Data protection

1 Name and Address of the Data Processor

The operator of the website (hereinafter: the operator) and hence the controller as defined in applicable data protection legislation (see below) is:

PEAX AG 
Pilatusstrasse 28
6003 Lucerne

Tel: +41 41 541 59 61
E-mail: info@peax.ch
Website: www.peax.ch

2 Name and Address of the Data Protection Officer

The operator’s data protection officer is:

Marc Pfister
PEAX AG
Pilatusstrasse 28
6003 Lucerne

Tel.: +41 41 541 59 61
E-mail

3 Definitions

Term

Explanation

Operator or PEAX

Operator of the website, namely PEAX AG.

User

User of the website or its services, namely you.

Personal data

Information which can be used to identify a person or can be used in combination with other data to render a person identifiable. This means information which can be traced back to a person. This includes your name, e-mail address or telephone number. Data about preferences, hobbies, memberships, or which websites someone has viewed may also constitute personal data.

4 General Information on Data Protection

We are fully compliant with the Swiss Data Protection Act [“DSG”], the Ordinance on the Data Protection Act [“VDSG”], the Telecommunications Act [“FMG”], and any other applicable data protection legislation under Swiss or EU law, in particular the EU General Data Protection Regulation.

We only process the personal data of users to the extent necessary to provide a functional website and portal and the content and services thereof, to the extent that we have justifiable grounds for processing, and to the extent that processing is prescribed or required by law or the user has given consent.

5 Access Data/Server Log Files

5.1   Description and scope of data processing

We collect data each time the website is accessed (server log files). The access data collected includes:

  • name of web page accessed, file(s)
  • date and time of visit
  • browser type and version
  • user’s operating system
  • referrer URL (page visited prior to access)
  • IP address of user and requesting provider

5.2   Legal basis and purpose of data processing

The purpose of collecting and processing this data is to enable the website to be used (to establish a connection), to ensure long-term system security and stability, to allow website optimization, and for internal statistical purposes. This also constitutes our justifiable grounds for data processing.
The IP address is determined along with the other data, to allow investigation and prevention in the event of attacks on network infrastructure or other unauthorised or improper use of the website, and if necessary to help identify and bring legal action (civil or criminal proceedings) against the users in question. We (the operator) explicitly reserve the right to perform follow-up checking of log data if there is concrete evidence indicating unlawful use. We have justifiable grounds for this data processing, to prevent unauthorised access in future and to improve system stability. These data are stored for that purpose.

5.3   Duration of storage

These data are deleted as soon as they are no longer required to achieve the purpose for which they were collected, unless we (the controller) have significant grounds or a statutory obligation to continue storing them. As a general rule, this is after 24 hours.
Data may be stored beyond that period, for website optimisation and statistical evaluation. In such cases, the user’s IP addresses are deleted or anonymized, which means they can no longer be associated with the user (you).

5.4   Objections and deletion

To ensure the website can run, data have to be collected and stored in log files.
Nevertheless, your web browser can be configured so that this information or a portion thereof is not stored. Please note that if you configure your browser in that way, you may not be able to use all of the functions on our website, or they may not be displayed correctly.
Data which are stored beyond that are anonymized, which means no further personal data will be processed, and hence you do not have the right to object in that regard.

6 PEAX Portal

6.1   Description and scope of data processing

As part of registration and use of the PEAX portal, we store the following data: the user data which you provide during registration or when you modify your profile; and the data which are contained in the delivered documents and captured via automated text recognition or supplemented by you. This includes in particular the following mandatory information and additional data voluntarily provided by you:

  • first name and last name
  • e-mail address
  • home address
  • date of birth
  • billing information
  • further information contained in the documents, where applicable.

6.2   Legal basis and purpose of processing

We process your personal data on the PEAX portal as part of contractual fulfilment. This includes in particular secure storage of data and backups. These data are processed in order to fulfil the contractual obligations between you and PEAX.
The data may also be used for further development of the portal and to optimise the service we provide. We have justifiable grounds for this data processing, as it allows us to continuously improve our services.

