This Privacy Policy is to inform you about how we process personal data in connection with our activities and operations, including our website under the domain name. In particular, we will inform you about why, how and where we process which personal data. We will also inform you about the rights of the individuals whose data we process.
We may publish further privacy policies or other information about data protection for individual or additional activities and operations.
We are subject to Swiss law and any applicable foreign law, in particular that of the European Union (EU) with the European General Data Protection Regulation (GDPR).
In a decision dated July 26, 2000, the European Commission recognized that Swiss data protection law ensures adequate data protection. In a report dated January 15, 2024, the European Commission confirmed this adequacy decision.
Table of contents
- 1. Contact addresses
- 2. Definitions and legal bases
- 3. Type, scope and purpose of the processing of personal data
- 4. Automation and artificial intelligence (AI)
- 5. Disclosure of personal data
- 6. Communication
- 7. Job applications
- 8. Data security
- 9. Personal data abroad
- 10. Rights of data subjects
- 11. Use of the website
- 12. Notifications and messages
- 13. Social media
- 14. Third-party services
- 15. Extensions for the website
- 16. Performance and reach measurement
- 17. Final notes on the privacy policy
1. Contact addresses
Responsible in the sense of data protection law is:
Martin Graf
Riwers AG
Speichergasse 19
CH-3011 Bern
info@riwers.io
In individual cases, third parties may be responsible for processing personal data or there may be joint responsibility with third parties. We will be happy to provide data subjects with information about the respective responsibility upon request.
1.1 Data protection officers or data protection advisors
We have the following data protection officers or data protection advisors as points of contact for data subjects and authorities with inquiries related to data protection:
Martin Graf
Riwers AG
Speichergasse 19
CH-3011 Bern
Switzerland
dposwitzerland@riwers.io
1.2 Data protection representation in the European Economic Area (EEA)
We have the following data protection representation in accordance with Art. 27 DSGVO:
Marco Dietrich
Riwers s.r.o
Hodžovo Námestie 1/A
SK-811 06 Bratislava – Staré Mesto
Slovakia
dposlovakia@riwers.io
The data protection representation serves data subjects and authorities in the European Union (EU) and the rest of the European Economic Area (EEA) as an additional, point of contact for inquiries in connection with the GDPR.
2. Definitions and legal bases
2.1 Definitions
Data subject: a natural person about whom we process personal data.
Personal data: any information relating to an identified or identifiable natural person.
Particularly sensitive personal data: Data about union, political, religious or ideological views and activities, data about health, privacy or membership of an ethnic group or race, genetic data, biometric data that uniquely identifies a natural person, data about criminal or administrative sanctions or prosecutions, and data about social assistance measures.
Editing: Any handling of personal data, irrespective of the means and procedures used, for example querying, matching, adapting, archiving, storing, reading out, disclosing, procuring, collecting, deleting, disclosing, organizing, storing, modifying, disseminating, linking, destroying and using personal data.
European Economic Area (EEA): Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway.
2.2 Legal basis
We process personal data in accordance with Swiss law, in particular the Federal Data Protection Act (Data Protection Act, DSG) and the Ordinance on Data Protection (Data Protection Ordinance, DSV).
If and to the extent that the European General Data Protection Regulation (GDPR) is applicable, we process personal data on the basis of at least one of the following legal principles:
- Art. 6 (1) (b) GDPR for the processing of personal data necessary for the performance of a contract with the data subject and for the implementation of pre-contractual measures.
- Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to protect legitimate interests, including the legitimate interests of third parties, provided that the fundamental freedoms and rights and interests of the data subject do not prevail. Such interests are, in particular, the long-term, humane, secure and reliable performance of our activities and operations, ensuring information security, protection against misuse, the enforcement of our own legal claims and compliance with Swiss law.
- Art. 6 para. 1 lit. c GDPR for the processing of personal data necessary for compliance with a legal obligation to which we are subject under any applicable law of member states in the European Economic Area (EEA).
- Art. 6 para. 1 lit e GDPR for the processing of personal data necessary for the performance of a task carried out in the public interest.
- Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
- Art. 6 para. 1 lit. d GDPR for the processing of personal data necessary to protect the vital interests of the data subject or of another natural person.
- Art. 9 para. 2 ff. GDPR for the processing of special categories of personal data, in particular with the consent of the data subjects.
The European General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data and the processing of particularly sensitive personal data as the processing of special categories of personal data (Art. 9 GDPR).
3. nature, scope and purpose of the processing of personal data
We process the personal data that is necessary to carry out our activities and operations in a sustainable, humane, safe and reliable manner. The personal data processed may in particular fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data and payment data. The personal data may also constitute sensitive personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of our activities and operations, insofar as such processing is permissible.
We process personal data, where necessary, with the consent of the data subjects. We may process personal data in many cases without consent, for example to fulfill legal obligations or to protect overriding interests. We may also request the consent of data subjects when their consent is not required.
We process personal data for the duration of the period necessary for the relevant purpose. We anonymize or delete personal data in particular in accordance with statutory retention and limitation periods.
4. Automation and artificial intelligence (AI)
We may process personal data by automated means or use artificial intelligence to process personal data.
We may use profiling to automatically evaluate certain personal aspects relating to data subjects. Profiling is used, for example, to analyze or predict interests, behavior or personal preferences.
We will provide information in individual cases about decisions that are based solely on automated processing of personal data and that have a legal consequence or significantly affect the data subjects (automated individual decisions).
5. Disclosure of personal data
We may disclose personal data to third parties, have it processed by third parties or process it jointly with third parties. Such third parties are, in particular, specialized providers whose services we use.
We may disclose personal data, for example, to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and business information bureaus, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies, insurance companies and payment service providers.
6. Communication
We process personal data in order to communicate with individuals as well as with authorities, organizations and companies. In doing so, we process in particular data that a data subject transmits to us when contacting us, for example by letter post or e-mail. We may store such data in an address book or with comparable tools.
Third parties who provide us with data about other persons are obliged to ensure the data protection of these data subjects independently. In particular, they must ensure that such data is correct and may be transmitted.
We use selected services from suitable providers to enable and improve communication with individuals and other communication partners. We can also use such services to manage and otherwise process the data of data subjects beyond direct communication.
In particular, we use:
- HubSpot: customer relationship management (CRM); providers: HubSpot Inc. (USA) / HubSpot Ireland Limited (Ireland) for users in the European Economic Area (EEA) and the United Kingdom; information on data protection: privacy policy, “Security, Privacy & Control Mechanisms”, “Trust Center”.
- Jira Service Management: customer service; providers: Atlassian Pty Ltd (Australia) / Atlassian Inc. (USA); information on data protection: privacy policy, cookie and tracking policy.
7. Job applications
We process personal data about applicants to the extent that it is necessary to assess their suitability for an employment relationship or for the subsequent execution of an employment contract. The required personal data is derived in particular from the information requested, for example in the context of a job advertisement. We may publish job advertisements with the help of suitable third parties, for example in electronic and printed media or on job portals and platforms.
We also process personal data that applicants provide or publish voluntarily, in particular as part of cover letters, CVs and other application documents, as well as online profiles.
We process personal data about applicants in accordance with Art. 9 para. 2 lit. b GDPR if and to the extent that the General Data Protection Regulation (GDPR) is applicable.
We may enable applicants to store their details in our talent pool so that we can consider them for future vacancies. We may also use such information to maintain contact and provide news. If we consider that an applicant is suitable for a vacancy based on the information provided, we may inform the applicant accordingly.
We use selected services from suitable third parties to advertise jobs using e-recruiting and to enable and manage applications.
8. data security
We take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. In particular, we ensure the confidentiality, availability, traceability and integrity of the personal data processed, but we cannot guarantee absolute data security.
Access to our website and our other digital presence is protected by transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn you if you visit a website without transport encryption.
Our digital communication is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries, as is generally all digital communication. We have no direct influence on the corresponding processing of personal data by secret services, police forces and other security authorities. We also cannot rule out the possibility that a data subject may be monitored specifically.
9. personal data abroad
We process personal data in principle in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular for the purpose of processing it or having it processed there.
