Data Protection Statement
SmartHypothèque SA (hereinafter referred to as “SmartHypothèque” or “we”) is a public limited company (UID CHE-154.255.470) whose purpose is to provide advisory services in mortgage financing and insurance brokerage. We may, on our own behalf or on behalf of third parties, carry out all financial, commercial, industrial, movable, and real estate operations in Switzerland and abroad that are directly or indirectly related to our main purpose; establish branches or subsidiaries in Switzerland and abroad; participate in any enterprises with a direct or indirect connection to our purpose; and grant loans or guarantees to subsidiaries, shareholders, or third parties. Our headquarters is located at Allée de la Petite Prairie 2, 1260 Nyon/VD, Switzerland.
As part of our professional activities, we collect and process personal data, particularly those concerning our clients, related persons, visitors to our website, participants in events, newsletter recipients, as well as other organizations or their respective contacts and employees (hereinafter also referred to as “you”). With this statement, we inform you about the processing of this data. In addition to this document, we may inform you through other means (e.g., forms or specific contractual clauses).
If you provide us with data concerning other individuals (e.g., family members, representatives, or other related persons), we assume that you are authorized to do so, that the data is accurate, and that you have ensured these individuals are informed about this communication, insofar as there is a legal obligation to inform them (e.g., by making them aware of this statement beforehand).
We process general personal data about you. Personal data includes any type of information that relates to an identifiable natural person.
In particular, we process your financial data, health data, location data, biometric data, as well as data related to your private and intimate sphere.
The Data Protection Officer is responsible for the processing activities described in this statement:
Luca Paladi
Allée de la Petite Prairie 2
1260 Nyon
data-protection@smarthypotheque.ch
When you use our services, browse www.smarthypotheque.ch (hereinafter referred to as the “site”), or contact us in any other way, we collect and process different categories of your personal data. We generally do this for the following purposes:
Communication: We process personal data to communicate with third parties or yourself, such as potential counterparties or authorities, via email, phone, letter, or other means (e.g., responding to inquiries related to advice, representation, or contract preparation and execution). In this context, we may send clients, contracting parties, and other interested individuals information about events, updates about our company, or other matters. This may include newsletters and other regular communications (electronically, by mail, or by phone). You may refuse such communications or revoke your prior consent to them at any time. For this purpose, we process the content of the communication, your contact details, and related metadata, as well as audio and video recordings of phone calls (including videoconferences). In cases of audio or video recording, we inform you separately, and you are free to indicate if you do not wish such recording or to end the call. If we need to verify your identity, we collect additional data (e.g., a copy of your ID).
Contract preparation and conclusion: For contract conclusion, especially to establish a mandate with you or your principal or employer, including resolving potential conflicts of interest, we may collect your name, contact details, powers of attorney, consent declarations, information about third parties (e.g., contacts or family information), contract content, contract date, creditworthiness information, and any other data you provide or we collect from public sources or third parties (e.g., commercial registers, financial information services, media, insurance companies, or the Internet).
Contract management and execution: We collect and process personal data to fulfill our contractual obligations to clients and other contracting parties (e.g., suppliers, service providers, project partners) and to provide and demand contractual services. This includes processing data for mandate management (e.g., advice and representation), contract execution, accounting, and public communication (if authorized). For this, we process data received or collected during pre-contractual steps, contract conclusion, and execution, as well as data obtained during contractual performance or from public sources or third parties (e.g., courts, authorities, information providers, media, or the Internet). This may include interview and consultation records, notes, internal and external correspondence, contract documents, documents created or received during our activities, general information about you or other individuals, mandate-related information, service proofs, invoices, and financial or payment information.
Website operation: To ensure the safe and stable operation of our website, we collect technical data, such as IP addresses, information about operating systems and device settings, region, duration, and type of usage. We also use cookies and similar technologies. For more details, see section 9 below.
Improvement of our digital offerings: To continuously improve our website and digital offerings, we collect data about your habits and preferences, such as analyzing how you browse our site and interact with our social media profiles and other digital offerings.
