1. Purpose of this Privacy Notice

This Privacy Notice provides information on the nature, scope and purpose of the gathering, processing and use of personal data carried out by dolmX AG (hereinafter also “we” or “us”) and lets you know which rights you have in this regard.

Type of personal data

• General personal data: We process general personal data about you.

Source of personal data

• Provided data: We process personal data that you provide to us.
• Collected data: We process personal data that we collect about you.
• Received data: We process personal data about you that we receive from third parties.

Purpose of processing

• Marketing: We use your personal data for marketing and advertising.
• Product development: We use your personal data for the development and improvement of products and services.
• Other purposes: We use your personal data for other purposes without direct connection with the core service.

Special processing

• Profiling: We analyze your behavior and make assumptions about your interests and preferences.

Passing on to third parties

• Data transfers: We may also transfer your personal data to other companies that decide themselves how to use the data.

Place of processing

• Worldwide: We also process your personal data outside of Switzerland and the EU.

‘Personal data’ means data relating to identified or identifiable individuals, which means that the relevant data, in combination with additional data, makes it possible to draw conclusions about the identity of these individuals.

‘Sensitive personal data’ means personal data accorded particular protection under the law, e.g. data revealing racial or ethnic origin, health data, religious or philosophical beliefs, biometric data for identification purposes and information relating to trade union membership.

‘Processing’ means any operation that is performed on personal data, such as collection, storage, use, alteration, disclosure and erasure.

If you disclose data to us or share data with us about other individuals, such as family members, co-workers, etc., we assume that you are authorized to do so and that the relevant data is accurate. When you share data about others with us, you confirm this authorization. Please make sure that these individuals have been informed about this Privacy Notice.

This Privacy Notice is aligned with the EU General Data Protection Regulation (‘GDPR‘), the Swiss Data Protection Act (‘DPA‘) and the revised Swiss Data Protection Act (‘revDPA‘). However, the application of these laws depends on each individual case.

In other respects, we process – to the extent and insofar as the EU GDPR is applicable – personal data in accordance with the following legal bases in connection with Art. 6(1) GDPR:

• Consent (Art. 6 para. 1, sect. 1(a) GDPR) – the data subject has given consent to the processing of their personal data for one or more specific purposes.
• Contract performance and pre-contractual requests (Art. 6, para. 1, sect. 1(b) GDPR) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legal obligation (Art. 6, para. 1, sect. 1(c) GDPR) – processing is necessary for compliance with a legal obligation to which the controller is subject.
• Protection of vital interests (Art. 6, para. 1, sect. 1(d) GDPR) – processing is necessary in order to protect the vital interests of the data subject or of another natural person.
• Legitimate interests (Art. 6, para. 1, sect. 1(f) GDPR) – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
• Application procedure as a pre-contractual or contractual relationship (Art. 9, para. 2(b) GDPR) – Insofar as special categories of personal data within the meaning of Art. 9(1) GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants in the context of the application procedure so that the controller or the data subject can exercise the rights arising from labor law and social security and social protection law and fulfill their obligations in this regard, they are processed in accordance with Art. 9(2)(b) GDPR. However, in the case of the protection of vital interests of the applicants or other persons in accordance with Art. 9(2)(c) GDPR or for the purposes of preventive healthcare or occupational medicine, for the assessment of an employee’s fitness, to work, for medical diagnostics, care or treatment in the health or social sector, or for the management of systems and services in the health or social sector, they are processed in accordance with Art. 9(2)(h) GDPR. In the case of communication of special categories of data based on voluntary consent, processing is based on Art. 9(2)(a) GDPR. (Source: SwissAnwalt)

Safety Measures

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account state of the art, implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence, and the extent of the threat to the rights and freedoms of natural persons.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, the deletion of data, and responses to compromised data. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes through technology design and data protection-friendly default settings in accordance with the principle of data protection. Who is the controller for processing your data? (Source: SwissAnwalt)

