Privacy Notice
1. About this Privacy Notice
1. This is the privacy notice (“Notice”) of Swatch Ltd., Nicolas G. Hayek Strasse 1, 2502 Biel/Bienne, Switzerland (hereinafter “Swatch” or “we”). Swatch is the data controller for the purpose of this Notice.
2. This Notice, together with our Terms of Use, sets out the basis on which any personal data obtained as a result of your downloading, installing, or using the SwatchPAY! App (the “APP”) will be processed.
3. We will post any changes we may make to our Notice directly on the APP, on our Website or communicate them to you by email.
4. The Notice currently in place dates of April 30, 2024.
2. What personal data do we collect from you?
1. We only request the minimum amount of data needed to fulfil the requirements of the payment networks (payment card schemes such as Mastercard and Visa, token service providers, payment card issuers/banks, etc.) to provide the service of tokenizing consumers payment cards. No sensitive personal information will be logged by the APP.
2. We collect personal data that you provide to us by registering for an account, using interactive features, adding a payment card. Such personal data may consist of:
| Data | Source | Stored by Swatch | Transmitted to token service provider | Transmitted to payment card schemes |
|---|---|---|---|---|
| Email address | Cardholder/ Consumer | Yes | No | No |
| Primary Account Number (PAN) | Cardholder/ Consumer | Yes (first 8 digits only) | Yes | Yes |
| User Name | Cardholder/ Consumer | Yes | No | No |
| CVV / CVC | Cardholder/ Consumer | No | Yes | Yes |
| Card Expiration Date | Cardholder/ Consumer | No | Yes | Yes |
| Unique Identification Number | Swatch | Yes | Yes | No |
| Batch ID | Swatch | Yes | Yes | No |
| Last 4 Digits of PAN (FPAN) | Payment Card Network | No | Yes | No |
| Consumer Language | App - Cardholder/ Consumer | Yes | No | No |
Further details on the sharing of data with the token service provider and payment schemes are provided in Sct. 5.1 below.
3. Through your use of the APP, we may also gather certain automatically generated information about your use of the APP that does not identify you individually. We may collect and store such information automatically whenever you interact with the APP. For example, we may collect information about your mobile device, i.e. operatingon system type and version and the hardware model, your IP address, device ID or preferred language every time you visit the APP. We may also collect information regarding customer APP usage patterns. This information does not, however, contain anything that can personally identify you; it is used to analyze and improve the APP and to provide our customers with a fulfilling APP experience.
4. Please note that no data collected from you or your mobile phone is permanently stored locally on the APP or your mobile phone. If you choose to enable alternative authentication, email and password will be stored in iOS or Android protected secure storage.
3. On which basis do we process your personal data?
1. We process your personal data for the purposes indicated or obvious at the time of collection and (i) which is necessary for the performance of a contract, in particular to provide you with the wallet payment system and tokenization of your payment card, or (ii) to which you have agreed, for example by checking a box ; or (iii) for which we are required by applicable laws, for example to comply with data retention requirements regarding data relevant for financial reporting; or (iv) for which we rely on other legitimate interests, which include:
1. delivering and improving our products or services;
2. management of customer, client, vendor and other relationships, sharing intelligence with internal stakeholders, implementing safety procedures, and planning and allocate resources and budget;
3. monitoring, detecting and protecting the organization, its systems, network, infrastructure, computers, information, intellectual property and other rights from unwanted security intrusion, unauthorized access, disclosure and acquisition of information, data and system breaches, hacking, industrial espionage and cyberattacks;
4. protecting and developing industry standards; sharing intelligence about individuals or concerns that may have a negative or detrimental impact; and following industry best practices; or
5. complying with industry standards, regulatory requirements and other requirements related to fraud prevention and anti-money laundering.
4. For which purposes do we process your personal data?
We process your personal data for the following purposes:
1. If you register an account with us, then we process the data required to fulfil the requirements of the payment networks (card payment schemes such as Mastercard and Visa, token service provider(s), payment card issuers/banks, etc,) in order to provide the service of tokenizing consumers payment cards to your SwatchPAY! watch and thereby enabling the payment feature of your SwatchPAY! watch.
