Information on data protection

Privacy and the protection of personal data are of particular importance to MoneyPark AG ("MoneyPark", "we", "our"). This notice explains how we collect and process personal data when you use the MoneyPark AG Digital Services – i.e. the MoneyPark AG Tools (Search Portal, Login/Registration, My Account) and the public B2B Site – as well as when we provide services to our clients.

Together, these are collectively referred to as the "MoneyPark AG Digital Services."

Applicable Data Protection Law

MoneyPark AG is committed to protecting your personal data in compliance with all applicable data protection laws. This information is designed to align with both the Swiss Federal Act on Data Protection (FADP; "DSG") and the European Union's General Data Protection Regulation (GDPR). The specific law that applies depends on your place of residence and/or the location of the data processing. Where our services are offered to individuals in the European Economic Area (EEA), processing is subject to the GDPR; all processing within Switzerland follows the FADP/DSG.

Where information in this notice refers to "applicable law," this means either the Swiss FADP or the EU GDPR, as determined by your circumstances.

Important – Helvetia Public Website

The public website branded "MoneyPark by Helvetia"(the "Public Site") is exclusively data-processed by Helvetia Swiss Insurance Company Ltd ("Helvetia") and is subject to Helvetia's own privacy policy: https://www.helvetia.com/ch/web/en/about-us/contact/privacy.html

Definitions used in this notice

  • "Processing" means any operation performed on personal data, such as collection, recording, storage, use, adaptation, disclosure, archiving, erasure or destruction.
  • "Personal data"refers to any information relating to an identified or identifiable individual—that is, data that can be used to identify a person directly or indirectly, either alone or together with other data. For simplicity, the term "personal data" is used throughout this document to mean all such data.
  • "Sensitive personal data" refers to special categories of data that are subject to stricter legal requirements, including health data, information on racial or ethnic origin, religious or philosophical beliefs, biometric data for identification, or trade union membership.

MoneyPark, as the data controller, processes personal data when clients, prospective clients, or other individuals (collectively the "Data Subjects") use our services, submit requests, or interact with the MoneyPark AG Digital Services.

This information notice explains how we collect, process, and protect personal data in the context of our services. It describes the types of data collected, the purposes of processing, and the duration of data retention. This notice forms the basis for the processing of personal data across our business activities.

In addition to this general data protection notice, we may provide further information regarding specific data processing activities in consent forms, service agreements, general terms and conditions, or other communications. We ensure that every data subject is informed appropriately and in a timely manner about the processing of their data, even if the data is not collected directly by us.

Data protection management at MoneyPark

We are committed to protecting personal data and complying with applicable data protection laws. We maintain internal policies and guidelines to ensure the responsible handling of personal data in connection with our services.

All new employees receive data privacy training during onboarding to raise awareness of data protection principles and responsibilities. Our internal procedures are periodically reviewed to align with legal requirements and good practices.

Table of contents

  • MoneyPark as the data controller
  • General information on data protection
  • Special information on data protection
  • Rights of the data subject
  • Contact details for data protection concerns
  • Data processing in connection with MoneyPark AG Digital Services
  • Amendments

MoneyPark as the data controller

We are responsible for the data processing described in this information on data protection within the scope of our services. This applies unless otherwise specified, for example, in additional data protection notices, on specific forms, in general terms and conditions, or in individual contractual agreements.

Further information

We are the sole data controller for the data processing described in this data protection information, unless otherwise specified in specific data protection notices, forms, general terms and conditions, or contractual agreements.

In the context of certain services, we may collaborate with third-party service providers or partner institutions who may themselves act as independent data controllers.

Where applicable, these third parties are responsible for providing their own data protection information and for handling any data subject requests regarding their processing activities.

For further details on data transfers and third-party data controllers, please refer to the relevant contractual documents or contact us at dpo@moneypark.com.

General information on data protection

Legal basis for the processing of personal data

This data protection notice is aligned with the requirements of the Swiss Federal Act on Data Protection (FADP).

We process your personal data in accordance with applicable Swiss data protection law.

Data processing covers all operations performed on personal data, regardless of the tools or procedures used, including but not limited to collection, storage, use, modification (including pseudonymisation and anonymisation), disclosure, archiving, and deletion or destruction.

