1 General Part
Over the website www.visecaone.ch ("Website") and the VisecaOne App ("App") Viseca Card Services SA ("Viseca") provides under the trademark "VisecaOne" various online services ("VisecaOne" or "Services") in connection with the use of credit or PrePaid cards issued either as primary, additional or as business cards ("Card(s)").
The providing of Services requires an extensive processing of data of the cardholders ("Cardholder"). The present data protection policy for VisecaOne („Data protection policy VisecaOne“) informs the Cardholder in detail and transparently about the data processing when using VisecaOne. Information about other data processing in relation to the contractual relationship between Cardholders and Viseca can be found in the general data protection policy of Viseca (www.viseca.ch/dataprotection). It also contains definitions of other terms that are used in the present data protection policy such as "transaction data".

2 Consent and updates
By registering for VisecaOne the Cardholder expressly consents to the processing of data as stated in:

In particular, this concerns the following sections printed in bold.

VisecaOne will be continuously further developed by Viseca. Accordingly, the data processing by Viseca may change. The Cardholder will be informed about such changes in an appropriate way, in particular by means of the present data protection policy.

3 Which data will be collected and processed when using VisecaOne?
3.1 Disclosure of data by the Cardholder
During the registration process, the login and the administration of the user account in VisecaOne the Cardholder may be requested to enter the following information in particular:

  • Email address (which is also the user name for VisecaOne);
  • Date of birth;
  • Mobile phone number;
  • Type of mobile device (smartphone, tablet, or the like);
  • Card number;
  • Activation code.
3.2 Automatically collected data
In particular, Viseca collects and processes the following data when the Cardholder logs in, administers the user account, visits the Website and / or uses the App:
  • Data related to the used mobile device of the Cardholder (e.g. manufacturer, type of device, op-erating system including version, device ID, IP-address and other data related to the device);
  • Data related to the used computer and browser as well as to the access to the internet (e.g. type of device, operating system, IP-address and information with regard to the access provider);
  • Data related to the use of the user account (e.g. number of logins including date and time, changes to the user account, consent to the terms and conditions for use and the data protection policy);
  • Data related to the Cardholder's preferred settings (e.g. settings regarding the saving of the user name or the login);
  • Data related to the visits and the use pattern of the Website (e.g. visited subpages or duration and frequency of the visits). This data will be tracked with cookies (cookies are data, which are saved on the used device and allow the recognition of the device in case of further visits) and evaluated by Viseca. Attention should be paid to the further information on the recording of the user behaviour and the opt-out (deactivation) contained in the terms of use of the Website.
  • Data that accrues during the use of the App (e.g. updates or device information as well as the use pattern in the App) and data connected to submitted confirmations in the App or entered SMS-Codes.

3.3 During registration and activation of VisecaOne
The following information will be collected and processed during registration for VisecaOne:
  • Information about the Cardholder and the cards registered for VisecaOne. This Information will be stored in the user account;
  • Information that 3-D Secure is being used for the registered cards by submitting a confirmation in the App or by entering of an SMS-code;
  • Information that the registered cards have been activated for Masterpass and that the customer and card information have been stored by Viseca in the Masterpass Wallet (card number, expiry date, first and last name as well as delivery address and mobile phone number).
3.4  During use of 3-D Secure
By using a card with 3-D Secure (called “SecureCode” when paying with MasterCard and “Verified by Visa” when paying with VISA) Viseca collects and processes the following data in particular:
  • Information on the merchant, the transaction and the confirmation of the transaction via 3-D Se-cure (e.g. name and website of the merchant, time of the transaction, amount, used card, result of the confirmation);
  • Information in connection with the devices, which were used for the transaction and the confirma-tion (e.g. regarding the used computer, browser and mobile device and the submitting of the confirmation);
  • Information regarding access to the internet or the mobile network (e.g. IP-address, name of the access provider).

3.5 During the use of the Masterpass Wallet
During the use of the Masterpass Wallet Viseca collects and processes the following data in particular:
  • Information regarding the use of the Masterpass Wallet (login and confirmation of logins);
  • Information on the merchant, the transaction as well as the data sent from the Masterpass Wallet to the merchant (name and website of the merchant, amount payable, used card, time of transaction, use of registered delivery address).
This information will be transmitted to Viseca also in cases where the payment with Masterpass is not completed.

