ContentPaul Privacy Policy
Table of content
- What is this Privacy Policy about?
- Who is responsible for processing your data?
- What data do we process?
- For what purposes do we process your data?
- On what basis do we process your data?
- What applies to profiling and automated individual decision-making?
- To whom do we disclose your data?
- Do your personal data also go abroad?
- How long do we process your data?
- How do we protect your data?
- What rights do you have?
- Do we use online tracking and online advertising techniques?
- What data do we process on our social media pages?
- Can this Privacy Policy be changed?
1. What is this Privacy Policy about?
ContentPaul AG (hereinafter also referred to as "we", "us") collects and processes personal data concerning you or other persons (referred to as "third parties"). We use the term "data" here synonymously with "personal data". "Personal data" refers to data related to a specific or identifiable person, i.e., conclusions about their identity can be drawn from the data itself or with relevant additional information. "Particularly sensitive personal data" is a category of personal data that is especially protected under applicable data protection law. For example, data revealing racial and ethnic origin, health data, information on religious or philosophical beliefs, biometric data for identification purposes, and information on trade union membership are considered particularly sensitive personal data. In section 3, you will find information on the data we process in the context of this Privacy Policy. "Processing" refers to any handling of personal data, e.g., collecting, storing, using, adapting, disclosing, and deleting. :br:br In this Privacy Policy, we describe what we do with your data when you use www.contentpaul.io or app.contentpaul.io (hereinafter collectively referred to as "website"), obtain our services or products, are otherwise in contact with us within the framework of a contract, communicate with us, or have dealings with us in any other way. Where applicable, we will inform you through timely written notification about additional processing activities not mentioned in this Privacy Policy. Additionally, we may inform you separately about the processing of your data, e.g., in consent declarations, contract conditions, additional privacy statements, forms, and notices. If you transmit or disclose data about other persons, such as colleagues, customers, etc., to us, we assume that you are authorized to do so and that these data are accurate. By transmitting data about third parties, you confirm this. Please also ensure that these third parties have been informed about this Privacy Policy. :br:br This Privacy Policy is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Federal Act on Data Protection ("FADP"), and the revised Swiss Federal Act on Data Protection ("revFADP"). Whether and to what extent these laws are applicable, however, depends on the individual case.2. Who is responsible for processing your data?
For the data processing described in this Privacy Policy by ContentPaul AG, the legally responsible entity is ContentPaul AG, Zurich (the "ContentPaul AG"), unless otherwise communicated in individual cases, e.g., in additional privacy statements, on forms, or in contracts.Even for the data processing described in this Privacy Policy, other entities may share responsibility if they co-decide on the purpose or means of processing. This can include all group companies. If you wish to obtain information about the individual controllers for a specific data processing, you can request such information from us within the scope of your right to information (section 11). ContentPaul AG remains your primary contact, even if there are other co-responsible entities.:br:br_In sections 3, 7, and 12, you will find additional information about third parties with whom we cooperate and who are responsible for their own processing activities. If you have questions or wish to exercise your rights against these third parties, please contact them directly.._:br:br You can reach us for your data protection concerns and the exercise of your rights according to section 11 as follows::br:br ContentPaul AG:br Giesshübelstrasse 106:br CH-8045 Zürich:brdataprotection@contentpaul.ioFor each data processing, there are one or more entities responsible for ensuring that the processing complies with data protection laws. This entity is called the controller. It is, for example, responsible for responding to requests for information (section 11) or ensuring that personal data is secured and not used improperly.
3. What data do we process?
We process various categories of data about you. The main categories are as follows:- Technical Data: When you use our website or other electronic offers, we collect the IP address of your device and other technical data to ensure the functionality and security of these offers. This data also includes logs that record the use of our systems. We usually store technical data for 12 months, in a few cases longer. To ensure the functionality of these offers, we may also assign an individual code to you or your device (e.g., in the form of a cookie, see section 12). The technical data itself generally does not allow conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls, or contract processing, they can be linked with other data categories (and thus possibly with your person). Technical data includes, among other things, the IP address and information about the operating system of your device, the date, region, and time of use, as well as the type of browser with which you access our electronic offers. This can help us to transmit the correct formatting of the website or to show you, for example, a website adapted to your region. Based on the IP address, we know which provider you use to access our offers (and thus the region), but we usually cannot deduce who you are from this. This changes, for example, if you create a user account, because personal data can then be linked with technical data (we see, for example, which browser you use to create an account via our website). Examples of technical data also include logs ("Logs") that are generated in our systems (e.g., the log of user logins on our website).
- Registration Data: Certain offers and services (e.g., login areas of our website, newsletter distribution, etc.) can only be used with a user account or registration, which can be done directly with us or through our external login service providers. In this process, you must provide us with certain data, and we collect data about the use of the offer or service. When you redeem a voucher from ContentPaul AG with us, we may require certain data from you upon redemption. We usually store registration data for 12 months after the end of the use of the service or the dissolution of the user account. Registration data includes, among other things, the information you provide when creating an account on our website (e.g., username, password, name, email). Registration data also includes data that we may require from you before you can take advantage of certain free services, such as our Wi-Fi service, in which case: name, email, and phone number; or the redemption of vouchers, in which case: name, address, contact details, time of redemption. You must also register if you want to subscribe to our newsletter. As part of access controls, we may need to register you with your data (access codes in badges, biometric data for identification) (see the category "other data").
