PointsPay Privacy Notice

1.1. Loylogic Rewards FZE whose registered address is Dubai Airport Freezone Authority, PO Box 293805, Dubai United Arab Emirates is the controller with respect to processing pursuant to this Notice and websites are owned and operated by it. For any questions you may have in relation with the processing of your personal data or when executing your data protection rights, you can contact us by email at: support@pointspay.com.

1.2. Our EU representative for data related queries is Loylogic AG Latvia branch, registration number: 40103284489, legal address: Brivibas street 40-35, Riga, LV-1050. If you have any questions about how we handle data with respect to this Notice you can contact us by email at: privacy@loylogic.com.

This Privacy Notice applies to your use of our Services. The website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such website before providing any data to them.

3.1. Depending upon your use of our Services, we may collect some or all of the following personal and non-personal data (please also see section 6 on our use of Cookies and similar technologies):

• personal details (e.g. name, date of birth, gender);
• contact information (e.g. telephone number, address details, country of residence, e-mail address);
• information on your use of PointsPay (e.g. your shopping behaviour, your payment behaviour and your use of points or cash portion, invoicing and reporting details);

• loyalty program account information (inc. user program profile details, loyalty program currency such as points/miles etc.);
• general payment information such as credit / debit card details;
• technical information (e.g. IP address, web browser type and version, operating system; list of URLs starting with a referring website, your activity on Our website, and the website you exit to).

3.2. Such data may also include sensitive data, i.e. data that requests higher protection. We will usually not process such information unless you give your prior consent thereto.

3.3. You are at no time obliged to provide us with your personal data. However, should you not wish to provide the information we ask you for you may not be able to use all of our Services.

4.1. When provisioning our Services we may use your data in order to:

• provide you with our Services (incl. payment card transactions within PointsPay Program);
• co-ordinate with your loyalty program provider(s) and PointsPay merchants;
• process transactions you have requested within a loyalty program;
• allow us to improve our services to you or to develop new services;
• authenticate your identity;
• personalising and tailoring your experience on our website;
• replying to emails from you;
• analysing your use of our website and gathering feedback to enable us to continually improve our website and your user experience;
• provide you with (direct) marketing materials by email, telephone, SMS and/or by post, but only where you have given us your permission to do so.

4.2. Our use of your personal data will only be processed on a lawful basis, either because it is necessary for the performance of a contract with you, because you have consented to our use of your personal data, or because it reflects a legal requirement or is necessary for legitimate interests.

4.3. When we base processing of your personal data on legitimate interest, this primarily refers to our interest to provide you with our Services and to run, monitor and improve our business activities (incl. cooperating with business partners).

4.4. If you apply for a Reward Card, your data will be transferred to Cornèr Banca SA. To learn more about Cornèr Banca SA and their data processing please see https://www.corner.ch/en/legal/privacy-notice/

5.1. "Automated individual decision making" relates to decisions which are based solely on automated means and which result in negative legal effects or other similarly negative effects on you. We will inform you separately if we make automated individual decisions and provided that such information is required by law.

5.2. "Profiling" means a process by which personal data is processed automatically to evaluate, analyse or predict personal aspects, e.g. work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. We carry out profiling, e.g. when analysing purchasing behaviour, in the selection of job applicants, in the examination of contractual partners, etc.

We may process your personal data based on such processes, in particular in the context of our marketing activities or customer relationship management.

6.1. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive. Our website use cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.

6.2. Before cookies are placed on your computer or device, you will be shown a pop-up requesting your consent to set those cookies. By continuing to browse our website, you are agreeing to our use of cookies.

6.3. We use the following cookies:

• Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
• Analytical/performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. Our website uses analytics services provided by Google Analytics. you do not have to allow us to use these Cookies, as detailed below, however whilst our use of them does not pose any risk to your privacy or your safe use of our website, it does enable us to continually improve our website , making it a better and more useful experience for you. For more information on the use of Google Analytics, including how to opt out, visit Privacy Overview.
• Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
• Targeting cookies. These cookies record your visit to our website, the pages you have viewed and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

6.4. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our website.

6.5. Cookies are destroyed once they are no longer necessary for their purpose.

6.6. Our website may contain links to third party website some of which may also use cookies. This Notice does not cover third party website which will be subject to their own privacy and cookies policies. We do not have access to or control over cookies or other features used by such website. Please contact them directly for more information about their privacy practices.

The PointsPay Shopping Assistant is a browser extension which helps you in your shopping journey on the PointsPay merchant network. If you choose to install the Shopping Assistant, an extension will be installed on your browser, which allows us to know the URLs of the websites you visit and, when you visit one of our merchants’ websites, display information about your PointsPay account and the value of paying with PointsPay, and to collect and spend points. You can uninstall the Shopping Assistant at any time with a right-click on the PointsPay Shopping Assistant icon in your browser or through your browser’s settings menu.

8.1. This website uses Google Analytics, a web analysis service of Google Inc. and Google LLC ("Google"). Google uses Cookies and other technologies to collect and analyze information about the use of this website and in order to provide services to us. Google may collect data about your browser, your provider, visited pages and duration of visits, your IP address etc. The information generated about your use of this website is usually transferred to a Google server in the USA and stored there. Google is subject to the Swiss-US and EU-US Privacy Shield ensuring appropriate data protection. However, as IP anonymisation is activated on this website, Google will shorten your IP address within the European Union or European Economic Area beforehand. In exceptional cases the full IP address will be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide the website operator with further services associated with website and Internet use.