We may export personal data to all countries on earth and elsewhere in the universe, provided that the local law guarantees an adequate level of data protection in accordance with the decision of the Swiss Federal Council and – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – also in accordance with the decision of the European Commission.
We may transfer personal data to countries whose laws do not guarantee adequate data protection if data protection is guaranteed for other reasons, in particular on the basis of standard data protection clauses or other suitable guarantees. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the special data protection requirements are met, for example, the express consent of the data subjects or a direct connection with the conclusion or execution of a contract. We will be happy to provide data subjects with information about any guarantees on request or provide a copy of any guarantees.
10. Rights of data subjects
10.1 Data protection rights
We grant data subjects all claims under applicable law. In particular, data subjects have the following rights:
- Information: Data subjects can request information as to whether we process personal data about them and, if so, what personal data is involved. Data subjects also receive the information necessary to assert their data protection rights and ensure transparency. This includes the personal data processed as such, but also, among other things, information on the purpose of the processing, the duration of the storage, any disclosure or export of data to other countries and the origin of the personal data.
- Rectification and restriction: Data subjects can rectify inaccurate personal data, complete incomplete data and have the processing of their data restricted.
- Option for personal statement and human review: Data subjects may present their own point of view and request human review of decisions based solely on automated processing of personal data and which produce legal effects concerning them or significantly affect them (automated individual decision-making).
- Deletion and objection: Data subjects can have personal data deleted (“right to be forgotten”) and object to the processing of their data with effect for the future.
- Data disclosure and data transfer: Data subjects can request the disclosure of personal data or the transfer of their data to another controller.
We may postpone, restrict or refuse the exercise of the rights of data subjects to the extent permitted by law. We may draw the attention of data subjects to any conditions that may have to be fulfilled in order for them to exercise their data protection rights. For example, we may refuse to provide information in whole or in part with reference to confidentiality obligations, overriding interests or the protection of other persons. We may also refuse to delete personal data in whole or in part, in particular with reference to statutory retention obligations.
We may charge costs for exercising rights in exceptional cases. We will inform data subjects in advance of any costs.
We are obliged to take appropriate measures to identify data subjects who request information or assert other rights. Data subjects are obliged to cooperate.
10.2 Legal protection
Data subjects have the right to enforce their data protection claims through the courts or to file a report or complaint with a data protection supervisory authority.
The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some member states in the European Economic Area (EEA), the data protection supervisory authorities have a federal structure, particularly in Germany.
11. Use of the website
11.1 Cookies
We may use cookies. Cookies – our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data that are stored in the browser. Such stored data need not be limited to traditional cookies in text form.
Cookies can be stored in the browser temporarily as “session cookies” or for a specific period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a specific storage period. In particular, cookies enable us to recognize a browser the next time you visit our website and thus, for example, measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.
Cookies can be partially or completely disabled, restricted or deleted at any time in the browser settings. Browser settings often also allow for the automated deletion and other management of cookies. Without cookies, our website may no longer be fully available. We actively request – at least if and to the extent required by applicable law – express consent to the use of cookies.
For cookies used to measure success and reach or for advertising, a general opt-out is available for many services through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
11.2 Logging
We may log at least the following information for each access to our website and our other digital presence, provided that this information is transmitted to our digital infrastructure during such access: Date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-pages of our website accessed including the amount of data transferred, last website accessed in the same browser window (referrer or referrer).
We log such information, which may also constitute personal data, in log files. The information is necessary to provide our digital presence in a permanent, user-friendly and reliable manner. The information is also necessary to ensure data security – including by third parties or with the help of third parties.
11.3 Web beacons
We may embed web beacons into our digital presence. Web beacons are typically small, non-visible images or scripts written in JavaScript that are automatically retrieved when you access our digital presence. Web beacons can collect at least the same information as collected in log files.
12. Notifications and messages
12.1 Performance and reach measurement
Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links were clicked on. Such web links and tracking pixels may also record the use of notifications and messages on a personal basis. We need this statistical recording of use to measure success and reach in order to send notifications and messages effectively and in a user-friendly manner based on the needs and reading habits of recipients, as well as permanently, securely and reliably.
