Operation by SIX

SIX BBS Ltd shall operate the debiX+ app (hereinafter “debiX+ app”) on behalf of the financial institutions participating in the debiX+ app. This operation shall include the provision of services to the customers of the commissioning financial institutions (hereinafter “user”). This shall be performed together with its sister company SIX Group Services Ltd.

To simplify readability, SIX shall hereinafter refer – without prejudice to the user of the debiX+ app – to both SIX BBS Ltd and SIX Group Services Ltd.

Terms of Use

The user shall accept the following conditions of use in the context of the use of the debiX+ app:

a. By installing the debiX+ app, the user confirms that they are the legal owner or holder of the mobile device used. Registration shall be made with at least one or more debit cards that the user is authorized to use for private or business purposes. The transactions performed in connection with the mobile device used and the debit card used shall be deemed, in principle, to have been lawfully made and accepted by the user.

b. The user shall be responsible for the safekeeping of the mobile device used. The user shall take appropriate security measures to prevent any misuse by unauthorized third parties.

c. The user shall handle their username and password with care. The password must be created specifically for the debiX+ app and must not be easily guessed. The username and password must be kept secret and secure. When entering the username and password, always ensure that they cannot be seen by third parties.

d. If the user wishes to link the login to the debiX+ app or the release of transactions with the biometric data stored on the mobile device used, they can activate this via the corresponding consent in the system.

e. The user agrees that the camera of the mobile device used can be accessed for the use of the card data read-in functionality (scan).

f. The user authorizes SIX to use the information provided as part of the payment process in accordance with applicable laws and exclusively in connection with the debiX+ app. The user is aware that information is passed on to third parties for the purpose of transaction processing.

g. If the user wishes to receive notifications in connection with 3D Secure transactions, the one-time activation of the push notifications function is recommended. The user can enable this function when registering their debit card, after which they can manage this function independently via the operating system settings.

h. The user may use only operating systems provided by the manufacturer of the mobile device used and shall be responsible for regularly implementing the relevant security updates. Intrusions into the operating systems of the mobile device or the functionality, architecture or programming code of the debiX+ app shall not be permitted.

i. If the user has reason to believe that the security of the debiX+ app is no longer ensured, in particular if the mobile device used is no longer in their possession and the security of their data is compromised, they must immediately report this to the respective card-issuing financial institution of the debit card registered in the debiX+ app. 

j. By registering their e-mail address, the user agrees that SIX may use it for electronic communication with them in connection with the debiX+ app. Possible use cases may include master data changes initiated by the user, notifications of changes to the terms of use from SIX, inquiries from SIX in connection with transactions for the purpose of avoiding card and debiX+ app misuse.

k. It shall be the responsibility of the user to ensure technical access to the debiX+ app. SIX assumes no liability in connection with the network operator selected by the user or the functionality of the hardware and software used by the user.

l. SIX shall not be liable for damages, lost profits or loss of data of the user in connection with the use of the debiX+ app to the extent permitted by law.

m. No transfer of intellectual property rights takes place in the context of the use of the debiX+ app. All rights to the debiX+ app remain with SIX at all times.

Data Protection Notice of the debiX+ App

This Privacy Statement explains how SIX BBS Ltd. (“SIX”) collects, uses and discloses (hereinafter referred to together as “processes”) personal user data (hereinafter referred to as “Personal Data”) of the users of the debiX+ App (hereinafter referred to as “User”), and the means by which this is done. The Privacy Statement also describes how SIX safeguards the confidentiality of the Personal Data processed.

The User agrees to SIX processing Personal Data in accordance with the Privacy Statement. Legal or contractual duties to maintain confidentiality to which SIX is subject in relation to the User's Personal Data are not affected by this Privacy Statement.

To the extent the User uses the debiX+ App for processing purposes in which SIX is not the data controller of Personal Data, the Privacy Notice of the respective Data Controller, for example the Privacy Notice of the financial institution which issued the - debiX+ App registered – debit card (“financial institution”) shall apply.

SIX may amend the Privacy Statement unilaterally at any time. The most recent version is published on the app store by SIX.

1. Data Protection @ SIX

The activity of SIX as an infrastructure provider for payments and financial services requires to obtain and process a large amount of data. Thus, data protection is of the highest priority for us. The basic principle is that wherever data is processed, a high level of data protection and security must be guaranteed. This applies to data from financial institutions, Users and business partners as well as to employee data. Because privacy is above all protection of the individual. As a consequence, we attribute such a high priority to compliance with the applicable laws and to protecting privacy and the private sphere of affected individuals in order to comply with national and international legal requirements.

2. Type of Collected Personal Data

SIX processes Personal Data about the User if the latter obtains, installs and uses the debiX+ App from the relevant app stores.

In selected cases, Personal Data is processed if SIX records telephone calls with Users, whether this shall meet its own legal obligations or for training or quality assurance purposes.
SIX processes the Personal Data (such as name, gender, address, e-mail address, telephone) that the User expressly and actively makes available to SIX by creating an User account.

