Privacy Statement

We take your privacy seriously and make sure it's protected. Your data is safe with us.

Privacy and Cookie Statement

Advanon.com (the “Site”) is owned and run by Advanon AG, Baslerstrasse 60, 80848 Zurich, Switzerland (“Advanon”, “we”, “us”, “our”). Your privacy is taken very serious and steps are taken to ensure your privacy is protected at all times. We also believe it is important to let you know what information is collected from the Site and why, and what we do with this information.

This Privacy and Cookie Statement applies to any personal information that Advanon collects and processes in the course of the operation of the Site and the provision of the services via the Site, i.e. the brokering of pre-financing and purchase of invoices pursuant to the general contract plus General Terms and Conditions of Business (the “Services”).

However, this Privacy and Cookie Statement does not apply to websites that are under the control of third parties with which the Site may be linked. Advanon does not have any influence on the content or the data protection practices of third-party websites. Advanon is not responsible in this regard. Please refer to the privacy statements of the respective third-party websites.

In addition to this Privacy and Cookie Statement, ​the General Terms and Conditions of Business to the general contract also contain provisions on data protection and data security.

2 Who is responsible for the processing of personal data and whom can I contact?

Advanon is responsible for the processing of your personal data and you can contact us under:

Data Protection Office, Advanon AG

Baslerstrasse 60

8048 Zurich Switzerland

Phone: +41 44 585 38 50

dpo@advanon.com

You can also reach our ​data protection officer​ under these contact details.

3 What information do we collect about you?

When you interact with our Site, and/or Services, we collect information that, alone or in combination with other data, could be used to identify you.

Summarizing, Advanon collects data from visitors to the Site for purposes including: (1) technical administration as well as research and further development of the Site; (2) user administration and marketing; (3) information about services; and (4) credit risk and fraud prevention.

Advanon also collects data from registered persons and companies in order to be able to provide and implement the Services and transactions via the Advanon Site.

Personal data we collect can include name, address, date of birth, nationality, tax ID, telephone number, and email address etc.

We process personal data in accordance with applicable data protection laws, in particular with the provisions of the General Data Protection Regulation, Regulation (EU) 2016/679, (“​GDPR​”) and the Swiss Federal Data Protection Act (“​DPA​”).

To fulfill contractual obligations (Art. 6(1) lit. b GDPR)

5 Data Processing

Our processing of data is carried out to perform financial services for the purpose of executing contracts with our customers or executing pre-contractual procedures which are carried out upon request. The purpose of data processing is primarily directed at particular product (e.g. pre-financing, silent or open factoring) and may include demand analysis, consultation, and execution of ​transactions. More information on data processing purpose can be found in the respective contracts and ​our General Terms and Conditions​.

On the basis of balance of interests (Art. 6(1) lit. f GDPR)

When necessary, we process your data beyond the fulfillment of the contract in order to safeguard our legitimate interests or the legitimate interests pursued by third parties. For example,

  • consultation and possibly data exchange with credit bureaus (e.g. ​SCHUFA​, Creditreform) to determine the creditworthiness or risk of default with particular sellers;

  • enforcement of legal claims and defense in legal proceedings;

  • prevention and investigation of criminal offenses.

  • measures for business control and ongoing development of products and

    services which would allow us to improve your user experience.

On the basis of your consent (Art. 6(1) lit. a GDPR)

As far as you have given us your consent to process your personal data for specific purposes (e.g. evaluation of payment transaction data, newsletter subscription), the legality of such processing is on the basis of your consent. You are free to revoke your consent by sending us an email at objection@advanon.com at any time. This also applies to consents which were given to us before 25 May, 2018. The revocation of consent is only effective from the time when you inform us about your wish to revoke your consent. The revocation of such consent does not affect the legality of the data processed until the revocation.

To meet statutory (Art. 6(1) lit. c GDPR) or public interest requirements (Art. 6(1) lit. e GDPR)

As a financial services provider, we are also subject to various legal obligations, which include statutory requirements (e.g. Banking Act, Anti Money Laundering Act, Tax Law) as well as additional regulations from supervisory authorities (e.g. FINMA in Switzerland, BaFin in Germany), to perform certain procedures upon surrendering our services, such as credit checks, identity and age check, tax control, documentation and internal credit risk control.

6 Information you provide to us

6.1 Newsletter subscription

When you sign up for any of our newsletters you give us consent to contact you via the provided email address and keep you up to date to the latest news about our product and services. We provide you with updates for up to one time a week. Additional we might send you company updates maximum two times a week.

When you subscribe to our newsletter your IP address and the date and time of the registration will be automatically stored on our servers. The collection of this data is necessary in order to understand the (possible) misuse of an email address at a later date, and it therefore serves us to prove that our registration process is in line with legal requirements.

