famido logo

Privacy policy

1. Privacy policy

This privacy policy informs you about the nature, scope and purpose of the collection and use of personal data on our website cashyou.ch (hereinafter referred to as the "Website") by GENEXT AG (hereinafter referred to as "we" or "us") and provides information about the rights to which you are entitled. These rights are governed by applicable data protection laws.

2. Data Controller

The responsible body within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR) and contact person for data protection concerns is:

GENEXT AG Marco Bruderer 9000 St.Gallen Email: info@cashyou.ch Website: https://cashyou.ch/

3. General Notice

Based on Article 13 of the Swiss Federal Constitution and the federal data protection regulations (Data Protection Act, FADP), every person has the right to their privacy and protection against misuse of their personal data. The operators of this site take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

In cooperation with our hosting providers, we strive to protect the database as much as possible from unauthorized access, loss, misuse or forgery.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) may have security gaps. It is not possible to completely protect the data from access by third parties.

By using this website, you agree to the collection, processing and use of data as described below. In principle, this website can be visited without registration. Data such as pages accessed or names of the file accessed, date and time are stored on the server for statistical purposes, without this data being directly related to your person. Personal data, in particular name, address or e-mail address, are collected on a voluntary basis as far as possible. Without your consent, the data will not be passed on to third parties.

4. General information

The cashyou app is an online portal operated by GENEXT AG (hereinafter referred to as "Genext" or "cashyou").

The use of the cashyou app and the benefits listed on it is based on this privacy policy, which is deemed to have been accepted upon registration. The version of the privacy policy published on https://www.cashyou.ch/data-protection is authoritative in each case.

This data protection declaration exclusively regulates the contractual relationship between cashyou and the users of the online portal in the above sense. Conflicting contractual terms and conditions of the customer or deviating from this data protection declaration will not be recognized, unless cashyou has expressly agreed to them in writing in the individual case.

5. Personal

Personal data is all information that relates to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and processes used, in particular the storage, disclosure, procurement, deletion, storage, alteration, destruction and use of personal data. We process personal data in accordance with Swiss data protection law. In addition, we process personal data – to the extent and to the extent that the EU GDPR is applicable – in accordance with the following legal bases in connection with Art. 6 (1) GDPR:

• lit. a) Processing of personal data with the consent of the data subject.

• lit. b) Processing of personal data for the performance of a contract with the data subject and for the implementation of appropriate pre-contractual measures.

• lit. c) Processing of personal data to comply with a legal obligation to which we are subject under any applicable EU law or under any applicable law of a country in which the GDPR is applicable in whole or in part.

• lit. d) Processing of personal data in order to protect the vital interests of the data subject or of another natural person.

• lit. f) Processing of personal data in order to protect the legitimate interests of us or of third parties, unless the fundamental freedoms and fundamental rights as well as the interests of the data subject prevail. Legitimate interests are, in particular, our business interest in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law. We process personal data for the duration necessary for the respective purpose or purposes. In the event of longer retention obligations due to legal and other obligations to which we are subject, we will restrict processing accordingly.

6. SSL/TSL encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

7. Data collection on this website

7.1 Logfiles

Our web hosting providers are Amazon Web Services, Inc. and Vercel.

In order to optimize and maintain our website, we log technical errors that may occur when accessing our website. Furthermore, when you use this website, information is automatically collected that the browser of your device transmits to our host provider. These are:

· IP address and operating system of your device, browser type, version, language, and host name of the accessing computer,

· Date and time of the server request, file accessed,

· the website from which the access was made (referrer URL), the status code (e.g. 404) and

· the transmission protocol used (e.g. HTTP/2).

This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of concrete indications of illegal use.

This data is collected and stored by our host provider in order to be able to optimize processes and procedures, especially in connection with the use of our website and the security and stability of the computer system.

For more information, see the Amazon Web Services Privacy Statement at https://aws.amazon.com/de/compliance/data-protection/.

