Privacy Policy

Version October 2025

Protection of Your Personal Data

We, Blue Code International AG (hereinafter also “BCI”, “we” or “us”), are pleased by your interest in Bluecode and would like to ensure that you feel safe when using the Bluecode website. We take the protection of your personal data very seriously. Observing applicable data protection regulations (GDPR, DSG, TKG) is a given for us.

Below we would like to explain in detail how your personal data is collected and processed when using the Bluecode website.

We reserve the right to amend the privacy policy as needed, especially to adapt to further development of Bluecode or the implementation of new technologies, at any time with effect for the future.

Controller

Responsible under data protection law for the collection and processing within the scope of this website is the

Blue Code International AG
CHE-281.323.867, Handelsregister-Amt Schwyz
Schützenstrasse 7
8853 Lachen SZ
Switzerland
Email: office@bluecode.com

EU data protection representative in accordance with Art. 27 GDPR as a contact point for supervisory authorities and data subjects in all questions related to EU data protection law:

Secure Payment Technologies GmbH
FN 364923 b, Handelsgericht Innsbruck
Müllerstraße 27
6020 Innsbruck
Austria
Email: datenschutz@spt-payments.com

Data collection when using the website www.bluecode.com

a. Provision of the website

Whenever a user accesses the Bluecode website, the following data is automatically logged:

Date and time of access
Name of the page accessed
Transferred data volume
Access status (file transferred, file not found, etc.)
Identifying data of the used operating system and the user’s end device
Name of the provider from which the user’s internet access comes
Cookies

The collection, processing and use of this data is done for the purpose of enabling the use of the Bluecode website, for system security, and for the technical administration of the network infrastructure. In these purposes, our legitimate interest in data processing pursuant to Art 6(1) lit. f GDPR applies. A comparison with other data sets or a disclosure to third parties, also in excerpts, does not take place (except for the third parties selected under point b. “Information exchange”). It is not possible to identify a user individually.

The logs are deleted at regular intervals. Longer storage occurs only to the extent necessary to investigate detected attacks on our website or to pursue legally asserted claims.

From the user’s side, there is no right to object to the recording of data for providing the website and storing data in log files, since this is essential for the operation of the website.

b. Exchange of information

Occasionally we share your information with selected third parties. In this context, we always take appropriate legal, technical and organizational measures to ensure that your data is treated securely and that an appropriate level of protection is maintained when transmitting your data to selected third parties. Specifically, the following recipient categories apply:

Companies of the Bluecode Group: We may share your personal data with other companies of the Bluecode Group, to the extent there is an administrative interest in data exchange (lawful basis under Art. 6(1) lit. f GDPR).
Subcontractors: We may transfer your personal data to subcontractors and other third parties involved in service delivery to fulfill contractual obligations with you or for other purposes described in this privacy policy. This is always based on a data processing agreement in accordance with the GDPR (lawful basis under Art. 6(1) lit. a, b or f GDPR).
Public authorities: To fulfill legal obligations, information is disclosed to the corresponding public authorities (lawful basis under Art. 6(1) lit. c or e GDPR).

We would like to clarify that we do not sell personal data to third parties for advertising purposes.

We also point out that for Switzerland there is an adequacy decision by the European Commission.

c. Data processing when contacting us via the website

Contact with us is made via the following email address or a contact form:

office@bluecode.com / datenschutz@spt-payments.com

The data you voluntarily provide, e.g., by email (name and/or email address) or via a contact form (first and last name, business email address, position in the company), will be used exclusively for processing the conversation/contact. By providing your contact details in our contact form or by sending us an email, you consent to use of these data for contacting you. You can withdraw this consent at any time without giving reasons (see below “Your rights”). Your data will be deleted immediately. A contact with us is then not possible or no longer possible. The legal basis for processing the data is your consent in accordance with Art. 6(1) lit. a and our legitimate interest in processing the data according to Art 6(1) lit. f GDPR. Processing of personal data in this context is solely for handling the contact.