After you have submitted your newsletter request, we will send a confirmation email to the given email address. This confirmation email contains a link that you need to click on to confirm your subscription. This so-called double-opt-in-procedure helps us to ensure that the email-account holder has actually authorised the receipt of our newsletter.

(a) Newsletter Service Provider

We use technical service providers which help us managing the newsletter subscriptions and providing related marketing services (“​Newsletter Service Providers"​). This includes service providers which have their registered seat and servers in a state outside of the European Union e.g. in the U.S. However, we exclusively work with companies that offer an appropriate data protection level in line with the stipulations of Swiss and European data protection law. You can find further information relating to the sharing of data to third parties outside of the European Union under section 13. Currently we work with the following Newsletter Service Provider:

MailChimp​, a service of Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

Our newsletter service provider will process your email addresses and other personal data as described in section 5.1. (b) as our data processor only on our behalf and in accordance with our instructions to help us evaluate the usage of our newsletter, to compile reports on newsletter activity and to provide other statistical and analytical services relating to the usage of our newsletter. Our newsletter service provider are in no way authorised to use the data of our newsletter subscribers in order to contact them themselves or to forward the data to third parties.

(b) Newsletter tracking

We will track and evaluate your usage of our newsletter, such as email-opens and email-clicks, by means of a tracking technology made available by the newsletter service provider. For this purpose the HTML-emails sent with our newsletter may contain web beacons (also called pixel tags, tracking pixel or GIFs), automatically embedded by our Newsletter Service Providers. A web beacon is a small graphic that contains unique identifiers that allow an analysis of the success or failure of our Newsletter campaigns. Our newsletter service provider ​records each subscribers email address, IP address, date, and time associated with each open and click in order to provide us with aggregated reports about how an email campaign performed and what actions subscribers took.

6.2 Registration

When you sign up for our services e.g. seeking financing opportunities for your open invoices, you will be asked to provide us with certain personal data, including general personal data (e.g. name, gender, address, e-mail address, telephone or fax number, etc.) as well as personal data that refer specifically to the Services and transactions via the Site (e.g. financial data, business data, invoice data, bank account data, etc.). Personal data are collected during registration on the Site, whilst uploading invoices, before and during transactions.

In addition your IP address and the date and time of registration will also be automatically stored on our servers. The collection of this data is necessary in order to understand the (possible) misuse of an email address at a later date, and it therefore serves us to prove that our process is in line with legal requirements.

If you have a bexio account, you will have the option to directly sign up for our services with your bexio account. Bexio AG is an accounting software service provider based in Alte Jonastrasse 24, 8640 Rapperswil, Switzerland.

When you register as an investor and you have a LinkedIn user account we offer you the possibility to register by using your LinkedIn account. If you make use of this function and click on the button bearing the LinkedIn-logo, you will be asked to enter your LinkedIn log-in details in the dialog that opens. By submitting this data, you permit LinkedIn to share certain data with us, such as your basic profile including you name, photo, headline and current positions as well as your email-address. At the same time LinkedIn receives the information that you register to our Services. This information, will be transmitted directly to the servers of LinkedIn, operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. LinkedIn may combine this information with your LinkedIn profile data. This use of data is beyond our control. For further information please refer to the privacy policy of LinkedIn: ​https://www.linkedin.com/legal/privacy-policy​.

Advanon solely uses the personal data you provide to us during the registration process to provide you with the requested services.

6.3 Contacting

In case you are a German user, when you contact us via email or through a contact form provided on our Site, your request might be transmitted and handled by an employee of our affiliate Advanon Deutschland GmbH, Schönhauser Allee 175, 10119 Berlin, Germany (“Advanon Deutschland GmbH”). Advanon Deutschland GmbH is responsible for handling customer requests on our behalf. Your submitted data will only be used to handle your enquiry, e.g., to provide you with the service information you asked for, and will not be used for any other purpose, unless expressly permitted or required by applicable law.

Your IP address and the date and time of contact will be automatically stored on our servers in order to understand the (possible) misuse of an email address at a later date.

We retain the personal data for the duration of the respective conversation with you within the period stipulated by applicable laws. The conversation will be considered as closed if the circumstances indicate that all relevant facts have been clarified or if you instruct us to delete your data. All personal data which were stored in the context of your conversation with us will be deleted immediately in this case.

6.4 Identity verification

In order to identify you as a user and legal entity or representative (our legal obligation under the Anti Money Laundering Act) we perform identity checks. For this we will ask for amongst others, a copy of your identity card and mobile phone number.

To perform these identity checks we use external identity verification providers. In regards to our German Clients we currently work with IDNow GmbH, Auenstr. 100, 80469 Munich, Germany (“IDNow”). In regards to our Swiss Clients we work with Intrum AG, Eschenstraße 12, 8603 Schwerzenbach, Switzerland (“Intrum”). Both companies use a technology, IDNow Video-Ident, that is provided by IDNow. IDNow Video-Ident was officially approved by the German Federal Financial Supervisory Authority (BaFin) as a procedure for legally compliant remote identification in accordance with the Anti Money Laundering Act (AML) in 2014.

