Data privacy

1. Introduction

This information is intended for users (you/your), customers and employees of partner companies of 4data AG who use our services and/or visit the 4data website and 4data's social media.

The aim of this information is:

• to inform you comprehensively about the processing of your personal data by us
• to explain your rights in connection with the processing of your personal data
• to provide the contact details of the organisation responsible for processing your personal data and the data protection officer of 4data

Your trust is important to us, which is why we take the issue of data protection very seriously and ensure appropriate security. We are committed to handling your personal data responsibly. It goes without saying that we comply with the provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP), the Telecommunications Act (TCA) and, where applicable, other data protection regulations.

So that you know what personal data we collect from you and for what purposes we use it, please take note of the following information.

2. What personal data do we process and for what purpose?

Depending on your activity, we process the following personal data:

2.1 Visiting the website

Every time you visit our website, data is temporarily stored in a log file. The following information is automatically recorded and stored until it is automatically deleted, at the latest after 26 months:

• Date and time of the access
• IP address of the accessing device
• Name of the internet access provider
• Name and URL of the requested file
• Page and address of the referring website and, if applicable, the search term used
• Country from which access is made
• Operating system and browser (provider, version and language) of the accessing device
• Transmission protocol used (e.g. HTTP/1.1)

This data is collected and processed to enable the use of the website, to ensure system security and stability and to support the optimisation of our online offering as well as for internal statistical purposes. and for internal statistical purposes.

Only in the event of an attack on our network infrastructure or suspected misuse of the website will the IP address be used for clarification and defence and, if necessary, used in the context of legal proceedings to identify the users concerned.

We also use cookies and similar technologies during your visit to our websites. You can find more information on this in the sections "Cookies" and "Tracking tools".

2.2 Marketing purposes

2.2.1 E-mail newsletter

You can register to receive our 4data newsletter on our website. We send out this newsletter to inform you about the latest offers and the latest news. In connection with this activity, we collect the following data from you:

• Given name
• Surname
• E-mail address
• Gender

Our newsletter and other email communications contain so-called web beacons (tracking pixels) or similar technical means. For each newsletter or other marketing communication sent, we collect information about the address file used, the subject and the number of emails sent. In addition, we can see which addresses did not receive the newsletter or communication, to which addresses it was sent and which addresses failed to receive it. We can also see which addresses have opened the newsletter or communication and which content they have clicked on and how often. Finally, we also see which addresses have unsubscribed. We use this data for statistical purposes and to optimise our newsletter and our communication, both in terms of content and structure. This enables us to tailor the information and offers in our newsletter and our marketing communication to the individual interests of the recipients. The tracking pixel is deleted if you delete the newsletter or email without first opening it.

To prevent the use of web beacons (tracking pixels) in our newsletter or communication, please set your e-mail programme so that messages do not display HTML, if this is not already the case by default. On the following pages, you will find instructions on how to make this setting in the most common e-mail programs.

• Microsoft Outlook
• Mac

You can unsubscribe from the newsletter at any time by contacting us or using the unsubscribe link at the end of each newsletter or other communication.

The personal data used for sending the e-mail newsletter will be deleted if you unsubscribe from the newsletter.

2.3 During the application process

When you apply to us, we process the following personal data for the purpose of checking your application:

• Surname, first name
• Address
• Date of birth
• Telephone number
• Gender
• Nationality
• Marital status
• Extract from debt collection and criminal records
• Information from the CV
• Other data that we receive from you during the application process

Personal data that is processed during the application process will be deleted no later than six months after completion of the application process.

2.4 Employees of partner companies

If you are an employee of one of our partner companies, we process the following personal data in order to inform you about our services (e.g. availability or technical problems), maintain the business relationship with your company, carry out marketing activities, manage complaints and fraud cases and issue invoices:

• Surname and first name
• E-mail address
• Telephone number
• Information about the business relationship
• Information about the use of our services
• Information about complaints and fraud cases
• Information about invoicing

The contact details of the employees will be deleted immediately as soon as we are informed by you or your company.

3. From which sources do we collect personal data?

In principle, we collect personal data directly from you, e.g. in the context of communication with us, via forms or when using the website.

