Privacy Policy and Terms of Use of Viseca Payment Services Ltd. and Viseca Card Services SA
Please read the following Terms of Use carefully. Viseca Payment Services SA, Viseca Card Services SA and other affiliated companies (also referred to as “Viseca“, “we” or “us”) process your personal data (also referred to as “data“) in accordance with applicable law.
Viseca Card Services SA is the issuer of payment cards, whereas Payment Services SA primarily provides services on behalf of other payment card issuers. We are the Controller under data protection law as regards the issuing of payment cards. In their role as service provider, the issuers of payment cards themselves are data protection officers.
This Privacy Policy relates to our processing activities in a broader sense in connection with the processing of payment cards for which we are responsible under data protection law as the Controller. Information on the processing activities performed by the respective issuer of your payment card can be found in their privacy policy.
In particular, we process your data as follows, but please note that this list is not meant to be exhaustive:
- in connection with web and mobile applications;
- when you participate in the surprize rewards programme;
- when you become party to our group insurance contracts that apply for cardholders;
- when you visit our websites;
- when you subscribe to newsletters;
- from you as a contact of our suppliers, customers and other business partners, as well as from organisations and government offices;
- when you visit our premises;
- if you write to us or contact us otherwise; and
- when you participate in customer and public events.
Information on the subject matter of these processing activities can be found in Privacy Policy Section 1 below.
For job applicants, employees and temporary staff, the Privacy Policy at https://jobs.viseca.ch/datenschutz.html applies.
We are subject to the Swiss Federal Data Protection Act, whereas processing in connection with our websites and apps for visitors from abroad may also be subject to foreign data protection laws. This Policy may be amended or updated at any time. The current version shall apply.
You confirm that you have taken note of this Privacy Policy and accept the Terms and Conditions of Use.
Version: 1 July 2024
1. Privacy Policy
This Privacy Policy explains our handling (“processing”) of data, particularly in connection with the processing of insurance benefits of the group insurance contracts, the prevention of fraud and misuse and the prevention of credit defaults, the enforcement of claims assigned to us for realisation, the participation in the surprize bonus programme and our other processing operations involving data pertaining to you.
Viseca Payment Services Ltd, Hagenholzstrasse 56, 8050 Zurich, is responsible for data processing in accordance with this Privacy Policy and the Controller under data protection law, unless otherwise communicated in individual cases.
You may contact us in writing (Viseca Payment Services Ltd, Data Protection, Hagenholzstrasse 56, 8050 Zurich), by email (privacy@viseca.ch) or by telephone on +41 (0)58 958 84 00 in order to exercise rights and to contact us with data protection concerns.
Depending on the situation and purpose, we process various data from different sources. We collect and receive some of this data directly from you (for example, when you are in direct contact with us). However, we may also obtain data from other sources, e.g. from card issuers in connection with the prevention of fraud and misuse or the assignment of claims to us or from insurers, but also from public registers or other publicly accessible sources, from authorities, your organisation and other third parties. We process different categories of data in the process. The main categories of data are described below:
- Master data
Master data refers to data relating to the identity as well as personal characteristics and circumstances, for example name, address or date of birth. These data may also relate to third parties (for example authorised agents) and also include signatory powers, powers of attorney and declarations of consent. - Contract data
If a contract is concluded with us, in addition to master data, we also process other data in connection with the conclusion, processing and enforcement of contracts, including data that you provide to us in connection with the card application. - Financial data
Financial data is data about your financial situation, such as income, risk classification and your creditworthiness, including information about limits, payments and outstanding payments. - Behavioural and preference data
Behavioural data is data about specific actions and interactions that we receive primarily from payment card issuers or collect ourselves. We may derive information about the statistical probability from this and other data and use it, for example, to combat and ward off misuse and fraud and for creditworthiness checks, also for third parties. Furthermore, these data can be used for AI models. Viseca generates this data based on available information and links it with other data in order to improve the quality of the analyses.
Behavioural data provides information about certain actions, e.g. use of web/apps, payment card locations, payment behaviour, purchase and use of products (e.g. insurance) and services from us or third parties, about the reason for and time of your visit to us and about general interactions with you.
Preference data, which we obtain primarily from behavioural data and the combination with other data, gives us indications about possible preferences and needs of yours, or when and how you react to messages from Viseca, which can be used to make recommendations or decisions, e.g. for supplementary insurance. We gather this information from the analysis of existing data in order to get to know you better and to tailor and improve offers to you more precisely.
