Privacy Statement of Miro Kredit AG
General Privacy Statement
Version 1.02
Version of 31.03.2022
In this Privacy Statement we, Miro Kredit AG, explain how we collect and otherwise process personal data. This is not a conclusive description; possibly, other Privacy Statements regulate [or General Terms and Conditions, Conditions of Participation, and similar documents] regulate specific situations, especially those of our financing partners as well. Personal data means all the information that relates to a specific or identifiable person.
If you provide personal data of other persons (e.g. family members, data of work colleagues), please make sure that they are aware of this Privacy Statement, and disclose to us their personal data only when you are allowed to do so and when this personal data is correct. You also entitle us and our financing partners to directly contact these persons in order to check their data and whether these other persons accept this Privacy Statement and agree that their personal data may be used for all purposes described in Section 3.
This Privacy Statement is aligned with the EU General Data Protection Regulation (GDPR). Although GDPR is a regulation of the European Union, it is significant to us. The Swiss Data Protection Law (DSG) is under strong influence of EU law, and companies outside the European Union or EEA must adhere to the GDPR under certain circumstances.
1. Controller / Data Protection Officer / Representative
The controller for the data processing described here is Miro Kredit AG, Solothurnerstrasse 72, 4053 Basel, unless otherwise stated in individual cases. When you have data protection concerns, you can inform us about it by sending us a letter to the above address or by email to datenschutz@miro-kredit.ch.
2. Collection and Processing of Personal Data
We primarily process personal data which we receive from our customers and other business partners and other persons involved in the course of our business relationship with them, or which we collect from the users of our websites and other applications while operating these.
To the extent permitted, we also take certain data from publicly accessible sources (e.g. debt collection register, land register, commercial register, press, internet) or receive these from other companies, authorities, and other third parties. In addition to the data about you that you give us directly, the categories of personal data about you that we receive from third parties include especially information from public registers, information about you in correspondence and discussions with third parties, information about you given to us by people from your environment (family, consultants, legal representatives, etc.), to allow us and our financing partners to conclude or process contracts with you or with your involvement (e.g. your delivery address, powers of attorney, information on the compliance with legal requirements), information from our sales and other contractual partners on the use or provision of services you use (e.g. payments made, purchases made), information about you from the media and the internet (to the extent appropriate in the specific case, for example, within an application, press review, marketing/sales), your addresses and, if necessary, interests and other sociodemographic data (for marketing), data related to the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of visit, pages viewed and content, functions used, referring website, location data).
3. Purposes of Data Processing and Legal Basis
We use the personal data we collect primarily to conclude and process contracts with our customers and business partners, as well as to enable the conclusion of contracts between our customers and business partners within the service of financing solution brokerage (e.g. financial institutes), and to comply with our legal obligations in the country and abroad. If you are active in any function for such a customer or business partner, you might of course also be subject with your personal data.
Furthermore, we and our financing partners process personal data of you and other persons, to the extent permitted and deemed appropriate, for the following purposes, in which we and our financing partners (and sometimes third parties as well) have a legitimate interest relevant to the purpose:
- Credit checks for the purpose of making decisions on financing requests and submitting a tailored financing offer (especially also reporting credit requests and acquiring creditworthiness data at the Central Office for Credit Information (ZEK)).
- Risk management (e.g. calculation of credit and market risks relevant to the business)
- Execution of business processes
- Services during the term of contracts (e.g. processing of requests and contracts, debt collection, communication with customers)
- Offers and further development of our offers, services, websites, and other platforms on which we are present;
- Communication with third parties and processing of their requests;
- Check and optimisation of requirement analysis procedures for the purpose of direct addressing to the customer as well as collection of personal data from publicly accessible sources for the purpose of customer acquisition;
- Advertising and marketing (including organising events), unless you have objected to the use of your data (if we send you advertising as our existing customer, you can object to that at any time, we will then add you to the blacklist against further sending of advertising materials).