To perform an identity check, you will be redirected to the respective service provider’s external site as part of the service request process. At your request, we will transmit the information that needs to be verified to the service provider. Following the identity check, the service provider will provide us with the results of the identity check. The data processed by the service providers will be deleted from their servers after 90 days following the identity check at the latest. On the basis of statutory retention periods (e.g. in the context of the Anti Money Laundering Act), Advanon will store the results of the identity checks for the duration of the business relationship and for up to five years after its termination.

6.5 Due diligence and requesting finance

Before we do our due diligence and finalize financing we are asking you to provide us with financial data of your company.

7 Automatically collected information

On top of data that you enter manually when subscribing to our newsletter or signing up to Advanon, we also collect data for fraud prevention, analytics, marketing and business intelligence purposes.

When you access this Site, our servers automatically store general access data in server log files. These data include your IP address, the referring website; the type of used browser software; the page of the Site that you are visiting along with date and duration of the visit. This information is used for technical reasons and to ensure the security of our system as well as to understand how visitors navigate through our Site and services, to gauge our Site’s appeal and to improve its content and functionality. Your data is not processed any further nor is it transmitted to any third parties. W​e only retain such data for as long as it is necessary for the stated purposes.

In addition we collect and process information about your use of our Site and interaction with its content and services (e.g. time and duration of page interactions, clicks and mouse movements). For this purpose we use cookies and similar technologies which contain a unique identifier, consisting of a string which enables websites to recognize devices used to access a website on each subsequent visit throughout its lifetime​. These identifiers do not allow us to draw any conclusions as to your identity. For more information about cookies, please refer to ​section 9​. We may use such information for the following purposes:

  • To customize, measure and improve the Site and our services;
  • To provide you with personalized content, for advertising and retargeting purposes;
  • Fraud prevention

We consider these purposes as in our legitimate interest​.

8 Personal information we collect about you from other sources

We may process - to the extent necessary for the provision of our services - personal data that we have legally received from other third parties (e.g. credit bureaus such as Bisnode, CRIF and Credit Reform) for credit checks (for example, to execute orders, to fulfill contracts or on the basis of a consent you have given). On the other hand, we process personal data that we have legitimately gained and are able to process from publicly accessible sources (e.g. debtor directories, commercial register, media, Internet).

9 Cookies and similar technologies

We use technology to track the patterns of behavior of visitors to our Site. This can include using a cookie internet file, a small file that is sent by our web server to your computer, which we can access when you make return visits to the Site. Storing cookies is usual practice for any website that needs to remember what its users’ preferences are and we use cookies to keep track of your selections on the Site. Most browsers accept cookies and similar tracking technologies automatically. However, if you prefer, you can configure your browser settings in a way that no cookies are stored on your computer or to notify you before a new cookie is placed. Each browser is a little different, so please follow your browser instructions on how to manage your browser settings. You can find more information about cookies at ​www.aboutcookies.org or ​www.allaboutcookies.org​. You are usually able to control tracking technologies via your browser.

If you use different devices (e.g. smartphone, tablet, computer, etc.) please make sure that each browser on each device is adjusted to reflect your cookie preferences.

Some internet browsers may include the ability to transmit “Do Not Track” or “DNT” signals. As uniform standards for “DNT” signals have not been adopted yet, this Site does not currently process or respond to “DNT” signals.

You also have the option to specifically opt-out from targeted advertising provided by advertising networks by visiting the following websites: ​www.aboutads.info/choices or www.youronlinechoices.eu/​. Please note that these websites will contain a list with numerous participating companies that we do not necessarily work with. For this reason, you also have the option to directly opt out from targeted advertising provided by the third parties we work with, through the designated links provided in Section 10. When you opt out, such networks will stop serving you targeted advertising based on the data collected via your browser, but may continue to collect and use information for other purposes.

To opt-out of all web tracking technologies, using an extension such as ​Noscript or ​Ghostery is the safest and best way: these browser extensions will disable all the known JavaScript trackers and ensure that your browser does not send a request to any of the external tracking servers mentioned above.

Please note that the rejection, blocking or deactivation of tracking technologies can result in restricting the availability of the services offered via the Site. Moreover, individual parts of the Site may no longer work correctly afterwards.

10 Use of third party tools

We also allow certain third parties to use cookies or similar technologies on our Site to collect data about your use of our Site and your interaction with its content and functions​. These third parties include analytics, advertising networks and other service providers that assist us in providing, evaluating, and improving this Site and our services and to provide targeted advertising based on your browsing activities and interests.

These third parties may also collect online-identifiers (e.g. User-ID) and/or IP-addresses. ​We do not have access to these cookies or to any personal identifiable data collected with these cookies that allows us to identify you. ​All data collected is made available to us only anonymously and in statistical form.

