tiun has developed this privacy statement to explain how tiun AG, as a data controller, may collect, retain, process, share and transfer your personal data when you visit our sites or use our services. This privacy statement applies to your personal data when you use the tiun services.
This privacy statement is designed to help you obtain information about our privacy practices and understand your privacy choices when you use our services.
This privacy statement is aligned with the EU General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DPA). However, the application of these laws depends on each individual case.
Please contact us if you have questions about our privacy practices that are not addressed in this privacy statement or to exercise your rights under Clause 11 as follows:
tiun AG
C/O ZWEIG
Technoparkstrasse 6
8005 Zürich
Switzerland
We collect personal data about you when you visit our sites or use our services, including the following:
We process your data for as long as our processing purposes, the legal retention periods and our legitimate interests in documentation and keeping evidence require it or storage is a technical requirement. If there are no contrary legal or contractual obligations, we will delete or anonymize your data once the storage or processing period has expired as part of our usual processes.
We may process your personal data. Depending on the circumstances, we may rely on your consent or the fact that processing is necessary to fulfil a contract with you, or to comply with law. We may also process your personal data where we believe it is in our or others’ legitimate interests, taking into consideration your interests, rights and expectations.
If you have given us your consent to process your personal data for certain purposes (for example when registering to receive newsletters), we will process your personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.
As further outlined below, we primarily use collected data in order to provide the services necessary for the performance of our agreement with you, as well as in order to comply with our domestic and foreign legal obligations. You may be affected by our data processing in your capacity as an employee of such a client or business partner. In addition, in line with applicable law and where appropriate, we may process your personal data and personal data of third parties for the additional purposes, which are in our (or, as the case may be, any third parties') legitimate interest.
The purposes of our processing activities include:
We may share your personal data or other information about you with others in a variety of ways as described in this section of the privacy statement. We may share your personal data or other information for the following reasons:
With other companies that provide services to us: We share personal data with third-party service providers (business partners) that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with services, send you advertisements for products and services, or provide customer support.
With other financial institutions: We share personal data with other financial institutions that we have partnered with to jointly create and offer our product. These financial institutions may only use this information to market and offer tiun-related products, unless you have given consent for other uses. We may also share personal data to process transactions, provide you with benefits associated with your eligible cards, and keep your financial information up to date.
With the other parties to transactions when you use the services, such as other users, merchants, and their service providers: We may share information about you and your account with the other parties involved in processing your transactions. This includes third-party services you are sending funds to. The information might include: - Personal data and usage data to facilitate current and future transactions. - Personal data to help other participant(s) resolve disputes and detect and prevent fraud. - Anonymous data and performance analytics to help merchants better understand the uses of our services and to help merchants enhance users’ experiences.
With other third parties for our business purposes or as permitted or required by law: We may share information about you with other parties for tiun’s business purposes or as permitted or required by law, including: - if we need to do so to comply with a law, legal process or regulations; - to law enforcement authorities or other government officials, or other third parties pursuant to a subpoena, a court order or other legal process or requirement applicable to tiun or tiun’s corporate family; - if we believe, in our sole discretion, that the disclosure of personal data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity; - to protect the vital interests of a person; - with credit agencies and data processors for credit reference checks and anti-fraud and compliance purposes; - to investigate violations of or enforce a user agreement or other legal terms applicable to any service; - to protect our property, services and legal rights; - to facilitate a purchase or sale of all or part of tiun’s business; - in connection with shipping and related services for purchases made using a service; - to banking partners as required by card association rules for inclusion on their list of terminated merchants; - to credit reporting and collection agencies; - to companies that we plan to merge with or be acquired by; and - to support our audit, compliance, and corporate governance functions.
With your consent: We will also share your personal data and other information with your consent or direction, including if you authorize an account connection (start session) with a third-party account or platform.
In addition, tiun may provide aggregated statistical data to third-parties, including other businesses and members of the public, about how, when, and why users visit our sites and use our services. This data will not personally identify you or provide information about your use of the sites or services. We do not share your personal data with third parties for their marketing purposes without your consent.