Insofar as this is not unauthorised and is necessary for the provision of our services, we also obtain data from publicly accessible sources (e.g. debt collection register, commercial register) or receive data from other companies within our group, from authorities and from other third parties (e.g. contractual partners, internet analysis services, etc.).

The categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and legal proceedings, information in connection with your professional functions and activities, information about you in correspondence and meetings with third parties, information about you that people from your environment (e.g. family, advisors, legal representatives) give us so that we can conclude or process contracts with you or with your involvement (e.g. references, your address for deliveries, authorisations, information for compliance with legal requirements such as for combating fraud, money laundering and terrorism and export control, information from banks, insurance companies and distributors and other contractual partners). references, your address for deliveries, powers of attorney, information on compliance with legal requirements such as anti-fraud, anti-money laundering and anti-terrorism and export restrictions, information from banks, insurance companies and sales and other contractual partners of ours for the utilisation or provision of services by you [e.g. payments, purchases], information on the use of our products and services, information on the use of our products and services, information on the use of our products and services, information on the use of our products and services, information on the use of our products and services and information on the use of our products and services.e.g. payments, purchases], personal data from the media and the internet [insofar as this is indicated in a specific case, e.g. in the context of an application, marketing/sales]) and data in connection with the use of third-party websites and online offers where this use can be attributed to you.

4. Special processing of your personal data

We may automatically evaluate certain of your personal characteristics ("profiling") if we want to determine data about your preferences, but also to determine abuse and security risks, to carry out statistical analyses or for operational planning purposes.

As part of our services and the operation of our websites, we may make a decision based solely on automated processing that has legal consequences for you or could significantly affect you. In this case, we will inform you accordingly and take the measures required by applicable law.

5. Where do we store your personal data?

Your personal data is stored by us on secure servers in Switzerland or in the European Union.

6. How long do we process the personal data?

We store your data for as long as is necessary for our processing purposes, statutory retention periods and our legitimate interests in documentation and preservation of evidence, or as long as storage is technically necessary. Further information on the respective storage and processing period can be found in the individual data categories in section 2 or in the cookie categories in section 11. Provided there are no legal or contractual obligations to the contrary, we delete or anonymise your data after the storage or processing period has expired.

The documentation and preservation of evidence purposes include, in particular, our interest in documenting processes, interactions and other relevant facts in the event of legal claims, discrepancies, for IT and infrastructure security and as evidence of good corporate governance and compliance. For technical reasons, storage may be necessary if certain data cannot be separated from other data and must therefore be stored together with it (e.g. in the case of backups or document management systems).

7. To whom do we disclose the personal data?

We pass on your personal data to the following categories of recipients in connection with the use of our services, the 4data websites or in the application process:

• Service providers: We work with service providers in Germany and abroad who either process data about you on our behalf or in joint responsibility with us or receive data about you from us (e.g. IT providers, shipping companies, advertising service providers, login service providers, cleaning companies, banks, insurance companies, debt collection companies). For a list of the service providers that work for the Website, see section 9. We share with these service providers the data necessary for their services, which may include personal data about you. These service providers may also use such data for their own purposes, e.g. information about outstanding payments and your payment history to credit reference agencies or anonymised data to improve their services. We enter into contracts with these service providers that contain provisions to protect your personal data. Our service providers may also process data independently of us as the controller for their own legitimate interests, e.g. for statistical analyses or billing purposes. The service providers will inform you about their own data protection practices in their own privacy policies.
• Public authorities: We may disclose personal data to offices, courts and other authorities as well as regulatory organisations in Switzerland and abroad if this is required or permitted by law or if we consider this necessary to protect our legitimate interests. The authorities process the data we receive about you on their own responsibility.

All these categories of recipients may in turn involve third parties, which may also have access to your data. We can restrict the processing by certain third parties (e.g. IT providers), but not that of other third parties (e.g. authorities, banks, etc.).

We also allow certain third parties to collect personal data from you on our website and at events organised by us (e.g. media photographers, providers of tools that we have integrated into our website). Insofar as we are not significantly involved in this data collection, these third parties are solely responsible for data processing. If you have any questions or wish to exercise your data protection rights, please contact these third parties directly.

