Data Protection Notice

Data Processing by Priverion

The German version takes precedence over the translated versions in case of discrepancies.

Priverion GmbH strives to guarantee you the highest degree of confidentiality and security. As a pure B2B software provider we are subject to the Swiss Data Protection Act (DSG) which allows processing without legal basis as long as there is no violation of personal rights under Swiss law. Our goods and services are not intended for private individuals and are only offered to legal entities. Unless otherwise stated, the provision of your personal data is not required by law or contract. You are not obliged to provide the data. The exact extent to which your data is processed may vary depending on the services used, i.e. not all processing or rights listed in this notice may apply.

Sale only to legal entities. No sale to consumers as defined in 93/13/EEC.

Responsible Entity

The entity responsible for processing on this website is

Priverion GmbH

Postal address:
Europaallee 41
8004 Zurich
Switzerland

Contact:
Telephone: +41 44 586 97 90
E-mail: [email protected]

Represented by:
Dr. Dominic N. Staiger
Philip A. Staiger
Oliver Stutz

Registered at
Commercial Register Office of the Canton of Zurich
Company number: CHE-211.830.805

General

Categories of data subjects

Depending on the service requested, individual persons can be partially or completely covered by the scope of the processing activity of this data protection notice. The groups of persons concerned include

  • Visitors to our websites
  • Applicants
  • Corporate customers and their employees
  • Potential corporate customers and their employees

hereinafter referred to collectively as “users”.

Purpose of the processing

The purposes of processing of personal data include:

  • Provision of the online offer, its functions and contents and our services
  • Responding to contact requests and communication with users
  • Security measures
  • Ad measurement, marketing and sales

Basis for the processing

The basis for the processing of personal data in Switzerland is Art. 4 ff, Article 12 and Article 13 of the DSG. The processing of personal data is always carried out within the scope of our interests in the execution of our business processes and the targeted information of potential customers. This also includes the regular use of cookies which enable the user to display content of interest to them. Furthermore, we process the information provided by the user on the basis of our interests for the purpose of spam detection.

Consent is obtained for the sending of newsletters, among other things. When contacting us (e.g. via contact form, e-mail, telephone or via social media), the user’s details are processed, for example, to process the contact request and to handle it. In rare cases we process personal data to fulfil our legal obligations.

Duration of data storage

The personal data of the person concerned shall be deleted or blocked as soon as the purpose of storage ceases to apply or storage is no longer necessary. Personal data is also stored for the time during which claims can be made against our company.

Furthermore, a storage can take place if regulations, laws or other rules require longer storage. Corresponding obligations to provide evidence and to retain data result from the Swiss Code of Obligations, among other things. The storage periods thereafter are generally ten years. The storage of personal usage data and cookies including IP addresses is limited to the period of time necessary for the fulfilment of the purpose.

Transfers to third countries

In most cases, your personal data will only be processed within Switzerland and the EU. If, however, in the case of individual applications, data is processed outside the EU, it will be transferred in accordance with the legal requirements of Art. 6 DSG. In other words, processing takes place, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU or Switzerland or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

Countries in which we may transfer data include

  • Switzerland (Webserver, Accounting)
  • Germany (Newsletter, CRM)
  • Netherlands (Webinar Software)
  • USA (Social Media Pages, Website Analytics, Calendar widget, Chatbot)
  • Globally (Content Delivery Network)

This does not include the production clusters, as these are selected by the customer individually.

Data Processing on our Website

Cookies

Our website uses cookies. Cookies are small text files that are stored in the Internet browser or by the Internet browser on the computer system of a user. If a user calls up a website, a cookie can be stored on the user’s device. The cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We use cookies for the purpose of making our website more user-friendly, effective and safer. Furthermore, cookies enable our systems to recognize your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a change of page.

We also use cookies on our website for the purpose of analysing the surfing behaviour of our site visitors. This enables us to improve our offer for the visitor. Furthermore, we use cookies for the purpose of subsequently addressing visitors to the site on other websites with targeted, interest-related advertising.