- Communication Data: When you contact us via the contact form, email, phone, chat, letter, or other communication means, we capture the data exchanged between you and us, including your contact details and the peripheral data of the communication. If we record or listen to telephone conversations or video conferences, for example, for training and quality assurance purposes, we will specifically inform you about it. Such recordings may only be made and used according to our internal guidelines. You will be informed about whether and when such recordings take place, for example, through a notification during the respective video conference. If you do not wish for a recording, please inform us or terminate your participation. If you wish only your image not to be recorded, please turn off your camera. If we want or need to ascertain your identity, e.g., in response to a request for information from you, an application for media access, etc., we collect data to identify you (e.g., a copy of an identification document). We usually store these data for 12 months from the last exchange with you. This period may be longer if necessary for evidence reasons or to comply with legal or contractual requirements or due to technical reasons. Emails in personal mailboxes and written correspondences are usually stored for at least 10 years. Recordings of (video) conferences are usually stored for 24 months. Chats are usually stored for 2 years. Communication data includes your name and contact details, the manner, location, and time of communication, and usually also its content (i.e., the content of emails, letters, chats, etc.). These data may also contain information about third parties. For identification purposes, we may also process your identification number or a password set by you or your press ID. For secure identification in media inquiries, the following mandatory information is required: publisher, name of the publication, salutation, first name, last name, postal address, email address, and phone number of the reporting person.
- Master Data: We refer to basic data that we need, in addition to contract data (see below), for processing our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details, and information about your role and function, your bank details, your date of birth, customer history, powers of attorney, signature authorizations, and consent declarations, as master data. We process your master data if you are a customer or other business contact or work for such a person (e.g., as a contact person of a business partner), or because we want to address you for our own purposes or those of a contracting partner (e.g., as part of marketing and advertising, with invitations to events, with vouchers, with newsletters, etc.). We receive master data from you directly (e.g., during a purchase or as part of a registration), from entities for whom you work, or from third parties such as our contracting partners, associations, and address dealers, and from publicly accessible sources such as public registers or the internet (websites, social media, etc.). In the context of master data, we may also process health data and information about third parties. We can also collect this data from our shareholders and investors. We usually store these data for 10 years from the last exchange with you, but at least until the end of the contract. This period may be longer if necessary for evidence reasons or to comply with legal or contractual requirements or due to technical reasons. For purely marketing and advertising contacts, the period is normally much shorter, usually no more than 2 years since the last contact. Master data includes, for example, data such as name, address, email address, phone number, and other contact details, gender, date of birth, nationality, information about connected persons, websites, profiles in social media, photos and videos, copies of IDs; furthermore, information about your relationship with us (customer, supplier, visitor, recipient of services, etc.), information about your status with us, allocations, classifications and distribution lists, information about our interactions with you (possibly a history of these with corresponding entries), reports (e.g., from the media) or official documents (e.g., commercial register excerpts, permits, etc.) concerning you. As payment information, we collect, for example, your bank details, account number, and credit card data. Consent or blocking notices also belong to the master data, as well as information about third parties, e.g., contact persons, recipients of services, advertising recipients, or representatives. For contact persons and representatives of our customers, suppliers, and partners, we process as master data, for example, name and address, information about role, function in the company, qualifications, and possibly information about superiors, employees, and subordinates, and information about interactions with these persons. Master data is not collected comprehensively for all contacts. Which data we collect in detail depends especially on the purpose of the processing.
- Contract Data: These are data related to the conclusion of a contract or contract processing, such as details about contracts and the services to be provided or provided, as well as data from the pre-contractual stage, the necessary or used details for processing, and information about reactions (e.g., complaints or satisfaction, etc.). Health data are also included. We usually collect these data from you, from contractual partners, and from third parties involved in the contract processing, but also from third-party sources (e.g., credit rating agencies) and publicly accessible sources. We typically store these data for 10 years from the last contract activity, but at least until the end of the contract. This period may be extended as necessary for evidentiary reasons or to comply with legal or contractual requirements or due to technical reasons.:br:br Contract data includes information about the conclusion of contracts, your contracts, e.g., type and date of conclusion, details from the application process (such as an application for our products or services) and information about the relevant contract (e.g., its duration) and the processing and management of contracts (e.g., information related to billing, customer service, technical support, and enforcement of contractual claims). Contract data also includes information about defects, complaints, and adjustments to a contract, as well as information on customer satisfaction, which we may collect through surveys, for example. Furthermore, financial data such as information on creditworthiness (i.e., information that allows conclusions about the likelihood that claims will be settled), reminders, and debt collection are part of the contract data. We partially receive these data from you (e.g., when you make payments), but also from credit reporting agencies, collection agencies, and publicly accessible sources (e.g., a commercial register).
