Privacy Statement

Data protection
Data protection

1 - Data protection


TopCard Service Ltd ("TopCard" or "we" or "us") takes your privacy seriously. TopCard adheres to high data protection standards as well as transparency of personal data collection and processing for our clients. This privacy statement contains general information on what personal data TopCard collects, what we do with that information, and what rights you have. If you have any questions or comments, please contact us by letter to TopCard Service AG, Data Protection Office, Flughofstrasse 35,
P.O. Box, 8152 Glattbrugg, Switzerland.

"Personal data" is any information that relates to an identified or identifiable natural person (rather than to a legal entity, such as a company).

As part of our commitment to protect your personal data in a transparent manner, we want to inform you:

  • why and how TopCard collects, uses and stores your personal data;
  • the lawful basis on which your personal data is processed; and
  • what your rights and our obligations are in relation to such processing

 

2 - What types of personal data do we collect?


TopCard will, depending on the product or service we provide to you (if any), collect and process personal data about you including:

  • personal details such as your name, identification number, date of birth, KYC documents (including a copy of your national identity card or passport), phone number physical and electronic address, and possibly family details such as the name of your spouse, partner, or children;
  • financial information, including payment and transaction records (including bank details) and information relating to your assets and liabilities;
  • possibly tax domicile and other tax-related documents and information;
  • where applicable, professional information about you, such as your job title and work experience;
  • details of our interactions with you and the products and services you use;
  • any records of phone calls between you and TopCard;
  • identifiers we assign to you, such as your client or account number;
  • when you access our website, data transmitted by your browser and automatically recorded by our server, including date and time of the access, name of the accessed file as well as the transmitted data volume and the performance of the access, your web browser, browser language and requesting domain, and IP address (additional data will only be recorded via our website if their disclosure is made voluntarily, e.g. in the course of a registration or request); and
  • in rare cases (where permitted by law), special categories of personal data, such as information about your health, racial or ethnic origin, religious, philosophical, political or trade union beliefs or activities, information relating to criminal convictions or offences as well as data on social assistance measures.

In some cases, we collect this information from public registers, public administration or other third-party sources, such as wealth screening services, credit reference agencies and fraud prevention agencies. We use cookies on our websites to optimize our services. These are tracking files that are stored on your device and enable us to analyse the use of our websites. You can configure your browser so that no cookies and similar tracking are stored on your device or so that you are notified before a cookie or similar is stored. Complete deactivation of cookies may result in the websites not functioning or not functioning to their full extent.

If relevant to the products and services we provide to you, we will also collect information about your additional card holders or account holders, beneficial owners, business partners, representatives and agents. Before providing TopCard with this information, you should provide a copy of this statement to those individuals or point them to the publication location on the web.
 


3 - On which legal basis and for which purposes do we process personal data?

3.1 Legal basis for processing

Depending on the purpose of the processing activity (see section 3.2), the processing of your personal data will be one of the following:

(i) necessary for the legitimate interests of TopCard, without unduly affecting your interests or fundamental rights (see below);

(ii) necessary for taking steps to enter into or executing a contract with you for the services or products you request, or for carrying out our obligations under such a contract, such as when we use your data for some of the purposes in sections 3.2(a), (b) (c) and (l) below (as well as certain of the data disclosures described in section 4);

(iii) required to meet our legal or regulatory responsibilities, including when we conduct the checks referred to in section 3.2(a) below and make the disclosures to authorities, regulators and government bodies referred to in sections 3.2(g) and 4 below;

(iv) in some cases, necessary for the performance of a task carried out in the public interest;

(v) when we use sensitive personal data, necessary for establishing, exercising or defending legal claims or where the processing relates to personal data manifestly in the public domain; and

(vi) in limited circumstances, processed with your consent which we obtain from you from time to time (for instance where required by laws), or processed with your explicit consent in the case of sensitive personal data.

