Menu
Data Privacy Policy and Processing of Personal Data
Active Data Collection and Processing
Passive collection of information
Central Data Storage and Analysis in the CRM system
Disclosure and Cross-Border Transfer
Data Privacy Policy and Processing of Personal Data
(Last Updated: May 2026)
This data privacy policy and processing of personal data information ("Data Privacy Policy") applies to (i) the website www.vuse.com (“Website”) and (ii) the MyVuse mobile application (the “App”) (together the “Services”), unless a specific section states otherwise. It does not include websites which are linked to the Services. Links to other websites are marked as such. Please note that we have no control over other websites, hence this Data Privacy Policy does not apply to any other websites. We therefore suggest that you read the privacy policy of each website you visit.
The Services are operated by British American Tobacco Switzerland SA, Route de la Nods 3, 2926 Boncourt, Switzerland.
British American Tobacco Switzerland SA (hereinafter referred to as "BAT Switzerland" or "we") will collect and use personal data exclusively in accordance with Swiss data protection law, in particular the Federal Act on Data Protection.
If you have any questions regarding data protection or wish to exercise your rights, please contact our data protection contact person by sending an email to the following address: privacy_ch@bat.com.
Active Data Collection and Processing
We will not actively collect or process any personal data about you on this Website or in the App without your explicit prior informed consent, if such a consent is necessary pursuant to Swiss data protection law. Consequently, it is entirely your decision as to whether or not you wish to provide us with personal data. BAT Switzerland actively collects and processes only personal data that you have submitted or disclosed voluntarily (for example, in connection with account creation, purchasing products in online shop, or in connection with your opt-in to receive marketing communication).
Data processing when contacting us
If you contact us through our contact addresses and channels (e.g., by e-mail, phone, or contact form), your personal data is processed. We process the data you provide us with, such as your name, email address, phone number, and your request. Additionally, the time of receipt of the request will be documented. We process this data to address your request (e.g., provide information about our products and services, answer questions regarding your orders, etc.).
Data processing when using our chat function on the Website
If you contact us through chat, your personal data will be processed. We process the data you provide us with, such as your name, your email address, and your request. Additionally, the time of receipt of the request will be documented. Mandatory fields are marked with an asterisk (*). We process this data exclusively to address your request (e.g., provide information about our products and services, etc.).
For providing the chat service, in particular to answer your requests, we partner with our trusted agency, United Call Centers Kft. (Ltd.), 3525 Miskolc, Kis-Hunyad utca 9/2, Hungary (UCC). Therefore, UCC may need to access your data in connection with your use of the chat service. Information about data processing by UCC can be found at https://unitedcallcenters.eu/documents/PrivacyPolicyandDataProtection.pdf.
Data processing when opening a customer account on the Website
If you create a customer account on our Website (and thus also for the App), we collect the following data, where mandatory fields in the corresponding form are marked with an asterisk (*):
- Personal information:
- Title
- Gender
- First name
- Last name
- Date of birth
- Age verification data
- Login-data:
- E-mail address
- Password
- Other data:
- Phone number
To ensure you can enjoy all the functionalities and offers on our Website (and in the App), please provide complete and accurate information. Please be aware that failing to provide all the necessary information may limit the extent and quality of the services we can provide to you.
We use the personal data to verify your identity and to check the requirements for registration. The email address and password together serve as login data to ensure that the correct person uses the Website based on provided details. We also need your email address to verify and confirm the creation of your account and for future communication with you, which is necessary for the execution of your orders. Additionally, this data is stored in the customer account.
The gender information is processed to obtain demographic information about our users and provide more personalised offers. You also have during the registration the option not to disclose this information.
Please be informed that upon registering on this Website, your credentials will also enable access to other brand websites operated by BAT Switzerland, in particular: www.velo.com, www.discoverglo.com, www.dunhilltobacco.ch, www.parisienne.ch and www.luckystrike.ch. This unified account system is designed to provide you with a seamless experience across our various brand platforms. To prevent misuse, please always keep your login data confidential, log out after each session and clear your browsing history, especially when using the end device together with others.
To prevent misuse, please always keep your login data confidential, log out after each session and clear your browsing history, especially when using the end device together with others.
To verify your age, we direct you to the age verification portal provided by Yoti Limited, Fountain House, 130 Fenchurch Street, London, EC3M 5DJ, UK. Yoti Limited provides two options for the age verification: ID check or facial analysis. In respect to the ID check, Yoti Limited processes a scan of your ID document including the information contained therein, and a picture / selfie of you. The selfie is used to match yourself with the scanned ID document. Yoti Limited does not store your personal data. BAT does not receive the ID scan or your selfie. We receive from Yoti Limited an over/under age, year of age information. In regard to the facial analysis option, Yoti Limited processes a face selfie made by the user with its mobile device. Yoti Limited processes the face selfie and the biometric information contained in the selfie. An algorithm estimates the age of the user via facial analysis. Yoti Limited does not store the personal data. It does, in particular, not use the data for training purposes. BAT does not receive your selfie. We only receive from Yoti Limited an estimated age with set buffer years. Further information about data processing by Yoti Limited in connection with age verification can be found at https://www.yoti.com/privacy/age-verification/.
Please note the following: As part of the age verification, we may make automated individual decisions within the meaning of Art. 21 Swiss Federal Act on Data Protection (FADP), e.g. by automatically refusing to open a customer account on the basis of an (automated) age check. Users who have been refused the opening of an account based on a negative automated age check have the opportunity to present their point of view upon request. The request must be sent to the e-mail address info.ch@vuse.com The data subject may also request that the automated individual decision be reviewed by a natural person. This request must also be sent by e-mail to privacy_ch@bat.com.
To authenticate customer accounts, we use Single Sign-On (SSO) services provided by XECURIFY INC., US. SSO enables users to access multiple applications with a single set of login credentials (username and password). Once logged in, users can seamlessly navigate between different websites operated by BAT Switzerland without the need to log in again for each one. XECURIFY INC. does not store your personal data. The service is implemented in the system of BAT and operated by Yucca Solutions SA, Rue de la Clergère 2, 1800 Vevey, Switzerland (Yucca Solutions).
