Data privacy statement

1. Controller and data protection officer

This data privacy statement explains how we collect and process personal information in connection with this website.

"We" or "us" refers to Valora Schweiz AG, Hofackerstrasse 40, 4132 Muttenz, Switzerland, and bob Finance, branch of Valora Schweiz AG, Hardturmstrasse 161, 8005 Zurich, Switzerland, as joint data controllers.

You can contact our company data protection officer by e-mail at dataprivacy@valora.com or by post to Valora Schweiz AG, Hofackerstrasse 40, 4132 Muttenz, with the addition "the data protection officer".

2. Categories of data and purposes of processing

Data related to the purchase of a product and the creation of a customer account: If you decide to enter into a purchase agreement for one or more of the products offered on this website, we collect certain personal data (name, first name, date of birth) and contact data (e-mail address and address). We need this information to create your customer account, contact you if necessary, and deliver the purchased products to you. If you wish to conclude a financing contract for the purchase of a mobile phone, we require additional information from you to check your creditworthiness and - in the case of a positive creditworthiness check - a copy of your ID document and your mobile number for the purpose of unambiguous verification of the personal details you have provided. If a financing contract is concluded, we can send you payment reminders by SMS, e-mail or letter post. We also use your transaction history (including the serial and IMEI number of the device purchased) to ensure the proper processing of the contract and your compliance with the website terms and conditions.

Data relating to your means of payment: You may be prompted to specify a valid means of payment during the purchase process. The information about your payment method is collected via our website directly by our payment service provider Datatrans under its own responsibility. Valora receives from the payment service provider a credit card alias, the card type and the expiry date for the purpose of triggering a payment. We also receive a masked form of the credit card number (for example 123456XXXXXX7890) to allocate incoming payments. For more detailed information on how the payment service provider processes your data, please refer to the payment service provider's privacy policy at www.datatrans.ch/de/datenschut... marketing: If you give us your consent, we will use your email address, shopping cart and transaction history to send you attractive offers and relevant information about our products.

Protocol and analysis data: When you visit our website, our web server automatically records details of your visit, such as your IP address, the web site from which you are visiting us, the type of browser software used, and certain information regarding your website usage, including the date and duration of your visit, as well as information about which products you viewed on our website and which products you placed in your shopping cart. We use tracking technologies, cookies and third-party analysis services to collect protocol and analysis data. You can read more about this in our Cookie Policy.

3. Obtaining your personal data from third parties

If you apply for the conclusion of a financing agreement, we will transmit your personal data (name, address, date of birth) as well as device and browser information of the device from which you access our website to credit agencies (e.g. ZEK, CRIF). The credit agencies carry out a credit and fraud check on the basis of your personal and device data. They send us the results of the checks, which we take into account when deciding about whether or not we can offer you a financing contract. In the context of the credit check, we will also scan your data against existing customer and contract databases of bob Finance.

4. Automated decisions

Based on the creditworthiness information, our systems use algorithms to determine the risk of a financing requested by you. Our systems will make a fully automated decision as to whether or not we can offer you a financing contract.

5. Transfer of your personal data

  • Transfer to employees and affiliated companies: If necessary for the processing purposes stated above, we may disclose your personal data to our own employees and to our affiliated companies (regularly within, and exceptionally outside, Switzerland).
  • Disclosure to third parties: As part of the creditworthiness check, we will forward your personal master data and device data to the relevant credit agencies. In addition, your data will be forwarded to the insurer when you take an insurance policy for your new device (AppleCare+).
  • Disclosure to data processors: For the purpose of verification of the information provided by you, an external service provider receives your personal master data and compares it with the information on your uploaded ID document. Also for the purpose of fulfilling the contract between you and us, we may engage third parties and, if necessary, provide them with your personal data – accordingly, we provide our logistics partner with your name and address for the purpose of product delivery, and our SMS dispatch service provider receives your mobile phone number and relevant information on outstanding amounts.
  • Disclosure in connection with financial transactions: If we are involved in a merger, joint venture, acquisition or sale of equity or assets, we may share your information with a transaction partner.
  • Disclosure in connection with criminal proceedings: To the extent permitted by law, we may disclose information that is necessary or beneficial to investigate or prevent an actual or suspected criminal offense or other violation of our or a third party's rights.

6. Place of processing and onward-transfer to third countries

Your data will be processed in Switzerland and abroad. If it is necessary or appropriate to transfer your personal data to a country that does not have an adequate level of data protection, we will ensure appropriate guarantees: Either we will conclude the recognized standard contractual clauses with the recipient or the recipient can prove that it is self-certified under the Privacy Shield (EU-US/CH-US).

7. Duration of processing

We process your personal data only as long as it is necessary for the respective processing purpose or until the legal or contractual retention period for your personal data has expired.

  • We store personal master data and contact data for a period of 5 years after conclusion of the contract (direct purchase) or expiry of the contract (financing contract).
  • We store contracts for a period of 10 years after conclusion of the contract (direct purchase) or expiry of the contract (financing contract).
  • We store creditworthiness data until 10 years after the expiry of the financing contract.
  • We store a copy of your identification document until 10 years after the expiry of the financing contract.
  • We store means of payment data for a period of 5 years.
  • We store electronic correspondence for a maximum period of 5 years.
  • If you have consented to receive attractive offers and information about our products from us, we will use your e-mail address for this purpose until you revoke your consent, for example by clicking on the "Unsubscribe" link in our e-mail.
  • We store protocol and analysis data in personal form for a maximum period of 26 months.

8. Your Rights

You have the following rights in connection with your personal data:

  • Consent withdrawal: For those data processing operations to which you have given your consent, you have the right to revoke your consent at any time.
  • Right to information: You also have the right to learn from us which data we process about you, on what legal basis and for what purposes, and to request a free copy of your personal data.
  • Right of rectification: If your data is incomplete or incorrect, you have the right to request rectification of your personal data. Some information can be entered independently in your customer account.
  • Right to deletion: You can demand that your personal data be deleted, especially if they are no longer needed for the purposes described.
  • Right of limitation: You may request that your personal data be limited in its processing and/or disclosure.
  • Automated decisions: Where decisions within the framework of this website are based exclusively on automated processing, you may request a manual review of a negative decision.

If you wish to exercise your rights, please address your request to our data protection officer (contact information in Section 1).

Right of filing a complaint: If you have reason to believe that Valora is not processing your personal data in accordance with the applicable laws and regulations and/or if you do not agree with the response to your request to grant your rights, you can lodge a complaint with the supervisory authority.

9. Links to third party websites

The establishment of links to third party websites is at your own risk. We have not checked the external websites linked to our website and accept no responsibility for how the website operators process personal data. We recommend that you read the data protection statements of external websites in advance.

Changes to this privacy statement

We reserve the right to change this privacy policy at any time. The last line of this Privacy Policy reflects the date of its last update. New versions will be marked, e.g. by a "new" label.

Last updated on: 21.10.2019