Below we will give you an overview and description of third party provider technologies we use on this Site​.

10.1 Matomo (formally Piwik)

At Advanon, our main source of understanding you, our valued visitor, is Matomo. We host our own Matomo server and all of the data stored through this system is never shared with any third party, not even the Matomo team. This setup is unique, as we have used its ability to optimize the configurations to get the insights we need while respecting your privacy. You can read more about their privacy policy on ​www.matomo.org/privacy/​.

To opt-out of our Matomo tracking click ​https://www.advanon.com/matomo-opt-out-en​.

10.2 Google Analytics and AdWords Conversion Tracking with anonymized IP (Google Inc.)

As an online company we are dependent on reaching our customers through online channels. Google is one of those channels that is very important for us. For this we use Google Analytics and Google Adwords. Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services like the ads that run on Google through Google Adwords.

Google may use the data collected to contextualize and personalize the ads of its own advertising network. This integration of Google Analytics anonymizes your IP address. It works by shortening Users' IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US. Please read more on their ​Privacy Policy​.

You can prevent the processing of your data by Google Analytics by installing the Google Analytics opt-out browser add-on available under https://tools.google.com/dlpage/gaoptout?hl=de​.

The browser add-on is available for most modern browsers.

10.3 Facebook custom audiences

If you do not want Facebook to associate the collected information with your Facebook profile, you can disable it at any time by visiting the URL https://www.facebook.com/ads/website_custom_audiences/.

If you are not a member of Facebook, you can disable the data transmission to Facebook also through http://www.youronlinechoices.com​.

10.4 New Relic

For server monitoring we use New Relic. This is a tool for monitoring server operations, web applications, and back end infrastructure, which operates under the Privacy Shield Framework; ​https://newrelic.com/privacy-shield.​ New Relic stores anonymous and Pseudonymous (IP Address (EU PII)) and browser client data that are only used for server performance monitoring purposes. All trace data is usually stored for a week and no longer than 90 days.

See ​https://newrelic.com/termsandconditions/privacy for their privacy statement.

11 How do we save information about you?

The personal data collected are stored electronically, either on Advanon’s own servers in Switzerland or Germany or in a data center of a commissioned service provider. Personal data collected can also be stored in paper form. All electronic messages that are sent to or from Advanon are automatically stored on an e-mail server that is operated either by Advanon or a service provider on behalf of Advanon. Personal data collected are in principal stored by Advanon for as long as they are required for the handling of the services via the Site. They are then destroyed in compliance with the statutory retention regulations.

12 Who has access to my data?

Within Advanon, employees who are responsible to fulfill our contractual and legal obligations by providing our services to you gain access to your data.

In order to provide a good and efficient customer service, the customer relationship with you may also be managed directly at local level by our affiliate Advanon Deutschland GmbH. For example, Advanon Deutschland GmbH answers to requests that you may submit through our Site or where otherwise necessary to handle the customer relationship with you. For these purposes, Advanon Deutschland GmbH may get access to your personal data and may process personal data on our behalf.

In addition, third party service providers and vicarious agents may also have access to the data, but only to the extent necessary to perform their respective services. These service providers may not disclose your personal data to third parties or use these for any other purposes than instructed. Examples may be data processing service providers, IT-companies, debt collection, and marketers.

We use Amazon Web Services (“AWS”) for hosting our Site. AWS is a service of Amazon Web Service Inc, P.O. Box 81226 Seattle, WA 98108-1226, USA (“Amazon”). The data is stored exclusively in a German data centre (Frankfurt am Main), which is certified according to ISO 27001, 27017 and 2018 as well as PCI DSS Level 1. All data stored by us on Amazons system is under our sole control and is automatically encrypted. Amazon is not allowed to access or use our data for any purpose whatsoever. For more information on AWS and data protection, please visit ​https://aws.amazon.com/de/compliance/eu-data-protection/ and https://aws.amazon.com/de/privacy/​.

With regards to the transfer of data to any third party outside Advanon, it is important to note that we are obligated to maintain secrecy about all customer related data. We may only disclose information concerning the customer if it is legally required to do so or if the customer has given his consent or if Advanon is authorized to disclose such matter. The circumstances may be:

  • legal or statutory requirements from public institutions (tax authorities, law enforcement agencies, family courts);
  • other credit and financial services institutions or entities of similar nature, to which we provide personal information in order to conduct our business relationship with you (e.g. correspondent bank, custodian bank);
  • creditors and insolvency administrators requesting foreclosures on assets;
  • third parties who are involved in the process of granting credits (e.g. insurance companies)

Other third parties who may have access to your data are those 1) for whom you have consented to the transfer of data; 2) for whom you have exempted us from confidentiality by explicit consent; or 3) to whom we have the authority to transfer personal data due to a consideration for balance of interests.

