In this privacy policy of SWAPPOINT AG ("we" or "SWAPPOINT") we inform you about the processing of personal data when using our website www.swappoint.org.
Controller and Contact Person
Data Processing on our Website
2.1 Our website call | Connection data
Use of our Website
3.1 Technologies applied
3.2 Legal Basis and Withdrawal
3.3 Necessary Tools
3.4 Functional Tools
3.5 Analyse-Tools
3.6 Marketing-Tools
Disclosure of Data
Links to other Online Services and Offers
Data Transfer to Third Countries
Storage Period
Your Rights, in particular Withdrawal and Objection
Changes to the Privacy Policy
The contact person and so-called controller for the processing of your personal data when visiting this website within the meaning of the General Data Protection Regulation (GDPR) is
SWAPPOINT AG
Dolderstrasse 107
8032 Zürich
Switzerland
E-Mail: info@swappoint.ch
If you have any questions or suggestions on the subject of data protection, please do not hesitate to contact us. You are welcome to send your data protection concerns by email to info@swappoint.ch. You may also find our full contact details in our legal notice under: www.swappoint.org/impressum.
Each time you use our website, we process connection data that your browser automatically transmits to enable you to visit the website. This connection data comprises the so-called HTTP header information, including the user agent, and includes in particular:
date and time of access
name of the requested file
website from which the file was requested
access status (e.g. file transferred, file not found)
the web browser you use and the operating system of your device
the IP address of the requesting device
address of the requested website and path of the requested file
if applicable, the previously accessed website/file (HTTP referrer)
version of the HTTP protocol, HTTP status code, size of the delivered file
request information such as language, type of content, encoding of content, character sets
cookies of the accessed domain stored on the end-device
The data processing of this connection data is absolutely necessary to enable the website visit, to ensure the long-term functionality and security of our systems as well as for the general administrative maintenance of our website. The connection data is also stored in internal log files for the purposes described above, temporarily and limited to the most necessary content, in order to find the cause of and take action against repeated or criminal intentions that may endanger the stability and security of our website.
The legal basis for this processing is Article 6(1)(b) GDPR, insofar as the page call occurs in the course of initiating or performing a contract, and otherwise Article 6(1)(f) GDPR due to our legitimate interest in enabling the website call as well as long-term functionality and security of our systems. However, the automatic transmission of the connection data and the log files developed from it do not constitute access to the information in the end-device in the sense of the implementation laws of the ePrivacyDirective of the EU member states, in Germany section 25 TTDSG [German Telecommunications-Telemedia Data Protection Act]. For the rest, however, it would be absolutely necessary anyway.
The access data is also temporarily stored in internal log files for the purposes described above, in order to compile statistical information on the use of our website, to further develop our website with regard to the usage habits of our visitors (e.g. if the proportion of mobile devices used to access the pages increases) and for general administrative maintenance of our website. The legal basis for the data processing is Article 6(1)(f) GDPR, based on our legitimate interest in the appropriate optimisation of our website. The information stored in the log files does not allow any direct conclusions to be drawn about your person - in particular, we only store the IP addresses in shortened, anonymised form. The log files are stored for 30 days and then deleted.
Exceptionally, individual log files and IP addresses are retained longer in order to prevent further attacks from this IP address in the event of cyber attacks and/or to take action against the attackers by way of criminal prosecution.
This website uses various services and applications (collectively, “Tools”) provided either by us or by third parties. This includes, in particular, tools that use technologies to store or access information in the end-device:
Cookies: information stored on the end-device, consisting in particular of a name, a value, the storing domain and an expiry date. So-called session cookies (e.g. PHPSESSID) shall be erased after the session, while so-called persistent cookies shall be erased after the specified expiry date. Cookies may also be removed manually.
Web Storage (Local Storage / Session Storage): information stored on the end-device, consisting of a name and a value. Information in the session storage shall be erased after the session, while information in the local storage has no expiry date and basically remains stored unless a mechanism for erasure has been set up (e.g. storage of a local storage with time entry). Information in the local and session storage may also be removed manually.
JavaScript: programming codes (scripts) embedded in or called up from the website which, for example, set cookies and web storage or actively collect information from the end-device or about the usage behaviour of the visitor. JavaScript may be used for “active fingerprinting” and user profiling. JavaScript may be blocked by a setting in the browser, although most services will then no longer function.