12.2 Consent and objection
You must generally always consent to the use of your e-mail address and other contact addresses, unless such use is permitted for other legal reasons. We may use the “double opt-in” procedure to obtain any consent that has been double-confirmed. In this case, you will receive a message with instructions for the double confirmation. We may log consent obtained, including IP address and time stamp for evidence and security reasons.
You can in principle object to receiving notifications and messages such as newsletters at any time. By objecting, you can simultaneously object to the statistical recording of usage for measuring success and reach. We reserve the right to send necessary notifications and messages in connection with our activities and operations.
12.3 Service providers for notifications and messages
We send notifications and messages with the help of specialized service providers.
In particular, we use:
- MailerLite: email marketing platform; providers: MailerLite Limited (Ireland) for users in the European Economic Area (EEA), Switzerland and the United Kingdom / MailerLite Inc. (USA) for users in the rest of the world; information on data protection: privacy policy, “security statement”.
13. Social media
We are present on social media platforms and other online platforms in order to communicate with interested parties and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).
The general terms and conditions (GTC) and terms of use as well as data protection declarations and other provisions of the individual operators of such platforms also apply. These provisions provide information in particular about the rights of data subjects directly vis-à-vis the respective platform, which includes, for example, the right to information.
We are jointly responsible with Meta Platforms Ireland Limited (Ireland) for our social media presence on Facebook, including Page Insights, insofar as the General Data Protection Regulation (GDPR) is applicable. Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). Page Insights provide information about how visitors interact with our Facebook page. We use Page Insights to provide our social media presence on Facebook in an effective and user-friendly way.
Further information about the type, scope and purpose of data processing, information about the rights of data subjects and the contact details of Facebook and its data protection officer can be found in the data protection declaration of Facebook. We have concluded a so-called “addendum for controllers” with Facebook and thus agreed in particular that Facebook is responsible for guaranteeing the rights of data subjects. For the so-called Page Insights, the corresponding information can be found on the page “Information about Page Insights” including “Information about Page Insights data”.
14. Third-party services
We use the services of specialized third parties to enable us to carry out our activities and operations in a sustainable, user-friendly, secure and reliable manner. Among other things, we can use such services to embed functions and content in our website. When this type of embedding is used, the services used collect the IP addresses of users at least temporarily for compelling technical reasons.
For necessary security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymized or pseudonymized form. This may include, for example, performance or usage data in order to provide the respective service.
In particular, we use:
- Services from Google: providers: Google LLC (USA) / Google Ireland Limited (Ireland) partly for users in the European Economic Area (EEA) and Switzerland; General information on data protection: “Privacy and security principles”, “More information about how Google uses personal information”, Privacy Policy, “Google is committed to complying with applicable data protection laws”, “Guide to privacy in Google products”, “How we use data from websites or apps on or in which our services are used”, “Types of cookies and similar technologies that Google uses”, “Advertising that you control” (“Personalized advertising”)
- Services from Microsoft: providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; general information on data protection: “Data protection at Microsoft”, “Data protection and privacy”, data protection declaration, “Data and data protection settings”.
14.1 Digital infrastructure
We use the services of specialized third parties to provide the necessary digital infrastructure in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.
In particular, we use:
- Cyon: hosting; provider: cyon GmbH (Switzerland); information on data protection: “Privacy”, privacy policy.
- Google Cloud including Google Cloud Platform (GCP): storage and other infrastructure; Google Cloud-specific providers: national or regional Google companies depending on the country and region; Google Cloud-specific information: “Privacy Center”, “Google Cloud and general privacy principles”, “Google Cloud Privacy Notice”, “Privacy”.
- WordPress.com: blog hosting and website construction kit; providers: Automattic Inc. (USA) / Aut O’Mattic A8C Ireland Ltd. (Ireland) for users in Europe, among other places; data protection information: privacy policy, cookie policy.
14.2 Scheduling
We use the services of specialized third parties to be able to make appointments online, for example for meetings. In addition to this data protection declaration, any directly visible conditions of the services used, such as terms of use or data protection declarations, also apply.
