Privacy notice

  1. What is this privacy policy about?

  2. Who is responsible for processing your data?

  3. How do we process data from our subscribers?

  4. How do we process data from our partners?

  5. How do we process data in connection with advertising?

  6. How do we work with service providers?

  7. Can we disclose data abroad?

  8. How do we process data in connection with our website?

  9. How do we process data via social media?

  10. How do we process data through our browser extensions?

  11. Are there any other edits?

  12. How long do we process personal data?

  13. What are your rights?


1. What is this privacy policy about?

We explain in this privacy policy how we process personal data, particularly in the course of our business and in connection with our app and website. "Personal data" means any information that can be associated with a particular individual and "processing" means any handling of it, such as obtaining, using and disclosing it.

If you would like further information on our data processing, please contact us (section 2). You will also find information in connection with our processing of personal data in the Terms of Use, which can be found at https://poinz.ch/en/terms-of-use. Some of the terms we use in this data protection statement (such as "poinz Partner") are explained in the terms of use. However, this Privacy Policy does not form part of the contract with you. It does not change the Terms of Use, and the processes mentioned in this Privacy Policy are subject to the Terms of Use in each case.

Incidentally, our services are aimed exclusively at persons domiciled and habitually resident in Switzerland. Accordingly, this data protection declaration is based on Swiss data protection law.

2. Who is responsible for processing your data ?

The following company is the "responsible party", i.e. the party primarily responsible under data protection law (also "we"), for data processing in accordance with this data protection declaration:

Poinz AG, Manessestrasse 170, 8045 Zürich, CHE-454.711.179

If you have any questions about data protection, please contact the following address:

info@poinz.ch

 +41 44 515 85 60

If you provide us with data that also relates to other persons, we will consider this as confirmation that this data is correct. Since we often have no direct contact with these third parties, we ask you to inform them about our processing of their data (e.g. by referring to this data protection statement).

Please note that we work with partners for our services who process your personal data as their own data controllers. They are obliged toinform you about their respective processing of your personal data. You can usually find the relevant information on the partner's website. Certain service providers also act as their own data controllers, e.g. PayPal, if you use PayPal for payments. Here too, the data protection regulations of these service providers must be observed.

3. How do we process data from our subscribers?

In this section 3 you will find information on our processing of personal data of subscribers (hereinafter also referred to as "you"). The processes in connection with which we obtain, process and pass on personal data are described in more detail in the terms of use and on our website.

3.1. What data do we process about subscribers?

Master data: We process certain basic information about you, which we call "master data". This includes, for example, your name, address and contact details and, if applicable, other information that you provide when opening a user account or communicating with us. If you store means of payment in the app, we process the corresponding details, e.g. a credit card number and other data.

Contractual data: By this we mean data relating to our agreement with you (e.g. the fact that you agreed to the terms of use and when and how you agreed). Contractual Data also includes other information relating to the formation, termination and, where applicable, enforcement of our agreement with you (e.g. information relating to the enforcement or defence of claims and information relating to complaints and, where applicable, information relating to breaches of contract, abuse etc. including investigations into such matters).

Usage data: When you make use of our services and use our website or app, we collect the data that arises in the process. We generally refer to this data here as "usage data". You can see much of this data on the website or app in the user account, in order confirmations or in the statement from the provider of the means of payment used. We are mainly concerned with the following data, and if you would like further details on this, please feel free to contact us (point 2):

  • Information on the use of the website and app (see also section 8);

  • Details of deals you are claiming;

  • Details of purchases made with poinz partners;

  • Information in connection with a confirmation of a purchase;

  • Details when purchasing gift cards;

  • Information related to stamp cards;

  • Details of the cashback and its status and use;

  • Disclosures related to payments and receivables;

  • Other information relating to your use of our website or app (e.g. location data if you share this appropriately so that we can display deals in your area);

  • Information in connection with communication with partners via the website or app, e.g. information on the time of the corresponding communication;

  • where applicable, other information relating to the relationship between you and a partner, to the extent that we are aware of it (but we are not a party to the contracts between you and the partners and other third parties).

