Website Privacy Policy
Website Privacy Policy V 1.3. 2026 June 1 Effective date: 2026 June 1
This Website Privacy Policy explains how SONECT AG, Seefeldstrasse 283, 8008 Zurich, Switzerland, and, where the website is used for EU/EEA customer acquisition, service onboarding or regulated EMI-related communications, UAB SONECT Europe, A. Goštauto g. 8-227, LT-01108 Vilnius, Lithuania, process personal data collected through www.sonect.net.
- SONECT AG is the controller for general website operation and Swiss-market communications.
- UAB SONECT Europe is the controller for EU/EEA regulated EMI-related enquiries, onboarding communications and communications concerning services provided under its Lithuanian electronic money institution licence.
Where both entities jointly determine a processing purpose, they act as joint controllers and the data subject may exercise rights against either entity.
1 Definitions
Personal Data | Personal Data means data about a identified or identifiable living individual who can be identified directly or indirectly by reference to an identifier (or from those and other information either in our possession or likely to come into our possession). |
Data Subject (or User) | Data Subject is any living individual who is using our Website and is the subject of Personal Data. |
Data Controller | Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data. |
Data Processor (or Service Provider) | Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively. |
2 Personal Data We Collect
We collect the following types of Personal Data when you browse our Website.
Contact Details | First and last name Email address |
Usage Data | This Usage Data is sent by your browser whenever you visit our Website and may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When you access the Website with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data. |
Location Data | We may use and store information about your location if you give us permission to do so. We use Location Data to provide features of our Service, to improve and customise our Service. You can enable or disable location services when you use our Service at any time by adjusting your device settings. |
Tracking and Cookies Data | We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information. Please refer to our Cookie Policy for an overview of the cookies that we use. |
3 How We Collect Personal Data
We collect information about you when you use our Website, including browsing and taking certain actions within it.
Means of collection | Explanation | Personal Data collected |
Your use of the Website | We keep track of certain information about you when you visit and interact with our Website. | This information includes the Usage Data (as defined above in the Section “Personal Data We Collect”). |
Device and connection information | We collect information about your computer, phone, tablet, or other devices you use to access the Website. | This information includes the Location Data and Usage Data (as defined above in the Section “Personal Data We Collect”). How much of this information we collect depends on the type and settings of the device you use to access the Website. |
Cookies and other tracking technologies | We and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Services and devices. | This information includes the Tracking and Cookies Data (as defined above in the Section “Personal Data We Collect”). For more information, please refer to our Cookie Policy. |
Other users of the Website | Other users of our Website may provide information about you when they submit content through the contact form. | This information includes the Contact Details (as defined above in the Section “Personal Data We Collect”). For example, you may be mentioned in technical support issue opened by someone else. We also receive your email address from other Service users when they provide it in order to invite you to register as a SONECT Shop.
|
Other partners | We receive information about you and your activities on and off the Website from third-party partners, such as advertising and market research partners who provide us with information about your interest in and engagement with, our Services and online advertisements. | This information includes the Usage Data and Tracking and Cookies Data (as defined above in the Section “Personal Data We Collect”). For more information, please refer to the Section “Service Providers”.