The controller for the purposes of data protection law for the data processing described in this Privacy Notice is:

dolmX AG
Nielufar Saffari
Cordulaplatz 8
5400 Baden

Phone: +41 56 521 34 31
E-mail: contact@dolmx.ch
Website: https://www.dolmx.ch/en/

2. Which data do we process?

The most important categories of data are as follows:

• Technical data: When you use or visit our website, we gather technical data (e.g. your IP address, information about your browser and operating system and the date and time of your visit) in order to ensure that our website remains functional and secure. To this end, we may also assign an individual code to your terminal device (for example as a cookie; see Section 12). Technical data in and of itself does not permit us to draw conclusions about your identity. However, technical data may be linked with other categories of data (and potentially with your identity) in relation to user accounts, registrations, access controls or the performance of contracts.
• Registration data: Certain offers and services (such as the dolmX login areas of our application, newsletters, etc.) can only be used with a user account or registration, which can happen directly with dolmX or through third-party login service providers. In this regard you must provide us with certain data (e.g. user name, password, name, e-mail address, telephone number or street address), and we collect data about the use of the offer or service.
• Communication data: When you are in contact with us via the contact form on our website or our app, by e-mail, by telephone, by letter or by other means of communication, we collect the data exchanged between you and us. If inquiries are sent via our contact form, the information provided, including the contact data entered, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without the user’s permission.
• Master data: “Master data” means basic data, such as your name, contact details, function, bank details, date of birth, etc. We receive master data from you (e.g. as part of registration), from third parties and/or from sources in the public domain such as public registers or the internet (websites, social media, etc.).
• Contract data: This is data accrued in connection with the conclusion of a contract. We collect this data from you, from contractual partners and from third parties involved in the performance of the contract, from third-party sources (for example credit information providers) and/or from public sources.
• Behavioral and preference data: Depending on our relationship with you, we try to get to know you better and to tailor our offers to you. For this purpose, we collect and process data about your behavior and preferences. We may supplement this information with information from third parties – including from public sources. This data is already known to us (for example where and when you use our services), or we collect it by recording your behavior (for example how you navigate our website). We describe how tracking works on our website in Section 12.
• Other data: We also collect data from you in other situations, e.g. when you come to our offices (visitor lists), who participates in which events or campaigns (e.g. competitions or prize draws) or who uses our infrastructure and systems at which moments.

To the extent that it is lawful, we also collect data from public sources (for example debt collection registers, land registers, commercial registers, the media, or the internet including social media) or receive data from public authorities and from other third parties (such as credit agencies, address brokers, associations, contractual partners, internet analytics services, etc.).

3. For what purposes do we process your data?

We process your data for the following purposes:

• to communicate with you, particularly in relation to responding to inquiries and the exercise of your rights (Section 11) and to enable us to contact you in case of queries.
• for the conclusion, administration and performance of contractual relationships.
• for marketing purposes and for customer relationship management, e.g. in the form of newsletters and/or as part of marketing campaigns.
• for market research, to improve our services and/or for product development.
• for security purposes and for access control.
• to comply with laws, directives and recommendations from authorities and internal regulations (“Compliance”).
• for other purposes, e.g. for training and quality assurance purposes.

4. On what basis do we process your data?

If we need to ask for your consent for specific types of processing, we will inform you separately of the corresponding purposes of that process.

You may withdraw your consent at any time by writing to us. Our contact details are set out in Section 2. For withdrawing your consent for online tracking, see Section 12.

Once we have received notification of withdrawal of consent, we will no longer process your information for the purpose(s) you consented to, unless we have another legal basis to do so. Withdrawal of consent does not, however, affect the lawfulness of the processing based on the consent prior to withdrawal.

