Privacy policy
BSGROUP DATA ANALYTICS AG

In particular, we collect and process the following

• Master data, such as name, address, e-mail address, telephone number, gender, date of birth, social media profiles, photos, videos, relationship details (customer, service provider, etc.), history, official details (e.g. extracts from the commercial register, permits, etc.), details of newsletters subscribed to or other advertising (including consent);
• Communication data, such as contact details, type and manner of communication (telephone, e-mail, text messages, video messages, etc.) as well as place, date, time and content of the communication;
• Registration data, e.g. user name, password, e-mail address;
• Financial data, e.g. payment details, creditworthiness details;
• Contract data, data arising in connection with the conclusion or execution of the contract, such as information on the conclusion of the contract, acquired claims and receivables, information on customer satisfaction, purchasing information (e.g. date, place, time and history of purchase, as well as quantity, type and value of goods/services);
• Technical data, e.g. IP address, operating system, date, time, geographical information;
• Behavioral data, such as duration and frequency of visits to our website, date and time of a visit or opening a message (newsletter, e-mail, etc.), location of your end device, interaction with our online presences on social networks or other third-party platforms;
• Preference data, such as user settings, data from the analysis of the collected data (in particular behavioral data);
• Other data that you make available to us about yourself.

We collect your personal data in a variety of ways. On the one hand, we collect your personal data that you have made available to us (e.g. by e-mail, telephone, post), that we receive from third parties (e.g. from business partners, authorities) and that we collect about you (e.g. from publicly accessible registers, websites, business partners).

3.1 Data provided
You provide us with your personal data when you interact with us, for example in the following circumstances:

• When you communicate with our employees;
• When you create a user account with us;
• When you visit our company headquarters or other premises;
• If you take part in our customer events and public events;
• When you purchase our products or services (regardless of location, especially online);
• If you register in order to use certain offers and services (e.g. newsletter, free WLAN);
• If you take part in one of our competitions or prize draws.

The data provided includes, in particular, master data, communication data, registration data and contract data, but also preference data.

As a rule, the provision of personal data is voluntary, i.e. in most cases you are not obliged to disclose personal data to us. However, we must collect and process the personal data that is necessary or legally required for the processing of a contractual relationship and the fulfillment of the associated obligations, e.g. mandatory master data and contract data. Otherwise we will not be able to conclude or continue the respective contract.

If you transmit data about other persons (e.g. family members, employees) to us, we assume that you are authorized to do so and that this data is correct. Please ensure that these other persons are aware of this privacy policy.

If you do not provide us with certain personal data, this may mean that it is not possible to provide the associated service or conclude a contract. As a matter of principle, we will inform you where personal data requested by us is mandatory.

3.2 Data received
We may also receive personal data about you from third parties, such as the following third parties:

• From business partners with whom we work, e.g. banks, insurance companies, sales and other contractual partners;
• From people who communicate with us;
• From credit reference agencies, e.g. when we obtain credit reports;
• From address dealers or Swiss Post, e.g. for address updates
• From providers of online services, e.g. Internet analysis services;
• From authorities and courts, in connection with official and judicial proceedings.

The data received includes in particular master data, communication data, financial data and contract data, but also preference data.

3.3 Data collected
We may also collect your personal data ourselves or automatically, for example in the following circumstances:

• When you use our offers;
• If you make use of our services;
• When you order and/or purchase products from us;
• When you visit our website;
• When we consult publicly accessible sources (e.g. public registers, websites, platforms);
• If we obtain information about you from your organization or from another organization or company (e.g. for reference purposes in the application process, if you consent to this);
• When we work with business partners;
• When you click on a link in one of our newsletters or otherwise interact with one of our electronic marketing communications.

The data collected includes, in particular, behavioral data and technical data.

We can also derive further personal data from existing personal data, e.g. by evaluating behavioral data. Such derived personal data is often preference data.

We process your personal data primarily in order to conclude and process our contracts with you, our customers and our business partners. In particular, we also process your personal data for the following purposes:

• to communicate with you;
• to provide you and our customers with our services (including websites) and to improve them;
• to manage the business relationship with you and our customers;
• for advertising, marketing, market research and product development;
• to ensure your and our security and to prevent misuse (e.g. for IT security, theft, fraud and abuse prevention and for evidence purposes);
• to comply with legal and regulatory obligations;
• to assert our claims and defend ourselves against the claims of others;
• to prepare and execute the sale or purchase of business divisions, companies or parts of companies and other transactions under company law and the associated transfer of personal data;
• for business management.