On the login / registration pages of our Website the CSS framework Bootstrap of the company LLC. NetDNA, 3575, Cahuenga Blvd Suite 630, Los Angeles, CA 90068, USA (Bootstrap CDN) is integrated. It is used to optimally display the content we offer on the various end devices and to reduce the loading speeds of our Website. Bootstrap CDN is a public content delivery network (CDN) for providing content. Users of Bootstrap CDN can load CSS, JavaScript and images remotely from their servers. If JavaScript is enabled in your browser and no (Java)Script blocker is installed either, your browser will transmit personal data (e.g., your IP address and browser) to Bootstrap CDN when loading our page. You can find the provider's privacy policy at https://www.bootstrapcdn.com/privacy-policy/. Bootstrap may process personal data outside the EU/EEA. The transfer of personal data is safeguarded via standard contractual clauses (see section "Disclosure and Cross-Border Transfer ").
When using the login or registration pages of our Website, an ID, type, version and language of the end device, the duration of use and crash logs are collected for statistics, usage information and error recording. The Microsoft Visual Studio App Center (https://appcenter.ms) is used for this purpose. More information on this and on the privacy policy of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, can be found at https://privacy.microsoft.com/en-gb/privacystatement. Microsoft may process personal data outside the EU/EEA. The transfer of personal data is safeguarded via standard contractual clauses (see section "Disclosure and Cross-Border Transfer").
Data processing when opening a customer account on the host/hostess platform
In addition to opening a user account directly on our Website, you may also initiate the opening of your customer account for the Website via our host/hostess platform.
If you create a customer account on the hostess platform, we collect the following data, where mandatory fields in the corresponding form are marked with an asterisk (*):
- Title
- Gender
- First name
- Last name
- Date of birth
- E-Mail Address
- Phone Number
- Billing and delivery address
- Host/Hostess Code
To ensure you can enjoy all the functionalities and offers on our Website, please provide complete and accurate information. Please be aware that failing to provide all the necessary information may limit the extent and quality of the services we can provide to you. The host/hostess will on-site check your age.
We use the personal data to verify your identity and to check the requirements for registration. We need your email address to verify and confirm the creation of your account and for future communication with you. Additionally, this data is stored in the customer account.
Upon completing the registration form on the hostess platform, you will receive an e-mail from us with a confirmation link. After activating the link you will be directed to the last steps of the account registration.
Please be informed that upon registering on this Website, your credentials will also enable access to other brand websites operated by BAT Switzerland, in particular: www.vuse.com, www.discoverglo.com, www.dunhilltobacco.ch, www.parisienne.ch and www.luckystrike.ch. This unified account system is designed to provide you with a seamless experience across our various brand platforms.
To prevent misuse, please always keep your login data confidential, log out after each session and clear your browsing history, especially when using the end device together with others.
The technical infrastructure of the host/hostess platform is provided, supported and maintained by our service provider ComputedBy Sàrl, Rue de Langallerie 6, 1003 Lausanne. ComputedBy might receive for these purposes temporary access to personal data processed via the platform.
Data processing when purchasing products in online shop
On our Website, you have the possibility to purchase products, provided that you have opened a customer account. For this purpose, we collect the following data, whereby mandatory fields during the ordering process are marked with an asterisk (*):
- First name
- Last name
- Company
- Billing and delivery address
- Phone number
- Email address
- Payment method
We use the data to verify your identity before the confirmation of your order. We need your email address for order confirmation and for future communication necessary for the execution of the order. We store your data together with the relevant order details (e.g., time, order number), information about the purchased products or services (e.g., product name, price, characteristics), payment information (e.g., selected payment method, payment confirmation, and time of the payment) as well as the information regarding the execution of the order (e.g., product returns, warranty, or service claims) in our CRM database, so that we can ensure correct execution of your order.
The provision of data that is not marked as mandatory is voluntary. We process this data to tailor our products and services to your personal needs, to facilitate the execution of orders, to contact you through alternative means of communication if necessary, or for collection and analysis of statistical information in order to optimise our products and services.
For executing your orders, we disclose the required information to our wholesaler Ch. Margot & Cie S.A., Route de Lavaux 235, 1095 Lutry, Switzerland. Therefore, your data may be stored in a database of Ch. Margot & Cie S.A., which may allow Ch. Margot & Cie S.A. to access your data if this is necessary for the execution of your order. Information about data processing by Ch. Margot & Cie S.A. can be found at https://shop.margot.ch/privacy-policy-cookie-restriction-mode.
Ch. Margot & Cie S.A. uses the services of Post CH AG, Wankdorfallee 4, 3030 Bern, Switzerland ("Swiss Post"), to ship our products to you, and for this purpose, it shares data with SwissPost. You can find information about data processing by Swiss Post at https://www.post.ch/en/pages/footer/datenschutz-und-rechtliches.
Data processing when using "invite a friend"
If you use the functionality "invite a friend", your personal data will be processed. The functionality can only be used after you have opened a customer account. We will process the data you provide us with, such as your personal information and email address, to send you an email with a unique link that you can share with your friend. Additionally, the time of receipt of the interaction will be documented. We process this data exclusively to provide the functionality.
Data processing during payment processing
If you place an order in our online shop, it may be necessary to provide additional details such as your credit card information or login credentials for your payment service provider. This information, as well as the fact that you have placed an order at a certain time and for a specific amount, will be forwarded to the respective payment service providers (e.g., payment solution providers, credit card issuers, or credit card acquirers, such as Postfinance or Twint). The payment service providers chosen by you during the payment process are responsible for their own data processing. For further information about their data processing, please go to their websites (see, for example, https://www.twint.ch/en/data-privacy/?lang=en for Twint, or https://www.postfinance.ch/en/detail/data-protection.html for Postfinance).
When you make a payment by entering credit card information on our Website, the payment processing is facilitated by a software application provided by Nexi Germany GmbH, Helfmann-Park 7, 65760 Eschborn, Germany. Therefore, your data may be stored in a database of Nexi Germany GmbH, which may allow Nexi Germany GmbH to access your data if this is necessary for providing the software and supporting its use. Information about data processing by Nexi Germany GmbH can be found at https://www.nexi.de/en/legal-footer/data-policy.
