Privacy

[For legal purposes, use the German version, which is legally binding]

Your privacy is important to us

Protecting our customers’ data and protecting the privacy of our website users is important to us. The personal data that we collect or receive as part of our business activities is treated confidentially and is securely protected from access. Most of our content on the website is free to use. However, we use industry-standard technologies to measure and improve the performance of our website and collect data for this purpose. We sometimes work with external service providers. To the extent that we (or third parties on our behalf) collect and process personal data, we comply with the requirements of the Swiss Data Protection Act and the applicable requirements of the EU General Data Protection Regulation. This data protection declaration ("Declaration") describes how Kapaya AG (" we ", " us " or " our ") collects and processes personal data and what rights you have in doing so.

Introduction

By using our services, you agree to this privacy policy. If you provide us with personal data of other people, please ensure that they are aware of this privacy policy and only share their personal data with us if you are authorized to do so.

Kapaya AG is a company registered under Swiss law, which is subject to Swiss data protection regulations, such as the Federal Data Protection Act ("DSG"). As an internationally active company, in addition to the Swiss data protection regulations, the EU General Data Protection Regulation (“GDPR”) is also important to us. In this data protection declaration, the terms “process” or “processing” and “personal data” are used synonymously with the terms “edit” or “processing” and “personal data”.

If you do not agree to this privacy policy, you should not use our services. If you have any questions about data protection, please do not hesitate to contact us (Section 11).

1. What personal data do we collect and process?

Personal data is any information that relates to an identified or identifiable natural person. Data that cannot be assigned to a natural person (anonymous data) is not included. We primarily process the personal data that we as a service provider receive from these and other people, companies and public bodies involved in our projects with our customers and business relationships with other business partners.

Personal data that requires particular protection includes data about religious, ideological, political or trade union views or activities, data about health, privacy, including information about sex life and sexual orientation, data about membership of a race or ethnic group, genetic data, biometric data, that clearly identify a natural person, data on administrative and criminal prosecutions or sanctions as well as data on social assistance measures.

We process, i.e. collect, use, store and transmit, various types of personal data such as:

a. Data about your identity such as first name, last name, date of birth, gender, title;

b. Contact details such as addresses (billing address, delivery address, email address) and telephone number and financial details such as bank details and payment card details;

c. Performance data such as information about payments to or from you and other information about services that you have received from us or we have received from you;

d. Identification and background information that you provide to us or that is collected from you as part of our onboarding process;

e. Information relating to your professional functions and activities (for example, so that we can use your help to enter into and process transactions with your employer);

f. Data and information, for example in documents or correspondence and discussions with third parties, which are transmitted to us by third parties (Section 2a) or which we take from public registers, in particular in the context of an order or other contractual relationship;

G. Information that is disclosed to us by or on behalf of our customers or that we create as part of our services to customers;

H. Information provided to us for the purpose of participating in meetings, seminars or events;

i. Advertising and communication data such as information about when you receive and read newsletters from us, which of our events you attend and preferences regarding advertising and communication settings;

j. Any other information relating to you that you provide to us;

k. In principle, we do not collect any particularly sensitive personal data.

2. How do we collect personal data?

We collect and process personal data when you communicate with us or our employees, register to receive information via email, or when you attend a meeting, seminar or other event.

In addition to the data you give us directly, we collect personal data from the following sources:

a. Information that our customers, your employer, your contractual parties, our business partners or other third parties provide to us;

b. Information about you from the media and the Internet (as far as this is appropriate in the specific case, e.g. as part of an application, press review, marketing/sales, etc.).

When you access our website, data transmitted by your browser and automatically stored by our server, such as the date and time of access, the name of the file accessed as well as the amount of data transferred and the access time, your web browser, browser language and requesting domain, are recorded. Further data is only collected via our website if you provide this information voluntarily, for example as part of a registration or request, or if you explicitly agree to the use of cookies.

If you register to receive our newsletter, we process the contact information you provide, such as your email address.

