Data protection policy of Viseca Card Services SA for one
1 General Part
2 Consent and updates
3 Which data will be collected and processed when using "one"?
4 For what purposes will Viseca process the collected data?
5 Transfer of data
6 Data security
7 Rights of the Cardholder
8 Getting in Touch
1 General Part
Over the website one.viseca.ch ("Website"), the "one" App ("App") or otherwise Viseca Card Services SA ("Viseca") provides under the label "one" (or “one” in connection with the name of an intermediary bank) various online services ("one" or "Services") in connection with the use of primary, additional or business cards ("Card(s)") it issues.
The providing of Services requires an extensive processing of data of the cardholders ("Cardholder"). The present Data Protection Policy for one (“Data protection policy one”) informs the Cardholder in detail and transparently about the data processing when using one. Information about other data processing in relation to the contractual relationship between Cardholders and Viseca can be found in the general Data Protection Policy of Viseca (www.viseca.ch/data-protection). It also contains definitions of other terms that are used in the present Data Protection Policy such as "transaction data".
2 Consent and updates
In particular, this concerns the following sections printed in bold.
By registering for "one" the Cardholder expressly consents to the processing of data as stated in:
"One" will be continuously further developed by Viseca. Accordingly, the data processing by Viseca may change. The Cardholder will be informed about such changes in an appropriate way, in particular by means of the present data protection policy.
3 Which data will be collected and processed in connection with the use of "one"?
3.1 Disclosure of data by the Cardholder
During the registration process for "pne", the login and the administration of the user account in "one" the Cardholder may be requested to enter the following information in particular:
- Email address (which is also the user name for "one");
- Date of birth;
- Mobile phone number;
- Type of mobile device (smartphone, tablet, or the like);
- Card number;
- Activation code.
3.2 Automatically collected data
In particular, Viseca collects and processes the following data when the Cardholder logs into one, administers the user account, visits the Website and / or uses the App or a mobile device (such as a computer, mobile phone, smart watch or fitness tracker) that is compatible with one (“Mobile Device”):
- Data related to the used mobile device of the Cardholder (e.g. manufacturer, type of device, operating system including version, device ID, IP-address and other data related to the device);
- Data related to the used computer and browser as well as to the access to the internet (e.g. type of device, operating system, IP-address and information with regard to the access provider);
- Data related to a Mobile Device of the Cardholder (e.g. manufacturer, type of device, operating system including version, device ID, IP-address and other data related to the Mobile Device);
- Data related to the Cardholder's preferred settings (e.g. settings regarding the saving of the user name or the login);
- Data that accrues during the use of the App (e.g. updates or device information as well as the use pattern in the App) and data connected to actions taken (e.g. in the App or entered SMS-Codes).
3.3 During registration and activation of "one"
The following information will be collected and processed during registration for "one":
- Information about the Cardholder and the cards registered for VisecaOne. This Information will be stored in the user account;
- Information that 3-D Secure is being used for the registered cards by submitting a confirmation in the App or by entering of an SMS-code;
- Information that the registered cards have been activated for Masterpass and that the customer and card information have been stored by Viseca in the Masterpass Wallet (card number, expiry date, first and last name as well as delivery address and mobile phone number).
3.4 When using Mobile Payment
Viseca obtains data when Mobile Payment is used as in the case of other card transactions. For this it must comply with the Data Protection Policy, Terms & Conditions of Viseca Card Services SA for the use of "one" and the applicable Viseca Card GTC. Upon activating and using a card for Mobile Payment, Viseca may collect and process the additional following data
- Information about the use of Mobile Payment (activation / deactivation of cards and use of the cards for Mobile Payment);
- Information about the transaction amount;
- Information about the card use, the transaction time, the type of verification (e.g. finger print, PIN).
3.5 During use of 3-D Secure
By using a card with 3-D Secure Viseca collects and processes the following data in particular:
- Information on the merchant, the transaction and the confirmation of the transaction via 3-D Secure (e.g. name and website of the merchant, time of the transaction, amount, used card, result of the confirmation);
- Information in connection with the devices, which were used for the transaction and the confirmation (e.g. regarding the used computer, browser and mobile device and the submitting of the confirmation);
- Information regarding access to the internet or the mobile network (e.g. IP-address, name of the access provider).
3.6 During the use of the Masterpass Wallet
During the use of the Masterpass Wallet Viseca collects and processes the following data in particular:
This information will be transmitted to Viseca also in cases where the payment with Masterpass is not completed.
- Information regarding the use of the Masterpass Wallet (login and confirmation of logins);
- Information on the merchant, the transaction as well as the data sent from the Masterpass Wallet to the merchant (name and website of the merchant, amount payable, used card, time of transaction, use of registered delivery address).