Registration of data: To use certain services or offers (e.g., [free Wi-Fi], newsletters), you need to register (directly with us or via external service providers). For this, we process the data provided during the registration process. We may also collect personal data about you during the use of the service or offer. If necessary, we provide additional information about the processing of this data.
Security and access controls: We collect and process personal data to ensure and continuously improve the security of our IT systems and other infrastructures (e.g., buildings). This includes monitoring and controlling electronic access to IT systems and physical access to premises (including biometric data processing), IT infrastructure analysis and testing, system and error checks, and creating security backups. For documentation and security purposes (preventive or to clarify incidents), we maintain access logs or visitor lists and use surveillance systems (e.g., security cameras). We inform you about the presence of these systems at the respective locations through appropriate signage.
Compliance with laws, authorities’ instructions, and internal regulations (“compliance”): We collect and process personal data to comply with applicable laws (e.g., anti-money laundering, tax obligations, or professional responsibilities), self-regulations, certifications, industry standards, corporate governance, and internal and external investigations involving us (e.g., by law enforcement, supervisory authorities, or private bodies).
Risk and business management: We collect and process personal data for risk management (e.g., protecting against criminal activities) and business management. This includes corporate organization (e.g., resource planning) and development (e.g., purchasing and selling business shares).
Job applications: If you apply for a job with our company, we collect and process related data to review your application, conduct the selection process, and, if applicable, prepare and conclude the related contract. This includes your contact information, details from related communication, and especially the data in your application, as well as additional data we may obtain about you, e.g., from professional networks, the Internet, media, and references (with your consent). Data processing for a future employment relationship is covered by a separate data protection statement.
Other purposes: These include, for example, data usage for training and education purposes or administrative tasks (e.g., accounting). We may listen to or record teleconferences or video conferences for training, evidence, and quality assurance purposes. In such cases, we inform you separately (e.g., via notifications during video calls), and you are free to indicate if you do not wish your image to be recorded or to end the communication. If you do not wish your image to be recorded, you can simply turn off your camera. Additionally, we may process personal data for the organization, implementation, and follow-up of events, such as participant lists, presentation content, and audio or video recordings made during the event. The preservation of other legitimate interests, which may not be exhaustively listed, is also part of these “other purposes.”
From you: The majority of the data we process is provided directly by you (or your device) (e.g., in connection with our services, the use of our website and applications, or communication with Smarthypothèque). You are not obliged to provide your data, except in specific cases (e.g., for legal obligations). However, if you wish to conclude contracts with us or use our services, you must provide certain data. Similarly, the use of our website is not possible without processing such data.
From third parties: We may also collect data from publicly accessible sources (e.g., debt enforcement register, land register, commercial register, media, or the Internet, including social media) or obtain it from (i) authorities, (ii) your employer or principal who has a business or other relationship with us, as well as (iii) other third parties (e.g., clients, insurers, credit information companies, merchant address providers, associations, contractual partners, or Internet analysis services). This includes, in particular, data we process in connection with the preparation, conclusion, and execution of contracts, as well as data from correspondence and discussions with third parties, along with other categories of data in accordance with section 4 above.
In connection with the purposes outlined in section 4 above, we share your personal data with the categories of recipients mentioned below. Where necessary, we seek your consent.
Service providers: We collaborate with service providers in Switzerland and abroad who (i) process data on our behalf (e.g., IT service providers), (ii) process data jointly with us, or (iii) process data under their own responsibility, using data they have received from us or collected for us. These service providers include, for example, IT service providers, banks, insurance companies, debt collection agencies, financial information companies, address verification services, law firms, or consulting firms. We typically enter into agreements with these third parties regarding the use and protection of personal data.
Clients and other contractual partners: This primarily includes our clients and other contractual partners to whom the transmission of your data is necessary under the contract (e.g., because you work for a contractual partner or they provide services to you). This category also includes organizations with which we cooperate in Switzerland and abroad. Recipients generally process data under their own responsibility.
Authorities: We may disclose personal data to offices and other authorities in Switzerland and abroad if necessary to fulfill our contractual obligations, particularly for mandate management, or if we are legally required or authorized to do so, or if it appears necessary to protect our interests. These recipients process data under their own responsibility.
