Skip to content
eyeem-100302377-p-80288377

PRIVACY POLICY

SWISS4 TAKES PRIVACY SERIOUSLY.

This Privacy Notice explains why and how we collect and process information about our prospective, current and former clients, the lawful basis for the use of these data and what your rights aware in relation to such processing and how you can exercise them.

We always process Personal Data for a specific purpose and within applicable legal limitations.


  1. ABOUT US

    SWISS4.0 SA (hereafter “Swiss4”, us”, "we”, or our”) is a Geneva based company. We offer digital financial services as well as lifestyle management through the Swiss4 mobile application (our “App”) and services that we may offer from time to time (together with our App, our “Services”) and which are linked to a Swiss4 client account (“the Account”).
    Versions of this Notice in other languages (French, Italian or German) can be found on our Website (www.swiss4.com). The French version shall prevail in case of contradiction between the different versions.

  2. WHAT DOES THIS NOTICE COVER?

    This Notice applies to all forms of use (“processing”) of personal information about natural and legal persons provided or obtained by Swiss4 (“Personal Data”), including information about our prospective, current and former clients (“you”, “Client” or “our Clients”).

  3. WHAT TYPES OF PERSONAL DATA DO WE COLLECT?

    For prospective clients, current and former clients with whom we take steps to establish a business relationship, we collect (to the extent permitted by applicable law):

    • Personal details such as name, identification number, date and place of birth, nationality, compliance related documents (including a copy of national identity card or passport, photo, video and voice recordings);
    • Contact data such as phone number, address and electronic address;
    • For legal obligations and anti-money laundering purposes; financial information, including payment and transaction records, information relating to our clients’ assets (including fixed properties), wealth constitution, financial statements, liabilities, taxes, revenues, earnings and investments (including investment objectives) as well as family details such as the name of the spouse, partner or children;
    • Tax domicile and other tax-related documents and information;
    • Professional information, such as name of employer, industry, job title, directorship and/or information related to company ownership, work experience and background;
    • Details of our clients interactions with the products and services used, including electronic interactions across various channels such as e-mails and mobile applications;
    • Any records of phone calls we have with our clients, specifically phone log information such as phone number, calling-party number, receiving-party number, forwarding numbers, time and date of calls and messages, duration of calls, routing information, and types of calls;
    • Identifiers we assign to our clients, such as client number, business relation, contract, account number, including identifiers for accounting purposes;
    • When our clients access Swiss4 websites or some parts of our applications, including those of our subcontractors, the activity and data transmitted by the browser or device used are automatically recorded by our server or those of our subcontractors, including date and time of the access, name of the accessed file as well as the transmitted data volume, the performance of the access, the device and the web browser used, browser language and requesting domain, and IP address (additional data will only be recorded via our website if their disclosure is made voluntarily, e.g., in the course of a registration or request); and
    • In some cases (where permitted by law), special categories of Personal Data, such as biometric information, political relations or affiliations health information and, to the extent legally possible, information relating to criminal convictions or offences.

      We may use cookies, tracking technologies and other means (e.g., web beacons, pixels, gifs, tags, unique identifiers) to collect and process the above information from different channels and devices used, including e-mail and devices that are used to interact with us to access Swiss4 websites, Swiss4 services and applications for mobile devices.

      For our usage of cookies and other tracking technologies in relation to Swiss4 websites and our Services please refer to the Swiss4 Website Usage and Cookie Notice available in Appendix 1.

      We may use Personal Data for analytics and measurement (incl. machine learning) to process the above information, including profiling based on the processing of Personal Data, for instance by looking at information we obtain via cookies and tracking technologies.

      In some cases, we collect this information from public registers, public administration or other third-party or public sources, such as wealth screening services, credit reference agencies, fraud prevention agencies, intermediaries that facilitate data portability.

      Please note that that our Services are not intended to be used by minors. Please do not provide us with any personal data relating to a person under the age of 18, without being his or her legal guardian.

  4. WHY DO WE PROCESS PERSONAL DATA?

    We always process Personal Data for a specific purpose and only process the Personal Data which is relevant to achieve that purpose. In particular, we process Personal Data, within applicable legal limitations, for the following purposes:

    1. Client Onboarding. For example:

      To verify our client identity and assess the onboarding application. For legal and regulatory compliance checks (for example, to comply with anti-money laundering regulations, and prevent fraud), please see section e) below.

