2. Processing of personal data
Personal data is any information that relates to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, collection, deletion, storage, modification, destruction and use of personal data.The European Economic Area (EEA) comprises the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as processing of personal data.
2.2. Legal basis
We process personal data in accordance with Swiss data protection law such as, in particular, the Swiss Federal Act on Data Protection (DSG) and the Ordinance to the Swiss Federal Act on Data Protection (VDSG). We process - if and to the extent that the General Data Protection Regulation (GDPR) is applicable - personal data in accordance with at least one of the following legal bases:
2.3. Nature, scope and purpose
We process those personal data that are necessary to provide our offer permanently, user-friendly, secure and reliable. Such personal data can fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales, contract and payment data.
We process personal data for the period of time required for the respective purpose(s) or as required by law. Personal data whose processing is no longer required will be anonymized or deleted. Persons whose data we process generally have the right to have their data deleted.As a matter of principle, we only process personal data with the consent of the data subject, unless the processing is permitted for other legal reasons, for example, to fulfill a contract with the data subject and for corresponding pre-contractual measures, to protect our overriding legitimate interests, because the processing is evident from the circumstances or after prior information.
In this context, we process in particular information that a data subject voluntarily and self-submits to us when contacting us - for example, by mail, email, contact form, social media or telephone - or when registering for a user account. We may store such information, for example, in an address book, in a customer relationship management system (CRM system) or with comparable tools. If you transmit personal data to us via third parties, you are obligated to ensure data protection with respect to such third parties as well as to ensure the accuracy of such personal data.
We also process personal data that we receive from third parties, obtain from publicly available sources or collect in the course of providing our services, if and to the extent that such processing is permitted for legal reasons.
3. Data collection on our website
Our offer is subject to Swiss data protection law as well as any applicable foreign data protection law, such as in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection. The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which allows us to process data for the fulfillment of a contract or pre-contractual measures.
Our hosting provider provides us with infrastructure and platform services, database services, computing capacity, security services and storage space as well as technical maintenance services, which we use for the purpose of operating our online offers. The basis for data processing is Art. 6 (1) lit. b DSGVO, which allows us to process data for the fulfillment of a contract or pre-contractual measures. Our website is hosted by Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103.
3.2 Content Delivery Network (CDN)
We use the open source services of jsdelivr as a CDN to deliver the website quickly. jsDelivr is a service of ProspectOne, Krolewska 65A/1, 30-081, Krakow, Poland.
3.3. Server log files
When using our website, information is automatically collected and stored that your browser transmits to us. These are:
When using this data, we do not draw any conclusions about you; the data is needed, for example, to deliver the content of our website correctly, to ensure the functionality of our site or to be able to provide the information to law enforcement authorities in the event of a cyber attack. The anonymous data of the server log files are stored separately from your personal data.
The basis for data processing is Art. 6 (1) lit. b DSGVO, which allows us to process data for the fulfillment of a contract or pre-contractual measures.
3.4. Contact requests/contacting us
You can contact us via various channels, e.g. phone, email, contact form, chat, social media, webinar registration. In doing so, we collect your contact details and information about the request. These may be stored in our CRM (Customer Relationship Management) system and will only be stored for internal use. In addition, Yokoy may use your data for analyses and for future customer relations. The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which allows us to process data for the fulfillment of a contract or pre-contractual measures. If data is transmitted via email, the transmission is unencrypted.
3.5. Google Web Fonts
4. Social Media
4.1. Use of social media
We have various presences within social networks in order to be able to communicate with users active there and to inform them about our services there. In doing so, users' data may be processed outside the EU. The US providers certified under the Privacy Shield are obliged to comply with EU data protection standards. User data is usually processed for market research and advertising purposes. For example, usage profiles can be created from usage behavior, which can be used for advertisements. In addition, data may also be stored in the usage profiles (especially if the users are logged in to the platforms). The processing of users' personal data is based on our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6 (1) lit. f DSGVO. If the users are asked by the respective providers of the platforms for consent to the aforementioned data processing, the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO. For a detailed description of the respective processing, we refer to the information of the providers linked below.
