1 Name and address of the data processor
The operator of the website (hereinafter referred to as the “operator”) and therefore the controller/data processor (hereinafter referred to as the “operator”) in terms of the European General Data Protection Regulation (GDPR) and the Swiss Federal Data Protection Act (DPA) is:
Tel: +41 41 541 59 61
The operator of the website, in this case PEAX AG
User of the website or its services, in this case you.
Information which makes it possible for a person to be identified, i.e. information that can be traced back to a particular person. This includes the person's name, email address or telephone number. But data concerning preferences, hobbies, memberships or which websites a person has visited is also regarded as personal data.
4 General notes on data protection
The operator only processes the personal data of its users to the extent to which this is necessary in order to provide a functional website and the operator’s contents and services. Personal data are exclusively processed on the basis of a legitimate legal basis, usually the user’s consent. An exception applies in cases where obtaining prior consent is effectively not possible and processing is permitted under statutory provisions.
5 Access data / server log files
5.1 Description and scope of data processing
The operator collects data each time its website is accessed ("server log files"). The collected access data includes:
- Name of the web page, file(s) accessed
- Date and time of the access
- Browsertyp und Version
- The user's operating system
- The referrer URL (the page previously visited)
- The user’s IP address and the requesting provider
5.2 Legal basis for the processing
The legal basis for the temporary storage of the data and log files is Art. 6 (1) (f) GDPR and Art. 13 (1) and (2) DPA.
5.3 Purpose of data processing
The operator will only use the log data in order to operate and optimise the website, to ensure its security and to carry out statistical evaluations. However, the operator reserves the right to examine the protocol data at a later date if there are specific indications which give rise to a justified suspicion of unlawful use. The data are stored for this purpose.
5.4 Duration of storage
The data are deleted as soon as they are no longer required to achieve the purpose for which they are collected, provided their continued storage is not justified by the overriding interests or statutory obligations of the controller. This is usually the case after 24 hours. Data may be stored beyond this period for the purpose of website optimisation and statistical evaluation. In this case, users’ IP addresses will be deleted or altered so that they can no longer be allocated to the accessing client.
5.5 Objection and removal options
The collection of data and the storage of data in log files are essential prerequisites for providing and operating the website. Consequently, the user has no right to object.
Any storage for other purposes is conducted in anonymised form, which means that no personal data are processed and accordingly no option to object arises.
6 PEAX portal
6.1 Description and scope of data processing
Within the scope of registering and using the PEAX portal, the operator saves the data provided by the user when registering or changing their profile as well as any data supplemented by the user or captured by automatic text recognition when scanning the user’s mail.
User mail is scanned by the operator’s scanning partner, sydoc AG. This requires certain personal data to be passed on to sydoc AG. The operator only passes on data necessary for ensuring the portal services and ensures by contract that sydoc AG abides by the relevant data protection laws.
6.2 Legal framework for processing data
Upon registering on the PEAX portal, the user enters into an agreement with PEAX AG, which includes this privacy statement, by giving their consent within the scope of registration. The legal framework for processing data is Art. 6(1)(b) GDPR and Art. 13(2)(a) of the Federal Act on Data Protection (DSG).
6.3 Purpose of data processing
The operator processes the user’s personal data on the PEAX portal in order to fulfil the contract. This includes in particular secure data storage and backup for the user. The data can be used to further develop the portal in the interests of optimising the service.
6.4 Duration of storage
The data is deleted as soon as it is no longer required for the purpose for which it was collected (i.e. fulfilling the contract with the user), unless continued storage is justified by the prevailing interests or legal obligations of the controller. This shall be the case either when the user deletes a document containing their personal data in the portal or deactivates their account. In the case of deactivation, the documents and personal profile data will be stored for up to one year. Besides facilitating account reactivation, this also ensures that any mail received following deactivation can be forwarded. If any mail is received during this transitional period, the storage period will be extended by another year. The account and all data contained therein will be permanently deleted at the end of the transitional period.
For data security reasons, it is not possible to delete individual details from the backups. The backups are deleted in their entirety as soon as they are no longer required for data security purposes.
6.5 Right of objection and removal
The user has the right to have the documents they have stored in the portal and the personal data contained therein deleted at any time. The user may change and delete parts of their profile data. Only the data necessary to identify the user – such as first name, surname, date of birth and residential address – can be deleted by deactivating the account.
7.1 Description and scope of data processing
The operator’s website uses the following cookies:
Serves to record the language set by the user
See paragraph 8
Enables communication via a live chat tool
Contains an anonymous user identification to be able to assign several requests of a user to the same HTTP session.
Until the browser closes
|See paragraph 10||Until the browser closes||Yes|
Section 9 specifically provides information on the use of Google Analytics.
7.2 Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR and Art. 13 (1) and (2) DPA.
The legal basis for the processing of personal data using cookies for analysis purposes is, provided the user’s consent has been obtained, Art. 6 (1) (a) GDPR and Art. 13 (1) in conjunction with Art. 4 (5) DPA.