We cannot assume responsibility for advertising and marketing activities of our partner companies. If you do not want to receive advertising from these partner companies, you must contact them directly. - Market and opinion research, media monitoring;
- Assertion of legal claims and defence relating to legal disputes and administrative procedures;
- Prevention and investigation of criminal offences and other misconduct (conducting internal investigations, data analysis for combatting fraud);
- Securing our operations, especially the IT (e.g. IT security and system control), our websites, and other platforms;
- Video surveillance to protect domiciliary rights and other measures for the IT, building and system security and the protection of our employees, other persons, and values owned or entrusted to us (such as access control, visitor lists, network and mail scanners, telephone recordings);
- Purchase and sale of business segments, companies or parts of companies and other corporate transactions, and in connection to these transfer of personal data for business management and to the extent necessary to comply with legal and regulatory obligations as well as internal regulations of Miro Kredit AG.
If you have given us your consent to process your personal data for specific purposes (for example when ordering one of our products or services, your registration to receive newsletters), we will process your personal data within and based on this consent unless we have another legal basis and we need one. A consent given can be revoked at any time, which, however, will have no impact on data processing already performed.
4. Cookies / Tracking and Other Technologies Related to the Use of Our Website
We typically use “cookies” and similar tools on our websites that allow your browser or device to be identified. A cookie is a small file that, when you visit our website, is sent to your computer or automatically stored on your computer or mobile device by the web browser you use. When you visit this website [or use our app] again, this allows us to recognise you, even if we don’t know who you are. In addition to cookies that are only used during one session and are deleted after your visit to the website (“Session Cookies”), cookies can also be used to save user settings and other information for a certain period of time (e.g. two years) (“Permanent Cookies”). However, you can set up your browser to reject, save cookies for one session or delete them earlier. Most browsers are pre-set to accept cookies. We use Permanent Cookies in order for you to save user settings (e.g. language, auto login), so that we better understand how you use our offers and contents, and so that we can show you offers and advertising tailored to you (which can also happen on websites of other companies, but these will not find out from us who you are, if even we know that, as they only see that their website is visited by the same user who also visited a specific page on our website). Some of the cookies are placed by us, some by our contract partners with whom we cooperate. If you block cookies, certain features (e.g. language selection, shopping cart, ordering processes) may no longer work.
In some of our newsletters and other marketing emails, we also, partly and to the extent permitted, include visible and invisible image elements which, when retrieved from our servers, allow us to determine whether and when you opened the email; that also allows us to measure and better understand how you can use our offers and tailor them to you. You can block this option in your email program; most programs are pre-set to do this.
By using our websites and consenting to receive newsletters and other marketing emails, you agree with the use of these tools. If you do not want this, you must set your browser or email program accordingly.
We sometimes use Google Analytics or similar services on our websites. This is a third parties service that can be located in any country in the world (in the case of Google Analytics it is Google LLC in the US, www.google.com), which allows us to measure and evaluate the use of the website. We also use Permanent Cookies placed by the service provider for this. The service provider does not receive any personal data from us (and does not store IP addresses either), but may track your use of the website, combine this information with data from other websites that you have visited that are also tracked by the service provider, and use these insights for its own purposes (e.g. control of advertising). If you have registered with the service provider yourself, you will be known to the service provider as well. Your personal data will then be processed by the service provider, under the responsibility and in accordance with the Privacy Policy of the service provider. The service provider will only tell us how our respective website is used (without personal information about you).
We further use so-called plug-ins of social networks such as Facebook, Twitter, YouTube, Google+, Pinterest or Instagram on our websites. This is made visible to you in each case (typically via the corresponding symbols). We have configured these items so that they are disabled by default. If you activate them (by clicking), the operators of the respective social networks can register that you are on our website and where, and they can use this information for their purposes. Your personal data will then be processed by that operator, under the responsibility and in accordance with the privacy policy of the operator. We will not receive any information about you from the operator.
5. Data Transfer and Data Transmission in the Country and Abroad
We and our financing partners can, to the extent permitted and deemed appropriate in Section 3, also transfer data to third parties within our business activities and purposes, whether because they process these for us or our financing partners, or because they want to use these for their own purposes. The following entities are affected by this:
- Our service providers and financing partners (such as banks, insurance companies), including order processors (such as our IT provider Convolute AG and its partners as well as our service provider Perimex d.o.o. in Serbia);
- Retailers, suppliers, subcontractors, and other business partners;
- Domestic and foreign authorities, offices and courts;
- Buyers or parties interested in acquiring business segments, companies or other parts of Miro Kredit AG;
- Other parties in potential or actual legal proceedings;
All together are referred to as Recipients.
