1. Scope
This privacy policy stipulates how SwissFEX AG, Hardturmstrasse 253, CH-8005 Zürich ( hereinafter „SwissFEX“ or „we“) processes personal data of its webusers and customers („you“) who provide personal data on its website and/or mobile applications (“website”), whether these personal data are provided by the data subject or by a third party, and whether personal data are transmitted to SwissFEX via the website or via other means.
2. Contact
You can contact us as follows:
SwissFEX AG
Hardturmstrasse 253
8005 Zurich
+41 44 275 27 00
service@swissfex.ch
SwissFEX is represented Reto Emmenegger, Director.
3. General
SwissFEX‘s is active in the brokerage of mortgages and other financial products and provides through its website information on its business, products and services, as well as feedback opportunities.
We adhere to data protection law. All personal data collected during registration on, or during use of, our website, which are protected either by the Swiss Federal Act on Data Protection (hereinafter „FADP“) or the European General Data Protection Regulation (hereinafter „GDPR“), will be used exclusively for fulfilling our services to you; unless, in particular pursuant to this privacy policy, you have consented to further use of your personal data or the applicable law permits such further use. Our employees are obliged to treat personal data confidentially.
As we process most personal data electronically, we have taken appropriate IT organisational and technical measures (e.g., IT security) to ensure that your personal data is protected. We also regularly educate our employees in data protection and information security.
4. What Personal Data is Collected for What Purpose
We may collect your master data (company name, name, address, e‑mail, etc.), personal data about the services obtained, payment transaction data, online preferences, and your feedback.
As part of the contract processing, we pass on your master data to the possible partners you have selected.
We use your personal data to communicate with you and third parties; for evaluating, concluding and performing our transactions with you (e.g., brokerage); for billing purposes; or for market research and marketing, such as contacting the customer by postal mail or e‑mail. We might also add industry information and interests to your master data in our database.
Input fields on the website that are absolutely necessary for the provision of our services are marked accordingly during registration. The disclosure of personal data in non-marked input fields on the website is voluntary. You can inform us at any time that you no longer wish us to process your personal data you provided voluntarily (cf. section 13, Your Rights).
Furthermore, we collect your surfing and usage data when you access our website. This data includes, for example, information about which browser and browser version you are using, when you accessed our website, which operating system you use, from which website (link) you accessed our website, which elements of the website you use, and how you use these elements. These personal data are stored together with the IP address of the device you are using to access our website. They serve to correctly display and optimise our website, to protect it against attacks or other infringements, and to personalise your user experience. We do not draw any conclusions about the data subject from these surfing and usage data. We only evaluate personal data anonymously, unless they are required to clarify infringements.
5. Retention Period
We only process personal data until the purpose, for which it was collected, is fulfilled, or as required by law.
If you have opened an account with us, we will store the master data you provided for an unlimited period of time. However, you can request the deletion of your account at any time (cf. section 13, Your Rights). We will delete your master data, unless we are required otherwise by applicable law.
If you placed an order without opening an account, your master data will be deleted after the expiry of the services or warranty period (as applicable), unless we are required otherwise by applicable law. This deletion can take place immediately or in the context of periodically executed deletion runs.
To refuse further business contact with a data subject due to misuse, payment default, or other legitimate reasons, we may store personal data for five years, or ten years in case of recurrence.
6. Processing by Third Parties and Abroad
Within the purpose agreed herein, we may have personal data processed by our group entities or third parties.
Such third parties are marketing and market research companies, companies that operate our information technology (outsourcing partners), analytical services (sec. 8), financial service providers, debt collection companies, or attorneys and government bodies. If we commission group companies or third parties with the processing of personal data, the third party will be carefully selected and must take appropriate security measures to guarantee the confidentiality and security of your personal data.
We or the third parties may process personal data abroad, i.e. in EU or non-EU countries. We represent that the third parties will only use personal data according to the law and exclusively in the interest of SwissFEX. These necessary contractual guarantees provided by the third parties are based on the standards of the European Commission (also recognised in Switzerland). You have the right to inspect the guarantees in these contracts (or parts thereof).
We have engaged the following third parties as sub-processors:
- Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Mapbox, Inc., 740 15th Street NW, 5th Floor, Washington DC 20005, USA
7. Analytical services
We use third-party services to analyse surfing behaviour. We also integrate content of third party websites.
We measure and evaluate the use of the website with analytical tools.
Personal data processed by analytical services are transmitted anonymously to servers of the commissioned third parties abroad, including the USA.
8. Inclusion of Third Party Elements on Our Web Site
Our website includes content from various third party providers, such as, for instance, videos from video platforms, such as, YouTube, or social media button from platforms such as Facebook or Twitter. This content enables our visitors to enjoy content from those platforms on our website or simply to share our content on the relevant social media networks.