If the GDPR is applicable, the basis for this data processing is Art. 6 (1) (f) GDPR.

7.2 Contact

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.

7.3 Cookies

We use cookies on our website. Cookies are small files that are stored on your device and stored by your browser. Some of the cookies we use are automatically deleted when you leave our website. Other cookies remain stored on your device until you delete them or until they expire. These cookies make it possible to recognize your browser the next time you visit our website.

In your browser, you can set it to be informed in advance about the setting of cookies and to decide on a case-by-case basis whether you want to exclude the acceptance of cookies for specific cases or in general, or whether cookies are prevented completely. This may limit the functionality of the website.

Cookies that are necessary for the electronic communication process or functions you request or that optimize your user experience are stored on the basis of Art. 6 (1) (f) GDPR – if the GDPR is applicable.

7.4 Newsletter and Deal Updates

We offer newsletters and deal updates that you subscribe to when you register. Accordingly, we use your email address to send you the respective newsletter or deal updates by email. You have the option to decide which newsletters and deal updates you want to receive in the notification settings. If the GDPR is applicable, the basis for data processing is Art. 6 para. 1 lit. f GDPR.

7.5 Newsletter-Analytics

We use an analytics service to measure the reach of our newsletter. It measures how often and when the newsletter is opened and which links the recipient follows. If the GDPR is applicable, the basis for data processing is Art. 6 para. 1 lit. f GDPR.

7.6 Registration

When you open an account in our app, the information you enter will be stored. We collect the following information:

· First and last name · Sex · E-mail-Address · Telephone number · Date of birth

We use the data to be able to provide you with the account. If the GDPR is applicable, the basis for this data processing is Art. 6 (1) (b) and (f) GDPR.

7.7 Fee-based services

In order to provide fee-based services, we will ask for additional data, such as payment details, in order to process your order or your order. To be able to carry out your order. We store this data in our systems until the statutory retention periods have expired.

8. External services

We use various third-party services on our website. Below we explain in detail which services are involved, what we use them for and what data is collected.

8.1 Meta Pixel

We use Meta Pixel, which is an analysis tool to measure the effectiveness of Facebook advertising and to collect and optimize target group-specific data when using our website. Tracking takes place with the help of cookies and similar technologies, which must be accepted before use.

If the GDPR is applicable, the basis for data processing is Art. 6 (1) (a) GDPR or Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.

Meta Pixel's privacy policy can be found at https://de-de.facebook.com/privacy/policy.

8.2 TikTok Pixel

We use TikTok Pixel, which is an analytics tool to measure the effectiveness of TikTok advertising and to collect and optimize audience-specific data when using our website. Tracking takes place with the help of cookies and similar technologies, which must be accepted before use.

If the GDPR is applicable, the basis for data processing is Art. 6 (1) (a) GDPR or Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.

TikTok Pixel's privacy policy can be found at https://www.tiktok.com/legal/page/eea/privacy-policy/de.

8.3 Google Analytics

We use Google Analytics from Google, which is a web-based analysis tool that makes it possible to collect and analyze information about usage behavior on our website. This allows us to optimise our website, as well as our marketing activities, and to improve the user experience in general.

If the GDPR is applicable, the basis for data processing is Art. 6 (1) (a) GDPR or Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.

The privacy policy of Google Analytics can be found at https://support.google.com/analytics/topic/2919631?hl=de&ref_topic=1008008&sjid=1339396462853908134-EU.

8.4 Google Maps

We use Google Maps from Google, which is a map tool that allows us to embed maps. By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. This is done regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses it for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) for the purpose of providing needs-based advertising and to inform other users of the social network about your activities on our website.

If the GDPR is applicable, the basis for data processing is Art. 6 (1) (a) GDPR or Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.

You can find the privacy policy of Google Maps at https://policies.google.com/privacy?hl=de.

8.5 Google reCAPTCHA

We use Google's Google reCAPTCHA, which is a free service provided by Google that allows us to protect our website from spam and abuse.