The processing is based on our legitimate interest in the above-mentioned purposes. The data collected from you in this way will be pseudonymised by technical precautions. It is therefore not possible to assign the data directly to your person. The data will not be stored together with other personal data of yours.

The Cookie Directive (European Directive 2009/136/EC) is not applicable. Art. 45c lit. b of the Telecommunications Act shall apply.

You have the right to object to the processing of personal data concerning you. Cookies are stored on your computer. Therefore you have full control over the use of cookies. By selecting the appropriate technical settings in your Internet browser, you can prevent the storage of cookies and the transmission of the data they contain. Already stored cookies can be deleted at any time. However, we would like to point out that you may not be able to use all functions of this website to their full extent.

The following links will give you information on how to manage (and deactivate) cookies in the most important browsers:

Server log files

Every time you access our website, usage data is transmitted by your Internet browser and stored in log files (server log files). These stored data include, for example, the name of the page accessed, the date and time of access, the amount of data transferred and the requesting provider as well as IP addresses. This data is processed for our legitimate interests and is used exclusively to ensure the trouble-free operation of our website and to improve our services.

Collection and processing when using the contact form

When using the contact form, we only collect your personal data (name, e-mail address, message text) to the extent that you have provided it. The data processing serves the purpose of establishing contact and initiating a contractual relationship. The processing is done in the interest of efficient communication. We use your e-mail address to process your enquiry or for the subsequent handling of contractual services.

Rapidmail for the purpose of sending newsletters

If you subscribe to our newsletter via our website, we assume that you consent to the saving of the e-mail address provided, as well as the exact time and the IP address of your device as proof that you are the owner of the e-mail -Address and agree to receive the newsletter. Further data are not collected via the order form. If the newsletter is ordered in another way, we will save your name and a note on how the order came about as proof of consent. We use this data exclusively for sending the requested information. The dispatch takes place via a service provider commissioned by us, who receives this data for this purpose:

rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany
Data protection declaration: www.rapidmail.de/datensicherheit

Neither we nor our service provider will pass this data on to third parties. Our newsletter can contain a code with which we can count how often the newsletter was opened and which links were clicked. We use this information to optimize the content of the newsletter. This information is summarized and not stored with your personal data. You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time using the “Unsubscribe” link in the newsletter. The newsletter can then be ordered again at any time.

Calendly for the purpose of setting up meetings

You have the possibility to make appointments on our website. We use the online calendar “Calendly” to request and select an appointment. “Calendly” is an offer from Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, United States. We have concluded a contract with them.

When you click on the button “Make Appointment”, you will be automatically connected to our Calendly appointment account. After choosing your appointment, confirming and entering your contact details and requests you will receive an email from Calendly confirming your appointment. You can find more information about Calendly and Calendly Privacy here: https://calendly.com/pages/privacy

Your details from the Calendly form, including the data you enter there, will be stored by us for the purpose of processing your enquiry and in the event of follow-up questions. This data remains with us until you request us to delete it, revoke your consent to store it or the purpose for which it was stored ceases to apply (e.g. appointment made). Mandatory legal provisions – in particular retention periods – remain unaffected.

LinkedIn for the purpose of showing ads

We use so-called conversion tracking with LinkedIn Insights Tag, a tool from LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland, on our website. For this purpose, the LinkedIn Insight Tag is integrated on our website and a cookie is placed on your device by LinkedIn. In this way, LinkedIn is informed that you have visited our website, and your IP address is also collected. Timestamps and events such as page views are also saved. This enables us to statistically evaluate the use of our website in order to continuously optimize it. In this way, we find out, for example, which LinkedIn ad or interaction on LinkedIn brought you to our website. This enables us to better control the display of our advertising.

Further information on conversion tracking can be found at https://www.linkedin.com/help/linkedin/answer/67595/linkedin-conversion-trackingubersicht. Please note that the data can be stored and processed by LinkedIn so that a connection to the respective user profile is possible and LinkedIn can use the data for its own advertising purposes. You can find more information on this in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy. You can prevent the analysis of your usage behavior by LinkedIn and the display of interest-based recommendations via https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Google Analytics for the purpose of optimizing our ad spend

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses so-called “cookies”. These are text files that are saved on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server (which can be in the USA) and stored there.

