App Privacy Policy

Effective date: 06.08.2020

We (“SONECT“, “us”, “we”, or “our”) are committed to protecting your privacy and want you to feel secure when visiting the SONECT App (hereinafter referred to as the “App” or the “Service”). This page informs you of our policies regarding the collection, use and disclosure of Personal Data when you use our App and the choices you have associated with that Data. By using the App, you agree to the collection and use of information in accordance with this Policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

Definitions

  • Personal Data
    Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
  • Data Subject (or User)
    Data Subject is any living individual who is using our App and is the subject of Personal Data.
  • Data Controller
    Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.
  • Data Processors (or Service Provider)
    Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.

Personal Data We Collect

  • In Switzerland
    We collect the following types of Personal Data when you use our App.

    • Registration Details
      First and last name, Mobile phone number, Email address, IBAN, User credentials.First and last name as well as your mobile phone number have to be submitted in order to use the application. An IBAN must be provided in order to transfer any unused balance. User credentials need to be set for a secure login into the app. The submission of an Email address is optional.
    • Verification Data
      Nationality, Image of your face, Document type and number, Date of issuance, Issuing authority, Gender, Picture of your face.Verification Data may include Identification Documents.
    • Data for Anti-Money Laundering Controls
      Source of funds, Beneficial owner, Information pertaining to politically exposed persons (PEPs).Data for Anti-Money Laundering Controls may include all information necessary to comply with anti-money laundering regulations.
    • Usage Data
      IP Address (of the network server), Device Language, Location, Region, Time, ZIP Code, Device Brand, Device Family, Device Carrier, Device Manufacturer, Device Model, Device Type, In-App action/event, Operating System.We may use and store information about your usage of our App. We use Usage Data to provide features of our Service, to improve, protect and customise our Service.
    • Financial Transaction and Withdrawal Data
      Transaction geolocation, First and last name, Phone number, Transaction amount, Time and date.We process information about your financial transactions on the App to provide you with our Service, improve, protect and customise our Service, comply with the applicable regulations and prevent fraud.
    • Additional Data for special investigations and proof of data
      Diverse May include photos of the user’s face. In some cases Sonect is required to ask for a proof of certain data (e.g. an energy-bill as a proof of the address of the user) or is required to investigate the rightful use of it’s services (e.g. proof of the beneficial ownership of funds or the lawful ownership of a payment card). In case of special investigations or proof of data, Soenct is required to store this data.
  • In the European Union
    We collect the following types of Personal Data when you use our App.

    • Registration Details
      First name and last name, Mobile phone number, Date of Birth, Address, E-Mail Adress, IBAN, User credentials, PIN. First and last name as well as your mobile phone number have to be submitted in order to use the application. An IBAN must be provided in order to transfer any unused balance. User credentials need to be set for a secure login into the app. The submission of an Email address is optional.
    • Verification Data
      Nationality, Identification document Number, Issuance date, Issuing authority, Gender (if stated on the document), Copy of the Identification Document. Verification Data may include Identification Documents.
    • Data for Anti-Money Laundering Controls
      International data of official sanction lists PEP information. Data for Anti-Money Laundering Controls may include all information necessary to comply with anti-money laundering regulations.
    • Usage Data
      IP Address (of the network server), Device Language, Location, Region, Time, ZIP Code, Device Brand, Device Family, Device Carrier, Device Manufacturer, Device Model, Device Type, In-App action/event, Operating System. We may use and store information about your usage of our App. We use Usage Data to provide features of our Service, to improve, protect and customise our Service.
    • Financial Transaction and Withdrawal Data
      Transaction geolocation, First and last name, Phone number, Transaction amount, Time and date, Payment Method/Bank. We process information about your financial transactions on the App to provide you with our Service, improve, protect and customise our Service, comply with the applicable regulations and prevent fraud.
    • Additional Data for special investigations and proof of data
      Diverse May include photos of the user’s face. In some cases Sonect is required to ask for a proof of certain data (e.g. an energy-bill as a proof of the address of the user) or is required to investigate the rightful use of it’s services (e.g. proof of the beneficial ownership of funds or the lawful ownership of a payment card). In case of special investigations or proof of data, Sonect is required to store this data.