5. Marketing and analysis tools
5.1. Google Analytics
5.2. Google Tag Manager
This website uses the Google Tag Manager. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Tag Manager is a solution that allows website tags to be managed via an interface. The Tag Manager tool (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool takes care of forwarding data and triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.
5.3. Google Remarketing
5.4. Google Ads, Conversion Tracking and Google Marketing Platform
5.5. Google reCaptcha
On our website, we use the software HubSpot for various purposes. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
5.8. Facebook Pixel, Facebook Conversion, Facebook Custom and Lookalike Audiences
On our website, we use the Facebook pixel of the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. For residents in the EU, this is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of the Facebook pixel, it is possible for Facebook to determine you as a visitor to our website. This allows specific ads to be displayed to you. We use the Facebook pixel to display Facebook ads placed by us as far as possible only to those who are actually interested in our offer, or who have certain interests or characteristics that we transmit to Facebook. In addition, we can track the effectiveness of the Facebook ads by seeing whether users have completed a conversion after clicking on a Facebook ad (Facebook conversion). Facebook processes the data in accordance with their data usage policy. You can find more information about Facebook Pixel and how it works in Facebook's help section.
The use of the Facebook pixel and the storage of conversion cookies is based on Art. 6 (1) lit. a DSGVO. In addition, the transfer of data takes place on the basis of our legitimate interests in optimization and marketing purposes and the interest-based design of our advertising measures on the basis of Art. 6 para. 1 lit. f DSGVO or your consent pursuant to Art. 6 para. 1 lit. a DSGVO.
5.9. LinkedIn pixel and conversion
The use of the LinkedIn pixel as well as the storage of conversion cookies is based on Art. 6 para. 1 lit. a DSGVO.
We collect, process and transfer your personal data using automated data processing systems. For this purpose, we work with the software join. This is an offer of the company JOIN Solutions AG, Landsgemeindeplatz 6, 9043 Trogen.
The following types of personal data may be covered by the collection, for example:
Legal basis is the possibility to take measures to possibly conclude an employment contract with you. If your application is not successful or you withdraw your application, the data will be deleted within 30 days. If your application is successful, the data will be kept until the purpose is fulfilled, usually for the duration of the contractual relationship, plus a period if required by applicable law.
5.11. Customer Login/Customer Portal
With each customer the data protection regulations are agreed upon and signed at the conclusion of the contract. Therefore, we refer to the respective data protection regulations of the customer. Customer data is processed in accordance with point 7.In addition, our system automatically collects the following log data with each call:
This data is collected for the purpose of providing the portal. Furthermore, this data is processed and stored for the purpose of ensuring the functionality of the portal and security. The legal basis for this is Art. 6 para. 1 lit. b and f DSGVO. The data is only stored as long as it is necessary for the fulfillment of the purpose. However, the collection is mandatory for the provision of the portal, its collection can therefore not be objected to. Data is only passed on to third parties with your express consent (Art. 6 para. 1 lit. a DSGVO), if there is a legal obligation (Art. 6 para. 1 lit. c DSGVO), if there is a legitimate interest (Art. 6 para. 1 lit. f DSGVO) or if it is necessary to fulfill a contract (Art. 6 para. 1 lit. b DSGVO). Collected log data is passed on to the following service providers, who are our order processors:
5.12. Yokoy app
This data is only processed to provide the Yokoy app. This is done on the basis of Art. 6 para. 1 lit. b) and f) DSGVO.
If you subscribe to the newsletter, you give us permission to use your data for newsletter delivery. In addition, you agree to the information described below. The consent can be revoked at any time, you will find an unsubscribe link in every email sent. Alternatively, you can contact us personally at any time. For the newsletter dispatch, we use the software HubSpot (see point 5.6.) and Sendgrid, a service of Twilio Inc. (see point 8).
6.1. Double opt-in
The registration takes place in a double opt-in process. After your registration you will receive an email in which you have to confirm your email address. This prevents abuse with registration of other email addresses. Registrations are logged and stored in our CRM system so that we can legally prove the registration process. This includes the following data: Sign-up and confirmation time, type of newsletter, IP address and your contact details.
Germany: The dispatch of the newsletter and the associated performance measurement is based on the consent of the recipients pursuant to Art. 6 para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 para. 2 No. 3 UWG or on the basis of legal permission pursuant to § 7 para. 3 UWG.
