Privacy Policy
1. Transparency matters to us
This privacy policy explains what we do with your data, why we do it, and with which tools and partners. We believe in complete transparency: no hidden practices, no surprises.
In short, what you should know:
- We are a brokerage platform for financial products (in particular personal loans). We forward your request to suitable providers.
- We actively work with your data: we qualify requests, build profiles, enrich data with additional information, and run marketing across multiple channels – so we can serve you better and match you with suitable offers.
- To do this, we use modern tools, including artificial intelligence, as well as services from major providers such as Google, Microsoft, and Meta (WhatsApp Business).
- We store your customer data in a database hosted in Switzerland; certain services, however, also process data abroad (details in sections 8 and 9).
- You have extensive rights (access, deletion, objection, etc., section 13) and can unsubscribe from advertising at any time.
This privacy policy applies to our website, all landing pages and forms, our apps, and all digital and telephone touchpoints. It is based on the Swiss Federal Act on Data Protection (FADP). For persons in the European Economic Area, the EU General Data Protection Regulation (GDPR) may additionally apply.
2. Data controller
Postfach
Badenerstrasse 676
CH-8048 Zurich, Switzerland
Commercial Register of the Canton of Zurich, UID: CHE-112.932.276
Data protection contact: info@asfinanz.ch
This privacy policy is based primarily on the Swiss Federal Act on Data Protection (FADP). To the extent we provide services to persons domiciled in the EU/EEA (e.g., cross-border commuters working in Switzerland), the GDPR may additionally apply. The point of contact for all data protection matters is AS Finanz GmbH at info@asfinanz.ch.
3. What we do (our business model)
So you can put our data processing into context, here is an open account of what our business is:
- Brokerage: we connect customers with banks, credit institutions, and other providers (e.g., insurers). If successful, we receive a commission from the provider.
- Lead generation and qualification: we obtain inquiries via our website, landing pages, online advertising, and partners, which we review and qualify.
- Data enrichment: we supplement and update your information with data from further sources (e.g., credit reporting agencies, public registers, publicly accessible sources, partners) to correctly assess requests and match you with suitable offers.
- Marketing: we run multi-channel marketing – by phone, email/newsletter, SMS, WhatsApp and other messengers, social media, and online advertising.
- Platform development: we continuously develop and operate our digital platforms and analyze their use.
4. What data we process
Basic data: name, first name, date of birth, gender, nationality, residence status, marital status, address, phone numbers, email address.
Financial and application data: income, expenses (e.g., rent, health insurance, alimony), employer and employment relationship, existing loans and leases, desired loan amount and term, creditworthiness information, details from submitted documents (e.g., pay slips, copies of ID documents).
Communication data: email, chat, and messenger histories (including WhatsApp), phone notes and – with prior notice – call recordings, your communication and advertising preferences.
Technical data: IP address, device and browser information, cookies and similar identifiers, date/time and duration of use, pages accessed, referring page (referrer), approximate location.
Profile and preference data: interests and needs, product interest scores, segmentations, assessments of financial situation, results of our qualification and enrichment process.
Data sources: directly from you (forms, conversations, documents); automatically via our website and apps; from credit reporting agencies and creditworthiness assessors; from the providers approached (e.g., outcome of the application review); from partners and referrals; from public registers and publicly accessible sources (including the internet and social media).
Please only share third-party data with us (e.g., your partner in the household) if you have previously informed the person concerned about this privacy policy.
5. For what purposes
- Reviewing and brokering your request: qualification, preliminary assessment of creditworthiness, selection of suitable providers, transmission to providers, support through to contract conclusion.
- Customer profiling and data enrichment: to understand your needs and match you with suitable products and providers.
- Marketing and personalized communication: advertising for our own offers and those of partners, by mail, phone, email, SMS, WhatsApp/messenger, and online channels; forming target groups (including for online advertising, e.g., custom audiences). You can unsubscribe from advertising at any time (section 13).
- Analysis and improvement: analyzing use of our platforms, market and product development, quality assurance, and training.
- Legal purposes: fulfilling statutory obligations (e.g., retention, anti-money-laundering and fraud prevention, KKG requirements applicable to providers), asserting and defending legal claims.
- Security: IT security, combating abuse and fraud.