When you use a wallet payment solution, your card details are securely stored in the wallet in advance. If you choose to make a payment using a wallet solution, you typically do not need to enter credit card information again. In this regard, please always consider the information provided by the respective payment solution provider, in particular in its privacy policy and the general terms and conditions.
Data processing related to email marketing and marketing communication in general
When opening your customer account on the Website or in the App or thereafter directly in the settings of your customer account, you can opt-in to our marketing communication. To provide you with marketing communication, we may collect the following data:
- Title
- First name
- Last name
- Phone number
- Email address
- Delivery address
By opting-in to receive marketing communication, you consent to the processing of this data to receive tailored marketing emails from us about our products and services. These marketing emails may also include invitations to participate in contests, to provide feedback (including through participation in surveys and/or consumer research), or to rate our products and services.
We will send you marketing communication with postal services only if you have explicitly opted-in to receive communication via this channel.
We will use your data to send marketing communication until you withdraw your consent. You can withdraw your consent at any time, in particular by using the unsubscribe link included in all marketing emails or by adjusting the relevant settings in your customer account.
Our marketing emails may contain a web beacon, 1x1 pixel (tracking pixel), or similar technical tools. A web beacon is an invisible graphic that is linked to the user ID of the respective subscriber. For each marketing email sent, we receive information about which email addresses it was successfully delivered to, which email addresses have not yet received the marketing email, and which email addresses the delivery has failed for. It is also shown which email addresses have opened the marketing email and for how long, as well as which links have been clicked. Finally, we also receive information about subscribers who have unsubscribed from the mailing list. We use this data for statistical purposes and to optimize the frequency and timing of email delivery, as well as the structure and content of the marketing emails. This allows us to better tailor the information and offers in our marketing emails to the individual interests of the recipients.
The web beacon is deleted when you delete the marketing email. You can prevent the use of web beacons in our marketing emails by adjusting the settings of your email program so that HTML is not displayed in messages. You can find information on how to configure this setting in the help documentation of your email software application, e.g., here for Microsoft Outlook.
By subscribing to the marketing emails, you also consent to the statistical analysis of user behaviour for the purpose of optimising and customising the marketing emails.
For sending marketing emails, we use a software application provided by Salesforce Inc., One Market Street, San Francisco, USA (Salesforce). Therefore, your data may be stored in a database of Salesforce, which may allow Salesforce to access your data if this is necessary for providing the software and supporting its use. Information about data processing by third parties and any transfers abroad can be found in the section "Disclosure and Cross-Border Transfer" below.
There is a possibility that Salesforce may want to use some of this data for its own purposes (e.g., for sending marketing emails or conducting statistical analysis). For these data processing activities, Salesforce is the controller and must ensure compliance of these processing activities with data protection laws. Information about data processing by Salesforce can be found at https://www.salesforce.com/eu/company/privacy/.
As part of the Salesforce solution and its connection to the website infrastructure, we are assisted by an IT company based in India. This company is responsible for the operation of the Salesforce solution (improvements, bugs, reports, etc.). Although the processing of personal data of website users is not the main task of this company, it may exceptionally have access to this data in the course of providing its services. Information on the processing of data by third parties and its possible transfer abroad can be found in the section “Transfer and transfer abroad.”
Data processing related to marketing platforms
When you engage with our services, you may choose to participate in our paid media marketing campaigns, allowing us to share certain data with our trusted marketing agency Essence Mediacom AG, Zurich, Switzerland. Essence Mediacom AG assists us in developing our media strategies, conducting data analysis and management, as well as implementing personalised campaigns on different marketing platforms, such as Xandr, Meta, Google, DV360, AdForm, Teads, Ogury, etc. These campaigns may include, but are not limited to, targeted advertisements, promotions, and engagement initiatives designed to enhance your experience with our products and services from our different brands.
In the context of our marketing efforts, the following data may be shared with Essence Mediacom AG:
- First and last name
- Email address
- Purchase history in our shop
- Any other data collected when you interacted with the Vuse brand
The sharing of this data is intended to facilitate and improve personalized marketing communication via various marketing platforms. Essence Mediacom AG may use this information for developing the marketing campaigns and for creating the necessary user profiles for these campaigns on our behalf to ensure that ads and communication are provided to the targeted users or to assist us in these activities. Essence Mediacom AG will receive the data hashed. The data will be stored by Essence Mediacom AG locally and will be deleted after it has been uploaded to the different platforms.
Essence Mediacom AG may upload the contact data - or a pseudonym or user-ID created for that purpose – and profile / user segment attributes of the targeted users after the creation of the campaign to the platforms where Essence Mediacom AG performs on our behalf our marketing campaigns. The platforms act as data controllers and may process your personal data for other purposes. We have no control over the data these platforms collect, or the extent of the data processed by these platforms. For more information about data processing by Essence Mediacom AG, please refer to https://www.essencemediacom.com/pages/privacy-policy. As for the involved platforms, they may process personal data outside the EU/EEA. The transfer of personal data is safeguarded via standard contractual clauses (see section "Disclosure and Cross-Border Transfer"). The services of the marketing platforms are explained in more detail further below under section "Tracking and Web Analytics Tools" and even more relevant under section "Marketing Tools".
To measure the performance of the media campaigns, Essence Mediacom AG receives click and campaign performance data from the involved marketing platforms and analyses them.
To create the user profiles / user segments for the marketing campaigns, we or Essence Mediacom AG will analyse all information relating to your activities in connection with the brand Vuse. By consenting to participate in paid marketing campaigns you agree to this data processing and you grant us the permission to use for the creation of user profiles / user segments not only all information relating to the brand Vuse that is in our possession, but also information that we collected or will collect in the future when you interacted or will interact with other brands of BAT, such as data collected on other brand websites or in connection with marketing campaigns of other brands. The respective data will be combined to create cross-brand user profiles / user segments.
You can withdraw your consents for these data processing activities at any time for the future by sending an email to privacy_ch@bat.com.
Data processing when accessing to and using the App
To use the App, you may log in with your existing Vuse customer account or create an account directly in the App. Personal data processed for account creation, purchases and e‑commerce services is described in this Data Privacy Policy further above. The App also involves additional App-specific processing described in this section.
