PointsPay Privacy Notice
This is the privacy notice("Notice") of Loylogic Rewards FZE ("Loylogic", "we", "us", "our") in relation to the provision of all our consumer services and our website (www.pointspay.com, "the website") in connection with the PointsPay Program (together "the Services").This Notice sets out how we process personal information that you give to us, or that we may collect or otherwise process in the course of providing the Services to you.
1. Information About Us
1.1. Loylogic Rewards FZE whose registered address is Dubai Airport Freezone Authority, PO Box 293805, Dubai United Arab Emirates is the controller with respect to processing pursuant to this Notice and websites are owned and operated by it. For any questions you may have in relation with the processing of your personal data or when executing your data protection rights, you can contact us by email at: email@example.com.
1.2. Our EU representative for data related queries is Loylogic AG Latvia branch, registration number: 40103284489, legal address: Brivibas street 40-35, Riga, LV-1050. If you have any questions about how we handle data with respect to this Notice you can contact us by email at: firstname.lastname@example.org.
2. What This Notice Covers
This Privacy Notice applies to your use of our Services. The website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such website before providing any data to them.
3. What Data do we collect?
- personal details (e.g. name, date of birth, gender);
- contact information (e.g. telephone number, address details, country of residence, e-mail address);
- information on your use of PointsPay (e.g. your shopping behaviour, your payment behaviour and your use of points or cash portion, invoicing and reporting details);
- loyalty program account information (inc. user program profile details, loyalty program currency such as points/miles etc.);
- general payment information such as credit / debit card details;
- technical information (e.g. IP address, web browser type and version, operating system; list of URLs starting with a referring website, your activity on Our website, and the website you exit to).
3.2. Such data may also include sensitive data, i.e. data that requests higher protection. We will usually not process such information unless you give your prior consent thereto.
3.3. You are at no time obliged to provide us with your personal data. However, should you not wish to provide the information we ask you for you may not be able to use all of our Services.
4. How We Use your Data and legal basis of processing
4.1. When provisioning our Services we may use your data in order to:
- provide you with our Services (incl. payment card transactions within PointsPay Program);
- co-ordinate with your loyalty program provider(s) and PointsPay merchants;
- process transactions you have requested within a loyalty program;
- allow us to improve our services to you or to develop new services;
- authenticate your identity;
- personalising and tailoring your experience on our website;
- replying to emails from you;
- analysing your use of our website and gathering feedback to enable us to continually improve our website and your user experience;
- provide you with (direct) marketing materials by email, telephone, SMS and/or by post, but only where you have given us your permission to do so.
4.2. Our use of your personal data will only be processed on a lawful basis, either because it is necessary for the performance of a contract with you, because you have consented to our use of your personal data, or because it reflects a legal requirement or is necessary for legitimate interests.
4.3. When we base processing of your personal data on legitimate interest, this primarily refers to our interest to provide you with our Services and to run, monitor and improve our business activities (incl. cooperating with business partners).
4.4. If you apply for a Reward Card, your data will be transferred to Cornèr Banca SA. To learn more about Cornèr Banca SA and their data processing please see https://www.corner.ch/en/legal/privacy-notice/
5. Automated decision making (incl. profiling)
5.1. "Automated individual decision making" relates to decisions which are based solely on automated means and which result in negative legal effects or other similarly negative effects on you. We will inform you separately if we make automated individual decisions and provided that such information is required by law.
5.2. "Profiling" means a process by which personal data is processed automatically to evaluate, analyse or predict personal aspects, e.g. work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. We carry out profiling, e.g. when analysing purchasing behaviour, in the selection of job applicants, in the examination of contractual partners, etc.
We may process your personal data based on such processes, in particular in the context of our marketing activities or customer relationship management.
6.3. We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
- Analytical/performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. Our website uses analytics services provided by Google Analytics. you do not have to allow us to use these Cookies, as detailed below, however whilst our use of them does not pose any risk to your privacy or your safe use of our website, it does enable us to continually improve our website , making it a better and more useful experience for you. For more information on the use of Google Analytics, including how to opt out, visit Privacy Overview.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our website, the pages you have viewed and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
6.4. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our website.
6.5. Cookies are destroyed once they are no longer necessary for their purpose.
7. PointsPay Shopping Assistant
The PointsPay Shopping Assistant is a browser extension which helps you in your shopping journey on the PointsPay merchant network. If you choose to install the Shopping Assistant, an extension will be installed on your browser, which allows us to know the URLs of the websites you visit and, when you visit one of our merchants’ websites, display information about your PointsPay account and the value of paying with PointsPay, and to collect and spend points. You can uninstall the Shopping Assistant at any time with a right-click on the PointsPay Shopping Assistant icon in your browser or through your browser’s settings menu.
8. Google Analytics
8.3. We use Google Analytics to analyse and regularly improve the use of our website. Through the obtained statistics we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacy-shield.gov/EU-US-Framework
8.4. Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
- Privacy Notice: http://www.google.com/intl/de/analytics/learn/privacy.html,
- Privacy Notice: http://www.google.de/intl/de/policies/privacy.
