Privacy policy on the processing of personal data of creditfinanz.ch

According to the Federal Data Protection Act (FDPA), Regulation (EU) 2016/679 (GDPR) and Directive 2002/58/CE (eDirective)we provide you with the necessary information regarding the processing of personal data collected and processed during your experience on our website www.creditfinanz.ch

1. CATEGORIES OF PERSONAL DATA PROCESSED | DEFINITIONS

The personal data provided by you – or otherwise acquired in compliance with the legislative and contractual provisions in force – inherent in, connected with and/or instrumental to the assessment of your experience on our website, will be processed in compliance with the provisions privacy laws and the obligations of confidentiality applicable to you.

Personal Data: all information relating to an identified or identifiable person.

In particular, we will process the following personal data: browsing data (for information on data collected through cookies, please see our Cookie Policy); data provided voluntarily by the user (when sending the form in the “Online Request” area of our website, such as: name, surname, email address, telephone number).

We specify that the computer systems responsible for the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and devices used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer.

Data subjects: natural or legal persons whose data is processed (also referred to as “you”).

Processing: any operation with personal data, irrespective of the means applied and the procedure, and in particular the collection, storage, use, revision, disclosure, archiving or destruction of data.

Disclosure: making personal data accessible, for example by permitting access, transmission or publication.

2. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

The company that determines the purposes and means of this processing of personal data is CREDITFINANZ SA, a company under Swiss law with registered office in Via Trevano 72, 6904 Lugano (also referred to as “CREDITFINANZ” or the “Data Controller” or the “Company” or “we”).

The contact details of the Data Controller are as follows: privacy@creditfinanz.ch

3. PURPOSES OF THE PROCESSING | JUSTIFICATION | DATA RETENTION PERIOD

PURPOSE OF THE PROCESSING	JUSTIFICATION \| LEGAL BASIS	DATA RETENTION PERIOD
a) Activities strictly necessary for the navigation on this website, and to control website’s correct functioning.	Overriding interest \| Legitimate interest of the Data Controller.	Data will be retained until the end of the browsing session. For personal data processed with technical cookies, please read our Cookie Policy.
b) Obtaining anonymous statistical information on the use of the website.	Please read our Cookie Policy.	Please read our Cookie Policy.
c) Reply to requests received through the “Online request” area, on this website.	Overriding interest of the Data Controller \| Processing is necessary to take steps at the request of the data subject prior to entering into a contract.	Data will be kept for as long as necessary to achieve the purpose and, in any case, no longer than 1 year after receipt of the request.

3.1 MEANS OF DATA PROCESSING

The processing will be carried out in automated and/or manual form, using methods and tools designed to ensure maximum security and confidentiality, by subjects specially trained to do so. The personal data collected will be kept in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed.

4. RECIPIENTS OF PERSONAL DATA

We may share your personal information with employees and/or staff acting under the Data Controller’s authority (duly instructed for the former purposes), as well as third parties contractually linked to CREDITFINANZ, in order to fulfill contractual obligations and achieve one or more of the aforesaid purposes of processing. Such third parties will process your data in their capacity as data processors, or as independent data controllers. More in detail, we may share your personal information to the following categories of recipients: a) subjects who provide services related to the functioning of this website, the information system of CREDITFINANZ and the telecommunications networks (e.g., hosting provider, webmaster); b) firms or companies within the scope of assistance and consultancy relations (e.g. web agencies); c) competent Authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request.

5. TRANSFERS OF PERSONAL DATA OUTSIDE THE CONFEDERATION

This website is hosted in Switzerland and data transfer outside the Confederation is not envisaged.

6. RIGHTS OF THE DATA SUBJECT

According to the FDPA, you have the following rights (non-exhaustive list):

to obtain the rectification of inaccurate or obsolete personal data;
to be informed in writing and free of charge if personal data concerning you are being processed;
prevent the communication to third parties of sensitive personal data;
to obtain the portability of personal data or to demand their transmission to a third party;
to request the restriction or blocking of data processing, the prevention of data disclosure to third parties or rectification or destruction of personal data;
the right to request that a given processing of personal data be prohibited, that a given communication of personal data to third parties be prohibited, or that certain personal data be deleted or destroyed;
if neither the correctness nor the inaccuracy of the personal data can be proved, to request that a note be added to the data to indicate its disputed nature;
to request that the rectification, destruction, blocking, in particular the communication to third parties, as well as the mention of the disputed character or the judgment be communicated to third parties or published;

to have the unlawfulness of the processing of personal data declared.

According to the GDPR, you have the following rights:

to obtain from the controller confirmation as to whether or not personal data concerning you are being processed (Access);
to obtain from the controller without undue delay the rectification of inaccurate personal data concerning (Rectification);
to obtain from the controller the erasure of personal data concerning you (Erasure);
to obtain from the controller restriction of processing (Restriction);
to receive the personal data concerning you, which you provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (Data portability);

to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you (Objection).

With the exemption of any other administrative or jurisdictional remedy, if the user considers that the processing of his or her data breaches the provisions of the FDPA, he or she has the right to file a complaint with the competent supervisory authority (for Switzerland: the Federal Data Protection and Transparency Commissioner; for the European Economic Area, you can visit the website of the European Data Protection Board here https://edpb.europa.eu/about-edpb/about-edpb/members_en).

You may exercise your rights under the FDPA and the GDPR (insofar as they are applicable) by contacting the Data Controller by writing at the above-indicated contacts.

7. ADDITIONAL INFORMATION | MODIFICATIONS | UPDATES

We do not sell any of the personal data we process.

The Data Controller reserves the right to revise, update, add or remove any part of the present privacy policy at its own discretion and at any time. In case of modifications, the date of update will be indicated.

Date of last update: October 6, 2022