2. We process your personal data also to comply with and enforce applicable legal requirements, our Terms of Use, relevant industry standards, contractual obligations and our policies.
5. To whom do we disclose and transfer your personal data?
1. We may disclose your personal data to the following recipients or categories of recipients acting on our behalf and/or as partners (processors): Our third party service providers, limited to the purpose of the execution of their obligations; they are contractually bound to adhere to an adequate level of data protection when processing your personal data.
Our token service provider is Fidesmo AB, Regeringsgatan 111, 11139 Stockholm, Sweden (“Fidesmo”). Fidesmo is authorized and certified to act as token service provider by Mastercard and Visa as payment card schemes. This means that Fidesmo provides the services which allow your payment card to be tokenized with SwatchPAY! and which ultimately enable the payment features of your SwatchPAY! watch. To this purpose, Fidesmo will receive and process, for the purposes named above, (i) certain data that you enter into the APP, as specified in Sct. 2.2 above; (ii) certain data that will be provided by the payment card schemes (Mastercard and Visa) to Fidesmo and which will be processed by Fidesmo according to the rules and security obligations issued by such payment card schemes, in order to carry out the tokenization services.
Fidesmo will provide certain data that you enter on the APP to the payment card schemes (Mastercard and Visa), as specified in Sct. 2.2, in order to provide the tokenization services and to ultimately enable the payment features of your SwatchPAY! watch. We may disclose your personal data if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Swatch, our customers, or others. This includes exchanging data with other companies and organizations for the purposes of fraud protection and credit risk reduction.
2. We may internationally transfer your personal data, including to countries that are not considered providing an adequate level of data protection by the relevant regulatory bodies, for example to countries not considered by the European Commission or the Swiss Federal Data Protection and Information Commissioner to be providing such level. In such case, we ensure the adequate protection of your personal data by having the recipients adhere to binding contractual obligations in accordance with applicable standards approved by the relevant regulatory bodies or by relying on other safeguards, such as self-certifications, approved by the relevant regulatory bodies. You may contact us for a copy of the contractual and other safeguards in place (see section 9 below).
6. For how long do we process your personal data?
We process your personal data:
1. Data stored according to Sct. 2.2 above, until you entirely stop using the App and the related tokenization services, for example until you delete your account and/or delete the APP on your mobile device;
2. For as long as laws require us, e.g. legal retention obligations based on bookkeeping or tax laws and regulations.
7. When do we require your personal data?
If you wish to download and install the APP in order to use the contactless payment system embedded in your APP, then we have to obtain from you certain personal data in order to allow us to enter into the underlying contract, for example, your user name, email address, payment information or contact information (more details in Sct. 2.2 above. Should you decide not to provide us the required information, we may not conclude this contract with you and your use of the contactless payment system will not be possible.
8. What are your rights?
1. You have the right
1. to request from us access to and rectification or deletion of your personal data;
2. to request us to restrict the processing of your personal data, in particular to object to the processing of your personal data for direct marketing purposes; and
3. to request from us to provide you or any person or entity you appointed with a digital file of your personal data (data portability).
2. You may withdraw your consent that allows us to process your personal data for the indicated purposes at any time by deleting your account via the APP. Note that the processing of such data is necessary to enter into the underlying contract and to allow Swatch to provide the service of tokenizing consumers payment cards to your SwatchPAY! watch; if you delete your account, we will not able to provide such service anymore.
3. To exercise the above rights, you may contact us as indicated below. Please note you have the ability in the settings menu of the APP to download what data is stored about you. This function collects all data stored about the customer/user as the user management system and provides a link to a PDF file. This function will not display data stored by the respective payment network token service providers or issuing bank systems as Swatch does not have access to these systems.
4. You may at any time delete your account and create a new one with corrected information. You also have the ability to change your email address stored in the system. Furthermore, payment card tokens, if found by the consumer to be incorrect, can be deleted anytime and new tokens can be created by using a SwachPAY! box.
9. How can you contact us?
For any questions or to exercise your rights, you may contact us as follows:
Postal address: Swatch Ltd., Nicolas G. Hayek Strasse 1, 2502 Biel/Bienne, Switzerland
Telephone number: +41 32 321 21 21
connect@swatch.com