Where we do not ask for consent for processing, the processing of your personal data relies on the requirement of the processing for initiating or performing a contract with you (or the entity you represent) or on our or a third-party legitimate interest in the particular processing, in particular in pursuing the purposes and objectives set out in Section 4 and in implementing related measures. Our legitimate interests also include compliance with legal regulations, insofar as this is not already recognized as a legal basis by applicable data protection law (for example in the case of the GDPR, the laws in the EEA and Swiss law).

Where we receive sensitive personal data (for example health data, data about political opinions, religious or philosophical beliefs, and biometric data for identification purposes), we may process your data on other legal basis, for example, in the event of a dispute, as required in relation to a potential litigation or for the enforcement of or ambience against legal claims. In some cases, other legal bases may apply, which we will communicate to you separately as necessary.

5. What applies in case of profiling and automated individual decisions?

We may evaluate some of your personal attributes automatically based on your data (Section 3) for the purposes set out in Section 4 (“profiling”), for example if we want to establish preference data in order to recognize the risk of misuse and security risks, but also to carry out internal statistical evaluations (e.g. analyzing click and open rates). We may also create profiles for these purposes, i.e. we may combine not only behavioral and preference data but also master data, contract data and technical data relating to you in order to better understand you as a person with your various interests and other characteristics. We may also create anonymous personalized movement profiles of you – with your consent. These profiles can be used for marketing and security purposes, amongst other things.

In both cases, we pay attention to the proportionality and reliability of the results and take measures against misuse of these profiles or profiling.

6. To whom do we disclose your data?

As set out in Section 4, we also disclose these purposes (your personal data) to third parties:

• Service providers: We work with various service providers within Switzerland and abroad, who process data about you on our behalf or receive data from us at their own responsibility. We process your personal data in Switzerland and in the EEA.
• Contractual partners including customers: They receive data such as registration data in relation to issued and redeemed vouchers, invitations, etc. The recipients also include additional contract partners who advertise on our behalf and to whom we disclose data about you for analysis and marketing purposes. We require these partners to send you or display advertising based on your data only with your explicit consent (for online advertising, see Section 12).
• Authorities: We may disclose personal data to agencies, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to make such disclosures or if it appears necessary to protect our interests. These authorities act as separate controllers for the data they receive from us.
• Other persons: This means other cases where interactions with third parties follows from the purposes set out in Section 4, for example service recipients, the media and associations in which we participate or if you are included in one of our publications. If it should be necessary to disclose data in any additional cases, the persons concerned will be informed in advance.

All these categories of recipients may involve third parties, so your data may also be disclosed to them. We can restrict the processing by certain third parties (for example IT providers), but not by others (for example authorities and banks).

In addition, we enable certain third parties to collect personal data from you on our website and at events organized by us (for example, providers of tools on our website). If you have concerns or wish to exercise your data protection rights, please contact these third parties directly. See Section 12 for the website.

7. Is your personal data disclosed abroad?

As explained in Section 7, we disclose data to other parties. These are not all located in Switzerland; some of them are based abroad or in the EEA, respectively.

If a recipient is located in a country without adequate statutory data protection, we require the recipient to undertake to comply with data protection (for this purpose, we use the revised European Commission’s standard contractual clauses, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is subject to a legally accepted set of rules to ensure data protection and unless we cannot rely on an exception. An exception may apply for example in case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires disclosure, if you have consented or if data has been made available generally by you and you have not objected to the processing.

Please note that data exchanged via the internet is often routed through third countries. Your data may therefore be sent abroad even if the sender and recipient are in the same country.

8. How long do we process your data?

We process your data for as long as our processing purposes, the legal retention periods and our legitimate interests in documentation and keeping evidence require it or storage is a technical requirement.

9. How do we protect your data?

We take appropriate security measures in order to maintain the required security of your personal data and ensure its confidentiality, integrity and availability, to protect it against unauthorized or unlawful processing, and to mitigate the risk of loss, accidental alteration, unauthorized disclosure or access.

