Legal foundations, amendments
What type of data is collected?
In principle, Credaris collects all personal data generated when the User uses the Credaris offering (website, apps, etc.) or otherwise in dealings with Credaris. This relates in particular to the use of personal loan services initiated via the website or app of Credaris partners. This personal data includes, specifically:
- Data entered by Users via online forms or third-party apps (and in the latter case transmitted to Credaris), or otherwise communicated by them while using the Credaris offering, by telephone or e-mail for example, including personal data (name, address, telephone number, e-mail address, income, assets, date of birth, gender, etc.).;
- Usage data that is transmitted or generated automatically (e.g. date and time a service was used, previous and current pages called up, IP address, data relating to the browser used, device identifier, current location, if such information is released, etc.) as well as interaction data if accessible without installing additional software on the computer (e.g. mouse movements and clicks or keystrokes on the website);
- Personal data generated by Credaris or third parties themselves which relates to the initiation and conclusion of contracts, such as codes indicating scope for financing, concerning specific offers made to the User by Credaris or a third party, and relating to amended contractual terms;
- Personal data generated by Credaris or third parties themselves with regard to the User's behaviour (such as the refusal or acceptance of offers) and preferences (such as their affinity for a particular offer), inferred by Credaris or third parties on the basis of the User's age, previous credit patterns, or statistics;
- Correspondence and other communications with the User, such as e-mails or telephone conversations, which may also be recorded.
This data may be linked together, possibly over several visits and communications, if a User or profile is recognised, for example from a user name, an e-mail address, a device identifier or cookies saved in the browser.
Cookies are a common technology in which the website assigns the User's browser an identifier which the browser then saves and shows on request. Credaris typically has these identifiers expire after one session, but also uses permanent cookies to control how advertising is shown, to analyse use of the website, and to customise it. The browser can be set so that permanent cookies are automatically deleted, restricted or blocked entirely. For more information for individual browsers, click here for Microsoft Edge, Firefox, Safari, Chrome. This does not limit use of the website. However, its use may be impaired if only session (temporary) cookies are disabled.
For what purposes is this data collected?
Credaris may use the User data that it collects or has collected on its behalf for the following purposes:
- To provide the services offered by Credaris or third parties, in particular to forward loan application data to the Personal Loan Providers selected by the User. The latter and their partners may provide Credaris with information on the transaction for the User to the extent necessary for Credaris to ascertain that a transaction has been concluded and to determine, calculate and check the amount and due date of any associated commission. In this respect Personal Loan Providers are released from any banking confidentiality regulations that might apply;
- To enable a loan application to be processed fully or partly by other loan intermediaries with whom Credaris partners to arrange loans ("Partner Intermediaries");
- To prepare statistics of all types relating, for example, to the interest shown by Users in product and service comparisons, or in other services provided by Credaris or third parties;
- To design and develop the services and offerings of Credaris or third parties;
- For internal training and quality control at Credaris;
- To maintain and develop customer relationships (e.g. newsletter);
- To control how advertising is shown and to invoice third-party advertising at Credaris and Credaris's own advertising on third-party websites;
- To ensure the security and availability of the systems and data used by Credaris and/or its service providers;
- For any corporate transactions that may affect user data, such as the transfer of a business division to third parties;
- To prevent, identify and combat misuse;
- To respond to justified enquiries from the authorities or in connection with the assertion of claims or other legal disputes that concern Credaris or in which Credaris is otherwise involved.
Credaris may also process personal data for other purposes to the extent required by law, or providing such purposes are indicated or discernable when the data in question is collected.
Is data passed on to third parties?
With the following exceptions, Credaris does not pass on any personal data to third parties:
- Credaris may call upon third parties that process personal data on its behalf and for its purposes alone (e.g. Partner Intermediaries or market research institutions). Credaris will take appropriate measures to ensure that these third parties process the data only in the way in which Credaris itself may process that data.
- Credaris may disclose personal data to Partner Intermediaries and to third parties through whose website or app personal loan services are initiated. The purpose of this is to measure the success of intermediary activities, to coordinate and improve offerings, to generate anonymised statistics, and to control the display of advertising. Personal data will only be disclosed if and to the extent this is necessary to fulfil these purposes.
