The following Privacy Policy explains how Viseca Card Services SA (or "we") processes your personal data (or "data") as a controller. Processing means any handling of personal data, the procurement, storage, use, disclosure or erasure of data. You can obtain information on data protection and data processing by phone at +41 58 958 84 00, via e-mail (privacy@viseca.ch) or in writing (Viseca Card Services SA, Data Protection, Hagenholzstrasse 56, 8050 Zurich).
Cardholders (or "holders") expressly consent to the data processing referred to in this Privacy Statement when registering for "one digital service". Please also note the global privacy statements and your enforcement rights as a third-party beneficiary of Mastercard® and Visa®.
This Policy may need to be adapted for a variety of reasons, for example as a result of the further development of our products and services or the implementation of new technologies. We therefore recommend that you check this Policy regularly on our website to keep abreast of any changes. Last update of this Policy: June 2020
"one" Privacy Statement
What is the "one" Privacy Statement about?
Through the one-digitalservice.ch website or the "one" application the surprize bonus programme or in connection with the name of an intermediary bank or business as well as corporate cards, we provide a variety of online services related to the use of the cards we issue (collectively "one digital service") under the designation "one". The provision of these services requires us to process holder data. This Privacy Statement provides holders with detailed and transparent information about data processing related to the use of "one digital service".
How are the data obtained?
Which holder data are disclosed?
When registering for "one digital service", logging in and managing the user account, the holder may be asked to provide his or her e-mail address, date of birth, mobile phone number, card number and activation code.
Which data are collected automatically?
- Data concerning the use of the holder's mobile devices, such as the manufacturer, device type, operating system and version number, device ID and IP address;
- Data concerning the use of computers and browsers and for access to the Internet, such as device type, operating system and IP address;
- Data concerning the use of the user account, such as number of logins with date and time, changes in the user account, acceptance of the Terms of Use of "one digital service" and the Privacy Statement;
- Data regarding the holder's desired settings, such as storage of the username or login;
- Data concerning visits and user behaviour on the website, as well as
- Data generated when using the app, such as updates or device information about user behaviour, e.g. in the app or via SMS code
What information is collected on "one" when you register and activate the service?
- Information about the holder and his/her cards registered for “one” and stored in the user account;
- The information that 3-D Secure is used for the registered cards by a confirmation in the app or by entering an SMS code;
- Delivery address and mobile phone number.
What information is collected when using Mobile Payment?
- Information on the use of Mobile Payment, such as activating or deactivating cards and using cards for Mobile Payment;
- Information regarding the amount of the transaction;
- Information on the use of the card, time of the transaction and type of verification.
Where a third-party Mobile Payment solution is used, the third-party provider may also collect and process personal data of the holder. Depending on the product, this includes e.g. name, card number and, where necessary, transaction data. For this purpose, the third-party provider's terms of use and privacy policy must be observed.
What information is collected when using 3-D Secure?
- Information about the merchant, the transaction and its processing as well as confirmation of the transaction with 3-D Secure;
- Information related to the devices used for the transaction and confirmation;
- Information related to access to the internet or mobile network, such as IP address and name of the access provider.
What data are collected when the map section of the merchant's location is displayed?
- Location data of merchants established in Switzerland;
- Location data, such as merchant name, city/town, country and industry;
- Automated periodic Google query to specify the merchant's location.
For what purpose does Viseca process my data?
Providing the services and processing the card agreement
- Enabling registration, login and use on "one digital service" by the holder;
- Establishing a secure connection between "one digital service" and the holder's mobile device;
- Transmitting confirmation requests, e.g. for confirmation of online payments via "one digital service", by push notification or via SMS code to the holder;
- Transmitting information about confirmations made to us;
- Authentication of the holder when performing actions. The app or mobile device used is clearly assigned to the holder when registering on "one". We can thus ensure that the confirmation was made in the registered app or with the registered mobile device;
- Communicating with the holder and transmitting information related to the card relationship or card use, such as information about new invoices, fraud warnings or enquiries about unusual transactions via "one digital service" and the mobile device, etc.;
- Receiving notifications from the holder;
- Displaying transactions and invoices;
- Processing the card agreement with the holder and the transactions made with the card.
Mobile Payment
- For the decision on the acceptance of the Mobile Payment card;
- To activate, deactivate and update cards for Mobile Payment;
- In order to prevent abuse of the additional cards;
- To communicate with any third-party provider of a Mobile Payment solution within the framework of the one GTCs and the terms and conditions of use and the privacy policy of the respective provider which shall apply to the relationship between the holder and the third-party provider.
Marketing
- To connect this data with data already available to us (including data from third sources);
- To create individual customer, consumer and preference profiles that enable us to develop and offer products and services for the holder;
- To transmit information about existing or new products and services of Viseca, other companies of the Aduno Group and third parties (promotional material) to the holder;
- For processing by the third-party provider in accordance with its own terms and conditions of use and privacy policy.
