SUITCH SAS (SUITCH), a simplified joint stock company with a capital of 100,000,000 CFA francs, having its registered office at Douala Makepe, Rue 5.090, BP 24206, registered with the RCCM of Douala under the number RC/DLA/2015/B/204. Tel : (237) : 243 684 797 E-mail : firstname.lastname@example.org
SUITCH processes personal data about you as a data controller in the context of the use of the mobile financial services and its associated services that it offers you via the SuiTch mobile application and its website https: suiTch.tech. It respects the privacy and protects the personal data of the users of the services it offers.
The purpose of this policy is to inform users of the methods of collection, processing and use of their personal data and of their rights with regard to the protection of personal data under the applicable provisions.
- When do we process data?
Data about you are collected or processed in the course of:
- Registration to the service and opening of an account on the SuiTch application;
- Use of the services and management of the account;
- Access and management of your personal space;
- Your authentication on the application;
- Processing of your requests and complaints;
- During the geolocation of an Access Point;
- The execution of our obligations in terms of the fight against money laundering and the financing of terrorism;
- The use of promotional offers from merchants during payment;
- When registering and running the merchant’s loyalty program.
Data is collected directly from you, at your request and when using the services.
- What categories of data do we process?
In the course of using SuiTch’s services, several types of personal data may be collected.
Mainly data collected in the following categories:
- Generic data: first name, first letter of the name, age, and gender;
- Identity and address data: this includes data such as title, name, e-mail address, telephone number, date of birth and certain proof of identity;
- Payment data: this includes data such as date, time, amount, store/channel, location, if applicable, and information about the promotional offer used;
- Loyalty data: this is data collected when the user participates in a loyalty program with a merchant. This data includes the validity date, the level of loyalty, the privileges, and the number of points if applicable;
- Data relating to the operation of your account: this data relates to the analysis of the user’s profile. This includes data such as the means of payment used, the balance of the account, and data resulting from the analysis of the user’s profile, particularly in relation to fraud management;
- Behavioural data: this data relates to the behavioural analysis of actions and choices made by the user. This includes data such as geolocation, searches for a brand and/or shop, and/or promotions carried out, the voluntary presence indicator;
- Location data: where the user allows their phone’s operating system to share their location data with SUITCH;
- Your ID and information collected from the mobile: Open Source name, wifi, bluetooth, unique phone ID;
- Your browsing history in the application
Mandatory data are indicated in the collection forms by an asterisk. If they are not provided, the service or offer linked to this collection may not be provided.
- For what purposes is the data collected?
Depending on the data, they are processed in whole or in part for the following main reasons:
- Contract execution and account management.
- Management of the commercial relationship;
- Prospecting, commercial animation and advertising targeting based on the information you provide us or that which comes from the use of our services;
- Behavioural segmentation and profiling;
- Risk assessment, detection, management and consolidation;
- Anti-money laundering and countering the financing of terrorism;
- Management of the connection between users and merchants;
- Management of proposals / provision of services, promotions and loyalty;
- Budget management and monitoring;
- Management of activity reporting;
- Safety management;
- Measurement of satisfaction and quality of service;
- Prospecting and sales promotion carried out by SUITCH through the SuiTch application and at the request of merchants;
- Management of the identification and authentication of users of the services;
- To whom are they passed on?
The data processed is intended for the following people:
- To the authorized departments of the data controller;
- To the service providers of the data controller;
- To persons or departments authorized to have knowledge of this data, by virtue of their anti-money laundering and internal control skills.
Unless the user gives his express consent, none of these personal data is communicated in the form of identification to the access points.
Furthermore, the data may be communicated to any authority legally entitled to know about it, in particular in the event of a judicial requisition by the judicial, police or administrative authorities.
- Authorized departments of the controller
Access to the user’s personal data is reserved for persons authorized by the data controller who need to have access to it by reason of their mission and for the accomplishment of the latter.
Furthermore, authorized persons are subject to strict confidentiality regarding all personal data relating to users of which they become aware in the course of their duties.
- Service providers
The data controller may entrust certain services to third parties in the context of its activities and the provision of services.
In order to carry out these services, the controller may pass on the user’s personal data to its service providers.
In such a case, the service providers are contractually obliged to respect an obligation of security and confidentiality of the data and undertake to implement adequate measures.
- Competent anti-money laundering and internal control organizations or departments
The data controller may communicate the user’s personal data to authorized organizations or departments competent in the field of anti-money laundering and internal control.
In such a case, if the concerned organization is external to SUITCH, the latter is contractually obliged to respect an obligation of security and confidentiality of the data and undertakes to implement adequate measures.
- Access points
SUITCH does not disclose the personal data of SuiTch users to merchants, unless the users expressly consent to such disclosure.
However, the SuiTch services consist not only of a mobile payment service but also of money deposit and withdrawal services. In addition, the user can also benefit from promotions, sales actions and loyalty programs of Access Points accepting payment by the SuiTch payment service.