6. Use of artificial intelligence
We use AI and disclose this openly:
- Request qualification: AI systems assist us in categorizing, prioritizing, and pre-screening requests.
- Document processing: automatic reading and verification of submitted documents.
- Data enrichment and quality assurance: matching, supplementing, and plausibility-checking of data.
- Communication: AI-supported chat assistants and drafting of responses and marketing content; our staff remain responsible.
AI functions are integrated today in nearly all professional software products. We therefore use both dedicated AI services and AI functions built into our standard tools. Currently these include in particular: Anthropic (Claude; https://www.anthropic.com/privacy), OpenAI (ChatGPT; https://openai.com/privacy), Google (Gemini in Google Workspace; https://policies.google.com/privacy), Microsoft (Copilot in Microsoft 365; https://privacy.microsoft.com), Meta AI (in WhatsApp; https://www.facebook.com/privacy/policy) as well as AI functions in our marketing and communication tools (e.g., Brevo). We may also use AI-supported voice and phone assistants; we will notify you in such conversations. This list may change as the tools we use evolve; the privacy notices of the respective providers govern in each case.
Where available, we use business versions with data processing agreements; under their terms, your data is not used to train the AI models. Credit decisions are not made by us but by the respective financing institution, according to its own review process. For profiling and automated individual decisions, see section 11.
7. Who we share data with
Banks and credit institutions / providers: to review and process your request, we transmit your application data and documents – directly or indirectly as a sub-broker via cooperation partners (e.g., comparison and brokerage platforms) – to one or more suitable financing institutions, in particular Cembra Money Bank AG, BANK-now AG, Cornèr Banca SA, as well as other financial institutions or providers. These are subject to Swiss banking secrecy or their own confidentiality obligations and their own privacy policies. Under the authorization you have granted (see Terms of Use, section 5), the providers exchange data with us and with information agencies (e.g., outcome of the application review, contract conclusion, contract status and disbursement, among other things for settling our brokerage commission); for this purpose you have released the providers from banking secrecy. We ourselves are not subject to banking secrecy and may communicate with you about the status of your application and contract through the agreed channels.
- ZEK / IKO / credit reporting agencies: the providers report application and contract data to the Central Office for Credit Information (ZEK, www.zek.ch) and the Consumer Credit Information Office (IKO, www.iko.ch). We and the providers may obtain creditworthiness information from credit reporting agencies (e.g., CRIF, Intrum).
- Partner companies: companies directly or indirectly related to credit products, provided a legitimate interest exists.
- Service providers (processors): hosting, databases, communication, marketing, analytics, and AI services (details in section 8), customer service and call center providers, debt collection, advisory services (lawyers, fiduciaries) – domestically and abroad (see section 9).
- Authorities: where we are legally required to do so.
All processors are contractually bound to confidentiality and to compliance with data protection (data processing agreements).
8. Services and tools we use
We disclose which categories of services we use and where your data is processed as a result:
Hosting and infrastructure
- Customer database: your core customer data (application, financial, and communication data) is stored in a data center hosted in Switzerland (Zurich region).
- Website and applications: we operate our website and web applications with specialized cloud providers. When the website is delivered via a global content delivery network, technical data (including IP address, log data) may also be processed in the United States. Data processing agreements and appropriate safeguards are in place with all infrastructure providers (section 9).
Communication
- WhatsApp Business (Meta Platforms Ireland Ltd., Ireland / Meta Platforms Inc., USA): customer communication via WhatsApp, if you contact us via WhatsApp or consent to this channel. Metadata (e.g., phone number, timestamp) is then also processed by Meta in the United States. Details: www.whatsapp.com/legal.
- Google Workspace (Google Ireland Ltd., Ireland / Google LLC, USA): email and collaboration, including built-in AI functions (Gemini).
- Microsoft 365 / Outlook (Microsoft Ireland Operations Ltd., Ireland / Microsoft Corp., USA): email and office applications, including built-in AI functions (Copilot).
- Brevo (Brevo GmbH / Sendinblue SAS, Germany/France, EU): newsletter and email marketing, including AI functions. Every newsletter contains an unsubscribe link.
- NFON (NFON AG, Germany, EU): cloud telephony, including possible call recording with prior notice.