Examples of the 'legitimate interests' referred to above are:

  • pursuing certain of the purposes in sections 3.2(a) to 3.2(m) below;
  • exercising our rights under Articles 26 and 27 of the Federal Constitution of the Swiss Confederation, including our freedom to conduct a business and right to property;
  • when we make the disclosures referred to in section 4 below, providing products and services and keeping our customers, employees and other stakeholders satisfied; and
  • meeting our accountability and regulatory requirements around the world, in each case provided such interests are not overridden by your privacy interests.
     

To the extent we have obtained your consent to process ordinary Personal Data (our processing of your personal data) in the past in any productspecific terms and conditions for the purposes of data protection law only, UBS will no longer rely on such consent, but instead will rely on lawful grounds of compliance with a legal obligation, contractual necessity or legitimate interests (as specified in this Notice), and UBS' ability to rely on that consent is hereby waived or extinguished.
For the avoidance of doubt, any consent given for any other reason, for instance (and if applicable) e-Privacy (including direct marketing), banking secrecy, decisions based solely on automated processing remains unaffected by this paragraph.

Where the personal data we collect from you is needed to meet our legal or regulatory obligations or enter into an agreement with you, if we cannot collect this personal data there is a possibility we may be unable to onboard you as a client or provide products or services to you (in which case we will inform you accordingly).

3.2 Purposes of processing

We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. In particular, we process personal data for the following purposes:

a) client onboarding processes, including to verify your identity and assess your application (including the need for guarantees or other securitisation tools) and to conduct legal and other regulatory compliance checks (for example, to comply with anti-money laundering regulations, and prevent fraud);

b) providing products and services to you and ensuring their proper execution, for instance by ensuring that we can identify you and make payments to and from your accounts in accordance with your instructions and the product terms;

c) managing our relationship with you, including communicating with you in relation to the products and services you obtain from us, handling customer service-related queries and complaints, facilitating debt recovery activities, making decisions regarding credit or your identity, tracing your whereabouts, and closing your account (in accordance with applicable law) if it remains dormant and we are unable to contact you after a period of time;

d) helping us to learn more about you as a customer, the products and services you receive, and other products and services you may be interested in receiving, including profiling based on the processing of your personal data, for instance by looking at the types of products and services that you use from us, how you like to be contacted and so on;

e) taking steps to improve our products and services and our use of technology, including testing and upgrading of systems and processes, and conducting market research to understand how to improve of our existing products and services or learn about other products and services we can provide;

f) contacting you for direct marketing purposes about products and services we think will be of interest to you and facilitating competitions and promotions;

g) meeting our ongoing regulatory and compliance obligations (e.g., laws of the financial sector, anti-money-laundering and tax laws), including in relation to recording and monitoring communications, application of a risk classification to current business relationships, disclosures to financial service regulators and other regulatory and governmental bodies, and investigating or preventing crime. This includes profiling based on the processing of your personal data, e.g., by analyzing how and from which geographical location you use our applications, products and services;

h) to receive and process complaints, requests or reports from you or third parties addressed to entities of the parent company;

i) to respond to actual or potential proceedings, requests or investigations by the competent authorities or judicial authorities;

j) ensuring the safety of our customers, employees and other stakeholders;

k) undertaking transactional and statistical analysis, and related research;

l) underwriting;

m) for TopCard's prudent operational management (including credit and risk management, insurance, internal and external audit, information security, systems and products training and similar administrative purposes);

n) to protect our rights and obligations, including obtaining legal advice;

o) for the transfer to potential buyers, acquiring entities, merger partners or sellers and their advisers in connection with an actual or potential transfer or merger of all or part of TopCard's business or assets, or any rights or interests related thereto, or for the acquisition of a company or merger with a company; and

p) any other purposes we notify to you from time to time.


TopCard and group companies and third parties commissioned by TopCard in Switzerland and abroad may process, combine, store and use data for distance payments for the purpose of compliance and risk management, in particular for the approval of a transaction and for the analysis of fraud patterns, and to create profiles from this data.