All data processing activities must respect the personality rights of data subjects. Depending on the context, data processing by us may be based on one or more of the following legal grounds:

  • The existence of a contract or mandate with us
  • Our legitimate interests
  • Compliance with legal obligations
  • Your consent

Categories of personal data we collect

Depending on how you interact with our website, client portal, or services, we may collect the following categories of personal data:

  • Identification and contact data: such as your name, postal address, email address, phone number, and identification numbers.
  • Financial data: including income, expenses, assets, liabilities, and banking details.
  • Property and real estate data: such as property address, type, size, energy efficiency, and other characteristics.
  • Employment and tax data: employment status, employer details, and relevant tax information if applicable.
  • Communication data: any data you provide when contacting us via forms, email, or phone, including conversation notes.
  • Technical and usage data: IP address, device type, browser type, session logs, and other metadata generated when you access our website or portal.
  • Marketing and preferences data: information related to your preferences and interactions with marketing communications (e.g. newsletter subscription status).

We only collect personal data that is necessary for providing our services, complying with legal obligations, or where you have consented.

Data exchange

In connection with the use of our website and client portal, we may share personal data with third parties in the following cases:

  • Service providers:
    External service providers support us in the operation and maintenance of the website, client portal, and other technical processes. These service providers are contractually obligated to maintain confidentiality and comply with applicable data protection laws.
  • Energy efficiency partner:
    We collaborate with a Swiss partner specialised in assessing the energy efficiency and refurbishment potential of real estate. To perform these assessments, we may share property-related details (such as postal code, street, and building characteristics). No personally identifiable information (such as your name or contact details) is transmitted for this purpose.
  • Authorities:
    We may disclose personal data to public authorities or regulatory bodies if required by law, legal proceedings, or official requests.
  • International data transfer:
    When we transfer your personal data to countries outside Switzerland or the EEA that do not offer an adequate level of protection (as determined by the Swiss authorities or the European Commission), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, binding corporate rules, or certification schemes. You may request a copy of these safeguards by contacting us.

Profiling and automated individual decision-making

We do not carry out profiling or automated individual decision-making processes that produce legal effects or significantly affect individuals.

Data security

We have implemented appropriate technical and organisational measures to protect personal data against unauthorised access, misuse, loss, or destruction. These measures are aligned with recognised industry standards and are reviewed and updated regularly, as needed to maintain a high level of data security.

Storage period

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, to comply with statutory retention periods, to protect legitimate interests (such as documentation or evidence purposes), or as long as claims may be asserted against us. Data may also be retained for technical reasons, for example, as part of backup copies.

If there are no legal or contractual obligations requiring further retention, personal data is deleted or anonymised as part of our regular processes once the applicable storage period has expired.

Special information on data protection

Where we request personal data from you, we will indicate in additional notices whether the provision of the information is required by contract, law, or is voluntary, as well as the possible consequences of non-provision. Note that if you do not provide certain necessary data, we may be unable to offer some or all of our services to you.

Mortgage and real estate simulation tools

We provide various simulation tools on our website and client portal to help users estimate mortgage affordability, assess property values, and evaluate potential energy efficiency improvements or renovation options.

When using these tools, users may be asked to enter property-related data (such as address, property type, size, and other characteristics) and personal financial data (such as income, expenses, and existing liabilities) to obtain personalised results.

This data is processed solely to generate the requested simulation results and to improve the accuracy and relevance of the simulations. Users' personal data entered in these tools is not shared with third parties unless the user consents to further processing (for example, by submitting a request for advice or financing).

Business partners and technical service providers

We process personal data in the context of our business relationships with partners and service providers. These may include financial institutions (such as partner banks), technical service providers, IT suppliers, and other contractual partners.

The following categories of personal data may be processed in this context:

  • Communication data (e.g. emails, contact details)
  • Contractual details (e.g. service agreements, scope of collaboration)
  • Master data (e.g. company names, contact persons)
  • Technical data (e.g. system logs, access records)
  • Compliance data (e.g. documentation to comply with legal or regulatory requirements)

We process the above-mentioned personal data for purposes such as:

  • Managing and executing contractual relationships (e.g. technical service agreements, partnerships)
  • Compliance with applicable laws, regulations, and internal policies
  • Risk management and operational security
  • Maintenance of business partner relationships and communications
  • Optimisation of technical services and platform performance

Personal data may also be obtained from third parties (e.g. verification services or data providers) if necessary for the proper execution of contracts or services.