In particular, we use:
- Google Calendar: online appointment scheduling; provider: Google; Google Calendar-specific information: “Appointment scheduling with Google Calendar”, “Data protection in Google Calendar”.
14.3 Audio and video conferencing
We use specialized audio and video conferencing services to communicate online. For example, we can hold virtual meetings or conduct online lessons and webinars. When participating in audio and video conferences, the legal texts of the individual services, such as data protection declarations and terms of use, also apply.
Depending on your personal circumstances, we recommend that you mute your microphone by default when participating in audio or video conferences and that you blur your background or use a virtual background.
We use in particular:
- Google Meet: video conferencing; provider: Google; Google Meet-specific information: “Google Meet – User Security and Privacy”.
- Zoom: platform for collaborative work, especially with video conferencing; provider: Zoom Video Communications Inc. (USA); information on data protection: “Data protection at Zoom”, privacy policy, “legal compliance”.
14.4 Online collaboration
We use third-party services to enable online collaboration. In addition to this privacy policy, the terms and conditions of the services used, such as terms of use or privacy policies, also apply.
In particular, we use:
- Asana: platform for collaboration in companies; provider: Asana Inc. (USA); information on data protection: “Trust at Asana”, privacy policy, bug bounty program.
- Microsoft Teams: platform for productive collaboration, particularly with audio and video conferencing; provider: Microsoft; Teams-specific information: “Security and Compliance in Microsoft Teams”, particularly “Data Protection”.
- Miro: whiteboard platform; provider: RealtimeBoard Inc. (USA); information on data protection: privacy policy, “Miro Trust Center”.
- Slack: platform for productive collaboration, particularly via chat; providers: Slack Technologies LLC (USA) for users in Canada and the USA / Slack Technologies Limited (Ireland) for users in the rest of the world; data protection information: privacy policy, “trust center”, “frequently asked questions about data protection”, “data management: transparency and clarity”, cookie policy.
14.5 Social media features and social media content
We use third-party services and plug-ins to embed features and content from social media platforms and to enable sharing of content on social media platforms and other methods.
In particular, we use:
- Facebook (social plugins): embedding of Facebook features and content, e.g. Facebook “Like” or “Share” buttons; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the US); information on data protection: data protection declaration.
- Instagram platform: embedding of Instagram content; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the US); information on data protection: privacy policy (Instagram), privacy policy (Facebook).
- LinkedIn Consumer Solutions Platform: embedding LinkedIn features and content, for example using plugins such as the “Share Plugin”; provider: Microsoft; LinkedIn-specific information: “Privacy”, privacy policy, cookie policy, cookie management / opt-out of email and SMS communication from LinkedIn, opt-out of interest-based advertising.
14.6 Maps
We use third-party services to embed maps into our website.
In particular, we use:
- Google Maps including Google Maps Platform: map service; provider: Google; Google Maps-specific information: “How Google uses location information”.
14.7 Digital content
We use specialized third-party services to incorporate digital content into our website. Digital content includes, in particular, image and video material, music and podcasts.
In particular, we use:
- YouTube: video platform; provider: Google; YouTube-specific information: “Privacy and security center”, “My data on YouTube”.
14.8 Fonts
We use third-party services to embed selected fonts, icons, logos and symbols into our website.
In particular, we use:
- Font Awesome: icons and logos; provider: Fonticons Inc. (USA); information on data protection: privacy policy.
- Google Fonts: fonts; provider: Google; Google Fonts-specific information: “Your Privacy and Google Fonts”, “Data protection and data collection” (Google Fonts).
14.9 Advertising
We make use of the option to display targeted advertising with third parties such as social media platforms and search engines for our activities and operations.
With such advertising, we particularly want to reach people who are already interested in our activities and operations or who could be interested (remarketing and targeting). To do this, we may transfer the relevant information – which may also be personal – to third parties that enable such advertising. We may also determine whether our advertising is successful, in particular whether it leads to visits to our website (conversion tracking).
Third parties with whom we advertise and with whom you are registered as a user may associate your use of our website with your profile there.