Behavioural and preference data can be evaluated on a person-specific basis or on a non-person-specific basis for the purpose of combating misuse and fraud, optimising internal processes and monitoring. - Communications data
Communications data refers to data in connection with communications with you in written correspondence, by telephone and via electronic channels (e.g. via “one” Digital Service or other platforms, email, SMS and push messages) and your visit to our premises. They also include authentication data and, where applicable, video and audio recordings. When establishing your identity (for example in the case of a request for information), we also collect data in order to identify you (for example via a copy of an identification document). - Technical data
Technical data is data that we collect during use of web/applications such as the “one” Digital Service or other platforms and electronic offerings. This data also includes the IP address of an end device and the logs in which we record your use of our systems. In order to ensure the functioning of these options, we may assign an individual code to end devices (for example in the form of a cookie). You can find further information on this in the section “Cookie Policy”. Technical data alone do not allow conclusions to be drawn as to the identity of a person. However, together with other data, we may be able to link technical data to specific individuals.
In addition to the IP address and information about the end device, the technical data also includes the date and time, the geographical region and the type of browser or device with which you access our electronic options. This information helps us to display content in a browser or on an end device. Based on the IP address, we receive information about a telecommunications provider, but as a rule, we cannot infer your identity unless you are logged in to a user account. Technical data are also log files that are generated in our systems. When using web/apps such as the “one” Digital Service, we collect technical data e.g. about installing and opening the app and identifiers associated with the device used. - Registration data
Registration data is data about you that is transmitted during registration or activation in order to use or participate in certain offers and services (for example insurances, newsletters and competitions, as well as applications and other platforms). - Other data
We collect other data about you in various contexts. For example, data is generated in connection with official or court proceedings (for example files, evidence, commercial register extracts, permits, etc.).
This data relates not only to you but may also potentially relate to third parties (e.g. authorised agents, employers, coworkers, etc.). If you share data about third parties with us, we assume that you are authorised to do so and that this data is accurate. Therefore, please notify these third parties about the processing of their data by us and refer them to this Privacy Policy.
As the controller, we process data for the following and thus agreed purposes:
- Establishment, processing and termination of business relationships
We process data for the establishment, registration, processing and termination of business relationships. The type of data processed differs according to the type and scope of the customer/business relationship and may include, in particular, master data, contract data, financial data as well as registration and communication data. - Marketing, customer care and development and improvement of products and digital services
We process data for marketing purposes and customer care in order to provide you with personalised information and offers concerning products and services of us and third parties (e.g. partners). This can be done in writing, digitally or in text form. We may also process data to tailor marketing content to better suit the interests of our customers. For marketing purposes and customer care, we primarily use master, financial, contract and transaction data, as well as behavioural and preference data and other information concerning the contractual relationship. We can also personalise the relevant content.
You have the option to object to profiling for marketing purposes in the future by notifying us in writing (including by e-mail) (block on profiling).
We also process your data to estimate aggregate usage figures and data exchange volumes, to identify content of particular interest to you and for the general improvement and development of our products and digital services and availability. This mainly concerns behavioural and preference data. For more detailed information on online activities in market research and marketing, we also refer to the following section “Cookie Policy”.
You may object to the sending of information (ad blocking) or generally withdraw your consent to the processing of data for marketing purposes by notifying us in writing (including by e-mail) (general withdrawal) – see also Section 1.11. - Insurance benefits
With your business, customer or contractual relationship with your payment card issuer, you either automatically participate in the insurance benefits offered by us or by joining the contract for the optionally offered supplementary insurances (“group insurances”). In doing so, we act as the policyholder for the insurance policies associated with your card product. As the policyholder, we are entitled to process the customer data (in particular master data and contract data) necessary for the processing of the contract and claims in the event of an insured event reported by you or in the event of enquiries or applications in connection with the insurance contract. Based on the General Insurance Conditions, you acknowledge that we, as the policyholder, may transmit and exchange the necessary data with the issuer of the payment card, the insurance companies and insurance brokers as well as third parties involved in the processing of the contract and claims. Likewise, the aforementioned parties may obtain relevant information from third parties and inspect official files within the framework of the settlement of contracts and claims. You hereby expressly release these third parties from any confidentiality obligations. In the process, the data is stored physically and/or electronically. - Realisation of claims
As payment card issuers assign claims to us, we may process all related data for the purposes of collectability and legal enforcement, including collection measures and loss certificate management. This mainly concerns master, contract, financial and communication data. We may also store the required data for such purposes in our own creditworthiness database. If you do not agree to the use of your data in the creditworthiness database for the purposes of third parties, you can object to this use in writing in accordance with the following Section 1.11. - Combating misuse and fraud and other illegal activities
In order to defend and enforce claims, your data will be processed by ourselves or by third parties commissioned by us (for example lawyers, debt collection companies), in particular master data, contract data, behavioural data and financial data.
