Privacy policy
BSGROUP DATA ANALYTICS AG
CONTENTS
1 Who are we?
We are BSgroup Data Analytics AG (Buckhauserstrasse 24, 8048 Zurich) and are responsible for the processing of your personal data that we describe here (unless otherwise stated in individual cases). References in this Privacy Policy to “BSgroup Data Analytics”, “we” or “us” are references to BSgroup Data Analytics AG.
If you have a data protection concern, you can contact us:
BSgroup Data Analytics AG
Buckhauserstrasse 24
8048 Zurich
2 What personal data do we process?
- Master data, such as name, address, e-mail address, telephone number, gender, date of birth, social media profiles, photos, videos, relationship details (customer, service provider, etc.), history, official details (e.g. extracts from the commercial register, permits, etc.), details of newsletters subscribed to or other advertising (including consent);
- Communication data, such as contact details, type and manner of communication (telephone, e-mail, text messages, video messages, etc.) as well as place, date, time and content of the communication;
- Registration data, e.g. user name, password, e-mail address;
- Financial data, e.g. payment details, creditworthiness details;
- Contract data, data arising in connection with the conclusion or execution of the contract, such as information on the conclusion of the contract, acquired claims and receivables, information on customer satisfaction, purchasing information (e.g. date, place, time and history of purchase, as well as quantity, type and value of goods/services);
- Technical data, e.g. IP address, operating system, date, time, geographical information;
- Behavioral data, such as duration and frequency of visits to our website, date and time of a visit or opening a message (newsletter, e-mail, etc.), location of your end device, interaction with our online presences on social networks or other third-party platforms;
- Preference data, such as user settings, data from the analysis of the collected data (in particular behavioral data);
- Other data that you make available to us about yourself.
3 How do we collect personal data?
We collect your personal data in a variety of ways. On the one hand, we collect your personal data that you have made available to us (e.g. by e-mail, telephone, post), that we receive from third parties (e.g. from business partners, authorities) and that we collect about you (e.g. from publicly accessible registers, websites, business partners).
3.1 Provided data
You provide us with your personal data when you interact with us, for example in the following circumstances:
- When you communicate with our employees;
- When you create a user account with us;
- When you visit our company headquarters or other premises;
- If you take part in our customer events and public events;
- When you purchase our products or services (regardless of location, especially online);
- If you register in order to use certain offers and services (e.g. newsletter, free WLAN);
- If you take part in one of our competitions or prize draws.
The data provided includes, in particular, master data, communication data, registration data and contract data, but also preference data.
As a rule, the provision of personal data is voluntary, i.e. in most cases you are not obliged to disclose personal data to us. However, we must collect and process the personal data that is necessary or legally required for the processing of a contractual relationship and the fulfillment of the associated obligations, e.g. mandatory master data and contract data. Otherwise we will not be able to conclude or continue the respective contract.
If you transmit data about other persons (e.g. family members, employees) to us, we assume that you are authorized to do so and that this data is correct. Please ensure that these other persons are aware of this privacy policy.
If you do not provide us with certain personal data, this may mean that it is not possible to provide the associated service or conclude a contract. As a matter of principle, we will inform you where personal data requested by us is mandatory.
3.2 Data received
We may also receive personal data about you from third parties, such as the following third parties:
- From business partners with whom we work, e.g. banks, insurance companies, sales and other contractual partners;
- From people who communicate with us;
- From credit reference agencies, e.g. when we obtain credit reports;
- From address dealers or Swiss Post, e.g. for address updates
- From providers of online services, e.g. Internet analysis services;
- From authorities and courts, in connection with official and judicial proceedings.
The data received includes in particular master data, communication data, financial data and contract data, but also preference data.
3.3 Data collected
We may also collect your personal data ourselves or automatically, for example in the following circumstances:
- When you use our offers;
- If you make use of our services;
- When you order and/or purchase products from us;
- When you visit our website;
- When we consult publicly accessible sources (e.g. public registers, websites, platforms);
- If we obtain information about you from your organization or from another organization or company (e.g. for reference purposes in the application process, if you consent to this);
- When we work with business partners;
- When you click on a link in one of our newsletters or otherwise interact with one of our electronic marketing communications.
The data collected includes, in particular, behavioral data and technical data.
We can also derive further personal data from existing personal data, e.g. by evaluating behavioral data. Such derived personal data is often preference data.