3.7 Upon the display of the map cutout of the merchant location
When it displays the merchant location in the electronically viewable transaction details, Viseca does not collect new data, but processes the existing data:
- The map cutout is created from merchant locations based in Switzerland. These locations are generated when a payment is made with a merchant, and are transmitted to Viseca when the transaction is processed;
- The locations transmitted by the merchants (e.g. merchant name, place, country, and sector) can be imprecise. In order to display the merchant location more precisely, Viseca links the location data provided by merchants with information from public sources. An automated Google query is performed in which the place, country, and sector are researched by merchant name. Through this search, Viseca obtains more precise merchant data (addresses). The merchant locations are periodically checked during the automatic Google query.
- With the enriched merchant location data generated by the automated Google query, Viseca uploads via its own IP address (and without disclosing information on the Cardholder) the Google Maps cutout displayed in the transaction details. The map cutout is displayed as an image (not a link to Google Maps) in the App.
4 For what purposes will Viseca process the collected data?
Data provided to or collected by Viseca (clause 3) will be processed for the following purposes:
4.1 Providing of Services and performing of the contractual relationship:
- Enabling the Registration, login and use of "one" (Website and App) by the Cardholder;
- Establishing a secure connection between Viseca and the App or the Cardholder's mobile device;
- Transmitting of confirmation requests (e.g. confirmation of online payments) via the App, via push messages or SMS-code to the Cardholder; transmitting the information of submitted confirmations back to Viseca;
- Authentication of the Cardholder when he performs actions in the App (e.g. confirmation in the App or by entering an SMS-code). By registering for "one", the App or the used mobile device will be exclusively attributed to the corresponding
- Cardholder. Viseca can thereby verify that the confirmation was submitted using a registered App or mobile device;
- Communication with the Cardholder and transmitting of information in connection with the contractual relationship or the use of the card (e.g. information regarding current invoices, fraud warnings or inquiries in case of suspicious transactions) via the Website and the mobile device, e.g. via push message;
- Receiving messages from the Cardholder;
- Display of transactions and invoices;
- Processing of the contractual relationship with the Cardholder and the transactions effected with the card. In this respect, attention should be paid to the general data protection policy of Viseca.
4.2 Mobile Payment
- The decision on card approval for Mobile Payment;
- Activating, deactivating, updating cards for Mobile Payment;
- preventing abuse of additional cards and of Mobile Payment.
4.3 3-D Secure und Masterpass Wallet
- Activation of registered cards for use of 3-D Secure by confirming requests in the App or by submitting an SMS-code;
- Activation of the Cardholder's cards for payments with Masterpass;
- Creation of the Masterpass Wallet by Viseca. The Cardholder's card and customer information (first and last name, Card number, expiry date, delivery address, mobile phone number and email address) will be stored in the Masterpass Wallet. This information will be stored at Viseca and will only be transferred if the Cardholder chooses the function “Paying with Masterpass” (see clause 5.1). Any change of cards or card information will be automatically updated in the Wallet. Customer information and the delivery address stored in the Masterpass Wallet will be updated as soon as the Cardholder changes the customer information and the invoicing address stored by Viseca;
- Transmission and examination of data about the Cardholder and the effectuated transaction when the Cardholder uses the Masterpass Wallet (name and website of the merchant, amount payable, used card, time of transaction, use of stored delivery address).
Data collected or received via "one" can be used for marketing purposes:
4.5 Other processing purposes
Data collected or received via one may also be processed for the following other purposes:
- Calculation of business relevant credit and market risks;
- Improvement of security for the use of Services, e.g. reducing the risk of abusive transactions or abuse of devices or authorisation instruments for example by means of phishing or hacking;
- Proof of actions taken;
- Defence against claims directed at Viseca;
- Improvement of Services, the Website and the App;
- Compliance with legal and regulatory requirements.
5 Transfer of data
5.1 Transfer to third parties and/or data collection by third parties
"Third parties" are persons or companies, which process data for their own purposes. Parties mandated by Viseca are not third parties (see the general Data Protection Policy of Viseca for information about data processing by mandated third-party service providers).
In relation to cards to which the GTC for Viseca Credit/PrePaid or the Viseca Business Terms and Conditions and subject to the following provisions, Viseca does not as a matter of principle disclose any data – no transaction data in particular – to third parties for their own purposes, unless the Cardholder has given his consent or has requested such disclosure. In particular, Viseca does not disclose any individual customer, consumption and preference profiles to third parties without the separate, express consent of the Cardholder. In relation to cards to which the GTC for Viseca Payment Cards apply (debit, credit, PrePaid cards or combined cards with credit and debit functions or PrePaid and debit functions), Viseca discloses bank client and card data along with accumulated turnover figures as well as transaction data (according to product features, credit or PrePaid and/or debit transaction data) transmitted in accordance with clause 7.2 of the GTC for Viseca Payment Cards. Additional information on this can be found (at clause 12.1) in Viseca’s general Data Protection Policy (www.viseca.ch/data protection).
