tiun.
Get a demo

Privacy Policy

1. Overview

tiun has developed this privacy statement to explain how tiun AG, as a data controller, may collect, retain, process, share and transfer your personal data when you visit our sites or use our services. This privacy statement applies to your personal data when you use the tiun services.

This privacy statement is designed to help you obtain information about our privacy practices and understand your privacy choices when you use our services.

This privacy statement is aligned with the EU General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DPA). However, the application of these laws depends on each individual case.

Please contact us if you have questions about our privacy practices that are not addressed in this privacy statement or to exercise your rights under Clause 11 as follows:

tiun AG
C/O ZWEIG
Technoparkstrasse 6
8005 Zürich
Switzerland

[email protected]

2. What personal data do we collect?

We collect personal data about you when you visit our sites or use our services, including the following:

  • Technical data – When you use our sites or use our service, we collect the IP address of your terminal device and other technical data in order to ensure the functionality and security of these offerings. This data includes logs with records of the use of our systems. We generally keep technical data for 6 months. In order to ensure the functionality of these offerings, we may also assign an individual code to you or your terminal device (for example as a cookie, see Section 8). Technical data as such does not permit us to draw conclusions about your identity. However, technical data may be linked with other categories of data (and potentially with your person) in relation to registrations or transactions. Further, Local Storage of your browser may be used to store connection states. We will only set a state in your local storage where this is necessary from a technical point of view. We will delete the state from the local storage when you actively disconnect from the Service. Also, any state that does not include an active connection and has been inactive for more than 90 days will also be automatically deleted.
  • Registration and use information – When you register to use our services by establishing an account, we will collect personal data as necessary to offer and fulfil the services you request. Depending on the services and location, we may require you to provide us with your name, postal address, telephone number, email address and identification information to establish an account. We may require you to provide us with additional personal data as you use our services.
  • Transaction and experience information – When you use our services or access our sites, for example, consume an online service from a third-party, we collect information about the transaction, as well as other information associated with the transaction such as amount paid for products or services, third-party information, including information about any funding instruments used to complete the transaction, device information, technical usage data, and geolocation information.
  • Add money to your accounts – If you use our services and add money to your account, we may collect personal data to facilitate the request.
  • Personal data that you choose to provide us to obtain additional services or specific online services – If you request or participate in an optional site feature, or request enhanced services or other elective functionality, we may collect additional information from you. We will provide you with a separate notice at the time of collection, if the use of that personal data differs from the uses disclosed in this privacy statement.
  • Personal data about you from third-party sources – We obtain information such as e-mail-address, full name and payment tokens from third-party sources such as payment providers, merchants, data providers, and credit bureaus, where permitted by law.
  • Other information we collect related to your use of our sites or services – We may collect additional information from or about you when you communicate with us, contact our customer support teams or respond to a survey.

3. How long do we process your data?

We process your data for as long as our processing purposes, the legal retention periods and our legitimate interests in documentation and keeping evidence require it or storage is a technical requirement. If there are no contrary legal or contractual obligations, we will delete or anonymize your data once the storage or processing period has expired as part of our usual processes.

4. On what basis and for what purposes do we process your data?

We may process your personal data. Depending on the circumstances, we may rely on your consent or the fact that processing is necessary to fulfil a contract with you, or to comply with law. We may also process your personal data where we believe it is in our or others’ legitimate interests, taking into consideration your interests, rights and expectations.

If you have given us your consent to process your personal data for certain purposes (for example when registering to receive newsletters), we will process your personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.

As further outlined below, we primarily use collected data in order to provide the services necessary for the performance of our agreement with you, as well as in order to comply with our domestic and foreign legal obligations. You may be affected by our data processing in your capacity as an employee of such a client or business partner. In addition, in line with applicable law and where appropriate, we may process your personal data and personal data of third parties for the additional purposes, which are in our (or, as the case may be, any third parties') legitimate interest.

The purposes of our processing activities include:

  • To operate the sites and provide the services, including to:
    • Perform any pre-contractual obligation;
    • Initiate a payment, send or request money, or add money to an account;
    • Authenticate your access to an account;
    • Communicate with you about your account, the sites, the services, or tiun in general;
    • Create an account connection between your account and a third-party account or platform;
    • Starting and maintaining a session;
    • Monitoring your session to determine what and how long you used the service and its content to ensure fair and transparent billing;
    • Perform creditworthiness and other financial standing checks, evaluate applications, and compare information for accuracy and verification purposes;
    • Keep your account and financial information up to date.
  • To manage our business needs, such as monitoring, analyzing, and improving the services and the sites’ performance and functionality. For example, we analyze user behavior and perform research about the way you use our services.
  • To comply with our obligations and to enforce the terms of our sites and services, including to comply with all applicable laws and regulations.
  • For our legitimate interests, including to:
    • enforce the terms and conditions of our sites and services;
    • manage our everyday business needs, such as monitoring, analysing;
    • manage risk, fraud, and abuse of tiun services;
    • anonymise personal data in order to provide aggregated statistical data to third parties, including other businesses and members of the public, about how, when, and why users visit our sites and use our services;
    • conduct business to business marketing; and
    • provide personalised services (also called interest-based marketing) offered by tiun on third-party websites and online services. We may use your personal data and other information collected in accordance with this privacy statement to provide a targeted display, feature or offer to you on third-party websites.
  • With your consent, including to:
    • To market tiun products and services and the products and services of unaffiliated businesses. We may also process your personal data to tailor the marketing content and certain services or site experiences to better match your interests on tiun and other third-party websites.
    • To use cookies and other tracking technologies to provide a targeted display, feature, service or offer to you and/or to work with other third-parties such as merchants, advertising or analytics companies to provide these personalised services (also called interest-based marketing).
    • To provide you with location-specific options, functionality or offers. We will use this information to enhance the security of the sites and services and provide you with location-based services, such as advertising, search results, and other personalized (also called interest-based marketing) content.
    • To respond to your requests, for example to contact you about a question you submitted to our customer service team.

5. Do we share personal data?

We may share your personal data or other information about you with others in a variety of ways as described in this section of the privacy statement. We may share your personal data or other information for the following reasons:

  • With other companies that provide services to us: We share personal data with third-party service providers (business partners) that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with services, send you advertisements for products and services, or provide customer support.
  • With other financial institutions: We share personal data with other financial institutions that we have partnered with to jointly create and offer our product. These financial institutions may only use this information to market and offer tiun-related products, unless you have given consent for other uses. We may also share personal data to process transactions, provide you with benefits associated with your eligible cards, and keep your financial information up to date.
  • With the other parties to transactions when you use the services, such as other users, merchants, and their service providers: We may share information about you and your account with the other parties involved in processing your transactions. This includes third-party services you are sending funds to. The information might include:
    • Personal data and usage data to facilitate current and future transactions.
    • Personal data to help other participant(s) resolve disputes and detect and prevent fraud.
    • Anonymous data and performance analytics to help merchants better understand the uses of our services and to help merchants enhance users’ experiences.
  • With other third parties for our business purposes or as permitted or required by law: We may share information about you with other parties for tiun’s business purposes or as permitted or required by law, including:
    • if we need to do so to comply with a law, legal process or regulations;
    • to law enforcement authorities or other government officials, or other third parties pursuant to a subpoena, a court order or other legal process or requirement applicable to tiun or tiun’s corporate family;
    • if we believe, in our sole discretion, that the disclosure of personal data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
    • to protect the vital interests of a person;
    • with credit agencies and data processors for credit reference checks and anti-fraud and compliance purposes;
    • to investigate violations of or enforce a user agreement or other legal terms applicable to any service;
    • to protect our property, services and legal rights;
    • to facilitate a purchase or sale of all or part of tiun’s business;
    • in connection with shipping and related services for purchases made using a service;
    • to banking partners as required by card association rules for inclusion on their list of terminated merchants;
    • to credit reporting and collection agencies;
    • to companies that we plan to merge with or be acquired by; and
    • to support our audit, compliance, and corporate governance functions.
  • With your consent: We will also share your personal data and other information with your consent or direction, including if you authorize an account connection (start session) with a third-party account or platform.

In addition, tiun may provide aggregated statistical data to third-parties, including other businesses and members of the public, about how, when, and why users visit our sites and use our services. This data will not personally identify you or provide information about your use of the sites or services. We do not share your personal data with third parties for their marketing purposes without your consent.

6. How do we work with other services and platforms?

A significant benefit and innovation of tiun’s services is that you can connect your tiun account or an alternative payment method with a third-party service. For the purposes of this privacy statement, an “account connection” with such a third-party is a connection you authorise or enable between your account and the business partner platform. When you authorise such a connection, tiun and the third-party will exchange your personal data and other information directly.

If you choose to create an account connection, we may receive information from the third-party about you and your use of the third-party’s service. For example, if you connect your account to that of one of our business partners in media, we will receive personal data from the media provider via the account connection. If you connect your account to other financial accounts, directly or through a third-party service provider, we may have access to your account balance and transactional information, such as purchases, funds transfers, and payment information that we may store.

Information that we share with a third-party based on an account connection will be used in accordance with the third-party’s privacy practices. Before authorizing an account connection, you should review the privacy notice of any third-party that you authorized to have an account connection that will gain access to your personal data as part of the account connection.

7. Is your personal data disclosed abroad?

As explained in Clause 5 and 6, we disclose data to other parties. These are not all located in Switzerland. Your data may therefore be processed both in Europe and in exceptional cases, in any country in the world.

