Data protection
1 Name and address of the data processor
The operator of the website (hereinafter referred to as the “operator”) and therefore the controller/data processor (hereinafter referred to as the “operator”) in terms of the European General Data Protection Regulation (GDPR) and the Swiss Federal Data Protection Act (DPA) is:
Kreditfabrik AG
Bergstrasse 66
CH-8810 Horgen
+41 41 541 59 61
E-Mail
2 Name and address of the Data Protection Officer
The operator’s Data Protection Officer is:
Marc Pfister
PEAX AG
Pilatusstrasse 28
6003 Luzern
E-Mail
3 Definitions
Definition | Explanation |
---|---|
Operator | The operator of the website, in this case Kreditfabrik AG |
User | User of the website or its services, in this case you. |
Personal data | Information which makes it possible for a person to be identified, i.e. information that can be traced back to a particular person. This includes the person's name, email address or telephone number. But data concerning preferences, hobbies, membership or which websites a person has visited is also regarded as personal data. |
4 General notes on data protection
The operator only processes the personal data of its users to the extent to which this is necessary in order to provide a functional website and the operator’s contents and services. Personal data are exclusively processed on the basis of a legitimate legal basis, usually the user’s consent. An exception applies in cases where obtaining prior consent is effectively not possible and processing is permitted under statutory provisions.
5 Access data / server log files
5.1 Description and scope of data processing
The operator collects data each time its website is accessed ("server log files"). The collected access data includes:
- Name of the web page, file(s) accessed
- Date and time of the access
- Browser type and version
- The user's operating system
- The referrer URL (the page previously visited)
- The user’s IP address and the requesting providerder
5.2 Legal basis for the processing
The legal basis for the temporary storage of the data and log files is Art. 6 (1) (f) GDPR and Art. 13 (1) and (2) DPA.
5.3 Purpose of data processing
The operator will only use the log data in order to operate and optimise the website, to ensure its security and to carry out statistical evaluations. However, the operator reserves the right to examine the protocol data at a later date if there are specific indications which give rise to a justified suspicion of unlawful use. The data are stored for this purpose.
5.4 Duration of storage
The data are deleted as soon as they are no longer required to achieve the purpose for which they are collected, provided their continued storage is not justified by the overriding interests or statutory obligations of the controller. This is usually the case after 24 hours. Data may be stored beyond this period for the purpose of website optimisation and statistical evaluation. In this case, users’ IP addresses will be deleted or altered so that they can no longer be allocated to the accessing client.
5.5 Objection and removal options
The collection of data and the storage of data in log files are essential prerequisites for providing and operating the website. Consequently, the user has no right to object.
Any storage for other purposes is conducted in anonymised form, which means that no personal data are processed and accordingly no option to object arises.
6 Use of cookies
6.1 Description and scope of data processing
The operator’s website uses cookies. Cookies are small files that make it possible to store information specific to the user's access device (PC, smartphone or similar) in order to enable the device to be recognised when the website is next accessed. On the one hand, they serve to make websites user friendly for their users (e.g. by storing login data). On the other hand, they serve to record statistical data concerning the use of the website. This data can then be analysed to improve the website.
The operator’s website uses the following cookies:
Name | Purpose | Storage time | Technically necessary |
---|---|---|---|
FluentLocale | Serves to record the language set by the user | 2 months | Yes |
Google Analytics_ga _gid | See paragraph 8 | 2 years 24h | No |
PHPSESSID | Contains an anonymous user identification to be able to assign several requests of a user to the same HTTP session. | Until the browser is closed | Yes |
Facebook Pixel | See paragraph 9 | 28 days | No |
When our website is accessed, users are informed of the use of cookies for analysis purposes and their consent to the processing of the personal data used in this context is obtained. This notification also contains a reference to this Privacy Policy.
Section 9 specifically provides information on the use of Google Analytics.
6.2 Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR and Art. 13 (1) and (2) DPA.
The legal basis for the processing of personal data using cookies for analysis purposes is, provided the user’s consent has been obtained, Art. 6 (1) (a) GDPR and Art. 13 (1) in conjunction with Art. 4 (5) DPA.
6.3 Purpose of data processing
Technically necessary cookies are used for the purpose of facilitating the use of websites for users. Some website functions cannot be offered without cookies. These require that the browser is recognised even after navigation to different pages.
The user data collected by technically necessary cookies are not used to create user profiles.
Analysis cookies are used to improve the quality and contents of the website. Analysis cookies give the operator information about how the website is used and thus enables it to continuously improve its service.
6.4 Duration of storage, Objection and removal options
Cookies are stored on the user’s access device and transmitted by the same to our website. Users can therefore influence the use of cookies. Most browsers have an option allowing the storage of cookies to be restricted or prevented entirely. However, please note that the use of the website, particularly user convenience, will be restricted if cookies are not enabled. Many online advertisement cookies of companies can be managed through the US website https://www.aboutads.info/choices/ or the EU website https://www.youronlinechoices.com/uk/your-ad-choices/.
By clicking on this link, users can withdraw their consent to the use of cookies that are not technically required.