We use both automated (including artificial intelligence) and manual methods to process your Personal Data for these purposes. Our automated methods often are related to and supported by our manual methods. For example, our artificial intelligence systems (e.g., Microsoft 365 Copilot) may analyse your data to identify patterns and trends, which are usually manually reviewed and interpreted by humans.
 

4 - Who has access to personal data and with whom are they shared?

4.1 Third Parties


When providing products and services to you, we will share personal data with persons acting on your behalf or otherwise involved in the transaction (depending on the type of product or service you receive from us), including, where relevant the following types of companies.
eine Partei, die an einer Transaktion beteiligt ist,

  • a party acquiring interest in the transaction (e.g. through a financial investment or by assuming risks);
  • payment recipients, beneficiaries, account nominees, intermediaries, and referring banks;
  • clearing houses, clearing or settlement systems and specialised payment companies or institutions such as SIX Group;
  • international card organizations (Visa and Mastercard) and their contractors and other card payment and platform providers;
  • market counterparties;
  • upstream withholding agents;
  • credit reference agencies or credit bureaus for the purposes of obtaining or providing credit references, such as Central Credit Information Office (ZEK) and Consumer Credit Information Office (IKO);
  • providers of address databases to check that address data is up-to-date,
  • law firms as well as auditing and accounting companies that provide legal, auditing, consulting or accounting services to us;
  • providers of address databases to check that the address data is up to date;
  • law firms and auditing and accounting firms that provide us with legal, auditing, consulting or accounting services.

The principal cardholder has access to all data on the partner card and can disclose this to third parties. The partner cardholder also has access to their own partner card data and can disclose this to third parties.
 

4.2 Service providers

In some instances, we also share personal data with our suppliers, including group companies and other business partners who provide services to us, such as card processing, courier services, IT and hosting providers, marketing providers, communication services and printing providers, document and card creating, debt collection, tracing, debt recovery, fraud prevention, invoicing, compliance, and credit reference agencies, back- and middle-office services and others. This may also include the disclosure of personal data for the purposes of compliance obligations, risk management, detection and prevention of crime, auditing, or in the context of threatened or actual legal proceedings. When we do so we take steps to ensure they meet our data security standards so that your personal data remains secure.

In the context of outsourcing, card data may have to be transmitted to internal or external service providers and service providers may in turn involve other service providers. All service providers are bound by corresponding confidentiality provisions.

If a service provider is based abroad, we or the group companies commissioned by us will only transmit data that does not allow any conclusions to be drawn about the identity of the cardholder, provided that the General Terms and Conditions of Business applicable to your legal relationship with us provide otherwise.
 

4.3 Public or regulatory authorities

If required from time to time, we disclose personal data to public authorities, regulators or governmental bodies, including when required by law or regulation, under a code of practice or conduct, or when these authorities or bodies require us to do so. For example, in the context of a complaint about a transaction, TopCard is authorized to file a criminal complaint with the law enforcement authorities and to make documents, electronic data records and other information and findings related to the complaint available to the law enforcement authorities.
 

4.4 Others
 

  • If our business is sold to another organisation or if it is reorganised, personal data will be shared so that you can continue to receive products and services. We will usually also share personal data with prospective purchasers when we consider selling or transferring part or all of a business. We take steps to ensure such potential purchasers keep the data secure.
  • We may need to disclose personal data to exercise or protect legal rights, including ours and those of our employees or other stakeholders, or in response to requests from individuals or their representatives who seek to protect their legal rights or such rights of others.
  • To ensure compliance with duties on anti-money laundering, risk assessments and risk reporting personal data might be shared with group companies.
     


5 - International transfers of personal data

The recipients referred to in section 4 above may be located outside Switzerland. In those cases, except where the relevant country has been determined by the Federal Data Protection and Information Commissioner to provide an adequate level of protection, TopCard requires such recipients to comply with appropriate measures designed to protect personal data contained within a binding legal agreement.

A copy of these measures can be obtained by contacting the Data Protection Officer ("DPO") at the address at the end of this notice. If and to the extent required by applicable law (such as Swiss Banking Secrecy), we implement the necessary legal, operational and technical measure and/or enter into an agreement with you before such transfers.