If a recipient is located in a country without adequate statutory data protection, we require the recipient to undertake to comply with data protection (for this purpose, we use the revised European Commission’s standard contractual clauses, which can be accessed here), unless the recipient is subject to a legally accepted set of rules to ensure data protection and unless we cannot rely on an exception. An exception may apply for example in case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires disclosure, if you have consented or if data has been made available generally by you and you have not objected against the processing.

8. How do we use cookies and tracking technologies?

When you visit our sites, use our services, or visit a third-party website for which we provide online services, we and our business partners and vendors may use cookies and other tracking technologies (collectively, “cookies”) to recognize you as a user and to customize your online experiences, the services you use, and other online content and advertising; measure the effectiveness of promotions and perform analytics; and to mitigate risk, prevent potential fraud, and promote trust and safety across our sites and services. Certain aspects and features of our services and sites are only available through the use of cookies, so if you choose to disable or decline cookies, your use of the sites and services may be limited or not possible.

Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. We do not respond to DNT signals.

9. What privacy choices are available to you?

You have choices when it comes to the privacy practices and communications described in this privacy statement. Many of your choices may be explained at the time you sign up for or use a service or in the context of your use of a site. You may be provided with instructions and prompts within the experiences as you navigate the services.

  • Choices relating to the personal data we collect
    • You may decline to provide personal data when it is requested by tiun, but certain services or all of the services may be unavailable to you.
    • The device you use to access the sites or services may collect information about you, including geolocation information and usage data that tiun may then collect and use. For information about your ability to restrict the collection and use of such information, please use the settings available in the device. In this case certain services or all of the services may be unavailable to you.
  • Choices related to cookies
    • Online tracking and Interest-based marketing. We work with partners and third-party service providers.You can opt-out of third-party advertising-related cookies and web beacons, in which case our advertising should not be targeted to you. You will continue to see our advertising on third party websites.
    • You may have options available to manage your cookies preferences. For example, your browser or internet device may allow you to delete, disable, or block certain cookies and other tracking technologies.
    • You can learn more by visiting AboutCookies.org. You may choose to enable these options, but doing so may prevent you from using many of the core features and functions available on a service or site.
    • You may have an option regarding the use of cookies and other tracking technologies when you use a service or visit parts of a site. For example, you may be asked if you want the service or site to “remember” certain things about you, and we will use cookies and other tracking technologies to the extent that you permit them.
  • Choices relating to your registration and account information
    • If you have an account, you generally may review and edit personal data by logging in and updating the information directly or by contacting us. Contact us if you do not have an account or if you have questions about your account information or other personal data.
  • Choices relating to communication
    • Promotional Marketing: We may send you marketing content about our sites, services, products, products we jointly offer with financial institutions, as well as the products and services of unaffiliated third parties and members of the tiun corporate family through various communication channels, for example, email, text, pop-ups, push notifications, and messaging applications. You may opt out of these marketing communications we send by following the instructions in the communications you receive.
    • Informational and Other: We will send communications to you that are required or necessary to send to users of our services, notifications that contain important information and other communications that you request from us. You may not opt out of receiving these communications. However, you may be able to adjust the media and format through which you receive these notices.

10. How do we protect your personal data?

We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your personal data against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to data centres, and information access authorization controls. While we are dedicated to securing our systems and services, you are responsible for securing and maintaining the privacy of your password(s) and account/profile registration information and verifying that the personal data we maintain about you is accurate and current. We are not responsible for protecting any personal data that we share with a third-party based on an account connection that you have authorized.

11. What are your rights?

In accordance with and as far as provided by applicable law (as is the case where the GDPR is applicable), you have the right to access, rectification and erasure of your personal data, the right to restriction of processing or to object to our data processing, in particular for direct marketing purposes, for profiling carried out for direct marketing purposes and for other legitimate interests in processing in addition to right to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims. If exercising certain rights will incur costs on you, we will notify you thereof in advance. We have already informed you of the possibility to withdraw consent above. Please further note that the exercise of these rights may be in conflict with your contractual obligations and this may result in consequences such as premature contract termination or involve costs. If this is the case, we will inform you in advance unless it has already been contractually agreed upon.

In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents where your identity is not evident otherwise or can be verified in another way). In order to assert these rights, please contact us at the addresses provided in Clause 1 above.

In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner.

12. Can children use our services?

The sites and services are not directed to children under the age of 16. We do not knowingly collect information, including personal data, from children or other individuals who are not legally able to use our sites and services. If we obtain actual knowledge that we have collected personal data from a child under the age of 16, we will promptly delete it, unless we are legally obligated to retain such data. Contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of 16.

13. What else should you know?

Changes to this privacy statement.

We may revise this privacy statement from time to time to reflect changes to our business, the sites or services, or applicable laws. The version published on this website is the current version.

We may notify users of the change using email or other means.