- Behavioral and Preference Data: Depending on our relationship with you, we try to get to know you and better tailor our products, services, and offers to you. To do this, we collect and use data about your behavior and preferences. We do this by evaluating information about your behavior in our area, and we may also supplement this information with data from third parties, including publicly accessible sources. Based on this, we can, for example, calculate the likelihood that you will use certain services or behave in a certain way. The data processed for this purpose are partly already known to us (e.g., if you use our services), or we obtain these data by recording your behavior (e.g., how you navigate on our website). We anonymize or delete these data when they are no longer meaningful for the pursued purposes, which can vary from 2-3 weeks to 24 months (in the case of product and service preferences), depending on the type of data. This period may be extended as necessary for evidentiary reasons or to comply with legal or contractual requirements or due to technical reasons. How tracking on our website works is described in section 12. :br:br Behavioral data include information about specific actions, e.g., your reaction to electronic communications (e.g., whether and when you have opened an email) or your location, as well as your interaction with our social media profiles and your participation in competitions, contests, and similar events. Your location data, for example, can be collected wirelessly through unique codes transmitted by your mobile phone or when you use our website. We will inform you about the collection of anonymous movement profiles at the relevant locations through appropriate signs; a personalized movement profile will only be created with your consent. :br:br Preference data provide insights into your needs, which products or services may interest you, or when and how you are likely to respond to messages from us. We obtain this information from the analysis of existing data, such as behavioral data, so we can get to know you better, tailor our advice and offers more precisely to you, and generally improve our offers. To enhance the quality of our analyses, we may link these data with further data obtained from third parties, such as address dealers, authorities, and publicly accessible sources like the internet, e.g., information about your household size, income class, purchasing power, shopping behavior, and contact details of relatives, and anonymous data from statistical offices.
4. For what purposes do we process your data?
We process your data for the purposes explained below. Further information for the online area can be found in sections 12 and 13. These purposes or the underlying goals represent legitimate interests of ours and possibly third parties. You will find more details about the legal bases of our processing in section 5. :br:br We process your data for purposes related to communication with you, in particular to respond to inquiries and to assert your rights (section 11) and to contact you in case of follow-up questions. For this, we primarily use communication data and master data and, in connection with the offers and services you use, also registration data. We retain these data to document our communication with you, for training purposes, quality assurance, and inquiries. :br:br_This involves all purposes in which you and we communicate, whether in customer service or advice, in authentication in case of using the website, or for training and quality assurance (e.g., in the area of customer service). We further process communication data so that we can communicate with you via email and phone, as well as messenger services, chat, social media, mail, and fax. Communication with you mostly occurs in connection with other processing purposes, e.g., to provide services or answer an inquiry request. Our data processing also serves to prove the communication and its contents.:br:br We process data for the initiation, management, and processing of contractual relationships. :br:br_We conclude contracts of various kinds with our business and private customers, suppliers, subcontractors, or other contractual partners, such as partners in projects or with parties in legal disputes. In doing so, we primarily process master data, contract data, and communication data and, depending on the circumstances, also registration data of the customer or the persons to whom the customer mediates a service. This includes, for example, the recipients of our products or services who receive vouchers and invitations from our customers and can become our customers themselves when redeeming them. In this case, we process data for the execution of the contract with these recipients, but also with the contractual partners who invited them. In the context of business initiation, personal data – especially master data, contract data, and communication data – are collected from potential customers or other contractual partners (e.g., in an order form or contract) or arise from communication. Also, in connection with the conclusion of the contract, we process data for credit checks and for opening the customer relationship. Some of these details are checked to comply with legal requirements. In the context of managing contractual relationships, we process data for managing the customer relationship, for providing and demanding contractual services (which also includes the involvement of third parties, such as logistics companies, security services, advertising service providers, banks, insurance companies, or credit reporting agencies, which can then provide us with data), for advice, and for customer care. The enforcement of legal claims from contracts (collection, legal proceedings, etc.), as well as accounting, termination of contracts, and public communication, is also part of the process.:br:br We process data for marketing purposes and relationship management, e.g., to send our customers and other contractual partners personalized advertising for products and services from us and from third parties (e.g., from advertising partners). This can occur, for example, in the form of newsletters and other regular contacts (electronically, by mail, by phone), through other channels for which we have your contact information, but also as part of individual marketing actions (e.g., events, competitions, etc.) and may also include free services (e.g., invitations, vouchers, etc.). You can reject such contacts at any time (see at the end of this section 4) or refuse or revoke consent for contact for advertising purposes. With your consent, we can target our online advertising on the internet more precisely to you (see section 12). Finally, we also want to enable our contractual partners to address our customers and other contractual partners for advertising purposes (see section 7). :br:br_For example, with your consent, we transmit to you information, advertising, and product offers from us and from third parties within and outside the group (e.g., advertising partners), as printed material, electronically, or by phone. For this, we mainly process communication and registration data. Like most companies, we personalize messages so that we can transmit individual information and offers to you that meet your needs and interests. For this purpose, we link data that we process about you and determine preference data, using these data as a basis for personalization (see section 3). We also process data in connection with competitions, prize draws, and similar events. Relationship management also includes the – possibly personalized based on behavioral and preference data – approach to existing customers and their contacts. In the context of relationship management, we may also operate a Customer Relationship Management system ("CRM"), in which we store the necessary data for maintaining the relationship with customers, suppliers, and other business partners, e.g., about contact persons, relationship history (e.g., about products and services obtained or delivered, interactions, etc.), interests, desires, marketing measures (newsletters, invitations to events, etc.), and further details. All these processes are important not only for effectively advertising our offers but also for making our relationships with customers and other third parties more personal and positive, focusing on the most important relationships, and using our resources as efficiently as possible.:br:br We further process your data for market research, to improve our services and our operations, and for product development. :br:br_We strive