Any collection and further processing of personal data always has one or more controllers (under data protection law). In our case, this is always Credaris AG and the Group company you interact with.
The contact details of the Credaris Group companies are as follows. However, please note that Credaris AG is your primary contact if you have questions about Credaris’s processing of your data or if you wish to exercise your rights in this regard:
8004 Zurich, Switzerland
Cashmoney Swiss Ltd.
8001 Zurich, Switzerland
Route de la Conversion 314
1093 La Conversion, Switzerland
Crédits Conseils SA
Chemin Ami-Argand 11
1290 Versoix, Switzerland
The processing of personal data by Personal Loan Providers is the responsibility of those providers themselves. Further information can be found in their own privacy statements. The same applies to third parties on whose websites or apps you enter data for forwarding to Credaris.
Legal foundations, amendments
What type of data is collected?
In principle, Credaris collects all personal data generated when the User uses the Credaris offering (websites, apps, etc.) or otherwise in dealings with Credaris. This relates in particular to the use of personal loan services initiated via the websites or apps of Credaris partners. This personal data includes, specifically:
Data entered by Users via forms, online forms or third-party apps (and in the latter case transmitted to Credaris), or otherwise communicated by them while using the Credaris offering, by telephone or e-mail for example, including personal data (name, address, telephone number, e-mail address, income, assets, date of birth, gender, etc.).;
- Usage data that is transmitted or generated automatically (e.g. date and time a service was used, previous and current pages called up, IP address, data relating to the browser used, device identifier, current location, if such information is released, etc.) as well as interaction data if accessible without installing additional software on the computer (e.g. mouse movements and clicks or keystrokes on the website);
- Personal data generated by Credaris or third parties themselves which relates to the initiation and conclusion of contracts, such as codes indicating scope for financing, concerning specific offers made to the User by Credaris or a third party, and relating to amended contractual terms;
- Personal data generated by Credaris or third parties themselves with regard to the User's behaviour (such as the refusal or acceptance of offers and interactions on social media platforms or with online advertising) and preferences (such as their affinity for a particular offer), inferred by Credaris or third parties on the basis of the User’s age, previous credit patterns, or statistics;
- Correspondence and other communications with the User, such as e-mails or telephone conversations, which may also be recorded.
This data may be linked together, possibly over several visits and communications, if a User or profile is recognised, for example from a username, an e-mail address, a device identifier or cookies saved in the browser.
Cookies are a common technology in which the website assigns the User’s browser an identifier which the browser then saves and shows on request. Credaris typically has these identifiers expire after one session, but also uses permanent cookies to control how advertising is shown on its websites, to analyse the use of its websites, and to customise its websites. The browser can be set so that permanent cookies are automatically deleted, restricted or blocked entirely. For more information for individual browsers, click here for Microsoft Edge, Firefox, Safari, Chrome. This does not limit use of the websites. However, their use may be impaired if only session (temporary) cookies are disabled.
For what purposes is this data collected?
Credaris may use the User data that it collects or has collected on its behalf for the following purposes:
- To provide the services offered by Credaris or third parties, in particular to request information about the User’s creditworthiness and to forward loan application data to the Personal Loan Providers selected by the User. The latter and their partners may provide Credaris with information on the transaction for the User to the extent necessary for Credaris to ascertain that a transaction has been concluded and processed and to determine, calculate and check the amount and due date of any associated commission. In this respect Personal Loan Providers are released from any banking confidentiality regulations that might apply;
- To enable a loan application to be processed fully or partly by other loan intermediaries with whom Credaris partners to arrange loans ("Partner Intermediaries");
- To prepare all types of statistics and analyses relating, for example, to the interest shown by Users in product and service comparisons, in other services provided by Credaris or third parties, in the use of our websites or apps and how Users interact with our social media profiles or online advertising;
- To design and develop the services and offerings of Credaris or third parties;
- For intragroup administration and support;
- For internal training and quality control at Credaris;
- To maintain and develop customer relationships (e.g. newsletter);
- To control how advertising is shown and to invoice third-party advertising at Credaris and Credaris's own advertising on third-party websites;
- To ensure the security and availability of the systems and data used by Credaris and/or its service providers;
- For any corporate transactions that may affect user data, such as the transfer of a business division to third parties;
- To prevent, identify and combat misuse;
- To respond to justified enquiries from the authorities or in connection with the assertion of claims or other legal disputes that concern Credaris or in which Credaris is otherwise involved.
Credaris may also process personal data for other purposes to the extent required by law, or providing such purposes are indicated or discernible when the data in question is collected.
Is data passed on to third parties?
With the following exceptions, Credaris does not pass on any personal data to third parties:
Credaris may pass personal data on to other Credaris Group companies within the Group that process your data on its behalf, under joint responsibility or on their own responsibility.
- Credaris may call upon third parties that process personal data on its behalf and for its purposes alone (e.g. Partner Intermediaries or market research institutions). Credaris will take appropriate measures to ensure that these third parties process the data only in the way in which Credaris itself may process that data.
- Credaris may disclose personal data to Partner Intermediaries, to Partners through whose websites or apps personal loan services are initiated, as well as to other third parties. The purpose of this is to measure the success of intermediary activities, to coordinate and improve offerings, to generate anonymised statistics, and to control the display of advertising. Personal data will only be disclosed if and to the extent this is necessary to fulfil these purposes.
- Credaris may disclose personal data to third parties if the User so requests in the case of registrations or requests for quotations, for example. It may also do so if otherwise necessary to provide the service requested by the User, or if Credaris has expressly informed the User in advance that their data will be disclosed.