9. How we share your data
9.1. We may co-ordinate with third parties in the provision of your selected Services to you (e.g. your loyalties program provider(s), PointsPay Merchants, payment service providers, financial institutions, and suppliers). These parties may process your personal data to supply services to you on our behalf as well as for their own purposes. In that case, these parties act as controllers, and you are invited to review their privacy notices to learn more about their processing.
9.2. We may also share your data with other companies in our group for the provision of some of the services, for example, payment processing as well as for their own purposes. This includes our holding company, Loylogic Holding AG, and its affiliates and subsidiaries.
9.3. In some cases, the third parties may require access to some or all of your data. Where any of your data is shared for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.
9.4. Third parties (including PointsPay Merchants and service providers) whose content appears on our website may use third party cookies, as detailed below in section 6 onwards. Please refer to section 6 for more information on controlling cookies.
9.5. We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Notice, be permitted to use that data only for the same purposes for which it was originally collected by is.
9.6. We may compile statistics about the use of our website including data on traffic, usage patterns, user numbers, sales, and other information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, analytics service providers and advertisers. Data will only be shared and used within the bounds of the law.
9.7. In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, where we are involved in legal proceedings, where we are complying with legal requirements, a court order, or a governmental authority.
9.8. In case that we share and transfer your personal data with third parties (incl. other group-companies) that are located outside of Switzerland and/or of the European Economic Area (“the EEA”) (e.g. United Arab Emirates or India) and we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be under the data protection law applicable to respective processing in Switzerland or within the EEA. In such cases, we will ensure data protection with standard contractual clauses for data transfers to third countries issued and approved by the EU Commission and/or the Federal Data Protection and Information Commissioner (FDPIC), as accordingly amended and adapted to local circumstances.
10. Data protection rights
10.1. According to the applicable law, you may have the right to:
- request access to your personal information.
- request correction of the personal information that we hold about you if it is inaccurate.
- request erasure of your personal information if there is no good reason for us continuing to process it.
- ask us to stop processing personal information (where we are relying on a legitimate interest) if you wish to object to processing on this ground.
- withdraw your consent to processing of your personal data.
- request the restriction of processing of your personal information.
- request the transfer of your personal information to another party.
- lodge a complaint with the competent data protection supervisory authority, in Switzerland with the FDPIC.
10.2. In particular, you may withdraw your consent in relation with direct marketing measures and request us to remove your information from our marketing database entirely by emailing, writing or calling us using at the contact details above. However, such withdrawal does not affect the lawfulness of former processing. Whenever we contact you for direct marketing communications (e.g. to send you an email newsletter which you have requested) you will normally find an email or other address at the bottom of the email, which you can use to tell us that you no longer wish to receive the newsletter or other communication in question.
10.3. Servicing emails sent to you are triggered automatically when you use the website, for example, when you make a purchase or if you add items to a wish list. If you do not wish to receive service triggered emails, you must request stop using the website and request deletion of your membership.
11.1. Securing your personal and non-personal information is very important to us and we take the necessary technical and organizational measures in order to ensure an adequate level of data protection appropriate to the risk that is related to a respective processing. In particular, all customer databases are held in a secure environment and (except for law enforcement authorities in limited circumstances), only our employees or other persons who need access to your information in order to perform their duties are allowed such access.
11.2. Where you are using our website, we attempt to provide for the secure transmission of your information from your computer to our servers by utilising encryption software. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us will be free from unauthorised access by third parties, such as hackers.
11.3. Our website utilise SSL certificate-based encryption on pages where secure information is transmitted over the Internet. All critical information is encrypted using AES 256 algorithm and stored.
12. How long we store your personal data
We do not keep your personal data for any longer than is necessary in light of the reason(s) it has been collected. We moreover retain personal data as long as we have a legitimate interest in the storage, e.g. if we need personal data for the enforcement of or the defence against claims, for archiving purposes and for guaranteeing IT security. We also retain your personal data as long as you do not withdraw your consent and it is subject to a legal retention obligation.
13. Privacy Notice Updates
We may change this Privacy and Cookies Notice from time to time as we add new products and apps, as we improve our current offerings, and as technologies and laws change. Any changes will become effective upon our posting of the revised Privacy & Cookies Notice on our affected website. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. Moreover, this notice will be provided by email or by posting notice of the changes consistent with applicable laws.
14. Website Owner
The entire contents of Loylogic website are owned by Loylogic and protected by copyright (all rights reserved). The downloading or printing of individual pages or passages from the website is only permitted if neither a copyright notice nor any other legally protected titles are removed. If you download data from the Loylogic website or reproduce it in any other way, all proprietary rights remain with Loylogic. The (complete or partial) reproduction, transmission (electronically or by other means), modification, linking or usage of the Loylogic website for public or commercial purposes is forbidden without the prior written agreement of Loylogic.
Last updated: 23rd September, 2020