This privacy policy has been translated from German to make it easier to access and understand. Please note that in the event of any discrepancies or ambiguities between the German version and the translation, only the original German version is legally binding and authoritative. The German version of this privacy policy can be found here: https://accept.credibill.ch/de/privacy-policy/.

---

CrediBill Accept allows you to pay invoices by using a link sent to you by the biller. 

This statement provides you with information about how we handle and protect personal data on CrediBill Accept. 

CrediBill Accept is available as a website (https://www.accept.credibill.ch).

In this statement we explain

• who processes personal data,
• what personal data we process
• the purposes for which we process personal data
• to whom we disclose personal data,
• how long we store personal data,
• whether you are obliged to provide us with personal data, 
• what rights you have as a data subject.

Our data processing is subject to the Swiss Data Protection Act (DPA) and, under certain circumstances, the European General Data Protection Regulation (GDPR).

We may amend this Privacy Policy at any time. The version published in CrediBill Accept applies in each case.

Date of the last change: 29.04.2024

The controller within the meaning of data protection law is:

Finviu AG
Sumpfstrasse 32
6312 Steinhausen
https://www.accept.credibill.ch
info@finviu.ch

If you have any questions or concerns about data protection, please contact:

Finviu AG
Data Protection Officer
Sumpfstrasse 32
6312 Steinhausen
https://www.accept.credibill.ch
info@finviu.ch

When visiting the website / using the app

When you visit CrediBill Accept, our server creates a log file. In it, we collect and process the following data (hereinafter referred to as technical data):

• The IP address from which CrediBill Accept was accessed. This is a number used on the Internet that can be used to communicate on the Internet.
  
• The date and time of access to CrediBill Accept.
• HTTP protocol information, such as protocol type, protocol version, http requests, status codes, details of the transferred data. This is technical data that is generated during network traffic on the Internet.
• Error messages that occurred during access.
• The type and version of browser used by the user, as well as their operating system and the model of computer or mobile device.
• The website from which the user accesses CrediBill Accept.
• Cookies, i.e. small text files that store certain user settings (such as language settings, e-mail address).

On CrediBill Accept, we use the open source software tool Matomo (formerly PIWIK) to analyze the surfing behavior of our users. This software places a cookie on your computer. If individual pages of our website are accessed, the following data is processed:

• The website from which you visit us.
  
• The parts of our site that you visit, including the selected language setting.
• The date, time and duration of your visit.
• Your anonymized IP address.
• Information about the device (device type, operating system, screen resolution, language, country in which you are located and web browser type) that you use during your visit.

The software runs exclusively on the servers of CrediBill Accept. Users' personal data is only stored there. The data is not passed on to third parties.

You can activate or deactivate tracking by our Matomo instance. To do this, click on the checkbox at the bottom of the page.

During registration

When you register with CrediBill Accept, we collect and process the following data (hereinafter referred to as registration data):

• Full first name and surname or full company name
  
• Residential address or company address, incl. country
• Nationality (private individuals)
• Date of birth (private individuals)
• Gender (private individuals)
• Mobile number or telephone number
• E-mail address
• Personal password

When paying an invoice

When you use a payment link in CrediBill Accept to pay an invoice, we collect, record and process the following data (hereinafter payment data):

• Name and address of the payee and the recipient bank
  
• Account number of the payee
• payment amount
• Payment reference (QR reference, SCOR and/or payment purpose)

Your credit card data is processed by payment service providers that are PCI-DSS certified. We do not have access to this data. If you wish to store your credit card on CrediBill Accept for future payments, we have the following credit card data:

• Masked credit card number, i.e. only the first six (6) and last four (4) digits of your credit card
  
• Expiry date of your credit card
• Brand of your credit card (Mastercard, Visa or American Express)
• Name of the credit card holder

When using the live chat functions

When you use our live chat functions in CrediBill Accept, we collect and process the following data (hereinafter referred to as chat data): 

• Chat transcript
  
• e-mail address
• Browser, operating system, end device
• Number of page views, number of page visits, referrer
• URL (where the chat was started)
• Survey before and after the chat
• Chat topic, chat status (new, waiting, finished), chat rating after the chat, duration of the chat, date of the chat
• Geo-location (only with your consent in individual cases)
• Media files that you share with the operator during the chat
• Optional data fields that CrediBill Accept transfers to the chat software
• IP address

We collect and process personal data for the following purposes:

With reference to technical data:
We use this data to operate our website in a user-friendly manner and to be able to offer you our payment services and process these payment services. We also use this data to track and solve technical problems, to troubleshoot, to defend against attacks on our infrastructure, to support analyses in the event of a hacker attack and to compile visitor statistics for our website. We process the data collected in Matomo for statistical purposes, to improve CrediBill Accept and to detect and prevent misuse.