13 Is the data transmitted to a third country or to an international organization?

Some of the service providers we work with are based in a country outside the EU/EEA. However, we exclusively work with companies that offer an appropriate data protection level in line with the stipulations of the GDPR. We also have appropriate agreements in place to ensure that the service providers will take all necessary measures to protect your personal data in accordance with applicable requirements. It is important to note that as far as data is transmitted to service providers in the USA, we only work with data processing providers that participate in the EU-US and Swiss-US Privacy Shield Framework or that agree to be bound by the so-called “standard contractual clauses” of the EU-Commission.

Otherwise a transfer of data to countries outside Switzerland or the European Union only takes place, provided that

  • it is required in order to complete your orders (e.g. payment orders);
  • it is required by law (e.g. tax reporting obligations); or
  • you have given us your consent.

14 What security measures have we taken?

Advanon has taken appropriate technical and organizational security measures in order to protect your personal data against unauthorized access, misuse, loss or destruction. Appropriate security measures are also applied when storing emails.

15 For how long will my data be stored?

We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. It should be noted that our business relationship unless terminated explicitly by the user is a lasting obligation designed for years.

If the data is no longer required for the fulfillment of contractual or legal obligations, they are deleted on a regular basis, except for the following situations:

  • Fulfilment of commercial and tax obligations which are subject to the respective banking act, anti money laundering law. Usually a retention period of two to ten years is required after the termination of the business relationship.
  • Preservation of evidence within the statutory limitation period. Usually a retention period of 3 years is required.

16 What are my rights under data privacy law?

In respect to our processing of personal data related to you, you are entitled to the following rights free of charge:

  • right to withdraw your consent pursuant to ​Art. 7 GDPR
  • right of access to your personal data pursuant to ​Art. 15 GDPR
  • right to rectification pursuant ​to Art. 16 GDPR
  • right to erasure pursuant to ​Art. 17 GDPR
  • right to restriction of processing pursuant to ​Art. 18 GDPR
  • right to data portability pursuant to ​Art. 20 GDPR

Information about your right of objection under Article 21GDPR

Individual case related right of objection

You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this would also apply to profiling.

If you choose to exercise your right to object, we will no longer process your personal data unless we have compelling legitimate grounds for processing which outweighs your interests, rights and freedom, or the processing is necessary for the establishment, exercise or defense of legal claims.

The aforementioned right to object applies to all processing purposes described in this privacy policy, which are based on the legal basis of legitimate interest.

Right of objection to the processing of data for direct marketing purposes

Sometimes we process your personal data for direct marketing purposes. You have the right to object to such processing at any time for the purpose of such advertising. If you choose to object to the processing for direct marketing purposes, we will stop processing your personal data for such purposes.

Recipient of such objection

You can send your objection via email with subject “Right of Objection to Data Processing”. Please provide us with your name, email and your residential address and send it directly to

Advanon AG - Baslerstrasse 60 8048 Zurich Switzerland

Phone: +41 44 585 38 50 or Mail : objection@advanon.com

  • Right to lodge a complaint with a supervisory authority pursuant to ​Art. 77 GDPR: ​You also have the right to lodge a complaint with the competent supervisory authority if you feel that the processing of your data carried out by us is breaching applicable law.

If you have questions relating to this Privacy and Cookie Statement, if you wish to exercise any of your rights or if you have any other concerns regarding the processing of your personal data by us, please contact us by email at​ dpo@advanon.com​.

17 Is there a duty for me to provide data?

For the purpose of our business relationship, you must provide us with your personal information in order for us to initiate, conduct or terminate the relationship by fulfilling the respective contractual obligation. Without such information, we cannot conclude or terminate any contract with you. In particular, in accordance with the anti money laundering rules, we are obliged to identify you prior to the establishment of a business relationship based upon your identification documents, such as name, place of birth, date of birth, nationality, address and identification card. In order for us to be compliant under the law, you must provide us with the necessary information with the documents required by law. You must also notify us of any changes without delay. If you do not provide us with such information, we could not take up or continue a business relationship with you.

18 To what extent is there an automatic decision making?

Generally we do not use a fully automated decision-making process to justify and execute any business relationship. Should we use these procedures in any individual case, we will inform you separately about the case and let you know about your rights under such scenario, provided it is required by law.

At times we process your data for the purpose of evaluating certain personal or commercial aspects (profiling). Profiling can be used in the following scenarios:

  • Data evaluations for example in the case of payment transfer are carried out as part of our commitments as well as legal requirements to combat money laundering, terrorism financing and asset endangerment.
  • We use scoring to assess your creditworthiness, which calculates the probability of a customer to fulfil his payment obligations bound by a contract. This calculation may include details such as sources of income, expenses, existing liabilities, repayment behavior of previous loans and reports from credit agencies. The scoring is based upon a mathematically and statistically proven method and helps us to manage our credit risk internally. However the ultimate decision will be made by one of our credit risk colleagues using the information provided by the scoring.