Adverse parties and other involved individuals: To fulfill our contractual obligations, particularly for mandate management, we also share your personal data with other involved parties (e.g., guarantors, financiers, affiliated companies, references, or experts).
Other individuals: This includes cases where the involvement of third parties arises from the purposes mentioned in section 4 above. For example, this may involve delivery recipients or payment beneficiaries you have specified, third parties in the context of representation relationships (e.g., your lawyer, notary, or bank), or individuals involved in administrative or judicial proceedings. If we collaborate with media and provide them with material (e.g., photos), you may also be affected. As part of corporate development, we may sell or acquire new shares, parts of our business, assets, or companies, or enter into partnerships, which may also involve the disclosure of data (including information about you, e.g., as a client, supplier, or representative of such) to individuals involved in these transactions. In communication with competitors, industry organizations, associations, and other entities, data concerning you may also be exchanged.
All these categories of recipients may, in turn, involve third parties, making your data accessible to them. We may limit the processing of certain third parties (e.g., IT service providers) but not others (e.g., authorities, banks).
Additionally, we allow certain third parties to collect personal data about you on our site or during events organized by Smarthypothèque, including under their own responsibility (e.g., media photographers, providers of tools integrated into our site). In cases where we are not decisively involved in these data collections, these third parties are solely responsible. If you have concerns or wish to assert your data protection rights, we kindly ask you to contact these third parties directly. Your rights are defined in section 8 below, and details about our site’s activities are provided in section 9 below.
We primarily process and store personal data in Switzerland and the European Economic Area (EEA), but it may also be processed or stored in other countries worldwide—for example, through subcontractors of our service providers or as part of proceedings before foreign authorities or courts. In the context of our activities for clients, your personal data may also be transferred to any country worldwide.
If a recipient is located in a country without adequate data protection, we contractually require the recipient to maintain an adequate level of data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, available at the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32021D0914, including the necessary supplements for Switzerland), unless the recipient is already subject to a legal framework recognized for ensuring adequate data protection. We may also transfer personal data to a country without adequate data protection without entering into a specific contract if we can rely on an applicable exception. Such an exception may apply in particular in cases of overriding public interest or when the execution of a contract requires such a transfer in your interest (e.g., when we transfer data to our affiliates), when you have given your consent, or when it concerns data that you have made generally accessible and have not objected to its processing. In some circumstances, we also rely on the exception for data obtained from a legally mandated register (e.g., a human resources register) that we have lawfully accessed.
You have certain rights concerning our data processing activities. In accordance with applicable laws, you may, in particular, request information about the processing of your personal data, request the correction of inaccurate data, request the deletion of your data, object to data processing, request the delivery of certain personal data in a commonly used digital format, or request its transfer to another controller.
If you wish to exercise your rights with us, please contact us using the contact details provided in section 3 above. To prevent misuse, we may need to verify your identity (e.g., with a copy of your ID, if necessary).
Please note that conditions, exceptions, or restrictions may apply to these rights (e.g., to protect third parties or trade secrets, or due to our professional confidentiality obligations). We reserve the right to redact documents or provide only excerpts for data protection or confidentiality reasons.
The use of our website (including the newsletter and other digital offerings) generates data that is recorded in logs (primarily technical data). Additionally, we may use cookies and similar technologies (e.g., pixel tags or browser fingerprints) to recognize website visitors, analyze their behavior, and identify their preferences. A cookie is a small file transmitted between the server and your system, enabling the recognition of a specific device or browser.
You can configure your browser to refuse, accept, or automatically delete cookies. You can also disable or delete cookies on a case-by-case basis. To learn how to manage cookies in your browser, consult your browser’s help menu. By continuing to browse our website without using the cookie-blocking options described here, the user expressly agrees to the use of cookies. This also applies to the use of tracking, marketing, and analytics tools as well as social plug-ins.
In general, the technical data and cookies we collect do not contain personal data. However, data recorded about you by us or by third-party providers contracted by us (e.g., if you have a user account with us or these providers) may be associated with the technical data or information stored in and obtained from cookies, and therefore potentially linked to your person.