8. Transfer of your personal data abroad

As explained in section 7, we also disclose data to third parties. These are not only located in Switzerland. Your data may therefore also be processed in Europe (especially Germany) as well as in the USA (e.g. when using Google Analytics); in exceptional cases, however, in any country in the world.

Some of the third-party service providers mentioned in this privacy policy are based in the USA. For the sake of completeness, we would like to point out that there are surveillance measures in place in the USA by US authorities that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland or the EU to the USA. This is done without differentiation, restriction or exception based on the objective pursued and without an objective criterion that makes it possible to restrict the US authorities' access to the data and its subsequent use to very specific, strictly limited purposes that justify the interference associated with both access to this data and its use. We would also like to point out that there are no legal remedies available in the USA for data subjects from Switzerland that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective legal protection against general access rights of US authorities. We explicitly draw your attention to this legal and factual situation so that you can make an appropriately informed decision to consent to the use of your data.

Please also note that data exchanged via the Internet is often routed via third countries. Your data may therefore be sent abroad even if the sender and recipient are located in the same country.

9. Do we use online tracking and online advertising techniques?

a. Google Analytics

On our websites, we use Google Analytics, an analysis tool from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google). Google Analytics uses methods that make it possible to analyse visits to our websites, such as cookies. The information generated by the cookie about your use of our website such as

• App updates
• Browser information
• Click path
• Date and time of the visit
• Device information
• Downloads
• Flash version
• Approximate location information (country and city)
• IP address
• JavaScript support
• Pages visited
• Purchase activity
• Referrer URL
• Usage data
• Widget interactions
• Navigation path that a visitor follows on the websites
• Time spent on the websites and subpages
• The subpage on which the websites are left
• The country, region or city from which access is made
• End device (type, version, colour depth, resolution, width and height of the browser window)
• Returning or new visitor
• Browser provider/version
• The operating system used
• The referrer URL (previously visited website)
• Host name of the accessing computer (IP address)
• Time of server access,

are generally transmitted to a Google server in the USA and stored there. The IP address is shortened by activating IP anonymisation ("anonymizeIP") before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area or Switzerland. According to Google, the masked IP address transmitted by Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. In these cases, you will be asked to consent to the processing of the data beforehand.

The information is used to analyse the use of our websites, to compile reports on the activities on our websites and to provide further services associated with the use of our websites for the purposes of market research and the needs-based design of our websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

Users can prevent Google from collecting the data generated by the cookie and relating to the use of our websites by the user concerned (including the IP address) and from processing this data by Google by preventing cookies or by making the appropriate settings on the website (see section 10).

You can find more information about Google and how Google processes data here.

10. Cookies

Cookies help in many ways to make your visit to our websites easier, more pleasant and more meaningful.

A cookie is an individual code (e.g. a serial number) that our server or a server of our service providers or advertising partners transmits to your system when you connect to our website. Your system (browser, mobile) receives and stores this code until the programmed expiry date. Each time you access our website again, your system sends this code back to our server or the server of the third party, which allows you to be recognised even if your identity is unknown.

Every access to a server (e.g. when visiting a website, using an app or loading an image in an email) can therefore be "tracked". If we integrate providers of analysis tools on our website, they can also track you in the same way, even if you cannot be identified.

Most devices/Internet browsers accept cookies automatically. However, you can configure the device/internet browser so that no cookies are stored or a message always appears when you receive a new cookie.

• Android
• iOS

Please note that deactivating cookies may mean that you cannot use all the functions of our services.