7.3 Purpose of data processing
Technically necessary cookies are used for the purpose of facilitating the use of websites for users. Some website functions cannot be offered without cookies. These require that the browser is recognised even after navigation to different pages.
The user data collected by technically necessary cookies are not used to create user profiles.
Analysis cookies are used to improve the quality and contents of the website. Analysis cookies give the operator information about how the website is used and thus enables it to continuously improve its service.
7.4 Duration of storage, Objection and removal options
8.1 Description and scope of data processing
The operator’s website offers the option to subscribe to a free newsletter. This option can be chosen either by ticking the newsletter check box in the contact form or by completing the newsletter form at the bottom of the website. When either of these forms are sent, the data contained in the entry form will be transmitted to the operator. This includes:
- User’s first and last name
- Email address
In addition, the following data are collected when the newsletter is subscribed to:
- IP address of the requesting user
- Time of newsletter subscription
- Set language on the website
8.2 Success measurement via Campaign Monitor
The operator sends out the newsletters using the success measurement software Campaign Monitor. This software sets a cookie through the newsletter and, via this cookie, collects the following data to measure success rates:
Time the newsletter is opened
Place where the newsletter is opened
Number of clicks per user per newsletter
Number of shared contents per user per newsletter
In order to send the newsletter, the operator discloses the following data to Campaign Monitor Pty Limited:
- The newsletter subscriber’s email address
Campaign Monitor Pty Limited is based in Sydney, Australia, and processes data in data centres in the USA, Australia and Germany. The operator has contractual agreements with Campaign Monitor Pty Limited which ensure that Campaign Monitor Pty Limited complies with the provisions of the applicable data protection legislation.
8.3 Legal basis for data processing
The legal basis for data processing following the user’s subscription to the newsletter is, provided the user’s consent has been obtained, Art. 6 (1) (a) GDPR and Art. 13 (1) in conjunction with Art. 4 (5) DPA.
8.4 Purpose of data processing
The user’s email address is collected in order to send the newsletter. The user’s name is collected in order to personalise the newsletter.
The other data listed in Section 8.1 and 8.2 are collected on the one hand to improve the newsletter and analyse the time and manner in which the newsletter is read, and on the other to prevent the misuse of the service or the email address used.
8.5 Duration of storage
The data are deleted as soon as they are no longer required to achieve the purpose for which they are collected, provided their continued storage is not justified by the overriding interests or statutory obligations of the controller. Subscribers’ email addresses and names are therefore only stored for as long as the newsletter subscription is active. The same applies to the other personal data collected in the course of the subscription process.
The data collected and stored in the context of success measurement are deleted within 14 months following their evaluation.
8.6 Objection and removal options
Users may cancel their subscription at any time. Every newsletter contains a link for this purpose.
This also enables users to revoke their consent to the storage of the personal data collected during the subscription process and success measurement.
9 Google Analytics
9.1 Description and scope of data processing
The following data are collected and stored using Google Analytics:
The user’s IP address and the requesting provider
Name of the web page, file(s) accessed
Browser type and version
The user's operating system
The referrer URL (the page previously visited)
The number of pages accessed
Average duration of website visit
The information about the use of this website by the user generated by the cookie is generally sent to a Google server in the USA and stored there. However, users’ IP addresses are shorted and therefore anonymised by the operator prior to transmission to Google. The transmitted data can therefore not be traced to the user. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. The operator has contractual agreements with Google which ensure that Google complies with the provisions of the applicable data protection legislation. The data that the user’s browser sends in the context of Google Analytics will not be amalgamated with other data from Google.
9.2 Legal basis for data processing
The legal basis for the processing of user data using Google Analytics is, provided the user’s consent has been obtained, Art. 6 (1) (a) GDPR and Art. 13 (1) in conjunction with Art. 4 (5) DPA.
9.3 Purpose of data processing
Google will use this information on behalf of the operator in order to analyse users’ use of the website, compile reports on website activity, and provide further services related to website and internet use to the website operator. This enables the operator to continually improve the website and its user friendliness.
9.4 Duration of storage
The data are deleted as soon as they are no longer required for our recording purposes, provided their continued storage is not justified by the overriding interests or statutory obligations of the controller. For this website, this is the case after 14 months.
9.5 Objection and removal options
As with any other cookies, the Google Analytics cookie is stored on the user’s access device. Users may therefore prevent the storage of the cookie by editing the settings in their browser software accordingly. Furthermore, users can prevent the data generated by the cookie concerning their use of the website (including their IP address) from being recorded and sent to Google and also the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout
10 Google reCAPTCHA
To ensure adequate data security during registration when transmitting the registration form, we use the reCAPTCHA service developed by Google Inc. This is primarily designed to establish whether data is entered by a natural person or is being improperly disseminated automatically by a bot. The service uses various cookies (cf. Section 7.1) and sends the IP address and any other data required by Google for reCAPTCHA to Google. The data protection provisions of Google Inc. apply here. Further information on these data protection provisions can be found at http://www.google.com/intl/en/privacy or https://www.google.com/intl/en/policies/privacy/
11 Contacting the operator
11.1 Description and scope of data processing
When users contact the operator (through the contact form or email, for example), all relevant information provided by the user is saved for the purpose of processing the enquiry and in case of subsequent questions.