We also use social media plug-ins, which are small software modules that establish a connection between your visit to our site and a third-party provider. The social media plug-in informs the third-party provider that you visited our site and may transmit to this provider cookies that it previously placed on your browser. For more information on how these third-party providers use your personal data collected through their social media plug-ins, please refer to their respective data protection statements.
In addition, we use our own tools as well as services from third-party providers (which may themselves use cookies) on our site, particularly to improve the functionality or content of our site (e.g., integrating videos or maps), to generate statistics, and to display advertisements.
Currently, we may use services from the following providers and advertising partners. Their contact details and further information about their data processing practices can be found in their data protection statements: Google Analytics Provider: Google Ireland
Data protection information:
https://support.google.com/analytics/answer/6004245
Information for Google accounts:
https://policies.google.com/technologies/partner-sites?hl=en
Some third-party providers we use may be located outside Switzerland. For more information about data transfers abroad, refer to section 7 above. From a data protection perspective, these third parties are sometimes “only” processors acting on our behalf or on behalf of other responsible entities. Their data protection statements provide additional details about this.
We operate pages and other online presences on social networks and platforms managed by third parties and process data about you in this context. We receive data from you (e.g., when you interact with Smarthypothèque or comment on our content) and from the platforms (e.g., statistics). The platform providers may analyze your use and process this data together with other information they have about you. They also process it for their own purposes (e.g., marketing, market research, and managing their platforms) and do so under their own responsibility. For more information about processing by the platform operators, please consult the data protection statements of the respective platforms.
We currently use the following platforms, with the identity and contact details of the platform operator available in their data protection statements:
LinkedIn www.linkedin.com
Data Protection Statement: https://fr.linkedin.com/legal/privacy-policy?
We reserve the right, but are not obligated, to review third-party content before or after its publication on our online presences, to delete content without notice, and, if necessary, to report it to the relevant platform provider.
Some platform operators may be located outside Switzerland. For information about data transfers abroad, refer to section 7 above.
We assume that the EU General Data Protection Regulation (“GDPR”) does not apply to Smarthypothèque. However, if it exceptionally applies to certain data processing activities, this chapter exclusively applies for the purposes of the GDPR and to data processing subject to it:
As mentioned in section 4 above, the processing is necessary for the performance of a contract to which the data subject is a party or to take pre-contractual measures at the request of the data subject (Art. 6(1)(b) GDPR).
The processing is necessary for the protection of our legitimate interests or those of a third party, as indicated in section 4 above, particularly for communication with third parties or yourself, operation of our website, improvement of our digital offerings, registration for certain services, security purposes, compliance with Swiss law and internal regulations, risk or business management, and other purposes such as teaching, training, administration, evidence preservation, quality assurance, organization, execution, and follow-up of events, and safeguarding other legitimate interests (Art. 6(1)(f) GDPR).
The processing is required or permitted by law due to our mandate or status under EEA or member state law (Art. 6(1)(c) GDPR) or is necessary to protect the vital interests of the data subject or another person (Art. 6(1)(d) GDPR).
You have explicitly consented to the processing, e.g., via a declaration on our website (Art. 6(1)(a) and Art. 9(2)(a) GDPR).
We draw your attention to the fact that we generally process your data for as long as our processing objectives allow (see section 4 above), legal retention periods require, and our legitimate interests necessitate, particularly for documentation and evidence purposes or when storage is technically necessary (e.g., for backups or document management systems). If no legal, contractual, or technical reasons oppose it, we generally delete or anonymize your data after the retention or processing period expires in accordance with our usual procedures and retention policy.
If you do not provide certain personal data, it may be impossible to deliver the corresponding services or conclude a contract. Generally, we indicate cases where the personal data we request is mandatory.
As noted in section 8 above, the right to object to data processing applies particularly to cases of direct marketing.
If you disagree with how we handle your data or your rights, please inform us (see contact details in section 3 above). If you are located in the EEA, you also have the right to lodge a complaint with the data protection authority of your country. A list of EEA authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en.
This data protection statement does not establish a contractual relationship. Therefore, we may amend it at any time. The version published on our website is the one currently in effect.