We receive usage data from you or generate it ourselves, but we also receive usage data from our partners, such as details of cashback or cashback-eligible transactions.

Behavioural and preference data: When you use our website or app or read newsletters, we try to get to know you and better tailor our services to you. To do this, we collect and use data about your behaviour and preferences, e.g. your use of electronic communications. We may link this information to other data. Preference data tells us which needs you are likely to have and which services might be of interest to you (e.g. when selecting news articles on our website). To this end, we can link behavioural data with other data and evaluate this data on a personal and non-personal basis.

Communication data: When we communicate with you or you communicate with us, e.g. by e-mail, by telephone or via our chat function, but also via the app and when sending system messages, we process the personal data associated with this (e.g. information about the time of the communication and the communication channel and the content of the communication). We also process communication data to the extent necessary if you communicate with a partner via our app or website.

3.2. For what purposes do we process your personal data?

We process your personal data in particular for the following purposes and for purposes compatible therewith:

  • Contract: We process your personal data for the purpose of concluding, implementing and enforcing our agreement with you. This concerns in particular master data, contract data, usage data and communication data, but also technical data and possibly other data.

  • Marketing: We may advertise our services, e.g. through newsletters. You will find further information on this under section 3.3. For this purpose, we process in particular master data, usage data and behavioural and preference data.

  • Statistics: We also process the above-mentioned data for statistical, person-related or non-person-related evaluations. Such evaluations support the improvement and development of products and business strategies. We may also use them for marketing purposes (see section 3.3 for further details) and pass them on to our partners.

3.3. Who do we disclose data about subscribers to?

We are primarily an intermediary for third-party services (e.g. from partners who offer loyalty offers, offers for goods or services or other offers via the website and app, and from Swisscard as the issuer of the poinz credit cards). We disclose data to partners when you use their goods or services and when we provide services for partners (e.g. processing loyalty campaigns, operating the poinz Programme, sending order confirmations, promotions, debt collection, etc.). In the case of activities and promotions by partners, we may also disclose to them personal and non-personal data relating to their success, provided that the users give their separate consent to this (opt-in). You will find further details on this in the terms of use. Our partners use the data received from us and the data collected by them as data controllers and inform you accordingly (see section 2 above).

We may also disclose data to partners in connection with complaints, misuse and corresponding investigations. We may also disclose data to partners in connection with measuring the success of their advertising, whereby only anonymous data and statistics are passed on.

Further disclosures are not excluded, e.g. to authorities, courts and parties to proceedings in the context of investigations, proceedings and clarifications. Data disclosures are also possible in the case of corporate transactions and the sale of assets; you will find further information on this in section 10. In section 6 you will find further information on how we use service providers and in section 7 on possible disclosures abroad.

We assume that you have no objection to these disclosures. If you register in the app or on the website, you release us from any confidentiality obligations.

4. How do we process data from our partners?

For contractors who are companies, we process less personal data because data protection law only covers data of natural persons (i.e. people). However, we do process data of the contact persons with whom we are in contact, e.g. name, contact details, professional details and details from communication, and details of management persons etc. as part of the general information about companies with which we work. We may process this data for the purposes of entering into and performing contracts, but also for marketing purposes, for investigations and proceedings, for communication, in the event of disposals, etc. You will find further information on this in section 10.

In this context, we may also disclose data, e.g. to our partners and other contracting parties, to courts, authorities and procedural partners, to potential buyers of assets, etc. You will also find details of this in section 10. You will also find information on this in section 10. You will find further information on how we use service providers in section 6 and on possible disclosures abroad in section 7.

5. How do we process data in connection with advertising?

We also process personal data to promote ourselves, our services and services provided by third parties:

  • Newsletters: We send out electronic newsletters which also contain advertising for our offers, but also for offers from other companies with which we cooperate. We ask for your consentbeforehand, except when we advertise certain offers to existing customers.

