 

13. Amendment of our privacy policy

This privacy policy was last updated on 1 September 2023. You can find the current version on our website. Swiss Bankers reserves the right to change this Privacy Policy at any time. It will provide notice of any such change in an appropriate manner.