Privacy Policy
The protection of your privacy and the confidentiality of your personal data are of particular concern to us. We therefore explain to you below which of your data we process, for which purpose and what rights you have in this context.We comply with the applicable data protection laws, in particular the Swiss Data Protection Act (FADP; revised as of September 1, 2023) and the associated Data Protection Ordinance (FODP). Where applicable, we also comply with the requirements of the European General Data Protection Regulation (GDPR).With regard to our software-as-a-service operated software solution “ContentPaul”, we are generally data protection subcontractors of our customers. Therefore, the corresponding data protection declaration of the respective customer applies to those data subjects. The storage location of our software-as-a-service operated software solution is in Germany.1. Data controller and contact
The data controller responsible for the processing of the personal data according to this privacy policy is:- ContentPaul AG, Giesshübelstrasse 106, 8045 Zurich
- Patrick Meier, contact e-mail: dataprotection@contentpaul.io.
- VGS Datenschutzpartner GmbH, Am Kaiserkai 69, 20457 Hamburg, Germany, contact by email: info@datenschutzpartner.eu.
- Patrick Meier, ContentPaul AG, Giesshübelstrasse 106, 8045 Zurich, contact by email: dataprotection@contentpaul.io.
2. Categories of personal data, nature and purpose of processing
We primarily process personal data that we receive from our customers and other business partners and other people involved in the context of our business relationship with them, and we process the data in order to carry out our business activities.We process the following categories of personal data:
- From customers: name, first name, e-mail address, company address, social media profile information, occupation, function, department, age, gender, usual business contact details, as well as payment and billing information
- In collaboration with business partners: name, first name, e-mail address, company address, occupation, function, department, gender, usual business contact details, as well as payment and billing information
- As part of sending the newsletter: email address, surname, first name (if the corresponding consent has been given)
- As part of operating our website: IP addresses, user behavior with necessary cookies
- When analyzing and marketing via our website: IP addresses, user behavior with advanced cookies (if the corresponding consent has been given) We process personal data as follows: storage and use for processing customer and business relationships. The purpose of the processing is:
- For customer data: the processing of our services for customers, customer care
- For other business partners: the processing of the business relationship
- For sending newsletters: to send the newsletter
- For operating the website: presentation of our website
- For analysis and marketing of the website: Ensuring a comprehensive and appropriate customer offering
- For customer data and business partner data: Art. 6 para. 1 lit. b GDPR
- For sending newsletters and for website analysis and marketing: Art. 6 para. 1 lit. a GDPR
- When operating the website: Art. 6 para. 1 lit. f GDPR, whereby the legitimate interest is to ensure the website's functionality.
Personal data is stored until the statutory retention periods have expired (generally 10 years for accounting and other records) and then deleted. Without a statutory retention requirement, personal data is deleted as soon as we no longer need it to achieve the purpose.
3. Transfer of personal data
Your personal data will only be transferred to external recipients for the purposes stated above. In particular, your data will be transferred to the following categories of recipients:Customer data:
- Transfer of your data to our trust service provider, IT service provider and other external service providers who support us in the processing of our business activities.
- Transmission of your payment data to our payment service provider.
Data of business partners:
- Transmission of your data to our trust service provider, IT service provider and other external service providers who support us in the processing of our business activities. Data concerning newsletters and websites:
- Transfer of your data to IT service providers and other external service providers who support us in the processing of our business activities.
Your personal data will generally be processed and transmitted in Switzerland, the European Union or a country with an adequate level of data protection in accordance with Art. 16 para. 1 FADP and Art. 45 GDPR.
If a transfer to another third country takes place, we ensure that a guarantee is in place in accordance with Art. 16 para. 2 FADP or Art. 46 ff. GDPR. If the GDPR is applicable, we will provide a copy of the guarantee on request.
In this context, we would like to point out that we use the customary services of Microsoft Inc., USA, smartAccount GmbH, Switzerland (trust software), Inuit Inc., USA (Mailchimp), DocuSign International (EMEA) Ltd, Ireland and other software solution providers to carry out our business activities. These providers sometimes store the data in global data centers. In certain cases, processing from third countries that do not offer an adequate level of data protection cannot be ruled out. In this case, we ensure that the measure is in line with the applicable data protection law in accordance with Art. 16 Para. 2 FADP and Art. 46 ff. GDPR.
4. Processing in the context of our website
We typically use cookies and similar techniques on our website that can be used to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored by the web browser you are using on your computer or mobile device when you visit our website. If you visit this website again, we can recognize you even if we do not know who you are. In addition to cookies that are only used during a session and deleted after your visit to the website (session cookies), cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) (permanent cookies). You can set your browser to reject cookies, to only store them for one session or to delete them prematurely. Most browsers are set to accept cookies by default. If you block cookies, certain functionalities of the website(s) may no longer work.In our newsletters and other marketing e-mails, we sometimes also include visible and invisible image elements, to the extent permitted, which allow us to determine whether and when you have opened the e-mail, so that we can measure and better understand how you use our offers and how we can tailor them to you. You can block this in your email program; most are set up to do this by default. By using our websites and consenting to receive newsletters and other marketing emails, you consent to the use of these technologies. If you do not want this, you must set your browser or email program accordingly, provided that this cannot be customized via the settings.
We sometimes use Google Analytics on our websites. This is a service provided by Google Ireland (based in Ireland), which relies on Google LLC (based in the United States) as a processor (both “Google”), www.google.com, which we use to measure and evaluate the use of the website (not personal). Permanent cookies are used for this purpose, which are set by the service provider. We have configured the service so that the IP addresses of visitors to Google in Europe are shortened before being forwarded to the USA and thus cannot be traced back. We have switched off the “Data sharing” and “Signals” settings. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google may use this data to draw conclusions about the identity of visitors for its own purposes, create personal profiles and link this data to the Google accounts of these individuals. If you have registered with the service provider yourself, the service provider also knows you. In this case, the service provider is responsible for processing your personal data in accordance with its data protection provisions. The service provider only informs us how our respective website is used (no information about you personally).
We use so-called plug-ins from social networks such as Facebook, X, Youtube, Pinterest or Instagram on our websites. This is visible to you in each case (typically via corresponding icons). We have configured these elements so that they are disabled by default. If you enable them (by clicking on them), the operators of the respective social networks can register that you are on our website and where and can use this information for their own purposes. The processing of your personal data is then the responsibility of that operator in accordance with their data protection provisions. We do not receive any information about you from them.
5. Rights of the data subjects
Data subjects have the rights applicable to them under the applicable data protection law (in particular the right of access, the right to rectification, the right to erasure, the right to restriction of processing, the right to object, the right to data portability, the right to lodge a complaint with a supervisory authority). To exercise your rights, you can contact the person(s) named at the beginning of this privacy policy at any time.6. Changes to the privacy policy
We may amend this privacy policy at any time without notice. The current version published on our website applies. Insofar as the privacy policy is part of an agreement with you, we will notify you of any update by email or other appropriate means.Version 1.0 / Date 24.12.2024