Data privacy statement

Credaris Privacy Policy (valid as of 01/03/2022)

This Privacy Policy specifies the type of personal data ("Data") that is collected about you as a user ("User") of the website and service of Credaris AG ("Credaris") and the providers of personal loans ("Personal Loan Providers") that are available via Credaris and selected by you. It sets out the purpose for which the data is collected, and how it is processed. However, the processing of personal data by Personal Loan Providers is the responsibility of those providers themselves. Further information can be found in their own privacy statements. The same applies to third parties on whose websites or apps you enter data for forwarding to Credaris.

When you transmit data to Credaris, it is processed in accordance with this Privacy Policy. If the data you have entered refers to third parties (a spouse or registered partner, in particular), you guarantee that (i) you have informed this third party of your application, (ii) the Personal Loan Provider may check the information you have supplied by enquiring with the third party directly, and (iii) the third party was made aware of this Privacy Policy in advance, including the notice relating to enquiries with the ZEK central office for credit information, and has not objected to it.

Legal foundations, amendments

When processing the personal data of the Users of its offering, in particular of its website and its services, Credaris complies with this Privacy Policy and all applicable statutory provisions, specifically the Swiss Data Protection Act (Schweizerisches Datenschutzgesetz, DSG). However, unlike some Personal Loan Providers, it is not subject to Swiss banking confidentiality regulations.

The Credaris offering is being expanded all the time. For this reason and in response to any other changes in circumstances, Credaris may amend this Privacy Policy at any time without prior notice. Where these amendments are significant, providing the effort involved is not excessive we actively notify those individuals whose contact details are registered with us. In general, data processing is subject to the current version of the Privacy Policy in effect when the data processing in question begins.

What type of data is collected?

In principle, Credaris collects all personal data generated when the User uses the Credaris offering (website, apps, etc.) or otherwise in dealings with Credaris. This relates in particular to the use of personal loan services initiated via the website or app of Credaris partners. This personal data includes, specifically:

  • Data entered by Users via online forms or third-party apps (and in the latter case transmitted to Credaris), or otherwise communicated by them while using the Credaris offering, by telephone or e-mail for example, including personal data (name, address, telephone number, e-mail address, income, assets, date of birth, gender, etc.).;
  • Usage data that is transmitted or generated automatically (e.g. date and time a service was used, previous and current pages called up, IP address, data relating to the browser used, device identifier, current location, if such information is released, etc.) as well as interaction data if accessible without installing additional software on the computer (e.g. mouse movements and clicks or keystrokes on the website);
  • Personal data generated by Credaris or third parties themselves which relates to the initiation and conclusion of contracts, such as codes indicating scope for financing, concerning specific offers made to the User by Credaris or a third party, and relating to amended contractual terms;
  • Personal data generated by Credaris or third parties themselves with regard to the User's behaviour (such as the refusal or acceptance of offers) and preferences (such as their affinity for a particular offer), inferred by Credaris or third parties on the basis of the User's age, previous credit patterns, or statistics;
  • Correspondence and other communications with the User, such as e-mails or telephone conversations, which may also be recorded.

This data may be linked together, possibly over several visits and communications, if a User or profile is recognised, for example from a user name, an e-mail address, a device identifier or cookies saved in the browser.

Cookies are a common technology in which the website assigns the User's browser an identifier which the browser then saves and shows on request. Credaris typically has these identifiers expire after one session, but also uses permanent cookies to control how advertising is shown, to analyse use of the website, and to customise it. The browser can be set so that permanent cookies are automatically deleted, restricted or blocked entirely. For more information for individual browsers, click here for Microsoft Edge, Firefox, Safari, Chrome. This does not limit use of the website. However, its use may be impaired if only session (temporary) cookies are disabled.

For what purposes is this data collected?

