Credaris AG, Cashmoney Swiss Ltd., Crédits Conseils SA and Milenia SA jointly form the Credaris Group (hereinafter: Credaris). This Privacy Policy specifies the type of personal data ("Data") that is collected about you as a user ("User") of the websites and services of Credaris and the providers of personal loans ("Personal Loan Providers") that are available via Credaris and selected by you. It sets out the purpose for which the data is collected, and how it is processed.
When you transmit data to Credaris, it is processed in accordance with this Privacy Policy. If the data you have entered refers to third parties (a spouse or registered partner, in particular), you guarantee that (i) you have informed this third party of your application, (ii) Credaris and the Personal Loan Provider may check the information you have supplied by enquiring with the third party directly, and (iii) the third party was made aware of this Privacy Policy in advance, including the notice relating to enquiries with the ZEK central office for credit information, and has not objected to it.
Controller
Any collection and further processing of personal data always has one or more controllers (under data protection law). In our case, this is always Credaris AG and the Group company you interact with.
Specifically, and unless otherwise indicated, for activities of Credaris, the controller is always Credaris AG alone (insofar as the collection of personal data involves only Credaris AG) or together with the Credaris Group company that is responsible for and indicated as the operator of the relevant website or the part of the website from which you requested this Privacy Policy (e.g. in the legal notice, by being mentioned by name or as indicated in the relevant documents). Furthermore, and unless otherwise indicated, Credaris AG alone (insofar as the collection of personal data involves only Credaris) or together with the Credaris Group company with which you communicate, with which you have or wish to conclude an agreement, with which you apply for a position, which you visit, whose social media sites you visit, whose apps you use or which you contact, is the controller as regards the associated collection of personal data (this does not include cases in which a Credaris Group company merely acts as a processor for one or more other Group companies).
The contact details of the Credaris Group companies are as follows. However, please note that Credaris AG is your primary contact if you have questions about Credaris’s processing of your data or if you wish to exercise your rights in this regard:
Credaris AG
Stauffacherstrasse 16
8004 Zurich, Switzerland
Cashmoney Swiss Ltd.
Usteristrasse 21
8001 Zurich, Switzerland
Milenia SA
Route de la Conversion 314
1093 La Conversion, Switzerland
Crédits Conseils SA
Chemin Ami-Argand 11
1290 Versoix, Switzerland
The processing of personal data by Personal Loan Providers is the responsibility of those providers themselves. Further information can be found in their own privacy statements. The same applies to third parties on whose websites or apps you enter data for forwarding to Credaris.
Legal foundations, amendments
When processing the personal data of the Users of its offering, in particular of its websites and its services, Credaris complies with this Privacy Policy and all applicable statutory provisions, specifically the Swiss Data Protection Act (Schweizerisches Datenschutzgesetz, DSG). However, unlike some Personal Loan Providers, it is not subject to Swiss banking confidentiality regulations.
The Credaris offering is being expanded all the time. For this reason and in response to any other changes in circumstances, Credaris may amend this Privacy Policy at any time without prior notice. Where these amendments are significant, providing the effort involved is not excessive we actively notify those individuals whose contact details are registered with us. In general, data processing is subject to the current version of the Privacy Policy in effect when the data processing in question begins.
What type of data is collected?
In principle, Credaris collects all personal data generated when the User uses the Credaris offering (websites, apps, etc.) or otherwise in dealings with Credaris. This relates in particular to the use of personal loan services initiated via the websites or apps of Credaris partners. This personal data includes, specifically:
Data entered by Users via forms, online forms or third-party apps (and in the latter case transmitted to Credaris), or otherwise communicated by them while using the Credaris offering, by telephone or e-mail for example, including personal data (name, address, telephone number, e-mail address, income, assets, date of birth, gender, etc.).;
- Usage data that is transmitted or generated automatically (e.g. date and time a service was used, previous and current pages called up, IP address, data relating to the browser used, device identifier, current location, if such information is released, etc.) as well as interaction data if accessible without installing additional software on the computer (e.g. mouse movements and clicks or keystrokes on the website);
- Personal data generated by Credaris or third parties themselves which relates to the initiation and conclusion of contracts, such as codes indicating scope for financing, concerning specific offers made to the User by Credaris or a third party, and relating to amended contractual terms;
- Personal data generated by Credaris or third parties themselves with regard to the User's behaviour (such as the refusal or acceptance of offers and interactions on social media platforms or with online advertising) and preferences (such as their affinity for a particular offer), inferred by Credaris or third parties on the basis of the User’s age, previous credit patterns, or statistics;
- Correspondence and other communications with the User, such as e-mails or telephone conversations, which may also be recorded.