Pixel: tiny graphic automatically loaded by a service, which may make it possible to recognise visitors by automatically transmitting the usual connection data (in particular IP address, information on browser, operating system, language, address called and time of call) and to determine, for example, whether an email has been opened or a website visited. With the help of pixels, “passive fingerprinting” and the creation of user profiles may be carried out. The use of pixels may be prevented, for example, by blocking images, for example in emails, although the display is then severely restricted.
With the help of these technologies and also through the mere establishment of a connection on a page, so-called “fingerprints” may be created, i.e. user profiles that do not require the use of cookies or web storage and can still recognise visitors. Fingerprints due to connection establishment may not be completely prevented manually.
Most browsers are set by default to accept cookies, the execution of scripts and the display of graphics. However, you may usually adjust your browser settings to reject all or certain cookies or to block scripts and graphics. If you completely block the storage of cookies, the display of graphics and the execution of scripts, our services will probably not work or not work properly.
In the following, we list the tools we use by category, informing you in particular about the providers of the tools, the storage duration of the cookies or information in local storage and session storage, and the transfer of data to third parties. We also explain the cases in which we obtain your voluntary consent to use the tools and how you can withdraw it.
We use tools necessary for website operation on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR in order to provide the basic functions of our website. In certain cases, these tools may also be necessary for the performance of a contract or for steps taken prior to entering into a contract, in which case the processing is carried out in accordance with Article 6(1)(b) GDPR. Access to and storage of information in the end-device is absolutely necessary in these cases and takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to section 25, para. 2 TTDSG.
We use all other non-essential (optional) tools that provide additional functions on the basis of your consent in accordance with Article 6(1)(a) GDPR. Access to and storage of information in the end-device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to section 25, para. 1 TTDSG. Data processing using these tools only takes place if we have received your prior consent.
If personal data is transferred to third countries (e.g. the USA), please refer to 8 (“Data Transfer to ThirdCountries”), also with regard to any associated risks. We shall inform you if an adequacy decision exists for the third country in question or if standard contractual clauses or other guarantees have been taken for the use of certain tools. If you have given your consent to the use of certain tools and to the associated transfer of your personal data to third countries, we (also) transfer to third countries the data processed when using the tools on the basis of this consent in accordance with Article 49 (1)(a)GDPR.
For the collection and management of your consents we use the tool iubenda s.r.lVia San Raffaele, 1 - 20121 Milan, Italy (hereinafter “iubenda”). This generates a banner informing you about the data processing on our website and giving you the option to consent to all, some or no data processing through optional tools. This banner appears the first time you visit our website as well as when you visit again your settings selection to change them or withdraw consents. The banner will also appear on further visits to our website if you have deactivated the storage of cookies or if the cookies have been erased by iubenda or have expired.
Your consent or withdrawal, your IP address, information about your browser, your end-device and the time of your visit are transmitted to iubenda as part of your website visit. In addition, iubenda stores necessary information on your end-device to document any consent and withdrawal you have given:_iub_cs-[User ID] (1 year); _iubenda_rsession (session); “country” (354 days); “local” (354 days).
Data processing by iubenda is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis for the use of iubenda is Article 6(1)(f) GDPR, justified by our interest in fulfilling the legal requirements for consent management. Access to and storage of information in the end-device is absolutely necessary in these cases and takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to section 25, para. 2 TTDSG.
You may withdraw your consent for certain tools, i.e. for the storage and access to information in end-device, the processing of your personal data and the transfer of your data to third countries, at any time with effect for the future. To do this, click on the lock symbol at the bottom right of the page. There you may also change the selection of tools you wish to consent to using as well as obtain additional information on the tools used. Alternatively, you may assert your withdrawal directly with the provider for certain tools.
Wir We use certain tools to enable the basic functions of our website (“Necessary Tools”). These include, for example, tools to prepare and display website content, to manage and integrate tools, to detect and prevent fraud and to ensure the security of our website. Without these tools we could not provide our service. Therefore, Necessary Tools are used without consent.
The legal basis for Necessary Tools is the need for fulfilling our legitimate interests according toArticle 6(1)(f) GDPR in the provision of the respective basic functions and the operation of our website. In cases where the provision of the respective website functions is necessary for the performance of a contract or for taking steps prior to entering into a contract, the legal basis for the data processing isArticle 6(1)(b) GDPR. Access to and storage of information in the end-device is absolutely necessary in these cases and takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to section 25, para. 2 TTDSG.