Further processing purposes
- Calculating business-related credit and market risks;
- Improving security when using services, e.g. by reducing the risk of fraudulent transactions or abuse of devices or means of identification, such as phishing or hacking;
- Proving actions and defending against claims lodged against us;
- Improving Viseca's general services and “one digital service”;
- Fulfilling statutory and regulatory requirements;
- Processing by the third-party provider for its own purposes in accordance with its own terms and conditions of use and/or privacy policy.
Will my data be disclosed to other recipients?
Disclosure to third parties or data collection by third parties
Third parties are persons or companies that process data for their own purposes. Not third parties in the sense of this agreement are service providers contracted by Viseca. In terms of cards to which Viseca's General Terms and Conditions and the General Terms and Conditions for Business and Corporate Cards apply, subject to the following provisions, Viseca generally does not disclose any data – in particular, transaction data – to third parties for their own purposes unless the holder has consented to or requested or initiated such disclosure. In particular, without the separate and express consent of the holder, Viseca does not disclose any individual customer, consumer or preference profiles to third parties created by it.
In terms of cards to which the General Terms and Conditions for Payment Cards apply (debit, credit or prepaid cards or combined cards with credit and debit functions or prepaid and debit functions), Viseca delivers customer and card data, as well as cumulative turnover figures and transaction data, to the intermediary banks in accordance with Section 7.2 of these Terms of Use.
Other categories of third parties to whom data are disclosed
- Data (including transaction data) of the additional cardholder may be disclosed to the primary cardholder;
- Data of the holder of a business card may be disclosed to the company;
- Persons authorised by the holder;
- Viseca discloses customer data, card data and cumulative sales figures concerning primary, additional and business cardholders to an intermediary bank;
- By official order or pursuant to statutory obligations, Viseca forwards data to government agencies such as law enforcement or regulatory authorities.
Transfer of holder data to third parties through the use of Mobile Payment
- During the payment process, the card and transaction data necessary for processing the transaction are transferred over the servers of the card organisations.
- When using Mobile Payment through a third-party provider, the third-party provider collects and processes data in accordance with its own terms and conditions of use and privacy policy.
Electronic data transmission
When data are transferred electronically, data pertaining to the holder (including the additional cardholder) may be transmitted to third parties (in Switzerland and abroad) even without the assistance of Viseca.
In particular, when using the App and/or mobile devices, manufacturers of devices or software (such as Apple or Google) may receive personal data. These companies may process and disclose the data in accordance with their own terms and conditions of use or privacy policies. This may enable these third parties to infer the existence of a relationship between the holder and Viseca. SMS are subject to the applicable legislation on the surveillance of telecommunications and are stored on mobile phones. This may enable third parties to obtain the information in question.
How do we protect your data?
The transmission of information between Viseca and the App and/or mobile devices of the holder (but not the transmission of SMS) is encrypted. However, this communication with the holder occurs through the public communication networks. These data are generally accessible to third parties and may be lost or intercepted by unauthorised third parties during transmission. It therefore cannot be ruled out that third parties, despite all security measures taken, can gain access to the communication with the holder when “one” is used. Furthermore, when data are transmitted over the Internet, they may be transmitted via third-party countries that do not necessarily offer the same level of data protection as Switzerland even if the holder is in Switzerland.
Data security also depends on the holder's involvement. The holder must therefore use the options available to him or her to protect his or her devices and data. The minimum duties of care and reporting are laid down in the section “one” Terms of Use. Appropriate security measures increase safety and further reduce the risks associated with the use of “one”.
What rights do you have concerning your data?
- Information about your personal data and how we process it, as well as a copy of the same;
- Rectification of inaccurate or incomplete personal data;
- Erasure of your personal data;
- Restriction of the processing of your data;
- Lodging a complaint against the form of the processing of your personal data with the competent authority;
- Objection to or revocation of your consent to the processing of your personal data;
Even if you revoke your consent, we may continue to process your personal data to the extent we are legally required to do so.
How long do we store your data?
We store your data for as long as this is necessary for the purpose for which they were collected. We also store personal data if we have a legitimate interest in their storage, e.g. if we need the data in order to enforce or defend against claims in order to ensure IT security or if the limitation periods expire. Finally, we store your data in order to comply with our statutory and regulatory obligations.
Terms of Use for "one digital service" and Visits to our Websites
Please read the following Terms of Use carefully. By accessing "one digital service", you consent to these Terms of Use and approve their content. Any special agreements concerning individual services or products of Viseca shall apply in addition to these Terms of Use. However, where inconsistencies arise, the special agreements shall take precedence.
The surprize bonus program (hereinafter "surprize") is integrated into "one digital service". Thus, unless otherwise expressly provided, the present Terms of Use shall likewise apply to surprize. These Terms of Use may be amended or updated at any time without notice. Any such changes or updates shall be published immediately.
Who are these Terms of Use intended for?