10. What are your rights?

To make it easier for you to control how your personal data is processed, you have the following rights in this regard:

• the right to request information from us as to whether and what data we process from you;
• the right to require that we modify, delete or block your data;
• the right to have us publish your data;
• the right to withdraw consent, where our processing is based on your consent;
• the right to receive, upon request, further information that is helpful for the exercise of these rights;

If you wish to exercise the rights set out above, please contact us in writing; our contact details are set out in Section 2.

You also have these rights in relation to other parties that cooperate with us as separate controllers – please contact them directly if you wish to exercise your rights in relation to their processing. You will find information on our key partners and service providers in Section 7 and additional information in Section 12.

Please note that conditions, exceptions or restrictions apply to these rights under applicable data protection law (for example to protect third parties or trade secrets). We will inform you accordingly where applicable.

You have the right to file a complaint if you are dissatisfied with how we handle your rights or the protection of your data. To do this, please contact our data protection officer (Section 2), or you can make use of your right to complain to a responsible data protection authority (in Switzerland, your point of contact is the Federal Data Protection and Information Commissioner (FDPIC)).

11. Do we use online tracking?

We use various techniques on our website that allow us and third parties engaged by us to recognize you during your use of our website, and to track you across several visits.

In essence, we wish to distinguish access by you (through your system) from access by other users, so that we can ensure the functionality of the website and carry out analysis and personalization. We do not intend to determine your identity, even if that is possible where we or third parties engaged by us can identify you by combination with registration data. However, even without registration data, the technologies we use are designed in such a way that you are recognized as an individual visitor each time you access the website, for example by our server (or a third-party server) that assign a specific identification number to you or your browser (so-called ‘cookies’).

Cookies are small parcels of data (individual codes) that our server or a third-party server transmits to your system when you connect to our website, and that your system (browser, cell phone) accepts and stores.

Depending on the purpose, we may ask for your consent before these techniques are used. You can also set your browser to block, spoof or delete certain types of cookies. You can also add software to your browser that blocks certain third-party tracking.

We use the following third-party cookies and tracking technologies:

Privacy Policy for Google Analytics:

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the data controller on this website is located outside the European Economic Area or Switzerland, Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as “Google”.

The statistics obtained enable us to improve our offer and make it more attractive for our users. This website also uses Google Analytics for cross-device analysis of visitor flows, which is performed via a user ID. If a user has a Google user account, the cross-device analysis of the usage in the settings may be deactivated under ‘Personal data’ in ‘My Data’.

The legal basis for the use of Google Analytics is Art. 6(1)(f) GDPR. The IP address transmitted by the browser as part of Google Analytics is not merged with other data from Google. We would like to point out that on this website Google Analytics has been extended by the _anonymizeIp(); code to ensure anonymized collection of IP addresses. This means that IP addresses are processed in an abbreviated form, which means that they cannot be traced back to a specific individual. Insofar as the data collected regarding users is of a personal nature, this is immediately excluded and the personal data immediately deleted.

Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there. On behalf of this website operator, Google will use this information for the purpose of evaluating users’ use of the website, compiling reports on website activity and providing other services relating to website activity and Internet usage to the website operator.

Google Analytics uses cookies. The information generated by the cookie about the user’s use of this website is usually transmitted to a Google server in the USA and stored there. Users may refuse the use of cookies by selecting the appropriate settings on their browser, however they should be aware that in this case the full functionality of this website may not be available. Users may also prevent the collection of data generated by the cookie and related to the use of the website (including their IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Deactivate Google Analytics.