How We Collect Personal Data

  • General Data
    • Directly
      • Your registration on the App
        Explanation: We collect information about you when you register on our App.
        Personal Data collected: This information includes the Registration Details.
      • Your verification on the App
        Explanation: We collect information about you when you choose to verify your user account on our App.
        Personal Data collected: This information includes the Verification Details and the Data for Anti-Money Laundering Controls.
      • Your transactions on the App
        Explanation: We collect information about you when you choose to withdraw or send cash on our App.
        Personal Data collected: This information includes the Financial Transaction and Withdrawal Data.
      • Your use of the App
        Explanation: We keep track of certain information about you when you visit and interact with our App.
        Personal Data collected: This information includes the Usage Data.
      • Device and connection information
        Explanation: We collect information about your phone, tablet, or other devices you use to access the App.
        Personal Data collected: This information includes the Usage Data. How much of this information we collect depends on the type and settings of the device you use to access the App.
      • Cookies and other tracking technologies
        Explanation: We and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Services and devices.
        Personal Data collected: This information includes the Usage Data.
    • Indirectly
      • Other users of the App
        Explanation: Other users of our App may provide information about you when they use our Service.
        Personal Data collected: This information includes the Contact Details (as defined above in the Section “Personal Data We Collect”). For example, we may receive your phone number if a user of our App sends cash to you.
      • Other partners
        Explanation: We receive information about you and your activities on and off the App from third-party partners, such as advertising and market research partners who provide us with information about your interest in and engagement with, our Services and online advertisements.
        Personal Data collected: This information includes the Usage Data and Tracking and Cookies Data (as defined above in the Section “Personal Data We Collect”). For more information, please refer to the Section “Service Providers”.
  • Data for Anti-Money Laundering Controls
    • In Switzerland
      • Means of collection: Data for Anti-Money Laundering Controls
        Explanation: The Personal Data is processed to ensure compliance with the applicable anti-money laundering regulations. This data is collected directly from you during the verification process.
        Personal Data collected: This information included data regarding Anti-Money Laundering Controls. For more information, please refer to the Section “Data collection”.
    • In European Union
      • Means of collection: Data for Anti-Money Laundering Controls
        Explanation: The Personal Data is processed to ensure compliance with the applicable anti-money laundering regulations. This data is collected from official government agencies during the verification process when your identification documents are beeing processed.
        Personal Data collected: This information included data regarding Anti-Money Laundering Controls. For more information, please refer to the Section “Data collection”.

Sensitive Payment Data

We collect your IBAN when you register to the app and process it only when unused balance is paid back to you. In order to provide you with Sonect Services we may collect the name of your bank in order to process your transactions. Data about your Sonect transactions and withdrawals is processed as stated in the “Financial Transaction and Withdrawal Data” section of Paragraph 2.1. (Switzerland) and 2.2 (EU) and collected as set forth paragraph 3.1. Sonect processes and stores your payment data safely and securely by the means set forth in Paragraph 8. Sonect processes no other sensitive Payment Data than stated above. If we receive any information from your Bank, Financial Provider or Credit Card Company in order to perform our contractual obligations, it is pseudonymized, encrypted or masked at all time. Your login credentials are encrypted and cannot be accessed by Sonect.

Legal Basis and Purposes

Our legal basis for collecting and using the Personal Data described in this Privacy Policy depends on the Personal Data we collect and the specific purposes for which we collect it:

  • Contract
    Explanation: To perform our contractual obligations or take steps linked to a contract with you or your organisation.
    Purpose:

    • To register you as a SONECT Shop as instructed by you.
    • To provide and administer services as instructed by you.
    • To provide you with customer support.
  • Consent
    Explanation: We may rely on your freely given consent at the time you provided your Personal Data.
    Purpose: To provide you with news, special offers and general information about goods, services and events which we offer (with your explicit consent).
  • Legitimate interests
    Explanation: We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced.
    Purpose:

    • To provide and maintain our App, as well as to detect, prevent and address security threats.
    • To analyse, improve, personalise and monitor the usage of our App and communications.
    • To notify you about changes to our App and our Privacy Policy.
  • Public interest
    Explanation: To meet regulatory and public interest obligations.
    Purpose: To maintain records and conduct compliance checks, e.g. anti-money laundering, fraud and crime prevention.

Data Retention

We retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, and to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. We may also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.