Downloading and Accessing the App
Depending on your device's operating system, the App may be downloaded or accessed through different third-party service providers. These service providers may process personal data, such as your account identifier, time of download or access, and mobile device identifiers, in connection with the provision of their services. Each service provider acts as an independent controller for this processing. We do not control their processing activities.
For devices with an Android operating system, the App is available for download via the Google Play Store, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. For devices with an iOS operating system, the App is accessible via the Nuviu browser, operated by nuviu Products Ltd, The Phoenix Brewery, 13 Bramley Road, London, W10 6SZ, United Kingdom.
For information on how these service providers process your personal data, please consult their respective privacy policies:
• Google Play Store (Android): https://policies.google.com/privacy?hl=en&gl=de;
• Nuviu browser (iOS): https://www.nuviu-browser.com/privacy-policy.
Initial Set Up / Vault
During the initial setup of the App, you will be asked to create a four digit PIN (“Vault PIN”) and select a security question.
The App uses ‘The Vault’ to protect and anonymize certain App settings and user preferences before any transfer to backend services. It allows the App to restore these data if you reinstall the App or log out. The Vault uses a hashing process that combines your e‑commerce customer identifier with a user-defined PIN to create a hashed identifier. The Vault PIN and security question answer are stored on your mobile device; we do not have access to them.
App Permissions
To enable core App functions (e.g., pairing), the App may request access permissions such as Bluetooth, location services (where required by the operating system for Bluetooth scanning or ‘Find My Vape’), and notifications. Where you grant such permissions, you can revoke them at any time in your mobile device settings. If you revoke permissions that are necessary for a feature, that feature may not function properly.
App Engagement Data and User Terminal Data
We may collect data about the way in which you engage with the App, including what features and functionalities of the App you have used or enabled (e.g. Find My Vape, Usage Tracker, Ultra Pod Tracker, Usage Reminder, battery alerts, notification opt-ins), and the amount of time spent using those features and functionalities. We may record other actions that you take within the App, including when you change your pin number and whether you have accepted the App's terms and conditions and acknowledged the privacy policy and cookie notice. If you access the App through a web application rather than a native mobile/ tablet application, we may collect this data through the use of first party cookies.
We may also collect data in relation to the terminal you use to access the App, including the terminal make and model, operating system and the version of the App downloaded onto the terminal.
Pairing with the Vuse Device
During pairing and further use of the App, technical information is processed, including information about the mobile device you use (such as device model, operating system and App version) as well as information about your Vuse device (such as device type, assigned device name, firmware version, battery status, technical load indicators, and connection or disconnection status). Furthermore, if you scan the QR code on the packaging of your Vuse device (if applicable), data may also be collected about where your Vuse device may have been purchased from. The App also supports the pairing of multiple Vuse devices,Information about the Vuse devices linked to your App is stored locally on your mobile device. Technical data may also be processed when the App checks for firmware updates or when the Vuse device’s firmware is updated.
The Vuse device and App may generate further technical logs (e.g., session start/stop, battery level, connectivity events, error/fault codes and other Vuse device diagnostics) to support device functionality and, where enabled, aggregated reporting and product improvement.
Activating App Features
If you activate App features such as Usage Tracker, Ultra Pod Tracker, Usage Alerts or Cloud Control–related functions and use your Vuse device, the App receives usage information from your Vuse device. This includes the time and frequency of your use, number of puffs, puff duration and intensity, the Cloud Control preset used, session information, comparisons of current usage against historical averages, and Ultra Pod-related information such as flavour, nicotine strength, recommended intensity settings and aggregated flavour consumption statistics. Where you enable these App features within the App, this usage data is transferred from the Vuse device to your mobile device (and the App) and used to generate usage information and statistics for you to view within the App.
The data mentioned above are only stored locally on your Vuse device and on your mobile device. BAT does not have access to this data. Data is only transferred to BAT servers once it has been anonymised so that BAT are unable to identify you as the user (see “Transmission of Anonymized User Data” below). This anonymisation process means that BAT are never processing your personal usage tracker data, Ultra Pod tracker data, and any other data collected by these features.
Transmission of Anonymized User Data
If you have expressly consented within the App, anonymised usage data may be transmitted from your mobile device to our servers. Before transmission, these data are anonymised so that we cannot identify you as an individual user. We process anonymised usage data to improve our products and services, analyse statistical trends, understand aggregated Vuse device performance, and support the technical development of the App. Only users who have actively consented to such processing are included in the App Analytics. You may withdraw your consent at any time in the App settings. Withdrawal does not affect the lawfulness of prior processing.
Where anonymised raw consumption data is transferred, it may be supplemented with non-identifying segment attributes such as age range, gender (if available), billing country and Vuse device hardware classification to analyse aggregated trends and Vuse device performance.
Find My Vape
If you activate the "Find My Vape" function, the App stores the last known location where your Vuse device was synced with the App. These location data come exclusively from your mobile device’s location services; the Vuse device itself does not contain GPS functionality. These data are stored exclusively on your mobile device and are not transmitted to BAT Switzerland.
Data Synchronization
To ensure that the information displayed in the App remains accurate and up to date, the App periodically synchronises data between your Vuse device and your mobile device. Synchronisation concerns, in particular, usage statistics, battery and connection status, device configuration, and firmware related information. Synchronisation of identifiable usage data takes place exclusively locally between your Vuse device and your mobile device. Only anonymised usage data may be transmitted to BAT Switzerland and only if you have provided explicit consent. In addition, the App may process technical data when necessary to display personalised visual elements (such as skins or themes linked to special editions or configured time periods), which are determined based on the Vuse devices paired with your App and do not involve the transmission of additional personal data.
Push Notifications / Token Data
If you enable push notifications, your mobile device operating system generates a unique notification token (e.g., Apple Push Notification Service / Google Firebase Cloud Messaging) which is processed to deliver notifications to your mobile device. We use the token to (i) deliver service/technical notifications (e.g., firmware, battery or feature alerts) and, where you have consented, (ii) deliver marketing notifications. You can disable push notifications at any time in your mobile device settings and/or in the App.