In particular, we use:
- Google Ads: search engine advertising; provider: Google; Google Ads-specific information: advertising based, among other things, on search queries, where various domain names – in particular doubleclick.net, googleadservices.com and googlesyndication.com – are used for Google Ads, privacy policy for advertising, “Displayed advertising managed directly via ads”.
- LinkedIn Ads: social media advertising; providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); data protection information: remarketing and targeting, in particular with the LinkedIn Insight tag, ‘data protection’, privacy policy, cookie policy, objection to personalized advertising.
- Meta ads: social media advertising on Facebook and Instagram; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the US); data protection information: targeting, including retargeting, in particular with the Meta pixel and with custom audiences including lookalike audiences, privacy policy, ‘advertising preferences’ (user registration required).
15. Extensions for the website
We use extensions for our website to be able to use additional functions. We can use selected services from suitable providers or use such extensions on our own digital infrastructure.
- Jetpack: Various functions for the free blog software WordPress in the form of modules; providers:
- Automattic Inc. (USA) / Aut O’Mattic A8C Ireland Ltd. (Ireland) for users in Europe, among other places; information on data protection: Privacy Notice for Visitors to Our Users’ Sites, Privacy Policy (by Automattic), “Jetpack Privacy Center”, Cookie Policy (Jetpack), Cookie Policy (Automattic).
16. Performance and reach measurement
We try to measure the success and reach of our activities and operations. In doing so, we may also measure the impact of third-party references or test how different parts or versions of our digital presence are used (“A/B test” method). Based on the results of the performance and reach measurement, we can in particular correct errors, strengthen popular content or make improvements.
In most cases, the IP addresses of individual users are recorded to measure performance and reach. In this case, IP addresses are always truncated (“IP masking”) in order to follow the principle of data economy through the corresponding pseudonymization.
Cookies may be used and user profiles created to measure success and reach. Any user profiles created include, for example, the individual pages visited or content viewed on our digital presence, information on the size of the screen or browser window and the – at least approximate – location. As a matter of principle, any user profiles created are exclusively pseudonymized and are not used to identify individual users. Individual services from third parties for which users are registered may be able to assign the use of our online services to the user account or user profile of the respective service.
In particular, we use:
- Clarity: Recording and evaluation of user behavior on websites; provider: Microsoft; Clarity-specific information on data protection: “What data does Clarity collect?”, “Data Retention”, Cookie Policy.
- Google Marketing Platform: Performance and reach measurement, in particular with Google Analytics; Provider: Google; Google Marketing Platform-specific information: Measurement also across different browsers and devices (cross-device tracking) with pseudonymized IP addresses, which are only in exceptional cases transmitted in full to Google in the USA, Privacy Policy for Google Analytics, “Browser Add-on to disable Google Analytics”.
- Google Tag Manager: integration and administration of Google and third-party services, in particular for measuring success and reach; provider: Google; Google Tag Manager-specific information: Privacy Policy for Google Tag Manager; further information on data protection can be found in the individual integrated and managed services.
- Hotjar: Recording of user behavior; provider: Hotjar Ltd. (Malta); data protection information: recording without reference to individual website visitors, for example in relation to movements and clicks with a mouse or with another input option, ‘Data protection and Hotjar’, ‘Data protection’, data protection declaration, cookie guidelines, ‘Security’.
- Jetpack Stats: Performance and reach measurement; providers: Automattic Inc. (USA) / Aut O’Mattic A8C Ireland Ltd. (Ireland) for users in Europe, among other places; data protection information: Jetpack extension module for the free blog software WordPress, Privacy Notice for Visitors to Our Users’ Sites, data protection declaration (by Automattic), “Jetpack Privacy Center”, cookie policy.
- Leadfeeder: Identification of companies for possible pre-contractual measures (“Lead Generation”); Provider: Liidio Oy (Finland); Information on data protection: Privacy Policy, Privacy Policy for “Leadfeeder Contacts”, Cookie Policy.
17. Final notes on the data protection declaration
We have created this data protection declaration with the data protection generator from data protection partners.
We can update this data protection declaration at any time. We will provide information about updates in a suitable form, in particular by publishing the current data protection declaration on our website.