If the GDPR is applicable, the basis for data processing is Art. 6 (1) (a) GDPR or Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.

The privacy policy of Google reCAPTCHA can be found at https://policies.google.com/privacy?hl=de.

8.6 Google Tag Manager

We use Google Tag Manager from Google, which is a solution that allows us to integrate marketing services into our online offering. The tag manager itself, which implements the tags, does not process any personal data of the users.

If the GDPR is applicable, the basis for data processing is Art. 6 (1) (a) GDPR or Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.

You can find Google Tag Manager's privacy policy at https://policies.google.com/privacy?hl=de.

8.7 Google Fonts

We use Google Fonts from Google, which is a solution for the uniform display of fonts, so-called web fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. If your browser does not support Web Fonts, a default font will be used by your computer. For more information about Google Web Fonts, see https://developers.google.com/fonts/faq.

If the GDPR is applicable, the basis for data processing is Art. 6 (1) (a) GDPR or Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.

The privacy policy of Google Fonts can be found at https://www.google.com/policies/privacy/.

8.8 Youtube

We use Google's Youtube, which is an online video portal that allows us to embed videos.

If the GDPR is applicable, the basis for data processing is Art. 6 (1) (a) GDPR or Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.

https://www.youtube.com/account_privacy

8.9 Spotify

We use Spotify, which is an audio streaming service that allows us to link audio files on our website.

If the GDPR is applicable, the basis for data processing is Art. 6 (1) (a) GDPR or Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.

Spotify's privacy policy can be found at https://www.spotify.com/de/legal/privacy-policy/.

8.10 Instagram

We use Instagram, which is a social network that allows us to post social content on the website and link directly to our Instagram account.

If the GDPR is applicable, the basis for data processing is Art. 6 (1) (a) GDPR or Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.

Instagram's privacy policy can be found at https://help.instagram.com/155833707900388.

8.11 Customer.io

We use Customer.io, which is a marketing automation platform that allows us to automate and improve mail and message campaigns based on usage behavior. The segmentation of users, the automation of e-mails or push notifications or the analysis of marketing campaigns help to tailor the content to the user.

If the GDPR is applicable, the basis for data processing is Art. 6 (1) (a) GDPR or Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.

The privacy policy of Customer.io can be found at https://customer.io/legal/privacy-policy/.

8.12 Firebase

We use Google's Firebase, which is a development platform for web and mobile applications that allows developers to build them in a powerful and scalable way. To do this, Firebase provides a comprehensive suite of tools and services that support development, deployment, authentication, data management, analytics, and more.

If the GDPR is applicable, the basis for data processing is Art. 6 (1) (a) GDPR or Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.

Firebase's privacy policy can be found at https://policies.google.com/privacy.

8.13 Sentry.io

We use Sentry, which is an error monitoring and tracking platform that helps developers identify, diagnose, and fix problems and errors in their applications. By enabling us to quickly detect, diagnose, and resolve errors before they impact users, the quality, stability, and performance of our applications are improved.

If the GDPR is applicable, the basis for data processing is Art. 6 (1) (a) GDPR or Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.

Sentry.io's privacy policy can be found at https://sentry.io/privacy/.

8.14 Worldline One Link

We use Worldline One Link from Worldline, which is a digital platform. The cooperation with Worldline makes it possible for a means of payment stored with us to be recognised by one of our partners when a transaction is made with it and the data required for the handling of cashback is forwarded to us. This is the data of the transaction at the Worldline terminal.

If the GDPR is applicable, the basis for data processing is Art. 6 (1) (a) GDPR or Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.

Worldline's privacy policy can be found at https://worldline.com/de-ch/compliancy/privacy.html.

8.15 Mailchimp

We use Mailchimp, which is a shipping service provider that enables us to send our newsletter.

If the GDPR is applicable, the basis for data processing is Art. 6 (1) (a) GDPR or Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.

Mailchimp's privacy policy can be found at https://www.intuit.com/privacy/statement/.

