ACREDIUS - UPDATE 24th July 2018
Privacy and security are very important to ACREDIUS AG registered in Zürich, Switzerland. We respect the confidentiality of the personal and other sensitive information you share with us in trust during the use of our online platform and any other business activity with ACREDIUS AG. The following data privacy statement will provide information about how we ensure data security on our platform, which data is collected and how the provided data is processed, used and protected in compliance with the regulations of the Swiss Data Protection Act as well with the EU General Data Protection Regulation (GDPR).
Our website and our emails may contain links to third party companies. We have no influence and are not responsible on how these companies comply with data. We recommend that you read their own data privacy statements which may differ from ours.
Our data privacy statement is updated from time to time without prior information and only the most recent statement is valid. We recommend you reading the updated data privacy statement on a regular basis.
By using our website and, in case of the creation of a user account, you declare to accept the subsequently described data privacy statement, including data collecting, editing and usage.
2. DATA CONTROLLER AND OWNER
3. WHICH DATA IS COLLECTED, PROCESSED AND USED?
The type and extent of a data collected, and usage differ on how you use our website: only for information or after registration with a personal login.
a. USAGE OF THE WEBSITE WITHOUT REGISTRATION – INFORMATION WE AUTOMATICALLY COLLECT ABOUT YOU
Part of our website can be used without registration. As a non-registered user, no personal data is going to be collected, except of the data automatically recorded by our web server or by third parties while visiting our website. Such computer related data can include the IP addresses or domain names of the computers utilised by the users who use our site, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilised to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the time zone setting, the features of the browser and the operating system utilised by the user, the time details per visit and the details about the path followed within our site with special reference to the sequence of page visited, and the parameters about the device system and/or the user’s IT environment.
This data does not contain any personal information and cannot be attributed to a specific person.
b. ELICITATION OF PERSONAL DATA – INFORMATION YOU GIVE US
We primarily process personal data that we obtain from our clients and other business partners as well as other individuals in the context of our business relationships with them or that we collect from users when operating our websites and other applications.
Personal data is related to a certain person and allows to draw conclusions about user’s identity. While visiting and using our website, subscribing to our newsletter service, applying to an open position at ACREDIUS AG or by corresponding with us by phone, email or otherwise, we collect, save and edit among others the following personal data:
User data provided by yourself by filling out the forms on our website, such as any information at the entry to the registration site or the subscription to the newsletter (e.g. personal details like name, date of birth, marital status, address, phone number, e-mail-address, profession, LinkedIn profile information, education and additional information provided by the user should he send us his resume etc.). This information can always be updated under your user account.
Further information, that are required for the usage and performance of services via our website, in relation to the risk class assessment, to the loan project, the loan agreement or the purchase and assignment contract, such as financial information (e.g. your bank account and income details, as well as potentially your business plan, etc.).
This information may come from:
- You, when you use our lending platform; e.g. when you apply for a loan (including if your application is declined) or ask us to provide you with a personalised rate
- The way you use your account
- Your digital devices
- Your interactions with us, including information you may voluntarily share with us
- Credit reference agencies (who may check the information against other databases – public and private – to which they have access) or fraud prevention agencies
- Marketing lists we’ve bought or rented from third parties, which contain the consent of listed individuals (including you) to receive marketing materials from us
Users are responsible for any third-party personal data obtained, published or shared through our platform and confirm that they have the third party’s consent to provide the data to the owner.
ACREDIUS only collects data which is required for the performance of requested services. No further personal data is collected, as long as you don’t supply them with your agreement.
4. WHY AND HOW DATA IS COLLECTED?
The Swiss Data Protection Act allows us to use your personal and non-personal information provided we have a legal basis for doing so. The legal basis that we rely on to use your information include:
- You’ve given us your consent.