Credaris may use the User data that it collects or has collected on its behalf for the following purposes:

  • To provide the services offered by Credaris or third parties, in particular to forward loan application data to the Personal Loan Providers selected by the User. The latter and their partners may provide Credaris with information on the transaction for the User to the extent necessary for Credaris to ascertain that a transaction has been concluded and to determine, calculate and check the amount and due date of any associated commission. In this respect Personal Loan Providers are released from any banking confidentiality regulations that might apply;
  • To enable a loan application to be processed fully or partly by other loan intermediaries with whom Credaris partners to arrange loans ("Partner Intermediaries");
  • To prepare statistics of all types relating, for example, to the interest shown by Users in product and service comparisons, or in other services provided by Credaris or third parties;
  • To design and develop the services and offerings of Credaris or third parties;
  • For internal training and quality control at Credaris;
  • To maintain and develop customer relationships (e.g. newsletter);
  • To control how advertising is shown and to invoice third-party advertising at Credaris and Credaris's own advertising on third-party websites;
  • To ensure the security and availability of the systems and data used by Credaris and/or its service providers;
  • For any corporate transactions that may affect user data, such as the transfer of a business division to third parties;
  • To prevent, identify and combat misuse;
  • To respond to justified enquiries from the authorities or in connection with the assertion of claims or other legal disputes that concern Credaris or in which Credaris is otherwise involved.

Credaris may also process personal data for other purposes to the extent required by law, or providing such purposes are indicated or discernable when the data in question is collected.

Is data passed on to third parties?

With the following exceptions, Credaris does not pass on any personal data to third parties:

  • Credaris may call upon third parties that process personal data on its behalf and for its purposes alone (e.g. Partner Intermediaries or market research institutions). Credaris will take appropriate measures to ensure that these third parties process the data only in the way in which Credaris itself may process that data.
  • Credaris may disclose personal data to Partner Intermediaries and to third parties through whose website or app personal loan services are initiated. The purpose of this is to measure the success of intermediary activities, to coordinate and improve offerings, to generate anonymised statistics, and to control the display of advertising. Personal data will only be disclosed if and to the extent this is necessary to fulfil these purposes.
  • Credaris may disclose personal data to third parties if the User so requests in the case of registrations or requests for quotations, for example. It may also do so if otherwise necessary to provide the service requested by the User, or if Credaris has expressly informed the User in advance that their data will be disclosed. In particular, the data transmitted by the User to Credaris as part of their enquiry is made available by e-mail to the Personal Loan Providers and their partners, as selected by the User, for processing accordingly. The Personal Loan Providers may process and evaluate such data, or have it processed and evaluated, in Switzerland and abroad. This applies in particular to processing and evaluation by third-party service providers in connection with, for example, the completion of business processes, IT security and system control, market research, the calculation of business-related credit and market risks, and contract administration tasks such as application and contract processing, debt collection and customer communications. Personal Loan Providers may also use the data for risk management and marketing purposes and analyses in Switzerland and abroad, creating profiles in the process. Personal Loan Providers may offer the User other products and services, including those from group companies of the Personal Loan Provider. Users may withdraw this authorisation at any time. In all cases, Users must withdraw their authorisation directly via the Personal Loan Provider concerned.

    Personal Loan Providers, their contractual partners, staff and subcontractors are obliged to comply with the data protection rules pursuant to the Swiss Data Protection Act (Datenschutzgesetz), to observe bank-client confidentiality pursuant to the Swiss Banking Act (Bankengesetz) and to maintain confidentiality. Credaris itself is not subject to banking confidentiality regulations. For the purpose of assessing the loan application and managing the contractual relationship, by accepting the Terms of Use, the User authorises the Personal Loan Providers to obtain information from third parties, especially from banks, external credit rating agencies, credit bureaus, credit intermediaries, employers, the group companies of the Personal Loan Providers, government agencies, authorities (e.g. debt enforcement and tax offices, citizens' registry offices, child and adult protection agencies), the ZEK central office for credit information, the IKO office for consumer credit information and other institutions designated by law or other offices, and to report to the ZEK and IKO, and to other institutions where the corresponding legal obligation exists. The details reported include, in particular, the type of loan or financing, the amount and terms together with the personal details of the applicant and any serious payment default or misuse, if applicable. For the aforementioned purposes the User exempts these bodies to the extent legally permitted and required from bank-client, postal, official and business confidentiality and secrecy obligations. The User acknowledges the right of the ZEK and IKO to provide its members with information on the reported data. Any data embargoes imposed by the User are deemed lifted with respect to Personal Loan Providers. The User hereby agrees that their selected Personal Loan Providers or their contractual partners outside Switzerland may retrieve, process and store certain credit information obtained from third parties about the User, specifically including that obtained from the ZEK and IKO, in connection with application reviews and contract handling.
  • In exceptional cases (e.g. suspected misuse), user data may also be disclosed to third parties for the other purposes listed in this Privacy Policy or for purposes provided for in law. Credaris cannot monitor, guarantee or vouch for the compliance of such third parties with the applicable data protection regulations. They process the data for their own purposes and possibly also abroad, where statutory data protections such as those in Switzerland may not exist.