|
4 Legal Basis and Purposes
We process website personal data only for the specific purposes described below. For EU/EEA users, the table identifies the applicable GDPR legal basis. For Swiss users, the table identifies the processing justification and transparency position under the Swiss Federal Act on Data Protection
Processing activities, data, purposes and recipients
Activity | Personal data | Purpose | Recipients / categories of recipients |
Website browsing and security | IP address, browser type, device data, log data, time and date of visit, pages viewed | To operate the website, maintain availability, prevent abuse and investigate security incidents | Hosting provider, IT/security providers, SONECT AG and UAB SONECT Europe where the visit or enquiry relates to EU/EEA regulated EMI communications |
Contact forms and general enquiries | Name, email address, company, role, message content and related correspondence | To respond to the enquiry | Email/CRM providers, relevant SONECT AG or UAB SONECT Europe staff, IT providers |
Bank, merchant and partner enquiries | Name, business contact details, company, role, message content, due diligence context where provided | To assess and respond to partnership, merchant or banking enquiries | CRM/email providers, internal business, legal, compliance and onboarding teams, SONECT AG and UAB SONECT Europe where the enquiry concerns EU/EEA regulated EMI services |
Newsletter and direct marketing emails | Email address, name, subscription status, consent record, unsubscribe record | To send marketing communications and manage opt-outs | Email marketing provider, CRM provider, internal marketing staff |
Essential cookies | Cookie identifiers and technical website-session data | To provide essential website functionality and security | Hosting provider, consent-management provider, IT providers |
Analytics cookies and analytics tags | Cookie IDs, device data, usage events, page views, referral data | To measure website use and improve website performance | Google Analytics 4 or other analytics provider listed in the Cookie Policy, consent-management provider, IT providers |
Advertising, remarketing and social-media pixels | Cookie IDs, pixels, ad identifiers, page events, campaign data | To measure advertising performance and conduct remarketing | Meta, Google Ads, TikTok, LinkedIn or other advertising providers listed in the Cookie Policy, consent-management provider |
Embedded third-party content | IP address, device/browser data, cookie IDs or similar identifiers where the embedded provider sets them | To display embedded content such as videos or maps | YouTube/Google or other embedded-content providers listed in the Cookie Policy |
Legal claims and regulatory requests | Relevant website enquiry data, correspondence, logs and records | To establish, exercise or defend legal claims, respond to lawful authority requests and comply with applicable legal obligations | Courts, regulators, law enforcement authorities, external counsel, auditors, SONECT AG and UAB SONECT Europe where the matter concerns EU/EEA regulated EMI services |
Legal bases, Swiss FADP position and retention
Activity | EU GDPR legal basis | Swiss FADP position | Retention |
Website browsing and security | Art. 6(1)(f) GDPR: legitimate interest in secure website operation | Permitted where transparent, proportionate and necessary for secure website operation | 12 months, unless needed longer for a security investigation, legal claim or lawful regulatory request |
Contact forms and general enquiries | Art. 6(1)(f) GDPR for B2B/general enquiries. Art. 6(1)(b) GDPR applies only where the individual requests pre-contractual steps in their own name | Permitted where the individual voluntarily submits the enquiry and processing is limited to responding to it | 24 months after last interaction |
Bank, merchant and partner enquiries | Art. 6(1)(f) GDPR: legitimate interest in business development and partner assessment. Art. 6(1)(c) GDPR applies only where a specific legal or regulatory recordkeeping obligation is triggered | Permitted where transparent and proportionate to the enquiry. Compliance-related processing applies only once onboarding, regulated-service or legal-obligation triggers arise | 36 months after last interaction, unless a contract or regulated onboarding process begins |
Newsletter and direct marketing emails | Art. 6(1)(a) GDPR: consent | Consent-based processing | Until unsubscribe or withdrawal, plus 3 years for suppression records |
Essential cookies | Art. 6(1)(f) GDPR for related personal data processing. Cookie consent is not required where the cookie is strictly necessary | Permitted where limited to essential functionality and security | As listed in the Cookie Policy |
Analytics cookies and analytics tags | Art. 6(1)(a) GDPR: consent, where non-essential cookies or similar tracking are used | Consent-based processing for non-essential analytics tracking | Maximum 26 months unless aggregated or anonymised earlier |
Advertising, remarketing and social-media pixels | Art. 6(1)(a) GDPR: consent | Consent-based processing where tracking, profiling or cross-site advertising is involved | As listed in the Cookie Policy |
Embedded third-party content | Art. 6(1)(a) GDPR where non-essential cookies or tracking are used | Consent-based processing where embedded content sets non-essential cookies or enables tracking | As listed in the Cookie Policy |
Legal claims and regulatory requests | Art. 6(1)(c) GDPR where a legal obligation applies. Art. 6(1)(f) GDPR for legal claims and defence | Permitted where required by law or necessary to protect legal rights | For the legally required period or until the claim/request is resolved, then deleted or archived according to the retention schedule |
5 Data Retention
“We retain website personal data for the periods listed in Section 4. Where a longer retention period is required by law, regulatory obligation, security investigation or legal claim, we retain only the data necessary for that purpose and delete or anonymise it when the purpose no longer applies.