In order to prevent misuse, fraud and other unauthorised actions, master, financial and behavioural data in connection with payment cards in particular are continuously recorded in our own misuse database. We may query this database in connection with the card application or a limit adjustment on behalf of individual payment card issuers in order to protect the cardholder and to prevent or avoid misuse, fraud and other unauthorised activities.
In order to prevent misuse, fraud and other illegal activities, we may also conduct internal investigations and monitoring to detect irregularities. - Rewards programmes
As part of your participation in the surprize rewards programme, we primarily process master, contract, behavioural, preference, registration and communication data. - Digital platforms and electronic channels
As part of your use of digital platforms operated by us or third parties (e.g. “one” Digital Service, VisecaConnect, etc.) or your use of digital channels, we process data based on the scope of use of the respective platform. In this regard, we primarily process master, communication and technical data. - Compliance with laws, recommendations from authorities and internal regulations
We also process data in order to comply with laws, directives and recommendations of authorities as well as internal regulations (compliance). The data processed includes in particular master data, financial data, communication data and behavioural data. This also includes legally mandated actions to combat money laundering and the financing of terrorism. We are obliged to make certain enquiries, to monitor them or, under certain circumstances, to make a report. In addition, data processing requires the performance of duties of information, notification or reporting, the performance of retention obligations and the prevention, detection and investigation of criminal offences and other violations. This includes receiving and processing complaints and other reports, monitoring communications, internal investigations or disclosing documents to an authority if we are obliged to do so or have a legitimate interest in disclosing them. Your data may also be processed in the case of external investigations (for example by a regulatory or law enforcement authority or an authorised private body) and in the case of internal investigations. - Risk management and corporate governance
We also process data – in particular master data, contract data, financial data as well as behavioural data – for risk management purposes and in the context of prudent corporate governance, including business organisation and corporate development.
In the area of business development, we may sell or acquire businesses, parts of businesses or companies and enter into partnerships, which may also lead to data sharing and processing. Data may also be processed in the context of reviewing and improving internal processes. - Improvement of services, operations and product development
Data is also processed for market research purposes, to improve services and operations as well as for product development. For these purposes, we use master data, behavioural and preference data, as well as information from surveys.
We continuously develop our own products and services, adapt them to the needs of our partners, customers and their end customers and determine the level of satisfaction. We analyse which products are used by which groups of people and how new products and services could be designed and used. This gives us an indication of the market acceptance of existing products and services and the market potential of new products and services. For these purposes, we may also use mainly master data, behavioural and preference data and information from surveys. - Security purposes and access control
Viseca may also process master data, technical data, behavioural data and other data for security purposes and access control. We continually review and improve the security of our IT and infrastructure. However, data security breaches cannot be ruled out with complete certainty. At Viseca, this risk is countered by appropriate technical and organisational measures in accordance with the state of the art. Access controls include not only the control of access to electronic systems, but also physical access control. - Communications
We process data in order to communicate with you, to provide you with information or to transmit messages and to be able to process your requests. For this purpose, we use master and communications data. As a rule, we retain this data in order to be able to document the communications made, but also for quality assurance purposes and for subsequent enquiries. If you contact us by e-mail or other, digital forms of communication, we are thereby expressly authorised to reply via the same channel to the sender’s address or to the address provided. Emails are transmitted in unencrypted form over the open internet and it cannot be ruled out that they may be accessed, viewed and manipulated by third parties. Thus, email communication is not suitable for the transmission of confidential information. - Other purposes
We may process data for other purposes, for example as part of internal processes and for administrative purposes. Administrative purposes include the management of master and contract data, accounting and data retention, as well as the inspection and management of the IT infrastructure. We further use these data to safeguard and exercise our own rights, for example to enforce claims in court, in pre-litigation or extrajudicial contexts as well as before authorities in Switzerland and abroad, to secure evidence, to carry out legal investigations and to participate in court or official proceedings.