In any event, Credaris may disclose anonymised user data to third parties. This refers to data in a form that does not allow these third parties reasonably to draw any further conclusions as to the identity of the Users concerned, or that makes such conclusions unlikely.

Where and how is the data stored?

In principle, Credaris processes all of the data it collects in Switzerland, and also stores it on systems in Switzerland. However, where external service providers are called in, certain items of Credaris user data may be processed abroad, specifically in Europe and, in exceptional cases, in any country in the world. As a rule Credaris will place these external service providers under a contractual obligation to process the data only in the way in which Credaris itself may process that data. If a recipient is located in a country that does not have an adequate level of statutory data protection, Credaris will contractually oblige that recipient to comply with data protection regulations if they are not already subject to a legally recognised regime to ensure data security and Credaris is not able to rely on a exemption clause in this case. To do so Credaris uses the revised standard contractual wording of the European Commission, which can be accessed here. An exemption may apply in particular to legal proceedings abroad, but also in cases of overriding public interest or if the execution of a contract requires such disclosure, if the User has given their consent or if the data in question has been placed in the public domain by the User, who has not objected to its processing.

The transmission of user data abroad may also result in the disclosure of data to third parties, particular where Users of Credaris offerings themselves use social media or other third-party offerings, or Users wish their data to be forwarded to third parties. Personal Loan Providers may transmit user data to and have it processed in other countries that may not have data protection regulations of an equivalent standard to those in Switzerland. They may also instruct contractual partners/service providers in such countries to process this data. Data will not be passed on unless the contractual partners/Service Providers undertake in advance to maintain an appropriate level of data protection. Credaris cannot monitor, guarantee or vouch for the third parties' compliance with the applicable data protection regulations.

In connection with the storage and other processing of user data, Credaris, its Partner Intermediaries and Personal Loan Providers take appropriate technical and organisational measures to prevent unauthorised access and otherwise unwarranted processing. Such measures are subject to regular review and are amended where necessary. This also applies to the third parties charged with operating the related systems.

Data transfer and communication between Credaris, the Personal Loan Provider, other third parties with whom Credaris works, and you may be effected electronically, in particular via the internet. Despite the appropriate technical and organisational measures taken by Credaris and the Personal Loan Providers, the internet remains an open, generally accessible network. Accordingly, neither Credaris nor the Personal Loan Providers is able in each individual case to guarantee the confidentiality of data transmitted via the internet. It is therefore possible for third parties to draw conclusions about an existing or forthcoming business relationship between the User and the Personal Loan Provider.

Newsletter, commercial communication

In connection with Credaris offerings, Credaris may from time to time send newsletters or other content (including that of a commercial nature) to the address, number or app of any User who has registered with it using their e-mail or any other electronic address or mobile phone number, or who has installed a Credaris app. However, the User may halt the delivery or display of such communications at any time, free of charge. Further information on this facility will be provided at the end of the message in question.

Questions and suggestions, requests for information, correction or deletion

Credaris welcomes questions, remarks, suggestions and criticism concerning the processing of personal data by Credaris. The managing director of Credaris, Marc Hallauer, will be pleased to provide further information. Contact or credaris AG, Marc Hallauer, Stauffacherstrasse 16, 8004 Zurich. Requests for information, correction or deletion must be submitted in writing to the above postal address, including a copy of your passport or ID card for identification purposes.

Zurich, 1 March 2022


Approval of a loan is forbidden by law if it would lead to over-indebtedness (Art. 3 UWG).