1 Name and address of the data processor
The operator of the website (hereinafter referred to as the “operator”) and therefore the controller/data processor (hereinafter referred to as the “operator”) in terms of the European General Data Protection Regulation (GDPR) and the Swiss Federal Data Protection Act (DPA) is:
+41 41 541 59 61
|The operator of the website, in this case Kreditfabrik AG
|User of the website or its services, in this case you.
|Information which makes it possible for a person to be identified, i.e. information that can be traced back to a particular person. This includes the person's name, email address or telephone number. But data concerning preferences, hobbies, membership or which websites a person has visited is also regarded as personal data.
4 General notes on data protection
The operator only processes the personal data of its users to the extent to which this is necessary in order to provide a functional website and the operator’s contents and services. Personal data are exclusively processed on the basis of a legitimate legal basis, usually the user’s consent. An exception applies in cases where obtaining prior consent is effectively not possible and processing is permitted under statutory provisions.
5 Access data / server log files
5.1 Description and scope of data processing
The operator collects data each time its website is accessed ("server log files"). The collected access data includes:
- Name of the web page, file(s) accessed
- Date and time of the access
- Browser type and version
- The user's operating system
- The referrer URL (the page previously visited)
- The user’s IP address and the requesting providerder
5.2 Legal basis for the processing
The legal basis for the temporary storage of the data and log files is Art. 6 (1) (f) GDPR and Art. 13 (1) and (2) DPA.
5.3 Purpose of data processing
The operator will only use the log data in order to operate and optimise the website, to ensure its security and to carry out statistical evaluations. However, the operator reserves the right to examine the protocol data at a later date if there are specific indications which give rise to a justified suspicion of unlawful use. The data are stored for this purpose.
5.4 Duration of storage
The data are deleted as soon as they are no longer required to achieve the purpose for which they are collected, provided their continued storage is not justified by the overriding interests or statutory obligations of the controller. This is usually the case after 24 hours. Data may be stored beyond this period for the purpose of website optimisation and statistical evaluation. In this case, users’ IP addresses will be deleted or altered so that they can no longer be allocated to the accessing client.
5.5 Objection and removal options
The collection of data and the storage of data in log files are essential prerequisites for providing and operating the website. Consequently, the user has no right to object.
Any storage for other purposes is conducted in anonymised form, which means that no personal data are processed and accordingly no option to object arises.
|Serves to record the language set by the user
|Google Analytics_ga _gid
|See paragraph 8
|2 years 24h
|Contains an anonymous user identification to be able to assign several requests of a user to the same HTTP session.
|Until the browser is closed
|See paragraph 9
Section 9 specifically provides information on the use of Google Analytics.
6.2 Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR and Art. 13 (1) and (2) DPA.
The legal basis for the processing of personal data using cookies for analysis purposes is, provided the user’s consent has been obtained, Art. 6 (1) (a) GDPR and Art. 13 (1) in conjunction with Art. 4 (5) DPA.
6.3 Purpose of data processing
Technically necessary cookies are used for the purpose of facilitating the use of websites for users. Some website functions cannot be offered without cookies. These require that the browser is recognised even after navigation to different pages.
The user data collected by technically necessary cookies are not used to create user profiles.
Analysis cookies are used to improve the quality and contents of the website. Analysis cookies give the operator information about how the website is used and thus enables it to continuously improve its service.
6.4 Duration of storage, Objection and removal options
8 Google Analytics
8.1 Description and scope of data processing
The following data are collected and stored using Google Analytics:
- The user’s IP address and the requesting provider
- Name of the web page, file(s) accessed
- Browser type and version
- The user's operating system
- The referrer URL (the page previously visited)
- The number of pages accessed
- Leaving rate
- Average duration of website visit
The information about the use of this website by the user generated by the cookie is generally sent to a Google server in the USA and stored there. However, users’ IP addresses are shorted and therefore anonymised by the operator prior to transmission to Google. The transmitted data can therefore not be traced to the user. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. The operator has contractual agreements with Google which ensure that Google complies with the provisions of the applicable data protection legislation. The data that the user’s browser sends in the context of Google Analytics will not be amalgamated with other data from Google.
8.2 Legal basis for data processing
The legal basis for the processing of user data using Google Analytics is, provided the user’s consent has been obtained, Art. 6 (1) (a) GDPR and Art. 13 (1) in conjunction with Art. 4 (5) DPA.
8.3 Purpose of data processing
Google will use this information on behalf of the operator in order to analyse users’ use of the website, compile reports on website activity, and provide further services related to website and internet use to the website operator. This enables the operator to continually improve the website and its user friendliness.
8.4 Duration of storage
The data are deleted as soon as they are no longer required for our recording purposes, provided their continued storage is not justified by the overriding interests or statutory obligations of the controller. For this website, this is the case after 14 months.
8.5 Objection and removal options
As with any other cookies, the Google Analytics cookie is stored on the user’s access device. Users may therefore prevent the storage of the cookie by editing the settings in their browser software accordingly. Furthermore, users can prevent the data generated by the cookie concerning their use of the website (including their IP address) from being recorded and sent to Google and also the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout
9 Marketing analysis
9.1 Description and scope of data processing
This website uses a Facebook Pixel, an analytical tool offered by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). When a user clicks on an ad posted by us on Facebook, a cookie is placed by our website through Facebook Pixel. This cookie allows us to collect and store the following data generated by the user while using our website:
- Personal data such as age, gender, country of origin and city
- Information about the device and operating system used
The information collected by this cookie on the use of this website by the user is generally transmitted to a Facebook server in the US, where it is stored. Facebook also collects the data in its own interests and, as the data controller, processes it further for Facebook advertising and analytical purposes. Such processing is carried out under the authority of Facebook in accordance with its data policy (https://www.facebook.com/about/privacy/). On visiting our website, the user is informed about the use of Facebook Pixel and the user’s consent to the processing of personal data used.
