Privacy policy of PayGreen AG

1. Person responsible / data protection officer / representative

PayGreen AG, Alte Steinhauserstrasse 1, 6330 Cham, is responsible for the data processing we describe here, unless otherwise stated in individual cases. If you have any data protection concerns, you can send them to us at the following contact address: contact@paygreen.ch
​

2. Collection and processing of personal data

We primarily process the personal data that we receive from our customers and other business partners in the course of our business relationship with them and other persons involved in it, that we collect in the operation of our website, from merchants and partners of PayGreen and from third parties (e.g. external credit agencies).
​

Contract preparation and execution

For the purpose of contract fulfillment, PayGreen collects and processes the following data concerning you: First and last name, date of birth, title, gender, residential and delivery address, telephone numbers, email address, credit card information, information about your financial circumstances, IP address, device ID and all information on the merchant invoice (esp. purchase amount and product category) and information about your purchasing and payment behavior and creditworthiness. 
 

Visiting our website

When you visit our website, depending on the offer and functionality, we process data such as log data, for websites, e.g. information about the time of access to our websites, the duration of the visit and the pages accessed.
PayGreen collects your personal data as soon as they are provided voluntarily, such as when registering for the newsletter or filling out the contact form. This data may be used for our own advertising purposes, but may not be passed on to third parties. Unsubscribing is possible at any time.
 

3. Purposes of data processing and legal basis

We use the personal data we collect primarily to enter into and process our contracts with our customers and business partners, such as, in particular, in the context of the provision of payment services and sustainability assessment with our customers and the purchase of products and services from our suppliers and subcontractors, as well as to comply with our legal obligations at home and abroad. Personal data is processed for the following purposes:
 

1. Communication with you

2. Conclusion/processing of contracts with you 

3. Identity and credit checks (this may include obtaining third party assessments, such as credit reporting agencies), 

4. Marketing (e.g. mailings with unsubscribe link/option, occasions), relationship management

5. Market analysis, planning, product & service development, R&D.

6. Compliance (adherence to laws, industry standards, directives, etc.)

7. Training, instruction, continuing education

8. Tort and fraud prevention

9. Website: IT security, improvement of the user experience and its functions, and to personalize the content offered. This is controlled via so-called cookies. You can adjust your consent to this at any time via your browser settings.
    

Insofar as you have given us consent to process your personal data for certain purposes (for example, when you register to receive newsletters, to provide a payment service or to carry out a background check), we process your personal data within the scope of and based on this consent, insofar as we have no other legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.
 

4. Data transfer and data transmission abroad

Your personal data will be passed on to the transport company commissioned with the delivery or the corresponding financial service provider as part of the contract processing, insofar as this is necessary for the delivery or payment of the goods.
 

• External service providers of ours (such as banks, insurance companies), including order processors (such as IT and cloud providers, credit agencies, debt collection);

• Dealers, suppliers, subcontractors and other business partners;

• domestic and foreign authorities, government agencies or courts;

• Other parties to potential or actual legal proceedings;
   

These recipients are partly domestic, but can be anywhere on the planet. In particular, you must be familiar with the transfer of your data to other countries in Europe and the United States, where the service providers we use are located (such as Microsoft, Google, Amazon, Wix). Some of these countries may not have laws that protect your personal data to the same extent as Switzerland or the EEA. If we transfer your personal data to such a third country, we will ensure the protection of your personal data in an appropriate manner. This is done, among other things, by concluding data transfer agreements - so-called standard contractual clauses issued or recognized by the European Commission and/or the Swiss Federal Data Protection and Information Commissioner (FDPIC) - with the recipients of your personal data in third countries that ensure the required level of data protection.
 

5. Duration of the retention of personal data

We process and store your personal data as long as it is necessary for the purpose for which it was collected or if it is subject to a statutory retention period. For example, a retention period of 10 years applies to most documents. Finally, we store personal data when we have a legitimate interest in storing it, e.g. when statutes of limitations are running, for credit checks, when we need personal data to enforce or defend against claims, as well as for archiving purposes and to ensure IT security. As soon as this purpose is no longer given, this personal data is deleted or anonymized.

​

6. Data security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, encryption of data carriers and transmissions, pseudonymization, controls.
 

7. Obligation to provide personal data

In principle, you are not obliged to provide us with your personal data. Without this data, we will generally not be able to conclude a contract with you (or the entity or person you represent) or to process it. In the context of our business relationship, you must provide such personal data as is necessary for the establishment and performance of a business relationship and the fulfillment of the related contractual obligations (you generally do not have a legal obligation to provide us with data). Also, the website cannot be used if certain information to ensure data traffic (such as IP address) is not disclosed.

​

8. Profiling and automated decision making

We may process your data to create profiles, e.g. for analysis, evaluation and decision-making. Such processing serves us and our partners for fraud prevention and risk management. We also use profiles to provide you with individualized advice and personalized offers. You can object to the processing of your data for advertising purposes at any time (see section 9). If we make automated individual decisions, these are usually necessary for the conclusion or fulfillment of a contractual relationship or are based on your consent. We will inform you about such decisions to the extent required by law.

​

9. Rights of the data subject

Every data subject has certain rights under the data protection law applicable to him or her, in particular the following rights:
 

• the right of access;

• the right to rectification;

• the right to erasure;

• the right to restriction of processing;

• the right to object to the further processing of their personal data; and

• The right to portability of certain personal data.
   

In addition, you have the right to lodge a complaint with a competent Data Protection Supervisory Authority, in Switzerland with the Federal Data Protection and Information Commissioner (FDPIC).
 

You can revoke your consent to the processing of your personal data at any time. Please note that a revocation is only effective for the future. Processing that took place before the revocation is not affected. Consents granted for other reasons, e.g. due to legal regulations, remain unaffected by this. The revocation of your consent should generally be made by e-mail to contact@paygreen.ch or by signed letter to us. A confirmation will be sent to you.

​

10. Changes

This Privacy Policy may be amended over time as we change our data processing practices or new laws become effective. The currently valid privacy policy can be viewed at www.paygreen.ch/datenschutzerklaerung/. We will notify our active customers in an appropriate manner (in writing or electronically, e.g., by email) when an amended Privacy Policy becomes effective.