6.3   Subcontractors

Some services on the PEAX portal are provided in cooperation with partner companies. Specifically, your physical mail is scanned by our scanning partner; this means various personal data have to be sent to that scanning partner.
Documents which are delivered digitally or uploaded also undergo automated text recognition, which is performed by one of our partner companies; this means various personal data have to be sent to that partner company.
We only give out data to the extent necessary to ensure that the portal can operate, and we always ensure that subcontractors comply with applicable data protection legislation. In particular, subcontractors and their employees and sub-subcontractors keep the data confidential, and do not use the data which they receive for any purpose other than the provision of PEAX portal services, and do not use the data for their own purposes.
Our scanning partner, and any other partners for data processing as described, store all of the data which they process in Switzerland, the EU or the EEA, and they take suitable technical and organisational measures to protect those data.
We can provide you with an up-to-date list of subcontractors upon request.

6.4   Duration of storage

These data are deleted as soon as they are no longer required to achieve the purpose for which they were collected (i.e. to fulfil the contract with you), unless we have significant grounds or a statutory obligation to continue storing them. This deletion takes place when you delete a document containing your personal data in the portal or disable your account. When your disable your account, the documents and the personal data in your profile will be stored for a further 90 days. This ensures that physical mail which arrives after you disable your account can be forwarded. The account and all the data which it contains will be permanently deleted at the end of this transition period.
For data security reasons, it is not possible to delete individual data sets from backups. However, backups in their entirety are deleted as soon as they are no longer required for data security purposes.

6.5   Objections and deletion

At any time you can delete documents and personal data stored in the portal. You are entitled to change or delete parts of your profile data. Data which are needed to identify the user (e.g. first name, last name, date of birth and residential address) can only be deleted by disabling the account.

7 Use of Cookies

7.1   Description and scope of data processing

Our website uses cookies. Cookies are small files which make it possible to store specific device-related information on the user’s device (e.g. PC or smartphone), so that the device can be identified when the user accesses the website again. They ensure that websites are user-friendly, for example by storing login data. They are also used to collect statistical data on website usage, so that they can be analysed with a view to optimizing the website.

Our website uses the following cookies:

Name

Purpose

Duration of storage

Technically necessary

FluentLocale

Indicates the user's language

2 months

No

Google Analytics
_ga
_gid

See Section 9

2 years
24h

No

Zendesk
_zlcmid

Enables communication via a live chat tool

1 year

No

PHPSESSID

Contains an anonymous user ID which allows multiple requests from a user to be associated with the same HTTP session

Until the browser is closed

Yes

Google ReCAPTCHA

ANID
APISID
CONSENT
HSID
NID
SAPISID
SEARCH_SAMESITE
SID
SIDCC
SSID

 See Section 10  Until the browser is closed  Yes

 

When accessing our website, you will be notified about the use of cookies for analysis purposes. In addition, you will be notified about this Data Protection Declaration.

The use of Google Analytics is discussed separately in Section 9.

7.2   Legal basis and purpose of data processing

Cookies which are required for technical reasons simplify the use of the website. Some website functions cannot be provided without the use of cookies. In such cases, the browser has to be identifiable after a page change. We therefore have justifiable grounds for using those cookies to make our website accessible and user-friendly.

User data collected by cookies which are required for technical reasons are not used to create user profiles.

7.3   Duration of storage; objections and deletion

Cookies are stored on the user’s access device and sent from there to our website. You can manage the use of cookies. Most browsers have an option to restrict or completely prevent storage of cookies. However, please note that without cookies the website may not function in such a user-friendly manner. Many online ad cookies from companies can be managed via the US website https://www.aboutads.info/choices/ or the EU website https://www.youronlinechoices.com/uk/your-ad-choices/.