4 For what purposes do we process personal data?
We process your personal data primarily in order to conclude and process our contracts with you, our customers and our business partners. In particular, we also process your personal data for the following purposes:
- to communicate with you;
- to provide you and our customers with our services (including websites) and to improve them;
- to manage the business relationship with you and our customers;
- for advertising, marketing, market research and product development;
- to ensure your and our security and to prevent misuse (e.g. for IT security, theft, fraud and abuse prevention and for evidence purposes);
- to comply with legal and regulatory obligations;
- to assert our claims and defend ourselves against the claims of others;
- to prepare and execute the sale or purchase of business divisions, companies or parts of companies and other transactions under company law and the associated transfer of personal data;
- for business management.
When processing personal data for the purposes described in this statement, we rely, among other things, on our legitimate interest in maintaining, expanding and managing the business relationship and communicating with you as a business partner about our products and services.
You can give us your consent to process your personal data for certain purposes. Unless we have another legal basis, we process your personal data within the scope of and based on this consent. You can revoke your consent at any time. A revocation has no effect on processing that has already taken place.
5 Why and how do we share data?
6 Warum und wie geben wir Daten ins Ausland weiter?
7 How do we use profiling?
8 Wie treffen wir automatisierte Einzelentscheidungen?
9 How do we protect data?
We take appropriate technical (e.g. firewall, SSL encryption, password protection) and organizational (e.g. access restriction, training of authorized persons) security measures to protect the security of your personal data. We use these measures to protect your personal data against unauthorized or unlawful processing, access and/or unintentional loss, alteration or disclosure. Please always bear in mind that the transmission of information via the Internet and other electronic means entails certain security risks. We cannot guarantee the security of information transmitted in this way.
10 How long do we store data?
We store your personal data for as long as required by our processing purposes (see section 4), the statutory retention periods (usually five or 10 years) and our legitimate interests, in particular for documentation and evidence purposes, or if storage is technically necessary (e.g. in the case of backups or document management systems). We delete or anonymize your personal data, provided there are no legal or contractual obligations or technical reasons to the contrary, in principle after the storage and processing period has expired as part of our usual processes and in accordance with our retention policy.
11 Social media
We may operate pages and other online presences on social networks and other platforms operated by third parties (e.g. fan pages, channels, profiles) and collect and process data about you (in particular contact and profile data) that you or the social networks provide to us. We receive the data when you come into contact with us via our online presence (e.g. accessing and commenting on posts). We receive aggregated or otherwise sufficiently anonymized data from the platforms for evaluation so that we can further develop the contributions and services we offer. We process the data, in particular for communication, for marketing purposes (including advertising on these platforms) and for market research. We may redistribute content published by you or delete or restrict content from or about you in accordance with the usage guidelines. Personal data may also be processed outside Switzerland and the European Economic Area (EEA).
Furthermore, the platforms evaluate your use of our online presences and link this data with other data about you known to the platforms. They also process this data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g. to personalize advertising) and to control their platforms (e.g. what content they show you).
When using the platforms, other legal documents (e.g. general terms and conditions and terms of use) apply in addition to the corresponding data protection declarations.
We currently use the following platforms:
- LinkedIn of LinkedIn Ireland, Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, whereby data may also be transferred to the USA. We are jointly responsible with LinkedIn and have concluded the so-called “Page Insights Joint Controller Addendum” (https://legal.linkedin.com/pages-joint-controller-addendum). You can find more information on data processing in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy
12 Cookie policy
- Google Analytics by Google Ireland Ltd, based in Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. relies on Google LLC, based in the USA, as its processor. The way in which our website is used is monitored and recorded. Google Analytics uses persistent cookies to collect anonymous information (e.g. number of visitors to the website, origin of visitors, length of visit). As a matter of principle, we do not transmit any personal data or complete IP addresses to Google. Google provides us with the collected information in aggregated form. We do not have the possibility to identify individual visitors. However, Google may use the additional data it collects and the knowledge gained from it for its own purposes. Google knows you if you have registered with Google. Google then processes your personal data under its own responsibility and in accordance with its data protection provisions. You can find more information about the data collected in the privacy policy of Google Ireland Limited at: https://policies.google.com/privacy
- HubSpot from HubSpot Inc, Two Canal Park, Cambridge, MA 02141 USA. The way in which our website is used is monitored and recorded. HubSpot uses persistent cookies to collect anonymous information (e.g. number of visitors to the website, origin of visitors, length of visit). As a matter of principle, we do not transmit any personal data or complete IP addresses to HubSpot. HubSpot provides us with the collected information in aggregated form. We do not have the possibility to identify individual visitors. For information on how HubSpot processes your data, please refer to the HubSpot Inc. privacy policy at the following link: https://legal.hubspot.com/de/privacy-policy