In the event that personal data is transferred to third countries (such as the USA), we refer to Clause 8 (“Data Transfer to Third Countries”) in addition to the information provided below.
We use our own necessary tools that access information in the end-device or store information on the end-device, in particular
for load distribution
to indicate that you have been shown information placed on our website - so that it is not shown again the next time you visit the website
Our website uses Google Tag Manager, a service offered to persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and to all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”).
The Google Tag Manager is used exclusively to manage website tools by integrating so-called websitetags. A tag is an element that is stored in the source code of our website in order to execute a tool, forexample through scripts. If these are optional tools, they shall only be integrated by the Google TagManager with your consent. The Google Tag Manager uses JavaScript and does not require the use ofcookies.
The legal basis is Article 6(1)(f) GDPR, based on our legitimate interest in integrating and managing multiple tags on our website in a straightforward manner.
For the purposes of ensuring stability and functionality, Google collects information about which tags are integrated by our website within the framework of the use of Google Tag Manager. However, the Google Tag Manager does not store any personal data beyond the mere establishment of the connection, in particular no data on user behaviour or the pages visited.
In the event that personal data is transferred by Google Ireland Limited to the USA or other third countries, Google Ireland Limited and Google LLC shall have concluded standard contractual clauses(Implementing Decision (EU) 2021/914, Module 3) pursuant to Article 46(2)(c) of GDPR.
Further information, is available in the Google’s Information on the Tag Manager: https://support.google.com/tagmanager/answer/6102821
This website incorporates features from the Weglot translation service. This is provided by Weglot SAS,138, rue Pierre Joigneaux in Bois-Colombes 92270 France. When the website is accessed, Weglot is loaded so that you can change the language to a language other than German using the language icon on the left-hand side of the website. This means that a direct connection can be established between your browser and the Weglot server when you visit this website. As a result, Weglot receives the information that you have visited this website with your IP address. For this purpose, the information“wglang” is stored on your end-device.
The legal basis for using the tool is the need to fulfill our legitimate interests pursuant to Article 6(1)(f)GDPR in providing our website in other languages. Access to and storage of information in the end-device is absolutely necessary in these cases and takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to section 25, para. 2 TTDSG.
We also use optional tools to enhance your experience on our website and to provide you with more features (“Functional Tools”). While these are not strictly necessary for the basic functions of the website, they may bring significant benefits to visitors, particularly in terms of user-friendliness and the provision of additional communication, presentation or payment channels. This may include, in particular, the integration of external content such as maps and videos.
The legal basis for the Functional Tools is your consent in accordance with Article 6(1)(a) GDPR, whichyou give via the consent banner or with the respective tool itself by individually allowing its use via abanner (overlay) placed above it. Access to and storage of information in the end-device then takesplace on the basis of the implementation laws of the ePrivacy Directive of the EU member states, inGermany according to section 25, para. 1 TTDSG. To withdraw your consent, please see: Error!Reference source not found.”.
In the event that personal data is transferred to third countries (such as the USA), your consent expressly extends to the data transfer (Article 49(1)(a) GDPR). For the associated risks, please refer to Clause 8(“Data Transfer to Third Countries”).
We have embedded videos in our website that are stored on YouTube and may be played from our websites. YouTube is a multimedia service provided by YouTube LLC, 901 Cherry Ave, San Bruno, CA94066, USA (“YouTube”), which is offered to persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and to all other persons by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together“Google”). In the process, YouTube may store information such as cookies, local storage and session storage on your end-device and execute JavaScript, which accesses information on your end-device.
We have enabled YouTube’s privacy-enhanced mode. According to YouTube’s own documentation, Google thus receives less usage information and also does not personalise the video recommendations and advertisements. Cookies are no longer stored. However, information shall still be stored in the local storage and session storage of your end-device, in particular your device ID and other information regarding the playback of the video, which may be retrieved by Google.