Most internet browsers accept cookies automatically. Nevertheless, you can configure your browser so that no cookies are stored on your computer, or so that a message always appears when you receive a new cookie, or you can revoke your consent to the setting of cookies by clicking on this link.

Disabling cookies may mean you are unable to use all of the functions of our website.

8 Newsletter

8.1   Description and scope of data processing

You can subscribe to a free newsletter which we publish. To do so, click on the newsletter checkbox in the contact form, or fill out the newsletter form at the bottom of the website. When the form is submitted, the data from the form will be sent to us. Those data include:

  • user’s first and last name
  • e-mail address

In addition, the following data are collected when you subscribe:

  • your IP address
  • date when you subscribed to the newsletter
  • language setting on our website.

Your consent to processing of those data is obtained when you subscribe, and you will be notified about this Data Protection Declaration.

8.2   Performance measurement by Campaign Monitor

We use Campaign Monitor’s performance measurement software to determine how the newsletter is performing.

That software uses the newsletter to set a cookie, which it uses to collect the following data:

  • time when the newsletter was opened

  • place where the newsletter was opened

  • number of clicks per user per newsletter

  • amount of shared content per user per newsletter.

To send the newsletter, we send the following data to Campaign Monitor Pty Limited:

  • e-mail address of the newsletter subscriber.

Campaign Monitor Pty Limited is based in Sydney, Australia and processes the data at data centres in the USA, Australia and Germany. We have drawn up contracts to ensure that Campaign Monitor Pty Limited complies with all applicable data protection legislation.

Your consent to processing of those data is obtained when you subscribe, and you will be notified about this Data Protection Declaration.

8.3   Legal basis and purpose of data processing

Your e-mail address is used to send the newsletter. Your name is used to personalize the newsletter.

The other data listed in Subsections 8.1 and 8.2 are used to improve the newsletter and analyse when and how it is read, and also to prevent abuse of the services or the e-mail address used.

We do not process these data unless we have your consent.

8.4   Duration of storage

These data are deleted as soon as they are no longer required to achieve the purpose for which they were collected, unless we have significant grounds or a statutory obligation to continue storing them. Subscriber e-mail addresses and names are stored for as long as the subscription to the newsletter is active. The same applies to any other personal data collected when you subscribe.

After they have been evaluated, the data collected and stored as part of performance measurement are deleted after 14 months at the latest.

8.5   Objections and deletion

You can unsubscribe from the newsletter at any time. Each newsletter contains a link for that purpose.

This also makes it possible to revoke consent to storage of the personal data which were collected when you subscribed, and of the data used for performance measurement.

9 Google Analytics

9.1   Description and scope of data processing

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses cookies—text files placed on your computer—to help analyze how users use the site.

Google Analytics collects and stores the following data:

  • IP address of user and requesting provider

  • name of web page accessed, file(s)

  • browser type and version

  • user’s operating system

  • referrer URL (page visited prior to access)

  • number of page views

  • bounce rate

  • average time spent on the website

The information generated by the cookies about the use of this website by the user is usually sent to a Google server in the USA and stored there. The user’s IP address of the user is usually abridged by the provider and thus anonymised before it is sent to Google. Hence the data which are sent can no longer be traced back to the user. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abridged there. The operator has drawn up contracts to ensure that Google complies with applicable data protection legislation. The data sent by the user’s browser as part of Google Analytics will not be combined with other data held by Google.

When visiting our website, you the user will be notified about the use of Google Analytics, and you may consent to the processing of personal data for this purpose. In addition, you will be notified about this Data Protection Declaration.

9.2   Legal basis and purpose of data processing

Google will use this information on our behalf to analyse how the user uses the website, to generate reports on website activity, and to provide us with other services regarding website activity and internet usage. This enables us to constantly improve the website and ensure that it is user-friendly; that constitutes our justifiable grounds for processing the data.

9.3   Duration of storage

These data are deleted as soon as they are no longer required for our record-keeping purposes, unless we have significant grounds or a statutory obligation to continue storing them. As a general rule, this means they are deleted after 14 months.