We may change this Privacy and Cookie Statement at any time with effect for the future. The then current version of this policy will be made available on our Site. While we do not intend to make changes to this statement very often, please always check our most current Privacy and Cookie Statement. The most recent version date is located at the bottom of this statement.

Last update: 21 January 2019

SCHUFA-Information

Status: December 2018

1. Name and contact information for the controller as well as the company data protection officer

SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Tel.: +49 (0) 6 11-92 78 0

The SCHUFA company data protection officer may be reached at the address listed above, attn. Department of Data Protection or by email at datenschutz@schufa.de.

2. Data processing by SCHUFA

2.1 Purpose of data processing and legitimate interests pursued by SCHUFA or a third party

SCHUFA processes personal data in order to provide recipients with a legitimate interest information needed to evaluate the creditworthiness of individuals and legal entities. Scores are calculated and provided to this end. It only provides information if a legitimate interest in such information is credibly shown in a particular case and processing such information is permissible upon weighing all interests concerned. Without limitation, a legitimate interest in present upon entering into transactions with a financial default risk. A credit assessment serves to protect the recipient against losses in the lending business and, at the same time, provides an opportunity to protect borrowers from unreasonable indebtedness by providing counselling. Furthermore, data is processed for purposes of fraud prevention, integrity assessment, money laundering prevention, identity and age verification, address location, customer service or risk management as well as tariff classification and assessing conditions. Pursuant to Art. 14 (4) GDPR, SCHUFA will provide information regarding any changes to the purposes for which it processes data.

2.2 Legal bases for data processing

SCHUFA processes personal data on the basis of the provisions of the General Data Protection Regulation. Data is processed on the basis of consent as well as on the basis of Art. 6 (1) (f) GDPR provided that processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Consents may be revoked at any time by declaration to the relevant contractual partner. This applies in like manner to consents provided prior to the effective date of the GDPR. The revocation of consent does not affect the legality of personal data processed prior to revocation.

2.3 Data sources

SCHUFA receives its data from its contractual partners. They are institutions, finance companies and payment service providers domiciled in the European Economic Area and Switzerland as well third countries as applicable (to the extent an adequacy

decisions from the European Commission is available) that are exposed to a financial default risk (e.g. banks, savings banks, cooperative banks, credit card, factoring and leasing companies) as well as additional contractual partners who use SCHUFA products for the purposes described in section 2.1, in particular (mail order) retailers, e-commerce companies, service providers, leasing, energy supply, telecommunications, insurance or collections companies. Furthermore, SCHUFA processes information from generally accessible sources such as public registries and official publications (e.g. debtor registers, insolvency announcements).

2.4 Categories of personal information that is processed (personal data, payment history and contractual compliance)

  • Personal data, e.g. surname (if applicable prior names that may be provided upon special request), given name, date of birth, place of birth, address, prior addresses
  • Information regarding the initiation and execution of a transaction in accordance with the contract (e.g. Giro accounts, instalment loans, credit cards, garnishment-exempt accounts, basic accounts)
  • Information regarding undisputed, past-due claims subject to repeated dunning or reduced to judgement and their resolution
  • Information regarding abusive or otherwise fraudulent activities such as identity theft or credit rating
  • Information from public registries and official publications
  • Scores
2.5 Categories of recipients of personal data

Recipients comprise contractual and business partners listed in section 2.3 domiciled in the European Economic Area and Switzerland as well other third countries as applicable (to the extent an adequacy decision from the European Commission is available for such countries). Additional recipients may include external contractors pursuant to Art. 28 GDPR as well as external and internal SCHUFA recipients. SCHUFA is furthermore subject to the statutory powers of intervention held by public authorities.

2.6 Duration of data storage

SCHUFA stores information about persons only for a certain period.

Necessity is the decisive factor for defining this period. SCHUFA has established standard periods for a review of necessity for further storage and/or deletion of personal data. Based on these rules, the general storage period for personal data is three years from the date of their transaction. The foregoing notwithstanding, examples of other deletion periods include:

  • Information regarding enquiries twelve months to the date
  • Information regarding trouble-free contractual data related to accounts that are documented without the associated claim (e.g. Giro accounts, credit cards, telecommunications accounts or energy accounts), information regarding contracts for which an evidential review of provided by law (e.g. accounts exempt from garnishment, basic accounts) as well as guarantees and trading accounts that are maintained on the credit side, immediately after notification of termination.
  • Data from debtor registers of the central enforcement courts three years to the day, however earlier if SCHUFA is shown evidence of deletion by the central enforcement court
  • Information on consumer/insolvency proceedings or residual-debt exemption proceedings three years to the day following termination of the insolvency proceedings or issuance of a residual debt exemption. Deletion may be also be performed at an earlier date as specially warranted in specific cases.
  • Information regarding the rejection of an insolvency petition due to a lack of assets, the suspension of a stay or the failure of the residual debt exemption, three years to the day
  • Personal prior addresses remain stored for three years to the day; a review of the necessity of an additional three years of storage is conducted thereafter. Thereafter, they are deleted three years to the day provided that a longer storage period is not required for identification purposes.