Where required for service delivery, personal data may be transferred to recipients within Switzerland or, in specific cases, abroad, in accordance with applicable data protection laws.

Rights of the data subject

The applicable data protection law grants data subjects certain rights, provided that the relevant legal conditions are met. These rights include, for example, the right to request information about the personal data processed by us, to object to certain types of processing, or to lodge a complaint with the competent data protection authority.

Right to rectification

The right to request correction of inaccurate or incomplete personal data.

Right to erasure

The right to request the deletion of personal data when it is no longer necessary or when there is no legal basis to retain it under applicable laws and regulations.

Right to restriction of processing

The right to request that the processing of personal data be restricted in certain circumstances, for example if the accuracy of the data is contested or if the processing is unlawful.

Right to object to data processing and revoke consent

The right to object to the processing of personal data, particularly when processing is based on legitimate interests or for purposes of direct marketing, and the right to withdraw consent at any time when processing is based on consent.

Right of access

The right to request information about whether and which personal data we process, and to receive a copy of this data.

Right to data portability

The right to request the transfer of certain personal data to another data controller in a commonly used and machine-readable format, where technically feasible.

Rights in the case of automated individual decision-making

The right to express your point of view and to request that decisions based solely on automated processing that produce legal effects or significantly affect you be reviewed by a human.

Right to complain

Data subjects have the right to lodge a complaint with the competent data protection authority if they believe that their rights have been violated.

Contact details of supervisory authority

Swiss Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, CH-3003 Bern, Switzerland
www.edoeb.admin.ch

If data subjects wish to exercise any of the above rights, they may do so by contacting the data controller. For central points of contact, please refer to the section "Contact details for data protection concerns."

Please note that certain rights may need to be exercised directly with other independent data controllers (such as partner institutions or service providers) if the data processing is carried out by them. In such cases, data subjects are requested to contact the relevant third party directly.

Data subjects should be aware that, in accordance with applicable data protection law, certain conditions, exceptions, and limitations may apply to these rights. For example, we may need to continue processing and storing personal data to fulfil contractual obligations, protect our legitimate interests (such as establishing, exercising, or defending legal claims), or comply with legal obligations.

To the extent permitted by law, and in particular to protect the rights and freedoms of other individuals or to safeguard legitimate business interests, we may deny a data subject's request in whole or in part (for example, by redacting information relating to third parties or business secrets). In such cases, data subjects will be informed accordingly.

Contact details for data protection concerns

If you have any questions regarding data protection or wish to exercise your data subject rights, you can contact us using the subject line "data protection". Your request will be directed to our data protection contact person. We will handle data protection requests with due care and may seek clarification if necessary to confirm the identity of the requester.

Contact

MoneyPark AG
Data Protection
Zürichstrasse 130
CH-8600 Dübendorf
Switzerland

Email: dpo@moneypark.com

Data processing in connection with MoneyPark AG Digital Services

We process personal data in connection with the MoneyPark AG Digital Services primarily to handle user requests and inquiries. In addition, data is processed to improve and optimise the user experience, ensure the proper operation and security of the website and portal, and maintain records for documentation purposes.

Personal data may also be used, where applicable, for marketing, market research, and statistical analysis (such as customer surveys after using the services), and to offer personalised content or tools. In all other cases, any additional purposes for data processing will be clearly indicated at the time of data collection.

MoneyPark AG Digital Services

We are responsible for the MoneyPark AG Digital Services. In cases where other controllers are responsible (for example, when using services provided by third parties integrated into our website), this will be clearly indicated.

The MoneyPark AG Digital Services may contain links to external websites or services (for example, social media plugins). This data protection notice does not apply to those external sites or services; their own data protection policies apply.

Users can visit some parts of the MoneyPark AG Digital Services anonymously. In such cases, metadata may be collected, such as the browser type, device type, duration of visit, interaction type, pages visited, or IP address. This metadata may be combined with other data provided by the user (for example, if subscribing to a newsletter). External service providers, both in Switzerland and abroad, may be engaged in processing this data on behalf of us under strict confidentiality agreements.

Our website uses cookies and similar technologies (such as tracking pixels, web beacons, and tags) to enhance your browsing experience, provide analytics, improve site functionality, and ensure security. We also use approximate geolocation services (e.g. via MaxMind) to tailor content and improve service performance. You can manage cookies and similar technologies through your browser settings at any time.

