Privacy Policy

1. General

dua AG is the operator of the website www.dua.com and provider of the services offered on this website and apps, in short “Services”. Thus, dua AG, Leutschenbachstrasse 95, 8050 Zürich, Switzerland is for the controller of the collection, processing and use of your data and has to ensure the compatibility with applicable data protection laws. The protection of your personal data is of utmost importance to dua AG. Herewith we inform you about the data collected on www.dua.com and how they are used. You will also learn how to check the accuracy of this information and how to request that we delete this data. Please note that this Privacy Policy may change from time to time. We therefore recommend that you regularly read this Privacy Policy to ensure that you are always familiar with the latest version.

2. Collection, use and processing of personal and company data

The person responsible for data protection is the following:

Name: LEXR AG

Full name: Christian Meisser

Position: Data Protection Officer

Email: christian.meisser@lexr.ch

We collect the following types of personal data when you use our Services: – Identity and contact data – Profile, usage and website interaction – Technical data – Unique user IDs – Location-based data Personal Data (including any sensitive personal data) explicitly disclosed by you whilst using our Services (includes communication data as well as information disclosed in your profile) When you use our Services, certain data is automatically stored on our servers for system administration, statistical or backup purposes. These are as follows: – the name of your Internet service provider – Your IP address (under certain circumstances) – the date – the time – the website or app from which you use our Services – the search words you used to find our Services.

3. Legal Basis and Purposes

Our legal basis for collecting and using the personal data described in this Privacy Policy depends on the personal data we collect and the specific purposes for which we collect it. Contract: To perform our Services or take steps linked us providing Services to you. – To provide and protect our Services – To administer, manage and develop our business and Services Consent: We may rely on your freely given consent at the time you provided your personal data. – To provide you with news, special offers, newsletters, and general information about goods and Services which we offer (with your explicit consent). – The personal data that you decide to publish while using our Services are processed on the basis of your consent. If you share sensitive personal data as defined by applicable data protection laws, we process such data on the basis of your explicit consent only for the purpose of offering our online meeting Service. We do not process such sensitive personal data for any other purpose. – If you disclose sensitive personal data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership while using our Services, we process such data with your explicit consent and only for the purpose of providing our Services to you. Legitimate interests: We may rely on legitimate interests based on our evaluation that the processing is fair and reasonable. – To maintain and improve our Services – To develop new Services Public interest: To meet regulatory and public interest obligations. – To comply with applicable regulation and legislation.

4. Data Transfers

Your data will be transferred to our partners (third parties) as far as the order processing or storage makes it necessary.

We may, where necessary and according to the relevant legal basis, share your Personal Data with any number of the following categories of third parties:

  • Insurers
  • Regulators/tax authorities/corporate registries
  • Professional advisers that we use, such as accountant and lawyers
  • Government or regulatory authorities
  • Third parties who provide services such as, document processing and translation services, software providers or IT systems, IT support services, document and information storage providers
  • Third parties that are engaged in the course of your matter, such as counsel, mediators, banks and other payment providers, court, tax advisors or valuation experts
  • Third party service providers who help us with client insight analytics, such as Google Analytics
  • Third party postal or courier providers who deliver our postal marketing campaigns or documents related to a client matter

We and our Service Providers may process your data in the following countries: – Switzerland & EU/EEA – Kosovo – US For the transfer to countries that have not been deemed to provide an adequate level of protection according to lists of countries published by the Federal Data Protection and Information Commissioner, we safeguard your data by applying standard contractual obligations which provide for appropriate protection of data. If you provide us with personal or company data of your own accord, we will not use, process or pass on this data beyond the scope permitted by law or specified by you in a declaration of consent. Furthermore, we will only pass on your data to external service providers if this is necessary for the execution of the contract and if these service providers have agreed to the relevant confidentiality and due diligence provisions.

5. Data Disclosure

We may disclose your personal data in the good faith belief that such action is necessary: – To comply with a legal obligation (i.e. if required by law or in response to valid requests by public authorities, such as a court or government agency); – To protect the security of our Services and defend our rights or property; – To prevent or investigate possible wrongdoing in connection with us; – To protect ourselves against legal liability.

6. Data security

We will keep your information secure and therefore take all reasonable steps to protect your information from loss, access, misuse or alteration. Our employees and contractual partners who have access to your data are contractually bound to secrecy and to comply with the provisions of data protection law. The security of your personal data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We recommend that you use antivirus software, a firewall, and other similar software to protect your system. Nevertheless, in the event of a data security incident occurring, we follow our internal procedure to respond to the incident and notify you as quickly as possible.

7. Data Protection Rights

You have the below data protection rights on the basis of the Swiss Federal Act on Data Protection and the EU General Data Protection Regulation. You can request information about your data stored by us at any time. To do so, we ask you to send an e-mail request for information to the address below. You have the possibility to request the deletion or correction of your data at any time. You are of course also entitled at any time to revoke any consent you have given to the use or processing of personal data with effect for the future. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal basis for processing. For this purpose, we ask you to write to us by e-mail to privacy@dua.com. To stop receiving emails from us, please click on the ‘unsubscribe’ link in the email you received. Stored data will be deleted by us when they are no longer required for the stated purpose. Concerning the deletion of data, it is important to note that we are subject to certain legal obligations which foresee a duty to retain certain data. We must comply with this obligation. If you wish the deletion of data which are subject to the legal obligation to retain, the data will be blocked in our system and only used to fulfill the legal obligation to retain data. After expiry of the legal retention period, your request for deletion will be complied with. Right to portability: You have the right to request that we transmit your personal data to another data controller in a common format such as Excel, where this is data which you have provided to us and where we are processing it on the legal basis of your consent or in order to perform our contractual obligations. Right to lodge a complaint with a supervisory authority: You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch/edoeb/en/home.html). If you use our services in the EU, you may assert this right, for example, before a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement.

8. Website and app hosting

The website of dua AG is hosted in Switzerland (Hostpoint). Our app “dua.com” is hosted in Ireland by Amazon Web Services (AWS). The customer is aware that for various applications offered by dua AG or required for the provision of services, data may be processed or stored on servers in the territory of the European Union (EU) and Kosovo.

9. Cookies

For details on the Cookies we use, please refer to our Cookie Policy.

10. Plug-Ins

10.1. Facebook-Plugins

On our website, plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated. You can recognize the Facebook plugins by the Facebook logo or the “Like” or “Share” button on our site. You can find an overview of the Facebook plugins here: – http://developers.facebook.com/docs/plugins/ When you visit our pages, the plug-in establishes a direct connection between your browser and the Facebook server. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the website by it. Facebook thereby receives the information that you have visited our site with your IP address, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there. If you click the Facebook “Like-Button” while you are logged in to your Facebook account, you can link the contents of our pages on your Facebook profile. This allows Facebook to assign visits to our Pages to your user account. The information of your interaction is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. Facebook may use this information for the purposes of advertising, market research and the design of Facebook pages to meet the needs of the market. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook. For more information, please see the Facebook privacy policy at – https://www.facebook.com/about/privacy/. If you do not want Facebook to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account before using our website.

10.2. Twitter

On our website you will find integrated plugins of the short message network Twitter Inc. 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. You can recognize the Twitter plugins (Tweet button) by the Twitter logo on our site. You can find an overview of the Tweet button at https://dev.twitter.com/. When you call up a page of our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server. Twitter thereby receives the information that you have visited our site with your IP address. If you click on the “Tweet button” while you are logged in to your Twitter account, you can link the contents of our pages on your Twitter profile. This allows Twitter to associate your visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. For further information, please refer to the Twitter privacy policy. If you do not want Twitter to be able to track your visit to our site, please log out of your Twitter account.

10.3. LinkedIn

On our Internet pages, plugins of the social network LinkedIn of the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter “LinkedIn”) are integrated. You can recognize LinkedIn plugins by the LinkedIn logo or the “Recommend” button on our site. When you visit our pages, the plug-in establishes a direct connection between your browser and the LinkedIn server. LinkedIn thereby receives information that you have visited our site using your IP address. If you click the LinkedIn “Recommend-Button” while logged into your LinkedIn account, you can link the content of our pages on your LinkedIn profile. This allows LinkedIn to associate your visit to our sites with your LinkedIn account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. Details on the collection of data (purpose, scope, further processing, use) as well as your rights and setting options can be found in LinkedIn’s privacy policy. You can find these notes at: http://www.linkedin.com/legal/privacy-policy.

10.4. YouTube

Our web pages contain at least one plug-in from YouTube, belonging to Google Inc., located at LLC 901 Cherry Ave. San Bruno, CA 94066 USA. As soon as you visit a page of our website equipped with a YouTube plug-in, a connection to the servers of YouTube is established. This tells the YouTube server which specific page of our website you have visited. In addition, if you are logged into your YouTube account, you would allow YouTube to assign your surfing behavior directly to your personal profile. You can cancel this possibility of assignment if you log out of your account before. For more information about YouTube’s collection and use of your information, please see their privacy policy at http://www.youtube.com/t/privacy.

10.5. Instagram

On our Internet pages we use so-called social plugins from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram Camera”. When you access a page on our site that contains such a plug-in, your browser establishes a direct connection to Instagram’s servers. The content of the plug-in is transmitted by Instagram directly to your browser and integrated into the page. This integration informs Instagram that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can immediately associate your visit to our website with your Instagram account. When you interact with the plugins, for example, by clicking the “Instagram” button, this information is also sent directly to an Instagram server and stored there. The information is also published to your Instagram account and displayed to your contacts. For the purpose and scope of data collection and further processing and use of the data by Instagram, as well as your rights and setting options for protecting your privacy, please refer to Instagram’s data protection information: https://help.instagram.com/155833707900388/ If you do not want Instagram to associate the information collected through our web site directly with your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent Instagram plugins from loading by using add-ons for your browser, e.g. the script blocker “NoScript” (http://noscript.net/).

10.6. Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie (browser type/version, operating system used, referrer URL previously visited website, IP address, time of server request) about your use of this website is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymisation is activated on our website, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before this happens. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you agree to the processing of the data collected about you by Google in the manner described above and for the aforementioned purpose. Further information about the web analysis service used can be found on the Google Analytics website. Instructions on how to prevent the processing of your data by the web analysis service can be found at: – http://tools.google.com/dlpage/gaoptout?hl=de.

10.7. Google Webfonts

Google web fonts (http://www.google.com/webfonts/) are used to improve the visual presentation of various information on this website. The web fonts are transferred to the cache of the browser when the page is called up, so that they can be used for the display. If the browser does not support Google web fonts or prevents access, the text is displayed in a standard font. When the page is called up, the website visitor does not receive any cookies. Data transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail. You can set your browser so that the fonts are not loaded from the Google servers (e.g. by installing add-ons such as NoScript or Ghostery for Firefox). If your browser does not support the Google fonts or if you prevent access to the Google servers, the text will be displayed in the default font of the system. For information about Google Web Fonts’ privacy policy, please visit – https://developers.google.com/fonts/faq#Privacy General information on data protection is available in the Google Privacy Center at: http://www.google.com/intl/de-DE/privacy/

11. Amendments and validity

Changes to this privacy policy will be published on this page. In this way, you can inform yourself at any time about what data we store, how we collect and use it. You can save and / or print out the data protection regulations here.

12. Changes to our privacy policy

Should we have to adapt the data protection declaration due to adapted services or due to new requirements, the latest available version will apply. Our group of companies is active in Switzerland as well as in the EU-EEA and Kosovo area. The information provided here refers to the EU Data Protection Basic Regulation with simultaneous consideration of the Swiss Data Protection Act. Should deviations or additions be necessary in this respect, these will be incorporated into the information presented here.