These Recipients are partly located in the country, but can be anywhere in the world. You must expect your data to be transferred to all countries where the service providers we use are located (such as Microsoft). When we transfer data to a country without adequate legal data protection, we will ensure an adequate level of protection by using appropriate contracts (namely based on the so-called standard contractual clauses of the European Commission, which can be accessed here) or so-called Binding Corporate Rules, or we will rely on the statutory exceptions of consent, contract processing, determination, exercise or enforcement of legal claims, prevailing public interests, published personal data, or because it is necessary to protect the integrity of the data subjects. You can obtain a copy of the mentioned contractual guarantees from the contact person named in Section 1, unless they are accessible via the link provided above. However, we reserve the right to black out copies or only deliver excerpts thereof for reasons of data protection or secrecy.
6. Duration of the storage of personal data
We process and store your personal data for as long as it is necessary to fulfil our contractual and legal obligations or otherwise for the other purposes pursued with the processing, for example, for the duration of the entire business relationship (from the initiation, execution to the termination of a contract) as well as beyond that in accordance with the statutory retention and documentation obligations. It is possible that personal data will be stored for the time in which claims can be asserted against our company and to the extent we are otherwise legally obliged to do so, or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above purposes, these will be deleted or made anonymous to the extent possible. For operational data (e.g. system protocols, logs), shorter retention periods of twelve months or less apply.
7. Data Security
We take appropriate technical and organisational precautions to protect your personal data from unauthorised access and abuse, such as issuance of instructions, data protection training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, controls.
8. Electronic Communication
We use electronic means of communication in the communication between you, us, our financing partners, and other third parties. Data is also transmitted over the internet. As the internet is an open network accessible to everyone, Miro Kredit AG, its financing partners and other third parties cannot guarantee the confidentiality of data when transmitted over the internet. Therefore, conclusions of third parties about an existing or upcoming business relationship between you and one of our partners (possibly banking relationship) are possible.
9. Obligation to Provide Personal Data
Within our business relationship, you must provide the personal data that are required to establish and execute a business relationship and to fulfil the associated contractual obligations (in general, you do not have a legal obligation to provide us with data). Without this data, we usually will not be able to conclude a contract with you (or the entity or person you represent), execute that contract or provide any brokerage services. Also, the website cannot be used when certain information to secure the data traffic (such as the IP address) are not disclosed.
10. Automated Decision Making
In general, we do not use fully automated automatic decision-making (as regulated in Art. 22 GDPR) to establish and execute the business relationship, nor otherwise. If we use such procedures in individual cases, we will inform you about this separately, provided this is required by law, and inform you about the associated rights.
11. Rights of the Data Subject
Within the data protection law applicable to you and to the extent provided for therein (such as in the case of GDPR), you have the right to information, correction, deletion, the right to restriction of data processing and otherwise the right to object to data processing by us, as well as to the release of certain personal data for the purpose of transmission to another location (so-called data portability). However, please note that we reserve the right to assert the statutory restrictions on our part, for example, when we are obliged to store or process certain data, have a prevailing interest in this (to the extent we are allowed to refer to this) or you need it to assert claims. If you incur any costs, we will inform you in advance. We have already informed you about the possibility to revoke your consent in Section 3. Please note that the exercise of these rights can conflict with contractual agreements, and this can have consequences such as premature contract termination or financial consequences. In this case, we will inform you in advance if this is not already contractually agreed.
The exercise of such rights usually requires that you clearly prove your identity (e.g. by means of a copy of your ID card, when your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address specified in Section 1.
In addition, each data subject has the right to enforce their claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch).
12. Changes
We can adjust this Privacy Statement at any time without prior notice. The current version published on our website applies. Insofar as the Privacy Statement is part of an agreement with you, we will inform you of a change by email or by other suitable means.