This data privacy statement specifies the type of data Credaris AG (Credaris) and the suppliers of personal loans (personal loan suppliers) selected by you, which are available via Credaris, collect from you, the user of the website (user) and services, for which purpose the data are collected and how such data are processed.
With the transmission of these data you as a user agree to the processing of your personal data as set out in this data privacy statement; where the data you have entered refer to third parties (in particular, spouses or registered partners), you guarantee that (i) you have informed the third party of your application, (ii) the personal loan supplier is authorised to check the information you have supplied by making enquiries with the third party and (iii) such parties agree to the processing according to this data privacy statement (including the making of enquiries for information at ZEK).
Credaris with registered head office in Zurich is an affiliated company of comparis.ch AG (comparis.ch) offering its customers free personal loan services in Switzerland.
Legal bases, changes
In processing the personal data of the users of its facilities, in particular of its website and services, Credaris complies with this data privacy statement and all applicable statutory provisions, in specific the Swiss Data Protection Act (Schweizerisches Datenschutzgesetz, DSG).
The range of services offered by Credaris is subject to continuous expansion. Due to this reason and any other changes in circumstances that may occur, Credaris may amend this data privacy statement at any time and without prior notice. Insofar as this data privacy statement has become an integral component of a service agreement between Credaris and the user, Credaris will advise the user of any amendments in advance in a suitable form; should the user fail to object to the amendment, the amendment is deemed to have the user's approval as of the date the amendment enters into force. Otherwise, Credaris may terminate the agreement concluded with the user for cause.
What type of data is being collected?
In principle, Credaris collects all personal data that accumulate when users utilise the services offered by Credaris (website, apps, etc.) and communicate with Credaris, hence in particular when they use the personal loan services initiated via the website of comparis.ch. They include notably:
- data entered by users via online forms or apps offered by Credaris or comparis.ch (which, in the case of comparis.ch are transferred to Credaris) or otherwise communicated by them while using the services offered by Credaris (e.g. by telephone or e-mail), including personal data (name, address, telephone number, e-mail address, income, assets, date of birth, gender, etc.);
- user data transmitted or generated automatically (e.g. date and time a service was used, previous and current pages called up, IP address, data relating to the browser used, device code, current location, if such information is released, etc.) as well as interaction data if accessible without installation of additional programmes on the computer (e.g. mouse movements and clicks or keyboard strokes on the website);
- personal data generated by Credaris, comparis.ch or third parties (e.g. codes, suppliers' personal services made available to Credaris users and transferred to Credaris for dissemination);
- correspondence and other communications with users (e.g. e-mails, telephone conversations that may also be recorded).
Such data may be linked, possibly over several visits and communications, if a user or a user profile is recognised, for example via a user name, an e-mail address, a device code or cookies saved in the browser.
Which type of data processing takes place?
Credaris may use the user data collected by it or on its behalf for the following purposes:
- provision of the services offered by Credaris or comparis.ch; specifically for the purpose of transferring the loan request data to the personal loan suppliers selected by the user;
- complete or partial handling of the loan request by other loan intermediaries with whom Credaris collaborates as partners (partner intermediaries) for the intermediation of loans;
- preparation of various types of statistics relating, for example, to the amount of interest shown by users in product and service comparisons or in other services provided by Credaris or comparis.ch;
- design and development of the range of services offered by Credaris or comparis.ch;
- internal training and quality control;
- maintenance and development of customer relationships (e.g. newsletter);
- controlling the display of advertisements and invoicing, relating both to third party advertisements on the Credaris or comparis.ch website and Credaris or comparis.ch advertisements on third party websites;
- guaranteeing the safety and availability of Credaris or comparis.ch systems and data and those of its service providers;
- corporate transactions performed by Credaris or comparis.ch that may affect user data (e.g. transfer of a business division to an affiliated company or third party);
- prevention, discovery and combating any misuse;
- responding to justified official enquiries or enquiries in connection with the assertion of claims or other legal disputes that concern Credaris or comparis.ch or which Credaris or comparis.ch is otherwise involved in.
Credaris may also process personal data for other purposes to the extent that such purposes arise from the law or are indicated or discernable in the context of the collection of the respective data.
Furthermore, users authorise the personal loan suppliers contacted on their behalf, and their partners, to provide Credaris with information regarding their transaction to the extent that this is necessary to allow Credaris to ascertain, calculate and check the conclusion of the transaction and the amount and due date of any associated commission (in this respect, the personal loan suppliers are released from the generally applicable banking secrecy regulations; Credaris itself is not subject to the banking secrecy regulations).
Are any data being passed on to third parties?
With the following exceptions, Credaris does not pass on any personal data to third parties as a matter of principle:
- Credaris may call in third parties to process personal data on behalf, and exclusively for the purposes, of Credaris (e.g. partner intermediaries or market research institutions). Credaris shall implement appropriate measures to ensure that such third parties process the data exclusively in the manner in which Credaris is authorised to process them.
- Credaris may disclose the personal data collected by it for the purposes specified in this data privacy statement to comparis.ch, in particular the data entered by users in the context of the comparis.ch website.