d. Retention and deletion of personal data

We store your personal data only for as long as the purpose of processing remains or if you make a legitimate deletion request (see below “Your rights”). Where we are subject to statutory retention periods for data storage (e.g., tax or corporate law), we are obliged to store your data for the duration specified there. Data provided through the contact form will be stored initially. After the processing of your request is completed, but no later than six months, the data will be deleted. If you contact us by email, the email address will be stored until the end of our conversation. No later than six months after the last correspondence, this will also be deleted. In the case of a justified deletion request or withdrawal of your consent to data processing, your data will be deleted immediately, unless legally permissible retention periods for storage prevent this (legal basis: fulfillment of a legal obligation Art. 6(1) lit. c GDPR).

e. Links to websites of other providers via the website

The Bluecode website and the Bluecode Account may contain links to websites of other providers. This privacy policy applies exclusively to Bluecode. BCI has no influence on the privacy policies of other providers and does not control whether other providers comply with applicable data protection regulations.

Nevertheless, we strive to protect the integrity of our website and welcome feedback on these websites.

f. Cookie policy

Our website also uses cookies. These are small text files whose information is stored on the end device (e.g., smartphone) or in the browser when a website is accessed. They can be read by the web server of such a website. Cookies may be temporary for the duration of a session (session cookies) or permanent (persistent cookies) on the end device. Session cookies are automatically deleted at the end of your visit. Persistent cookies (e.g., selected language version “German”) remain on the end device until you delete them yourself, withdraw your consent to cookies, or the automatic deletion when closing the web browser on your device is enabled.

Some of our cookies are so-called function-related cookies (hereinafter also “necessary cookies”) for the technical provision of the website. These are necessary to enable the functions and the broadest possible use of our website. The processing is based on the contract performance for processing cookies or on our legitimate interest in the technically error-free and optimized provision of our website and its services (contract performance per Art. 6(1) lit. b GDPR and our legitimate interest per lit. f GDPR).

We also use the following described web analytics and tracking cookies. These are to be divided into “Preference Cookies”, “Statistics Cookies” and “Marketing Cookies”. These are technically not necessary cookies, which are not required for the actual operation of the website but can record user behavior and help website operators improve the website and offerings. Their use and use require your explicit consent in advance. If consent for storing cookies has been requested and granted, their processing is exclusively based on this consent (Art. 6(1) lit. a GDPR). You can revoke your consent at any time without giving reasons (see below “Your rights”).

Preference Cookies allow a website to store certain information and settings that relate to the behavior or settings of the website itself, such as your preferred language. Without your consent, normal use of our website is not impaired, but browsing on the page may be less functional.

Statistics Cookies help us understand how visitors interact with our website. They allow us to count website visits, identify behaviors, and determine traffic sources. This enables us to measure and improve the performance of our website and tailor it to users. Without your consent, normal use of our website is not impaired, but we cannot adapt to the needs of our website visitors or detect potential errors.

Marketing Cookies are used to select the advertising displayed to you on our website. This allows us to understand your interests when visiting the website and tailor advertising to a website user.

You can revoke your already granted consent for cookies at any time without giving reasons, and by using the function “Clear Cache” delete the cookies. If you want to avoid cookies in advance, you can disable/block, restrict (e.g., limit third-party cookies) or configure your browser to notify you when a cookie is sent. Blocking cookies may cause some functions of the website to be unavailable.

Below you will find an overview of the cookies requiring consent used on our website and a detailed description of their respective providers (Third-party Cookies). A third-party cookie is a cookie placed on our website but not from the actual domain that the website user visits, instead from another address or an external provider whose services we use. We work with third-party providers that may process your data in the USA. This is based on the EU-U.S. Data Privacy Framework (DPF) and the EU standard contractual clauses (SCCs) to ensure an adequate level of data protection.

(i) Google Analytics

We use Google Analytics, a web analytics tracking service by Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (“Google”). Google Analytics creates a random, unique ID using a tracking code that is linked to your browser cookie. This identifies you as a new user or a returning user when you visit our website again. The data collected is stored together with this user ID. The interactions of a website user (e.g., clicking a link) on the Bluecode website are measured, stored, and sent to the Google Analytics servers.

We receive reports about your user behavior on our website after processing your data by Google (audiences, ads, etc.).

We use Google Analytics to analyze and regularly improve the use of our website. The insights gained from the statistics allow us to improve our offer and tailor it to you as a user (legal basis is your consent for third-party cookies under Art. 6(1) lit. a and our legitimate interest in evaluating website visitor behavior for constant optimization and improvement under Art. 6(1) lit. f GDPR).