Marketing and analytics
- Google (Google Ireland Ltd., Ireland / Google LLC, USA): Google Analytics (usage analysis), Google Ads including conversion tracking and remarketing, Google Tag Manager. Used only with your consent via the cookie banner. Opt-out/settings: https://adssettings.google.com.
- Meta (Facebook/Instagram): Meta Pixel and custom audiences for online advertising, only with consent.
- TikTok (TikTok Technology Ltd., Ireland): pixel and advertising campaigns, only with consent.
- Snapchat (Snap Group Ltd., UK / Snap Inc., USA): pixel and advertising campaigns, only with consent.
- Microsoft Advertising / Bing (Microsoft Ireland Operations Ltd., Ireland / Microsoft Corp., USA): conversion tracking and advertising campaigns, only with consent.
- We may use comparable advertising and analytics platforms from other providers; the currently applicable list in our cookie banner governs (section 10).
Artificial intelligence
- AI services and AI functions built into tools as described in section 6.
9. Disclosure abroad
We store your core customer data in Switzerland (section 8). The service providers we engage are generally located in Switzerland, the EU/EEA, or the United States, but may in principle be based anywhere in the world.
For countries without an adequate level of data protection (from a Swiss perspective), we base the transfer on appropriate safeguards, in particular the Standard Contractual Clauses (SCCs) approved by the European Commission and adapted to Swiss law, or on adequacy decisions (e.g., the Swiss-U.S. Data Privacy Framework for certified U.S. providers).
10. Cookies and tracking
We use cookies and similar technologies:
- Necessary cookies: for basic functions and security (always active).
- Analytics cookies: to understand how our website is used.
- Marketing cookies: to make advertising more relevant and to measure campaign performance.
- Preference cookies: to save settings such as language.
We use non-necessary cookies only with your consent via our cookie banner (consent management: Usercentrics). You can find the complete list of all cookies and services used, as well as your settings, at any time at asfinanz.ch/cookies. You can adjust or withdraw your consent there at any time, and delete or block cookies in your browser.
11. Profiling and automated individual decisions
We partly analyze your data in an automated manner to create profiles regarding your needs, financial situation, and interests ("profiling"). We use these profiles to qualify your request, select suitable providers, and for personalized marketing.
Decisions that have legal effects on you or significantly affect you (in particular the credit decision) are not made solely on an automated basis. The credit decision is made by the respective provider according to its own process (including the statutory creditworthiness review under the KKG). Should we, exceptionally, make an automated individual decision within the meaning of Art. 21 FADP, we will inform you and you may request that the decision be reviewed by a human.
12. Retention
We retain personal data only as long as necessary for the purpose or as required by law:
- Application and contract data: 10 years from conclusion/rejection (basis: Swiss Code of Obligations Art. 958f, limitation period)
- Communication data: 10 years (basis: evidentiary purposes, limitation period)
- Marketing/profile data: until withdrawal, max. 10 years from last interaction (basis: legitimate business discretion)
- Technical log data: 12 months (basis: legitimate business discretion, IT security)
- Application (job) data: 2 years (basis: legitimate business discretion)
After this, data is deleted or anonymized unless a legal basis requires longer retention.
13. Your rights
Under the FADP – and, where applicable, the GDPR – you have the following rights:
- Access to the data we process (Art. 25 FADP / Art. 15 GDPR)
- Rectification of inaccurate data (Art. 32 FADP / Art. 16 GDPR)
- Erasure under certain conditions (Art. 32 FADP / Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability in a common format (Art. 28 FADP / Art. 20 GDPR)
- Objection to processing, in particular direct marketing – you can unsubscribe from advertising at any time and free of charge (unsubscribe link in every newsletter, "STOP" via WhatsApp/SMS, or a message to us)
- Withdrawal of consent given, with effect for the future
To exercise these rights, an email to info@asfinanz.ch is sufficient; we may require proof of identity and generally respond within 30 days.
14. Data security
We protect your data through technical and organizational measures, including: encryption of transmission (TLS) and of stored data, access controls with multi-factor authentication, permissions based on the need-to-know principle, logging, regular backups, security updates, as well as contractual obligations and training for our staff and service providers.
15. Changes
We may amend this privacy policy at any time. The version published on the website at any given time applies. In the event of material changes, we will actively inform registered users where possible.