- Credaris may disclose personal data to third parties if the user so requests (registrations, requests for quotations, etc.), or this is otherwise necessary to provide the service requested by the user, or if Credaris has expressly informed the user of the fact that his/her data will be disclosed. In particular, by sending an enquiry, users authorise Credaris to send their data by e-mail to the selected personal loan suppliers, and their partners, for processing. The personal loan suppliers may process and evaluate such data for marketing and marketing evaluation purposes, or have such data processed and evaluated (especially by third service providers, e.g. in the performance of business processes, IT security and system control, market research, the calculation of relevant credit and market risks and the administration of contracts, e.g. the processing of applications and contracts, debt collection, communications with customers) both in Switzerland and abroad, or may use the data for risk management, marketing and marketing evaluation purposes, both in Switzerland and abroad, creating profiles in the process. The personal loan suppliers may offer the user other products and services, including from group companies of the personal loan suppliers. Users may withdraw this authorisation at any time. In all cases, users must withdraw their authorisation directly via the personal loan supplier affected by the withdrawal.
- The personal loan suppliers, their contractual partners, their staff and subcontractors are obliged to comply with the data protection rules pursuant to the Swiss Data Protection Act, to observe bank client secrecy pursuant to the Swiss Banking Act and to maintain confidentiality. Credaris itself is not subject to the banking secrecy regulations. For the purpose of assessing the loan request and processing the contract, the user hereby authorises the personal loan suppliers to obtain information from third parties, especially from banks, external credit rating agencies, credit bureaus, credit intermediaries, employers, the group companies of suppliers, government authorities, agencies (e.g. debt enforcement and tax offices, citizens' registry offices, child and adult protection agencies), the Central Office for Credit Information (ZEK), the Office for Consumer Credit Information (IKO) and other institutions designated by law or other offices and to report to the ZEK, the IKO and to other institutions if a corresponding legal obligation exists. The details reported include, in particular, the type of loan or financing, the amount and terms together with the personal details of the applicant and any serious payment default or misuse, if applicable. For the above-mentioned purposes the user exempts these bodies – where this is legally permitted and required – from bank-client confidentiality, postal secrecy, personal confidentiality and professional secrecy. The user acknowledges the ZEK's and IKO's right to provide its members with information regarding the reported data. Any data locks imposed by the user shall be deemed invalid with respect to the personal loan suppliers. Users hereby agree the suppliers or their contractual partners may retrieve, process and store certain credit information data regarding the users, which were obtained from third parties in this connection, specifically those held by the ZEK and IKO, outside Switzerland.
- In exceptional cases (e.g. suspected misuse), user data may also be disclosed to third parties for the other purposes listed in this data privacy statement or for purposes provided for by law. Credaris is not in a position to control, guarantee or vouch for the fact that such third parties comply with the applicable data protection rules; they process the data for their own purposes, possibly abroad where data protection laws such as in Switzerland may not exist.
In any case, Credaris may disclose anonymised user data to third parties. These are data taking a form which does not allow the third parties to draw any sensible conclusions as to the identity of the respective users or makes such conclusions unlikely.
Where and how are the data stored?
Principally, Credaris processes all collected data in Switzerland and stores them in systems in Switzerland. Where external service providers are called in, individual user data collected by Credaris may also be processed abroad; Credaris will conclude an agreement with such providers according to which they will be obliged to process the data exclusively to the extent that Credaris is permitted to process them. Transmission of user data to third parties may also involve transferring data to countries outside Switzerland, in particular in cases whereby social networks or third party services are used via the services provided by Credaris or users request the transmission of data to third parties. Personal loan suppliers may transfer user data to countries and have them processed in countries which may not have data protection regulations of a level equivalent to Switzerland's regulations. They may also commission contractual partners/service providers in such countries to process such data. Data will not be transferred unless the contractual partners/service providers undertake to maintain an appropriate data protection level. Credaris does not have the means to control, guarantee or vouch for the third parties' compliance with applicable data protection rules.
In the context of storing and otherwise processing user data, Credaris, the partner intermediaries and the private loan suppliers shall implement appropriate technical and organisational measures to prevent unauthorised and otherwise unwarranted processing. Such measures are subject to regular control and are amended where necessary. This also applies to the third parties charged with operating the systems.
As a user you confirm that you agree to the use of electronic communications between Credaris, comparis.ch, the personal loan supplier and yourself. You herewith accept the transmission of data, including via the Internet. Despite the appropriate technical and organisational measures taken by Credaris and the personal loan suppliers, users are aware of the fact that the Internet represents an open, generally accessible network. Accordingly, Credaris and the personal loan suppliers are not in a position to guarantee the confidentiality of data transmitted via the Internet in each individual case. Conclusions regarding imminent or existing business relationships between users and personal loan suppliers may therefore be drawn.
Newsletter, commercial communication
In connection with the services offered by Credaris and comparis.ch, Credaris may from time to time send newsletters or other contents (of a commercial nature) to the address, number or app of any users that have registered their e-mail address or any other electronic address or mobile phone number with Credaris. With their registration or installation of an app, users agree to receive such newsletters and contents. They may, however, notify Credaris at any time and free of charge that they no longer wish to receive, or be notified of, the above (further information will be provided at the end of the respective notification).
Questions and suggestions, requests for information, correction or deletion
comparis.ch welcomes all questions, suggestions and comments (critical or otherwise) concerning the subject of personal data processing. The managing director of comparis.ch, Paul Kummer, is available to provide further information if required. Contact: firstname.lastname@example.org or comparis.ch AG, Stampfenbachstrasse 48, 8006 Zurich. Where users have a user account, requests for information, correction or deletion may be submitted or can be carried out directly via this account; all other users may submit such requests by letter to the above address, including a photocopy of their passport for identification purposes.
Zurich, 29 September 2016