Protecting your data from misuse is our top priority. This protection is ensured through the use of Collecta AG's platform technology, which has been tried and tested for years. The operation of this platform meets the security standards according to ISO 27001 and is regularly checked by annual audits. The applicable data protection regulations are fully complied with.
Summary of the most important points:
- Secure storage of your data according to ISO 27001
- No disclosure of your data to third parties
- No further use of your data
- No storage of your credit card and/or payment data
2. person in charge
The person responsible within the meaning of the Data Protection Act is:
Smart GmbH, Birkenstrasse 47,
3. processing of personal data
Personal data is any information relating to an identified or identifiable natural person. We only process personal data where this is necessary to provide our services or where you have given us your consent to do so.
Personal data are name, address, telephone number, e-mail address, gender, date of birth, copy of ID and incoming debt collection office documents (extract) in digital form. All this data is stored exclusively in multiple encrypted form on servers in Switzerland. Our hosting partners are also ISO 27001 certified.
A transfer of personal data to third parties (marketing companies, credit agencies, credit checkers) is excluded.
3.1 Access data
Each time you access our website, certain data is automatically collected and stored to enable us to use the website. This data includes, among other things, the IP address of the accessing end device, date and time of access, name and URL of the accessed file, referrer URL, browser used and operating system of the accessing end device as well as the name of the access provider. This data is used exclusively for the technical administration of the website and to combat abuse.
3.2 Inventory data
For the delivery of a debt collection statement, we collect and store the following personal data: Name, address, telephone number, e-mail address, gender, date of birth and a proof of interest (ID).
3.3 Payment data
The payment process takes place entirely with our payment provider Datatrans. Accordingly, payment data such as credit card number, bank details or Twint account are stored exclusively at Datatrans.
3.4 Usage data
When you visit our website or obtain services, we collect usage data such as the extent of use, the web pages and functions you access and the date and time of access.
As a data subject, you have the following rights:
- Right to information: You can request information about which of your personal data has been processed.
- Right of deletion: You can request the deletion of your data.
Important: The data you have entered in connection with an order will not be changed.
Please contact us if you wish to exercise your data protection rights. We will review your request and provide you with feedback.
3.5 Disclosure of data
We only pass on your personal data to the payment provider as far as it is necessary for the payment and to the responsible debt collection office within the scope of the order processing.
4. google services
- You can deactivate personalised advertising from Google: https://adssettings.google.com/anonymous?hl=en&sig=ACi0TCie_PP0WXzD2NDiHGJny9ca0PSQVyMysggnxws0C7Hxy7edd8F9O3gyme7JNE3bplGpLmt8pU3iFPJYnpIHlEL7FSn5hXWg8EhEQAbCywX-v9nEW3M
- You can deactivate personalised advertising for each device individually: (https://support.google.com/ads/answer/1660762?hl=de-DE#mob)
- You can deactivate personalised advertising via your browser: (https://optout.networkadvertising.org/?c=1)
4.1 Google Analytics 360
Your data will be stored by Google Analytics for a period of 14 months. After this period, the data is deleted and only aggregated statistics are kept.
The use of Google Analytics is based on your consent (Art. 6 para. 1 lit. a GDPR).
You can revoke your consent at any time and deactivate Google Analytics with a browser add-on. You can download this here: https://tools.google.com/dlpage/gaoptout. Alternatively, you can also revoke your consent as described here: https://developers.google.com/analytics/devguides/collection/analyticsjs/user-opt-out. The lawfulness of the processing carried out until your revocation remains unaffected.
4.2 Google Remarketing & Advertising Personalisation on the Google Network
The use of these services is based on your consent (Art. 6 para. 1 lit. a GDPR).
You can block cookies in your browser. This will not affect the lawfulness of the processing carried out until your revocation. Furthermore, the remarketing cookie will be automatically deleted as soon as it is no longer necessary for the purposes for which we collected or used it in accordance with the above paragraphs.
4.3 YouTube Pixel
If you have consented, we use the YouTube pixel. This is a tracking code that is loaded when our website and certain subpages are accessed and certain actions are performed, and thus tracks your behaviour on our website. The pixel also collects usage data (such as URL, referrer URL, IP address, device and browser characteristics and timestamp). We transmit this information to Google so that Google can display advertisements on YouTube according to your behaviour on our website.
We use the YouTube pixel on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can block cookies in your browser. This has no influence on the lawfulness of the processing carried out until your revocation.
4.4 Google Enhanced Conversions
This technology is not based on cookies or pixels. When you use our website and are referred by a Google ad, we send a hashed identifier and information about potential purchases to Google. Google will only use this information to understand which ad you clicked on, to measure the success of certain ads and to provide us with this information in aggregate form. In particular, Google will not use the data to serve targeted ads to you or other users, or store or use the data for any other purpose. We transmit this data on the basis of our legitimate interest in managing our marketing activities (Art. 6 para. 1 lit. f GDPR).
5. data security
We use technical and organisational security measures to protect your data from unauthorised access, loss or alteration. Our security measures are state of the art and ISO 27001 certified. They are reviewed and adjusted through annual external audits.
However, it is important to note that no data transmission over the Internet to 100% is secure and therefore we cannot guarantee the absolute security of your data. You can do your part to ensure security by always using the latest browser version and anti-virus software to increase the security of your data.
6. final provisions
6.1 Severability clause
6.2 Applicable law
Rotkreuz, 7 March 2023