to continuously improve our products and services (including our website) and to quickly respond to changing needs. Therefore, for example, we analyze how you navigate through our website or how certain products are used by which groups of people in what way and how new products and services can be designed (for more details, see section 12). This provides us with insights into the market acceptance of existing and the market potential of new products and services. For this purpose, we primarily process master, behavioral, and preference data, but also communication data and information from customer surveys, surveys, and studies, and further information, e.g., from the media, social media, the internet, and other public sources. Where possible, we use pseudonymized or anonymized information for these purposes. We may also use media monitoring services or conduct media monitoring ourselves and process personal data to carry out media work or to understand and respond to current developments and trends. We use anonymized location data, for example, to give recommendations to our contractual partners for avoiding peak times. With your consent, we use non-anonymized location data to alert you to interesting offers and products nearby based on your position, to infer your interests from the duration of stay data, and to inform you which products and services other contractual partners with similar interests have used.:br:br We can also process your data for security purposes and access control. :br:br_We continuously review and improve the appropriate security of our IT and other infrastructure (e.g., buildings). Like all companies, we cannot completely rule out data security breaches, but we do our part to reduce the risks. Therefore, we process data, for example, for monitoring, controls, analyses, and tests of our networks and IT infrastructures, for system and error checks, for documentation purposes, and as part of security backups. Access controls include the control of access to electronic systems (e.g., logging into user accounts) as well as physical access control (e.g., building access). For security purposes (preventative and for the investigation of incidents), we also keep entry logs or visitor lists and use monitoring systems (e.g., security cameras). We indicate the use of monitoring systems at the relevant locations with appropriate signs.:br:br We process personal data to comply with laws, directives, and recommendations from authorities, and internal regulations ("Compliance"). :br:br_This includes, for example, the implementation of health and safety concepts or the legally regulated fight against money laundering and terrorism financing. In certain cases, we may be obliged to conduct certain investigations about customers ("Know Your Customer") or to report to authorities. Also, the fulfillment of disclosure, information, or reporting obligations, for example, in connection with supervisory and tax obligations, presupposes or involves data processing, e.g., the fulfillment of archiving obligations and the prevention, detection, and investigation of crimes and other violations. This includes receiving and processing complaints and other reports, monitoring communication, internal investigations, or disclosing documents to an authority when we have sufficient reason or are legally obliged to do so. Even in external investigations, e.g., by a law enforcement or supervisory authority or a commissioned private entity, personal data about you may be processed. Furthermore, we process data for the care of our shareholders and other investors and fulfill our related duties. For all these purposes, we particularly process your master data, your contract data, and communication data, but also behavioral data and data from the category of other data. The legal obligations may involve Swiss law, but also foreign provisions to which we are subject, as well as self-regulations, industry standards, the own "Corporate Governance," and instructions and requests from authorities.:br:br We also process data for purposes of our risk management and as part of prudent corporate governance, including operational organization and business development. :br:br_For these purposes, we particularly process master data, contract data, registration data, and technical data, but also behavioral and communication data. For example, as part of our financial administration, we must monitor our debtors and creditors, and we must prevent becoming victims of crimes and abuses, which may require analyzing data for corresponding patterns. For these purposes and for your and our protection against criminal or abusive activities, we may also perform profiling and create and process profiles (see also section 6). As part of planning our resources and organizing our operations, we must evaluate and process data on the use of our services and other offers or share information about it with others (e.g., outsourcing partners), which may include your data. The same applies to services provided to us by third parties. As part of business development, we may sell businesses, divisions, or companies to others or acquire such from others or enter into partnerships, which can also lead to the exchange and processing of data (also about you, e.g., as a customer or supplier or as a representative of a supplier).:br:br We can process your data for additional purposes, e.g., as part of our internal processes and administration or for training and quality assurance purposes. :br:br_These additional purposes include, for example, training and education purposes, administrative purposes (such as the management of master data, accounting, data archiving, and the auditing, management, and continuous improvement of IT infrastructure), the protection of our rights (e.g., to enforce claims in court, pre-litigation, or out-of-court, and before authorities domestically and abroad, or to defend against claims, for example, through evidence collection, legal assessments, and participation in judicial or administrative proceedings), and the evaluation and improvement of internal processes. We may use recordings of (video) conferences for training and quality assurance purposes. Also, the protection of further legitimate interests belongs to the additional purposes, which cannot be exhaustively listed.5. On what basis do we process your data?
Insofar as we ask for your consent for certain processing activities (e.g., for the processing of particularly sensitive personal data, for marketing mailings, for creating personalized movement profiles, and for advertising control and behavior analysis on the website), we will inform you separately about the specific purposes of the processing. You can revoke your consent at any time by written communication (postal) or, unless otherwise indicated or agreed, by email to us, effective for the future; our contact details can be found in section 2. For revoking your consent for online tracking, see section 12. Where you have a user account, a revocation or contact with us can also be made via the respective website or other service. As soon as we receive the notification of the revocation of your consent, we will no longer process your data for the purposes to which you originally agreed, unless we have another legal basis for doing so. The revocation of your consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. :br:br Where we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or execution of a contract with you (or the entity you represent), or that we or third parties have a legitimate interest in it, especially to pursue the purposes and associated goals described in section 4 above and to be able to implement corresponding measures. Our legitimate interests also include compliance with legal regulations, to the extent that these are not already recognized as a legal basis by the applicable data protection law (e.g., under the GDPR, the law in the EEA, and Switzerland). This also includes the marketing of our products and services, the interest in understanding our markets better, and running and developing our company, including the operational business, safely and efficiently.:br If we receive sensitive data (e.g., biometric data for identification), we may also process your data based on other legal grounds, e.g., in case of disputes due to the necessity of processing for a possible legal process or the enforcement or defense of legal claims. In individual cases, other legal grounds may apply, which we will communicate to you as necessary separately.6. What applies to profiling and automated individual decision-making?