Austria: The newsletter is sent and its success measured on the basis of the recipients' consent pursuant to Art. 6 Para. 1 lit. a, Art. 7 DSGVO in conjunction with Art. 107 Para. 2 TKG or on the basis of statutory permission pursuant to Art. 107 Para. 2 and 3 TKG.
The logging of the registration process is based on our legitimate interests according to Art. 6 para. 1 lit. f DSGVO. Our interest is directed towards the use of a user-friendly and secure newsletter software.
7. Customer data
In order to fulfill our contractual services, we need to process the data of our customers. In doing so, we process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., charts of accounts), contract data (e.g., subject matter of the contract, term), payment data (e.g., bank details, payment history). This primarily concerns customers, employees as well as suppliers. The purpose of the processing is the provision of contractual services, billing and our customer service. The legal basis for the processing results from Art. 6 para. 1 lit. b DSGVO. We process data that is required for the justification and fulfillment of the contractual services. We process the data only for the contractual purpose and act in accordance with the legal requirements of an order processing pursuant to Art. 28 DSGVO. We delete the data after the expiry of statutory warranty and comparable obligations. In the case of legal archiving obligations, the deletion takes place after their expiry (6 years, according to § 257 para. 1 HGB, 10 years, according to § 147 para. 1 AO). In the case of data disclosed to us by the client as part of an order, we delete the data in accordance with the specifications of the order. Personal data is only collected, processed and used if it is necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b DSGVO, which allows us to process data for the fulfillment of a contract or pre-contractual measures.
8. Processing of personal data by third parties, also abroad
We may have personal data processed by commissioned third parties or process it jointly with third parties as well as with the help of third parties or transmit it to third parties. Such third parties are in particular providers whose services we use. We also ensure appropriate data protection for such third parties.
Such third parties are generally located in Switzerland and in the European Economic Area (EEA). However, such third parties may also be located in other states and territories on earth as well as elsewhere in the universe, provided that their data protection law ensures adequate data protection in the opinion of the Swiss Federal Data Protection and Information Commissioner (FDPIC) and - if and to the extent that the General Data Protection Regulation (GDPR) is applicable - in the opinion of the European Commission, or if adequate data protection is ensured for other reasons, such as through a corresponding contractual agreement, in particular on the basis of standard contractual clauses, or through a corresponding certification. Exceptionally, such a third party may be located in a country without adequate data protection, provided that the data protection requirements for this, such as the express consent of the data subject, are met. As described in point 2.2, we never share your personal data without a justification according to Art. 6 DSGVO. Data may be forwarded to the following third parties or their companies:
9. Data security
The Internet is publicly accessible. Voluntary disclosure of personal information via the Internet is at your own risk. Data transmitted to us is treated confidentially and protected with the help of technical and organizational measures. Access to our online offer is made by means of transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers mark transport encryption with a padlock in the address bar.
10. Duration of data processing
Data is processed/stored only as long as necessary to fulfill the purpose of processing.
11. Rights of data subjects
Data subjects whose personal data we process have the rights under Swiss data protection law. These include the right to information as well as the right to correction, deletion or blocking of the processed personal data.
Data subjects whose personal data we process may - if and to the extent that the General Data Protection Regulation (GDPR) is applicable - request confirmation free of charge as to whether we are processing their personal data and, if so, request information about the processing of their personal data, have the processing of their personal data restricted, exercise their right to data portability, and have their personal data corrected, deleted ("right to be forgotten"), blocked or completed.
Data subjects whose personal data we process may - if and insofar as the GDPR applies - revoke any consent they have given at any time with future effect and object to the processing of their personal data at any time.
Data subjects whose personal data we process have a right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
12. Data Protection Officer
Yokoy Group AG
We have the following data protection representation pursuant to Art. 27 GDPR in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway as an additional point of contact for supervisory authorities and data subjects for inquiries related to the General Data Protection Regulation (GDPR):
13. Final provisions
We can adapt and supplement this data protection declaration at any time. We will inform about such adaptations and additions in an appropriate form, in particular by publishing the respective current data protection declaration on our website.
Effective as of 05.06.2021