  • We may place targeted advertising on our website, but also on third-party websites. You can find more information on this under point 8.

  • Market research: We also process data to improve services and develop new products, e.g. information about your purchases or your response to newsletters or information from customer surveys and polls or from social media, media monitoring services and public sources.

6. How do we work with service providers?

We use various services from third parties, in particular IT services (examples are providers of hosting data analysis services), payment services, shipping and logistics services and services from banks, the postal service, consultants, etc. You will find information on service providers for our website under section 8. These service providers may also process personal data to the extent necessary.

7. Can we disclose data abroad?

The recipients of data are not only located in Switzerland. This applies in particular to certain service providers (especially IT service providers). These have locations within the EU or the EEA, but also in other countries worldwide. We may also transfer data to authorities and other persons abroad if we are legally obliged to do so or, for example, in the context of a company sale or legal proceedings (see section 9). Not all of these countries have adequate data protection. We compensate for the lower protection by the data is transferred in accordance with the relevant contracts, in particular the so-called standard contractual clauses of the EuropeanCommission. In certain cases, we may also transfer data without such contracts in accordance with data protection requirements, e.g. if you have consented to the corresponding disclosure or if the disclosure is necessary for the performance of the contract, for the establishment, exercise or enforcement of legal claims or for overriding public interests.

8. How do we process data in connection with our website?

For technical reasons, every time you use our website, certain data is collected and temporarily stored in log files (log data), in particular the IP address of the end device, information about the Internet service provider and the operating system of your end device, information about the referring URL, information about the browser used, the date and time of access and the content accessed when visiting the website. We use this data so that our website can be used, to ensure system security and stability and to optimise our website, and for statistical purposes.

Our website also uses cookies, i.e. files that your browser automatically saves on your end device. This allows us to distinguish individual visitors, but usually without identifying them. Cookies can also contain information about the pages accessed and the duration of the visit. Certain cookies ("session cookies") are deleted when the browser is closed. Others ("permanent cookies") remain stored for a certain period of time so that we can recognise visitors on a later visit.

You can configure your browser in the settings so that it blocks certain cookies or similar technologies or deletes cookies and other stored data. You can find out more about this in the help pages of your browser (usually under the keyword "Data protection").

These cookies and other technologies may also come from third-party companies that provide us with certain functions. These may also be located outside Switzerland and the EEA (see section 7 for details). For example, we use analysis services so that we can optimise and personalise our website. Cookies and similar technologies from third-party providers also enable them to target you with individualised advertising on our websites or on other websites and social networks that also work with this third party, and to measure how effective advertising is (e.g. whether you arrived at our website via an advertisement and what actions you then take on our website). The relevant third parties may record the use of the website and combine their recordings with other information from other websites. This allows them to track user behaviour across multiple websites and devices. In order to provide us with statistical evaluations on this basis. The providers may also use this information for their own purposes, e.g. for personalised advertising on their own website or other websites. If a user is registered with the provider, the provider can assign the usage data to the relevant person.

Two of the most important third-party providers are Google and Hotjar. You can find more information about them below. Other third parties usually process personal and other data in a similar way.

We use Google Analytics on our website, an analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd. (Google Building Gordon House, Barrow St, Dublin 4, Ireland).Google collects certain information about the behaviour of users on the website and about the terminal device used. The IP addresses of visitors are shortened in Europe before being forwarded to the USA. Google provides us with analyses based on the recorded data, but also processes certain data for its own purposes. You can find information on the data protection of Google Analytics here, and if you have a Google account yourself, you can find further details here. (https://policies.google.com/technologies/partner-sites?hl=en).