IP anonymization

We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Objection against data collection

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set which prevents the collection of your data on future visits to this website. Please click here to Opt-Out: Deactivate Google Analytics

Browser plugin

You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out, however, that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information on how Google Analytics handles user data in Google’s data protection declaration: https://support.google.com/analytics/answer/6004245?hl=de.

We have concluded an data processing agreement with Google.

Cloudflare for the purpose of securing our webpage

We use Cloudflare from Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) on this website to make our website faster and safer. Cloudflare uses cookies and processes user data. Cloudflare, Inc. is an American company that provides a content delivery network and various security services. These services are located between the user and our hosting provider and act as a reverse proxy for websites. We will try to explain in more detail below what all this means.

A content delivery network (CDN), as provided by Cloudflare, is nothing more than a network of servers connected via the Internet. Cloudflare has distributed such servers all over the world to bring websites to your screen faster. Simply put, Cloudflare makes copies of our website and places them on their own servers. When you visit our website now, a load balancing system ensures that most of our website is delivered by the server that can display our website to you the fastest. A CDN significantly shortens the data transfer route to your browser. Thus, the content of our website is delivered to you by Cloudflare not only from our hosting server, but from servers from all over the world. The use of Cloudflare is particularly helpful for users from abroad, since here the page can be delivered from a server nearby. In addition to the fast delivery of websites, Cloudflare also offers various security services, such as DDoS protection or the web application firewall.

Cloudflare generally only forwards data that is controlled by website operators. The content is not determined by Cloudflare, but always by the website operator. In addition, Cloudflare may collect certain information about the use of our website and process data that is sent by us or for which Cloudflare has received instructions. In most cases, Cloudflare receives data such as contact information, IP addresses, security fingerprints, DNS log data and performance data for websites that are derived from browser activity. For example, log data helps Cloudflare identify new threats. In this way, Cloudflare can guarantee a high level of security protection for our website. Cloudflare processes this data as part of the services in compliance with the applicable laws.

For security reasons, Cloudflare also uses a cookie. The cookie (__cfduid) is used to identify individual users behind a shared IP address and to apply security settings for each individual user. This cookie becomes very useful, for example, if you use our website from a location with a number of infected computers. However, if your computer is trustworthy, we can recognize this by means of the cookie. In this way, you can surf our website unhindered despite infected PCs in the vicinity. It is also important to know that this cookie does not save any personal data. This cookie is essential for the Cloudflare security functions and cannot be deactivated.

Cloudflare only stores data logs for as long as necessary, and in most cases this data is deleted within 24 hours. Cloudflare also does not store any personal data, such as your IP address. However, there is information that Cloudflare stores indefinitely as part of its permanent logs in order to improve the overall performance of Cloudflare Resolver and to identify any security risks. You can read exactly which permanent logs are saved at https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/. All data that Cloudflare collects (temporarily or permanently) is cleaned of all personal data. All permanent logs are also anonymized by Cloudflare.

You can find more information on data protection at Cloudflare at https://www.cloudflare.com/de-de/privacypolicy/. For more information on the data Cloudflare collects, please visit https://blog.cloudflare.com/what-cloudflare-logs/.

WebinarGeek for the purpose of conducting webinars

We offer free webinars on our website. To conduct these webinars we use WebinarGeek (WebinarGeek B.V., Chroomstraat 12, Zoetermeer, Netherlands). The provider is based in the Netherlands and is therefore directly subject to the geographical scope of the GDPR. There is consequently no transfer of personal data to a third country.

If you register for one of our webinars, WebinarGeek will be informed of your name and email address and you will receive an invitation link. After clicking on the invitation link, a connection to the servers of WebinarGeek is established. The servers are informed which of our pages you have visited (referrer). In addition, your IP address is transmitted to the provider server. We have deactivated the tracking functions of the he provider.