CRM Enrichement
The App may generate and transmit certain App / device engagement signals to our CRM systems (e.g., last app opening, last device connection, paired Vuse devices and firmware version, App version/OS, and feature opt-in/usage flags). This supports customer support, service communications and, marketing segmentation and campaigns.
Recipients of Data
Where App data is transferred (e.g., anonymized analytics data and/or CRM enrichment fields), it is processed by us and our service providers hosting and operating relevant backend services and CRM platforms (see “Central Data Storage and Analysis in the CRM system” and “Disclosure and Cross Border Transfer” further below) for the purposes described above.
Cookies
If you access the App as a web-based application (e.g., embedded web view), cookies or similar technologies may be used (e.g., for analytics) and you will be presented with a cookie notice/choices as required.
Retention
App data stored locally on your mobile device remains until you delete it via App controls (where available), uninstall the App, or reset the mobile device (where applicable). Where App data is transferred (e.g., CRM enrichment fields or anonymized analytics), we retain it only as long as necessary for the purposes described and in line with legal retention obligations.
Rights
Where data is stored only locally on your mobile device or processed in anonymized form so that we cannot identify you, we may not be able to fulfil access/erasure requests for that specific dataset.
Apart from this, the rights as set forth in the “Your Rights” section below also apply to the data processing in connection with the App.
Passive collection of information
While you browse our Website or use the App, some information may be recorded passively (i.e., information is collected even though you have not actively provided it), making use of a range of technologies and methods, such as Internet Protocol addresses, cookies, Internet tags, navigation data procurement; Google Analytics.
"Navigation data" ("log files", "server logs" and "clickstream" data) are used for system management, improvements to the content of the website, market research purposes and sending information to visitors. Any person-related information will be deleted immediately.
On our Website we use Internet Protocol (IP) addresses. An IP address is a number which is allocated to your computer by your internet provider in order to enable you to use the Internet. Data is saved automatically when you browse a website, whereby it is possible that information indirectly related to your person is collected. Likewise, it is very common that such data is collected when you access websites of other providers. This includes, for example, information on the web browser you are using, the web pages visited or the duration of your visit. Where it is possible to relate this data to specific persons, we delete the data recorded soon afterwards. We use this information in particular to check on whether you access our Website from a location within Switzerland. Furthermore, the recorded data is used anonymously in order to make improvements to the Website for the users or to ensure its security and stability.
Cookies
Cookies are information files that your web browser stores on the hard drive or in the memory of your computer when you visit our Website or App. Cookies are assigned identification numbers that enable your browser to be identified, and allow the information contained in the cookie to be read.
Cookies are used to make your visit to our Website or App easier, more enjoyable, and more meaningful. We use cookies for various purposes that are necessary for the desired use of the Website and App, i.e., "technically necessary." For example, we use cookies to identify you as a registered user after logging in, so you don't have to log in again when navigating to different subpages. The provision of ordering functions also relies on the use of cookies. Furthermore, cookies perform other technical functions necessary for the operation of the Website or the App, such as load balancing, which distributes the workload of the site across various web servers to relieve the servers. Finally, we use cookies in the design and programming of our Website or App, for example, to enable the uploading of scripts or codes.
Most internet browsers accept cookies automatically. However, when accessing our Website or our App, we ask for your consent to the use of non-essential cookies, especially for the use of cookies from third parties for marketing purposes. You can adjust your preferences for cookies by using the corresponding buttons in the cookie banner. Details regarding the services and data processing associated with each cookie can be found within the cookie banner and in the following sections of this Data Privacy Policy.
You may also be able to configure your browser to prevent cookies from being stored on your computer or receive a notification whenever a new cookie is being sent. On the following pages, you will find instructions on how to configure cookie settings for selected browsers.
Disabling cookies may prevent you from using all the features of our Website or the App.
Tracking and Web Analytics Tools
For the purpose of customising and continuously optimising our Website, our Website contains the web analytics services listed below. In this context, pseudonymised usage profiles are created, and cookies are used. The information generated by the cookie regarding your use of our Website is usually transmitted to a server of the service provider, where it is stored and processed, together with the log file data. This may also result in a transfer to servers abroad, e.g., the USA (for information on the absence of an adequate level of data protection and the proposed safeguards, see the section "Disclosure and Cross-Border Transfer").
Through the data processing, the providers of the web analytic services may obtain, among others, the following information:
- navigation path followed by a visitor on the site (including content viewed, products selected or purchased, or services booked)
- time spent on the Website or specific page
- the specific page from which the Website is left
- the country, region, or city from where an access is made
- end device (type, version, colour depth, resolution, width, and height of the browser window)
- returning or new visitor
The providers, on our behalf, will use this information or aggregated data to evaluate the use of the Website, in particular to compile Website activity reports and provide further services related to Website usage and internet usage for the purposes of market research and the customisation of the Website. For these processing activities, we and the providers may be considered joint controllers in terms of data protection to a certain extent. The mentioned information or reports may also be shared with our marketing agency Essence Mediacom AG, Zurich, Switzerland.
You can withdraw your consent or oppose to processing at any time by rejecting or deactivating the relevant cookies in the settings of your web browser or by using the service-specific options described below.
Regarding the further processing of the data by the respective provider as the (sole) controller, including any potential disclosure of this information to third parties, such as authorities due to national legal regulations, please refer to the respective privacy policy of the provider.
Google Analytics
We use the web analytics service Google Analytics provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
IP addresses are not logged or stored in Google Analytics. For accesses originating from the EU, IP address data is only used to derive location data and is immediately deleted thereafter. When collecting measurement data in Google Analytics, all IP searches take place on EU-based servers before the traffic is forwarded to Analytics servers for processing. Google Analytics utilises regional data centres. When connecting to the nearest available Google data centre in Google Analytics, the measurement data is sent to Analytics via an encrypted HTTPS connection. In these centres, the data is further encrypted before being forwarded to Analytics' processing servers and made available on the platform. The most suitable local data centre is determined based on the IP addresses. This may also result in a transfer of data to servers abroad, e.g., the USA (for information on the absence of an adequate level of data protection and the proposed safeguards, see the section "Disclosure and Cross-Border Transfer" below).