- We need to use your information to perform our obligations under our agreement with you
- We need to use your information, so we can comply with a law we’re subject to (such like Anti-Money Laundering Act)
- We (or a third party) have a legitimate interest in using your information which isn’t out weighted by your interests or fundamental rights and freedoms
By providing data, you agree with transferring and saving data by us. More in details, we collect, save and use data to be able to provide our services, as well as for the following purposes: Analytics, contacting the user, providing the newsletter, recruiting:
On our platform, we use technologies such as cookies to collect certain information and to design the website according to your needs. Cookies have the purpose to ease communication and web-usage. Therefore, we cooperate with third-party contractors, which help us to collect this data. The data which are generated through the tracking code and the cookie at user’s visit on our platform can be transmitted to third-party suppliers, which provide the service, for analytic purposes. Cookies with whom tracking data are collected don’t receive personal data which means that the IP-address is shortened immediately on user’s device and therefore anonymised. Thus, an anonymised transmission and saving of the data is secured. These data are collected for the purpose of continuous optimisation of our web performance such as on the improvement of our advertising measures. From the respective website of a third- party supplier you can obtain detailed disclosure about the data that is collected by the respective supplier. You can avoid the collecting of your data with the help of add-ons.
We mainly use Google Analytics (Google Inc.) which is a web analysis service provided by Google Inc. (“Google”) or similar services on our website. Google utilises the data collected to track and examine the use of this site, to prepare reports on its activities and share them with other Google services. Google may use the data collected to contextualise and personalise the ads of its own advertising network.
Opt out is possible via: https://tools.google.com/dlpage/gaoptout?hl=en
Personal and non-personal data collected: Cookies and usage data. For further details, check our Cookies Policy.
b. CONTACTING THE USER
By filling in the contact form with their data, the user authorises ACREDIUS AG to use these details to reply to requests for information, quotes or any other kind of request as applicable in each form.
Personal data collected are among others: first name, last name, address, nationality, copy of ID, company name, country, email address, phone number, profession and ZIP/Postal Code, bank account details when applicable.
By subscribing to the newsletter, the user authorises ACREDIUS AG to use the email address to provide the newsletter to the user. You may unsubscribe from the newsletter at any time.
Personal data collected: first name, last name, email address.
By applying to the job board and filling in the form with their data, the user authorises the data controller to use the details to recruit employees.
Personal data collected: Cookies and usage data, address, country, email address, first name, last name, phone number, profession, ZIP/Postal Code, LinkedIn profile Information, education and additional information provided by the user within the resume.
e. INTERACTION WITH SOCIAL NETWORKS
We use social plugins (the plugins) of the social networks LinkedIn.com. Others, such as facebook.com, twitter.com, and plus.google.com might be added in future. The plugins are marked with the logo of the respective social network.
By calling up a website that contains plugins, a direct connection to the servers of the respective social network is established. The contents of the plugins are transmitted from the respective social network directly to the browser and integrated by the latter into the website. The call of the corresponding website is forwarded by integration of the plugins to the social network.
If the user is logged in to the respective social network, this can assign the visit to the user account of the respective social network. When interacting with the plug-ins, for example when clicking on the “Like” button from Facebook or when submitting a comment, the browser sends the corresponding information directly to the respective social network, which stores the information.
ACREDIUS is neither connected to third-party contractors whose websites are integrated through plugins nor responsible for them in any kind. Even if you’re not a member of the social network or not logged in to, it is still possible that the IP-address is transmitted and saved.
5. DATA TRANSFER AND TRANSFER OF DATA ABROAD
ACREDIUS can transfer collected data for the above-mentioned purposes to cooperation partners and to third parties in Switzerland or abroad. The respective data-recipients that have access to the data collected by ACREDIUS are obligated to respect data security. Third parties may use the data only for order purposes of ACREDIUS and not for their own purposes. For cross-border data transfer we secure through agreements with the data-recipients that they obligate themselves to an appropriate data-security.
We may share your information with the following third parties in particular so that we can use your information for the purposes described above.
Credit reference and fraud prevention agencies
Controlling authorities, legal authorities and other responsible people if explicitly legitimate by an applicable law
Collection agencies and lawyers to help us collect any money you owe us
Our suppliers, sub-contractors and third-party data processors
Retailers from whom you’ve purchased goods or services using loans provided by us
Anyone to whom we may transfer all or part of our assets
If we are unable to offer you a loan and if you consent, to credit brokers or other lenders who may be able to arrange credit for you
We may provide investors with certain transactional information (for example loan amount and repayment details). If you’re an investor on our platform and we give you blinded information about the borrower of the project you’ll be investing in, you must only use it to discuss your investment with us.