The following cookies may be set by YouTube:
"PREF" (8 months): saving settings such as autoplay and video size
The following information is stored in the local storage:
“yt-remote-device-id”: storage of the device ID
“yt-player-headers-readable”: storage of the possibility of reading out the player headerinformation
“yt.innertube::requests”: storage of the user’s requests
“yt.innertube::nextId”: saving the ID of the next video
“yt-remote-connected-devices”: storage of the connected end-devices
“yt-player-bandwidth”: storage of the connection bandwidth
“yt-player-volume”: saving the volume of the video
“yt-player-quality”: saving the resolution/quality of the video
“yt-player-performance-cap”: storage of a possible cap on resolution due to the connectionbandwidth
“yt-html5-player-modules::subtitlesModuleData::module-enabled”: saving whether sub-titles are activated
The following information is stored in the session storage:
“yt-remote-session-app”: storage of the type of end-device
“yt-remote-cast-installed”: saving whether YouTube streaming is installed
“yt-remote-session-name”: storage of the type of end-device
“yt-remote-cast-available”: saving whether YouTube streaming is available
“yt-remote-fast-check-period”: storage of the check of the connection bandwidth
“yt-player-volume”: saving the volume of the video
“yt-player-caption-language-preferences”: saving the language of the sub-titles
The legal basis for this data processing is your consent pursuant to Article 6(1)(a) GDPR. Access to and storage of information in the end-device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to section 25, para. 1 TTDSG.The transfer of your data to the USA and other third countries takes place on the basis of your express consent in accordance with Article 49(1)(a) GDPR.
When you visit our website, YouTube and Google receive the information that you have viewed the relevant subpage of our website. This happens irrespective of whether you are logged in at YouTube or Google or not. YouTube and Google use this data also for the purposes of advertising, market research and the tailored design of their services. If you call YouTube on our website while you are logged in to your YouTube or Google profile, YouTube and Google may additionally link this event to the respective profiles. If you do not wish the allocation, it is necessary that you log out of Google before calling up our website.
In addition to withdrawing your consent, you also have the option of disabling personalised advertising in the Google’s advertising settings. In this case, Google shall only display non-individualised advertising: https://adssettings.google.com/notarget.
For further information, please refer to Google’s privacy policy, which also applies to YouTube: https://policies.google.com/privacy.
In order to improve our website, we use optional tools for the recognition of visitors and for the statistical collection and analysis of general usage behaviour based on access data (“Analysis Tools”).We also use analysis services to evaluate the use of our various marketing channels. The usage information collected is aggregated and enables us to track the usage habits of our visitors. This serves to adapt and optimise the design of our website and to make the user experience more pleasant.
The legal basis for the Analysis Tools is your consent in accordance with Article 6(1)(a) GDPR. Access to and storage of information in the end-device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to section 25, para. 1 TTDSG. To withdraw your consent, please see: Error! Reference source not found.”.
In the event that personal data is transferred to third countries (such as the USA),your consent expressly extends to the data transfer (Article 49(1)(a) GDPR). For the associated risks, please refer to Clause 8 (“Data Transfer to Third Countries”).
Our Website uses the Google Analytics 4 service (“Google Analytics”), which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for persons from Europe, the Middle East andAfrica (EMEA) and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”) for all other persons.
Google Analytics uses JavaScript and pixels to read information on your end-device and cookies to store information on your end-device. This is used to analyse your usage behaviour and to improve our website. We shall process the information obtained to evaluate your use of the website and to compile reports on website activities for the website operators. The data arising in this context may be transferred by Google to a server in the USA for analysis and stored there.
As part of the evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning for automated analysis and enrichment of the data. This is done in particular for forecast readings of future visitor behaviour based on structured event data, such as predicted turnover, likelihood of purchase and likelihood of churn. The forecast readings may also be used for forecasting target groups. You may find out more about this at: https://support.google.com/analytics/answer/9846734. In addition, Google Analytics 4 models conversions, insofar as not enough data is available to optimise the evaluation and reports. Information on this may be found at: https://support.google.com/analytics/answer/10710245. The data evaluations are carried out automatically with the help of artificial intelligence or on the basis of specific, individually defined criteria. You can find out more at: https://support.google.com/analytics/answer/9443595.
