Privacy policy for retailers

This Privacy Policy explains how we process personal data (hereinafter referred to as “personal data” or “data”) in connection with the acceptance of cashless means of payment such as credit and debit cards. The following explains what personal data is stored and how it is handled in accordance with the Swiss Federal Act on Data Protection(FADP) and, where applicable, the European General Data ProtectionRegulation (GDPR). In addition, your rights with regard to the use of your personal data are described.

Responsible body for data processing

The following company is responsible for data processing in accordance with this privacy policy:

SwiPay AG
Compliance
Oberneuhofstrasse 3
CH-6340 Baar ZG
E-Mail: compliance@swipay.ch

If you have any questions about data protection, you are welcome to contact us at this address.

Depending on the occasion and purpose, we process different data from different sources. We collect and process information on natural and legal persons as well as data on contact persons of merchants with whom we work. This data may also include information about third parties, e.g. in the context of complaints or about other employees of the retailer.

The most important data categories include

  1. Master data: This includes data that relates directly to your person and characteristics, e.g. name, language, nationality, date of birth, information from identification documents, copies of identification documents of the merchant’s representatives, further details in connection with your activity for the merchant (e.g. company, additional contact details, function), details about the contractual relationship with us, about the merchant or branch and their bank or postal details. The private address of the authorized signatories can also be processed as part of the creation of a service request. We usually receive this data directly from you or from third parties (e.g. from the commercial register).
  2. Financial and risk data: This includes information on the financial situation as well as data to combat abuse and fraud or to comply with legal provisions and compliance requirements, e.g. information on the merchant’s creditworthiness. We may receive this information from financial institutions, credit agencies, the Central Office for Credit Information (ZEK), government agencies or from publicly accessible sources.
  3. Transaction data: This data relates to transactions, e.g. transaction type, amount, currency, time, terminal ID, contracting party number and certain card details. Such data is processed when your customers use their cards, made available to you via a portal or analyzed as part of investigations into complaints or possible misuse.
  4. Contract data: This includes further information in connection with the contractual relationship, e.g. information on the application, conclusion, execution and termination of an acceptance contract or information on complaints and feedback to customer service.
  5. Behavioral and preference data: We collect this data to get to know you better and to tailor our products and services optimally to your needs. To do this, we analyze transaction data and derive your behavior and preferences from it.
  6. Communication data: This includes all information related to our communication with you, such as the content of messages or details of the nature and timing of communications. This may also include recordings of telephone conversations.
  7. Other data: We process other data that we collect or receive in connection with the contractual relationship, e.g. information from authorities as part of official investigations.

We may share your data as follows:

  • Service providers: e.g. for IT services and sending information.
  • SwiPay AG’s card networks and group companies.
  • Other recipients: e.g. courts and authorities (in proceedings and statutory information and cooperation obligations), intermediaries, financing companies, debt collection companies and credit agencies.

The disclosure of data may be necessary for legal or operational reasons. By submitting an application, e.g. for the acceptance of credit cards, or placing an order for the provision of services, you expressly release us and our partners in the SwiPay network from statutory and contractual confidentiality obligations that could prevent the disclosure of this data.

We may receive your data as follows:

  • Service providers: e.g. financial and IT services, social media platforms, Swiss Post and other information services.
  • SwiPay AG’s card networks and group companies.
  • Other senders: e.g. courts and authorities (for proceedings and statutory information and cooperation obligations), intermediaries and partners in our payment network.

The disclosure of data may be necessary for legal or operational reasons. By submitting an application, e.g. for the acceptance of credit cards, or placing an order for the provision of services, you expressly release us and our partners in the SwiPay network from statutory and contractual confidentiality obligations that could prevent the disclosure of this data.

The recipients of your data are not only located in Switzerland. Due to the internationally organized card services and networks, your data may also be transferred abroad, e.g. to the USA. We take contractual precautions to ensure an appropriate level of data protection.

You have the right to information about the processing of your personal data, to rectification of incorrect data, to restriction of processing for certain purposes and to erasure of the data, provided there are no legal retention obligations to the contrary. Further information on your rights can be found in the full privacy policy.

This privacy policy can be amended at any time. The currently valid version can be found on our website.

Version 12/2024