In order to offer these elements to users, SUITCH offers its Access Points two services through the application:
- A statistical record of customer usage of SuiTch. For this purpose, SUITCH only provides its PDAs with generic data, i.e. your full name and telephone number to contact you in case of a problem with the transaction, and your gender, combined with behavioural data;
- A service allowing merchants to request SUITCH to send promotional offers to SuiTch users;
- In addition, as part of statistical reporting of user usage of SuiTch, SUITCH provides merchants with whom you make payments with statistical reports of SuiTch usage including your payment data.
In any event, the PDAs have undertaken to comply with the practices and policy for the protection of personal data and to respect the Data Protection Act and all the obligations for which they are responsible.
- How long are the data kept?
The data controller keeps your data in accordance with a retention policy that ensures that the data is kept for a period of time proportionate to the purpose for which they were collected.
- Data hosting
The processed data is stored on SUITCH’s servers in Cameroon.
SUITCH is required to comply with the practices and this policy of protection of personal data and compliance with the Data Protection Act.
Only the data collected by Google Analytics cookies means for the purpose of analysis and analysis of the use of the application is transferred to Google’s servers in the USA. The IP addresses of users are transmitted to Google, which set them anonymously before processing them.
However, Google entities are certified under the EU-US Privacy Shield Framework and ensure an adequate level of protection for your data.
- What are your rights?
The user has the right to access, question and rectify data concerning him/her.
The user also has the right to object on legitimate grounds to the processing of personal data concerning him/her, and the right to object to the use of such data for canvassing purposes, in particular for commercial purposes.
The user also has the right, depending on the case, to have his or her data rectified, completed, updated, locked or deleted when it is inaccurate, incomplete, equivocal, out of date, or whose collection, use, communication or storage is prohibited.
The user may exercise his or her rights by contacting us via a dedicated “Contact Us” link in the application.
In the interest of confidentiality and protection of personal data, the data controller must ensure the identity of the user before responding to his/her request.
Therefore, any request to exercise these rights must be accompanied by a copy of a signed identity document.
- Cookies and other tracers
SUITCH uses Google Analytics, a service provided by Google Inc (“Google”), to analyze how you use the application.
The main purpose of Google Analytics is to count visitors and identify how they use the application.
The data generated relates to:
- Your use of the application;
- Your IP address in order to determine the city of connection.
This data is immediately anonymized after localization.
The SuiTch application stores the data collected by Google Analytics for 24 hours and then deletes it after sending it to Google, where it is anonymized before being processed.
In any case, you can reject Google Analytics cookies and/or delete them at any time by using the settings provided for this purpose in the application.
Finally, when you delete the application, all Google Analytics cookies are deleted.
- Technical information collected from the user’s smartphone
When you register for the service you wish to access and benefit from, after validation of the form, for security purposes, technical data will be collected from your smartphone. This is the following main information:
- The version of the fingerprinting algorithm;
- The name of the operating system;
- The version of the operating system;
- The Mac Wifi + Bluetooth address;
- The unique identifier of the phone.
- Social module
Social modules for the main social networks are integrated.
These modules allow you to share content and post content to your profiles on these networks.
Only members who are connected to their network can benefit from these features.
If you are not logged into your social network, you will be asked to log in to interact with these modules.
SUITCH will not transmit any of your personal data to the social networks to which you connect via the module.
- Geolocation data
In order to provide you with tailored and personalised SUITCH services, your precise geographical location may be used.
Your geolocation data will only be collected with your consent, and according to the geolocation system you agree to.
The geolocation data collected will be used to display in your SuiTch application, offers and information from your merchants when you pass by their establishments, provided you have accepted this geolocation.
In such a case, a notification may be sent to you.
You can deactivate the geolocation function from your smartphone at any time.
- What security measures have been implemented?
- General application security measure
In order to guarantee the security of its users’ data, we take all the necessary precautions, whether physical, logical, administrative or organisational, with regard to the nature of the data we process and the risks presented by the various processes, to preserve the security of the data and prevent it from being distorted, damaged or accessed by unauthorized parties.
These measures include:
- Management of authorizations for data access;
- Reinforced authentication for access to the SuiTch application;
- Confidentiality of exchanges ensured by an SSL protocol.
In the event of subcontracting all or part of the processing of personal data, we contractually require our subcontractors to guarantee the security and confidentiality of personal data by means of technical data protection measures and the appropriate human resources.
- Specific security measure for cardholder data
A reinforced security system is in place for transactions that can be carried out via the SuiTch service. Bank data are encrypted, managed and stored in a PCI-DSS certified environment.
- Social networks, and third party sites and applications
Links on the SuiTch application may direct the user to external applications and/or sites, in particular to those of partners.
The user’s attention is drawn to the fact that the personal data protection policies of these different applications and/or sites may differ from the present policy.
In this context, the user is recommended to read the personal data protection policy of each site and/or application. In any event, we shall not be held liable if the content of any of the sites and/or applications contravenes the legal and regulatory provisions in force.
- Update of the data protection policy