3. Rights of the data subject

In relation to SCHUFA, every person concerned has the right of access under Art. 15 GDPR, the right of rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR and the right to restrict processing under Art. 18 GDPR. SCHUFA has set up a consumer service centre for the concerns of data subjects. It may be reached in writing at SCHUFA Holding AG, Privatkunden ServiceCenter, Postfach 10 34 41, 50474 Cologne, by telephone at +49 (0) 6 11-92 78 0 and via an online form available at www.schufa.de. Furthermore, it is also possible to contact the supervisory authority responsible for SCHUFA, the Commissioner for Data Protection of Hesse. Consents may be revoked at any time by declaration to the relevant contractual partner.

We are obliged to inform you that, according to Art. 21(1) GDPR, you can object to data processing on grounds relating to your particular situation (e.g. witness protection, women's shelter). You may submit your objection on an informal basis to SCHUFA Holding AG, Privatkunden ServiceCenter, Postfach 10 34 41, 50474 Cologne, Germany.

4. Profile development (scoring)

Before entering into transactions with a financial default risk, Business Partners want to be able to assess, to the greatest extent possible, whether payment obligations assumed can be satisfied. Based on a SCHUFA report, and profiling by means of so-called score values, SCHUFA supports lenders in making decisions and helps them quickly process day-to-day credit transactions. As part of the scoring process, a forecast of future events is created on the basis of information that has been collected and past experience. At SCHUFA, all probability values are calculated on the basis of the information stored by SCHUFA related to a data subject; this information referred to in the report pursuant to Art. 15 GDPR. In addition, SCHUFA complies with the provisions of section 31 BDSG in the scoring process. Entries saved with regard to a person are assigned to statistical groups of persons who had similar entries in the past. Scoring is based on mathematically and statistically recognised and proven methods.

The following types of data are used by SCHUFA to calculate scores, whereby not every data type is included in each specific score calculation: General data (e.g. date of birth, gender or number of addresses used in business transactions), previous payment problems, credit activity last year, credit use, length of credit history and address data (only if little personal credit-relevant information is available). Certain information is neither stored nor taken into account in calculating score values, e.g. information on nationality or particularly sensitive data according to Art. 9 GDPR (e.g. ethnic origin or information on political or religious beliefs). The assertion of rights according pursuant to the GDPR, e.g. the inspection of the information stored at SCHUFA under to Art. 15 GDPR likewise has no influence on score values.

The probability with which a person will repay a mortgage loan need not necessarily correspond to the probability with which they will pay an invoice for a mail order purchase on time. For this reason, SCHUFA offers its business partners a variety of industry-specific score models: so-called SCHUFA Industry Scores. As a rule, they represent the probability of a payment default within 15 months. For specific industries, the period may differ in order to better address the peculiarities of the business models customary in the sector (e.g. telecommunications, mortgage lending). Scores are constantly changing given that the information stored about a person by SCHUFA is subject to change as well. For example, new information is added whereas other information is deleted in line with applicable retention periods. In addition, information itself changes over time (e.g. the duration of a business relationship), so that changes may occur even without considering new information.

Please note: SCHUFA itself does not make any decisions; it only supports its affiliated business partners by providing information for their respective decision-making process. The specific business partner is solely responsible for risk assessment and evaluating creditworthiness due to the circumstance that only they have access to a wide variety of additional information, e.g. information contained in the credit application. This applies even if they rely solely on the information and score values supplied by SCHUFA.

Independent of credit rating scoring, SCHUFA supports its business partners in the form of FraudPreCheck (FPC) by creating profiles for recognising conspicuous facts (e.g. for the purpose of fraud prevention in mail order transactions). For this purpose, inquiries from SCHUFA business partners are analysed in order to examine them for potential anomalies. In addition to inquiries from the past ninety days, which, on the basis of SCHUFA findings, originate from known patterns of manipulation by the person inquired about; this calculation - which is carried out individually for the respective business partner - may also include address data, information whether and in which function an entry on a person in public life with matching personal data is included in generally accessible sources, as well as aggregated statistical information from the SCHUFA database. In addition, the inquiry times recorded in each case can also be taken into account when determining the anomaly, whereby SCHUFA assumes that the application was submitted by the person concerned within three hours before the time of inquiry listed.

Taking this information into account, a ten-digit anomaly value (FPC value) between 0 and 1 is determined for each request following the FPC procedure and is sent to the business partner. The smaller the FPC value, the less remarkable the inquiry data; the larger the value, the greater the anomaly. SCHUFA's business partners can use the value to further reduce risk in their business processes.