The debiX+ App processes also technical attributes of your device (f.eg. browser type and version, operating system) as well action-related attributes (such as IP address)

To the extent SIX processes Personal Data on behalf of the financial institutions, the Privacy Notice of the financial institution of the respective User shall apply.

3. Usage of Personal Data and Legal Basis

By processing Personal Data according to this Privacy Statement, SIX is able to improve the quality of its debiX+ App and therewith enabled features and services. Personal Data is processed for the following purposes in particular:

  • technical management as well as research and further development of the debiX+ App,
  • User administration
  • Communications related to updates, changes of Privacy Notices and Terms and Conditions

SIX processes Personal Data according to the applicable law. Depending on the processing purpose, the legal basis for the processing of the User’s Personal Data will be one of the following:

(a) necessary for the legitimate interests of SIX, without unduly affecting interests or fundamental rights and freedoms of the User,

(b) necessary for taking steps to enter into or executing a contract with the financial institutions for the services or products requested or for carrying out our obligations for the User under such a contract,

(c) compliance with legal or regulatory duties, including compliance with acts and instructions of authorities.

Examples of the ‘legitimate interests of SIX’ referred to above are:

  • pursuing certain of the above-mentioned purposes
  • exercising SIX’ rights, including the freedom to conduct a business and right to property,
  • providing products and services and assuring a consistently high service standard  and keeping our customers and other stakeholders satisfied, and
  • meeting our accountability and regulatory requirements,

In each case provided such interests are not overridden by the User’s privacy interests.

4. Data Transfers

The User authorizes SIX to transmit Personal Data to employees, agents or other third parties within or outside the country where the User lives in order to provide services and for the purposes indicated above. This occurs especially when switching from the debiX+ App to another application. Employees, agents and other third parties which have access to Personal Data are required by SIX to ensure compliance with all applicable data protection provisions. Any person who authorizes SIX to access Personal Data as defined in this Privacy Statement will be made aware of the data security and data protection implications. When Personal Data of the User are transferred to other countries, SIX will ensure data protection by granting the protection level required by the applicable law, e.g. by adopting EU Standard Contractual Clauses (SCC) or similar safeguards.

SIX reserves the right to disclose Personal Data to regulatory and supervisory authorities, pursuant to this Privacy Statement. In so doing, SIX will comply at all times with applicable regulations, laws, court orders or official requests. 

5. Data Protection Measures

SIX protects Personal Data with appropriate physical, electronic and process-related security measures, such as firewalls, personal passwords, encoding and authentication technologies. SIX adheres to regulatory requirements of PCI-DSS.

6. Data Subject’s Rights

Users whose Personal Data is processed within the scope of this Privacy Statement have the following rights:

to receive information on whether SIX may save Personal Data and what form this Personal Data may take (which categories of data, recipients or categories of recipients, retention periods for Personal Data or criteria governing retention periods)

  • to receive a copy of the Personal Data
  • to request the rectification of Personal Data if it is incorrect
  • to request the deletion of Personal Data
  • to request restrictions on processing Personal Data
  • to receive Personal Data in a structured, accessible and machine-readable format (if available)
  • to submit an objection to processing, especially for the purpose of direct advertising

The rights specified above may be denied or restricted if the interests, rights and freedoms of third parties take precedence or if processing is necessary to establish, exercise or defend legal claims of SIX.

Queries in relation to processing Personal Data are to be directed to the Data Protection Officers of SIX:

To exercise your rights with regards to data protection please use this link (https://privacyportal-ch.onetrust.com/webform/a8a308f1-1ad4-4b5d-8b15-487e80eb979b/c1c6d998-274e-4ce5-8714-a9b5c2872e34).

 You can also direct your queries to:

SIX Group Services Ltd.
Data Protection Officer
Hardturmstrasse 201
8005 Zurich

E-Mail: dataprotection@six-group.com

Users have also the right to make a complaint to the data protection authority responsible for them or in the place where they think an issue in relation to the Personal Data has arisen.

7. Storage

SIX will only retain Personal Data for as long as necessary to fulfil the purpose for which they were collected or to comply with legal or regulatory requirements.

8. Links and Cookies

The debiX+ App will redirect the User for the purpose of User identity and access management configurations to a Website of SIX. The only cookies saved on the User’s mobile device that are used by this webpage are functional cookies, for the purpose of loading the page and storing the information within the form.

9. Data Controller and Representative in the EU/UK

Hardturmstrasse 201
8021 Zurich

EU representative: SIX Financial Information Deutschland GmbH in Frankfurt (Theodor-Heuss-Allee 108, D-60486 Frankfurt am Main).

UK representative: SIX Financial Information UK Ltd. in London (6 Devonshire Square, Spitalfields, London EC2M 4YE).