A significant benefit and innovation of tiun’s services is that you can connect your tiun account or an alternative payment method with a third-party service. For the purposes of this privacy statement, an “account connection” with such a third-party is a connection you authorise or enable between your account and the business partner platform. When you authorise such a connection, tiun and the third-party will exchange your personal data and other information directly.
If you choose to create an account connection, we may receive information from the third-party about you and your use of the third-party’s service. For example, if you connect your account to that of one of our business partners in media, we will receive personal data from the media provider via the account connection. If you connect your account to other financial accounts, directly or through a third-party service provider, we may have access to your account balance and transactional information, such as purchases, funds transfers, and payment information that we may store.
Information that we share with a third-party based on an account connection will be used in accordance with the third-party’s privacy practices. Before authorizing an account connection, you should review the privacy notice of any third-party that you authorized to have an account connection that will gain access to your personal data as part of the account connection.
As explained in Clause 5 and 6, we disclose data to other parties. These are not all located in Switzerland. Your data may therefore be processed both in Europe and in exceptional cases, in any country in the world.
If a recipient is located in a country without adequate statutory data protection, we require the recipient to undertake to comply with data protection (for this purpose, we use the revised European Commission’s standard contractual clauses, which can be accessed here), unless the recipient is subject to a legally accepted set of rules to ensure data protection and unless we cannot rely on an exception. An exception may apply for example in case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires disclosure, if you have consented or if data has been made available generally by you and you have not objected against the processing.
When you visit our sites, use our services, or visit a third-party website for which we provide online services, we and our business partners and vendors may use cookies and other tracking technologies (collectively, “cookies”) to recognise you as a user and to customize your online experiences, the services you use, and other online content and advertising; measure the effectiveness of promotions and perform analytics; and to mitigate risk, prevent potential fraud, and promote trust and safety across our sites and services. Certain aspects and features of our services and sites are only available through the use of cookies, so if you choose to disable or decline cookies, your use of the sites and services may be limited or not possible.
Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. We do not respond to DNT signals.
You have choices when it comes to the privacy practices and communications described in this privacy statement. Many of your choices may be explained at the time you sign up for or use a service or in the context of your use of a site. You may be provided with instructions and prompts within the experiences as you navigate the services.
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your personal data against loss, misuse, unauthorised access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to data centres, and information access authorisation controls. While we are dedicated to securing our systems and services, you are responsible for securing and maintaining the privacy of your password(s) and account/profile registration information and verifying that the personal data we maintain about you is accurate and current. We are not responsible for protecting any personal data that we share with a third-party based on an account connection that you have authorised.
In accordance with and as far as provided by applicable law (as is the case where the GDPR is applicable), you have the right to access, rectification and erasure of your personal data, the right to restriction of processing or to object to our data processing, in particular for direct marketing purposes, for profiling carried out for direct marketing purposes and for other legitimate interests in processing in addition to right to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims. If exercising certain rights will incur costs on you, we will notify you thereof in advance. We have already informed you of the possibility to withdraw consent above. Please further note that the exercise of these rights may be in conflict with your contractual obligations and this may result in consequences such as premature contract termination or involve costs. If this is the case, we will inform you in advance unless it has already been contractually agreed upon.
In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents where your identity is not evident otherwise or can be verified in another way). In order to assert these rights, please contact us at the addresses provided in Clause 1 above.
In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner.
The sites and services are not directed to children under the age of 16. We do not knowingly collect information, including personal data, from children or other individuals who are not legally able to use our sites and services. If we obtain actual knowledge that we have collected personal data from a child under the age of 16, we will promptly delete it, unless we are legally obligated to retain such data. Contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of 16.
Changes to this privacy statement.
We may revise this privacy statement from time to time to reflect changes to our business, the sites or services, or applicable laws. The version published on this website is the current version.
We may notify users of the change using email or other means.