9.4   Objections and participation

Like the other cookies, the Google Analytics cookies are stored on the user’s device. You can set your browser preferences to prevent cookies from being stored. You can also prevent the data which are generated by the cookie and which relate to your use of the website (including your IP address) from being collected and processed by Google. To do so, download and install the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout

Disabling cookies may mean you are unable to use all of the functions of our website.

10 Google reCAPTCHA

For data security purposes, when you submit the registration form we use Google reCAPTCHA (a service provided by Google Inc.). This provides assurance that the data have been input by a human being, and helps prevent abuse where data are input by a machine. The service sets various cookies (see Section 7.1), and includes sends the IP address and any other necessary data to Google for the reCAPTCHA service. Here, Google Inc.’s data protection clauses apply, which may differ from ours. For further information, please visit https://policies.google.com/privacy?hl=de&gl=de or https://www.google.com/intl/de/policies/privacy/

The operator has drawn up contracts to ensure that Google complies with applicable data protection legislation. The data sent for the Google reCAPTCHA service are not merged with other data held by Google.

11 Data Collected When You Contact Us

11.1   Description and scope of data processing

When a user contacts us (e.g. via contact form, e-mail, or chat), all relevant user information is stored, so that the enquiry can be processed and if follow-up questions arise.

This includes in particular the following information:

  • user's first name and last name
  • e-mail address
  • current location (in support chat).

Your consent to processing of data is obtained when the contact form is sent, and you will be notified about this Data Protection Declaration.

You may also contact us via the e-mail address provided. With this method, personal data which are sent along with the e-mail will be stored.

You can also contact us via the chat tool on the website. This is run using Zendesk software. The data from the other contact methods is also handled using Zendesk.

Zendesk functionality requires us to transfer various data to the provider of the cloud-based software solution, Zendesk Inc., in the United States. We have drawn up contracts to ensure that Zendesk Inc. complies with all applicable data protection legislation.

When you contact us via contact form or via the chat tool, you will be notified in advance about our data processing policy and this Data Protection Declaration, and you will be asked to give your consent.

11.2   Legal basis and purpose of data processing

Your consent constitutes the legal basis for processing of data. If an e-mail is about establishing a contractual relationship, contractual performance constitutes the legal basis for processing of data.
Personal data entered via the input screen are used solely for the purpose of establishing contact with you. If you contact us by e-mail, that constitutes justifiable grounds for processing the data. We store data for a specified length of time, so that we can refer back to the data if follow-up queries arise.

Other personal data processed during the sending process help prevent abuse of the contact form and to ensure the security of our IT systems. That constitutes our justifiable grounds for processing the data.

We also reserve the right, within the scope of our justifiable grounds, to store conversations with you, including personal data which they contain, in order to provide evidence.

11.3   Duration of storage

These data are deleted as soon as they are no longer required to achieve the purpose for which they were collected, unless we have significant grounds or a statutory obligation to continue storing them. They are deleted if it can be assumed or inferred from the circumstances that the matter in question has been conclusively resolved and no further queries are expected.

Data which are stored to provide evidence are usually deleted after 14 months. In exceptional cases, we may be justified in storing the data for longer than that, if there are significant grounds or a statutory obligation.

11.4   Objections and deletion

At any time you may revoke your consent to processing of your personal data. If you contact us by e-mail or via contact form, at any time you are entitled to object to storing of your personal data, provided you send us an e-mail to that effect. At that point it will no longer be possible to continue interacting with you. During chat, you are entitled to revoke your consent at any time. At that point, all personal data which were stored when you contacted us will be deleted.

12 Links and Social Plug-ins

Our website contains links to various partners and other relevant websites. If you click on such a link on our website, data may be forwarded to the owner of the website which you are accessing. PEAX has no control over the processing of data by the owners of those websites.