6 Storage and Data Transfers
We store website personal data in Switzerland and the EEA. Switzerland is recognised by the European Commission as providing an adequate level of data protection. Where we transfer personal data to countries without an adequacy decision, including the United States where relevant service providers are used, we rely on the EU Standard Contractual Clauses, the Swiss-recognised standard contractual clauses, the EU-U.S. Data Privacy Framework or the Swiss-U.S. Data Privacy Framework where the recipient is validly certified, plus transfer risk assessments and supplementary measures where required. A copy or summary of the applicable safeguards is available on request.
7 Data Disclosure
We may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation (i.e., if required by law or in response to valid requests by public authorities, such as a court or government agency);
- To protect and defend our rights or property;
- To prevent or investigate possible wrongdoing in connection with the Website;
- To protect the safety of Website visitors or the public;
- To establish, exercise or defend legal claims.
If we are involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.
8 Data Security
The security of your Personal Data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. We take reasonable technical and organizational security measures that we deem appropriate in order to protect your stored data against manipulation, loss, or unauthorized third-party access. Our security measures are continually adapted to technological developments. We also take internal data privacy very seriously. Our employees and the service providers that we retain are required to maintain secrecy and to comply with applicable data protection legislation. In addition, they are granted access to personal data only insofar as this is necessary for them to carry out their respective tasks or mandate. Finally, we take all the steps reasonably necessary to ensure that no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Data.
9 Data Protection Rights
You have certain data protection rights. We will respond to your request without undue delay, at the latest within one calendar month after receipt. Please note that we may ask you to verify your identity before responding to such requests.
Right to get familiar with your Personal Data and how it is processed | You have the right to know about processing of your Personal Data as well as to have the access to your Personal Data and processing. Your right to access may, however, be restricted by legislation, protection of other persons’ privacy and consideration for the Company’s business concept and business practices. The Company’s know-how, business secrets as well as internal assessments and material may restrict your right of access. |
Right to obtain a copy of your personal data | You have a right to request a copy of the Personal Data held by us as a data controller, which we will provide to you in an electronic form, except in the cases when the provision of such data may affect and harm rights and freedoms of others. |
Right to amendment | You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you. |
Right to withdraw consent | If you have provided your consent to the collection, processing and transfer of your Personal Data, you have the right to fully or partly withdraw your consent. This includes cases where you wish to opt out from marketing messages. However, such consent withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another Legal Basis for the processing. To stop receiving emails from us, please click on the “unsubscribe” link in the email you received from us or contact us at [email protected]. |
Right to erasure | You have the right to request that we delete your Personal Data when it is no longer necessary for the Purposes for which it was collected, or when it was unlawfully processed, however, in certain cases we may not be able to erase all of your Personal Data, due to the fact that we need to store your Personal Data due to a contractual relationship or law. |
Right to restriction of processing | You have the right to request the restriction of our processing of your Personal Data where you believe it to be inaccurate, our processing is unlawful, or where we no longer need to process it for the initial Purpose, but where we are not able to delete it due to a legal obligation or because you do not want us to delete it. It can also pertain to a situation where you object to processing that we base on a legitimate interest. In such case we must verify if our grounds override yours. |
Right to portability | You have the right to request that we transmit your Personal Data to another data controller in a common format such as Excel, where this is data which you have provided to us and where we are processing it on the Legal Basis of your consent or in order to perform our contractual obligations (e.g. to provide our Services). |