We also use the technical extension called "Google Signals", which enables cross-device tracking. This makes it possible to associate a single website visitor with different devices. However, this only happens if the visitor is logged into a Google service during the Website visits and has activated the "personalised advertising" option in their Google account settings. Even in such cases, we do not have access to any personal data or user profiles; they remain anonymous to us. If you do not wish to use "Google Signals," you can deactivate the "personalised advertising" option in your Google account settings.
Users can prevent the collection of data related to their Website usage (including IP address) generated by the cookie as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
The transfer of your personal data to Google is based on a data processing agreement (Art. 9 FADP). Google may process personal data outside the EU/EEA. The transfer of personal data is safeguarded via standard contractual clauses (see section "Disclosure and Cross-Border Transfer").
Marketing Tools
Our Website contains tools and services of various companies to provide you with interesting offers online. In the process of doing this, your user behavior on our Website and websites of other providers is analyzed in order to subsequently be able to show you online advertising that is individually tailored to you. We work for this purpose with our marketing agency Essence Mediacom AG, Zurich, Switzerland, which determines the services and tools to be placed on our Website.
Most technologies for tracking your user behavior (Tracking) and displaying targeted advertising (Targeting) utilize cookies (see also section "Cookies"), which allow your browser to be recognized across different websites. Depending on the service provider, it may also be possible for you to be recognized online even when using different end devices (e.g., laptop and smartphone). This may be the case, for example, if you have registered for a service that you use with several devices.
In addition to the data already mentioned, which is collected when visiting websites (Log File Data,) and through the use of cookies (section "Cookies") and which may be transmitted to the companies involved in the advertising networks, the following data, in particular, is commonly used by our marketing agency and / or the marketing platforms to select the advertising that is potentially most relevant to you:
- information about you that you provided when registering or using a service from advertising partners (e.g., your gender, age group); and
- user behaviour (e.g., search queries, interactions with advertisements, types of websites visited, products or services viewed and purchased, newsletters subscribed to).
The service providers mentioned below use this data to determine whether you belong to the target audience we address and take this into account when selecting advertisements. For example, after visiting our Website, you may see advertisements for the products or services you have viewed when you visit other sites (Re-targeting). Depending on the amount of data, a user profile may also be created, which is automatically analyzed; the advertisements are then selected based on the information stored in the profile, such as belonging to certain demographic segments or potential interests or behaviors. These advertisements may be displayed to you on various channels, including our Website or app (as part of on- and in-app marketing), as well as advertising placements provided through the online advertising networks we use, such as Google.
The data may then be analyzed for the purpose of settlement with the service provider, as well as for evaluating the effectiveness of advertising measures in order to better understand the needs of our users and customers and to improve future campaigns. This may also include information that the performance of an action (e.g., visiting certain sections of our Website or submitting information) can be attributed to a specific advertising. We also receive from service providers aggregated reports of advertisement activity and information on how users interact with our Website and advertisements.
Certain information about the performance of the campaigns is forwarded by the service providers to our marketing agency Essence Mediacom AG, Zurich, Switzerland, so that it can analyze the success of the campaign and adjust, if required, future campaigns.
AppNexus / Xandr
Our marketing agency has integrated on our behalf AppNexus / Xandr on our Website. AppNexus / Xandr is a service provided by Xandr Inc., located in NY, USA, to display targeted advertising to users. AppNexus uses cookies and other browser technologies to analyze user behavior and recognize users.
AppNexus / Xandr collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertising.
Furthermore, AppNexus / Xandr delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identifiers such as your user agent are transmitted to the provider.
For more information, please see the AppNexus privacy policy: https://about.ads.microsoft.com/en-us/solutions/xandr/platform-privacy-policy.
You can consent to the processing of your personal data by Xandr and/or prevent it/withdraw your consent at any given time through our cookie banner. To withdraw your consent, go to the cookie settings of your browser (see under section "Cookies").
The transfer of your personal data to Xandr is based on data processing agreements (Art. 9 FADP). Xandr may process personal data outside the EU/EEA. The transfer of personal data is safeguarded via standard contractual clauses (see section "Disclosure and Cross-Border Transfer").
DoubleClick
This Website uses Google Marketing Platform's DoubleClick, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.
DoubleClick uses cookies to present you with advertisements that are relevant to you. In doing so, a pseudonymous identification number (ID) is assigned to your browser or device to verify which ads were displayed in your browser and which ads were viewed. This can improve campaign performance or, for example, prevent you from seeing the same ad more than once. In addition, Google can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later uses the same browser to visit the advertiser's website and make a purchase.
You can consent to the processing of your personal data by Google and/or prevent it/withdraw your consent at any given time through our cookie banner. To withdraw your consent, go to the cookie settings of your browser (see under section "Cookies").
Due to the technology used, your browser automatically sets up a direct connection with the servers of Google. Google acts as a data controller and may process your personal data for other purposes. We have no control over the data that Google collects or the extent of the data collected by Google. We also have no knowledge of the content of the data transmitted to Google. For details about Google’s data processing, please refer to: https://policies.google.com/privacy. We inform you therefore to the best of our knowledge: Google receives the information that you have accessed the section of our Website where the cookies are placed or that you have clicked on an ad of us. In case that you are registered with a service of Google at that moment, Google can allocate your visit or access to your Google account. Even when you are not registered, it is not entirely excluded that the provider can find out your IP-address and store it. It can also not entirely be excluded that data is transferred to Google LLC in the USA. Google may process personal data outside the EU/EEA. The transfer of personal data is safeguarded via standard contractual clauses (see section "Disclosure and Cross-Border Transfer").
Google Ads
Google Ads offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google), is integrated on our Website. This service is used for online advertising. Google uses cookies, which allow your browser to be recognised when you visit other websites. The information generated by the cookie about your visit to this Website (including your IP address) will be transmitted to and stored by Google.
Google acts as a data controller for Google Ads and may process your personal data for other purposes. We have no control over the data that Google collects or the extent of the data collected by Google. We also have no knowledge of the content of the data transmitted to Google. For details about Google’s data processing, please refer to: https://policies.google.com/privacy. Google may process personal data outside the EU/EEA. The transfer of personal data is safeguarded via standard contractual clauses (see section "Disclosure and Cross-Border Transfer").