Furthermore, users can also prevent the use of Google Analytics by clicking on this link: Deactivate Google Analytics. This saves an opt-out cookie on the user’s data carrier, which prevents the processing of personal data by Google Analytics. Users should note that if all cookies on a terminal device are deleted, these opt-out cookies will also be deleted, i.e. the opt-out cookies should be added again if this form of data collection is to be prevented in future. The opt-out cookies are added to each browser and computer/end device and must therefore be activated separately for each browser, computer or other end device. Further information is available in the Google Privacy Policy (https://policies.google.com/privacy) . (Source: SwissAnwalt)

Privacy Policy for the Use of Microsoft Clarity

This website uses the services of Microsoft Clarity to improve the user experience. Clarity is provided by Microsoft Ireland Operations Limited, based in Dublin, Ireland, Europe. Mouse clicks as well as mouse and scroll movements may be recorded in Clarity. Clarity helps us gain insight into how much time users spend on which pages, which links they click, etc. Personalized information is not included in this process.

Clarity is GDPR-complaint and uses cookies and other technologies to collect data on users’ behavior and their devices, browser information, geographic location (country only), and preferred language used to display our website. Clarity stores this information in a pseudonymized user profile. This information can neither used by Microsoft nor by us to identify individual users, nor is it merged with other data about individual users. (Source: SwissAnwalt)

For more information, please refer to the privacy policy of Microsoft: https://privacy.microsoft.com/en-us/privacystatement

Privacy Policy for Google Tag Manager

Google Tag Manager is a solution that allows us to manage website tags via an interface and integrate Google Analytics and other Google marketing services into our online offer, for example. The Tag Manager itself which implements the tags does not process any of the user’s personal data. With regard to the processing of users’ personal data, reference is made to the following information on Google services.
User guidelines: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/. (Source: SwissAnwalt)

Privacy Policy for Google Ads

This website uses Google conversion tracking. If a user accesses our website via an ad placed by Google, Google Ads will add a cookie on the user’s computer. The conversion tracking cookie is added when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we, together with Google, detect that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot be tracked across Google Ads customers’ websites. The information collected using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that could personally identify users.

If a user does not wish to participate, the adding of a cookie required for this can be refused, e.g. by means of a browser setting that generally deactivates the automatic adding of cookies or by setting the browser so that cookies from the domain “googleleadservices.com” are blocked. Please note that users should not delete the opt-out cookies if they do not want any measurement data to be recorded. If all the cookies in the browser have been deleted, the relevant opt-out cookie should be added again. (Source: SwissAnwalt) Further information is available at https://ads.google.com/home and in the Google Privacy Policy (https://policies.google.com/privacy) . (Source: SwissAnwalt)

Use of Google Remarketing

This website uses Google Inc’s Remarketing function, which is used to present online advertisements to visitors within the Google advertising network. A cookie is stored in the visitor’s browser, which means the visitor can be recognized when visiting websites that belong to Google’s advertising network. On these pages, the visitor may be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google’s Remarketing function.

According to its own information, Google does not collect any personal data during this process. If a user does not wish to use Google’s Remarketing function, this can in principle be deactivated by adjusting the settings at http://www.google.com/settings/ads. Alternatively, users may deactivate the use of cookies for online advertising via the ad network by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp. (Source: SwissAnwalt)

Use of Google reCAPTCHA

We use Google reCAPTCHA (hereinafter “reCAPTCHA”) on our websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter “Google”. The purpose of reCAPTCHA is to verify whether data is entered on our websites (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the visitor based on various characteristics. This analysis starts automatically as soon as a user visits the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the visitor on the website, or via mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Visitors are not made aware that such analysis is taking place.

The legal basis for data processing is Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from spam. For more information about Google’s reCAPTCHA and privacy policy, please see the following links: https://www.google.com/intl/policies/privacy/ and https://policies.google.com/terms (Source: SwissAnwalt)

Privacy Policy for Sendgrid

We use the third-party provider Sendgrid for sending our newsletters. For more information about Sendgrid and Sendgrid’s privacy policy, please see (https:// https://sendgrid.com) and (https://sendgrid.com/resource/general-data-protection-regulation-2/).

Privacy Policy for Google Web Fonts:

This website uses web fonts provided by Google for the uniform display of fonts. When users click on a page, the user’s browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. If the user’s browser does not support web fonts, a default font is used by the user’s computer. (Source: SwissAnwalt)

For more information on Google Web Fonts, please visit https://developers.google.com/fonts/faq and see Google’s privacy policy: https://www.google.com/policies/privacy/. (Source: SwissAnwalt)

12. What data do we process on our social network pages?

We may maintain an online presence on social media and other platforms run by third parties and gather data about you via these platforms.

We receive this data from you and from the platforms when you encounter our online presence. At the same time, the platforms analyses your use of our online presences and combine this data with other data they have about you. They also process this data for their own purposes, in particular for marketing and market research purposes (for example to personalize advertising) and to manage their platforms (for example what content they show you) and, to that end, they act as separate controllers.

We currently use functions of the LinkedIn social network. The provider is the LinkedIn Corporation, based in the USA. (Source: SwissAnwalt)

You can find information on how your data is handled in LinkedIn’s Privacy Policy (https://www.linkedin.com/legal/privacy-policy).

Privacy Policy for LinkedIn

We use the marketing services of the social media company LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”) within the context of our online offer.

These use cookies, which are text files that are stored on the user’s computer. This allows us to analyze the user’s use of the website. For example, we can measure the success of our ads and show users products they were previously interested in.

For example, this includes information about the operating system, the browser, the website the user previously visited (referrer URL), the offers the user clicked on, and the date and time of the user’s visit to our website.

The information generated by the cookie about the user’s use of this website is transferred pseudonymously to a LinkedIn server in the USA and stored there. Accordingly, LinkedIn does not store the name or e-mail address of each user. Rather, the above data is only assigned to the individual for whom the cookie was generated. This does not apply if the user has allowed LinkedIn to process data without pseudonymization or has their own LinkedIn account.

Users may refuse the use of cookies by selecting the appropriate settings on their browser; however, they should be aware that in this case the full functionality of this website may not be available. Users may also object to the use of their data directly via LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

We use LinkedIn Analytics to analyze and improve the use of our website from time to time. The statistics obtained enable us to improve our offer and make it more attractive for our users. All LinkedIn companies have adopted the standard contractual clauses to ensure that the traffic to the U.S. and Singapore necessary for the development, operation, and maintenance of the Services occurs in a lawful manner. If we ask users for consent, the legal basis for the processing is Art. 6(1)(a) GDPR. Otherwise, the legal basis for the use of LinkedIn Analytics is Art. 6(1)(f) GDPR.

Information of the third-party provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2 Ireland; User Agreement and Privacy Policy. (Source: SwissAnwalt)

13. External Payment Service Providers

This website uses external payment service providers through whose platforms users and we can make payment transactions. For example via:

• Visa (https://usa.visa.com/legal/privacy-policy.html)
• Mastercard (https://www.mastercard.co.uk/en-gb/vision/terms-of-use/commitment-to-privacy/privacy.html)
• Stripe (https://stripe.com/en-gb/privacy)

In the context of the performance of contracts, we use the payment service providers on the basis of the Swiss Data Protection Ordinance and, where necessary, Art. 6(1)(b) EU GDPR. In addition, we use external payment service providers on the basis of our legitimate interests pursuant to the Swiss Data Protection Ordinance and where necessary pursuant to Art. 6(1)(f) EU GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, among others, as well as the contract, totals and recipient-related information. The information is necessary to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. As the operator, we do not receive any information about (bank) account or credit card, merely information to confirm (accept) or reject the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and data protection information of the payment service providers.

The terms and conditions and data protection information of the relevant payment service providers apply to the payment transactions, which can be accessed within the relevant website or transaction applications. We also refer to these for further information and assertion of revocation, information and other data subject rights. (Source: SwissAnwalt)

14. Can this Privacy Notice be updated?

This Privacy Notice is not part of any contract with you. We can change this Privacy Notice at any time. The version published on this website is the current version.

Last updated: 09/15/2023