The purpose of processing in the context of the webinar is to impart specialist knowledge in data law. The purpose of sending e-mails via the provider is the proper provision of the webinar (dial-in link), the reminder of upcoming appointments and the follow-up to the webinars.

A Data Processing Agreement with the provider is in place.

Other data processing

Collection, processing and use of personal data for orders

When you place an order, we collect and use your personal data only to the extent necessary to fulfill and process your order and to process your inquiries. The provision of the data marked as mandatory in the fields is necessary for the conclusion of the contract. Failure to provide this information means that no contract can be concluded.

Your data will not be passed on to third parties without your express consent. The only exceptions to this are our service partners who we need to process the contractual relationship or service providers we use for processing orders. In addition to the recipients named in the respective clauses of this privacy policy, these are, for example, recipients of the following categories:

  • Payment service provider
  • Merchandise management service provider
  • Service provider for order processing
  • Webhoster, IT service provider
  • Marketing service provider

In all cases we strictly observe the legal requirements. Appropriate contract processing agreements have been concluded with the contract processors in order to guarantee data protection.

Zoom for the purpose of Video Communications

We use the “Zoom” tool to hold telephone conferences, online meetings, video conferences and / or webinars (hereinafter: “Online Meetings”). “Zoom” is a service provided by Zoom Video Communications, Inc., which is based in the United States. We are responsible for data processing that is directly related to the implementation of “online meetings”.

Note: If you access the “Zoom” website, the “Zoom” provider is responsible for the data processing. Calling up the website is only required to use “Zoom” in order to download the software for using “Zoom”. You can also use “Zoom” if you enter the respective meeting ID and any other access data for the meeting directly in the “Zoom” app. If you do not want to or cannot use the “Zoom” app, the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.

When using “Zoom” different types of data are processed. The scope of the data also depends on the details of the data you provide before or when participating in an “online meeting”.

The following personal data are processed:

User information: first name, last name, telephone (optional), email address, password (if “single sign-on” is not used), profile picture (optional), Department (optional), Meeting metadata: topic, description (optional), participant IP addresses, device / hardware information

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

When dialing in with the phone: information on the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.

Text, audio and video data: You may have the option of using the chat, question or survey functions in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and any video camera on the terminal device are processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the “Zoom” applications.

In order to take part in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name. We use “Zoom” to conduct “online meetings”. If we want to record “online meetings”, we will inform you transparently in advance and – if necessary – ask for your consent. The fact of the recording is also displayed in the “Zoom” app. If necessary for the purpose of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case. In the case of webinars, we can also process the questions asked by webinar participants for the purpose of recording and following up webinars.

If you are registered as a user with “Zoom”, reports on “Online Meetings” (meeting metadata, data on telephone dial-in, questions and answers in webinars, survey function in webinars) can be saved in “Zoom” for up to one month.

Personal data that are processed in connection with participation in “online meetings” are generally not passed on to third parties unless they are intended to be passed on. Please note that content from “online meetings”, as well as from personal meeting meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: The provider of “Zoom” necessarily receives knowledge of the above data, insofar as this is provided for in our order processing contract with “Zoom”. “Zoom” is a service that is provided by a provider from the USA. Processing of personal data therefore also takes place in a third country. We have concluded an order processing contract with the provider of “Zoom”. An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses.

Microsoft Teams for the purpose of Video Communications

We would like to inform you below about the processing of personal data in connection with the use of “Microsoft Teams”.

We use the “Microsoft Teams” tool to hold conference calls, online meetings, video conferences and / or webinars (hereinafter: “Online Meetings”). “Microsoft Teams” is a service from Microsoft Corporation.

Note: If you access the “Microsoft Teams” website, the provider of “Microsoft Teams” is responsible for data processing. Accessing the website is only required to use “Microsoft Teams” to download the software for using “Microsoft Teams”.

If you do not want to or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” via your browser. The service is then also provided via the “Microsoft Teams” website. When using “Microsoft Teams”, different types of data are processed. The scope of the data also depends on the details of the data you provide before or when participating in an “online meeting”.