Credaris may disclose personal data to third parties if the User so requests in the case of registrations or requests for quotations, for example. It may also do so if otherwise necessary to provide the service requested by the User, or if Credaris has expressly informed the User in advance that their data will be disclosed. In particular, the data transmitted by the User to Credaris as part of their enquiry is made available by e-mail to the Personal Loan Providers and their partners, as selected by the User, for processing accordingly. The Personal Loan Providers may process and evaluate such data, or have it processed and evaluated, in Switzerland and abroad. This applies in particular to processing and evaluation by third-party service providers in connection with, for example, the completion of business processes, IT security and system control, market research, the calculation of business-related credit and market risks, and contract administration tasks such as application and contract processing, debt collection and customer communications. Personal Loan Providers may also use the data for risk management and marketing purposes and analyses in Switzerland and abroad, creating profiles in the process. Personal Loan Providers may offer the User other products and services, including those from group companies of the Personal Loan Provider. Users may withdraw this authorisation at any time. In all cases, Users must withdraw their authorisation directly via the Personal Loan Provider concerned.
In any event, Credaris may disclose anonymised user data to third parties. This refers to data in a form that does not allow these third parties reasonably to draw any further conclusions as to the identity of the Users concerned, or that makes such conclusions unlikely.
Where and how is the data stored?
In principle, Credaris processes all of the data it collects in Switzerland, and also stores it on systems in Switzerland. However, where external service providers are called in, certain items of Credaris user data may be processed abroad, specifically in Europe and, in exceptional cases, in any country in the world. As a rule Credaris will place these external service providers under a contractual obligation to process the data only in the way in which Credaris itself may process that data. If a recipient is located in a country that does not have an adequate level of statutory data protection, Credaris will contractually oblige that recipient to comply with data protection regulations if they are not already subject to a legally recognised regime to ensure data security and Credaris is not able to rely on a exemption clause in this case. To do so Credaris uses the revised standard contractual wording of the European Commission, which can be accessed here. An exemption may apply in particular to legal proceedings abroad, but also in cases of overriding public interest or if the execution of a contract requires such disclosure, if the User has given their consent or if the data in question has been placed in the public domain by the User, who has not objected to its processing.
The transmission of user data abroad may also result in the disclosure of data to third parties, particular where Users of Credaris offerings themselves use social media or other third-party offerings, or Users wish their data to be forwarded to third parties. Personal Loan Providers may transmit user data to and have it processed in other countries that may not have data protection regulations of an equivalent standard to those in Switzerland. They may also instruct contractual partners/service providers in such countries to process this data. Data will not be passed on unless the contractual partners/Service Providers undertake in advance to maintain an appropriate level of data protection. Credaris cannot monitor, guarantee or vouch for the third parties' compliance with the applicable data protection regulations.
In connection with the storage and other processing of user data, Credaris, its Partner Intermediaries and Personal Loan Providers take appropriate technical and organisational measures to prevent unauthorised access and otherwise unwarranted processing. Such measures are subject to regular review and are amended where necessary. This also applies to the third parties charged with operating the related systems.
Data transfer and communication between Credaris, the Personal Loan Provider, other third parties with whom Credaris works, and you may be effected electronically, in particular via the internet. Despite the appropriate technical and organisational measures taken by Credaris and the Personal Loan Providers, the internet remains an open, generally accessible network. Accordingly, neither Credaris nor the Personal Loan Providers is able in each individual case to guarantee the confidentiality of data transmitted via the internet. It is therefore possible for third parties to draw conclusions about an existing or forthcoming business relationship between the User and the Personal Loan Provider.
Newsletter, commercial communication
In connection with Credaris offerings, Credaris may from time to time send newsletters or other content (including that of a commercial nature) to the address, number or app of any User who has registered with it using their e-mail or any other electronic address or mobile phone number, or who has installed a Credaris app. However, the User may halt the delivery or display of such communications at any time, free of charge. Further information on this facility will be provided at the end of the message in question.
Questions and suggestions, requests for information, correction or deletion
Credaris welcomes questions, remarks, suggestions and criticism concerning the processing of personal data by Credaris. The managing director of Credaris, Marc Hallauer, will be pleased to provide further information. Contact firstname.lastname@example.org or credaris AG, Marc Hallauer, Stauffacherstrasse 16, 8004 Zurich. Requests for information, correction or deletion must be submitted in writing to the above postal address, including a copy of your passport or ID card for identification purposes.
Zurich, 1 March 2022