We have made the following data protection settings for Google Analytics:
IP anonymisation (shortening of the IP address before evaluation)
automatic erasure of old visit logs by limiting the storage period to 2 months
no reset of the retention period for new activity
disabling the collection of accurate location and position data
disabling the collection of accurate device data
disabled advertising function (including target group remarketing through GA Audience)
disabled remarketing
disabled cross-device and cross-page tracking (Google Signals)
disabled data sharing to other Google products and services, benchmarking, technical support, account manager
The following data is processed by Google Analytics:
IP address
user ID, Google ID (Google Signals) and/or device ID
referrer URL (the previously visited page)
pages accessed (date, time, URL, title, length of stay)
downloaded files
clicked links to other websites
if applicable, achievement of specific goals (conversions)
technical information: operating system; browser type, version, and language; device type, make, model, and resolution
approximate location (country and city, if applicable, based on anonymised IP address)
Google Analytics sets the following cookies for the specified purpose with the respective storage period:
“_ga” (2 years), “_gid” (24 hours): recognition and differentiation of visitors by means of a userID
“_ga_[GA-ID]” (2 years): retention of the information of the current session
“_gac_gb_[GA-ID]” (90 days): storage of campaign-related information and, if applicable, linking with Google Ads Conversion Tracking
if necessary, “IDE” (13 months): recognition and differentiation of visitors by means of a userID, recording of interaction with advertising, playing out of personalised advertising
For further information on Google Analytics 4 cookies, please visit: https://support.google.com/analytics/answer/11397207?hl=de.
The legal basis for this data processing is your consent pursuant to Article 6(1)(a) GDPR. Access to and storage of information in the end-device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to section 25, para. 1 TTDSG.
In the event that personal data is transferred by Google Ireland Limited to the USA, Google Ireland Limited and Google LLC shall have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) pursuant to Article 46(2)(c) of GDPR. In addition, we shall also obtain your express consent for the transfer of your data to third countries in accordance with Article 49(1)(a) GDPR.
For further information, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245.
3.5.2 Datadog
Our website uses Datadog, a server monitoring system provided by Datadog, 620 8th Avenue, 45th Floor, New York, NY 10018 USA. The integration of Datadog allows all traffic on this website to be filtered so that communication is established between the application and the user’s browser or end-device, while at the same time allowing the collection of analytical data about this website.
The system alerts our development team to possible errors on the website. For this purpose, log data is sent to Datadog for analysis and troubleshooting.
The purpose of this data processing is product development and improvement, as well as analysis and troubleshooting.
The legal basis of this data processing is your consent pursuant to Article 6(1)(a) GDPR. Access to and storage of information in the end-device takes place on the basis of the implementation laws of theePrivacy Directive of the EU member states, in Germany according to section 25, para. 1 TTDSG. To withdraw your consent, please see: 3.2.3 “Withdrawing your consent or changing your selection”.
In the event that personal data is transferred to third countries (such as the USA), your consent expressly extends to the data transfer (Article 49(1)(a) GDPR). For the associated risks, please refer toClause 6 (“Data Transfer to Third Countries”).
Datadog sets the following cookies for the specified purpose with the respective storage period:
„dd_cookie_test*“ (1 Minute): Test
3.6 Marketing Tools
We also use optional tools for advertising purposes (“Marketing Tools”). Some of the access data generated when using our website is used to create user profiles, which store in particular your usage behaviour, the advertisements you have viewed or clicked on and, based on this, the classification into advertising categories, interests and preferences. By analysing and evaluating this access data, we are able to show you personalised advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and on the websites and services of other providers.
The legal basis for the Marketing Tools is your consent in accordance with Article 6(1)(a) GDPR, which you grant individually via the consent banner. Access to and storage of information in the end-device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to section 25, para. 1 TTDSG. To withdraw your consent, please see: Error! Reference source not found.”.
In the event that personal data is transferred to third countries (such as the USA), your consent expressly extends to the data transfer (Article 49(1)(a) GDPR). For the associated risks, please refer to Clause 8 (“Data Transfer to Third Countries”).
In the following section, we would like to explain the tools and the providers used for this purpose in more detail. The data collection may include in particular:
IP address of the device
the information of a cookie and in the local or session storage
the device identifier of mobile devices (e.g. device ID, advertising ID)
referrer URL (the previously visited page)
pages accessed (date, time, URL, title, length of stay)
downloaded files
clicked links to other websites
if applicable, achievement of specific goals (conversions)
technical information: operating system; browser type, version, and language; device type,make, model, and resolution
approximate location (country and city, if applicable).
However, the collected data is only stored pseudonymously, so that no direct conclusions may be drawn about persons.