For the purposes mentioned in section 4, we may automatically evaluate certain of your personal characteristics based on your data (section 3) ("Profiling"), whether we want to determine preference data, identify misuse and security risks, perform statistical evaluations, or for operational planning purposes. For the same purposes, we may also create profiles, i.e., we can combine behavioral and preference data, as well as master and contract data and technical data assigned to you, to better understand you as a person with your different interests and other characteristics. :br:br_If you are a customer of ours, for example, we can determine which additional products you are likely interested in through "Profiling" based on your purchases. But we can also check your creditworthiness before offering you a purchase on account. An automated evaluation of data can also check, for your protection, the likelihood of a particular transaction being fraudulent. This allows us to stop the transaction for clarification. This is distinct from "profiles," which means linking various data to gain insights into significant aspects of your personality from the totality of this data (e.g., what you like or how you behave in certain situations). Profiles can also be used, for example, for marketing or security purposes. We use anonymous movement profiles in a non-personal manner, for example, to give recommendations to our contractual partners for avoiding peak times. For personalized movement profiles, we use personal data, for example, to alert you to interesting offers and products in your vicinity, to infer your interests from position data (duration of stay), and to inform you which products and services other contractual partners with similar interests have used or, for example, where health-related protection concepts dictate contact tracing.:br:br In both cases, we ensure the proportionality and reliability of the results and take measures against the abusive use of these profiles or profiling. If these can have legal effects or significant disadvantages for you, we generally provide for a manual review. In certain situations, it may be necessary for reasons of efficiency and consistency of decision-making processes to automate discretionary decisions affecting you with legal effects or potentially significant disadvantages ("automated individual decisions"). In this case, we will inform you accordingly and provide the measures required by applicable law. :br:br_An example of an automated individual decision is the automatic acceptance of an order by an online store. Pure if-then decisions are not intended (e.g., when the computer allows you access to your user account after checking your password), but discretionary decisions (e.g., the decision to enter into a contract). We will inform you in individual cases when an automated decision leads to negative legal consequences or a similar significant impairment for you. If you disagree with the result of such a decision, you will be able to communicate with a human who will review the decision.7. To whom do we disclose your data?
In connection with our contracts, the website, our services and products, our legal obligations, or otherwise to protect our legitimate interests and the further purposes listed in section 4, we also transmit your personal data to third parties, especially to the following categories of recipients:- Service Providers: We collaborate with service providers both domestically and internationally, who process data about you on our behalf or in joint responsibility with us, or who, in their own responsibility, receive data about you from us (e.g., IT providers, shipping companies, advertising service providers, login service providers, banks, insurance companies, collection agencies, credit reporting agencies, or address verification services). This may also include health data. For service providers involved with the website, see section 12. Central service providers in the IT area for us are Microsoft, Apple, and Google.:br_To efficiently deliver our products and services and to focus on our core competencies, we utilize services from third parties in numerous areas. These services include, for example, IT services, the dispatch of information, marketing, sales, communication, or printing services, building management, security and cleaning, organization and execution of events and receptions, debt collection, credit reporting agencies, address verifiers (e.g., for updating address databases in case of relocations), fraud prevention measures, and services from consulting firms, lawyers, banks, insurers, and telecommunications companies. We disclose to these service providers the data necessary for their services, which may also concern you. These service providers may also use such data for their purposes, e.g., details about outstanding claims and your payment behavior in the case of credit reporting agencies, or anonymized information to improve services. Moreover, we enter into contracts with these service providers that include provisions for data protection, to the extent such protection does not arise from the law. Our service providers may process data on how their services are used and other data that arises in the context of using their service as independent controllers for their own legitimate interests (e.g., for statistical evaluations or billing). Service providers inform about their independent data processing in their own privacy statements. For more information on how Microsoft processes data, visit here:_ https://privacy.microsoft.com/de-de/privacystatement; specifically for the use of Microsoft Teams, visit here https://docs.microsoft.com/de-de/microsoftteams/teams-privacy
- Contractual Partners Including Customers: Primarily, this refers to customers (e.g., service recipients) and other contractual partners of ours, as this data transmission results from these contracts. For example, they receive registration data about issued and redeemed vouchers, invitations, etc. If you are working for such a contractual partner, we may also transmit data about you to them in this context. This may include health data. Additionally, recipients include contractual partners with whom we cooperate or who advertise for us, to whom we therefore transmit data about you for analysis and marketing purposes (this can again be service recipients, but also sponsors and online advertising providers, for example). We require these partners to send you advertising or to display it based on your data only if you have consented to it (for the online area, see section 12). Our online advertising partners are listed in section 12.
you act as an employee for a company with which we have entered into a contract, the processing of this contract may lead to us informing the company, for example, about how you have used our service. Cooperation and advertising partners receive from us selected master data, contract data, behavioral and preference data so that on one hand, they can conduct non-personal evaluations in their area (e.g., about the number of our customers who have viewed their advertising) and, on the other hand, they can also use data for advertising purposes (including targeted outreach to you). For instance, advertising partners should have the opportunity to communicate with suitable other customers of ours and send them advertising._ - Authorities: We may disclose personal data to offices, courts, and other authorities domestically and internationally if we are legally obliged or authorized to do so, or if it seems necessary to protect our interests. This may include health data. The authorities process data about you, which they receive from us, under their own responsibility.