In addition, your personal data that is necessary to identify you for requesting credit reports (including but not limited to your name, address, telephone number, e-mail address, sex and date of birth) may be disclosed to the credit agencies CRIF Ltd. and/or Intrum Ltd.
In particular, the data transmitted by the User to Credaris as part of their enquiry is made available by e-mail to the Personal Loan Providers and their partners for processing accordingly. Credaris works with the following Personal Loan Providers:
- Cembra Money Bank Ltd.
- Bank-now Ltd.
- Migros Bank AG
- RCI Finance SA
- Cornèr Banca Limited
- good finance AG
- bob Finance AG
- Lendora SA
- Banque Cantonale de Genève
Milenia SA works with the following financial service providers:
- Solvable SA
- Resolve SA
- Bebroker SA
The Personal Loan Providers may process and evaluate such data, or have it processed and evaluated, in Switzerland and abroad. This applies in particular to processing and evaluation by third-party service providers in connection with, for example, the completion of business processes, IT security and system control, market research and development, the calculation of business-related credit and market risks, and contract administration tasks such as application and contract processing, debt collection and customer communications. Personal Loan Providers may also use the data for risk management and marketing purposes and analyses in Switzerland and abroad, creating profiles in the process. Personal Loan Providers may offer the User other products and services, including those from group companies of the Personal Loan Provider. Users may withdraw this authorisation at any time. In all cases, Users must withdraw their authorisation directly via the Personal Loan Provider concerned.
In any event, Credaris may disclose anonymised user data to third parties. This refers to data in a form that does not allow these third parties reasonably to draw any further conclusions as to the identity of the Users concerned, or that makes such conclusions unlikely.
Where and how is the data stored?
In principle, Credaris processes all of the data it collects in Switzerland, and also stores it on systems in Switzerland. However, where external service providers are called in, certain items of Credaris user data may be processed abroad, specifically in Europe and, in exceptional cases, in any country in the world. As a rule Credaris will place these external service providers under a contractual obligation to process the data only in the way in which Credaris itself may process that data. If a recipient is located in a country that does not have an adequate level of statutory data protection, Credaris will contractually oblige that recipient to comply with data protection regulations if they are not already subject to a legally recognised regime to ensure data security and Credaris is not able to rely on a exemption clause in this case. To do so Credaris uses the revised standard contractual wording of the European Commission, which can be accessed here. An exemption may apply in particular to legal proceedings abroad, but also in cases of overriding public interest or if the execution of a contract requires such disclosure, if the User has given their consent or if the data in question has been placed in the public domain by the User, who has not objected to its processing.
The transmission of user data abroad may also result in the disclosure of data to third parties, particularly where Users of Credaris offerings themselves use social media or other third-party offerings, or Users wish their data to be forwarded to third parties. Personal Loan Providers may transmit user data to and have it processed in other countries that may not have data protection regulations of an equivalent standard to those in Switzerland. They may also instruct contractual partners/service providers in such countries to process this data. Data will not be passed on unless the contractual partners/Service Providers undertake in advance to maintain an appropriate level of data protection. Credaris cannot monitor, guarantee or vouch for the third parties' compliance with the applicable data protection regulations.
In connection with the storage and other processing of user data, Credaris, its Partner Intermediaries and Personal Loan Providers take appropriate technical and organisational measures to prevent unauthorised access and otherwise unwarranted processing. Such measures are subject to regular review and are amended where necessary. This also applies to the third parties charged with operating the related systems.
Data transfer and communication between Credaris, the Personal Loan Provider, other third parties with whom Credaris works, and you may be effected electronically, in particular via the internet. Despite the appropriate technical and organisational measures taken by Credaris and the Personal Loan Providers, the internet remains an open, generally accessible network. Accordingly, neither Credaris nor the Personal Loan Providers is able in each individual case to guarantee the confidentiality of data transmitted via the internet. It is therefore possible for third parties to draw conclusions about an existing or forthcoming business relationship (bank-client relationship, if applicable) between the User and the Personal Loan Provider.
Newsletter, commercial communication
In connection with Credaris offerings, Credaris may from time to time send newsletters or other content (including that of a commercial nature) to the address, number or app of any User who has registered with it using their e-mail or any other electronic address or mobile phone number, or who has installed a Credaris app. However, the User may halt the delivery or display of such communications at any time, free of charge. Further information on this facility will be provided at the end of the message in question.
Processing personal data on our pages in social networks
Credaris operates pages and other online sites on social networks and other platforms operated by third parties and processes data about you in connection with this. In doing so, we receive data from you (e.g. if you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms may analyse your use and process this data together with other data available to them regarding you. They also process this data for their own purposes (e.g. marketing and market research and for administering their platforms); to this end, they act as their own controllers. For more information about the processing performed by the platform operators, please consult the privacy policies of the respective platforms.
We have the right but are under no obligation to review external content before or after it is published on our online sites, to delete content without prior notice and report it to the provider of the affected platform where appropriate. Some of the platform operators may be located outside Switzerland. For information about the disclosure of data abroad, please consult the section "Where and how is the data stored?" above.
Questions and suggestions, requests for information, correction or deletion
Credaris welcomes questions, remarks, suggestions and criticism concerning the processing of personal data by Credaris. You can contact the respective controller at the contact details provided in the corresponding section above. You can contact Credaris AG as your primary contact at:
Enquiries from data subjects, such as requests for information, correction or deletion, must be submitted in writing (via post or e-mail), including a copy of your passport or ID card for identification purposes.
Zurich, 29 September 2023