When processing personal data for the purposes described in this statement, we rely, among other things, on our legitimate interest in maintaining, expanding and managing the business relationship and communicating with you as a business partner about our products and services.

You can give us your consent to process your personal data for certain purposes. Unless we have another legal basis, we process your personal data within the scope of and based on this consent. You can revoke your consent at any time. A revocation has no effect on processing that has already taken place.

We may disclose your personal data to trusted third parties where necessary or appropriate for the provision of our services or the fulfillment of the purposes defined in this Privacy Policy. We may disclose your personal data to the following categories of recipients: External service providers (e.g. IT service providers, auditors, freight forwarders, payment services); customers and other contractual partners; counterparties, their legal representatives and persons involved; business partners with whom we may need to coordinate the provision of services; authorities and courts. Please note that these recipients may in turn involve third parties, so that your data may also become accessible to them.

If we share your personal data with third parties who process your personal data on our behalf, this is done on the basis of our instructions and in accordance with our privacy policy and other appropriate confidentiality and security measures. For example, we use service providers to support the operation of our IT infrastructure, provide our products and services, improve our internal business processes and offer additional support to our customers.

In principle, we only process your personal data in Switzerland and the European Economic Area (EEA) (see also section 6 below). We use third-party services on our websites; please note our cookie policy (section 13 below) on independent data collection by third-party providers.

We may transfer your personal data to recipients in the European Economic Area (EEA), as well as to recipients in the USA and other countries that do not guarantee a level of data protection comparable to Swiss law (so-called third countries). We normally do this if it is necessary to fulfill a contract or to enforce legal claims. If we disclose data to other third countries and you are not already aware of this (e.g. from a contract or communication with us), the respective country, international body or at least the region can be found at the appropriate place in this privacy policy and in particular in the cookie policy. We only transfer your personal data to a third country if the data protection requirements are met (e.g. after concluding recognized standard data protection clauses or obtaining consent) or if we can rely on an exemption clause. An exception may exist in particular in cases of overriding public interests or if the execution of a contract that is in your interest requires such disclosure.

Profiling” refers to the automated processing of personal data in order to analyze personal aspects or make predictions (e.g. analysis of personal interests and habits). As a rule, profiling is used to derive preference data. We use profiling in particular for the automatic processing of master data, contract data, behavioral data and preference data when using and purchasing our offers and services, but also in connection with our websites, events, competitions and prize draws. We use profiling in particular to improve our offers, to present them and our content in line with your needs, to provide you only with advertising and offers that are likely to be relevant to you and to decide which payment options are available to you based on a credit check. We can also link personal data from different sources as a basis for profiling in order to improve the quality of our analyses and forecasts.

“Automated individual decisions” are decisions that are made fully automatically, i.e. without human involvement, and that may have legal consequences for the data subject or otherwise significantly affect them. As a rule, we do not use automated individual decisions; if we do, we will inform you separately in individual cases.

We take appropriate technical (e.g. firewall, SSL encryption, password protection) and organizational (e.g. access restriction, training of authorized persons) security measures to protect the security of your personal data. We use these measures to protect your personal data against unauthorized or unlawful processing, access and/or unintentional loss, alteration or disclosure. Please always bear in mind that the transmission of information via the Internet and other electronic means entails certain security risks. We cannot guarantee the security of information transmitted in this way.

We store your personal data for as long as required by our processing purposes (see section 4), the statutory retention periods (usually five or 10 years) and our legitimate interests, in particular for documentation and evidence purposes, or if storage is technically necessary (e.g. in the case of backups or document management systems). We delete or anonymize your personal data, provided there are no legal or contractual obligations or technical reasons to the contrary, in principle after the storage and processing period has expired as part of our usual processes and in accordance with our retention policy.

We may operate pages and other online presences on social networks and other platforms operated by third parties (e.g. fan pages, channels, profiles) and collect and process data about you (in particular contact and profile data) that you or the social networks provide to us. We receive the data when you come into contact with us via our online presence (e.g. accessing and commenting on posts). We receive aggregated or otherwise sufficiently anonymized data from the platforms for evaluation so that we can further develop the contributions and services we offer. We process the data, in particular for communication, for marketing purposes (including advertising on these platforms) and for market research. We may redistribute content published by you or delete or restrict content from or about you in accordance with the usage guidelines. Personal data may also be processed outside Switzerland and the European Economic Area (EEA).