Adobe Analytics
Adobe Analytics, a web analytics service provided by Adobe Systems Software Ireland Limited (Adobe), 4–6 Riverwalk, City West Business Campus, Dublin 24, Ireland, is integrated on our Website.
The service is primarily used to track and analyse user behaviour on our Website. Adobe Analytics cookies are employed to facilitate an analysis of your usage of our Website, enabling the identification of unique visitors. These cookies assign a unique ID to each visitor, allowing us to track user interactions across various pages and sessions. Additionally, Adobe Analytics cookies are used to store information regarding your most recent clicks on our Website.
You can consent to the processing of your personal Data by Google and/or prevent it/withdraw your consent at any given time through our cookie banner. To withdraw your consent, go to the cookie settings of your browser (see under section "Cookies").
For details about Adobe’s data processing, please refer to: https://www.adobe.com/ch_de/privacy/policy.html. Adobe may process personal data outside the EU/EEA. The transfer of personal data is safeguarded via standard contractual clauses (see section "Disclosure and Cross-Border Transfer").
Adobe Target
Our Website uses Adobe Target, a service provided by Adobe Systems Software Ireland Limited, 4–6 Riverwalk, City West Business Campus, Dublin 24, Ireland. Adobe Target enables us (or our marketing agency, Essence Mediacom AG, Zurich, Switzerland, on our behalf) to personalise content and assess the effectiveness of different content variations and offers displayed on our Website.
To provide a consistent and tailored experience, Adobe Target assigns a unique session identifier to your browser. This allows the service to monitor your interactions during a session and adjust content accordingly. Adobe Target also uses A/B testing, a method where different versions of content are displayed to users to determine which version generates more engagement. Based on this process, the most relevant content is selected and shown to users.
Additionally, Adobe Target recognises returning visitors and adapts content based on previous interactions.
You can consent to the processing of your personal Data by Adobe and/or prevent it/withdraw your consent at any given time through our cookie banner. To withdraw your consent, go to the cookie settings of your browser (see under section "Cookies").
For details about Adobe’s data processing, please refer to: https://www.adobe.com/ch_en/privacy/policy.html. Adobe may process personal data outside the EU/EEA. The transfer of personal data is safeguarded via standard contractual clauses (see section "Disclosure and Cross-Border Transfer").
Salesforce Chat
Salesforce Chat, a tool that enables us to communicate in real-time with website users, is integrated on our Website. Provider of the services is the company Salesforce Inc., One Market Street, San Francisco, USA.
You find further information about the data processing by Salesforce under https://www.salesforce.com/eu/company/privacy/.
You can consent to the processing of your personal data by Salesforce and/or prevent it/withdraw your consent at any given time through our cookie banner. To withdraw your consent, go to the cookie settings of your browser (see under section "Cookies").
Salesforce may process personal data outside the EU/EEA. The transfer of personal data is safeguarded via standard contractual clauses (see section "Disclosure and Cross-Border Transfer").
Google Tag Manager
The Google Tag Manager is integrated on the Website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our Website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager collects your IP address, which may also be transferred to Google's parent company in the United States.
For details about Google’s data processing, please refer to: https://policies.google.com/privacy. Google may process personal data outside the EU/EEA. The transfer of personal data is safeguarded via standard contractual clauses (see section "Disclosure and Cross-Border Transfer").
Central Data Storage and Analysis in the CRM system
If a clear identification of your person is possible, we will store and link the data described in this Data Privacy Policy, i.e., your personal information, contact details, order data, and your browsing behaviour on our Website or certain data collected when using the App in a central database. This allows for efficient management of customer data, enables us to adequately process your requests, and facilitates the efficient execution of your order(s).
We also analyse this data to further develop our products and services based on your needs and to provide you with the most relevant information and offers. We also use methods that predict possible interests and future orders based on your use of our Website or the App.
For the central storage and analysis of data in the CRM system, we use a software application provided by Salesforce, Inc., 415 Mission St., 3rd Floor, San Francisco, CA 94105, USA. Therefore, your data may be stored in a database of Salesforce, which may allow Salesforce to access your data if this is necessary for providing the software and supporting its use. Information about data processing by third parties and any transfer abroad can be found in the section "Disclosure and Cross-Border Transfer" below. Further information about data processing by Salesforce can be found at www.salesforce.com.
Disclosure and Cross-Border Transfer
Disclosure to Third Parties and Third-Party Access
When it is necessary for the execution of your order(s) or the provision of other services, your data may be shared with other companies within the BAT group, notably with BAT Switzerland Vending SA.
Without the support of other companies, we would not be able to provide our products and services in the desired form. To use the services of these companies, it is necessary to share your personal data with these companies to a certain extent. A disclosure of data is limited to selected third-party service providers and only to the extent necessary for the optimal provision of our services. Various third-party service providers are mentioned in this Data Privacy Policy above.
The hosting services, as well as assistance in modifying and updating our Website's content are provided by Yucca Solutions SA, Rue de la Clergère 2, 1800 Vevey, Switzerland (Yucca Solutions). Yucca Solutions may, in exceptional circumstances, need to access personal data of website users if this is necessary for providing the mentioned services.
Hosting for certain e-commerce functionalities on the Website is provided by the company Magento Inc. based in the USA. For this purpose, personal data relevant to these functionalities is also stored on Magento servers in Europe. Magento obtains the personal data via interfaces from Salesforce (see above “Central Data Storage and Analysis in the CRM system”). Magento may process personal data outside the EU / EEA. The transfer of personal data is safeguarded via standard contractual clauses (see section “Disclosure and Cross Border Transfer”). For more information about the processing of personal data by Magento Inc., please refer to: General Data Protection Regulation (GDPR) and Adobe
The technical implementation, development and maintenance of the e-commerce infrastructure of our Website is provided by Cognizant Worldwide Limited, 280 Bishopsgate, London, United Kingdom, EC2M 4AG (Cognizant). Cognizant may, in exceptional circumstances, need to access personal data of website users if this is necessary for providing and maintaining the e-commerce infrastructure. Information about data processing by Cognizant can be found at https://www.cognizant.com/us/en/privacy-notice. Cognizant may process personal data outside the EU/EEA. The transfer of personal data is safeguarded via standard contractual clauses (see section "Disclosure and Cross-Border Transfer").