"one digital service" is intended for holders of credit and/or prepaid cards issued by Viseca (hereinafter "cardholders"). The secure area of “one digital service” can only be accessed after the cardholder has registered and has entered his or her personal user name and password or fingerprint. surprize is intended for holders of credit and/or prepaid cards issued by Viseca and entitling the holders to participate in surprize (hereinafter "Participants").
Which property rights, trademarks and copyrights should be observed?
Unless otherwise provided, the entire content of "one digital service", such as copyrights, trademarks and other rights, is wholly and exclusively the property of Viseca. Visa, Mastercard and the names and logos of our service and distribution partners are also registered and protected trademarks owned by these third parties.
Unless otherwise stated, all surprize elements, such as copyright, trademark and other rights, are likewise wholly and exclusively the property of Viseca. These elements are freely usable for browsing purposes only. surprize is a registered trademark of Viseca and is protected as such.
No part of "one digital service" is designed to grant a license or right to use any image, registered Trademark or logo. Saving or printing individual pages and/or sections of the website is permitted, provided that neither the copyright notices nor other legally protected designations are removed. Downloading or copying the website or parts thereof does not transfer any rights over software or other elements existing on "one digital service". Any reproduction in whole or in part, transmission in electronic or other form, modification, linking or use of "one digital service" for public or commercial purposes is prohibited without Viseca's prior written consent. All ownership rights shall remain with Viseca. Viseca reserves all rights concerning all elements on the website.
What other legal considerations should you consider?
The information published on "one digital service" does not constitute an offer or a recommendation to make transactions, buy or sell a (financial) product or carry out other legal transactions, with the exception of the rewards and offers published in connection with surprize for participants. The information published on "one digital service" is purely informative, except for the information regarding the rewards and offers mentioned above. Third-party products and services presented on one digital service may not be acquired by residents of certain countries. Viseca is merely a broker of the third-party offers contained on the website. If problems arise in contractual relationships between the holder and the third party, or if the holder suffers any loss, he or she must turn to the third party. Viseca shall not be liable for any losses arising from contractual relationships with third parties.
Although Viseca makes every effort to ensure that the information contained on "one digital service" is correct at the time of its publication, neither Viseca nor its contractual partners (particularly surprize partners and/or reward suppliers) can explicitly or implicitly assure or guarantee the accuracy, reliability, currency or completeness of the information. Viseca assumes no responsibility and makes no representation that the functions on “one digital service” are available continuously or that the relevant server is free of viruses or other harmful components.
Viseca accepts no liability (even in the case of negligence) for any type of direct or indirect damage or losses resulting from access to "one digital service", the use thereof or the impossibility to access or use the same, contact with Viseca over the Internet or e-mail, or from the linking with other websites of third parties or access to links to websites of third parties. Viseca further rejects any and all liability for manipulation of the Internet user's IT system by unauthorised parties.
If the cardholder can show that a third party has unlawfully interfered with network and/or telecommunications operators' equipment or the infrastructure used by the cardholder, Viseca will cover the charges, provided that the cardholder objects to the improper use in a timely manner, has complied with his or her duties of care as specified in these Terms of Use and with all other terms of Viseca and that he or she is not otherwise at fault.
"one digital service" is not intended for distribution or use by persons subject to any jurisdiction that prohibits or otherwise restricts access to "one digital service" or the distribution, publication, provision or use of the information contained thereon. Access is not permitted for persons subject to such restrictions, and they are requested to refrain from accessing "one digital service".
How do we protect your data?
Viseca makes data protection a priority. Personal data are treated with absolute confidentiality. Please note that data transmitted via an open network, such as the Internet or an e-mail service, can be viewed by anyone. Viseca cannot guarantee the confidentiality of notices or documents transmitted via such open networks. If you disclose personal data through an open network, please be aware that third parties may access this information and thus may collect and use it without your consent. Under certain circumstances, third parties may thus make inferences regarding your existing or future card agreement with Viseca. Even if the sender and recipient live in the same country, data transmission via such networks is often carried out via third countries, including countries that may not offer the same level of data protection as your country of residence.
To ensure the best possible protection of data protection on the Internet, all confidential and personal data transferred between your browser and Viseca's web server are encrypted exclusively using a worldwide standard of security for browsers (currently TLS with 2048-bit encryption). Furthermore, you are hereby expressly notified of the danger of viruses and the possibility of targeted hacking attacks. For the purpose of combating viruses, you are advised to use only current browser versions, install and regularly update your antivirus software and to refrain from opening e-mails of unknown origin or unexpected e-mail attachments.
Which data are recorded on "one digital service"?
When you visit "one digital service", Viseca automatically collects IP addresses and user data. The purpose of this information is to determine the visitor's user behaviour and the duration of the visit. Whenever e-mails are sent by Viseca, information concerning the receipt of the e-mails and the user's behaviour is recorded in one digital services. This information is intended to review and improve e-mail delivery.
Terms and conditions card issuer