Furthermore, for borrowers, you agree that the title of your project will be visible to all visitors of the website. The short project description provided by you will be also visible by registered investors. We will not share any personal data with any other platform user, unless borrowers provide these personal data in their project description, which will be visible to registered investors. We won’t disclose customer information to other users of ACREDIUS unless it’s necessary to enforce a loan contract.
We will not be responsible for misuse of transactional data by others, but you must inform us promptly if you are the victim of any misuse of that information.
We currently only transfer your data in Switzerland or to the European Economic Area (EEA). If in the future we do transfer your data outside the EEA, we will comply with the applicable law.
Whenever fraud prevention and credit reference agencies transfer your information outside the EEA or, we require that they comply with the law to the standard required in the EEA or Switzerland. They may also require recipients to subscribe to ‘international frameworks’ intended to enable secure data sharing.
a. CREDIT REFERENCE AGENCIES
When you ask us to provide you with a personalised loan rate we’ll supply your personal information to credit reference agencies (CRAs) and carry out a ‘soft credit search’ to establish your credit rating. This is a preliminary credit check and will give us an overall view of your financial health (including your credit score) but not your full credit report. This will help us determine whether your application will be successful and how much you can borrow and at what interest rate.
The CRAs will record our search but other lenders won’t be able to see it and it won’t affect your credit score. It is only when you accept our offered quote that we will carry out a full search of your credit report. CRAs will supply to us both public (including electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Assess your credit worthiness and whether you can afford to take the loan
- Verify the accuracy of the information you have provided us
- Prevent criminal activity, fraud and money laundering
- Manage your account
- Trace and recover debts
- Ensure any offers provided to you are appropriate to your circumstances
We’ll go on sharing your personal information with CRAs for as long as you are a customer. We will also inform CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. They may also provide this information to other organisations.
As a general rule, we’ll give you at least 28 days’ notice if we decide to file a default on your credit reference file. However, we may not always give you notice beforehand, for example, if we plan to take court action.
If you are an investor or a perspective investor we may conduct searches with credit reference agencies to verify your identity and bank account details.
ACREDIUS AG works in particular with CRIF AG, with site in Zurich, Switzerland. For further details on its role also as fraud prevention agency the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights please refer to CRIF https://www.crif.ch/en/consumers-area/frequently-asked-questions/ or at info.ch(at)crif.com.
b. FRAUD PREVENTION AGENCIES
If you give us false or inaccurate information or if we suspect or identify fraud we may record this and may also pass this information to fraud prevention agencies and other organisations involved in crime and fraud prevention including law enforcement agencies. We and other organisations may access and use this information to prevent fraud, money laundering or other criminal activity.
Fraud prevention agencies may hold your information for different periods of time.
6. AUTOMATED DECISIONS
When you apply for a loan we’ll use an automated process to decide whether to lend to you, i.e. we may make our decision without any human involvement. This helps us to make fair and responsible lending decisions.
The process works by taking information you’ve provided when applying for the loan, any information we already have about you and information we obtain from third parties such as credit reference and fraud prevention agencies to calculate a credit score for you.
This information may include:
- How long your legal entity exists
- How long you are involved in
- How long lived at your address
- Your account history with us
- The number and type of credit agreements you have and how you’ve used them
- Whether you’ve been late making payments
- Whether you’ve had any court judgments made against you or whether you’ve been made bankrupt or had an individual voluntary arrangements (IVA) or other form of debt-related arrangement.
Using an automated credit scoring process means we may automatically decide that we are unable to offer you a loan, or only offer you a loan for a lower amount and/or shorter term that you requested. It also means that we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behavior to be consistent with money laundering or known fraudulent activity, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity.
Our credit scoring methods are regularly tested to ensure they remain fair, accurate and unbiased.
