This data privacy statement specifies the type of data HypoPlus AG (HypoPlus) collects from you, the user of the website and services ( user), for which purpose the data are collected and how such data are processed.
By transferring your data to HypoPlus, you, the user, agree to the processing of your personal data as set out in this data privacy statement; where any data entered by you concern third parties, you vouch for the fact that such third parties also agree to the processing of their data according to this data privacy statement.
Legal bases, changes
In processing the personal data of the users of its facilities, in particular of its website and services, HypoPlus complies with this data privacy statement and all applicable statutory provisions, in specific the Swiss Data Protection Act (Schweizerisches Datenschutzgesetz, DSG).
The range of services offered by HypoPlus is subject to continuous expansion. Due to this reason and any other changes in circumstances that may occur, HypoPlus may amend this data privacy statement at any time and without prior notice. Insofar as this data privacy statement has become an integral component of a service agreement between HypoPlus and the user, HypoPlus will advise the user of any amendments in advance in a suitable form; should the user fail to object to the amendment, the amendment is deemed to have the user's approval as of the date the amendment enters into force. Otherwise, HypoPlus may terminate the agreement concluded with the user for cause.
What type of data is being collected?
In principle, HypoPlus collects all personal data that accumulate when users utilise the services offered by HypoPlus (website, apps, etc.) and communicate with HypoPlus, hence in particular when they use the Hypo services offered in the comparis.ch website. These include:
- Data entered by users via online forms or apps or otherwise communicated by them while using the services offered by HypoPlus (e.g. by telephone or e-mail), including personal data (name, address, telephone number, e-mail address, income, assets, date of birth, sex, etc.);
- User data transmitted or generated automatically (e.g. date and time a service was used, previous and current page called up, IP address, data relating to the browser used, device code, current location, if such information is released, etc.) as well as interaction data if accessible without installation of additional programmes on the computer (e.g. mouse movements and clicks or keyboard strokes on the website);
- Personal data generated by HypoPlus, comparis.ch or third parties (e.g. codes, suppliers' personal services made available to HypoPlus users and transferred to HypoPlus for dissemination);
- Correspondence and other communications with users (e.g. e-mails, telephone conversations that may also be recorded).
Such data may be linked, possibly over several visits and communications, if a user or a user profile is recognised, for example via a user name, an e-mail address, a device code or cookies saved in the browser.
To some extent, the website and apps of HypoPlus use elements and services by third parties supplying user statistics that serve to display advertising or give users access to social networks or other third party services. As a consequence, such third parties may, to a certain extent, also collect personal data relating to users of HypoPlus if they recognise them, for example, due to their own cookies or logins. These third parties consist, in specific, of Facebook, Google (Adwords, Analytics, Google+, Youtube), NetMetrix (user statistics), Optimizely (user statistics) and m-pathy (user statistics). comparis.ch may also collect personal data relating to HypoPlus users to the extent that the HypoPlus services are integrated into the comparis.ch website. To protect the privacy of its users, HypoPlus respects browser settings which indicate that tracking is unwanted and works exclusively with third parties that also respect such settings (for further information see here forInternet Explorer, Firefox). Where users click on advertisement links or links provided by third party services, they leave the sphere of influence of HypoPlus, and HypoPlus has no means of controlling any subsequent data collection. In this respect, users must deal with the respective third party.
Which type of data processing takes place?
HypoPlus may use the user data collected by it or on its behalf for the following purposes:
- provision of the services offered by HypoPlus or comparis.ch;
- preparation of various types of statistics relating, for example, to the amount of interest shown by users in product and service comparisons or in other services provided by HypoPlus or comparis.ch;
- design and development of the range of services offered by HypoPlus or comparis.ch;
- internal training and quality control;
- maintenance and development of customer relationships (e.g. newsletter);
- controlling the display of advertisements and invoicing, relating both to third party advertisements on the HypoPlus or comparis.ch website and HypoPlus or comparis.ch advertisements on third party websites;
- guaranteeing the safety and availability of HypoPlus or comparis.ch systems and data and those of its service providers;
- corporate transactions performed by HypoPlus or comparis.ch that may affect user data (e.g. transfer of a business division to an affiliated company or third party);
- prevention, discovery and combating any misuse;
- responding to justified official enquiries or enquiries in connection with the assertion of claims or other legal disputes that concern HypoPlus or comparis.ch or which HypoPlus or comparis.ch is otherwise involved in.
HypoPlus may also process personal data for other purposes to the extent that such purposes arise from the law or are indicated or discernable in the context of the collection of the respective data.
Furthermore, users authorise the mortgage suppliers contacted on their behalf, and their partners, to provide HypoPlus with information regarding their transaction to the extent that this is necessary to allow HypoPlus to ascertain, calculate and check the conclusion of the transaction and the amount and due date of any associated commission.
Are any data being passed on to third parties?
With the following exceptions, HypoPlus does not pass on any personal data to third parties as a matter of principle:
- HypoPlus may call in third parties to process personal data on behalf, and exclusively for the purposes, of HypoPlus (e.g. market research institutions). HypoPlus shall implement appropriate measures to ensure that such third parties process the data exclusively in the manner in which HypoPlus is authorised to process them.
- HypoPlus may disclose the personal data collected by it for the purposes specified in this data privacy statement to comparis.ch, in particular the data entered by users in the context of the comparis.ch website.
- HypoPlus may disclose personal data to third parties if the user so requests (registrations, requests for quotations, etc.), or this is otherwise necessary to provide the service requested by the user, or if HypoPlus has expressly informed the user of the fact that his/her data will be disclosed. In particular, by sending an enquiry, users authorise HypoPlus to send their data by e-mail to the selected mortgage suppliers, and their partners, for processing. In exceptional cases (e.g. suspected misuse), user data may also be disclosed to third parties for the other purposes listed in this data privacy statement or for purposes provided for by law. HypoPlus is not in a position to control, guarantee or vouch for the fact that such third parties comply with the applicable data protection rules; they process the data for their own purposes, possibly abroad where data protection laws such as in Switzerland may not exist.
In any case, HypoPlus may disclose anonymised user data to third parties. These are data taking a form which does not allow the third parties to draw any sensible conclusions as to the identity of the respective users or makes such conclusions unlikely.
Where and how are the data stored?
Principally, HypoPlus processes all collected data in Switzerland and stores them in systems in Switzerland. Where external service providers are called in, individual user data collected by HypoPlus may also be processed abroad; HypoPlus will conclude an agreement with such providers according to which they will be obliged to process the data exclusively to the extent that HypoPlus is permitted to process them. Transmission of user data to third parties may also involve transferring data to countries outside Switzerland, in particular in cases whereby social networks or third party services are used via the services provided by HypoPlus or users request the transmission of data to third parties; HypoPlus does not have the means to control, guarantee or vouch for the third parties' compliance with applicable data protection rules.
In the context of storing and otherwise processing user data, HypoPlus shall implement appropriate technical and organisational measures to prevent unauthorised and otherwise unwarranted processing. Such measures are subject to regular control and are amended where necessary. This also applies to the third parties charged with operating the systems.
Newsletter, commercial communication
In connection with the services offered by HypoPlus and comparis.ch, HypoPlus may from time to time send newsletters or other contents (of a commercial nature) to the address, number or app of any users that have registered their e-mail address or any other electronic address or mobile phone number with HypoPlus. With their registration or installation of an app, users agree to receive such newsletters and contents. They may, however, notify HypoPlus at any time and free of charge that they no longer wish to receive, or be notified of, the above (further information will be provided at the end of the respective notification).
Questions and suggestions, requests for information, correction or deletion
Zurich, 29 January 2014