- Leadinfo from Leadinfo B.V., Rotterdam, Netherlands. The visits of companies to our website are recognized on the basis of IP addresses and publicly accessible information such as company names or addresses are displayed to us. In addition, Leadinfo uses two first-party cookies to evaluate user behavior on our website and to process domains from form entries (e.g. “leadinfo.com”) to correlate IP addresses with companies and to improve services. You can find out how Leadinfo processes your data in Leadinfo’s privacy policy at the following link: https://www.leadinfo.com/de/datenschutz/. Under the following link you have an opt-out option and Leadinfo will no longer collect your data in the event of an opt-out: http://www.leadinfo.com/en/opt-out
- Leadfeeder of Dealfront Group GmbH, Durlacher Allee 73, D-76131 Karlsruhe, Germany. The way in which our website is used is monitored and recorded. How Leadfeeder processes your data can be found in Leadfeeder’s privacy policy at the following link: https://www.leadfeeder.com/privacy/
c) Advertising and marketing We use the following services in particular for advertising and marketing purposes:
- Google Adsense, Google DoubleClick and Google Conversion Linker from Google Ireland Ltd, based in Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. relies on Google LLC, based in the USA, as its processor. The privacy policy of Google Ireland Limited can be found at: https://policies.google.com/privacy
- LinkedIn of LinkedIn Ireland, Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, whereby data may also be transferred to the USA. We are jointly responsible with LinkedIn and have concluded the so-called “Page Insights Joint Controller Addendum” (https://legal.linkedin.com/pages-joint-controller-addendum). You can find more information on data processing in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy
12.5 Website plugins We use various plugins (extensions) and third-party services on our website to provide you with our website and offer additional functions. In particular, we use plugins from HubSpot, Leadinfo and Leadfeeder (further information on the services can be found above under cookies).
13 What rights do you have?
- Right to information: You have the right to receive information about what personal data we have about you and how we process it;
- Right to data disclosure or transfer: You have the right to receive or transfer a copy of your personal data in a commonly used electronic format, provided that it is processed automatically and the data is processed with your consent or in direct connection with the conclusion or performance of a contract between you and us;
- Right to rectification: You have the right to have your personal data rectified if it is incorrect;
- Right to erasure: You have the right to have your personal data erased;
- Right to object: You have the right to object to the processing of your personal data (particularly in the case of data processing for the purpose of direct marketing).
Please note that conditions and exceptions apply to these rights. We may restrict or refuse your request to exercise these rights where permitted by law. We reserve the right to black out copies for reasons of data protection or confidentiality or to supply only excerpts. If you wish to exercise your rights against us or do not agree with our handling of your rights or data protection, please contact us; our contact details can be found in section 1. In order for us to rule out misuse, we must identify you (e.g. with a copy of your ID, if necessary).
14 Legal bases according to GDPR
- it is necessary as described in section 4 for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR);
- it is necessary for the purposes of the legitimate interests pursued by us or by third parties as described in Section 4, in particular for communication with you or third parties, to operate our website, to improve our electronic offerings and registration for certain offerings and services, for security purposes, for compliance with Swiss law and internal regulations, for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organization, implementation and follow-up of events and to safeguard other legitimate interests (see Section 4. 4) (Art. 6 para. 1 lit. f GDPR);
- it is required or permitted by law on the basis of our mandate or our position under the law of the EEA or a member state (Art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);
- you have separately consented to the processing, e.g. via a corresponding declaration on our website (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).
If you are in the EEA, you also have the right to restrict data processing and you can lodge a complaint with the data protection supervisory authority in your country. A list of the authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de
15 How can we change this privacy policy?
We may amend this privacy policy or add new processing activities at any time. We also update this privacy policy from time to time to reflect legal requirements. We will inform you of such adjustments and additions in an appropriate form; in particular, we will publish the current data protection declaration on our website (see below).
The current privacy policy can be accessed at any time at https://bsgroup-data-analytics.ch/datenschutz.
Status: 29.01.2024
In this privacy policy, we inform you about which personal data (data that directly or indirectly identifies you) we collect and process in connection with our activities. It applies to all processing activities in connection with personal data. We process the data received and collected responsibly, in accordance with the applicable legal provisions and in accordance with this privacy policy. Our processing is generally subject to the Swiss Data Protection Act (DSG).
If we consider it useful, we will provide you with supplementary data protection declarations and other legal documents (in particular general terms and conditions, terms of use and conditions of participation) for individual or additional processing.