The following personal data are processed:

User information: z. B. Display name (“Display name”), possibly e-mail address, profile picture (optional), preferred language, Meeting metadata: e.g. B. Date, time, meeting ID, phone numbers, location, Text, audio and video data: You may have the option of using the chat function in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting”. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and any video camera on the terminal device are processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the “Microsoft Teams” applications.

We use “Microsoft Teams” to conduct “online meetings”. If we want to record “online meetings”, we will inform you transparently in advance and – if necessary – ask for your consent. The chat content is logged when using Microsoft Teams. We store the chat content for a period of one month. If it is necessary for the purpose of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.

Personal data that are processed in connection with participation in “online meetings” are generally not passed on to third parties unless they are intended to be passed on. Please note that content from “online meetings” as well as from personal meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: The provider of “Microsoft Teams” necessarily receives knowledge of the above data, insofar as this is provided for in our order processing contract with “Microsoft Teams”. Data processing outside of Switzerland does not take place, as we have limited our storage location to data centers in Switzerland. However, we cannot rule out that the routing of data takes place via internet servers that are located outside of Switzerland. This can be the case in particular if participants in an “online meeting” are in a third country. However, the data is encrypted during transport over the Internet and is thus protected against unauthorized access by third parties.

Your rights under the DSG

Right of access to information

You may request confirmation from the controller as to whether personal data concerning you are being processed. If such processing has taken place, you can request information from the data controller about information on the data stored about you. This includes:

  • the processing purposes;
  • the categories of personal data processed;
  • the recipients or categories of Recipients to whom the personal data is disclosed have been or will be disclosed, in particular to recipients in third countries or international organisations;
  • if possible, the planned duration for which the personal data are stored, or, if this is not the case the criteria for determining this duration;
  • the existence of a right of rectification or deletion of personal data concerning them, or to Restriction of the processing by the controller or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • if the personal data are not stored at of the data subject, all available information about the origin of the data;
  • the existence of an automated decision making including profiling meaningful Information about the logic involved  and the scope and the intended impact of such processing on the person concerned.

Where personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards in relation to the transfer.

Right to withdraw consent

You have the right to revoke your data protection consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.

Right of rectification

You have the right to ask the data controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller shall make the correction without delay.

Right of cancellation

You can demand that the personal data concerning you be deleted immediately if one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • They revoke their consent on which the processing was based and there is no other basis for the processing.
  • you object to the processing and there are no legitimate legitimate reasons for the processing
  • The personal data were processed unlawfully.

Right to limit processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you. If:

  • the accuracy of the personal data is denied by you. The restriction applies for the period of time that
    enables the person responsible to verify the accuracy of the to verify personal data,
  • the processing is unlawful and you refuse the deletion of personal data and instead Request restriction of the use of personal data;
  • the person responsible for the personal data are no longer required for the purposes of processing, you
    data, however, for the assertion, exercise or defence of need legal claims, or
  • you have lodged an objection to the processing, as long as you have it is established whether the legitimate reasons given by the person responsible to outweigh yours.
  • If the processing of the data concerning you personal data, these data (from your own personal data) may be used for storage apart) only with your consent or for the assertion, exercise or defence of legal claims or for the
    Protection of the rights of another natural or legal person

Right to data transferability

You have the right to receive the personal data concerning you that you have provided us with in a structured, common and machine-readable format. You also have the right to have this data communicated to another person in charge, provided that

  • the processing is based on a consent or on is based on a contract, and
  • the processing is carried out by means of automated procedures.

Right of objection

You have the right to object, at any time, to the processing of personal data concerning you for reasons arising from your particular situation.

We will no longer process the personal data concerning you unless we can prove compelling reasons for processing that are worthy of protection, which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility of exercising your right of objection in connection with the use of Information Society services by means of automated procedures involving technical specifications.

Automated decision in individual cases

We do not use automated decision making. You have the right not to be subject to a decision based solely on automated processing (including profiling) which has legal effect vis-à-vis you or which significantly affects you in a similar way. This shall not apply if the decision

  • is necessary for the conclusion or performance of a contract between you and us, with your express consent.
en_USEN