    2. Client relationship management. For example:

      Manage clients’ relationship, including communicating with our client in relation to our services and our business partners and suppliers, handling client service-related queries and complaints, facilitating debt recovery activities, tracing whereabouts, and closing account (in accordance with applicable law).

      Help us to learn more about our clients, such as preferences on the products and services received or requested, including those offered by us and our business partners and suppliers, as well as the services our clients may be interested in receiving. It could include profiling based on the processing of personal data and information we obtain via tracking technology and our clients preferred settings.

      Collect and analyse our clients personal or anonymous activity and potential interests in the use of our products and services, the Swiss4 website and the Swiss4 app.

    3. Services implementation and execution. For example:

      Provide services to our clients and ensuring their proper execution, for instance by ensuring that we can identify our clients and make payments to and from client’s accounts in accordance with the instructions.

      Provide it solutions to our clients and ensure their proper execution in accordance with the instructions and the contractual arrangements, for instance by providing incident management and testing directly connected to the provision of the service, or by supporting our controller obligations regarding personal data storage, legal and regulatory compliance, audit activity and investigations.

    4. Business development and enhancing the Swiss4 brand. For example:

      Evaluate whether and how Swiss4 may offer services and events, including those offered by us and our other business partners and suppliers, that may be of interest to our clients.

      Contact our clients for direct marketing purposes about products and services we think will be of interest, including those offered by us, the Swiss4 Group, our business partners and suppliers.

    5. Compliance and Risk Management, including Crime Prevention, Detection and Investigation linked to laws of the financial sector, anti-money laundering and tax laws. For example:

      Carry out legal and regulatory compliance checks in particular as part of the onboarding process and periodic compliance checks to apply a risk classification and monitoring of ongoing business relationships.

      Meet our on-going regulatory and compliance obligations, such as recording and monitoring communications, disclosures to relevant authorities (tax, financial service regulators and other regulatory, judicial and governmental bodies) and in proceedings, investigating or preventing crime.

      Receive and handle complaints, requests or reports from our clients or third parties made to designated units within Swiss4.

      Reply to any actual or potential proceedings, requests or the inquiries of a public or judicial authority.

    6. Supporting, Enhancing and Maintaining Swiss4’s technology to:

      Take steps to improve our products and services and our use of technology, including testing and upgrading of systems and processes, and conducting market research to understand how to improve of our existing products and services or learn about other products and services we can provide.

      Analyse the results of our marketing activities to measure their effectiveness and relevance of our campaigns.

    7. Other purposes. For example:

      To administer and manage our business in general, to detect and prevent misuse of our App (including fraud and unauthorised operations).

      To enforce our Terms and Conditions or any other contract to which we may be a party.

      For the Swiss4 prudent operational management (including compliance and risk management, technological support services, reporting, insurance, audit, systems and products training and administrative purposes).

      To enable a transfer, merger or disposal to a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer, merger or disposal of part or all of Swiss4’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it.

      To undertake transactional and statistical analysis, and related research; or

      To exercise our duties and/or rights vis-à-vis our clients or third parties.

  5. CONSENT AND BANKING SECRECY WAIVER

    When opening a Swiss4 account, our clients explicitly consent to the processing of their data collected, provided or made available in connection with the services offered and in accordance of the terms of this Notice.

    Our clients further release Swiss4 (including our directors, employees and agents) from the banking secrecy and confidentiality obligations for the processing of client data in accordance of the terms of this Notice and particularly in case that disclosure of such data is required:

    • To safeguard our legitimate interests (e.g. to defend ourselves against legal claims).
    • To perform transactions and other services on our clients behalf, including to third parties in Switzerland and/or abroad as described in Section 8.
    • To exchange information between other stakeholders involved in the performance of Swiss4 services or legal duties (e.g. risk management and compliance purposes); and/or
    • For security purposes (e.g. protection against fraudulent activities).

  6. HOW DO WE PROTECT PERSONAL DATA?

    All Swiss4 employees accessing Personal Data must comply with our internal rules and processes in relation to the processing of Personal Data to protect them and ensure their confidentiality. We have also implemented adequate technical and organisational measures to protect Personal Data against unauthorised, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing. However, our clients must be aware that no transmission of information via the Internet or electronic storage is ever completely secure, and you accept that the use of the Swiss4 App involves such risks. Our clients must at all times follow the duties of care described in our General Terms and Conditions to mitigate security risks.