This data may be linked together, possibly over several visits and communications, if a User or profile is recognised, for example from a username, an e-mail address, a device identifier or cookies saved in the browser.
Cookies are a common technology in which the website assigns the User’s browser an identifier which the browser then saves and shows on request. Credaris typically has these identifiers expire after one session, but also uses permanent cookies to control how advertising is shown on its websites, to analyse the use of its websites, and to customise its websites. The browser can be set so that permanent cookies are automatically deleted, restricted or blocked entirely. For more information for individual browsers, click here for Microsoft Edge, Firefox, Safari, Chrome. This does not limit use of the websites. However, their use may be impaired if only session (temporary) cookies are disabled.
For what purposes is this data collected?
Credaris may use the User data that it collects or has collected on its behalf for the following purposes:
- To provide the services offered by Credaris or third parties, in particular to request information about the User’s creditworthiness and to forward loan application data to the Personal Loan Providers selected by the User. The latter and their partners may provide Credaris with information on the transaction for the User to the extent necessary for Credaris to ascertain that a transaction has been concluded and processed and to determine, calculate and check the amount and due date of any associated commission. In this respect Personal Loan Providers are released from any banking confidentiality regulations that might apply;
- To enable a loan application to be processed fully or partly by other loan intermediaries with whom Credaris partners to arrange loans ("Partner Intermediaries");
- To prepare all types of statistics and analyses relating, for example, to the interest shown by Users in product and service comparisons, in other services provided by Credaris or third parties, in the use of our websites or apps and how Users interact with our social media profiles or online advertising;
- To design and develop the services and offerings of Credaris or third parties;
- For intragroup administration and support;
- For internal training and quality control at Credaris;
- To maintain and develop customer relationships (e.g. newsletter);
- To control how advertising is shown and to invoice third-party advertising at Credaris and Credaris's own advertising on third-party websites;
- To ensure the security and availability of the systems and data used by Credaris and/or its service providers;
- For any corporate transactions that may affect user data, such as the transfer of a business division to third parties;
- To prevent, identify and combat misuse;
- To respond to justified enquiries from the authorities or in connection with the assertion of claims or other legal disputes that concern Credaris or in which Credaris is otherwise involved.
Credaris may also process personal data for other purposes to the extent required by law, or providing such purposes are indicated or discernible when the data in question is collected.
Is data passed on to third parties?
With the following exceptions, Credaris does not pass on any personal data to third parties:
Credaris may pass personal data on to other Credaris Group companies within the Group that process your data on its behalf, under joint responsibility or on their own responsibility.
- Credaris may call upon third parties that process personal data on its behalf and for its purposes alone (e.g. Partner Intermediaries or market research institutions). Credaris will take appropriate measures to ensure that these third parties process the data only in the way in which Credaris itself may process that data.
- Credaris may disclose personal data to Partner Intermediaries, to Partners through whose websites or apps personal loan services are initiated, as well as to other third parties. The purpose of this is to measure the success of intermediary activities, to coordinate and improve offerings, to generate anonymised statistics, and to control the display of advertising. Personal data will only be disclosed if and to the extent this is necessary to fulfil these purposes.
- Credaris may disclose personal data to third parties if the User so requests in the case of registrations or requests for quotations, for example. It may also do so if otherwise necessary to provide the service requested by the User, or if Credaris has expressly informed the User in advance that their data will be disclosed.