8.2. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

8.3. We use Google Analytics to analyse and regularly improve the use of our website. Through the obtained statistics we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacy-shield.gov/EU-US-Framework

8.4. Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

• Terms of Use: http://www.google.com/analytics/terms/de.html,
• Privacy Notice: http://www.google.com/intl/de/analytics/learn/privacy.html,
• Privacy Notice: http://www.google.de/intl/de/policies/privacy.

9.1. We may co-ordinate with third parties in the provision of your selected Services to you (e.g. your loyalties program provider(s), PointsPay Merchants, payment service providers, financial institutions, and suppliers). These parties may process your personal data to supply services to you on our behalf as well as for their own purposes. In that case, these parties act as controllers, and you are invited to review their privacy notices to learn more about their processing.

9.2. We may also share your data with other companies in our group for the provision of some of the services, for example, payment processing as well as for their own purposes. This includes our holding company, Loylogic Holding AG, and its affiliates and subsidiaries.

9.3. In some cases, the third parties may require access to some or all of your data. Where any of your data is shared for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.

9.4. Third parties (including PointsPay Merchants and service providers) whose content appears on our website may use third party cookies, as detailed below in section 6 onwards. Please refer to section 6 for more information on controlling cookies.

9.5. We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Notice, be permitted to use that data only for the same purposes for which it was originally collected by is.

9.6. We may compile statistics about the use of our website including data on traffic, usage patterns, user numbers, sales, and other information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, analytics service providers and advertisers. Data will only be shared and used within the bounds of the law.

9.7. In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, where we are involved in legal proceedings, where we are complying with legal requirements, a court order, or a governmental authority.

9.8. In case that we share and transfer your personal data with third parties (incl. other group-companies) that are located outside of Switzerland and/or of the European Economic Area (“the EEA”) (e.g. United Arab Emirates or India) and we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be under the data protection law applicable to respective processing in Switzerland or within the EEA. In such cases, we will ensure data protection with standard contractual clauses for data transfers to third countries issued and approved by the EU Commission and/or the Federal Data Protection and Information Commissioner (FDPIC), as accordingly amended and adapted to local circumstances.

10.1. According to the applicable law, you may have the right to:

• request access to your personal information.
• request correction of the personal information that we hold about you if it is inaccurate.
• request erasure of your personal information if there is no good reason for us continuing to process it.
• ask us to stop processing personal information (where we are relying on a legitimate interest) if you wish to object to processing on this ground.
• withdraw your consent to processing of your personal data.
• request the restriction of processing of your personal information.
• request the transfer of your personal information to another party.
• lodge a complaint with the competent data protection supervisory authority, in Switzerland with the FDPIC.

10.2. In particular, you may withdraw your consent in relation with direct marketing measures and request us to remove your information from our marketing database entirely by emailing, writing or calling us using at the contact details above. However, such withdrawal does not affect the lawfulness of former processing. Whenever we contact you for direct marketing communications (e.g. to send you an email newsletter which you have requested) you will normally find an email or other address at the bottom of the email, which you can use to tell us that you no longer wish to receive the newsletter or other communication in question.

10.3. Servicing emails sent to you are triggered automatically when you use the website, for example, when you make a purchase or if you add items to a wish list. If you do not wish to receive service triggered emails, you must request stop using the website and request deletion of your membership.

11.1. Securing your personal and non-personal information is very important to us and we take the necessary technical and organizational measures in order to ensure an adequate level of data protection appropriate to the risk that is related to a respective processing. In particular, all customer databases are held in a secure environment and (except for law enforcement authorities in limited circumstances), only our employees or other persons who need access to your information in order to perform their duties are allowed such access.

11.2. Where you are using our website, we attempt to provide for the secure transmission of your information from your computer to our servers by utilising encryption software. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us will be free from unauthorised access by third parties, such as hackers.

11.3. Our website utilise SSL certificate-based encryption on pages where secure information is transmitted over the Internet. All critical information is encrypted using AES 256 algorithm and stored.

We do not keep your personal data for any longer than is necessary in light of the reason(s) it has been collected. We moreover retain personal data as long as we have a legitimate interest in the storage, e.g. if we need personal data for the enforcement of or the defence against claims, for archiving purposes and for guaranteeing IT security. We also retain your personal data as long as you do not withdraw your consent and it is subject to a legal retention obligation.

We may change this Privacy and Cookies Notice from time to time as we add new products and apps, as we improve our current offerings, and as technologies and laws change. Any changes will become effective upon our posting of the revised Privacy & Cookies Notice on our affected website. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. Moreover, this notice will be provided by email or by posting notice of the changes consistent with applicable laws.

The entire contents of Loylogic website are owned by Loylogic and protected by copyright (all rights reserved). The downloading or printing of individual pages or passages from the website is only permitted if neither a copyright notice nor any other legally protected titles are removed. If you download data from the Loylogic website or reproduce it in any other way, all proprietary rights remain with Loylogic. The (complete or partial) reproduction, transmission (electronically or by other means), modification, linking or usage of the Loylogic website for public or commercial purposes is forbidden without the prior written agreement of Loylogic.

Last updated: 23^rd September, 2020