In the following cases Cardholder data may further be disclosed to the following categories of third parties:
When using Mobile Payment, the Cardholder transfers data to third parties through the payment process:
- Data (including transaction data) of the Cardholder of an additional card can be disclosed to the Cardholder of the primary card;
- Likewise, data of Cardholder of a business card can be disclosed to the company;
- Data can be disclosed to persons, which were duly authorized by the Cardholder;
- Viseca will disclose card and customer data as well as turnover figures of primary, additional and business Cardholders to a mediating bank (see clause 10.1 of the GTC for Viseca Credit/Prepaid as well as clause 7.2 of the GTC for Viseca Payment Cards or clause 8.1 of the Viseca GTC for Business Customers, respectively);
- Upon official order or based on a legal duty Viseca will disclose data to governmental bodies such as law enforcement or regulatory agencies.
Data will also be disclosed to third parties during the payment process when using the Masterpass Wallet:
- The card and transaction data necessary for processing the transaction are transmitted during the payment process via the card entity’s server (e.g. Mastercard). Additional information on data processing when transactions are processed can be found in Viseca’s Data Protection Policy.
None of the Cardholder’s data is transmitted to Google when the map cutout of the merchant location is electronically displayed in the transaction details (see clause 3.7).
- If the Cardholder chooses the function "paying with Masterpass" in the online-shop, Viseca will transmit to the merchant the email address, the card information stored in the Masterpass Wallet and – if requested by the merchant – the delivery address and other data (see clause 4.2). This also applies if the transaction with the merchant is not completed. The data processing after the data has been transmitted to the merchant is governed by the data protection policy of the merchant;
- When using the Masterpass Wallet the card and customer information requested by the merchant will be transmitted over the server of Mastercard International and will be temporarily stored there.
- After the Cardholder has selected the function "paying with Masterpass" the Cardholder will be forwarded to a website of Mastercard for the selection of the Masterpass Wallet. Thereby, Mastercard collects and processes personal data of the Cardholder to recognize him when he uses the Masterpass Wallet the next time. The data processing on the website for the selection of the Masterpass Wallet is governed by the data protection policy of Mastercard.
5.2 Electronic data transmission
In the course of using electronic data transmission, Cardholder data (including data of additional Cardholders) may be obtained by third parties without Viseca's involvement (both within Switzerland or abroad).
In particular, by using the App and/or Mobile Device the manufacturers of devices or software (such as Apple or Google) may obtain personal data.
They can process and transfer the data according to their own terms and conditions of use or Data Protection Policy. This can make it possible for third parties to conclude that there is a relation between the Cardholder and Viseca.
are subject to the applicable legal regulations relating to the surveillance of telecommunications and will be stored on the mobile devices. Thereby third parties can access such information. Cross boarder transmission of SMS may lead to roaming fees.
6 Data security
The transmission of information between Viseca and the Cardholder's App and/or mobile Device (excluding the transmission of SMS) will be encoded. However, communication with the Cardholder will take place on public telecommunication networks. Generally, this data is accessible for third parties, can get lost during the transmission or may even be intercepted by unauthorized third parties. Therefore and despite all taken security measures, it cannot be ruled out that third parties may gain access to the communication with the Cardholder when using "one". Even if the Cardholder is located in Switzerland the use of the internet may lead to a transmission of data via third countries, which do not provide the same data protection standards as Switzerland does.
The data security also depends on the cooperation of the Cardholder. Therefore, the Cardholder must take the available precautions in order to protect his devices and data. The minimal duties of care and notification to be respected by the Cardholder are set out in the Terms and Conditions of Viseca Card Services SA for the Use of "one". Adequate security measures (such as the activation of the screen lock on the smartphone as well as for example separately storing the card and the smartphone or deactivating the preview of SMS on the locked screen) contribute to a higher security level and further reduce the risks related to use of "one".
7 Rights of the Cardholder
The Cardholder can revoke the consent to data processing for marketing purposes and to the delivery of commercials at any time entirely or partially with effect for the future with written notice (also electronically) to Viseca.
Furthermore, the Cardholder can request disclosure of the data stored in a data collection and information on how Viseca processes it as well as - if required - correction or deletion of personal data stored by Viseca. The Cardholder's request must be in written form, enclose an ID copy and addressed to Viseca Card Services SA, P.O. Box 7007, Hagenholzstrasse 56, 8050 Zurich.
8 Getting in Touch
Questions or notifications relating to data protection and data processing can be directed to Viseca by phone (+41 58 958 84 00), by email (firstname.lastname@example.org) or by post (Viseca Card Services SA, P.O. Box 7007, Hagenholzstrasse 56, 8050 Zurich).