You can deactivate the processing of your data in Google Analytics by downloading and installing the corresponding browser add-on: https://support.google.com/analytics/answer/181881?hl=en. Deactivation applies only to data collection by Google Analytics.

Further information on terms of use, privacy, and the legal framework for data transfers (Standard Contractual Clauses, adequacy decisions) from Google can be found here: https://policies.google.com/?hl=de&gl=de and under https://policies.google.com/privacy/frameworks?hl=de.

In the context of Google Analytics we use Google Tag Manager. This is a solution for organizing the individual tracking tools, which allows us to centrally integrate and manage code sections (tags) from tracking tools we use on our website. The tags can, among other things, track your activities on our website, collect browser data, and embed buttons. The data collected thereby shows us what our website users are most interested in and where we can improve our services. Google Tag Manager itself does not collect personal data and does not set cookies (cookieless domain). It serves merely as a “manager” of the implemented tags. The tool triggers other tags that may collect data, which Google Tag Manager does not access. (Legal basis is your consent under Art. 6(1) lit. a and our legitimate interest in analyzing user behavior to improve our offering and our website technologically and economically under Art. 6(1) lit. f GDPR).

(ii) YouTube

Our website uses plugins from Google-operated YouTube. The operator of the page is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. With our embedded YouTube videos, we provide you with content in addition to text and images. If you visit our page equipped with a YouTube plugin, YouTube may set a cookie that stores your IP address and our URL as soon as you start playing a video. The YouTube server is informed which of our pages you visited.

If you are logged into your YouTube account, YouTube can assign your interactions on our website to your profile via cookies. This includes data such as session duration, technical information such as browser type, screen resolution, etc. Additional data may include ratings, sharing content on social media, or adding to your favorites on YouTube. If you are not logged into your account, only data with a unique identifier linked to your device, browser or app (e.g., preferred language) is retained, many interaction data are not stored as fewer cookies are set. (Legal basis is your consent for third-party cookies under Art. 6(1) lit. a GDPR and our legitimate interest in optimizing our website to provide you with a positive user experience under Art. 6(1) lit. f GDPR). Further information on handling user data can be found here: https://policies.google.com/privacy?hl=en.

(iii) Facebook Pixel

We employ the “visitor actions” pixel by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) within our web presence to track actions of website users if they have seen or clicked a Facebook advertisement and have visited our website. When the Facebook Pixel is triggered, it stores your actions on our website in one or more cookies, enabling Facebook to match data such as your IP address with the data of your Facebook account. Facebook then deletes this data. This allows us to measure the effectiveness of Facebook ads for statistical and market research purposes. The collected data is anonymous to us; we do not know the identities of individual website users. The data can be used only in the context of served advertisements. If you are logged into your Facebook account, visiting our website may be associated with your Facebook account. (Legal basis is your consent for third-party cookies under Art. 6(1) lit. a GDPR and our legitimate interest in better tailoring our website advertising to your preferences under Art. 6(1) lit. f GDPR). Facebook may link the data with your Facebook account and use it for own advertising purposes, in accordance with Facebook's privacy policies and legal data transfer frameworks (Standard Contractual Clauses, adequacy decisions) https://www.facebook.com/about/privacy and https://www.facebook.com/business/gdpr.

(iv) OpenStreetMap

We use map snippets from the online mapping tool “OpenStreetMap”, offered by the OpenStreetMap Foundation, St. John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, UK. It is a free world map created by users. When using this function, information about your interactions with the digital map, your IP address, browser data, device type, operating system, date and time of service usage, are collected and transmitted to and stored by OpenStreetMap. A tracking software is used to record user interactions. The service provider uses the analysis tool “Piwik.” Personal data is not shared with third parties by the service provider, unless legally necessary. The third-party “Piwik” stores your IP address, but only in a shortened form. With this map service we can display to you the locations where Bluecode is accepted as a payment method. (Legal basis is your consent under Art. 6(1) lit. a GDPR and our legitimate interest in optimizing our online service under Art. 6(1) lit. f GDPR).