Other purposes include evaluating and improving internal processes and preparing and managing purchases and sales of companies and assets, as well as training and education purposes. This also includes safeguarding other legitimate interests that cannot be definitively identified.
Depending on the applicable law, data processing is only permitted if the applicable law specifically allows it. This does not apply under the Swiss Data Protection Act, but for example under the European General Data Protection Regulation (GDPR), insofar as it applies. In this case, we base the processing of your personal data in particular on one or more of the following bases:
- The processing is necessary for the conclusion, performance and enforcement of contractual relationships.
- The processing is necessary for the protection of legitimate interests, including analyses of credit, abuse and fraud risk and creditworthiness, the defence or enforcement of claims, the maintenance and expansion of business and customer relationships as part of customer service, support and the organisation of events as well as general communication and, in general, compliance with Swiss law;
- the processing is necessary to comply with legal obligations;
- the processing is based on your consent.
You can find the corresponding provisions in Art. 6 and 9 of the GDPR.
You are under no obligation to disclose data to us, except in specific cases (for example if you have to fulfil a contractual obligation and this involves disclosing data to us). However, we need to process data for legal and other reasons when we conclude and execute contracts. The use of our website is also not possible without data processing.
For the purposes specified in Section 1.4, we may process and evaluate data (including profiling) through the use of automated and IT-supported processes in order to determine preference data, to identify misuse/fraud and security risks, to carry out statistical evaluations or to plan the company’s operations. We may also create profiles for the same purposes. In particular, we combine behavioural and preference data, master data, contract data, communication data and technical data so that interests and characteristics are better identified.
This also allows us to learn more about our customers and their end customers, as well as about the products and services that may be of interest or are already being used. For reasons of efficiency and consistency of decision-making processes, Viseca may make automated decisions. If these decisions have a legal effect or adverse effect on customers in any other way, we shall inform them immediately and take the legally required measures.
We will inform customers on a case-by-case basis if an automated decision results in negative legal consequences or significant impairments. If you do not agree with the outcome of the decision, you have the rights set out in Section 1.11 below.
You acknowledge that the following bodies may process your data. We assume that you have no objection to these data disclosures, but please let us know if there are any special interests that speak against such disclosure:
- Service providers
We work with service providers in Switzerland and abroad. In order to provide our products and services efficiently, safely and cost-effectively, we obtain services from third parties in various areas. These services consist of, for example, IT services, advisory services, business information and debt collection. We may involve other partner companies and provide them with the necessary data. - Payment card issuers
We may share data from the statistical analysis of the use of our websites and web and app applications, as well as from the credit worthiness databases used and the misuse and fraud prevention databases with our payment card issuers so that we can improve our websites, products and services in cooperation with issuers for their customers. - Insurance partners
If insurance cover exists in connection with your payment card, we may transmit the necessary data to your payment card issuer, to the insurance company and to brokers and other insurance partners for the purpose of processing the insurance relationship and reporting claims and within the scope of our duties to cooperate. We may also transfer your data to authorities where required or permitted by law. - Partners in loyalty programmes
If your payment card is supplemented and linked to a loyalty programme, we can exchange the relevant data with the issuer of the loyalty programme and also the affiliated or participating partners of the loyalty programme. For the respective parties and terms and conditions, please refer to the separate provisions of the loyalty programme. - Banks and other partners
Data may be transferred in aggregated form to banks and other partners for the agreed purposes. This also includes sharing data regarding your use of platforms with your organisation. Banks and other partners can use this data for their own purposes in accordance with their own privacy policies for all their business areas. - Authorities and other official bodies
We may disclose data to offices, courts and other authorities or official bodies in the course of contractual performance if we are legally obliged or entitled to disclose such data or if we represent our own rights and legitimate interests. - Other third parties
Other recipients include the organisation you work for, depending on the purpose of the processing.
In isolated instances, we may also share personal data with other third parties for their own purposes, e.g. if you have consented to this or if we are legally required or authorised to share this data. In such cases, the recipient of the data is its own Controller under data protection law.