Furthermore, the platforms evaluate your use of our online presences and link this data with other data about you known to the platforms. They also process this data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g. to personalize advertising) and to control their platforms (e.g. what content they show you).

When using the platforms, other legal documents (e.g. general terms and conditions and terms of use) apply in addition to the corresponding data protection declarations.

We currently use the following platforms:

• LinkedIn of LinkedIn Ireland, Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, whereby data may also be transferred to the USA. We are jointly responsible with LinkedIn and have concluded the so-called “Page Insights Joint Controller Addendum” (https://legal.linkedin.com/pages-joint-controller-addendum). You can find more information on data processing in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

Below we describe how and why we use cookies and similar technologies when you use our websites and how we process personal and other data.

12.1 What is log data?
Every time you connect to a web server, certain information is logged and stored for technical reasons. When you visit our website, information is automatically sent to our website server. This information includes the IP address of your computer, the date and time of access, the name and URL of the data accessed, the website from which the access was made (referrer URL), the browser type and version and other information transmitted by the browser (e.g. operating system of your computer, geographical origin, language setting). This information is temporarily stored in a so-called log file and stored in accordance with the legal requirements. We process the data for the purpose of ensuring a smooth connection setup and convenient use of our website as well as the evaluation of system security and stability.

12.2 What are cookies and similar technologies?
We may use cookies and similar technologies on our website. Cookies are usually small text files that your browser automatically creates and stores on your end device (computer, tablet, smartphone, etc.) when you visit our website. Session cookies save your entries as you navigate from page to page on the website. Session cookies are deleted after a short time, at the latest when you close your browser. Persistent cookies remain stored for a certain period of time even after the browser is closed. Similar technologies include, for example, pixel tags (invisible images or program code that are loaded from a server and transmit certain information to the server operator), fingerprints (information from the end device and the browser that is collected when a website is accessed and in conjunction distinguishes the end device from others) and other technologies (e.g. “web storage”) for storing data in the browser.
We use both persistent and session cookies on our website. We cannot identify you with a cookie in every case. We use cookies and similar technologies so that we can statistically record the use of our website and evaluate it for the purpose of optimization and user-friendliness. We also use cookies for the purpose of providing our services (in particular technically necessary cookies). Cookies have different storage periods. We have no control over the retention period of cookies set by third-party providers.

12.3 How can you deactivate cookies and similar technologies?
You can configure your browser so that it does not automatically accept cookies and similar technologies or deletes existing cookies and other data stored in the browser. You can also expand your browser with additional software (so-called “add-ons” or “plug-ins”), which then prevents tracking by certain third parties. As a rule, you will find further information in the help pages of your browser under the keyword “Data protection”. Please note that the partial or complete deactivation of cookies may result in you not being able to use all the functions of our websites.

12.4 Which cookies and similar technologies do we use and how do we use them?

a) Technically necessary cookies
We use persistent cookies to store your personal user settings (in particular regarding cookies and language selection on our website). We will not process any of your personal data. The purpose of the processing is to re-identify your personal settings on our website. These cookies are necessary for the functionality of our website. After one year, these cookies are automatically deleted from your system. You can also delete the cookies manually at any time. Please note that your user settings will be lost.

b) Success and reach measurement
We use the following services in particular to measure success and reach:

• Google Analytics by Google Ireland Ltd, based in Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. relies on Google LLC, based in the USA, as its processor. The way in which our website is used is monitored and recorded. Google Analytics uses persistent cookies to collect anonymous information (e.g. number of visitors to the website, origin of visitors, length of visit). As a matter of principle, we do not transmit any personal data or complete IP addresses to Google. Google provides us with the collected information in aggregated form. We do not have the possibility to identify individual visitors. However, Google may use the additional data it collects and the knowledge gained from it for its own purposes. Google knows you if you have registered with Google. Google then processes your personal data under its own responsibility and in accordance with its data protection provisions. You can find more information about the data collected in the privacy policy of Google Ireland Limited at: https://policies.google.com/privacy

• HubSpot by HubSpot Inc, Two Canal Park, Cambridge, MA 02141 USA. The way in which our website is used is monitored and recorded. HubSpot uses persistent cookies to collect anonymous information (e.g. number of visitors to the website, origin of visitors, length of visit). As a matter of principle, we do not transmit any personal data or complete IP addresses to HubSpot. HubSpot provides us with the collected information in aggregated form. We do not have the possibility to identify individual visitors. For information on how HubSpot processes your data, please refer to the HubSpot Inc. privacy policy at the following link: https://legal.hubspot.com/de/privacy-policy