7 Newsletter
7.1 Description and scope of data processing
The operator’s website offers the option to subscribe to a free newsletter. This option can be chosen either by ticking the newsletter check box in the contact form or by completing the newsletter form at the bottom of the website. When either of these forms are sent, the data contained in the entry form will be transmitted to the operator. This includes:
- User’s first and last name
- Email address
- Postal address
- Phone number (optional)
In addition, the following data are collected when the newsletter is subscribed to:
- IP address of the requesting user
- Time of newsletter subscription
- Set language on the website
During the subscription process, the users’ consent to data processing is obtained and reference is made to this Privacy Policy.
7.2 Legal basis for data processing
The legal basis for data processing following the user’s subscription to the newsletter is, provided the user’s consent has been obtained, Art. 6 (1) (a) GDPR and Art. 13 (1) in conjunction with Art. 4 (5) DPA.
7.3 Purpose of data processing
The user’s email address is collected in order to send the newsletter. The user’s name is collected in order to personalise the newsletter.
The other data listed in Section 8.1 and 8.2 are collected on the one hand to improve the newsletter and analyse the time and manner in which the newsletter is read, and on the other to prevent the misuse of the service or the email address used.
7.4 Duration of storage
The data are deleted as soon as they are no longer required to achieve the purpose for which they are collected, provided their continued storage is not justified by the overriding interests or statutory obligations of the controller. Subscribers’ email addresses and names are therefore only stored for as long as the newsletter subscription is active. The same applies to the other personal data collected in the course of the subscription process.
The data collected and stored in the context of success measurement are deleted within 14 months following their evaluation.
7.5 Objection and removal options
Users may cancel their subscription at any time. Every newsletter contains a link for this purpose.
This also enables users to revoke their consent to the storage of the personal data collected during the subscription process and success measurement.
8 Google Analytics
8.1 Description and scope of data processing
This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses cookies, text files that are stored on your computer, which make it possible to analyse your use of the website.
The following data are collected and stored using Google Analytics:
- The user’s IP address and the requesting provider
- Name of the web page, file(s) accessed
- Browser type and version
- The user's operating system
- The referrer URL (the page previously visited)
- The number of pages accessed
- Leaving rate
- Average duration of website visit
The information about the use of this website by the user generated by the cookie is generally sent to a Google server in the USA and stored there. However, users’ IP addresses are shorted and therefore anonymised by the operator prior to transmission to Google. The transmitted data can therefore not be traced to the user. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. The operator has contractual agreements with Google which ensure that Google complies with the provisions of the applicable data protection legislation. The data that the user’s browser sends in the context of Google Analytics will not be amalgamated with other data from Google.
When our website is accessed, users are informed of the use of Google Analytics and their consent to the processing of the personal data used in this context is obtained. This notification also contains a reference to this Privacy Policy.
8.2 Legal basis for data processing
The legal basis for the processing of user data using Google Analytics is, provided the user’s consent has been obtained, Art. 6 (1) (a) GDPR and Art. 13 (1) in conjunction with Art. 4 (5) DPA.
8.3 Purpose of data processing
Google will use this information on behalf of the operator in order to analyse users’ use of the website, compile reports on website activity, and provide further services related to website and internet use to the website operator. This enables the operator to continually improve the website and its user friendliness.
8.4 Duration of storage
The data are deleted as soon as they are no longer required for our recording purposes, provided their continued storage is not justified by the overriding interests or statutory obligations of the controller. For this website, this is the case after 14 months.
8.5 Objection and removal options
As with any other cookies, the Google Analytics cookie is stored on the user’s access device. Users may therefore prevent the storage of the cookie by editing the settings in their browser software accordingly. Furthermore, users can prevent the data generated by the cookie concerning their use of the website (including their IP address) from being recorded and sent to Google and also the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout
9 Marketing analysis
9.1 Description and scope of data processing
This website uses a Facebook Pixel, an analytical tool offered by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). When a user clicks on an ad posted by us on Facebook, a cookie is placed by our website through Facebook Pixel. This cookie allows us to collect and store the following data generated by the user while using our website:
- Personal data such as age, gender, country of origin and city
- Information about the device and operating system used
The information collected by this cookie on the use of this website by the user is generally transmitted to a Facebook server in the US, where it is stored. Facebook also collects the data in its own interests and, as the data controller, processes it further for Facebook advertising and analytical purposes. Such processing is carried out under the authority of Facebook in accordance with its data policy (https://www.facebook.com/about/privacy/). On visiting our website, the user is informed about the use of Facebook Pixel and the user’s consent to the processing of personal data used.
9.2 Legal framework for processing data
The legal framework for processing user data is justified by the data controller having legitimate interests in accordance with Art. 6(1)(f) GDPR and Art. 13(1) in conjunction with Art. 4(5) of the Federal Act on Data Protection (DSG).
9.3 Purpose of data processing
On behalf of the operator, Facebook uses this information to analyse the use of the website by the user, to compile reports on website activities and to provide other services related to the use of the website and the effectiveness of advertising measures to the website operator. This enables the operator to constantly improve their website and advertising measures.