As described in Section 1.7, not only do we process data, but also other bodies where necessary. These are not only located in Switzerland and in the EU and in the European Economic Area in particular Germany, France, Hungary, Poland, Cyprus and Italy, but also worldwide outside the EU or the European Economic Area (so-called third countries). If recipients are located in a country lacking adequate statutory data protection, we shall contractually oblige them to comply with data protection, generally by entering into recognised standard contractual clauses. We may dispense with this if data recipients are already subject to a set of rules to ensure data protection that are recognised in Europe or if we can rely on an exception. The latter may be the case, in particular, in legal proceedings abroad, in cases of overriding public interests or where the performance of the contract requires such disclosure, if we have obtained your consent or if the data in question is made publicly available by you.
We store and use your data for as long as required by applicable law, for the purpose of processing, and to fulfil our agreement with your payment card issuer (please refer to the issuer’s privacy policy). Furthermore, we store and use personal data if we have a legitimate interest in storing and using it, e.g. if we need the data to enforce or defend against claims, to ensure IT security or if statutes of limitation are affected, or to avoid and prevent misuse and fraud and/or minimise credit risks. Finally, we store and use your data to comply with our legal and regulatory obligations, in particular retention obligations. After these periods have expired, we delete or anonymise this data. This may be after more than 10 years, depending on the legal basis.
Documentation and evidentiary purposes include Viseca’s interest in documenting processes, interactions and other facts in the event of legal claims and irregularities, for IT and infrastructure security purposes as well as to demonstrate good corporate governance and compliance. Retention may be technically necessary because certain data cannot be separated from other data and these data must continue to be stored together with them (for example in the case of a backup or document management system).
Viseca takes appropriate staff-related, technical and organisational security measures to maintain the security of the data, to adequately protect it against unauthorised or unlawful processing and to counteract the risk of loss, accidental alteration, unwanted disclosure or unauthorised access.
These security measures include encryption and pseudonymisation of data, logs, access restrictions, storage of backup copies, instructions to employees, confidentiality agreements and controls. In addition, Viseca also requires any third parties involved to take appropriate state-of-the-art security measures. However, security risks cannot generally be completely ruled out. Residual risks are unavoidable.
Provided the requirements of the applicable law have been met, you have the following rights:
- to obtain information about your data and how we process it, as well as a copy of the same;
- to request certain personal data in a machine-readable form;
- the correction of inaccurate or incomplete data and how we process it, as well as a copy thereof;
- the erasure of your data;
- to obtain the restriction of the processing of your data;
- to lodge a complaint against the form of the processing of your data with the competent authority and
- to object, or to withdraw your consent, to the processing of your data, although we shall continue to process your data to the extent permitted by law even in the event of a withdrawal of your consent.
If you wish to exercise such a right, please contact us (Section 1.2). As a rule, we must verify your identity (for example by means of a copy of your ID). You are also free to lodge a complaint against our processing of your data with the competent supervisory authority, in Switzerland the Federal Data Protection and Information Commissioner (FDPIC).
You have the right to withdraw given consent at any time with future effect. In certain cases, you may also object to the processing of your personal data (for instance, where your data is processed in connection with advertising). However, processing activities carried out in the past on the basis of consent do not become unlawful as a result of your withdrawal of consent.
In cases where data processing is absolutely necessary for the provision of the service or for the fulfilment of the contractual relationship (e.g. processing of insurance claims, data processing for risk purposes), withdrawal of consent is not possible. In such cases, waiver of this data processing is only possible by terminating the corresponding business relationship or card contract relationship with the payment card issuer. Please note that an advertising block for our offers such as insurance services linked to the payment card of the corresponding payment card issuer applies directly to the payment card and vice versa. Non-marketing messages and automatically generated system texts are excluded from the advertising block.
2. Terms of Use
Please read the following Terms of Use carefully. They apply in addition to our specific Terms of Use that will be brought to your attention separately in the cases provided. The present Terms apply in addition and subordinately to the specific Terms of Use. In case of any inconsistencies, the specific Terms of Use shall take precedence.
By accessing our websites and platforms, as well as the products, services and information (content) contained or described in them, you declare that you have understood and access these Terms of Use, as amended from time to time. These Terms of Use may be amended or updated at any time without notice. Any such changes or updates shall be published immediately. You can find a reference to the date of the most recent update at the start of this document.
- These Terms of Use are addressed to the general public, visitors to our websites, participants in the surprize bonus programme and Users of the “one” Digital Service and other platforms (e.g. VisecaConnect).