  7. HOW LONG DO WE STORE YOUR DATA?

    We will only retain Personal Data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. To help us do this, we apply criteria to determine the appropriate periods for retaining Personal Data depending on its purpose. In general, although there may be limited exceptions, data is kept for 10 years after the end of the contract or the execution of the transaction, reflecting the length of time for which legal claims may be made.

    As far as necessary, we will keep our clients’ data for the duration of our contractual relationship subject to applicable legal and regulatory requirements. In addition, we might process your data after the termination of our contractual relationship for compliance or risk management in accordance with the applicable laws as well as pursuant to various retention and documentation obligations or if it is in Swiss4’ legitimate interest.

    Swiss4 can also record external and internal telephone calls of all employees for trainings and evidential purposes. If you wish to have your Personal Data removed from our databases, you can make a request as described in Section 10 below, which we will review as set out therein.

  8. WHO HAS ACCESS TO PERSONAL DATA AND WITH WHOM ARE THEY SHARED?
    1. Within Swiss4

      We usually share Personal Data within Swiss4, for the purposes indicated in Section 4, to ensure a consistently high service standard, and to provide services and products to our clients.

    2. Outside Swiss4

      Third Parties. We transfer Personal Data to other financial services institutions, to our professional advisers and consultants, and to our business partners, including subcontractors, when necessary to perform the business relationship. In particular when providing products and services to our clients, we will share Personal Data with persons acting on your behalf or otherwise involved (depending on the type of product or service you receive from us), including, where relevant the following types of companies:

      • card payment and platform providers;
      • payment recipients, beneficiaries, account nominees, intermediaries, correspondent and agent banks (including custodian banks);
      • clearing houses, and clearing or settlement systems and specialised payment companies or institutions such as SWIFT;
      • our auditors.

      Suppliers and other Services Providers. In some instances, we also share Personal Data with our suppliers, who are contractually bound to confidentiality, such as IT hardware, software and outsourcing providers, logistics, mail, courier, printing services and storage providers, marketing and communication providers, facility management companies, market data service providers, transportation and travel management providers and others. When we do so we take steps to ensure they meet our data security standards, so that Personal Data remains secure.

      Where Swiss4 transfers data to service providers processing data on Swiss4 behalf, we take steps to ensure they meet our data security standards, so that Personal Data remains secure. Service providers are thereby mandated to comply with a list of technical and organisational security measures, irrespective of their location, including measures relating to: (i) information security management; (ii) information security risk assessment and (iii) information security measures (e.g., physical controls; logical access controls; malware and hacking protection; data encryption measures; backup and recovery management measures).

      A list of our suppliers and other service providers is provided in Appendix 2.

      We will only disclose data to third parties in the extent necessary for the services requested or to fulfil our legal obligations. This will typically include identity and contact information or may also include data described in Section 3.

      Public or regulatory authorities. If required from time to time, we disclose Personal Data to public authorities, regulators or governmental bodies, courts or party to proceedings, where we are required to disclose information by applicable law or regulation, under a code of practice or conduct, at their request, or to safeguard our legitimate interests.

    3. Others

      We may need to disclose Personal Data to exercise or protect legal rights, including ours and those of our employees or other stakeholders, or in response to requests from individuals or their representatives who seek to protect their legal rights or such rights of others;

      A potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of Swiss4’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it;

      Any other legitimate recipient required by applicable laws or regulations.

  9. INTERNATIONAL TRANSFERS OF DATA

    Swiss4’s Services are hosted on servers located in Switzerland. We also use cloud-hosted software solutions which are located in the EU and US for some services (e.g. concierge services).

    We only transfer Personal Data abroad to countries which are considered to provide an adequate level of data protection, or in the absence of such legislation that guarantees adequate protection, based on appropriate safeguards (e.g., standard contractual clauses adopted by the European Commission or another statutory exemption) provided by local applicable law.

    A copy of these measures can be obtained by contacting us (dataprotection@swiss4.com).