cases include, for example, criminal investigations, police actions (e.g., health protection concepts, violence prevention, etc.), regulatory requirements and investigations, judicial proceedings, reporting obligations, pre-litigation and out-of-court procedures, as well as legal information and cooperation duties. Data disclosure can also occur when we seek information from public entities, e.g., to establish an interest in obtaining information or because we need to specify whom we require information about (e.g., from a register)._ - Other Individuals: This refers to other cases where the involvement of third parties arises from the purposes according to section 4, e.g., service recipients, media, and associations in which we participate or if you are part of one of our publications.
recipients, for example, include delivery addresses or payment recipients specified by you, other third parties also in the context of representation relationships (e.g., if we send your data to your lawyer or your bank) or individuals involved in authority or court procedures. If we collaborate with media and provide them with materials (e.g., photos), you may also be affected. The same applies to the publication of content (e.g., photos, interviews, quotes, etc.) on our website or in other publications of ours. As part of business development, we may sell or acquire businesses, divisions, assets, or companies, or enter into partnerships, which can also result in the disclosure of data (including yours, e.g., as a customer or supplier or as a representative of a supplier) to individuals involved in these transactions. In the context of communication with our competitors, industry organizations, associations, and other bodies, there may also be an exchange of data concerning you._
8. Do your personal data also go abroad?
As explained in section 7, we also disclose data to other entities. These are not only located in Switzerland. Therefore, your data can be processed both in Europe and in the USA; in exceptional cases, however, in any country worldwide.If a recipient is in a country without adequate legal data protection, we obligate the recipient contractually to comply with the applicable data protection (for this, we use the revised standard contractual clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), provided they are not already subject to a legally recognized framework for ensuring data protection and we cannot rely on an exception. An exception may apply, in particular, in legal proceedings abroad, but also in cases of overriding public interests or when a contract execution requires such disclosure, if you have consented, or if it concerns data you have made publicly accessible and have not objected to their processing.:br:br_Many states outside of Switzerland, the EU, and the EEA currently do not have laws that, from the perspective of the FADP or GDPR, ensure an adequate level of data protection. The aforementioned contractual arrangements can partially compensate for this weaker or absent legal protection. However, contractual arrangements cannot eliminate all risks (notably of state access in foreign countries). You should be aware of these residual risks, even if the risk in individual cases may be low and we take additional measures (e.g., pseudonymization or anonymization) to minimize it._:br:br Please also note that data exchanged over the Internet often passes through third countries. Therefore, your data can also go abroad even if the sender and recipient are in the same country.9. How long do we process your data?
We process your data as long as our processing purposes, the legal retention periods, and our legitimate interests in processing for documentation and evidence purposes require it, or storage is technically necessary. Further information on the respective storage and processing duration can be found for each category of data in section 3 and for the cookie categories in section 12. If there are no legal or contractual obligations to the contrary, we delete or anonymize your data after the storage or processing period has expired as part of our usual procedures. :br:br_Documentation and evidence purposes include our interest in documenting processes, interactions, and other facts in case of legal claims, discrepancies, purposes of IT and infrastructure security, and proof of good corporate governance and compliance. Technically necessary storage may occur when certain data cannot be separated from other data, and we therefore must store it with these (e.g., in the case of backups or document management systems)._10. How do we protect your data?
We implement appropriate security measures to maintain the confidentiality, integrity, and availability of your personal data, to protect them against unauthorized or unlawful processing, and to counter the risks of loss, accidental alteration, unintended disclosure, or unauthorized access.:br:br_Security measures, both technical and organizational, may include, for example, data encryption and pseudonymization, logging, access restrictions, storage of backup copies, instructions to our employees, confidentiality agreements, and controls. We protect the data transmitted via our website during transit with suitable encryption mechanisms. However, we can only secure areas that we control. We also require our processors to take appropriate security measures. However, security risks cannot be completely eliminated; residual risks are unavoidable._11. What rights do you have?
Under certain circumstances, applicable data protection law grants you the right to object to the processing of your data, especially those for the purposes of direct marketing, profiling operated for direct advertising, and other legitimate interests in processing. :br:br To facilitate your control over the processing of your personal data, depending on the applicable data protection law, you also have the following rights in connection with our data processing:- The right to request information from us about whether and which data we process about you;
- The right to request that we correct data if it is inaccurate;
- The right to request the deletion of data;
- The right to request from us the issuance of certain personal data in a common electronic format or their transfer to another controller;
- The right to revoke consent, to the extent our processing is based on your consent;
- The right to request further information necessary for the exercise of these rights;
- The right, in the case of automated individual decisions (section 6), to present your point of view and to request that the decision be reviewed by a natural person.