Storage and Data Transfers

In Switzerland: We store your Personal Data on our servers in Switzerland
In the European Union: We store your Personal Data on our servers within the European Union.
We take all the steps reasonably necessary to ensure that no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your Personal Data. In particular, for transfers of Personal Data outside the EEA, contracts containing the EU Standard Contractual Clauses according to the EU Commission decisions of 27 December 2004 (2004/915/EC) and 05 February 2010 (C(2010)593) constitute appropriate and suitable safeguards to ensure compliance with GDPR.

Data Disclosure

We may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation (i.e. if required by law or in response to valid requests by public authorities, such as a court or government agency)
  • To protect and defend our rights or property
  • To prevent or investigate possible wrongdoing in connection with the App
  • To protect the safety of App visitors or the public
  • To protect ourselves against legal liability

If we are involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Data Security — Confidentiality

We take reasonable technical and organizational security measures that we deem appropriate in order to protect your stored data against manipulation, loss, or unauthorized third-party access. Our security measures are continually adapted to technological developments. We also take internal data privacy very seriously. Our employees and the service providers that we retain are required to maintain secrecy and to comply with applicable data protection legislation. In addition, they are granted access to personal data only insofar as this is necessary for them to carry out their respective tasks or mandate. Finally, we take all the steps reasonably necessary to ensure that no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your Personal Data. The following table of technical and organizational measures describes the steps we have taken to protect your Personal Data:

  • Physical access control
    Details: No unauthorised access to our facilities.
    Concrete actions: Keys/magnetic chip cards.
  • Electronic access control
    Details: No unauthorised use of the Data processing and Data storage systems.
    Concrete actions:

    • Secure passwords
    • Automatic blocking/locking mechanisms
    • Two-factor authentication
    • Encryption of data carriers/storage media
  • Internal access control
    Details: No unauthorised reading, copying, changes or deletions of Personal Data within the system.
    Concrete actions:

    • Rights authorisation concept
    • Need-based rights of access
    • Logging of system access
  • Pseudonymization
    Details: The processing of Personal Data in such a method/way, that the data cannot be associated with a specific Data Subject without the assistance of additional Information, provided that this additional information is stored separately, and is subject to appropriate technical and organisational measures.
    Concrete actions: Pseudonymization.

The security of your Personal Data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Data Security — Availability and resilience

We take reasonable technical and organizational security measures that we deem appropriate in order to protect your stored data against manipulation, loss, or unauthorized third-party access. Our security measures are continually adapted to technological developments. We also take internal data privacy very seriously. Our employees and the service providers that we retain are required to maintain secrecy and to comply with applicable data protection legislation. In addition, they are granted access to personal data only insofar as this is necessary for them to carry out their respective tasks or mandate. Finally, we take all the steps reasonably necessary to ensure that no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your Personal Data. The following table of technical and organizational measures describes the steps we have taken to protect your Personal Data:

  • Availability control
    Details: Prevention of accidental or wilful destruction or loss.
    Concrete actions:

    • Backup Strategy (online/offline; on-site/off-site)
    • Uninterruptible Power Supply (UPS) Virus protection,
    • Firewall
    • Reporting procedures
    • Contingency planning
  • Contract control
    Details: No third-party data processing as per Article 28 GDPR without corresponding instructions from the Client.
    Concrete actions:

    • Clear and unambiguous contractual arrangements
    • Formalised Order Management
    • Strict controls on the selection of the Service Provider
    • Duty of pre-evaluation
    • Supervisory follow-up checks
  • Data Protection policies
    Details: The Processing of Personal Data in alignment with internal Policies by trained staff.
    Concrete actions:

    • Incident Response Management
    • Data Protection by Design and Default
    • Regular updates and trainings on data privacy

The security of your Personal Data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Data Protection Rights

You have the following data protection rights. We will respond to your request without undue delay, at the latest within one calendar month after receipt. Please note that we may ask you to verify your identity before responding to such requests.