The significance attached to a specific FPC value for the respective business partner is always a decision for the business partner itself on the basis of the respective risk structure. An increased number of anomalies may, for example, result in the business partner not offering risky payment methods such as purchase on account, but this alone is no reason to reject an application. In addition to the FPC value, business partners also use their own fraud prevention procedures, which are often used in combination Given that a transaction in distance selling can take several steps until the ordered goods are delivered, for example, the business partner can access new information about anomalies in the form of updated FPC values until the transaction is completed.

The inquiry data transmitted by business partners for the purpose of fraud prevention are stored by SCHUFA for 12 months to the day and identified in the data copy (in accordance with Art. 15 GDPR). Furthermore, personal data currently stored by SCHUFA for processing in this procedure are likewise identified. The FPC procedure has no effect on SCHUFA's credit assessment and credit rating scoring.

Additional information about credit rating scoring or the recognition of suspicious situations is available at www.scoring-wissen.de.

Advanon AG | Price and service list

Prices

  • Registration: Free of charge
  • Usage fee: None

There are no recurring fees for customers. All costs are one-off and are incurred exclusively for the use of the financing product. The following costs may be incurred during use.

  • Brokerage fee: One-off costs, deducted from the financed amount before being transferred.
  • Interest: Interest accruing over the agreed term.
  • Sucessfee: Fee which is is deducted from the interest or default interest before being passed on to the investors
  • Default interest: Interest on a daily basis starting at the repayment date.
  • Reminder fees: Additional fees charged during a long delay.

The fees are determined separately for each individual financing and are clearly stated in the respective contract. Alternatively, Advanon can provide information on the fees for specific financing at any time should any uncertainties arise.

Possibility of complaint in the case of Advanon

The satisfaction of our customers with the products and services of Advanon AG is very important to us. If we do not meet your expectations, please let us know. We take your complaint seriously and strive to find a solution to your concern.

You can address your complaint to us either by post, e-mail or telephone:

  • Service Hotline: Phone +49 30 437 733 11 (​The charges of your telephone provider for a call to the German landline network are incurred​)
  • Email: team@advanon.com
  • Address: Advanon AG Baslerstrasse 60 8048 Zurich

Advanon offers its services in Germany in cooperation with Wirecard Bank, which is regulated by the German Banking Act (KWG) and directly supervised by the Federal Financial Supervisory Authority (BaFin). All complaints can also be forwarded to Wirecard Bank.

Complaint procedure with the wirecard bank

The satisfaction of its customers with its products and services is very important to Wirecard Bank. If Wirecard Bank or Advanon should fail to meet your expectations, please inform Wirecard Bank. Your complaint will be taken seriously and Wirecard Bank will endeavor to find a solution to your concern.

You can address your complaint to Wirecard Bank either by post, e-mail or using the online form.

  • Service-Hotline: Telefon +49 (0) 30 / 300 110 600 ​(The charges of your telephone provider for a call to the German landline network are incurred)
  • Email: beschwerde@wirecardbank.com
  • Address: Wirecard Bank AG Einsteinring 35 85609 Aschheim

Wirecard Bank participates in the dispute resolution proceedings of the consumer arbitration board "Ombudsman of Private Banks" (www.bankenombudsmann.de). There, the consumer has the opportunity to appeal to the ombudsman of the private banks to settle a dispute with the bank. If the subject of the complaint concerns a dispute about a payment service contract (§ 675f of the Civil Code), customers who are not consumers may also call upon the ombudsman of private banks. Further details are provided in the "Rules of Procedure for the Arbitration of Customer Complaints in the German Banking Industry", which are available on request or can be downloaded from the Internet at www.bankenverband.de. The complaint must be submitted in text form (e.g. by letter, fax or e-mail) to the Customer Complaint Office at the Bundesverband Deutscher Banken e. V., Postfach 04 03 07, 10062 Berlin, Fax: (030) 1663-3169, e-mail: ombudsmann@bdb.de.

Furthermore, the customer has the possibility to register at any time in writing or for recording at the Bundesanstalt für Finanzdienstleistungsaufsicht, Graurheindorfer Straße 108, 53117 Bonn, and Marie-Curie-Str. 24-28, 60439 Frankfurt am Main or at the European Central Bank, Sonnemannstr. 20, 60439 Frankfurt am Main, Germany, on violations of the Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz - ZAG), §§ 675c - 676c of the German Civil Code (Bürgerliches Gesetzbuch - BGB) or Art. 248 of the Introductory Act to the German Civil Code (Einführungsgesetz zum Bürgerlichen Gesetzbuch - EGBGB).

The Bank is a member of the Deposit Protection Fund of the Bundesverband Deutscher Banken e.V. and the compensation office Deutscher Banken GmbH. Bearer bonds issued by the Bank are not protected. For further details, please refer to No. 20 of the General Terms and Conditions, the "Information Sheet for Depositors" and the website of the compensation office Deutscher Banken GmbH at www.edb-banken.de.

Valid from 17.01.2019