In addition, your personal data that is necessary to identify you for requesting credit reports (including but not limited to your name, address, telephone number, e-mail address, sex and date of birth) may be disclosed to the credit agencies CRIF Ltd. and/or Intrum Ltd.
In particular, the data transmitted by the User to Credaris as part of their enquiry is made available by e-mail to the Personal Loan Providers and their partners for processing accordingly. Credaris works with the following Personal Loan Providers:
- Cembra Money Bank Ltd.
- Bank-now Ltd.
- Migros Bank AG
- RCI Finance SA
- Cornèr Banca Limited
- good finance AG
- bob Finance AG
- Lendora SA
- Banque Cantonale de Genève
Milenia SA works with the following financial service providers:
- Solvable SA
- Resolve SA
- Bebroker SA
The Personal Loan Providers may process and evaluate such data, or have it processed and evaluated, in Switzerland and abroad. This applies in particular to processing and evaluation by third-party service providers in connection with, for example, the completion of business processes, IT security and system control, market research and development, the calculation of business-related credit and market risks, and contract administration tasks such as application and contract processing, debt collection and customer communications. Personal Loan Providers may also use the data for risk management and marketing purposes and analyses in Switzerland and abroad, creating profiles in the process. Personal Loan Providers may offer the User other products and services, including those from group companies of the Personal Loan Provider. Users may withdraw this authorisation at any time. In all cases, Users must withdraw their authorisation directly via the Personal Loan Provider concerned.
Personal Loan Providers, their contractual partners, staff and subcontractors are obliged to comply with the data protection rules pursuant to the Swiss Data Protection Act (Datenschutzgesetz), to observe bank-client confidentiality pursuant to the Swiss Banking Act (Bankengesetz) and to maintain confidentiality. Credaris itself is not subject to banking confidentiality regulations. For the purpose of assessing the loan application and managing the contractual relationship, the User hereby authorises the Personal Loan Providers to obtain information from third parties, especially from banks, external credit rating agencies, credit bureaus, credit intermediaries, employers, the group companies of the Personal Loan Providers, government agencies, authorities (e.g. debt enforcement, land register and tax offices, citizens' registry offices, child and adult protection agencies), the ZEK central office for credit information, the IKO office for consumer credit information and other institutions designated by law or other offices, and to report to the ZEK and IKO, and to other institutions where the corresponding legal obligation exists. The details reported include, in particular, the type of loan or financing, the amount and terms together with the personal details of the applicant and any serious payment default or misuse, if applicable. For the aforementioned purposes the User exempts these bodies to the extent legally permitted and required from bank-client, postal, official and business confidentiality and secrecy obligations. The User acknowledges the right of the ZEK and IKO to provide its members with information on the reported data. Any data embargoes imposed by the User are deemed lifted with respect to Personal Loan Providers. By accepting the Terms of Use, the User agrees that their selected Personal Loan Providers or their contractual partners outside Switzerland may retrieve, process and store certain credit information obtained from third parties about the User, specifically including that obtained from the ZEK and IKO, in connection with application reviews and contract handling.
- In exceptional cases (e.g. suspected misuse), user data may also be disclosed to third parties for the other purposes listed in this Privacy Policy or for purposes provided for in law. Credaris cannot monitor, guarantee or vouch for the compliance of such third parties with the applicable data protection regulations. They process the data for their own purposes and possibly also abroad, where statutory data protections such as those in Switzerland may not exist.
In any event, Credaris may disclose anonymised user data to third parties. This refers to data in a form that does not allow these third parties reasonably to draw any further conclusions as to the identity of the Users concerned, or that makes such conclusions unlikely.
Where and how is the data stored?