Chat
🤓 Explain a complex thing
Explain Artificial Intelligence so that I can explain it to my six-year-old child.
🧠 Get suggestions and create new ideas
Please give me the best 10 travel ideas around the world
💭 Translate, summarize, fix grammar and more…
Translate “I love you” French
GPT-4o Mini
Hello, how can I help you today?
GPT-4o Mini
Web Access
Chat
Ask
Search
Write
Image
ChatFile
Vision
Full Page
This privacy policy is to inform you about how we process personal data in connection with our activities and operations, including our website under the domain name. In particular, we provide information about why, how and where we process which personal data. We also provide information about the rights of individuals whose data we process.
We may publish further data protection declarations or other information on data protection for individual or additional activities and operations.
We are subject to Swiss law and any applicable foreign law, in particular that of the European Union (EU) with the European General Data Protection Regulation (GDPR).
In a decision of July 26, 2000, the European Commission recognized that Swiss data protection law ensures adequate data protection. In a report dated January 15, 2024, the European Commission confirmed this adequacy decision.
Table of contents
- 1. Contact addresses
- 2. Definitions and legal bases
- 3. Type, scope and purpose of the processing of personal data
- 4. Automation and artificial intelligence (AI)
- 5. Disclosure of personal data
- 6. Communication
- 7. Applications
- 8. Data security
- 9. Personal data abroad
- 10. Rights of data subjects
- 11. Use of the website
- 12. Notifications and messages
- 13. Social media
- 14. Third-party services
- 15. Extensions for the website
- 16. Performance and reach measurement
- 17. Final notes on the data protection declaration
1. Contact addresses
Responsible in the sense of data protection law is:
Martin Graf
Riwers AG
Speichergasse 19
CH-3011 Bern
info@riwers.io
In individual cases, third parties may be responsible for processing personal data or there may be joint responsibility with third parties. We will be happy to provide data subjects with information about the respective responsibility upon request.
1.1 Data protection officers or data protection advisors
We have the following data protection officers or data protection advisors as points of contact for data subjects and authorities for inquiries related to data protection:
Martin Graf
Riwers AG
Speichergasse 19
CH-3011 Bern
Switzerland
dposwitzerland@riwers.io
1.2 Data protection representation in the European Economic Area (EEA)
We have the following data protection representation in accordance with Art. 27 GDPR:
Marco Dietrich
Riwers s.r.o
Hodžovo Námestie 1/A
SK-811 06 Bratislava – Staré Mesto
Slovakia
dposlovakia@riwers.io
The data protection representation serves data subjects and authorities in the European Union (EU) and the rest of the European Economic Area (EEA) as an additional point of contact for inquiries in connection with the GDPR.
2. Definitions and legal bases
2.1 Definitions
Data subject: natural person about whom we process personal data.
Personal data: All information relating to an identified or identifiable natural person.
Particularly sensitive personal data: Data about union, political, religious or ideological views and activities, data about health, privacy or membership of an ethnic group or race, genetic data, biometric data that uniquely identifies a natural person, data about criminal or administrative sanctions or prosecutions, and data about social assistance measures.
Editing: Any handling of personal data, irrespective of the means and procedures used, for example querying, matching, adapting, archiving, storing, reading out, disclosing, procuring, collecting, deleting, disclosing, organizing, storing, modifying, disseminating, linking, destroying and using personal data.
European Economic Area (EEA): Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway.
2.2 Legal basis
We process personal data in accordance with Swiss law, in particular the Federal Data Protection Act (Data Protection Act, DSG) and the Ordinance on Data Protection (Data Protection Ordinance, DSV).