- Unless otherwise provided, the entire content of our websites, such as copyrights, trademarks and other rights, is wholly and exclusively the property of Viseca. The names and logos of our service and distribution partners are registered and protected trademarks owned by these third parties. The elements are freely usable for browsing purposes only.
- No part of our websites is designed to grant a licence or right to use an image, registered mark or logo. Saving or printing of individual pages or sections of the websites is permitted, provided that neither the copyright notices nor other legally protected designations are removed. Downloading or copying the websites or parts thereof does not transfer any rights to software or other elements.
- Any reproduction in whole or in part, transmission in electronic or other form, modification, linking or use for public or commercial purposes is prohibited without Viseca’s prior written consent. All ownership rights shall remain with Viseca. We reserve all rights with regard to all elements on our websites.
- The information published on our websites does not constitute a recommendation to carry out transactions or an offer to carry out other legal transactions. Third-party products and services presented on the websites may not be acquired by residents of certain countries. We are merely an intermediary for the offers of third parties contained on the websites. If problems arise in the contractual relationship between you and the third party or you incur damages, you must take action against the third party. We shall not be liable for any damages arising from contractual relationships with third parties.
- Although we take all reasonable care to ensure that the information contained on our websites is correct at the time of publication, neither we nor our contractual partners, whether explicitly or implicitly, can guarantee or warrant the accuracy, reliability, up-to-dateness or completeness of the information. We assume no responsibility and make no representation that the functions will be uninterrupted or that the websites or the relevant server are free from viruses or other harmful components.
- Viseca accepts no liability (even in the case of negligence) for any type of direct or indirect damage or losses resulting from access to our websites or the impossibility to access or use the same, contact with us via the Internet or email, or from the linking with other websites of third parties or access to links to websites of third parties. We also disclaim any liability for manipulation of the Internet user’s computer system by unauthorised parties.
- Our websites are not intended for distribution to, or use by, any person in any jurisdiction that prohibits or otherwise restricts access to websites or the distribution, publication, provision or use of the information contained therein. Persons subject to such restrictions are not permitted to access our websites and are requested to refrain from doing so.
3. Cookie Policy
We use the term “cookies” for cookies and similar technologies that are used in the context of electronic communication. With the following information we inform you about the most important aspects of the processing of your data in the context of the use of our websites, social media channels and “one” Digital Service. You can also generally use our websites and social media channels without providing us with any personal data, such as your name or email address. In this case, we can clearly assign the data collected in connection with the corresponding use to specific visitors, but not to persons known by name. In this sense, online data is generally not personal. However, if you provide us with your name, an e-mail address or other personal data in this context, we will process this data. In addition to this processing, it also allows us to link you to otherwise non-personal data.
This Cookie Policy applies to all websites and “one” Digital Service for which we are responsible. Our websites may contain links to third party websites. These websites are not subject to this Cookie Policy. We are not responsible for their content or their handling of personal data. We recommend that you read the privacy policies of the relevant website providers.
- Cookies are small files that are transferred to your end device and stored there when you visit a website. A cookie contains, in particular, information about the origin of the website as well as the lifetime of the cookie (i.e. how long it remains stored on your end device). Some cookies are deleted after the end of the browser session (“session cookies”). Other cookies remain on your device (“permanent cookies”).
- If you access these websites again, we can record your new visit even if we do not know your identity. Cookies may also collect information about your user behaviour.
We use cookies to operate our websites, insofar as they are technically necessary, furthermore for statistical purposes, to improve user-friendliness and for advertising and marketing purposes.
- Technically necessary cookies are necessary for the technical operation of the websites and enable security-related functionalities as well as making them user friendly.
- Analytical and statistical cookies are intended to improve our website and the placement of offers. For this purpose, we use cookies to collect data about the use and behaviour of visitors to our websites. This enables us to record traffic and usage and to determine the impact of our websites and optimise content accordingly.
- Cookies for advertising purposes may record your visit to our websites as well as the links you click on. We use such information to tailor our websites and advertisements to your interests. We may also disclose this information for this purpose to third parties who process this information on our behalf.
The use of cookies is based on our legitimate interest in providing user-friendly and attractive websites, displaying advertising to you and ensuring contract performance.
- If you opt to disallow or disable cookies, this may restrict the functionality of our websites. If you do not want cookies, you can set up your web browser so that it informs you about the setting of cookies and you allow this to happen only on a case-by-case basis. In addition, you can configure your web browser to automatically disable cookies.