A distinction is made between the following cookies:

• Necessary cookies: Some cookies are necessary for the functioning of the websites as such or for certain functions. They ensure, for example, that you can switch between pages without losing information entered in a form. They also ensure that you remain logged in. These cookies are only temporary ("session cookies"). If you block them, the website may not work. Other cookies are necessary so that the server can save decisions or entries made by you beyond one session (i.e. one use of the website) if you use this function (e.g. selected language, consent given, the function for automatic log-in, etc.). These cookies have an expiry date of up to 24 months.
• Performance cookies: In order to optimise our websites and corresponding offers and to better tailor them to the needs of users, we use cookies to record and analyse the use of our websites, possibly even beyond the session. We do this by using third-party analytics services. We have listed these below. Before we use such cookies, we ask you to accept them. Performance cookies also have an expiry date of up to 24 months. Details can be found on the websites of the third-party providers.
• Marketing cookies: We and our advertising partners have an interest in targeting advertising to specific groups, i.e. only displaying it to those we wish to address. We have listed our advertising contract partners below. For this purpose, we and our advertising contract partners - if you consent - also use cookies with which the content accessed or contracts concluded can be recorded. This enables us and our advertising contract partners to display adverts that we can assume are of interest to you on our website, but also on other websites that display adverts from us or our advertising contract partners. Depending on the situation, these cookies have an expiry period of a few days to 12 months. If you consent to the use of these cookies, you will be shown the relevant adverts. If you do not consent to these cookies, you will not see fewer adverts, but simply any other adverts.

We may also integrate other third-party offers on our websites, in particular from social media providers. These offers are deactivated by default. As soon as you activate them (e.g. by clicking a button), the relevant providers can recognise that you are on our website. If you have an account with the social media provider, they can assign this information to you and thus track your use of online services. These social media providers process this data on their own responsibility.

11. What data do we process on our pages in social networks?

You will find links to our social media networks on our websites. These buttons only lead to our presence on the respective social media platforms. No user data is transmitted by 4data to the social media network.

When you click on one of these links, a direct connection is established between your device and the server of the relevant social network. This provides the network with the information that you have visited our website and clicked on the link. If you click on a link while you are logged into your account with the relevant network, the network can link this information to your profile, which means that your use of our website can be directly associated with your user account. To prevent this, you should log out of your social media account before clicking on the relevant links. An assignment is made in any case if you log in to the relevant network after clicking on the link.

The links and plug-ins are linked to the following networks:

• Twitter from Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA;
• LinkedIn from LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA;
• YouTube is operated by Google Ireland Limited Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
• Github is operated by Google Ireland Limited GitHub B.V. Prins Bernhardplein 200, Amsterdam 1097JB, The Netherlands

12. How do we protect personal data?

We use suitable technical and organisational security measures to protect your personal data stored by us against manipulation, partial or complete loss and unauthorised access by third parties. Our security measures are continuously adapted to technological progress.

Within our website, we use the TLS (Transport Layer Security) method in conjunction with the highest level of encryption supported by your browser. You can recognise whether an individual page of our website is transmitted in encrypted form by the closed display of the lock symbol in the status bar of your browser.

We also take data protection within our company very seriously. Our employees and the service companies we commission are obliged to maintain confidentiality and comply with data protection regulations.

13. What rights do you have?

You have the following rights:

Right to information: You have the right to request access to your personal data stored by us at any time free of charge, insofar as we process it. This enables you to check what personal data we process about you and ensure that we use it in accordance with the applicable data protection regulations.

Right to rectification: You have the right to have incorrect or incomplete personal data corrected and to be informed of the correction. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort.

Right to erasure: Under certain circumstances, you have the right to request the erasure of your personal data. However, this right may be excluded in individual cases.

Right to data portability: Under certain conditions, you have the right to receive the personal data you have provided to us free of charge in a machine-readable format.

Right of revocation: If data processing is based on your consent, you have the right to revoke your consent at any time with effect for the future. Processing based on your consent in the past remains lawful even if you withdraw your consent. Withdrawal of consent may result in 4data's services being discontinued.

If you wish to assert your rights, please contact us in writing. You will find the contact information in section 14.

14. Contact

If you have any questions about data protection at 4data, would like information or would like to have your data deleted, please contact us by sending an e-mail to [email protected].

Please send your request by letter to the following address:

4data AG
Data protection officer
Sihlquai 253
8005 Zürich
Schweiz

15. Adaptation of the privacy policy

This privacy policy is not part of any contract. We reserve the right to amend this declaration at any time. The version published on this website is the current version.

Last update: 14 Jun 2024