Further information can be found in the privacy policy of the OpenStreetMap Foundation: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

(v) Floodlight / DV360

We use DoubleClick Floodlight, a conversion-tracking service of Google Ireland Limited (Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland).

This service measures the effectiveness of online advertising campaigns and limits the frequency with which certain ads are shown. The aim is to show users as relevant ads as possible.

In this context, timing of page visits, click behavior and assumed user interests are recorded. This information is used exclusively for campaign optimization and internal market research.

Cookies can be managed or revoked at any time in the consent management solution.

Further information can be found at:

Google Privacy Policy: https://policies.google.com/technologies/ads
Google Ad Settings: https://myadcenter.google.com/u/0/personalizationoff?sasb=true&ref=ad-settings

(vi) Reddit Pixel

We use the tracking pixel of the social network Reddit (Reddit Netherlands B.V., Keizersgracht 62, 1015 CS Amsterdam, Netherlands) to measure and optimize the effectiveness of our advertising.

After obtaining consent, IP address, device information, usage behavior (e.g., pages visited, clicks, time on site) are collected and transmitted to Reddit. Reddit may link this data with an existing account.

Legal basis is Art. 6(1) lit. a GDPR (consent), which can be revoked at any time. There is a data processing agreement with Reddit Netherlands B.V.

Data transfer to the USA cannot be ruled out. This is based on the EU-U.S. Data Privacy Framework (DPF) and the EU Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

Further information can be found at: https://www.reddit.com/policies/privacy-policy

We offer a newsletter in which we regularly inform about current Bluecode happenings and Bluecode offers. To receive the newsletter, it is necessary to provide your email address. If you agree to receive the newsletter, you consent to its delivery. (Legal basis for data processing is your consent under Art. 6(1) lit. a GDPR).

You can withdraw your consent to receive the newsletter at any time without giving reasons at the end of each newsletter or unsubscribe. After your withdrawal, your personal data will be deleted immediately.

Data processing for applications

If you apply to us in writing, by email or via a contact form, your personal data will be processed by us for the purpose of initiating the employment relationship. If we intend to process your data for other purposes, we will ask for your separate consent. This may include keeping records for future and similar job postings (consent under Art. 6(1) lit. a GDPR)

In the case of applications, your personal data will generally be deleted 6 months after the end of the application process, unless you have explicitly stated that we may keep your documents. If you take the job for which you applied, we will process the data you provided in the application process during the term of the employment relationship and only as long as legally required to retain.

Change of this privacy policy

We reserve the right to change this privacy policy at any time in the context of implementing new technologies, using new or removing previous tools, changes in the law, or changes in the way data is collected, in compliance with legal provisions.

Automated decision-making

Automated decisions mean that a decision affecting you is made automatically based on a computer determination (using software algorithms) without human review. In connection with the Bluecode system, there are no automated decision-making processes.

Security

We have implemented technical and organizational security measures to protect your personal data from loss, destruction, manipulation, and unauthorized access. All our employees and any third parties involved in data processing are required to comply with data protection laws and to treat personal data confidentially.

In the event of collection and processing of personal data, information is transmitted in encrypted form to prevent misuse by third parties. Our security measures are continuously updated in line with technological developments.

Your rights

As a data subject, you have the right to assert your data subject rights. In particular, you have the following rights:

Access: You have the right to request access to whether and to what extent we process personal data about you (Art. 15 GDPR).
Rectification: You have the right to request correction of your data under Art. 16 GDPR.
Erasure: You have the right to request deletion of your personal data under Art. 17 GDPR.
Restriction: You have the right to restrict processing of your personal data under Art. 18 GDPR.
Data portability: You have the right to receive the personal data you have provided to us in a structured, common and machine-readable format and to transmit those data to another controller under Art. 20 GDPR.
Withdrawal of consent: If you have given us separate consent to data processing, you can withdraw this consent at any time under Art. 7(3) GDPR. Such withdrawal does not affect the lawfulness of processing performed prior to withdrawal.
Right to object: You have the right, under Art. 21 GDPR, to object to any processing based on the legal basis of Art. 6(1) S.1(e) or (f) GDPR. If personal data about you is processed for direct advertising, you may object under Art. 21(2) and (3) GDPR.

For details on your rights above, and for questions about the collection, processing or use of personal data, please contact: