Version 1.5

Privacy Policy

1. Introduction
Privacy is of utmost importance to Yokoy. The purpose of this Privacy Policy is to inform you about how we process your data. When you visit our website or app, data will be collected and processed by us in the process. By continuing to use our website/app, you acknowledge that you understand and agree to the Privacy Policy.

2. Processing of personal data
2.1. Terms

Personal data is any information that relates to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, collection, deletion, storage, modification, destruction and use of personal data.The European Economic Area (EEA) comprises the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as processing of personal data.

2.2. Legal basis
We process personal data in accordance with Swiss data protection law such as, in particular, the Swiss Federal Act on Data Protection (DSG) and the Ordinance to the Swiss Federal Act on Data Protection (VDSG). We process - if and to the extent that the General Data Protection Regulation (GDPR) is applicable - personal data in accordance with at least one of the following legal bases:


2.3. Nature, scope and purpose
We process those personal data that are necessary to provide our offer permanently, user-friendly, secure and reliable. Such personal data can fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales, contract and payment data.
We process personal data for the period of time required for the respective purpose(s) or as required by law. Personal data whose processing is no longer required will be anonymized or deleted. Persons whose data we process generally have the right to have their data deleted.As a matter of principle, we only process personal data with the consent of the data subject, unless the processing is permitted for other legal reasons, for example, to fulfill a contract with the data subject and for corresponding pre-contractual measures, to protect our overriding legitimate interests, because the processing is evident from the circumstances or after prior information.
In this context, we process in particular information that a data subject voluntarily and self-submits to us when contacting us - for example, by mail, email, contact form, social media or telephone - or when registering for a user account. We may store such information, for example, in an address book, in a customer relationship management system (CRM system) or with comparable tools. If you transmit personal data to us via third parties, you are obligated to ensure data protection with respect to such third parties as well as to ensure the accuracy of such personal data.
We also process personal data that we receive from third parties, obtain from publicly available sources or collect in the course of providing our services, if and to the extent that such processing is permitted for legal reasons.

3. Data collection on our website
When you visit the website/app, your user-specific and technical data is collected and analyzed anonymously. These are, for example, IP addresses, operating systems or visited pages. We use cookies for this purpose (see Cookie Policy). By using our website/app, you agree to the collection and use according to the privacy policy. The collection and use of this data is based on the legitimate interest to enable the use of the website/app and to further optimize it.
Our offer is subject to Swiss data protection law as well as any applicable foreign data protection law, such as in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection. The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which allows us to process data for the fulfillment of a contract or pre-contractual measures.

3.1 Hosting
Our hosting provider provides us with infrastructure and platform services, database services, computing capacity, security services and storage space as well as technical maintenance services, which we use for the purpose of operating our online offers. The basis for data processing is Art. 6 (1) lit. b DSGVO, which allows us to process data for the fulfillment of a contract or pre-contractual measures. Our website is hosted by Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103.

3.2 Content Delivery Network (CDN)
We use the open source services of jsdelivr as a CDN to deliver the website quickly. jsDelivr is a service of ProspectOne, Krolewska 65A/1, 30-081, Krakow, Poland.
A CDN is a network of regionally distributed servers connected via the Internet. In order to use the service it is possible that your browser sends personal data to jsDelivr. This allows jsDelivr to collect and store data such as browser type/version, date and time of access or IP address. To avoid this, you can install a JavaScript blocker.
The basis for the use of the CDN is your consent according to Art. 6 para. 1 lit. a DSGVO and our legitimate interest to optimize the website according to Art. 6 para. 1 lit. f DSGVO. For more information, see the privacy policy of jsDelivr.

3.3. Server log files
When using our website, information is automatically collected and stored that your browser transmits to us. These are:

When using this data, we do not draw any conclusions about you; the data is needed, for example, to deliver the content of our website correctly, to ensure the functionality of our site or to be able to provide the information to law enforcement authorities in the event of a cyber attack. The anonymous data of the server log files are stored separately from your personal data.
The basis for data processing is Art. 6 (1) lit. b DSGVO, which allows us to process data for the fulfillment of a contract or pre-contractual measures.

3.4. Contact requests/contacting us
You can contact us via various channels, e.g. phone, email, contact form, chat, social media, webinar registration. In doing so, we collect your contact details and information about the request. These may be stored in our CRM (Customer Relationship Management) system and will only be stored for internal use. In addition, Yokoy may use your data for analyses and for future customer relations. The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which allows us to process data for the fulfillment of a contract or pre-contractual measures. If data is transmitted via email, the transmission is unencrypted.

3.5. Google Web Fonts
This site uses so-called web fonts provided by Google to display fonts. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This is a service of the American Google LLC. For users in the European Economic Area (EEA) and Switzerland, the Irish company Google Ireland Limited is responsible. When you call up a page, your browser loads the required web fonts into the browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. This enables Google to know that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of an appealing presentation of our website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If your browser does not support web fonts, a standard font from your computer will be used. You can find more information at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.

4. Social Media
4.1. Use of social media
We have various presences within social networks in order to be able to communicate with users active there and to inform them about our services there. In doing so, users' data may be processed outside the EU. The US providers certified under the Privacy Shield are obliged to comply with EU data protection standards. User data is usually processed for market research and advertising purposes. For example, usage profiles can be created from usage behavior, which can be used for advertisements. In addition, data may also be stored in the usage profiles (especially if the users are logged in to the platforms). The processing of users' personal data is based on our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6 (1) lit. f DSGVO. If the users are asked by the respective providers of the platforms for consent to the aforementioned data processing, the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO. For a detailed description of the respective processing, we refer to the information of the providers linked below.

4.2. YouTube
We integrate the videos of the YouTube platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland. When you visit one of our pages where YouTube is embedded, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. For more information on the handling of user data, please refer to YouTube's privacy policy. The use of YouTube is based on Art. 6 para. 1 lit. a DSGVO. Information on the prevention of data collection can be found under points 5 and in our Cookie Policy.

5. Marketing and analysis tools
5.1. Google Analytics

This is a service of the American Google LLC. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For users in the European Economic Area (EEA) and Switzerland, the Irish company Google Ireland Limited is responsible. Information generated by the Google cookie is transmitted to a Google server and stored. We have added the code "anonymizeIP" to Google Analytics on the website/app. This guarantees anonymization of the data. Further information can be found in the privacy policy of Google Analytics. We use Google Analytics to anonymously evaluate website/app activities. Furthermore, advertising measures are also evaluated via Google Analytics. If you do not want this, you can disable it via the Ads Preferences Manager. Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. a DSGVO.

5.2. Google Tag Manager
This website uses the Google Tag Manager. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Tag Manager is a solution that allows website tags to be managed via an interface. The Tag Manager tool (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool takes care of forwarding data and triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.

5.3. Google Remarketing
This is a service provided by the American Google LLC. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For users in the European Economic Area (EEA) and Switzerland, the Irish company Google Ireland Limited is responsible. Google Remarketing is used to compile groups and lists of users and website visitors according to criteria by means of anonymized ID identifiers, which are assigned by cookies. These are shown information and advertising for our services based on their preferences. You can prevent the use of these cookies (see Cookie Policy). Further information can be found in Google's privacy policy. The summary of the collected data in your Google account is based exclusively on your consent, which you can give or revoke at Google (Art. 6 para. 1 lit. a DSGVO). For data collection processes that are not merged in your Google account, the collection of data is based on Art. 6 (1) lit. f DSGVO. The legitimate interest arises from the fact that we have an interest in the anonymized analysis of website visitors for advertising purposes.

5.4. Google Ads, Conversion Tracking and Google Marketing Platform
This is a service provided by the American Google LLC. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For users in the European Economic Area (EEA) and Switzerland, the Irish company Google Ireland Limited is responsible. These integrations allow us to determine how, for example, clicks on ads from Google lead to conversions and similar actions by users with us. Temporary cookies from Google are used and no individual user data is processed (see Cookie Policy). The information collected is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. They will receive information on aggregate figures, but not personalized user data. Conversion cookies are stored on the basis of Art. 6 (1) lit. a DSGVO.

5.5. Google reCaptcha
This is a service of the American Google LLC. For users in the European Economic Area (EEA) and Switzerland, the Irish Google Ireland Limited is responsible. The purpose of reCAPTCHA is to check whether data input on our website (e.g. in a contact form) is made by a human or an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not made aware that an analysis is taking place. The data processing is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. For more information about Google reCAPTCHA and Google's privacy policy, please visit the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

5.6. HubSpot
On our website, we use the software HubSpot for various purposes. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
Hubspot uses web beacons and cookies to help us analyze your use of our website and to cover various aspects of online marketing. These include email marketing, contact management (e.g. user segmentation & CRM), landing pages and contact forms. This information as well as parts of our website are stored on servers of our software partner HubSpot. It is used by us to contact visitors to our website and to determine which of our company's services are of interest to them. All information we collect is subject to this privacy policy. We use all collected information exclusively to optimize our marketing measures and communication with users.As part of the optimization of our marketing measures, the following data, among others, may be collected and processed via HubSpot:

We also use HubSpot to provide contact forms (see point 3.4.). The legal basis of the processing is your consent pursuant to Art. 6(1)(a) DSGVO and for the necessary processing of personal data for the performance of a contract with the data subject and for the implementation of pre-contractual measures pursuant to Art. 6(1)(b) DSGVO. If you do not want the aforementioned data to be collected and processed via Hubspot, you can refuse your consent or revoke it at any time with effect for the future. The personal data will be kept for as long as it is necessary to fulfill the purpose of the processing. The data will be deleted as soon as they are no longer required to achieve the purpose. Here you can find further information on HubSpot's privacy policy.

5.7. Hotjar
On our website, we use Hotjar to better understand the needs of our users and to optimize the offer and experience on the website. The Hotjar web analytics service provided by Hotjar Ltd Hotjar Ltd is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta. Using Hotjar's technology, we get a better understanding of our users' experiences (e.g., how much time users spend on which pages, which links they click on, what they like and don't like, etc.) and this helps us tailor our offerings to our users' feedback. Hotjar uses cookies and other technologies to collect data about the behavior of our users and their devices, in particular IP address of the device (collected and stored only in anonymized form during your website use), screen size, device type (unique device identifiers) or preferred language. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf. The analysis is based on our legitimate interests in optimization and marketing purposes and the interest-based design of our website on the basis of Art. 6 para 1 lit. f DSGVO or your consent pursuant to Art 6 para 1 lit a DSGVO. For more information, please see the Hotjar Privacy Policy.

5.8. Facebook Pixel, Facebook Conversion, Facebook Custom and Lookalike Audiences
On our website, we use the Facebook pixel of the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. For residents in the EU, this is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of the Facebook pixel, it is possible for Facebook to determine you as a visitor to our website. This allows specific ads to be displayed to you. We use the Facebook pixel to display Facebook ads placed by us as far as possible only to those who are actually interested in our offer, or who have certain interests or characteristics that we transmit to Facebook. In addition, we can track the effectiveness of the Facebook ads by seeing whether users have completed a conversion after clicking on a Facebook ad (Facebook conversion). Facebook processes the data in accordance with their data usage policy. You can find more information about Facebook Pixel and how it works in Facebook's help section.
The use of the Facebook pixel and the storage of conversion cookies is based on Art. 6 (1) lit. a DSGVO. In addition, the transfer of data takes place on the basis of our legitimate interests in optimization and marketing purposes and the interest-based design of our advertising measures on the basis of Art. 6 para. 1 lit. f DSGVO or your consent pursuant to Art. 6 para. 1 lit. a DSGVO.
If you wish to object to the collection by the Facebook pixel and the use of your data for Facebook ads, you can do so on Facebook in the notes on the settings for usage-based advertising. In addition, you can prevent the use of cookies with one of the following options: Optout Network Advertising, youronlinechoices.com or according to our Cookie Policy.

5.9. LinkedIn pixel and conversion
On our website, we use the LinkedIn pixel of the social network LinkedIn. This is an offer from LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. With the help of the LinkedIn pixel, it is possible for LinkedIn to identify you as a visitor to our website. This allows specific ads to be displayed to you. We use the LinkedIn pixel to display LinkedIn ads placed by us only to those who are actually interested in our offer. In addition, we can track the effectiveness of the LinkedIn ads by seeing whether users have completed a conversion after clicking on a LinkedIn ad (LinkedIn conversion). If you do not want this, you can object to the use of cookies (see Cookie Policy). You can find more information about the processing of data by LinkedIn in the privacy policy of LinkedIn.
The use of the LinkedIn pixel as well as the storage of conversion cookies is based on Art. 6 para. 1 lit. a DSGVO.

5.10. Application
We collect, process and transfer your personal data using automated data processing systems. For this purpose, we work with the software join. This is an offer of the company JOIN Solutions AG, Landsgemeindeplatz 6, 9043 Trogen. 
The following types of personal data may be covered by the collection, for example:

Legal basis is the possibility to take measures to possibly conclude an employment contract with you. If your application is not successful or you withdraw your application, the data will be deleted within 30 days. If your application is successful, the data will be kept until the purpose is fulfilled, usually for the duration of the contractual relationship, plus a period if required by applicable law.
The storage of the data is based on Art. 6 para. 1 lit. b DSGVO. With the consent of the person in accordance with Art. 6 para. 1 lit. a DSGVO. Further information can be found in the general terms and conditions of JOIN as well as in the privacy policy of JOIN.

5.11. Customer Login/Customer Portal
With each customer the data protection regulations are agreed upon and signed at the conclusion of the contract. Therefore, we refer to the respective data protection regulations of the customer. Customer data is processed in accordance with point 7.In addition, our system automatically collects the following log data with each call:

This data is collected for the purpose of providing the portal. Furthermore, this data is processed and stored for the purpose of ensuring the functionality of the portal and security. The legal basis for this is Art. 6 para. 1 lit. b and f DSGVO. The data is only stored as long as it is necessary for the fulfillment of the purpose. However, the collection is mandatory for the provision of the portal, its collection can therefore not be objected to. Data is only passed on to third parties with your express consent (Art. 6 para. 1 lit. a DSGVO), if there is a legal obligation (Art. 6 para. 1 lit. c DSGVO), if there is a legitimate interest (Art. 6 para. 1 lit. f DSGVO) or if it is necessary to fulfill a contract (Art. 6 para. 1 lit. b DSGVO). Collected log data is passed on to the following service providers, who are our order processors:


5.12. Yokoy app

Customers can download a mobile app to their mobile device. In doing so, the information required for this process is transferred to the app store without our involvement. Information includes, for example, email address, your app store account customer number, or the time of download. We are not responsible for this data collection and have no control over it. For more information, please refer to the privacy policy of Apple or Google. When using the Yokoy app, we process the following data to ensure the security and usability of the functions provided:

This data is only processed to provide the Yokoy app. This is done on the basis of Art. 6 para. 1 lit. b) and f) DSGVO.

6. Newsletter
If you subscribe to the newsletter, you give us permission to use your data for newsletter delivery. In addition, you agree to the information described below. The consent can be revoked at any time, you will find an unsubscribe link in every email sent. Alternatively, you can contact us personally at any time. For the newsletter dispatch, we use the software HubSpot (see point 5.6.) and Sendgrid, a service of Twilio Inc. (see point 8).

6.1. Double opt-in
The registration takes place in a double opt-in process. After your registration you will receive an email in which you have to confirm your email address. This prevents abuse with registration of other email addresses. Registrations are logged and stored in our CRM system so that we can legally prove the registration process. This includes the following data: Sign-up and confirmation time, type of newsletter, IP address and your contact details.

6.2. Basis
Germany: The dispatch of the newsletter and the associated performance measurement is based on the consent of the recipients pursuant to Art. 6 para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 para. 2 No. 3 UWG or on the basis of legal permission pursuant to § 7 para. 3 UWG.
Austria: The newsletter is sent and its success measured on the basis of the recipients' consent pursuant to Art. 6 Para. 1 lit. a, Art. 7 DSGVO in conjunction with Art. 107 Para. 2 TKG or on the basis of statutory permission pursuant to Art. 107 Para. 2 and 3 TKG.
The logging of the registration process is based on our legitimate interests according to Art. 6 para. 1 lit. f DSGVO. Our interest is directed towards the use of a user-friendly and secure newsletter software.

7. Customer data
In order to fulfill our contractual services, we need to process the data of our customers. In doing so, we process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., charts of accounts), contract data (e.g., subject matter of the contract, term), payment data (e.g., bank details, payment history). This primarily concerns customers, employees as well as suppliers. The purpose of the processing is the provision of contractual services, billing and our customer service. The legal basis for the processing results from Art. 6 para. 1 lit. b DSGVO. We process data that is required for the justification and fulfillment of the contractual services. We process the data only for the contractual purpose and act in accordance with the legal requirements of an order processing pursuant to Art. 28 DSGVO. We delete the data after the expiry of statutory warranty and comparable obligations. In the case of legal archiving obligations, the deletion takes place after their expiry (6 years, according to § 257 para. 1 HGB, 10 years, according to § 147 para. 1 AO). In the case of data disclosed to us by the client as part of an order, we delete the data in accordance with the specifications of the order. Personal data is only collected, processed and used if it is necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b DSGVO, which allows us to process data for the fulfillment of a contract or pre-contractual measures.


8. Processing of personal data by third parties, also abroad
We may have personal data processed by commissioned third parties or process it jointly with third parties as well as with the help of third parties or transmit it to third parties. Such third parties are in particular providers whose services we use. We also ensure appropriate data protection for such third parties.
Such third parties are generally located in Switzerland and in the European Economic Area (EEA). However, such third parties may also be located in other states and territories on earth as well as elsewhere in the universe, provided that their data protection law ensures adequate data protection in the opinion of the Swiss Federal Data Protection and Information Commissioner (FDPIC) and - if and to the extent that the General Data Protection Regulation (GDPR) is applicable - in the opinion of the European Commission, or if adequate data protection is ensured for other reasons, such as through a corresponding contractual agreement, in particular on the basis of standard contractual clauses, or through a corresponding certification. Exceptionally, such a third party may be located in a country without adequate data protection, provided that the data protection requirements for this, such as the express consent of the data subject, are met. As described in point 2.2, we never share your personal data without a justification according to Art. 6 DSGVO. Data may be forwarded to the following third parties or their companies:


9. Data security
The Internet is publicly accessible. Voluntary disclosure of personal information via the Internet is at your own risk. Data transmitted to us is treated confidentially and protected with the help of technical and organizational measures. Access to our online offer is made by means of transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers mark transport encryption with a padlock in the address bar.

10. Duration of data processing
Data is processed/stored only as long as necessary to fulfill the purpose of processing.

11. Rights of data subjects
Data subjects whose personal data we process have the rights under Swiss data protection law. These include the right to information as well as the right to correction, deletion or blocking of the processed personal data.
Data subjects whose personal data we process may - if and to the extent that the General Data Protection Regulation (GDPR) is applicable - request confirmation free of charge as to whether we are processing their personal data and, if so, request information about the processing of their personal data, have the processing of their personal data restricted, exercise their right to data portability, and have their personal data corrected, deleted ("right to be forgotten"), blocked or completed.
Data subjects whose personal data we process may - if and insofar as the GDPR applies - revoke any consent they have given at any time with future effect and object to the processing of their personal data at any time.
Data subjects whose personal data we process have a right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

12. Data Protection Officer
Yokoy Group AG
Thomas Inhelder
Technoparkstrasse 1
8005 Zurich
Email: DPO@yokoy.ai  

We have the following data protection representation pursuant to Art. 27 GDPR in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway as an additional point of contact for supervisory authorities and data subjects for inquiries related to the General Data Protection Regulation (GDPR):

Yokoy GmbH
Thomas Inhelder
Mühldorfstrasse 8
81671 Munich
Email: DPO@yokoy.ai  

13. Final provisions
We can adapt and supplement this data protection declaration at any time. We will inform about such adaptations and additions in an appropriate form, in particular by publishing the respective current data protection declaration on our website.

Effective as of 05.06.2021