  10. WHAT ARE THE RIGHTS OF THE CONCERNED PERSONS AND HOW CAN THEY EXERCISE THEM?
    1. Rights

      Any concerned person has a right to access and to obtain information about their Personal Data that we process. If you believe that any information we hold about you is inaccurate or incomplete, you may also request the correction of your Personal Data. You also have the right to:

      • object to the processing of your Personal Data;
      • request the erasure of your Personal Data;
      • request restriction on the processing of your Personal Data; and/or
      • withdraw your consent where Swiss4 obtained your consent to process Personal Data (without this withdrawal affecting the lawfulness of any processing that took place prior to the withdrawal).

      When Personal Data is processed for direct marketing purposes, right to object extends to direct marketing, including profiling to the extent it is related to such marketing. You may object to direct marketing by clicking the unsubscribe link in any of our e-mails to you, or by emailing us (dataprotection@swiss4.com) at any time.

      Where we process Personal Data on the basis of your consent, or where such processing is necessary for entering into or performing our obligations under a contract with you, you may have the right to request your Personal Data be transferred to you (known as the ‘data portability’ right).

      You also have the right to ask Swiss4 for information regarding some or all of the Personal Data we collect and process about you.

      Swiss4 will honour such requests, withdrawal or objection as required under applicable data protection rules but these rights are not absolute and subject to legal retention obligations imposed to Swiss4. We will usually, in response to a request, ask you to verify your identity and/or provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.

      Where Swiss4 has transferred data to a third party, but the third party is required to delete the data, Swiss4 will, taking into account available technology and implementation costs, take reasonable steps, including technical steps, to inform the third-party data controllers of the clients’ request to delete any links to the data and any copies or reproductions thereof.

    2. Exercising your rights

      To exercise the above rights, please contact us by email or by post to the address SWISS4.0 SA, rue du Rhône 14, 1204 Geneva. To avoid delay in dealing with your request, please enclose with your signed letter a copy of your passport or identity card.

      If you are not satisfied with how we process your Personal Data, we would like to discuss it with you to understand how we can rectify the issue. If you would like to speak to us about our use of your Personal Data, you can contact us by email at dataprotection@swiss4.com.

  11. CHANGES TO PERSONAL DATA

    It is important and required by Swiss law that the client information we hold about our clients is accurate and up to date. Therefore, we ask our clients to keep us informed of any changes to their data during the relationship with us.

  12. NOTICE UPDATES

    We reserve the right to amend it from time to time. Any amendment or update to this Notice will make available to you in the legal section of the Swiss4 App and on our website (www.swiss4.com). Please visit this section frequently to understand the current Notice, as the terms of this Notice are closely related to you.

* * *

APPENDIX 1: WEBSITE USAGE AND COOKIE NOTICE

As you use the Swiss4 website or Swiss4 concierge App, we will collect your technical, usage and transaction data as described in section 3 above.

Some of this data is collected using cookies, beacons and similar technologies. Cookies are files with small amount of data which are sent to your browser (or device) from our Services and stored on your device.

We use the following cookies:

Cookie name What it is used for
bscookie Used by LinkedIn to track the use of embedded services.
__cfruid Used by the content network, Cloudflare, to identify trusted web traffic.
UserMatchHistory Set by LinkedIn for advertising pruposes, including: tracking visitors so that more relevant ads can be presented, allowing users to use the 'Apply with LinkedIn' or the 'Sign-in with LinkedIn' functions, collecting information about how visitors use the site, etc.
_ga ID used to identify users.
__hs_do_not_track Prevents the tracking code from sending any information to HubSpot.
__cf_bm Cloudflare's bot products identify and mitigate automated traffic to protect your site from bad bots.
__hssc Analytics session cookie.
lidc Used by the social networking service, LinkedIn, for tracking the use of embedded services.
li_sugr Used to make a probabilistic match of a user's identity outside the Designated Countries.
AnalyticsSyncHistory Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries.
__hssrc Used to determine if a session is a new session.
_ga_ELW9TT8MDR Used to persist session state.
__hstc Analytics tracking cookie.
__hs_cookie_cat_pref The HubSpot Cookie Banner's consent preferences cookie.
hubspotutk Contains visitor's identity.
li_gc Used to store guest consent to the use of cookies for non-essential purposes.
_cfuvid This cookie is used to apply rate limits to traffic and to distinguish individual users who share the same IP address.