9.2 Legal framework for processing data
The legal framework for processing user data is justified by the data controller having legitimate interests in accordance with Art. 6(1)(f) GDPR and Art. 13(1) in conjunction with Art. 4(5) of the Federal Act on Data Protection (DSG).
9.3 Purpose of data processing
On behalf of the operator, Facebook uses this information to analyse the use of the website by the user, to compile reports on website activities and to provide other services related to the use of the website and the effectiveness of advertising measures to the website operator. This enables the operator to constantly improve their website and advertising measures.
9.4 Duration of storage
The data is deleted as soon as it is no longer required for our analytical purposes, unless continued storage is justified by the prevailing interests or legal obligations of the controller.
9.5 Option to opt-out or opt-in
Like other cookies, the Facebook Pixel cookie is also stored on the user’s access device. This means the user can set their browser preferences to prevent cookies from being stored. The user can also opt-out from the use of Facebook Pixel at any time and thus disable Facebook Pixel tracking on this website. To do so, the user can click on the link in Clause 6.4 to set an opt-out cookie.
10 Contacting the operator
10.1 Description and scope of data processing
When users contact the operator (through the contact form or email, for example), all relevant information provided by the user is saved for the purpose of processing the enquiry and in case of subsequent questions.
This includes, in particular, the following information:
- User’s first and last name
- Email address
- Postal address
- Phone number (optional)
Alternatively, the operator can be contacted via the email address provided. In this case, the user’s personal data which are submitted with the email are stored.
10.2 Legal basis for data processing
The legal basis for data processing is, provided the user’s consent has been obtained, Art. 6 (1) (a) GDPR and Art. 13 (1) in conjunction with Art. 4 (5) DPA.
The legal basis for the processing of data which are transmitted in the course of sending an email is Art. 6 (1) (f) GDPR and Art. 13 (1) and (2) DPA. If the email contact aims at the conclusion of a contract, an additional legal basis for the processing is Art. 6 (1) (b) GDPR and Art. 13 (2) (a) DPA.
10.3 Purpose of data processing
The processing of the personal data from the entry form exclusively serves the purpose of handling the enquiry. In the case of contact by email, this also constitutes the required legitimate interest in processing the data. Storing the data for a certain period of time enables us to refer back to it if further questions arise at a later date.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our IT systems.
The operator also reserves the right to keep the conversations held with the user, including the personal data contained therein, for verification purposes.
10.4 Duration of storage
The data are deleted as soon as they are no longer required to achieve the purpose for which they are collected, provided their continued storage is not justified by the overriding interests or statutory obligations of the controller. This is the case when the conversation with the user has finished. The conversation is finished when the circumstances make it apparent that the issue at hand has been conclusively resolved.
This shall be the case when it can be assumed or derived from the circumstances that the situation in question has been resolved and that no further queries are to be expected. The data stored for verification purposes is generally deleted after 14 months. In exceptional cases, a legal obligation or prevailing interest may justify a longer period of retention.
10.5 Objection and removal options
Users may revoke their consent to the processing of their personal data at any time. If users contact us by email or contact form, they may object to the storage of their personal data at any time by email. In this case, we will not be able to continue the conversation. Likewise, during the course of a chat, users may at any time revoke their consent.
All personal data which were saved in the course of contacting the operator will in this case be deleted.
11 User rights
If website users are located in a member state of the EU or an EEA state, the GDPR provides for the following user rights:
11.1 Right to information (Art. 15 GDPR)
Users have the right at any time to request that the controller confirm whether any personal data concerning their person is being processed. If this is the case, users have the right to demand that the controller provide information about the personal data stored, and a copy of these data, free of charge.
11.2 Right to correction (Art. 16 GDPR)
Users have the right to correction and/or completion against the controller if the processed personal data concerning their person are incorrect or incomplete. The operator will implement corrections without undue delay.
11.3 Right to restrict processing (Art. 18 GDPR)
In accordance with Art. 18 GDPR, the user has the right to limit the processing of their personal data.
11.4 Right to erasure (Art. 17 GDPR)
In accordance with Art. 17 GDPR, the user has the right to request that their personal data be deleted. Within the limitations of Section 6.4
11.5 Right to data portability (Art. 20 GDPR)
In accordance with Art. 20 GDPR, the user have the right to obtain the personal data concerning their person which they have provided to the controller in a structured, commonly used and machine-readable format. They furthermore have the right to transmit these data to another controller without interference by the controller to whom the personal data were provided.
11.6 Right to object (Art. 21 GDPR)
Users have the right at any time to object to the processing of personal data concerning their person which takes place on the basis of Article 6 (1) (e) or (f) GDPR for reasons resulting from their specific circumstances; this also applies to any profiling based on these provisions.
If a user objects to the processing for the purposes of direct advertising, the controller will cease to process the personal data concerning his/her person for these purposes.
11.7 Right to withdraw the data protection consent (Art. 7 (3) GDPR)
Users have the right to withdraw their data protection consent at any time. Revoking their consent does not affect the legality of the data processing which has taken place on the basis of consent before the time of withdrawal.
11.8 Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, users have the right to complain to a supervisory authority, particularly in the member state of their place of residence, if they believe that the processing of the personal data concerning their person breaches the GDPR.
The supervisory authority to which the complaint was submitted will inform the complainant of the status and outcome of the complaint, including the possibility of a legal remedy, according to Art. 78 GDPR.