Personal data is processed when users actively provide it while using online services (for example, by submitting a contact form, uploading documents, or requesting simulations).

Data exchanged over the Internet may be transmitted via servers located in other countries to ensure optimal performance and security. As a result, data may be transferred internationally even when both the sender and recipient are located in Switzerland.

Data transmitted to us via the MoneyPark AG Digital Services is encrypted. However, we cannot be held liable for any damage resulting from the loss or manipulation of data during transmission. Users are responsible for securing their own systems with appropriate protective measures (e.g. antivirus software) and for ensuring that their systems and browsers are kept up to date.

External service providers and third parties, located in Switzerland or abroad, may be used to operate the website and online services. These providers are contractually obligated to comply with applicable data protection laws.

E-mail

We remind users that the Internet is an open global network accessible to everyone. Communication via e-mail is typically unencrypted and generally handled during regular business hours. It is possible that data may be lost, intercepted, or manipulated by third parties, for example, to make it appear authentic.

We have implemented appropriate technical and organisational security measures within our own systems to minimise such risks. However, the confidentiality of data transmitted via e-mail cannot be fully guaranteed. This is particularly relevant when transmitting sensitive personal data.

E-mails may be delayed, misrouted, altered, or deleted during transmission due to technical issues or transmission errors. Devices and infrastructure used by external parties (such as users' PCs, smartphones, etc.) and parts of the transmission path are outside of our control and security perimeter. It is the responsibility of each user to ensure that their systems are properly protected (e.g. with up-to-date antivirus software and secure configurations).

We are not liable for any damage or consequences resulting from electronic communication, particularly if caused by misuse of the e-mail system outside of our control. In certain cases, we reserve the right not to respond via e-mail or to require an alternative method of communication (such as a signed document) for processing specific requests or transactions.

Online contact form

When visitors contact us using the online contact form, the data entered is transmitted in encrypted format in accordance with internationally recognised security standards to protect it from unauthorised access or misuse by third parties.

The type of data collected depends on the specific fields of the contact form. Personal data submitted via the form will not be disclosed to unauthorised third parties unless explicitly stated otherwise.

The data is stored only for as long as necessary to fulfil the purpose of the request and is deleted or anonymised once it is no longer needed.

Social media

We maintain a presence on various social media platforms to provide information and interact with users.

Please note that communication via social media channels is generally not fully secure or encrypted. For this reason, we recommend avoiding the exchange of sensitive personal data via social media. Where necessary, we may redirect conversations to more secure communication channels.

We have no influence over how social media providers collect, store, or process personal data. Users are encouraged to review the privacy policies of the respective social media platforms for more information on how their data is handled.

By contacting us via social media, users consent to being contacted through the same channel.

Telephone

We do not record telephone calls or process personal data from telephone conversations directly. However, in certain cases, we may provide contact numbers for Helvetia. Please note that Helvetia may record telephone calls or process personal data in accordance with its own data protection policies.

For detailed information regarding how Helvetia handles telephone communications and personal data, please refer to Helvetia's privacy notice: https://www.helvetia.com/ch/web/en/about-us/contact/privacy.html

Newsletter

Via the MoneyPark AG Digital Services, users may register to receive newsletters containing information about financial services and relevant offers from us, Helvetia, and selected cooperation partners.

We store the newsletter subscription status (e.g., opt-in or opt-out) in our or Helvetia's systems in order to manage subscription records and comply with applicable legal requirements.

When subscribing to the newsletter, the following personal data may be collected:

  • the email address provided by the user,
  • the (pseudonymised) IP address of the receiving device,
  • the date and time of registration.

For statistical purposes, we may use anonymised link tracking to analyse newsletter performance and improve content relevance.

Subscription data will not be shared with unauthorised third parties. Helvetia employees manage the newsletter on behalf of MoneyPark AG and have access to the relevant data. Users can unsubscribe at any time by clicking the unsubscribe link included in each newsletter or by contacting us directly.

Amendments

We reserve the right to amend this data protection information at any time without prior notice. The version published on the website at the time of use applies.

This data protection information is available in multiple languages. In the event of discrepancies, the English version shall prevail.

The version of the 19th of August 2025 published on our website applies. Please review this information regularly.