Right to object to processing | Where the Legal Basis for our processing of your Personal Data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate Legal Basis for the processing which override your interests, or if we need to continue to process the Data for the establishment, exercise or defense of a legal claim. |
Right to lodge a complaint with a supervisory authority | You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. In Switzerland: Federal Data Protection and Information Commissioner, Feldeggweg 1, CH-3003 Bern In Lithuania: State Data Protection Inspectorate, L. Sapiegos str. 17, 10312 Vilnius |
10 Service Providers
We may employ third party companies and individuals to facilitate the operation of our Website (“Service Providers”), provide the Website on our behalf, perform Website-related services or assist us in analysing how our Website is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
App | Provided by | Function |
Functional Services Providers | ||
Airship | Airship Services Ltd | We use Airship in order to improve our Website and detect bugs in our system. To that end, we process Usage Data. For more information, please refer to the Airship Privacy Policy: https://airship.co.uk/privacy- policy/ |
Mixpanel | Mixpanel Inc. | We use Mixpanel to analyze how visitors interact with our website and to support troubleshooting, performance and stability improvements. To that end, we process Usage Data. For more information, please access their privacy policy: https://mixpanel.com/legal/privacy-policy/ |
Segment | Segment.io Inc. | Segment links the anonymous IDs to merge information from the above apps. For more information on Segment, please visit their Privacy Policy: https://segment.com/docs/legal/privacy/ |
Marketing Services Providers | ||
MailChim | The Rocket Science Group LLC | We use Mailchimp to manage email marketing subscriber lists and send emails to our subscribers. For more information on The Rocket Science Group, please read their Privacy Policy: https://mailchimp.com/legal/privacy/ |
Analytics Services Providers | ||
Google Analytics | Google Inc. | Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en |
Remarketing Services Providers | ||
Google Adwords | Google Inc. | You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/adsGoogle also recommends installing the Google Analytics Opt-out Browser Add-on — https://tools.google.com/dlpage/gaoptout — for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics. For more information on Google’s privacy practices, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en |
Meta Platforms Ireland Limited | You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/247395082112892/?helpref= uf_share. To opt-out from Facebook’s interest-based ads, follow these instructions: https://www.facebook.com/help/568137493302217. Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings. For more information on Facebook’s privacy practices, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation. | |
11 Links to Other Sites
Our Website may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
12 Children’s Privacy
In the European Union the age limit to use the Sonect App is 18. Because of this, also our Website does not address anyone under the age of 18 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
13 Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you via email and/or a prominent notice on our Website, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy, but we encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
14 Cookies
We use cookies and other similar technologies to ensure the stable operations of our website, in order to adapt its content to your needs, to improve the features of our website and to manage advertising campaign based on the interests of our website audience. For more information regarding cookies and similar technologies, including cookie categories, providers, purposes, expiry periods and consent options, please read our Cookie Policy.
15 Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at: [email protected].
For general website operation and Swiss-market communications, the controller is SONECT AG, Seefeldstrasse 283, 8008 Zurich, Switzerland.
For EU/EEA regulated EMI-related enquiries, onboarding communications and communications concerning services provided under the Lithuanian electronic money institution licence, the controller is UAB SONECT Europe, A. Goštauto g. 8-227, LT-01108 Vilnius, Lithuania.
You may exercise your data protection rights against either SONECT AG or UAB SONECT Europe where both entities jointly determine the relevant processing purpose.
16 Data Protection Officer
Our Data Protection Officer or privacy contact monitors compliance with applicable data protection requirements and handles requests concerning the processing of personal data by SONECT AG and UAB SONECT Europe. You may contact the Data Protection Officer or privacy contact regarding all issues relating to the processing of your personal data and the exercise of your data protection rights by sending an email to: [email protected]