You can remove cookies from your mobile device through the settings, but be aware that this may impact your ability to make use of some features on the App. Management of cookie settings varies from one mobile device to another.

We also use Google Analytics, a third party service provided by Google, to help us analyse user habits to help increase the functionality of our Services. The information will be used by Google only for the purpose of evaluating the use of our Services. Google Analytics has its own privacy notice, which can be viewed here.

APPENDIX 2: SWISS4'S SUB-PROCESSOR

Purpose Data disclosed Recipient
Provision of Swiss4 services All data in our possession. SWISS4.0 SA- Switzerland
Hosting our IT infrastructure All data in our possession, this provider manages and hosts customer data to meet regulatory requirements. Microsoft Azure - Switzerland
Market our services Holding an account with Swiss4. The people with whom you share your reference code.
Your data required for marketing purposes. Hubspot - United States1
Supporting web infrastructure and website security Website content and cookie management. Hubspot – United States1
To facilitate and secure communication between you and Swiss4 The security code is sent to your e-mail address, and one is sent to your telephone number. Twilio - Ireland
Manage communication between you and Swiss4, this could include your full name, email and phone number. Zendesk – Ireland or Frankfurt
Produce debit cards on physical media Your name, address, the fact that you have an Swiss4 Account, and any other information required to manufacture debit cards. NID SA - Switzerland
Process debit cards and other associated transactions
  • Transaction data: e.g. debit card and transaction reference number, expiry date, transaction and invoice amount, billing and invoice date and merchant information, as well as your contact details, including your name, address, nationality, telephone number and email address.
  • The recipients of the relevant payment will also be informed of your name.
Marqeta Inc. - United States1
MasterCard International (International card issuer)
Apple Pay (Providers of Mobile Payment Solutions)
Insurance linked to debit card All the information you will need to activate the benefits. Europ Assistance – Switzerland
Comply with domestic or foreign laws or market rules or our agreements with counterparties, brokers and other intermediaries we use to execute transactions and respond to requests from recipients Any information we consider necessary to:
  • comply with relevant laws, regulations, rules, agreements and requests.
  • respond to requests or provide information where we believe, in our sole discretion, that we are under a legal, regulatory or contractual obligation to do so.
Counterparties
Authorities and self-regulatory organisations
Comply with customer knowledge regulations All the information needed by providers to verify your identity: e.g. your full name, your ID with photo, all the information on your ID and biometric data. Intrum - Switzerland
All the information that providers need to verify your address, such as your full name and address. Post - Switzerland
Regulatory requirements regarding the transactional activities of customer Transaction data (e.g. debit card and transaction reference number, transaction and billing amount, statement and invoice date and merchant information, as well as your contact details, in particular your name, address, nationality, telephone number and e-mail address) In some cases (e.g. purchase of airline tickets, hotel bills, car rental, fuel purchases), your name will also be disclosed to the recipients of the relevant payment. Hawk:AI – Germany
To defend us in the event of a dispute with the customer (even if no court action or similar proceedings are brought against us). Any information that will enable us to establish our claims or defend ourselves against claims. Courts (including arbitration)
Public authorities and self-regulatory bodies
Press organisations requesting comments
Payments or transfers of financial instruments and other assets, whether domestic or cross-border Your name, address and e-mail address, IBAN (International Bank Account Number) or account number and any other information we deem, at our sole discretion, reasonably necessary to execute the payment or transfer. Correspondent banks and financial institutions
Payment transaction system operators (e.g. Swiss Interbank Clearing, SIC)
SWIFT (Society for Worldwide Interbank Financial Telecommunication)
Other third-party service providers commissioned to process payments
Beneficiaries of payments and the beneficiaries' bank or similar financial institution
Transfer and/or propose the transfer of our contractual relationship with you or any of its rights and/or obligations for the purposes of debt recovery or in connection with a securitisation. Any information about your relationship with us. Counterparties or intermediaries involved in the transaction (or evaluating a potential transaction)
Process push notifications The content of push notifications. Third parties that maintain servers through which push notifications are routed (such as device manufacturers, e.g. Apple, or operating system developers, e.g. Google)

1Standard Contractual Clauses will apply in accordance with the Swiss Federal Data Protection Act.