Data Protection Notes of DSwiss AG
We take your privacy very seriously and process your data in compliance with the respective applicable statutory data privacy requirements. We commit to protecting the personal data of the visitors of our website. Personal data within the meaning of this information is any information that may have a reference to your person, i.e. name, address, email and internet protocol addresses, user behavior. When recording your personal data, it is our utmost desire to offer you safe, uncomplicated, efficient service wholly customized to your needs. In the following data protection notes, we inform you about processing of your personal data by us. Furthermore, we provide you with an overview of your data protection rights. Which data are processed in detail and how they are used is essentially according to the services used, requested or agreed.
1. Controller and Data Protection Officer
(1) The controller in accordance with Article 4(7) General Data Protection Regulation (GDPR) or service provider in accordance with § 13 Telemedia Act (Telemediengesetz; TMG) is:
(2) You can contact the data protection officer at:
2. Source of personal data
We process personal data that we obtain from you in the scope of creation of your SecureSafe account, your visit to our website, within the context of your contact with us by email or via a contact form.
3. Categories of personal data that are processed
(1) If you visit or use our website for information only, i.e. if you do not register or otherwise transmit any information to us, we will only collect the personal data your browser transmits to our server. If you want to view our website, we will collect the following data that we require technically in order to show you our website and to ensure its stability and security:
- Your internet protocol address,
- Date, time and duration of your visit,
- Content of the requirement (specific page),
- Access status/http status code,
- The respective data volume transferred,
- Website sending the requirement,
- Your browser,
- Your operating system.
These data serve internal statistical purposes only.
(2) In addition to the above data, transient and persistent cookies will be stored on your computer when you use our website. Cookies are small text files that are stored on your hard disc associated with the browser you use and through which the party that sets the cookie will receive certain information. Cookies cannot execute any programs or transfer any viruses to your computer. They serve to make the internet offer as a whole more user-compatible and effective.
(3) Most browsers are set so that they accept cookies. You can, however, deactivate the recording of cookies in your browser at any time or set your browser so that you will be informed as soon as cookies are sent. However, please note that you may not be able to use all functions of this website then.
(4) This stored information will be stored separately from any other data that may have been indicated to us. In particular, the data from the cookies will not be combined with any other data from you.
4. Further functions and offers of our website
(1) In addition to the purely informational use of our website, we offer various services that you may use if you are interested in them. For this, you usually need to indicate further personal data that we need to render the respective service.
(2) If you contact us by email or via a contact form, the data provided by you (your email address and, where applicable, your first and last name and your phone number) shall be stored by us in order to respond to your query.
(3) If you contact us via our offer or sales contact form, we will collect your first and last name, the name and address of the company you work for, your email address and your phone number.
(4) When you contact us via our support contact form, we will collect your email address and your SecureSafe user name.
(5) If clients acquire our service for a project group, we will collect the following data within the context of the ordering process: the Team-Safe name, the nickname, the user name and an email address. If clients additionally request a free offer for our services for their company, we will collect the following personal data: Your name, your first name, the name of the company for which the offer is to be collected, the address as well as the email address and phone number.
(6) If you are an existing customer of ours, we will process your email address in order to send you information regarding updates for our products and services, along with preferential offers. In order to do so, we will pass the above data on to our technical service provider Emarsys eMarketing Systems AG, Märzstrasse 1, A-1150 Vienna.
(7) We will erase these personal data arising in this context after storage is no longer necessary, or we shall restrict processing if there are any legal archiving obligations.
5. Google Universal Analytics with IP anonymization
(1) This website uses Google Universal Analytics with IP anonymization, a web analysis service of Google Inc. ("Google"). Google Universal Analytics uses "cookies". The information generated by the cookie regarding your use of this website is usually transferred to a server of Google in the USA and stored there. Due to activation of IP anonymization by us on this website, your internet protocol address will be abbreviated first by Google within member states of the European Union or in other contracting states of the convention on the European Economic Area. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, in order to compile reports on the website activities and to render further services connected to website use and internet use towards the website operator.
(2) The internet protocol address transmitted by your browser within the context of Google Universal Analytics will not be combined with any other data of Google.