This includes, in particular, the following information:
- User’s first and last name
- Email address
- Current location of the user (in support chat)
Alternatively, the operator can be contacted via the email address provided. In this case, the user’s personal data which are submitted with the email are stored.
Ultimately, we can also be contacted via the chat tool on our website. This is administered by Zendesk software. The data from the other contact options is also managed by the operator in Zendesk.
Due to the way Zendesk works, the operator is required to transmit certain data to the provider of the cloud-based software solution, Zendesk Inc. The operator ensures by contract, however, that Zendesk Inc. abides by all data protection obligations of the applicable laws.
When contacting us by contact form or the chat tool, the user is informed beforehand of our data processing policy and this data privacy statement and their consent is obtained.
11.2 Legal basis for data processing
The legal basis for data processing is, provided the user’s consent has been obtained, Art. 6 (1) (a) GDPR and Art. 13 (1) in conjunction with Art. 4 (5) DPA.
The legal basis for the processing of data which are transmitted in the course of sending an email is Art. 6 (1) (f) GDPR and Art. 13 (1) and (2) DPA. If the email contact aims at the conclusion of a contract, an additional legal basis for the processing is Art. 6 (1) (b) GDPR and Art. 13 (2) (a) DPA.
11.3 Purpose of data processing
The processing of the personal data from the entry form exclusively serves the purpose of handling the enquiry. In the case of contact by email, this also constitutes the required legitimate interest in processing the data. Storing the data for a certain period of time enables us to refer back to it if further questions arise at a later date.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our IT systems.
The operator also reserves the right to keep the conversations held with the user, including the personal data contained therein, for verification purposes.
11.4 Duration of storage
The data are deleted as soon as they are no longer required to achieve the purpose for which they are collected, provided their continued storage is not justified by the overriding interests or statutory obligations of the controller. This is the case when the conversation with the user has finished. The conversation is finished when the circumstances make it apparent that the issue at hand has been conclusively resolved.
This shall be the case when it can be assumed or derived from the circumstances that the situation in question has been resolved and that no further queries are to be expected. The data stored for verification purposes is generally deleted after 14 months. In exceptional cases, a legal obligation or prevailing interest may justify a longer period of retention.
11.5 Objection and removal options
Users may revoke their consent to the processing of their personal data at any time. If users contact us by email or contact form, they may object to the storage of their personal data at any time by email. In this case, we will not be able to continue the conversation. Likewise, during the course of a chat, users may at any time revoke their consent.
All personal data which were saved in the course of contacting the operator will in this case be deleted.
12 User rights
If website users are located in a member state of the EU or an EEA state, the GDPR provides for the following user rights:
12.1 Right to information (Art. 15 GDPR)
Users have the right at any time to request that the controller confirm whether any personal data concerning their person is being processed. If this is the case, users have the right to demand that the controller provide information about the personal data stored, and a copy of these data, free of charge.
12.2 Right to correction (Art. 16 GDPR)
Users have the right to correction and/or completion against the controller if the processed personal data concerning their person are incorrect or incomplete. The operator will implement corrections without undue delay.
12.3 Right to restrict processing (Art. 18 GDPR)
In accordance with Art. 18 GDPR, the user has the right to limit the processing of their personal data.
12.4 Right to erasure (Art. 17 GDPR)
In accordance with Art. 17 GDPR, the user has the right to request that their personal data be deleted. Within the limitations of Section 6.4
12.5 Right to data portability (Art. 20 GDPR)
In accordance with Art. 20 GDPR, the user have the right to obtain the personal data concerning their person which they have provided to the controller in a structured, commonly used and machine-readable format. They furthermore have the right to transmit these data to another controller without interference by the controller to whom the personal data were provided.
12.6 Right to object (Art. 21 GDPR)
Users have the right at any time to object to the processing of personal data concerning their person which takes place on the basis of Article 6 (1) (e) or (f) GDPR for reasons resulting from their specific circumstances; this also applies to any profiling based on these provisions.
If a user objects to the processing for the purposes of direct advertising, the controller will cease to process the personal data concerning his/her person for these purposes.
12.7 Right to withdraw the data protection consent (Art. 7 (3) GDPR)
Users have the right to withdraw their data protection consent at any time. Revoking their consent does not affect the legality of the data processing which has taken place on the basis of consent before the time of withdrawal.
12.8 Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, users have the right to complain to a supervisory authority, particularly in the member state of their place of residence, if they believe that the processing of the personal data concerning their person breaches the GDPR.
The supervisory authority to which the complaint was submitted will inform the complainant of the status and outcome of the complaint, including the possibility of a legal remedy, according to Art. 78 GDPR.