When you browse our website, if such content is displayed as part of the website, a connection to the servers of the third party provider is automatically established. Personal data about your visit to our website, in particular your IP address, will be transmitted to this third party provider. Therefore, if you have signed in to that third party’s account at the time you visit of your website (for example, with a Facebook or Google account), that third party may detect that you visited our website. You authorise us to share this information with the third party provider that hosts your account.
Please note that the information regarding the purpose and scope of data processing by such third parties, as well as your rights and setting options, is provided by such third parties.
9. Cookies and Pixel Tags
We use cookies and tracking pixel on our website.
Cookies are data packets sent from the webserver of our website to your browser. They are stored on your computer and can be retrieved by the webserver at a later visit. Cookies store information about the online preferences of visitors to the website and enable us to improve the visitor experience.
Session cookies are used to uniquely assign to you or your Internet browser information stored on the webserver that are necessary when accessing the website (e.g., the online shop) during a web session (e.g., so that the contents of the shopping basket are not lost). Session cookies are deleted after closing your Internet browser.
Permanent cookies are used to save your preferences (e.g., preferred language) over several independent accesses to our website, i.e. even after closing your Internet browser or to enable automatic login. Permanent cookies are deleted according to the settings of your Internet browser (e.g., one month after your last visit). By using our website and the corresponding functions (e.g., language selection or auto login) you agree to the use of permanent cookies.
You can delete current session or existing cookies in your Internet browser at any time, and deactivate the setting of additional cookies in your browser settings. However, deactivation may affect the functionality you enjoy on our website.
When you visit our website, you will be asked whether you wish to deactivate the use of cookies, except for those required for the operation of the website.
Pixel tags (e.g., tracking pixel, web beacons, clear GIFS, or canvas) are small graphics that are loaded into your Internet browser when you open our website or HTML emails. Our webserver (the webserver of our hoster respectively) logs information (e.g., date and time of your web visit or your opening of the HTML e‑mail) about your web access each time your Internet browser or e‑mail program loads a tracking pixel. The tracking pixel also enables the transmission of browser data, such as information about the device you are using to access the website (e.g., screen resolution or IP address).
10. Legal Bases of Processing
The legal justification, upon which we base our processing of personal data, is stipulated in article 13(2)(a) FADP (processing directly related to the conclusion, or the settlement, of a contract; corresponding to article 6(1)(b) GDPR; and article 13(1) FADP (consent of the data subject or obligation to process by law) corresponding to article 6(1)(a) GDPR.
We reserve the right to store the first name and surname, postal address, and e‑mail address of a data subject pursuant to article 13(1) FADP (corresponding to article 6(1)(f) GDPR) if, based on misuse, non-payment or similar legitimate reasons, we refuse to conclude any future contracts with data subjects.
Furthermore, group entities may also process personal date pursuant to article 13(1) FADP (corresponding to article 6(1)(f) GDPR).
11. Your Rights
Upon request, we will inform the data subject about and – if so – which personal data we process about him or her (right of confirmation, right of access).
At your request:
- we will cease processing personal data, in part or in full (right to withdraw your consent to the processing of personal data for one or more specific purposes; right to erasure (right “to be forgotten”)). Your request to be forgotten will also be communicated to third parties to whom we have previously forwarded your personal data;
- we will correct the relevant personal data (right to rectification);
- we will restrict the processing of the relevant personal data (right to restriction of processing; in this case we will only store or use your personal data to protect our own legal claims or the third party rights;
- you will receive the relevant personal data in a structured, commonly used and machine-readable format (right to data portability).
To request any of the rights described in this section, for example if you no longer wish to receive our e‑mail newsletters or if you wish to delete your account, please use the appropriate function on our website, or contact our data protection officer or an employee as described in section 2 (Contact).
If we do not comply with your request, we will inform you of the reasons for our non-compliance. For example, we may legally refuse to delete your personal data if we still need it to fulfil the purpose, for which it was originally provided (for example if we continue providing our services to you), if the processing is based on mandatory law (for example mandatory accounting regulations), or if we have a predominant interest of our own (for example in the case of a lawsuit against the data subject).
If we assert a predominant interest in the processing of personal data, you have nevertheless the right to object to the processing; provided, however, that your individual situation compares differently to that of other data subjects (right to object). This could be the case, for example, if you are a person of public interest, or if processing increases the risk of you being harmed by third parties.
If you disagree with our response to your request, you have the right to file a complaint with a competent supervisory authority, for example, in your country of residence or at the registered seat of SwissFEX (right to appeal).
12. Severability and Changes
If any provision of this Agreement is held to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions will in no way be affected or impaired as long as the intent of the Parties can be preserved.
Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You will be informed about the changes.
13. Applicable Law and Place of Jurisdiction
This privacy policy and any agreements concluded based on, or in connection with, this privacy policy, as the case may be, are governed by Swiss law, unless the applicable law of another country is applies mandatorily. The place of jurisdiction is the registered seat of SwissFEX, unless a different place of jurisdiction applies mandatorily.
Zurich, October 2020