In principle, Credaris processes all of the data it collects in Switzerland, and also stores it on systems in Switzerland. However, where external service providers are called in, certain items of Credaris user data may be processed abroad, specifically in Europe and, in exceptional cases, in any country in the world. As a rule Credaris will place these external service providers under a contractual obligation to process the data only in the way in which Credaris itself may process that data. If a recipient is located in a country that does not have an adequate level of statutory data protection, Credaris will contractually oblige that recipient to comply with data protection regulations if they are not already subject to a legally recognised regime to ensure data security and Credaris is not able to rely on a exemption clause in this case. To do so Credaris uses the revised standard contractual wording of the European Commission, which can be accessed here. An exemption may apply in particular to legal proceedings abroad, but also in cases of overriding public interest or if the execution of a contract requires such disclosure, if the User has given their consent or if the data in question has been placed in the public domain by the User, who has not objected to its processing.
The transmission of user data abroad may also result in the disclosure of data to third parties, particularly where Users of Credaris offerings themselves use social media or other third-party offerings, or Users wish their data to be forwarded to third parties. Personal Loan Providers may transmit user data to and have it processed in other countries that may not have data protection regulations of an equivalent standard to those in Switzerland. They may also instruct contractual partners/service providers in such countries to process this data. Data will not be passed on unless the contractual partners/Service Providers undertake in advance to maintain an appropriate level of data protection. Credaris cannot monitor, guarantee or vouch for the third parties' compliance with the applicable data protection regulations.
In connection with the storage and other processing of user data, Credaris, its Partner Intermediaries and Personal Loan Providers take appropriate technical and organisational measures to prevent unauthorised access and otherwise unwarranted processing. Such measures are subject to regular review and are amended where necessary. This also applies to the third parties charged with operating the related systems.
Data transfer and communication between Credaris, the Personal Loan Provider, other third parties with whom Credaris works, and you may be effected electronically, in particular via the internet. Despite the appropriate technical and organisational measures taken by Credaris and the Personal Loan Providers, the internet remains an open, generally accessible network. Accordingly, neither Credaris nor the Personal Loan Providers is able in each individual case to guarantee the confidentiality of data transmitted via the internet. It is therefore possible for third parties to draw conclusions about an existing or forthcoming business relationship (bank-client relationship, if applicable) between the User and the Personal Loan Provider.
Newsletter, commercial communication
In connection with Credaris offerings, Credaris may from time to time send newsletters or other content (including that of a commercial nature) to the address, number or app of any User who has registered with it using their e-mail or any other electronic address or mobile phone number, or who has installed a Credaris app. However, the User may halt the delivery or display of such communications at any time, free of charge. Further information on this facility will be provided at the end of the message in question.
Processing personal data on our pages in social networks
Credaris operates pages and other online sites on social networks and other platforms operated by third parties and processes data about you in connection with this. In doing so, we receive data from you (e.g. if you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms may analyse your use and process this data together with other data available to them regarding you. They also process this data for their own purposes (e.g. marketing and market research and for administering their platforms); to this end, they act as their own controllers. For more information about the processing performed by the platform operators, please consult the privacy policies of the respective platforms.
At present, we use the following platforms. The identity and contact details of each of the platform operators can be found in the respective privacy policy:
- LinkedIn
www.linkedin.com
Privacy policy: https://www.linkedin.com/legal/privacy-policy - Twitter
www.twitter.com
Privacy policy: https://twitter.com/en/privacy
We have the right but are under no obligation to review external content before or after it is published on our online sites, to delete content without prior notice and report it to the provider of the affected platform where appropriate. Some of the platform operators may be located outside Switzerland. For information about the disclosure of data abroad, please consult the section "Where and how is the data stored?" above.
Questions and suggestions, requests for information, correction or deletion
Credaris welcomes questions, remarks, suggestions and criticism concerning the processing of personal data by Credaris. You can contact the respective controller at the contact details provided in the corresponding section above. You can contact Credaris AG as your primary contact at:
Credaris AG
Stauffacherstrasse 16
8004 Zurich
Enquiries from data subjects, such as requests for information, correction or deletion, must be submitted in writing (via post or e-mail), including a copy of your passport or ID card for identification purposes.
Zurich, 29 September 2023