4 For what purposes will Viseca process the collected data?
Data provided to or collected by Viseca (clause 3) will be processed for the following purposes:

4.1 Providing of Services and performing of the contractual relationship:

  • Enabling the Registration, login and use of VisecaOne (Website and App) by the Cardholder;
  • Establishing a secure connection between Viseca and the App or the Cardholder's mobile device;
  • Transmitting of confirmation requests (e.g. confirmation of online payments) via the App, via push messages or SMS-code to the Cardholder; transmitting the information of submitted confirmations back to Viseca;
  • Authentication of the Cardholder when he submits confirmations in the App or by entering an SMS-code. By registering for VisecaOne, the App or the used mobile device will be exclusively attributed to the corresponding
  • Cardholder. Viseca can thereby verify that the confirmation was submitted using a registered App or mobile device;
  • Communication with the Cardholder and transmitting of information in connection with the contractual relationship or the use of the card (e.g. information regarding current invoices, fraud warnings or inquiries in case of suspicious transactions) via the Website and the mobile device, e.g. via push message;
  • Receiving messages from the Cardholder;
  • Display of transactions and invoices;
  • Processing of the contractual relationship with the Cardholder and the transactions effected with the card. In this respect, attention should be paid to the general data protection policy of Viseca.
     
4.2 3-D Secure und Masterpass Wallet
  • Activation of registered cards for use of 3-D Secure by confirming requests in the App or by submitting an SMS-code;
  • Activation of the Cardholder's cards for payments with Masterpass;
  • Creation of the Masterpass Wallet by Viseca. The Cardholder's card and customer information (first and last name, Card number, expiry date, delivery address, mobile phone number and email address) will be stored in the Masterpass Wallet. This information will be stored at Viseca and will only be transferred if the Cardholder chooses the function “Paying with Masterpass” (see clause 5.1). Any change of cards or card information will be automatically updated in the Wallet. Customer information and the delivery address stored in the Masterpass Wallet will be updated as soon as the Cardholder changes the customer information and the invoicing address stored by Viseca;
  • Transmission and examination of data about the Cardholder and the effectuated transaction when the Cardholder uses the Masterpass Wallet (name and website of the merchant, amount payable, used card, time of transaction, use of stored delivery address).

4.3 Marketing
Data collected or received via VisecaOne can be used for marketing purposes:
  • Connecting this data with data already available to Viseca (including data from other sources);
  • Creating individual customer, consumption and preference profiles, which enable Viseca to develop products and services for and to distribute them to the Cardholder (see general data protection policy of Viseca; clause 10.2 of the Private terms and conditions; clause 8.2 Business terms and conditions);
  • Transmitting information to the Cardholder related to existing or new products and services of Viseca or of other entities belonging to the Aduno Group as well as of third parties (advertising material) (see also general data protection policy of Viseca; clause 10.2 of the Private terms and conditions and clause 8.2 of the Business terms and conditions).

4.4 Other processing purposes
Viseca may process the data collected or received via VisecaOne for the following other purposes:
  • Calculation of business relevant credit and market risks;
  • Improvement of security for the use of Services, e.g. reducing the risk of abusive transactions or abuse of devices or authorisation instruments for example by means of phishing or hacking;
  • Proof of actions taken;
  • Defence against claims directed at Viseca;
  • Improvement of Services, the Website and the App;
  • Compliance with legal and regulatory requirements.