- Please note that most web browsers offer options to protect your privacy. Most web browsers automatically accept cookies but offer the option to block or delete them. The instructions for managing cookies on your browser are usually found under the “Help” feature of the browser or in your mobile device’s user manual.
- Please note that the IP address of the end device is stored by the website operator when you visit our websites. For technical reasons, further log data is collected, for example information about the internet service provider, information about the operating system of the end device and the browser used, information about the referring URL (origin), date and time of access and accessed content. Under certain circumstances, personal data such as the name and address of the visitor may also be collected, for example when you register on a website. In this case, we may also process log data on a personal basis.
- We process personal data that is necessary for the fulfilment of the contract or in the context of initiating business or for which you have given us your separate consent. Consent may be revoked at any time with effect for the future. Personal data that were communicated to us via our websites are stored only until the purpose has been met or for the retention period required by law.
- However, for the processing of data in connection with our websites, social media channels and “one” Digital Service, we may engage service providers who carry out evaluations for us on the basis of this data. In this case, your data may also be transferred abroad, including to states outside the EU or the European Economic Area. These third countries may not have laws in place that protect your data to the same extent as in Switzerland or in the EU/EEA. In this case, we ensure data protection through data transfer agreements. In certain cases, we may transfer data in accordance with data protection requirements even without such contracts, for example if you have consented to the relevant disclosure or if the disclosure is necessary for the performance of the contract, for the establishment, exercise or enforcement of legal claims or for overriding public interests.
Regardless of the measures taken to protect your data, data protection and confidentiality in connection with data processing may be limited by universally accessible media. Because of the way in which the Internet is designed, it cannot be ruled out that third parties will gain access to your data when you use the Internet as a means of transmission with a computer, smartphone or other device. Any liability for direct or indirect damage arising as a result of such data transmission in connection with the use of our websites and “one” Digital Service is rejected in its entirety.
We use cookies and the data collected through cookies as well as the data contained in the log files mentioned (log data; together hereinafter referred to as “online data”) in particular for the purposes stated below.
- Operation of the online service: Log data are generated automatically when using the online service, which is why they are necessary for operating the online service. We additionally require other online data, in particular data collected via cookies, in order to be able to offer certain functions of the online service or in order to be able to ask you for consent for the use of cookies and other technologies, if necessary.
- Provision of certain contents and features: If you use the content and functions of our service and provide us with data in the process, for example if you register for a newsletter, we process the online data you provide in the process in accordance with the respective purpose of the function or content.
- Security and stability: We use online data to improve the security and stability of the online service. As a rule, we do not require any direct personal data for this purpose. Insofar as we are able to assign cookies to you personally, we may use them for purposes of security and stability to the extent necessary, but also on a personal basis.
- Statistics: We use personal and not directly personal online data for statistical purposes, i.e. for evaluations with the aim of obtaining certain information, for example information on variations in the use of the online offer. This information is aggregated, i.e. no longer personal.
- Improvement of offers: We use online data to continuously improve our online services. However, we only use online data for this purpose in aggregated form.
- Market research and marketing: We also use online data for market research purposes and for marketing purposes, for example to send newsletters or to display advertisements within our online services and on third-party sites. We can also personalise the relevant content. For this purpose, we use marketing cookies, among other things.
- Communications: We use online data to communicate with you through electronic channels. To do this, we process the content of the communication, but also log data about the type and time of the communication.
- Complying with statutory and regulatory requirements: We may process online data to comply with laws, directives and recommendations from authorities and internal regulations. This includes the prevention, detection and investigation of criminal offences and other violations, internal and external investigations and the disclosure of online data to a public authority.
- Defending and enforcing claims: We may use online data for a civil or criminal action or defence in such proceedings.
We use service providers to analyse visitor behaviour. They may receive log data and other online data from us and may themselves use cookies and similar technologies to collect online data about our online services. However, we do not give them any directly personal data such as your name or email address.