For providing customer care service, we partner with our trusted agency, United Call Centers Kft. (Ltd.), 3525 Miskolc, Kis-Hunyad utca 9/2, Hungary (UCC). Therefore, UCC may need to access your data if this is necessary for providing the customer care services. Information about data processing by UCC can be found at https://unitedcallcenters.eu/documents/PrivacyPolicyandDataProtection.pdf.
Our Website uses the content delivery network Gstatic, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Gstatic). This is done to ensure the full functionality of our Website and improve its loading speed by delivering static files such as scripts, fonts, and images efficiently. In this context, your browser transmits your IP address and browser information to Gstatic. This data is processed solely for the purpose of delivering the requested content and is not stored longer than necessary to fulfil this purpose. For more information on the handling of the transferred data, please refer to Google's privacy policy: https://policies.google.com/privacy. You can prevent the collection as well as the processing of your data by Gstatic by disabling the execution of script code in your browser or by installing a script blocker.
Your data may be disclosed to third parties to the extent necessary for the execution of orders and the provision of services to you. For these data processing activities, the third-party service providers are considered data controllers under the data protection laws, and not us. It is the responsibility of these third-party service providers to inform you about their own data processing, which may extend beyond the mere sharing of data for the provision of services, and to comply with data protection laws.
Furthermore, your data may be disclosed, especially to authorities, legal advisors, or debt collection agencies, if we are legally obliged to do so or if it is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof, and such disclosure is necessary to conduct a due diligence or to complete the transaction.
Transfer of Personal Data to Third Countries
We have the right to transfer your personal data to third parties located abroad if it is necessary to carry out the data processing described in this Data Privacy Policy. When making such transfers, we will ensure compliance with the applicable legal requirements for disclosing personal data to third parties. The countries to which data is transmitted include those that, according to the decision of the Federal Council, have an adequate level of data protection (such as the member states of the EEA), as well as those countries (such as the USA) whose level of data protection is not considered adequate (see Annex 1 of the Data Protection Ordinance). If the country in question does not provide an adequate level of data protection, we ensure, unless otherwise specified, that your data is adequately protected by these companies by means of appropriate safeguards. These safeguards may be provided for by standard contractual clauses, which can be found on the websites of the Federal Data Protection and Information Commissioner. If you have any questions regarding the implemented measures, please send us an e-mail to the following address: privacy_ch@bat.com.
Information on Data Transfers to the USA
Some of the third-party service providers mentioned in this Data Privacy Policy are based in the USA. For the sake of completeness, we would like to inform users residing or based in Switzerland or the EU that certain third-party service providers mentioned in this Data Privacy Policy are located in the USA. It is important to note that there are surveillance measures by US authorities in place that generally allow for the storage of all personal data of individuals whose data has been transmitted from Switzerland or the EU to the United States. This occurs without differentiation, limitation, or exception based on the purpose for which the data is being collected and without an objective criterion that would restrict US authorities' access to the data and its subsequent use to specific, strictly limited purposes that can justify the interference associated with accessing and using the data. Furthermore, we would like to point out that affected individuals from Switzerland or the EU do not have legal remedies or effective judicial protection against general access rights of US authorities, which would allow them to access the data concerning them and to rectify or delete it. We explicitly highlight this legal and factual situation to enable you to make an informed decision regarding your consent to the use of your data.
For users residing in Switzerland or a member state of the EU, we also want to inform you that, from the perspective of the European Union and Switzerland, the United States does not provide an adequate level of data protection, among other reasons, as explained in this paragraph. In cases where we have mentioned in this Data Privacy Policy that data recipients (such as Google) are located in the United States, it will be ensured through contractual arrangements with these companies and, if necessary, additional appropriate safeguards, that your data is adequately protected.
Retention Periods
We only store personal data for as long as it is necessary to carry out the processing described in this Data Privacy Policy within the scope of our legitimate interests. For order data, the storage is stipulated by statutory retention obligations. Requirements that oblige us to retain data arise from the accounting and tax law regulations. According to these regulations, business communication, concluded contracts, your orders, and accounting documents must be retained for up to 10 years. However, if we no longer need your data to provide services for you, and therefore do not need to actively use your data (for example, if you have requested the deletion of your customer account), the data will be blocked. The data will be ultimately deleted as soon as there is no longer any legal obligation to retain it and no legitimate interest in its retention exists (for example, ten years after the deletion of your user account).
Data Security
We use appropriate technical and organisational security measures to protect your personal data stored with us against loss and unlawful processing, in particular unauthorised access by third parties. Our employees and the service providers mandated by us are obliged to maintain confidentiality and uphold data protection. Furthermore, these persons are only granted access to personal data to the extent necessary for the performance of their tasks.
Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and we cannot, therefore, provide any absolute guarantee for the security of information transmitted in this way.
Your rights
If the legal requirements are met, as a data subject, you have the following rights with respect to data processing:
Right of access: You have the right to request access to your personal data stored by us at any time and free of charge if we process such data. This gives you the opportunity to check what personal data concerning you we process and whether we process it in accordance with applicable data protection regulations.
Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed about the rectification. In this case, we will also inform the recipients of the data concerned about the adaptations we have made, unless this is impossible or involves disproportionate effort.
Right to erasure: You have the right to obtain the erasure of your personal data under certain circumstances. In individual cases, particularly in the case of statutory retention obligations, the right to erasure may be excluded. In this case, the erasure may be replaced by a blocking of the data if the requirements are met.
Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.
Right to data portability: You have the right to receive from us, free of charge, the personal data you have provided to us in a readable format.
Right to object: You have the right to object at any time to data processing, especially with regard to data processing related to direct marketing (e.g., marketing emails).
Right to withdraw consent: You have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful due to your withdrawal.
To exercise these rights, please send us an e-mail to the following address: privacy_ch@bat.com.
Right of complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g., against the manner in which your personal data is processed.
Modifications and Updates
BAT Switzerland reserves the right to change, modify, or alter the terms of this Data Privacy Policy. The most up-to-date version of this Data Privacy Policy will regulate our use of your information. If you continue to access our Website after any amendments to our Data Privacy Policy, it signifies your acceptance of the revised terms.