(3) Beyond the cookie settings in your browser, you may prevent recording of the data generated by the cookie and referring to your use of the website (incl. your internet protocol address) and processing of these personal data by Google by downloading and installing the browser plug-in available under the following link: google.com.
(4) Note that Google Universal Analytics has been expanded by the code "ga('set', 'anonymizeIp', true);" on this website, in order to ensure anonymized recording of Internet Protocol addresses (IP masking). This means that internet protocol addresses will be processed further abbreviated.
(5) We use Google Analytics in order to analyze use of our website and regularly improve it. The statistics acquired enable us to improve our offer and to make it more interesting for you as the user. For exceptions in which personal data are transmitted to the USA, Google has subjected itself to the EU-US Privacy Shield.
(6) This website uses Google Tag Manager. We use Google Tag Manager to implement and manage tags on this website. This means that the tag manager will not record any cookies or personal data. However, it may trigger tags that may record data. Google Tag Manager does not access such personal data. Deactivation on domain or cookie level will continue to apply to all tracking tags implemented with Google Tag Manager.
(7) Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: google.com; Overview of data protection: google.com. and the data protection statement: google.de.
6. Integration of YouTube videos
(1) We have integrated YouTube videos into our online offer that are stored on YouTube.com and that can be played directly from our website. All of these are integrated in the "expanded data protection mode", i.e. so that no data concerning you as user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data named in paragraph 2 be transmitted. We cannot influence this data transmission.
(2) By your visit to the website, YouTube will be informed that you have called up the corresponding sub-page of our website. The data named in item 3 of these data protection notes statement will be transmitted as well. This is done no matter if YouTube provides a user account through which you are logged in or whether you have no user account. If you are logged in to Google, your data will be associated with your account directly. If you do not wish assignment to your profile at YouTube, you need to log out before you activate the button. YouTube will record your data in usage profiles and use them for the purpose of advertising, market research and/or demand-oriented design of its website. Such evaluation shall in particular take place (even for users who are not logged in) in order to display demand-oriented marketing and in order to inform other users of the social network of your activities on our website. You have a right to object to the generation of these user profiles. In order to exercise this right, you must contact YouTube.
(3) Further information on the purpose and extent of data collection and processing by YouTube is available in the data protection statement. It also contains further information on your rights and setting options for protecting your privacy: google.de. Google also processes your personal data in the USA and has subjected itself to the EU-US-Privacy-Shield.
7. Use of the SecureSafe application
(1) Our internet Datensafe services (“SecureSafe Services”) shall be used in accordance with the SecureSafe GTC and subject to the user’s own responsibility. You may access the SecureSafe Services via the web from our website or download our SecureSafe apps designed for desktop or mobile devices.
(2) You may download our apps for mobile devices from various online platforms operated by other providers (“App Stores”). The data protection notices of the respective providers shall apply to data processing in connection with your visit to the App store and download of the app for mobile devices. They can be viewed at apple.com for the Apple App Store and at google.com for the Google Play Store.
(3) In order to use our SecureSafe Services, you must register and provide the following data:
- Your email address.
- A username of your choice.
- A password of your choice.
(4) The following data will be processed when you use the SecureSafe application:
- The data listed in section 3 (categories of processed personal data), subsection 1
- Actions executed within the app (visible, for example, in the “Activity Trail” of a TeamSafe) and their duration
- The (SecureSafe) app version you are using.
(5) Your registration establishes a usage relationship in accordance with the provisions of the SecureSafe GTC. We will save the personal data provided by you necessary to fulfill the contract. We will also save the data freely provided by you for the period of time during which you use the SecureSafe Services, provided you do not delete it. You can manage and edit any information in your reserved customer area. SecureSafe will never have any access to your login details.
(6) If you are using our SecureSafe Services, you will generate usage data by uploading files, storing passwords or sending emails with personal content via the mail-in function. In the event content uploads are not executed strictly in relation to personal or family matters, this may constitute a form of processing subject to the application of the GDPR. For this purpose, you shall be the “data controller” for the respective processing activity as defined by Article 4 (7), GDPR. We provide our users only with the technical framework conditions for saving data. We have no control over the type, if any, of personal data uploaded by users when using the SecureSafe Services. We have no access to any uploaded data; we do not review it, and we do not assess it. We therefore assume that you alone will be the controller as defined by Article 4 (7), GDPR, in the aforementioned case. If you delete your account or request its deletion, the usage data generated by you will also be erased.