12. Do we use online tracking and online advertising techniques?
On our website, we employ various techniques that allow us and third parties we work with to recognize you during your use and possibly across multiple visits. In this section, we inform you about these techniques. :br:br Essentially, the goal is to differentiate accesses from you (via your system) from those of other users to ensure the functionality of the website and to perform evaluations and personalizations. We do not intend to deduce your identity, even if we or third parties we work with can identify you by combining with registration data. Even without registration data, the employed techniques are designed so that you are recognized as an individual visitor on each page visit, for example, by our server (or the servers of the third parties) assigning you or your browser a specific identification number (known as a "cookie"). :br:br Cookies are individual codes (e.g., a serial number) that our server or a server of our service providers or advertising partners transmits to your system when connecting to our website, which your system (browser, mobile) receives and stores until the programmed expiration date. On each subsequent access, your system transmits these codes back to our server or the server of the third party. Thus, you are recognized again, even if your identity is unknown. :br:br Other techniques that allow you to be recognized with a more or less significant probability (i.e., distinguished from other users), such as "fingerprinting," may also be used. Fingerprinting combines your IP address, the browser you use, the screen resolution, the language choice, and other data that your system communicates to every server, resulting in a more or less unique fingerprint. This makes it possible to avoid cookies. Whenever you access a server (e.g., using a website or an app or because an image is integrated in an email, visible or invisible), your visits can thus be "tracked" (followed). If we integrate offers from an advertising partner or an analytics tool provider on our website, they can track you in the same way, even if you cannot be identified in individual cases. :br:br We use such techniques on our website and allow certain third parties to do the same. Depending on the purpose of these techniques, we ask for your consent before they are deployed. :br:brYou can access your current settings here :cookie-settings:br:br You can program your browser to block certain cookies or alternative techniques, deceive them, or delete existing cookies. You can also extend your browser with software that blocks tracking by certain third parties. Further information can be found on your browser's help pages (usually under "Privacy") or on the websites of the third parties we list below. The following cookies (techniques with functionalities similar to fingerprinting are included here) are distinguished: :br:br- Necessary Cookies: Some cookies are essential for the functioning of the website itself or certain features. They ensure, for example, that you can navigate between pages without losing information entered into a form. They also ensure that you stay logged in. These cookies exist only temporarily ("session cookies"). If you block them, the website may not work properly. Other cookies are necessary so that the server can store decisions or inputs you have made beyond a session (e.g., chosen language, given consent, the function for automatic login, etc.). These cookies have an expiration date of up to 6 months.
- Performance Cookies: To optimize our website and corresponding offers and to better align them with users' needs, we use cookies to record and analyze the use of our website, possibly beyond the session. This is done using third-party analytics services, which we list below. Before we deploy such cookies, we ask for your consent. You can revoke this consent at any time via the cookie settings here. Performance cookies also have an expiration date of up to 12 months. Details can be found on the third-party providers' websites.
- Marketing Cookies: We and our advertising partners are interested in controlling advertising targeted at specific groups, i.e., showing it primarily to those we want to address. Our advertising partners are listed below. For this purpose, we and our advertising partners – if you consent – also use cookies that can capture the contents accessed or contracts concluded. This allows us and our advertising partners to display advertising that we assume interests you, on our website but also on other websites that display advertising from us or our advertising partners. These cookies have an expiration duration of a few days to 12 months, depending on the situation. If you consent to the use of these cookies, relevant advertising will be shown to you. If you do not consent to these cookies, you will not see less advertising, but simply different advertising.
- Google Analytics: Google Ireland (based in Ireland) is the provider of the "Google Analytics" service and acts as our processor. Google Ireland relies on Google LLC (based in the USA) as its processor (both "Google"). Google tracks the behavior of visitors on our website via performance cookies (see above) (duration, frequency of pages accessed, geographical origin of access, etc.) and creates reports for us based on this data about the use of our website. We have configured the service so that visitors' IP addresses are shortened by Google in Europe before being forwarded to the USA, making them untraceable. We have turned off the "Data Sharing" and "Signals" settings. Although we assume that the information we share with Google is not personal data for Google, it is possible that Google can infer the identity of visitors from this data, create personal profiles, and link these data with the Google accounts of these individuals. If you consent to the use of Google Analytics, you explicitly consent to such processing, which also includes the transmission of personal data (especially usage data for the website and app, device information, and individual IDs) to the USA and other countries.
on Google Analytics' privacy policy can be found here: https://support.google.com/analytics/answer/6004245, and if you have a Google account, further details on processing by Google can be found here: https://policies.google.com/technologies/partner-sites?hl=en. - Google Tag Manager: We use Google Tag Manager by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Tag Manager is a solution that allows marketers to manage website tags through an interface. The Tag Manager tool itself is a cookie-less domain and, according to Google, does not collect any personal data. The tool triggers other tags that may themselves collect personal data. According to Google, Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager. You can always prevent the setting of tags.
information on the collection and use of your data by Google Tag Manager can be found in their privacy policy: https://marketingplatform.google.com. - Facebook-Pixel: We use the so-called "Facebook Pixel" of the social network Facebook (Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). With the help of the Facebook Pixel, Facebook can determine the visitors to our websites as a target audience for the display of ads (so-called "Facebook Ads"). Accordingly, we use the Facebook Pixel to show Facebook Ads placed by us only to those Facebook users who have shown an interest in our websites or who have certain characteristics (e.g., interests in specific topics or products determined based on visited websites) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook Pixel, we also want to ensure that our Facebook Ads match the potential interest of users and are not annoying. With the Facebook Pixel, we can also track the effectiveness of Facebook Ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook Ad (so-called "conversion"). The Facebook Pixel is directly integrated when you visit our websites and can store a so-called cookie on your device. If you subsequently log in to Facebook or visit Facebook in the logged-in state, the visit to our websites is noted in your profile. The data collected about you is anonymous to us, so it does not provide insights into the identity of the users. However, the data is stored and processed by Facebook, so a connection to the respective user profile is possible. The data can therefore be used by Facebook for its market research and advertising purposes.
information on the collection and use of your data by Facebook can be found in their privacy policy: https://www.facebook.com/privacy/explanation. - Twitter-Pixel: Twitter Pixel: We use the so-called Twitter Pixel (Twitter International Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland) for conversion tracking on our websites. The pixel enables us to statistically capture the use of our websites to then optimize them. During conversion tracking, a cookie is set on your device by Twitter when you visit our website via a click on a Twitter ad. Conversion tracking is used to create statistics and not to identify you personally. We just want to know which Twitter ads or interactions users come to our website through. With this information, for example, we can better control banner advertising and target it on specific websites on the internet. You can make settings for receiving ads in your personal Twitter account: www.twitter.com/settings/personalization.