3. For what purposes do we process personal data?

We process your information, including your personal data, for the following purposes:

a. Primarily to conclude and fulfill contracts with our customers and business partners, in particular in the context of providing our services to our customers;

b. For marketing, advertising and other purposes: If you have given us consent to process your personal data for specific purposes, we will process your personal data within the framework and based on this consent, unless we have another legal basis and we need one. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place;

c. To further develop our offers, services and websites, and other platforms on which we are present; communicating with you; Communicating with third parties and processing their inquiries (e.g. applications, media inquiries);

d. As part of the assertion of legal claims and defense in connection with legal disputes and governmental proceedings;

e. For the purpose of ensuring our operations, in particular the IT, our websites and other platforms, as well as measures for IT, building and plant security and the protection of our employees and other people and assets entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone records) 

4. On what legal basis do we process personal data?

Depending on the purpose of the processing activity (see point 3 above), your information and personal data will be processed if:

a. it is necessary for entering into or performing a contract for the services requested or for the performance of our obligations under such a contract, for example if we process your data for some of the purposes set out in sections 3a – 3e;

b. it is necessary for the legitimate interests of Kapaya AG without unduly impairing your interests or fundamental rights and freedoms;

c. it is necessary to comply with our legal or regulatory obligations;

e. it is processed based on your consent, which we obtain from you from time to time (for example where this is required by law);

Examples of the “legitimate interests” mentioned above are:

f. the pursuit of certain purposes of sections 3a to 3e;

G. Exercising our rights under Articles 26 and 27 of the Federal Constitution of the Swiss Confederation and Articles 16 and 17 of the Charter of Fundamental Rights of the European Union, including our freedom to conduct a business and our right to property;

H. if we want to make the disclosures set out in Section 5 below, provide products and services and ensure consistently high standards of service and the satisfaction of our customers, employees and other stakeholders; and

i. meeting our accountability and legal requirements around the world;

j. in any case, provided that your interests in protecting privacy do not outweigh these interests.

5. Who has access to personal data and with whom is it shared?

We generally do not pass on your data to third parties . Exceptions may include, for the smooth operation, we work with third-party providers, service providers, contractors or agents who perform service functions that we need to operate our business, such as providers of hosting, email communications, customer services, analytics, marketing and Advertising, based on our instructions and in accordance with this Statement and other appropriate confidentiality and security measures.

The recipients mentioned may be outside Switzerland. In these cases, with the exception of cases where the country in question has been classified by the EU or Switzerland as providing an adequate level of protection, we take appropriate security measures. 

6. How long do we store your data?

We will only retain your information, including personal data, for as long as necessary to fulfill the purpose for which it was collected and for as long as we have a legitimate interest in retaining personal data, for example to exercise or defend legal claims or for the purposes of traceability, archiving purposes and IT security. We also store your personal data if and as long as this is required by a legal retention obligation.

7. Cookies

We use cookies on our website that collect data from website visitors. Unless the cookies are absolutely necessary for the website to function, you must explicitly agree to the use of the cookies. Unless you give this consent, we will not collect any further data. By agreeing to cookies, you enable us to get an idea of ​​visits and user behavior on our website. This allows us to improve our services and website content and design. However, we only use the data in aggregated form and do not explicitly process personal data. 

8. Third Party Links

Our Service may contain links to third-party websites. Access to and use of such linked websites is not governed by this Privacy Policy, but is governed by the privacy policies of such third party websites. We are not responsible for the information practices of such third party websites.

9. Security of your personal information

We have taken reasonable precautions to protect the information we collect from loss, misuse and unauthorized access, disclosure, alteration and destruction. 

10. Rights

10.1 What rights do you have?

Individuals located in Switzerland or the European Economic Area (EEA) have certain rights in relation to your personal data. Kapaya AG offers you the opportunity to exercise your rights, including:

a. the right to access your personal data;

b. the right to rectify or rectify inaccurate personal data;

c. the right to restrict or object to the processing of personal data;

d. the right to delete your personal data; and

e. the right to portability of personal data.

You are entitled to these rights in accordance with the provisions of the Data Protection Act. Please note that these rights are not absolute and may be subject to limitations.

10.2 How can you exercise your individual rights?

Exercising your rights requires that you provide proof of your identity (e.g. by providing a copy of your ID). To exercise your rights, you may contact us at the address set out in Section 11.

You also have the right to enforce your claims in court or to file a complaint with the responsible data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

11. Contact

Kapaya AG
Fährstrasse 42
3004 Bern

Contact data protection:
Benjamin Rindlisbacher (benjamin.rindlisbacher@kapaya.com, 031 317 40 55).

12. Changes to this Statement

Last updated: February 4, 2024

This Statement is effective as of the effective date specified above. We may change this statement from time to time, so you should review it periodically.