8.16 External payment service providers

This website uses third-party payment service providers through whose platforms users and we can make payment transactions. For example, about:

• PostFinance (https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)

• Visas (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)

• Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)

• American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)

• Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)

• Bexio AG (https://www.bexio.com/de-CH/datenschutz)

• Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)

• Apple Pay (https://support.apple.com/de-ch/ht203027)

• Stripe (https://stripe.com/ch/privacy)

• Klarna (https://www.klarna.com/de/datenschutz/)

• Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/)

• Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/) etc.

In the context of the performance of contracts, we use the payment service providers on the basis of the Swiss Data Protection Regulation and, where necessary, Article 6 (1) (b) of the EU GDPR. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with the Swiss Data Protection Regulation and, where necessary, in accordance with Article 6 (1) (f) of the EU GDPR in order to offer our users an effective and secure payment option.

The data processed by the payment service providers includes inventory data, such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, sums and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed by and stored by the payment service providers. As the operator, we do not receive any information about (bank) account or credit card, but only information on confirming (accepting) or rejecting the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transfer is to check identity and creditworthiness. For this purpose, we refer to the terms and conditions and data protection notices of the payment service providers.

The terms and conditions and data protection notices of the respective payment service providers, which can be accessed within the respective website or transaction applications, apply to the payment transactions. We also refer to them for the purpose of further information and assertion of rights of revocation, information and other data subjects.

9. General Disclaimer

All information on our website has been carefully checked. We strive to provide our information services in an up-to-date, correct and complete manner. Nevertheless, the occurrence of errors cannot be completely ruled out, which means that we cannot guarantee the completeness, correctness and timeliness of information, even of a journalistic or editorial nature. Liability claims for material or immaterial damage caused by the use of the information provided are excluded, provided that there is no demonstrable intentional or grossly negligent fault. The publisher may, at its sole discretion and without notice, modify or delete texts and is under no obligation to update the content of this website. The use of or access to this website is at the visitor's own risk. The publisher, its clients or partners are not responsible for any damages, such as direct, indirect, incidental, specific or consequential damages, which are allegedly caused by visiting this website and therefore assume no liability for them.

On our website and in our app, you will find links to third-party sites. We are not responsible for the content and data protection precautions on external websites that you can reach via the links. Please inform yourself about data protection directly on the relevant websites.

10. Disclosure of data to third parties

In order to be able to offer you the information on our website, we work together with various service providers, namely IT service providers, in order to be able to offer you a modern website. They will only use your data for us in the context of order processing.

We only transfer data to entities outside Switzerland and the European Union (third country) if there is a legal obligation to do so, if you have expressly consented, if it is necessary under the respective contract or for the protection of our legitimate interests.

11. Copyrights

The copyright and all other rights to content, images, photos or other files on the website belong exclusively to the operator of this website or the specifically named rights holders. For the reproduction of all files, the written consent of the copyright holder must be obtained in advance. Anyone who commits a copyright infringement without the consent of the respective rights holder can be liable to prosecution and possibly liable for damages.

12. Your rights

Insofar as provided for by the data protection law applicable to you, you can request information free of charge about the stored data relating to you, its origin and recipients and the purpose of the data processing. Likewise, under the legal requirements, you have the right to rectification, deletion, restriction of or against processing and, if the GDPR applies, to the release of this data for transfer to another body.

You can revoke any consent you have given at any time with effect for the future. All you need to do is send us an informal message by e-mail.

Please note that the above rights are subject to legal restrictions and may impair or make it impossible for us to provide our services.

You have the right to enforce your claims in court or to lodge a complaint with the relevant data protection authority. The Federal Data Protection and Information Commissioner is responsible for the Switzerland (http://www.edoeb.admin.ch).

13. Up-to-dateness and modification of this privacy policy

We may change or amend this Privacy Policy at any time. The current privacy policy can be accessed on https://www.cashyou.ch/data-protection.