USE OF PERSONAL DATA COLLECTED
PrestaFlex – Privacy Policy
Version: 31.03.2026
1. Data controller and contact
PrestaFlex Services GmbH, Dorfplatz 4, 6330 Cham (ZG), Switzerland (UID/CHE: CHE-172.635.391) (“PrestaFlex”, “we”) is the data controller for the personal data processing described in this Privacy Policy.
General contact: info@prestaflex.ch | +41 41 726 55 10
Data protection contact: privacy@prestaflex.ch Mr. Münür ASLAN manager.
This Privacy Policy applies to the use of www.prestaflex.ch, our online forms and our communications in connection with our financing brokerage/intermediation services (corporate and private clients) as well as, where applicable, private equity activities.
2. Principles and legal framework
We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).
We apply in particular the principles of proportionality, purpose limitation, security, accuracy and storage limitation.
3. Categories of personal data processed
3.1 Website browsing, cookies and similar technologies
When you browse the website, we may process technical and usage data (IP address, cookie identifiers, browser, device, pages viewed, time spent, events, referrers, etc.).
We use a cookie/consent management platform (“CMP”) allowing you to accept/refuse certain categories of cookies. Settings can be changed at any time via [link/cookie settings].
3.2 Contact requests, forms, meetings and communications
When you contact us (form, email, phone, video call), we process contact data and the content of your request (name, company, title, phone, email, message, attachments, etc.).
3.3 Financing brokerage/intermediation (companies) – data processed
When you use our brokerage/intermediation services for corporate financing, we may process, depending on the case:
• Request data: amount, tenor, type of financing, intended use of funds, preferred structure, bank account details/IBAN where necessary.
• Company data: company name, registered office, legal form, industry/sector, number of employees, years in business, commercial register details, financial statements (e.g., balance sheets/P&L), existing financing contracts, share register, shareholders’ meeting minutes, professional liability insurance policy and other insurance, indebtedness and liquidity, shareholder/participation information where relevant, and other documents deemed useful for processing, assessment/analysis and reputation checks.
• Related persons (directors, representatives, beneficial owners/UBO): identity, contact details, date of birth, nationality, signature/representation rights; compliance checks where required (due diligence, sanctions/PEP/watchlists).
3.4 Financing brokerage/intermediation (private individuals) – data processed
When you seek a financing solution as a private individual, we may process, depending on the file: identity and contact details, employment and financial situation, expenses, customary supporting documents, as well as compliance and creditworthiness checks where required by law or by partners.
Depending on the services, PrestaFlex may act as an introducer for Cashflex MultiCredit GmbH (see specific terms and information where applicable).
3.5 Recordings and transcriptions (quality / security)
Certain calls/video meetings may be recorded and, where appropriate, transcribed into the CRM for quality, security, training and traceability purposes, in accordance with applicable law. Access is restricted and retention is limited. Such communications may in particular be carried via 3CX and Microsoft Teams.
AI/LLM tools: In some cases, we may use AI-based assistance tools (e.g., ChatGPT, Claude, Gemini, Copilot) to support structuring, summarisation and analysis, in compliance with the data minimisation principle and the security measures described in this Policy (e.g., limiting data, pseudonymisation/anonymisation where possible, restricted access, logging). Unless specifically authorised and covered by an appropriate contractual framework, we avoid inputting highly sensitive or unnecessary data.
When WhatsApp Business is used, it is used under internal security rules (e.g., limiting documents shared and redirecting sensitive documents to secure channels).
4. Purposes of processing
We process personal data in particular to:
• respond to your requests and communicate with you;
• conduct preliminary analyses and structure files;
• carry out compliance due diligence (KYC/AML), fraud prevention and checks required by our partners;
• present your file to potential partners (banks, lenders, investors) on a need-to-know basis;
• execute the mandate, manage the client relationship, billing and evidence;
• ensure website/systems security and prevent abuse;
• measure audience and improve the website and our services (analytics);
• marketing/communications, where you consent or where permitted by law.
5. Legal bases (FADP / GDPR where applicable)
Depending on the context, legal bases may include:
• performance of pre-contractual steps and/or a contract (mandate);
• compliance with legal obligations (e.g., compliance, fraud prevention);
• overriding legitimate interests (e.g., IT security, abuse prevention, service improvement);
• consent (e.g., certain cookies, newsletters/marketing).
6. Disclosure to third parties, processors and international transfers
We may disclose data to:
• financial partners (banks, lenders, investors, insurers, financial companies) for the assessment and implementation of a transaction;
• service providers (hosting, CRM, IT, security, creditworthiness checks, e-signature, analytics, etc.) acting as processors;
• authorities where required by law or to defend our rights.
If data is transferred abroad, we implement appropriate safeguards (e.g., standard contractual clauses) where required.
7. Cookies, analytics and advertising
We use cookies/similar technologies for: (i) website functionality; (ii) audience measurement (e.g., Google Analytics); (iii) marketing/retargeting (e.g., Google Ads, Meta), subject to your choices via the consent manager.
Tools that may be used (depending on consent and operational needs): Google Analytics 4 (GA4), Google Ads (conversion tracking/remarketing), Meta Pixel, LinkedIn Insight Tag, Hotjar (usage analytics), 3CX (telephony), WhatsApp Business (messaging).
You can change your preferences at any time via [link/cookie settings] and via your browser settings.
8. Retention periods
We retain personal data only for as long as necessary for the purposes described, then delete/anonymise it, subject to statutory retention obligations and evidentiary needs.
Indicative retention: mandate data and supporting documents may be retained for up to 5 years depending on context; technical logs and cookie data according to CMP configuration and the stated periods.
9. Security
We implement appropriate technical and organisational measures (access controls, encryption where relevant, logging, backups, network security, training) to protect data against unauthorised access, loss or alteration.
Despite these measures, absolute security does not exist. In the event of an incident, we act in accordance with applicable legal requirements.
10. Third-party data (directors/UBO)
When you provide us with personal data relating to third parties (e.g., directors, representatives, beneficial owners), you confirm that you are authorised to do so and that the individuals concerned have been informed as required by applicable law.
11. Automated individual decisions / profiling (where applicable)
Certain assessments (e.g., pre-qualification, scoring or consistency checks) may involve automated processing. Where an automated individual decision within the meaning of the law is used, you have the rights provided by applicable law as described below.
12. Your rights
Within the limits of applicable law, you may request access, rectification, deletion, restriction/objection to processing, and data portability where applicable.
Requests can be sent to privacy@prestaflex.ch. We may request proof of identity to process your request.
13. Updates to this policy
We may update this Privacy Policy. The version published on the website prevails. In the event of material changes, we may inform you through appropriate means.