5 Transfer of data
5.1 Transfer to third parties
"Third parties" are persons or companies, which process data for their own purposes. Parties mandated by Viseca are not third parties (see the general data protection policy of Viseca for information about data processing by mandated third-party service providers).
Viseca does not disclose any data – no transaction data in particular – to third parties for their own purposes, unless the Cardholder has given his consent or has requested such disclosure. In particular, Viseca does not disclose any individual customer, consumption and preference profiles to third parties without the separate, express consent of the Cardholder.
However, in the following cases Cardholder data may be disclosed to the following categories of third parties:

  • Data (including transaction data) of the Cardholder of an additional card can be disclosed to the Cardholder of the primary card;
  • Likewise, data of Cardholder of a business card can be disclosed to the company;
  • Data can be disclosed to persons, which were duly authorized by the Cardholder;
  • Viseca will disclose card and customer data as well as turnover figures of primary, additional and business Cardholders to a mediating bank (see clause 10.1 of the Private terms and conditions and clause 8.1 of the Business terms and conditions, respectively);
  • Upon official order or based on a legal duty Viseca will disclose data to governmental bodies such as law enforcement or regulatory agencies.
Data will also be disclosed to third parties during the payment process when using the Masterpass Wallet:
  • If the Cardholder chooses the function "paying with Masterpass" in the online-shop, Viseca will transmit to the merchant the email address, the card information stored in the Masterpass Wallet and – if requested by the merchant – the delivery address and other data (see clause 4.2). This also applies if the transaction with the merchant is not completed. The data processing after the data has been transmitted to the merchant is governed by the data protection policy of the merchant;
  • When using the Masterpass Wallet the card and customer information requested by the merchant will be transmitted over the server of MasterCard and will be temporarily stored there.
  • After the Cardholder has selected the function "paying with Masterpass" the Cardholder will be forwarded to a website of MasterCard for the selection of the Masterpass Wallet. Thereby, MasterCard collects and processes personal data of the Cardholder to recognize him when he uses the Masterpass Wallet the next time. The data processing on the website for the selection of the Masterpass Wallet is governed by the data protection policy of MasterCard.

5.2 Electronic data transmission
In the course of using electronic data transmission, Cardholder data (including data of additional Cardholders) may be obtained by third parties without Viseca's involvement (both within Switzerland or abroad; see clause 11 of the Private terms and conditions and clause 9 of the Business terms and conditions, respectively).
In particular, by using the App the manufacturers of devices or software (such as Apple or Google) may obtain personal data. They can process and transfer the data according to their own terms and conditions for use or data protection policy. This can make it possible for third parties to conclude that there is a relation between the Cardholder and Viseca.
SMS are subject to the applicable legal regulations relating to the surveillance of telecommunications and will be stored on the mobile devices. Thereby third parties can access such information. Cross boarder transmission of SMS may lead to roaming fees.

6 Data security
The transmission of information between Viseca and the Cardholder's App (excluding the transmission of SMS) will be encoded. However, communication with the Cardholder will take place on public telecommunication networks. Generally, this data is accessible for third parties, can get lost during the transmission or may even be intercepted by unauthorized third parties. Therefore and despite all taken security measures, it cannot be ruled out that third parties may gain access to the communication with the Cardholder when using VisecaOne. Even if the Cardholder is located in Switzerland the use of the internet may lead to a transmission of data via third countries, which do not provide the same data protection standards as Switzerland does.
The data security also depends on the cooperation of the Cardholder. Therefore, the Cardholder must take the available precautions in order to protect his devices and data. The minimal duties of care and notification to be respected by the Cardholder are set out in the terms and conditions for use of VisecaOne. Adequate security measures (such as the activation of the screen lock on the smartphone as well as for example separately storing the card and the smartphone or deactivating the preview of SMS on the locked screen) contribute to a higher security level and further reduce the risks related to use of VisecaOne.

7 Rights of the Cardholder
The Cardholder can revoke the consent to data processing for marketing purposes and to the delivery of commercials at any time entirely or partially with effect for the future with written notice (also electronically) to Viseca.
Furthermore, the Cardholder can request disclosure of the data stored in a data collection and information on how Viseca processes it as well as - if required - correction of personal data stored by Viseca. The Cardholder's request must be in written form, enclose an ID copy and addressed to Viseca Card Services SA, P.O. Box 7007, Hagenholzstrasse 56, 8050 Zurich.

8 Getting in Touch
Questions or notifications relating to data protection and data processing can be directed to Viseca by phone (+41 58 958 84 00), by email (privacy@viseca.ch) or by post (Viseca Card Services SA, P.O. Box 7007, Hagenholzstrasse 56, 8050 Zurich).

11.2015