7. STORAGE, DATA SECURITY AND TRANSFER OF DATA TO THIRD PARTIES
Personal data shall be processed in accordance with all applicable data protection laws (including any revisions). Personal data means any information regarding a natural person, a legal person, an institution or an association, which is, or can be, identified, even indirectly, by reference to any other information, including a personal identification number. Such personal data will mainly include names, addresses, email addresses as well as additional personal or corporate data, such as we may collect in individual cases.
The data collected by ACREDIUS are under the highest confidentiality standards and are treated with outmost care and discretion. For the protection from non-authorised access, destruction, misuse, disclosure and/or manipulation ACREDIUS has implemented adequate technical and organisational measures.
The data processing is carried out using computers and/or IT enabled tools, following organisational procedures and modes strictly related to the purposes indicated. In addition to the data controller, in some cases, the data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, marketing, legal, system administration) or external parties in Switzerland or abroad (such as third party technical service, providers, mail carriers, hosting providers, IT companies, communication agencies) appointed, if necessary, as data processors by the owner. The updated list of these parties may be requested from the data controller at any time.
All data are stored on servers within Switzerland, whose data centres fulfil the highest requirements and only for as long as the purpose or legal regulations require.
8. RETAINING YOUR INFORMATION
Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.
We process and retain your personal data as long as required for the performance of our contractual obligation and compliance with legal obligations or other purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations.
Personal data may be retained for the period during which claims can be asserted against our company or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g., for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymised, to the extent possible. In general, shorter retention periods of no more than twelve months apply for operational data (e.g., system logs).
9. DISCLOSURE / DELETION OF DATA / YOUR RIGHTS
In accordance with and as far as provided by applicable law, you have the right to access, rectification and erasure of your personal data, the right to restriction of processing or to object to our data processing in addition to right to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims. If exercising certain rights will incur costs on you, we will notify you thereof in advance.
We have already informed you of the possibility to withdraw consent. Please further note that the exercise of these rights may be in conflict with your contractual obligations and this may result in consequences such as premature contract termination or involve costs. If this is the case, we will inform you in advance unless it has already been contractually agreed upon.
In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents where your identity is not evident otherwise or can be verified in another way). In order to assert these rights, please contact us at support(at)acredius.ch.
In addition, every data subject has the right to enforce your rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
When you apply for a loan we’ll use an automated process to decide whether we accept your application, to be shown to our pool of investors. If we decline your application, you can ask for a review of our decision by email at support(at)acredius.ch. Your request should be motivated by significant elements.
There may be occasions when you wish to exercise one of your rights and we’re unable to agree to your request, e.g. because we have compelling legitimate grounds for using your information, or because we need to keep your information to comply with a legal obligation.
10. DISCLAIMER – KEEPING YOUR INFORMATION SAFE
We take your privacy seriously and take every reasonable measure to keep your information secure. We monitor our systems 24/7 and continually work to improve the security of your personal information and our systems.
While we use all reasonable efforts to safeguard your personal information, you should be aware that the use of the internet is not entirely secure, and we can’t guarantee the security or integrity of any personal information that is transferred from you or to you via the internet. Unauthorised third parties may access information exchanged via the aforementioned channels and data may be damaged or altered in content. If personal data are disclosed abroad, the personal data in the country of the recipient are not in all cases subject to protection equivalent to that of Switzerland. ACREDIUS assumes no liability for the security of electronically transmitted data.
This data privacy statement scopes for all data which we receive due to your usage of our website. It doesn’t involve the contents of third-party websites, even if you get to those third-party websites through links on our website. We don’t have any influence on the content, data editing and data management of third-party websites and can therefore not take responsibility for them. We ask you to consider the specific data privacy statements of the respective third-party websites.
ACREDIUS AG handles your personal data in compliance with the applicable laws and regulations, in particular the Swiss Data Privacy Law.
12. CONSEQUENCES OF NOT PROVIDING US WITH YOUR PERSONAL INFORMATION
You don’t have to provide us with your personal information. However, we need your information partly because the law requires us to ask for certain details about you and partly so that we can offer products and services to you in accordance with our agreement with you. This means that if you don’t provide us with the information we ask for, we might not be able to offer you our full services.