3.6.1 Wisepops
Our website uses the services of WisePops SAS, 49 Rue Jean De La Fontaine, 75016 Paris, France (“Wisepops”). Wisepops is a pop-up solution that allows us to display customised information as a dialogue box on our website. Wisepops may set the following cookies:
wisepops_visits (397 days)
wisepops_session (session)
wisepops (397 days)
4. Disclosure of Data
The data we collect may only be passed on if:
you have given your express consent to this in accordance with Article 6(1)(a) GDPR
the transfer is necessary according to Article 6(1)(f) GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you there is an overriding interest worthy of protection in the non-disclosure of data
we are legally obliged to disclose data according to Article 6(1)(c) GDPR or
this is legally permissible and required in accordance with Article 6(1)(b) GDPR for the processing of contractual relationships with you or for taking steps prior to entering into a contract, that take place at your request
Some of the data processing described in this privacy policy may be carried out by our service providers. Should we disclose data to our service providers, they may use the data solely for the fulfilment of their tasks. The service providers were carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects, ensure an adequate level of data protection and are regularly monitored by us. In individual cases, disclosure may take place in connection with official enquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement.
5. Links to other Online Services and Offers
This website may contain links to the websites and online offers of other providers not affiliated with us. When you click on these links, we naturally no longer have any influence on what data is collected by the respective providers and what data is collected by them. Detailed information on data collection and use may be found in the privacy policy of the respective provider.
6. Data Transfer to Third Countries
As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. Insofar as this is the case and the European Commission has not issued an adequacy decision for these countries (Article 45 GDPR), we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the European Union’s standard contractual clauses and binding data protection corporate rules.
Where this is not possible, we base the data transfer on exceptions of Article 49 GDPR, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for taking steps prior to entering into a contract.
Where a third country transfer is envisaged and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the relevant third country (e.g. intelligence services) may gain access to the transferred data to collect and analyse it and that enforceability of your data subject rights may not be guaranteed. You shall also be informed of this when your consent is obtained via the consent banner.
7. Storage Period
In principle, we only store personal data for as long as is necessary to fulfil the purposes for which we collected data. We then erase the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes regarding claims under civil law, due to statutory retention obligations or unless there is another legal basis under data protection law for the continued processing of your data in the specific individual case.
For evidence purposes, we shall retain in particular contract data for three years from the end of the year in which the business relationship with you ends. Any claims shall become statute-barred at the earliest on this date in accordance with the standard statutory limitation period.
Even after that, we still shall store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The time limits specified there for the retention of documents are two to ten years.
8. Your Rights, in particular Withdrawal and Objection
You are entitled, at any time and subject to the respective legal requirements, to the rights set out inArticle 7(3), Articles 15-21 and Article 77 of GDPR:
Right to withdraw your consent (Article 7(3) GDPR)
Right to object against the processing of your personal data (Article 21 GDPR)
Right to information about your personal data processed by us (Article 15 GDPR)
Right to rectification of your personal data stored by us that is incorrect (Article 16 GDPR)
Right to erasure of your personal data (Article 17 GDPR)
Right to restriction of your personal data processing (Article 18 GDPR)
Right to data portability of your personal data (Article 20 GDPR)
Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
In order to assert your rights described here, you may contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees demonstrating an adequate level of data protection. Provided that the respective legal requirements are met, we shall comply with your data protection request.
Your enquiries regarding the assertion of data protection rights and our responses to them shall be stored for documentation purposes for a period of up to three years and, on a case-by-case basis, for longer should legal claims be asserted, exercised or defended. The legal basis is Article 6(1)(f) GDPR, based on our interest in defending against any civil claims under Article 82 GDPR, avoiding fines underArticle 83 GDPR and fulfilling our accountability obligations under Article 5(2) GDPR.
You have the right to withdraw consent once given to us at any time. This lead to the consequence that we shall no longer continue the data processing based on this consent for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Where we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your specific situation. If you object to the processing of data for direct marketing purposes, you have a general right to object, which will also be implemented by us without giving reasons. If you wish to exercise your right of withdrawal or objection, it is sufficient to send an informal message to the above contact details.
Finally, you have the right to complain to a data protection supervisory authority at . You may exercise this right, for example, before a supervisory authority in the Member State of your residence, workplace or the place of the alleged infringement. In Zurich, where our registered office is located, the competent supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, CH - 3003 Bern, Switzerland.
9. Changes to the Privacy Policy
We occasionally update this privacy policy, for example, when we adapt our website or when legal or regulatory requirements change.
Do you need more information? Then write us a short e-mail and get more information!