(7) If you use our SecureSafe services for anything other than personal or family activities, you can do an order processing contract with us for the use of our services.
(8) If the usage fee is not paid by the customer themselves, but by a third party such as the customer's employer (hereinafter, "third-party payer"), DSwiss reserves the right to provide the third-party payer with billing reports, which may contain the customer's email address. The client explicitly agrees to this.
(9) Via our website or apps, you can choose between free use of our services and other paid services. We accept payment via credit card or PayPal accounts.
(10) If you choose to use a voucher, we will record the voucher code and the context in which it was used.
(11) If you choose to pay by credit card at the time of payment, you will be forwarded to the Datatrans interface for payment. Payment by credit card requires the indication of the following personal data: your credit card information, comprising your card number, date of validity, and CVV code. For further information, see the data privacy notices of Datatrans under datatrans.ch.
(12) If you choose to pay using the online payment service provider PayPal at the time of payment, you will be forwarded to the PayPal interface for payment. Personal data submitted to PayPal usually are first name, last name, address, phone number, IP address, email address, or other data that are required for processing, as well as data that are connected to the purchase. Depending on the payment type chosen at PayPal, PayPal will submit the personal data provided to PayPal to rating agencies. The specific agencies and the data generally collected, processed, saved, and passed on by PayPal can be taken from PayPal’s data privacy notice under paypal.com.
(13) The financial data used are encrypted with TLS.
8. Integration of Google reCAPTCHA
(1) Our website uses the reCAPTCHA service by Google to protect your requests via an online form. The query serves to distinguish whether the input is made by a person or abusively by automated machine-based processing (e.g. by bots). The query includes sending of the internet protocol address and any further data needed by Google for the service to Google. For this purpose, your input will be transmitted to Google and used further there.
(2) By using reCAPTCHA, you agree that the recognition provided by you will be used for the digitalization of old works. Due to activation of IP anonymization by us on this website, your internet protocol address will be abbreviated first by Google within member states of the European Union or in other contracting states of the convention on the European Economic area. Only in exceptional circumstances will your full internet protocol address be transmitted to a server of Google and abbreviated there. On behalf of the operator of this website, Google shall use this information in order to evaluate your use of this service. The internet protocol address transmitted by your browser within the context of reCAPTCHA will not be combined with any other data of Google. These data are subject to the deviating provisions on data protection of Google Inc. For more information on the data protection directives of Google, see: google.com.
9. Categories of recipients of the personal data
(1) We have some of the processes and services performed by carefully selected service providers mandated in compliance with data protection. These external service providers are bound to our instructions and subject to regular inspection. They will not pass your data on to any third parties.
(2) Regarding data forwarding to further recipients, we shall only pass on information concerning you if statutory provisions require this, if you have consented to it or if we are authorized to pass them on. If these conditions are met, recipients of the personal data may be, e.g.:
- Public bodies and institutions (e.g. financial authorities, law-enforcement authorities) when there is a statutory or authority obligation.
10. Purposes of the processing for which the personal data are intended and legal basis for processing
We process your personal data in compliance with the respective applicable statutory provisions on data protection. Processing is lawful if the following condition is fulfilled:
- Consent (point (a) of Article 6(1)) GDPR: Processing of personal data is lawful after consent to processing for specified purpos-es (e.g. processing of your request, use of the data for marketing purposes). You may withdraw consent given at any time, effective for the future. This shall also apply to withdrawal of declarations of consent that were given to us before the application of the GDPR, i.e. before 25 May 2018.
- Sending you targeted update information, specific SecureSafe preferential offers. We will send you such offers in a brief email.
- Due to contractual obligations (point (b) of Article 6(1)) GDPR We process personal data in order to meet our contractual obligations or to carry out pre-contractual measures that take place upon request. The purposes of the pro-cessing activities result primarily from your request.