information can be found at: https://www.business.twitter.com/de/help. For more information on Twitter's collection and use of your data, see their privacy policy: https://twitter.com/de/privacy. - Google Ads und Google Conversion-Tracking: We use Google Ads and Google Conversion Tracking from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our websites. Ads and conversion tracking allow us to statistically capture the use of our websites to then optimize them. During conversion tracking, a cookie is set on your device by Google when you visit our website via a click on a Google ad. Conversion tracking is used to create statistics and not to identify you personally. We just want to know which Google ads or interactions users come to our website through. With this information, for example, we can better control banner advertising and target it on specific websites on the internet. Further information can be found at: https://policies.google.com/privacy.
more information on Google's collection and use of your data, see their privacy policy: https://policies.google.com/privacy. - LinkedIn-Pixel: We use the so-called LinkedIn Pixel for conversion tracking on our websites (LinkedIn Ireland Unlimited Company, Attn: Legal Dept., Privacy Policy and User Agreement, Wilton Plaza, Wilton Place, Dublin 2, Ireland). The pixel enables us to statistically capture the use of our websites to then optimize them. During conversion tracking, a cookie is set on your device by LinkedIn when you visit our website via a click on a LinkedIn ad. Conversion tracking is used to create statistics and not to identify you personally. We just want to know which LinkedIn ads or interactions users come to our website through. With this information, we can, for example, better control banner advertising and target it on specific websites on the internet. Further information can be found at: www.linkedin.com/help/linkedin.
more information on LinkedIn's collection and use of your data, see their privacy policy: https://www.linkedin.com/legal/privacy-policy. - **Microsoft Clarity:**We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising.
more information about how Microsoft collects and uses your data, visit the https://privacy.microsoft.com/privacystatement. - Brevo (formerly SendinBlue): We use Sendinblue as the newsletter software. Your data will be transmitted to Sendinblue GmbH, Köpenickerstr. 126, 10179 Berlin. Sendinblue is a German, certified provider, which was selected according to the requirements of the German Data Protection Regulation and the German Federal Data Protection Act. Sendinblue is prohibited from selling your data and using it for purposes other than sending newsletters.
information can be found here: https://de.sendinblue.com/datenschutz-uebersicht/
13. What data do we process on our social media pages?
We may operate pages and other online presences on social networks and platforms operated by third parties ("Fanpages," "Channels," "Profiles," etc.) and collect the data about you described in section 3 and below. We receive this data from you and the platforms when you interact with our online presence (e.g., when you communicate with us, comment on our content, or visit our presence). At the same time, the platforms evaluate your use of our online presences and link this data with other data known to the platforms about you (e.g., regarding your behavior and preferences). They also process this data for their own purposes, under their own responsibility, especially for marketing and market research purposes (e.g., to personalize advertising) and to manage their platforms (e.g., which content they show you). :br:br_We receive data about you when you interact with our online presences or view our content on the corresponding platforms, visit our online presences, or are active therein (e.g., publish content, leave comments). These platforms also collect from you or about you, among other things, technical data, registration data, communication data, behavioral and preference data (for the terms, see section 3). Regularly, these platforms statistically evaluate how you interact with us, how you use our online presences, our content, or other parts of the platform (what you view, comment, "like," share, etc.) and link this data with further information about you (e.g., information about age and gender and other demographic data). In this way, they also create profiles about you and statistics on the use of our online presences. They use this data and profiles to show you our or other advertising and other content on the platform personalized and to control the behavior of the platform, but also for market and user research and to provide us and other entities with information about you and the use of our online presence. We can partially control the evaluations that these platforms create regarding the use of our online presences._:br:br We process this data for the purposes described in section 4, especially for communication, marketing purposes (including advertising on these platforms, see section 12), and market research. You can find information on the corresponding legal bases in section 5. Content published by you (e.g., comments on an announcement) can be further distributed by us (e.g., in our advertising on the platform or elsewhere). We or the operators of the platforms can also delete or restrict content from or about you according to the usage guidelines (e.g., inappropriate comments). For more information on the operators' data processing, please refer to the privacy notices of the platforms. There you will also learn in which countries they process your data, what rights of access, deletion, and other rights you have and how you can exercise them or obtain further information. Currently, we use the following platforms:- We operate the page https://www.linkedin.com/company/contentpaul on LinkedIn. The controller for the operation of the platform for users from Europe is LinkedIn Ireland Unlimited Company, Dublin, Ireland. The privacy policy is available at https://www.linkedin.com/legal/privacy-policy. Your data may be transferred to the United States. Regarding advertising, you can object at the following link: https://www.linkedin.com/psettings/advertising-data. Regarding data collection and processing when visiting our page for "page insights," we are joint controllers with LinkedIn Ireland Unlimited Company, Dublin, Ireland. As part of the page insights, statistics are created about activities that visitors perform on our page (commenting on posts, sharing content, etc.). This is explained here: https://www.linkedin.com/legal/privacy-policy. It helps us understand how our page is used and how it can be improved. We only receive anonymous, aggregated data. We have agreed to our data protection responsibility according to the information on https://legal.linkedin.com/pages-joint-controller-addendum.