  • Right to access
    You have a right to request a copy of the Personal Data held by us as a data controller, which we will provide to you in an electronic form.
  • Right to amendment
    You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.
  • Right to withdraw consent
    If you have provided your consent to the collection, processing and transfer of your Personal Data, you have the right to fully or partly withdraw your consent. This includes cases where you wish to opt out from marketing messages. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another Legal Basis for the processing. To stop receiving emails from us, please click on the “unsubscribe” link in the email you received from us or contact us at [email protected].
  • Right to erasure
    You have the right to request that we delete your Personal Data when it is no longer necessary for the Purposes for which it was collected, or when it was unlawfully processed.
  • Right to restriction of processing
    You have the right to request the restriction of our processing of your Personal Data where you believe it to be inaccurate, our processing is unlawful, or where we no longer need to process it for the initial Purpose, but where we are not able to delete it due to a legal obligation or because you do not want us to delete it.
  • Right to portability
    You have the right to request that we transmit your Personal Data to another data controller in a common format such as Excel, where this is data which you have provided to us and where we are processing it on the Legal Basis of your consent or in order to perform our contractual obligations (e.g. to provide our Services).
  • Right to object to processing
    Where the Legal Basis for our processing of your Personal Data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate Legal Basiss for the processing which override your interests, or if we need to continue to process the Data for the establishment, exercise or defense of a legal claim.
  • Right to lodge a complaint with a supervisory authority
    You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law.

    • In Switzerland: Federal Data Protection and Information Commissioner, Feldeggweg 1, CH-3003 Bern
    • In the European Union: State Data Protection Inspectorate, L. Sapiegos str. 17, 10312 Vilnius

Service Providers

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide the Service on our behalf, perform Service-related services or assist us in analysing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Functional Services Providers

  • Appsflyer
    Provided by: Appsflyer
    Function: We use Appsflyer to collect anonymous information regarding the installation of the App. We then use this information to analyze user interaction with the App and evaluate mobile ad campaigns. For this we use anonymous IDFAs, Android apps as well as anonymous IP and MAC addresses. For more information on Appsflyer, please read their Privacy Policy: https://www.appsflyer.com/services-privacy-policy
  • Airship
    Provided by: Airship Services Ltd
    Function: We use Airship in order to improve our App and detect bugs in our system. To that end, we process Usage Data. For more information, please refer to the Airship Privacy Policy: https://airship.co.uk/privacy-policy/
  • Amplitude
    Provided by: Amplitude Inc
    Function: We use Amplitude in order to improve our App and detect bugs in our system. To that end, we process Usage Data. To find out more about Amplitude, please access their Privacy Policy: https://amplitude.com/privacy
  • Crashlytics
    Provided by: Fabric Inc
    Function: Crashlytics collects Usage Data regarding system crashes and bugs. Device information (e.g. IP address, brand, manufacturer, model, type, operating system, carrier, location data, settings and language of the device) and app version may be analyzed along with the Usage Data. For more information on Crashlytics, please refer to their Privacy Policy: https://docs.fabric.io/android/fabric/data-privacy.html
  • IDenfy
    Provided by: UAB “Identifikaciniai projektai”,
    Function: denfy is a processor of personal data during the verification process. IDenfy scans the ID documents in order to verify the identity of the user and does PEP and Sanctions screening.
  • Segment
    Provided by: Segment.io Inc.
    Function: Segment links the anonymous IDs to merge information from the above apps. For more information on Segment, please visit their Privacy Policy: https://segment.com/docs/legal/privacy/
  • Splunk
    Provided by: Splunk Inc.
    Function: We use Splunk to monitor, manage and analyse logs and detect technical issues: https://www.splunk.com/en_us/legal/privacy/privacy-policy.html

Marketing Services Providers

  • MailChimp
    Provided by: The Rocket Science Group LLC
    Function: We use Mailchimp to manage email marketing subscriber lists and send emails to our subscribers. For more information on The Rocket Science Group, please read their Privacy Policy: https://mailchimp.com/legal/privacy/

Analytics Services Providers

  • Google Analytics
    Provided by: Google Inc.
    Function: Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en

Remarketing Services Providers

In the European Union

Your Personal Data may be processed by Sonect AG in Swizterland and thus may leave the European Union. This data transfer shall be based on a data sharing contract between the European Union and the Swiss entity of Sonect. With respect to Art. 45 GDPR, the European Commission has confirmed a suitable level of data protection for Switzerland, on the basis of an adequacy decision (2000/518/EC: Commission Decision of 26 July 2000). Swiss national laws provide a level of protection for personal data which is comparable to those of EU law.

Links to Other Sites

Our App may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Children’s Privacy

In the European Union:

Our App does not address anyone under the age of 18 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you via email and/or a prominent notice on our App, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy, but we encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us at:

SONECT AG
Dufourstrasse 47
8008 Zurich
Switzerland
[email protected]

In European Union:
SONECT Europe UAB
Vokiečių g. 28-16
LT-01130 Vilnius, Lithuania
[email protected]