Privacy Policy

AIO SOLUTIONS AG

Last updated: 1st of November 2025

1. Introduction

This Privacy Policy explains how AIO SOLUTIONS AG (hereinafter: “AIO “, “we”, “our” or “us”) collects, uses, stores, and protects your personal data when you access our website http://www.swisspay.co or use any of our services.

We are committed to ensuring the confidentiality, integrity and availability of your personal data, in compliance with the Swiss Federal Act on Data Protection (revFADP) and, where applicable, the General Data Protection Regulation (GDPR).

2. Data Controller

The data controller is:

AIO SOLUTIONS AG
Rue du Mont-Blanc 11
1201 Geneva, Switzerland
CHE- 492.759.632
compliance@aio.net

3. Scope of Application

This policy applies to:

• Visitors of our website;
• Clients and merchants using our payment infrastructure;
• Natural persons linked to corporate clients (e.g. UBOs, directors);
• Business partners, suppliers and service providers.

4. What Personal Data We Collect

We collect and process the following categories of personal data:

a) Identification Data:

• Full name, nationality, date of birth
• Address, phone number, email
• Government-issued ID (passport, national ID)

b) Compliance Data:

• KYC documentation
• Proof of source of funds
• Sanctions and PEP screening results

c) Technical Data:

• IP address, browser type
• Device identifiers
• Log data (time of access, page interactions)

d) Transactional Data:

• Payment history
• Usage of payment gateways
• Transaction metadata

5. Purpose of Processing

We process your data for the following purposes:

Purpose	Legal Basis
Client onboarding & KYC	Legal obligation (revFADP, AMLA Art. 7)
AML/CFT compliance	Legal obligation (AMLA, OBA-FINMA)
Provision of payment services	Contract performance
Website security & analytics	Legitimate interest
Responding to legal requests	Legal obligation
Customer service	Legitimate interest

6. Data Retention

We retain personal data only as long as necessary to fulfil the purposes for which it was collected, or as required by Swiss law (e.g. 10 years under the Code of Obligations for transactional data).

7. Data Sharing

We may share your data with:

• Regulatory authorities (e.g. FINMA, MROS) when legally required;
• SO-FIT, our OAR, for compliance supervision;
• Third-party service providers, such as:
  • KYC/AML providers
  • IT infrastructure (cloud, cybersecurity)
  • Payment partners (banks, PSPs, crypto processors)

All partners are contractually bound to ensure data protection and may only process data on our instructions.

8. Data Transfers Abroad

Where we transfer data outside of Switzerland or the EEA, we ensure such transfers comply with the revFADP and, if applicable, GDPR requirements (e.g. Standard Contractual Clauses, adequacy decisions).

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• SSL/TLS encryption
• Role-based access control
• Secure servers located in Switzerland and/or the EU
• Regular penetration testing
• Data pseudonymisation and minimisation

10. Your Rights as a Data Subject

Under the revFADP, you have the following rights:

• Access to your data
• Rectification of inaccurate or outdated data
• Erasure where permitted by law
• Objection to processing (in certain cases)
• Data portability (if processing is automated and based on consent or contract)

To exercise your rights, please contact us at compliance@aio.net with proof of identity.

11. Use of Cookies

We use cookies for technical operation, analytics and site optimization. You can control cookie settings through your browser.

Details are available in our Cookie Policy.

12. Automated Decision-Making

AIO  does not perform automated decisions that produce legal effects on users without human intervention (e.g., credit scoring, profiling).

If this changes, we will inform you in advance and obtain explicit consent if required.

13. Updates to This Policy

This Privacy Policy may be updated periodically. We encourage users to review this page regularly to stay informed of changes. The date of the latest version is always indicated at the top of the document.

14. Contact

For all data protection-related questions or to exercise your rights:

Data Protection Officer (DPO)

compliance@aio.net

AIO SOLUTIONS AG – Rue du Mont-Blanc 11, 1201 Geneva, Switzerland