2. Collection, use and processing of personal and company data
The person responsible for data protection is the following:
Name: LEXR AG
Full name: Christian Meisser
Position: Data Protection Officer
We collect the following types of personal data when you use our Services: – Identity and contact data – Profile, usage and website interaction – Technical data – Unique user IDs – Location-based data Personal Data (including any sensitive personal data) explicitly disclosed by you whilst using our Services (includes communication data as well as information disclosed in your profile) When you use our Services, certain data is automatically stored on our servers for system administration, statistical or backup purposes. These are as follows: – the name of your Internet service provider – Your IP address (under certain circumstances) – the date – the time – the website or app from which you use our Services – the search words you used to find our Services.
3. Legal Basis and Purposes
4. Data Transfers
Your data will be transferred to our partners (third parties) as far as the order processing or storage makes it necessary.
We may, where necessary and according to the relevant legal basis, share your Personal Data with any number of the following categories of third parties:
- Regulators/tax authorities/corporate registries
- Professional advisers that we use, such as accountant and lawyers
- Government or regulatory authorities
- Third parties who provide services such as, document processing and translation services, software providers or IT systems, IT support services, document and information storage providers
- Third parties that are engaged in the course of your matter, such as counsel, mediators, banks and other payment providers, court, tax advisors or valuation experts
- Third party service providers who help us with client insight analytics, such as Google Analytics
- Third party postal or courier providers who deliver our postal marketing campaigns or documents related to a client matter
We and our Service Providers may process your data in the following countries: – Switzerland & EU/EEA – Kosovo – US For the transfer to countries that have not been deemed to provide an adequate level of protection according to lists of countries published by the Federal Data Protection and Information Commissioner, we safeguard your data by applying standard contractual obligations which provide for appropriate protection of data. If you provide us with personal or company data of your own accord, we will not use, process or pass on this data beyond the scope permitted by law or specified by you in a declaration of consent. Furthermore, we will only pass on your data to external service providers if this is necessary for the execution of the contract and if these service providers have agreed to the relevant confidentiality and due diligence provisions.
5. Data Disclosure
We may disclose your personal data in the good faith belief that such action is necessary: – To comply with a legal obligation (i.e. if required by law or in response to valid requests by public authorities, such as a court or government agency); – To protect the security of our Services and defend our rights or property; – To prevent or investigate possible wrongdoing in connection with us; – To protect ourselves against legal liability.
6. Data security
We will keep your information secure and therefore take all reasonable steps to protect your information from loss, access, misuse or alteration. Our employees and contractual partners who have access to your data are contractually bound to secrecy and to comply with the provisions of data protection law. The security of your personal data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We recommend that you use antivirus software, a firewall, and other similar software to protect your system. Nevertheless, in the event of a data security incident occurring, we follow our internal procedure to respond to the incident and notify you as quickly as possible.
7. Data Protection Rights
You have the below data protection rights on the basis of the Swiss Federal Act on Data Protection and the EU General Data Protection Regulation. You can request information about your data stored by us at any time. To do so, we ask you to send an e-mail request for information to the address below. You have the possibility to request the deletion or correction of your data at any time. You are of course also entitled at any time to revoke any consent you have given to the use or processing of personal data with effect for the future. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal basis for processing. For this purpose, we ask you to write to us by e-mail to firstname.lastname@example.org. To stop receiving emails from us, please click on the ‘unsubscribe’ link in the email you received. Stored data will be deleted by us when they are no longer required for the stated purpose. Concerning the deletion of data, it is important to note that we are subject to certain legal obligations which foresee a duty to retain certain data. We must comply with this obligation. If you wish the deletion of data which are subject to the legal obligation to retain, the data will be blocked in our system and only used to fulfill the legal obligation to retain data. After expiry of the legal retention period, your request for deletion will be complied with. Right to portability: You have the right to request that we transmit your personal data to another data controller in a common format such as Excel, where this is data which you have provided to us and where we are processing it on the legal basis of your consent or in order to perform our contractual obligations. Right to lodge a complaint with a supervisory authority: You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch/edoeb/en/home.html). If you use our services in the EU, you may assert this right, for example, before a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement.
8. Website and app hosting
The website of dua AG is hosted in Switzerland (Hostpoint). Our app “dua” is hosted in Ireland by Amazon Web Services (AWS). The customer is aware that for various applications offered by dua AG or required for the provision of services, data may be processed or stored on servers in the territory of the European Union (EU) and Kosovo.
On our Internet pages we use so-called social plugins from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram Camera”. When you access a page on our site that contains such a plug-in, your browser establishes a direct connection to Instagram’s servers. The content of the plug-in is transmitted by Instagram directly to your browser and integrated into the page. This integration informs Instagram that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can immediately associate your visit to our website with your Instagram account. When you interact with the plugins, for example, by clicking the “Instagram” button, this information is also sent directly to an Instagram server and stored there. The information is also published to your Instagram account and displayed to your contacts. For the purpose and scope of data collection and further processing and use of the data by Instagram, as well as your rights and setting options for protecting your privacy, please refer to Instagram’s data protection information: https://help.instagram.com/155833707900388/ If you do not want Instagram to associate the information collected through our web site directly with your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent Instagram plugins from loading by using add-ons for your browser, e.g. the script blocker “NoScript” (http://noscript.net/).
10.6. Google Analytics
10.7. Google Webfonts
11. Amendments and validity
Should we have to adapt the data protection declaration due to adapted services or due to new requirements, the latest available version will apply. Our group of companies is active in Switzerland as well as in the EU-EEA and Kosovo area. The information provided here refers to the EU Data Protection Basic Regulation with simultaneous consideration of the Swiss Data Protection Act. Should deviations or additions be necessary in this respect, these will be incorporated into the information presented here.