Data that is disclosed abroad is subject to the legal provisions of the respective country, e.g., with regard to access by foreign authorities.
 

6 - How long do we store your data?

We will only retain personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. To help us do this, we apply criteria to determine the appropriate periods for retaining your personal data depending on its purpose, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests.

In general, TopCard will retain personal data for the period of your relationship or contract with TopCard plus 10 years, reflecting the length of time for which legal claims may be made following termination of such relationship or contract. An ongoing or anticipated legal or regulatory proceeding may lead to retention beyond this period.

 

7 - Your rights

You have a right to ask TopCard to rectify inaccurate personal data we collect and process and the right to request restriction of your personal data pending such a request being considered.

Where we process your personal data on the basis of your consent, you have the right to withdraw that consent at any time. Please also note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

You have a right to ask us to stop processing your personal data (prohibition of processing), or to request deletion of your personal data – these rights are not absolute (as sometimes there may be overriding interests that require the processing to continue, for example), but we will consider your request and respond to you with the outcome. When personal data are processed for direct marketing purposes, your right to object extends to direct marketing, including profiling to the extent it is related to such marketing. You may object to direct marketing by clicking the "unsubscribe" link in any of our e-mails to you.

If we process your personal data that you have disclosed to us with your consent or if such processing is automated by us for the conclusion or execution of a contract with you, you may have the right under the applicable data protection laws to request that your personal data be transferred to you or another controller. You have the right to request a copy of individual or all personal data processed by TopCard.

In certain circumstances TopCard may process your personal data through automated decision making, including profiling. Where this takes place, you will be informed of such automated decision-making that uses your personal data, be given information on the logic involved, and be informed of the possible consequences of such processing. In certain circumstances, you can request not to be subject to automated decision-making, including profiling.

You can exercise the rights set out above by contacting the DPO using the details in section 8 of this notice.
 

8 - Exercising your rights, and complaints

If you are not satisfied with any aspect of the processing of your personal data by TopCard, we would like to discuss it with you to understand how we can rectify the issue. If you would like to speak to us about our use of your personal data, you can contact the data protection office via mail:

TopCard Service Ltd.
Data Protection Office
Flughofstrasse 35
P.O. Box
8152 Glattbrugg
Switzerland

To avoid delays, please enclose a copy of your passport or identity card with your signed letter.

If you are not satisfied with our response, you have the right to make a complaint to the data protection authority in the jurisdiction where you live or work, or in the place where you think an issue in relation to your data has arisen, where applicable law provides for this.
 

9 - Security Note

We have in place appropriate technical and organisational measures to prevent unauthorised or unlawful access to the personal data you have provided to us. As complete data security cannot be guaranteed for communication via e-mails, instant messaging, and similar means of communication, we would recommend sending any particularly confidential information by an alternative secure means.
 

10 - Changes to personal data

We are committed to keeping your personal data accurate and up to date. Therefore, if your personal data changes, please inform us of the change as soon as possible.
 

11 - Status of this privacy notice

This privacy statement was updated in April 2025. It is a statement explaining what TopCard does, rather than a document that binds TopCard or any other party contractually. We reserve the right to amend it from time to time. If the statement has been updated, we will take steps to inform you of the update by appropriate means, depending on how we normally communicate with you, such as through your account statement.
 

12 - EU representative
 

Topcard Service AG designated the below entity as the EU representative in compliance with Art. 27 EU GDPR.

UBS Europe SE
Bockenheimer Landstrasse 2-4
60306 Frankfurt am Main
Deutschland

© 2025 TopCard Service AG
Terms of use
Imprint
Privacy disclaimer

We only use technically necessary cookies. We do not collect user data. The website does not contain any third-party cookies, namely tracking and marketing cookies.

Essential cookies enable basic functions and are necessary for the website to function properly.
Statistics cookies collect information anonymously. This information helps us to understand how our visitors use our website.
Marketing cookies are used by third parties or publishers to display personalized advertisements. They do this by tracking visitors across websites.