Our website also contains social plug-ins (e.g. Facebook, Instagram, Twitter, and LinkedIn). PEAX allows you to share content from our website directly with Facebook, Twitter and your e-mail provider by clicking on the appropriate icon on the website.

PEAX has no control over how these social media platforms process data, so please read the relevant privacy policies before accessing them.

13 Data Transfers Abroad

In order to process data in the manner described in this Data Protection Declaration, PEAX is entitled to transfer your personal data to third-party companies (service providers) abroad. These companies comply with data protection requirements to the same extent as PEAX. In cases where the level of data protection in a given country is not equivalent to that of Switzerland or Europe, PEAX draws up contracts to ensure that at all times your personal data is protected in a manner equivalent to the protection which it has in Switzerland or respectively the EU.

14 Data Security

PEAX has suitable technical and organisational security procedures in place to protect your stored personal data against manipulation, partial or total loss, or unauthorised access by third parties. Our security procedures undergo ongoing optimization in line with technical developments.

Always keep your login details confidential. Please always close your browser window when you have finished communicating with PEAX, especially if you share your computer, tablet or smartphone with others.

PEAX also takes company-internal data protection very seriously. All PEAX employees and service providers used by PEAX sign non-disclosure agreements and comply with data protection regulations.

15 User’s Rights

As the user, you have the rights listed below. Please note, however, that the rights mentioned are dependent on the applicable data protection legislation and may therefore be more limited or more comprehensive.

15.1   Right to information

At any time the user is entitled to confirmation from us (the controller) about whether personal data regarding him/her are being processed. If so, the user is entitled to a gratis statement from us about the stored personal data regarding him/her, along with a copy of the data.

15.2   Right to amendment

If the data regarding the user are incorrect or incomplete, the user is entitled to instruct us to amend or update those personal data. We are then obligated to amend the data immediately.

15.3   Right to limits on processing

The user is entitled to instruct us to place limits on processing of his/her personal data.

15.4   Right to deletion

The user is entitled to demand that his/her personal data be deleted. This does not apply if, for data security reasons, individual data cannot be deleted from backups. Backups are deleted in their entirety as soon as they are no longer required for data security purposes.

15.5 Right to data portability

The user is entitled to receive the personal data regarding him/her which have been provided to us; we will supply the data in a structured, conventional, machine-readable format. The user is also entitled to send those data to another controller, without hindrance from the controller to whom the personal data have been provided (namely us).

15.6   Right to object

At any time, and on grounds specific to his/her situation, the user is entitled to object to the processing of his/her personal data as carried out by us on justifiable grounds. That includes profiling pursuant to these clauses.

If the user objects to processing for direct marketing purposes, the personal data regarding him/her shall no longer be processed for such purposes.

15.7 Right to withdraw consent under data protection law

At any time the user is entitled to withdraw his/her consent under data protection law. Withdrawal of consent does not affect the legality of processing which occurred in the period up until consent was withdrawn.

15.8 Right to submit a complaint to a supervisory authority

Without prejudice to any other administrative-law remedy or judicial remedy, the user is entitled to submit a complaint to a supervisory authority if he/she is of the opinion that the processing of personal data regarding him/her infringes applicable data protection law.

Provided that it is in the EU, the supervisory authority to which the complaint has been submitted will notify the party who has submitted the complaint about the status and outcome of the complaint, including the possibility of judicial remedy.

16 Can this Data Protection Declaration be amended?

If individual parts of this Data Protection Declaration are invalid, this shall not affect the validity of the other parts. The invalid part shall be replaced in such a way that it approximates as closely as possible to the commercial purpose of the invalid part.

This Data Protection Declaration may be amended if our website undergoes further development or if there are changes in statutory or official requirements. The current version of this Data Protection Declaration is published on our website.

17 Questions about data protection? Please get in touch!

This page was last modified on 19.08.2021. If you have any questions or comments about our legal notices or data protection, please contact us at: marc.pfister@peax.ch.