9.4 Duration of storage
The data is deleted as soon as it is no longer required for our analytical purposes, unless continued storage is justified by the prevailing interests or legal obligations of the controller.
9.5 Option to opt-out or opt-in
Like other cookies, the Facebook Pixel cookie is also stored on the user’s access device. This means the user can set their browser preferences to prevent cookies from being stored. The user can also opt-out from the use of Facebook Pixel at any time and thus disable Facebook Pixel tracking on this website. To do so, the user can click on the link in Clause 6.4 to set an opt-out cookie.
10 Contacting the operator
10.1 Description and scope of data processing
When users contact the operator (through the contact form or email, for example), all relevant information provided by the user is saved for the purpose of processing the enquiry and in case of subsequent questions.
This includes, in particular, the following information:
- User’s first and last name
- Email address
- Postal address
- Phone number (optional)
During the process of sending the contact form, your consent to data processing is obtained and reference is made to this Privacy Policy.
Alternatively, the operator can be contacted via the email address provided. In this case, the user’s personal data which are submitted with the email are stored.
Users are informed in advance of the data processing and this Privacy Policy and their consent is obtained in the course of contacting the operator via the contact form or the chat.
10.2 Legal basis for data processing
The legal basis for data processing is, provided the user’s consent has been obtained, Art. 6 (1) (a) GDPR and Art. 13 (1) in conjunction with Art. 4 (5) DPA.
The legal basis for the processing of data which are transmitted in the course of sending an email is Art. 6 (1) (f) GDPR and Art. 13 (1) and (2) DPA. If the email contact aims at the conclusion of a contract, an additional legal basis for the processing is Art. 6 (1) (b) GDPR and Art. 13 (2) (a) DPA.
10.3 Purpose of data processing
The processing of the personal data from the entry form exclusively serves the purpose of handling the enquiry. In the case of contact by email, this also constitutes the required legitimate interest in processing the data. Storing the data for a certain period of time enables us to refer back to it if further questions arise at a later date.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our IT systems.
The operator also reserves the right to keep the conversations held with the user, including the personal data contained therein, for verification purposes.
10.4 Duration of storage
The data are deleted as soon as they are no longer required to achieve the purpose for which they are collected, provided their continued storage is not justified by the overriding interests or statutory obligations of the controller. This is the case when the conversation with the user has finished. The conversation is finished when the circumstances make it apparent that the issue at hand has been conclusively resolved.
This shall be the case when it can be assumed or derived from the circumstances that the situation in question has been resolved and that no further queries are to be expected. The data stored for verification purposes is generally deleted after 14 months. In exceptional cases, a legal obligation or prevailing interest may justify a longer period of retention.
10.5 Objection and removal options
Users may revoke their consent to the processing of their personal data at any time. If users contact us by email or contact form, they may object to the storage of their personal data at any time by email. In this case, we will not be able to continue the conversation. Likewise, during the course of a chat, users may at any time revoke their consent.
All personal data which were saved in the course of contacting the operator will in this case be deleted.
11 User rights
If website users are located in a member state of the EU or an EEA state, the GDPR provides for the following user rights:
11.1 Right to information (Art. 15 GDPR)
Users have the right at any time to request that the controller confirm whether any personal data concerning their person is being processed. If this is the case, users have the right to demand that the controller provide information about the personal data stored, and a copy of these data, free of charge.
11.2 Right to correction (Art. 16 GDPR)
Users have the right to correction and/or completion against the controller if the processed personal data concerning their person are incorrect or incomplete. The operator will implement corrections without undue delay.
11.3 Right to restrict processing (Art. 18 GDPR)
In accordance with Art. 18 GDPR, the user has the right to limit the processing of their personal data.
11.4 Right to erasure (Art. 17 GDPR)
In accordance with Art. 17 GDPR, the user has the right to request that their personal data be deleted. Within the limitations of Section 6.4
11.5 Right to data portability (Art. 20 GDPR)
In accordance with Art. 20 GDPR, the user have the right to obtain the personal data concerning their person which they have provided to the controller in a structured, commonly used and machine-readable format. They furthermore have the right to transmit these data to another controller without interference by the controller to whom the personal data were provided.
11.6 Right to object (Art. 21 GDPR)
Users have the right at any time to object to the processing of personal data concerning their person which takes place on the basis of Article 6 (1) (e) or (f) GDPR for reasons resulting from their specific circumstances; this also applies to any profiling based on these provisions.
If a user objects to the processing for the purposes of direct advertising, the controller will cease to process the personal data concerning his/her person for these purposes.
11.7 Right to withdraw the data protection consent (Art. 7 (3) GDPR)
Users have the right to withdraw their data protection consent at any time. Revoking their consent does not affect the legality of the data processing which has taken place on the basis of consent before the time of withdrawal.
11.8 Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, users have the right to complain to a supervisory authority, particularly in the member state of their place of residence, if they believe that the processing of the personal data concerning their person breaches the GDPR.
The supervisory authority to which the complaint was submitted will inform the complainant of the status and outcome of the complaint, including the possibility of a legal remedy, according to Art. 78 GDPR.