- Due to statutory specifications (point (c) of Article 6(1)) GDPR:
DSwiss AG is subject to various legal obligations. These include, among others:
- Storage requirements under commercial and tax law according to the law of obligations and the Federal act on direct Federal tax (Bundesgesetz über die direkte Bundessteuer),
- Compliance with controlling and notification obligations under tax law.
- Within the context of consideration of interests (point (f) of Article 6(1)) GDPR:
As far as is necessary, we will process your data beyond the actual performance of the contract to protect legitimate interests of us or of third parties. Examples:
- Establishment of legal claims and defenses in legal disputes,
- Ensuring IT security and IT operation,
- Analysis and improvement of use of our website.
- Submission of information regarding updates for our products and services, and regarding preferential offers to the customer base.
11. Intention to transmit personal data to a third country or an international organization
The data are in principle only processed within Switzerland. The EU commission has established in accordance with Article 25(6) of the directive on privacy of the EU that Switzerland offers an appropriate level of protection. Active transfer to any further third countries will take place solely if this has been expressly indicated within the context of the services named above.
12. Criteria for determination of the duration for which the personal data are stored
(1) The data are generally stored in accordance with the statutory rules on processing activities and under observation of statutory storage periods. We process and use your data only for the purposes to which we are entitled and for as long as the data are needed for such purposes.
(2) If the data are no longer necessary for the purpose or to fulfill statutory obligations, they are usually erased unless their – temporarily or possibly restricted – further processing is required for the following purposes:
- Meeting archiving obligations under commercial and tax law: These are the law of obligations (Obligationenrecht; OR) and the Federal law on the direct Federal tax (Bundesgesetz über die direkte Bundessteuer; DBG). The storage and documentation periods according to these usually are 10 years.
- Preserving evidence within the context of the statutory expiration provisions.
13. Your data protection rights
(1) Every data subject has the right to access according to Article 15 GDPR, the right to rectification according to Article 16 GDPR, the right of erasure according to Article 17 GDPR, the right to restriction of processing according to Article 18 GDPR, the right to objection from Article 21 GDPR and the right to data portability from Article 20 GDPR. Additionally, there is a right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with § 19 BDSG). For rectification of the data, you may log in to your user account and make the desired changes using the field "Preference" (upper right).
(2) You may withdraw your consent granted to us for processing of personal data at any time, effective for the future. This shall also apply to withdrawal of declarations of consent that were given to us before the application of the General Data Protection Regulation, i.e. before 25 May 2018.
(3) You have the right to object to processing of personal data concerning you that are processed based on point (e) of Article 6(1) GDPR (processing activities in the public interest) and point (f) of Article 6(1) GDPR (processing activities based on consideration of interests) based on grounds resulting from your particular situation at any time; this shall also apply to profiling based on this provision within the meaning of Article 4(4) GDPR.
In individual cases, we will process your personal data for direct marketing. You have the right to object to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing, at any time.
If you object to processing for direct marketing purposes, we shall no longer process your personal data for such purposes.
If you object, we shall no longer process your personal data, except if we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or if processing serves to establish, exercise or defend legal claims.
The objection can be filed informally and should be targeted at:
The data protection officer
14. Obligation to provide and possible consequences of failure to provide personal data
Within the context of use of our offers, you must provide the personal data that are necessary to fulfill the purpose or that we are required to collect by law. Without these data, we will usually be unable to render the desired service.
15. Use of automated decision-making, including profiling
Your personal data will be stored and processed on our computers in Switzerland. We protect your personal data by way of compliance with physical, electronic and process-technical safety measures in accordance with article 32, GDPR, in conjunction with the applicable Swiss Federal law. We protect our computers, among other things, using firewalls and data encryption. Moreover, we conduct personal checks before granting access to our buildings and files, and access to personal data is granted only to employees requiring said data to fulfill their tasks.
16. Application of automated decision-making, including profiling
We generally do not use any fully automated decision-making in accordance with Article 22 GDPR for establishing and execution of the business relationship. We will inform you separately if we use this procedure in exceptional cases, as far as this is required by law.
17. Changes to the data protection notes
These data protection notices may be updated from time to time since we continually develop and optimise our services. The respective latest version will be published on our website from time to time.