Three of the most important service providers are Google, Cookiebot and Hotjar. Further details concerning them can be found below. Other service providers generally process online data in a similar manner:
Google Analytics: We use the “Google Analytics” analysis service operated by a Google company in Ireland (Google). In the process, performance cookies (Section 3.3) record data about behaviour on our online service (duration and frequency of page views, content accessed, geographical origin of access, etc.), and on this basis Google creates evaluations of the use of our online service for us. Google uses Google LLC in the USA as a processor, whereby IP addresses (which are the most likely way to identify individuals) are shortened before being forwarded to Google LLC. We have deactivated the settings “Data sharing” and “Signals”. Nevertheless, we cannot rule out the possibility that Google may draw conclusions about the identity of visitors for its own purposes from the online data collected, create personal profiles and link this data to Google accounts. Information about the data protection of Google Analytics can be found at https://support.google.com/analytics/answer/6004245, and if you have a Google account, information about processing by Google can be found at https://policies.google.com/technologies/partner-sites?hl=en-GB. You can disable Google Analytics by installing a browser extension at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
Cookiebot: With Cookiebot and the “CookieConsent” cookie, we manage and store consent status on the Websites. The “cookietest” cookie is also used to determine whether you have accepted the cookie settings box in our cookie banner. These cookies are categorised as functional cookies and cannot be deactivated via the cookie settings. However, information collected and stored through the use of these cookies is stored for no longer than one year and is not processed outside Switzerland or the European Union. We do not provide Cookiebot with any information that Cookiebot may associate with you. Cookiebot provides us with reports and evaluations based on the data collected and is therefore a contracted data processor.
Hotjar: Another example of a service for the statistical evaluation of our Users’ needs is Hotjar, a service provided by Hotjar Ltd (Malta). Hotjar works with cookies and other technologies (Section 3.3) to collect data about the behaviour of the Users of our online service and their end devices, in particular the IP address of the end device (which is only recorded anonymously), screen size, device type, information about the browser used and the location (only the country) and language setting of the browser. Hotjar stores this information in a pseudonymised user profile and uses it for evaluations with which we can better understand the needs of the users of the online service and improve the online service and better align it to our users. For more information, see the “about Hotjar” section on Hotjar’s help page. (https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar).
We and our advertising contract partners have an interest in targeting advertising to specific groups, i.e. to show only those people we want to address with the advertising. For this purpose, we and our advertising contract partners also use cookies that can be used to record the content accessed or contracts concluded. This enables us to display our advertising on websites and advertising platforms of our advertising contract partners that we can assume will interest you. If you consent to the use of these cookies, you will be shown corresponding advertising. If you do not consent to these cookies, you will not see less advertising, but simply any other advertising. This means that advertising tailored to you can be displayed in our online services and on third-party sites.
Our online service may also use the so-called “Facebook pixel” and similar technologies from Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). These technologies are used to display Facebook ads placed by us only to those Users on Facebook and partners cooperating with Facebook who are interested in them or whose characteristics correspond to those that we transmit to Facebook for this purpose (for example interest in certain topics or products, so-called “Custom Audiences”). It also allows us to see whether Users have been directed to our online service via a Facebook ad (this allows us to assess the effectiveness of Facebook ads for statistical and market research purposes). You can find more details here.
We are jointly responsible with Facebook for sharing data that Facebook obtains or receives, for Facebook interest-based ads and personalisation of Facebook features and content (but not further processing). We have concluded a corresponding supplementary agreement with Facebook. Users can submit data subject requests related to shared responsibility directly to Facebook.
Our website may, after obtaining your consent, use a pixel operated by Teads to optimise our advertising campaigns. These pixels only collect information about the URL address, the type of device, the browser and the operating system you are using. For more information, please refer to Teads’ Privacy Policy. Please also note that you have the right to access the information held about you by Teads and to request that your information be corrected, erased or transmitted. You also have the right to object to particular processing or to request restriction of processing by Teads by sending your request to dpo@teads.com.
- Features (plugins) from third-party providers or social media platforms may be integrated on our websites. These plugins enable you to share content within social networks. Whenever our websites are accessed the buttons are initially deactivated as the default position. This means that, unless you specify otherwise, no data will be transferred to the relevant third-party providers. You acknowledge that this list may also contain cookies and similar technologies from third-party providers. In addition, please see the applicable privacy policy of such third-party providers.
- After the buttons have been activated, the plugins will automatically transfer data to the third-party providers. If you are simultaneously logged into the network of the relevant third party when you visit our websites, the visit may be assigned to your account. We have no influence on this method of data transmission to social networks. If you would like to prevent for example Instagram, Facebook or Twitter from associating the data collected through our advertising presence to your personal profile, you must log out of the corresponding social network before visiting our websites.