Insofar as the GDPR is applicable, the processing is carried out on the following legal basis: The processing is necessary for the purposes of Art. 6 para. 1 let. f GDPR to safeguard our legitimate interests. The legitimate interest consists in troubleshooting and solving problems, troubleshooting, defending against attacks on our infrastructure, supporting analyses in the event of a hacker attack and compiling visitor statistics for our website, statistical purposes, improving CrediBill Accept and detecting and preventing misuse. 

With reference to registration data and payment data:
We use this data to be able to offer you our payment services and to process these payment services.

This also includes advertising measures by e-mail, with which we inform you, for example, about new functionalities or partners of CrediBill Accept, provided that you have consented to the use of your e-mail address for these purposes. You can revoke this consent at any time in your user account.

We also use this data to comply with our legal obligations.

We also use this data to detect and prevent misuse or other improper use of CrediBill Accept. In particular, we use payment data to check that no goods or services are paid for via CrediBill Accept for which payment is not permitted on CrediBill Accept.

In order to verify your identity and decide whether to activate your account, we use registration data for automated decisions in individual cases. In particular, we transmit address data to Swiss Post to verify the address provided.

Insofar as the GDPR is applicable, processing takes place on the following legal bases: Processing is necessary within the meaning of Art. 6 para. 1 lit. b GDPR for the performance of a contract to which the data subject is party and in order to take steps at the request of the data subject prior to entering into a contract. With regard to advertising measures by e-mail, processing is based on your consent within the meaning of Art. 6 para. 1 lit. a GDPR.

With regard to chat data: 
We use this data to offer you customer support regarding CrediBill Accept and to support you with questions about CrediBill Accept on a chat basis in real time and by means of asynchronous communication.

Insofar as the GDPR is applicable, processing takes place on the following legal basis: Processing is necessary within the meaning of Art. 6 para. 1 lit. b GDPR for the performance of a contract to which the data subject is party and in order to take steps at the request of the data subject prior to entering into a contract.

We disclose personal data to the following persons within the scope of the processing purpose (see section 3):

• to processors who process personal data on our behalf, in particular IT service providers, such as our service provider for chat-based customer support, Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne, Germany and our service provider for compliance checks, Post CH AG, Wankdorfallee 4, 3030 Bern, Switzerland;
• to banks and payment service providers that charge your credit card, e.g. Bank Frick & Co. AG, Landstrasse 14, 9496 Balzers, Liechtenstein and Datatrans AG, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland;
• to banks and payment service providers that accept the amount charged to your credit card;
• to banks and payment service providers that forward the invoice amount to the biller on our behalf, e.g. PostFinance AG, Mingerstrasse 20, 3030 Bern, Switzerland;
• to banks of the biller;
• to other bodies involved in payment processing; and
• courts, authorities and regulators, in each case within the framework of the statutory provisions.

We transmit payment data to Bank Frick & Co. AG, Landstrasse 14, 9496 Balzers, Liechtenstein, which processes the data in Liechtenstein, Ireland and the United Kingdom. All these countries guarantee adequate data protection in accordance with the FADP. 

We also transmit chat data to our processor Userlike UG (haftungsbeschränkt), which processes the chat data in the European Union and in some cases also outside the European Union. The member states of the European Union guarantee adequate data protection within the meaning of the FADP and the GDPR. With regard to the transfer of chat data abroad outside the European Union, our processor has concluded sufficient contractual guarantees (standard data protection clauses) within the meaning of the FADP and the GDPR with the foreign data recipients, which guarantee adequate data protection abroad.

We store your personal data for ten years after you close your user account.

Yes, in order to use our payment services, you must provide us with the registration data (see section 2). Without this data, you cannot register with CrediBill Accept or we cannot activate your account.

You have the following rights within the framework of the legal requirements and restrictions of the FADP and/or the GDPR:

• You have the right to information, rectification and erasure and restriction of data processing. 
• If our processing is based on your consent, you have the right to withdraw this consent at any time.
• You have the right to object to the processing of your personal data at any time. 
• You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another person.
• You have the right to intervene in automated decisions in individual cases, to present your point of view to us and to challenge the decision.

We will respond to your requests in accordance with the legal requirements. You can find the contact details for inquiries about data protection in section 1 above.

You also have the right to lodge a complaint with the supervisory authority within the framework of the legal requirements and restrictions of the DPA and/or the GDPR. The supervisory authority responsible for us is the Federal Data Protection Commissioner (FDPIC), Feldeggweg 1, CH-3003 Bern (https://www.edoeb.admin.ch/). A list of all supervisory authorities in the European Union can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_de