• Leadinfo from Leadinfo B.V., Rotterdam, Netherlands. The visits of companies to our website are recognized on the basis of IP addresses and publicly accessible information such as company names or addresses are displayed to us. In addition, Leadinfo uses two first-party cookies to evaluate user behavior on our website and to process domains from form entries (e.g. “leadinfo.com”) to correlate IP addresses with companies and to improve services. You can find out how Leadinfo processes your data in Leadinfo’s privacy policy at the following link: https://www.leadinfo.com/de/datenschutz/. Under the following link you have an opt-out option and Leadinfo will no longer collect your data in the event of an opt-out: http://www.leadinfo.com/en/opt-out

• Leadfeeder of Dealfront Group GmbH, Durlacher Allee 73, D-76131 Karlsruhe, Germany. The way in which our website is used is monitored and recorded. How Leadfeeder processes your data can be found in Leadfeeder’s privacy policy at the following link: https://www.leadfeeder.com/privacy/

c) Advertising and marketing
We use the following services in particular for advertising and marketing purposes:

• Google Adsense, Google DoubleClick and Google Conversion Linker from Google Ireland Ltd, based in Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. relies on Google LLC, based in the USA, as its processor. The privacy policy of Google Ireland Limited can be found at: https://policies.google.com/privacy
• LinkedIn of LinkedIn Ireland, Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, whereby data may also be transferred to the USA. We are jointly responsible with LinkedIn and have concluded the so-called “Page Insights Joint Controller Addendum” (https://legal.linkedin.com/pages-joint-controller-addendum). You can find more information on data processing in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

12.5 Website plugins
We use various plugins (extensions) and third-party services on our website to provide you with our website and offer additional functions. In particular, we use plugins from HubSpot, Leadinfo and Leadfeeder (further information on the services can be found above under cookies).

As a data subject, you may assert various claims against us in accordance with the applicable national and international provisions. We may process your personal data again to fulfill your claims.
You have the following rights in relation to your personal data:

• Right to information: You have the right to receive information about what personal data we have about you and how we process it;
• Right to data output or transfer: You have the right to receive or transfer a copy of your personal data in a commonly used electronic format, provided that it is processed automatically and the data is processed with your consent or in direct connection with the conclusion or performance of a contract between you and us;
• Right to rectification: You have the right to have your personal data rectified if it is incorrect;
• Right to erasure: You have the right to have your personal data erased;
• Right to object: You have the right to object to the processing of your personal data (particularly in the case of data processing for the purpose of direct marketing).

Please note that conditions and exceptions apply to these rights. We may restrict or refuse your request to exercise these rights where permitted by law. We reserve the right to black out copies for reasons of data protection or confidentiality or to supply only excerpts.

If you wish to exercise your rights against us or do not agree with our handling of your rights or data protection, please contact us; our contact details can be found in section 1. In order for us to rule out misuse, we must identify you (e.g. with a copy of your ID, if necessary).

We do not assume that the EU General Data Protection Regulation (“GDPR”) is applicable in our case. However, should this be different in exceptional cases for certain data processing operations, this section 15 shall also apply exclusively for the purposes of the GDPR and the data processing operations subject to it.

We base the processing of your personal data in particular on the fact that

• it is necessary as described in section 4 for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR);
• it is necessary for the purposes of the legitimate interests pursued by us or by third parties as described in Section 4, in particular for communication with you or third parties, to operate our website, to improve our electronic offerings and registration for certain offerings and services, for security purposes, for compliance with Swiss law and internal regulations, for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organization, implementation and follow-up of events and to safeguard other legitimate interests (see Section 4. 4) (Art. 6 para. 1 lit. f GDPR);
• it is required or permitted by law on the basis of our mandate or our position under the law of the EEA or a member state (Art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);
• you have separately consented to the processing, e.g. via a corresponding declaration on our website (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).

If you are in the EEA, you also have the right to restrict data processing and you can lodge a complaint with the data protection supervisory authority in your country. A list of the authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de

We may amend this privacy policy or add new processing activities at any time. We also update this privacy policy from time to time to reflect legal requirements. We will inform you of such adjustments and additions in an appropriate form; in particular, we will publish the current data protection declaration on our website (see below).

The current privacy policy can be accessed at any time at https://bsgroup-data-analytics.ch/datenschutz.