Data Protection Officer
Teufener Strasse 19
9000 St. Gallen
Our representative in the EU is
VGS Datenschutzpartner UG
Am Kaiserkai 69
Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Swiss Confederation (Data Protection Act, DSG), every person has the right to protection of their privacy as well as protection against misuse of their personal data. The operators of these websites and services take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations as well as this data protection declaration.
In cooperation with our suppliers, we make every effort to protect the databases and any of our users data as well as possible against unauthorized access, loss, misuse or falsification. We point out that data transmission over the internet in general may result in security risks. A complete protection of the data against access by third parties is not possible.
This website uses TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://".
Processing of personal data, legal basis, storage period
Personal data is any information that relates to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, modification, destruction and use of personal data.
We process personal data in accordance with Swiss data protection law. In addition, we process - to the extent and insofar as the EU Data Protection Regulation is applicable - personal data in accordance with the following legal bases within the meaning of Art. 6 (1) DSGVO :
- Insofar as we obtain the consent of the data subject for processing operations, Art. 6 (1) a) DSGVO serves as the legal basis.
- When processing personal data for the fulfillment of a contract with the data subject as well as for the implementation of corresponding pre-contractual measures, Art. 6 para. 1 lit. b DSGVO serves as the legal basis.
- To the extent that processing of personal data is necessary to comply with a legal obligation to which we are subject under any applicable law of the EU or under any applicable law of a country in which the GDPR applies in whole or in part, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
- For the processing of personal data in order to protect vital interests of the data subject or another natural person, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.
- If personal data is processed in order to protect the legitimate interests of us or of third parties and if the fundamental freedoms and rights and interests of the data subject do not override our interests and the interests of third parties, Article 6 (1) (f) of the GDPR serves as the legal basis. Legitimate interests are in particular our business interest in being able to provide our website and our products, information security, the enforcement of our own legal claims and compliance with Swiss law.
We will retain personal data for the period of time necessary for the particular purpose for which it was collected.
Subsequently, they are either deleted or made anonymous, unless we need them for a longer period of time in exceptional cases, e.g. due to legal storage and documentation obligations or our legitimate interests, such as the protection of rights to which we are entitled or the defense of claims.
Processing of personal data when using the website, contact forms and in connection with newsletters
Our websites can generally be visited without registration. Each time one of our website is requested, data such as content of the requested page, name of the requested file, IP address, date and time are automatically stored in log files on the server.
This data is processed to enable correct delivery and functioning of the website. In addition, we use the data to optimize the website and to ensure the security of our systems.
You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe link" in the newsletter.
Processing of personal data in connection with the use of our products
The use of our services is generally only possible with registration. During registration and in the course of using the services, we collect and process various personal data.
In particular, the following personal data are part of the processing:
|Type of personal data||Examples||Affected data subjects|
|Basic data||All users|
Password: Users who use authentication methods with password.
Public Keys: Users who use an authentication procedure with cryptographic keys.
External login provider identifiers: Users who use an external login provider.
Phone number: Users who use authentication methods with SMS
|Profile data||Users who voluntarily add profile data|
|Communication data||Customers and users who communicate with us directly (e.g. support)|
Customers who use services that require payment
Credit rating information: Only customers who pay by invoice
|Usage meta data||All users|
Unless otherwise mentioned, the nature and purpose of the processing is as follows:
The data is uploaded by customers in our services or collected by us based on requests from users. The personal data is processed by us exclusively for the provision of the requested services or the use of the agreed services.
The fulfillment of the contract includes in particular, but is not limited to, the processing of personal data for the purpose of:
- Authentication and authorization of users
- Storage and processing of user actions in the audit trail
- Processing of personal data and login information
- Verification of communication means
- Communication regarding service interruptions or service changes
Disclosure to third parties
We use third-party services to provide the website and our offers. An up-to-date list of all the providers we use and their areas of activity can be found on our "Trust Page".
This website uses external payment service providers through whose platforms users and we can make payment transactions. For example via
- Stripe (https://stripe.com/ch/privacy)
- Bexio AG (https://www.bexio.com/de-CH/datenschutz)
As an alternative, we offer customers the option to pay by invoice instead of using external payment providers. However, this may require a positive credit check in advance.
The data processed by the payment service providers includes personal data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, totals and recipient-related information. The information is necessary to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. We as the operator do not receive any information about (bank) account or credit card, but only information to confirm (accept) or reject the payment. Under certain circumstances, the data is transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check the identity and creditworthiness of the payment service provider. In this regard, we refer to the terms and conditions and data protection information of the payment service providers.
For payment transactions, the terms and conditions and the data protection notices of the respective payment service providers apply, which can be accessed within the respective website or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other rights concerned.
We disclose personal information to law enforcement agencies, investigative authorities or in legal proceedings to the extent we are required to do so by law or when necessary to protect our rights or the rights of users.
We also share data with third parties in aggregate form and/or in a form that does not allow the recipient to identify the data subject from that data third parties, for example for analytics.
In particular, we use the following cookies to provide our services:
Cookies are only used for technical purposes to enable the functionality and efficient use of our website and our offers, such as:
- Session management
- Single Sign On
- Rate Limiting
- DDoS Mitigation
Rights of data subjects
Right to information
Any person affected by the processing has the right to obtain information from the responsible data processor at any time about the personal data stored about him or her.
Right to rectification
Every person affected by the processing has the right to demand the correction of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
Right to erasure (right to be forgotten)
Any person affected by the processing has the right, in certain cases, to request from the responsible data processor to delete the personal data concerning him or her.
Right to restrict processing
Every person affected by the processing has the right in certain cases to request from the responsible data processor to restrict the processing.
Right to data portability
Every person affected by the processing has the right to receive the personal data concerning him or her in a structured, common and machine-readable format. He or she also has the right to have this data transferred to another data processor if the legal requirements are met.
Right to object
Every person affected by the processing has the right to object to the processing of personal data concerning him or her, insofar as we base the processing of his or her personal data on a balancing of interests. This is the case if the processing is not necessary, for example, to fulfill a contract or a legal obligation.
To exercise such an objection, the data subject must explain his or her reasons why we should not process his or her personal data as we have done. We will then review the situation and either stop or adjust the data processing or show the data subject our reasons for continuing the processing.
Right to revoke consent under data protection law
Insofar as our processing is based on consent, the data subject has the right to revoke this consent at any time with effect for the future.
Assertion of rights by the data subjects
If you wish to exercise your rights, you may do so by contacting the above-mentioned contact person.
A data subject also has the right to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch). The competent data protection authorities of EU countries can be viewed at this link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Note on data transfer abroad
Our websites and services make use of tools from companies based in countries outside of Switzerland or the EU/EEA, namely those based in the USA. When these tools are active, your personal data may be transferred to the servers of the respective companies abroad. We would like to point out that some of these countries, namely the USA, are not a safe third country in the sense of Swiss and EU data protection law. In these cases, we only transfer personal data after we have implemented the legally required measures for this, such as concluding standard contractual clauses on data protection or obtaining the consent of the data subjects. If interested, the documentation on these measures can be obtained from the contact person mentioned above.
We actively try to minimize the use of tools from companies located in countries without equivalent data protection, however, due to the lack of alternatives, this is currently not always feasible without major inconvenience. If you have any concerns, please contact us directly and we will try to find a mutual solution for your needs.
Questions about data processing by us
If you have any questions about our data processing, please email us or contact the person in our organization listed at the beginning of this privacy statement directly.
Entry into force
Last revised: December 2, 2022