9. How do we process data via social media?

We operate our own websites on social networks and other platforms. If you communicate with us there or comment on or distribute content, we collect information that we use primarily for communicating with you, for marketing purposes and for statistical evaluations (see sections 3.3 and 10). Please note that the provider of the platform also collects and uses data itself (e.g. on user behaviour), possibly together with other data known to it (e.g. for marketing purposes or to personalise the platform content). Insofar as we are jointly responsible with the provider, we will enter into a corresponding agreement about which you can obtain information from the provider.

10. How do we process data through our browser extensions?

Via our browser extensions, cashback can be collected with the computer in the poinz app.We do not store or use any purchase data that is generated via our internet browser extensions. poinz therefore does not analyze any usage behavior on the internet.

11. Are there any other edits?

Yes, because very many processes are not possible without processing personal data, including common and even unavoidable internal processes. It is not always possible to determine this precisely in advance, nor the scope of the data processed, but you will find details of typical (although not necessarily frequent) cases below:

  • Communication: When we are in contact with you, we process information about the content of the communication, the type, time and place of the communication. For your identification, we may also process information on proof of identity.

  • Compliance with legal requirements: We may disclose data to public authorities to comply with legal obligations or requirementsand to comply with internal regulations.

  • Prevention: We process data to prevent criminal data and other violations, e.g. in the context of fraud prevention or internal investigations.

  • Legal proceedings: If we are involved in legal proceedings (e.g. court or administrative proceedings), we process data e.g. about parties to the proceedings and other persons involved, such as witnesses or informants,and disclose data to such parties, courts and authorities, possibly also abroad.

  • IT security: We also process data for monitoring, controlling, analysing, securing and checking our IT infrastructure, as well as for backup and archiving of data.

  • Competition: We process data about our competitors and the market environment in general (e.g. the political situation, the association landscape, etc.). We may also process data about key persons, especially name, contact details, role or function and public statements.

  • Transactions: If we sell or acquire receivables, other assets, business units or companies, we process data to the extent necessary to prepare and carry out such transactions, e.g. information on customers or their contact persons or employees, and also disclose corresponding data to buyers or sellers.

  • Other purposes: We process data to the extent necessary for other purposes such as training and education, administration (e.g. contract management, accounting, enforcement and defence of claims, evaluation and improvement of internal processes, preparation of anonymous statistics and evaluations; acquisition or disposal of receivables, businesses, parts of businesses or companies and protection of other legitimate interests.

12. How long do we process personal data?

We process your personal data for as long as is necessary for the purpose of processing (in the case of contracts, generally for the duration of the contractual relationship), for as long as we have a justified interest in storing it (e.g. if it is necessary to comply with legal requirements) or for as long as it is necessary for the purpose of processing.The data is stored for the purpose of enforcing claims, archiving and/or ensuring IT security) and for as long as data is subject to a statutory retention obligation (e.g. a ten-year retention period applies to certain data). After these periods have expired, we delete or anonymise your personal data.

13. What are your rights?

You have certain rights under applicable data protection law to obtain further information about our data processing and to influence it:

  • You can request further information about our data processing. We are at your disposal for this purpose. You can also submit a request for information if you would like further information and a copy of your data;

  • You can object to our data processing, especially in connection with direct marketing. You can also request the deletion of your user account or individual data relating to you. However, we reserve the right to continue processing data if we are legally obliged or authorised to do so;

  • You can correct or complete incorrect or incomplete personal data or have it supplemented by a note of objection;

  • You also have the right to receive the personal data you have provided to us in a structured, common and machine-readable format, insofar as the corresponding data processing is based on your consent or is necessary for the performance of the contract;

  • If we process data on the basis of your consent, you can revoke this consentatany time. The revocation is only valid for the future, and we reserve the right to continue to process data based on a different basis in the event of a revocation.

If you wish to make use of such a right, please contact us (point 2). As a rule, we will have to verify your identity (e.g. by means of a copy of your identity card). You are also free to lodge a complaint against our processing of your data with the competent supervisory authority, in Switzerland the Federal Data Protection and Information Commissioner (FDPIC).