If and to the extent that the European General Data Protection Regulation (GDPR) is applicable, we process personal data on the basis of at least one of the following legal principles:The European General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data and the processing of particularly sensitive personal data as the processing of special categories of personal data (Art. 9 GDPR).3. nature, scope and purpose of the processing of personal dataWe process the personal data that is necessary to carry out our activities and operations in a sustainable, humane, safe and reliable manner. The personal data processed may in particular fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data and payment data. The personal data may also constitute sensitive personal data.We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of our activities and operations, insofar as such processing is permissible.We process personal data, where necessary, with the consent of the data subjects. We may process personal data in many cases without consent, for example to fulfill legal obligations or to protect overriding interests. We may also request the consent of data subjects when their consent is not required.We process personal data for the duration of the period necessary for the relevant purpose. We anonymize or delete personal data in particular in accordance with statutory retention and limitation periods.4. Automation and artificial intelligence (AI)We may process personal data by automated means or use artificial intelligence to process personal data.We may use profiling to automatically evaluate certain personal aspects relating to data subjects. Profiling is used, for example, to analyze or predict interests, behavior or personal preferences.We will provide information in individual cases about decisions that are based solely on automated processing of personal data and that have a legal consequence or significantly affect the data subjects (automated individual decisions).5. Disclosure of personal dataWe may disclose personal data to third parties, have it processed by third parties or process it jointly with third parties. Such third parties are, in particular, specialized providers whose services we use.We may disclose personal data, for example, to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and business information bureaus, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies, insurance companies and payment service providers.6. CommunicationWe process personal data in order to communicate with individuals as well as with authorities, organizations and companies. In doing so, we process in particular data that a data subject transmits to us when contacting us, for example by letter post or e-mail. We may store such data in an address book or with comparable tools.Third parties who provide us with data about other persons are obliged to ensure the data protection of these data subjects independently. In particular, they must ensure that such data is correct and may be transmitted.We use selected services from suitable providers to enable and improve communication with individuals and other communication partners. We can also use such services to manage and otherwise process the data of data subjects beyond direct communication.In particular, we use:7. Job applicationsWe process personal data about applicants to the extent that it is necessary to assess their suitability for an employment relationship or for the subsequent execution of an employment contract. The required personal data is derived in particular from the information requested, for example in the context of a job advertisement. We may publish job advertisements with the help of suitable third parties, for example in electronic and printed media or on job portals and platforms.We also process personal data that applicants provide or publish voluntarily, in particular as part of cover letters, CVs and other application documents, as well as online profiles.We process personal data about applicants in accordance with Art. 9 para. 2 lit. b GDPR if and to the extent that the General Data Protection Regulation (GDPR) is applicable.We may enable applicants to store their details in our talent pool so that we can consider them for future vacancies. We may also use such information to maintain contact and provide news. If we consider that an applicant is suitable for a vacancy based on the information provided, we may inform the applicant accordingly.We use selected services from suitable third parties to advertise jobs using e-recruiting and to enable and manage applications.8. data securityWe take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. In particular, we ensure the confidentiality, availability, traceability and integrity of the personal data processed, but we cannot guarantee absolute data security.Access to our website and our other digital presence is protected by transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn you if you visit a website without transport encryption.Our digital communication is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries, as is generally all digital communication. We have no direct influence on the corresponding processing of personal data by secret services, police forces and other security authorities. We also cannot rule out the possibility that a data subject may be monitored specifically.9. personal data abroadWe process personal data in principle in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular for the purpose of processing it or having it processed there.We may export personal data to all countries on earth and elsewhere in the universe, provided that the local law guarantees an adequate level of data protection in accordance with the decision of the Swiss Federal Council and – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – also in accordance with the decision of the European Commission.[…] […]
[…] […]
- Art. 6 (1) (b) GDPR for the processing of personal data necessary for the performance of a contract with the data subject and for the implementation of pre-contractual measures.
- Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to protect legitimate interests, including the legitimate interests of third parties, provided that the fundamental freedoms and rights and interests of the data subject do not prevail. Such interests are, in particular, the long-term, humane, secure and reliable performance of our activities and operations, ensuring information security, protection against misuse, the enforcement of our own legal claims and compliance with Swiss law.
- Art. 6 para. 1 lit. c GDPR for the processing of personal data necessary for compliance with a legal obligation to which we are subject under any applicable law of member states in the European Economic Area (EEA).
- Art. 6 para. 1 lit e GDPR for the processing of personal data necessary for the performance of a task carried out in the public interest.
- Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
- Art. 6 para. 1 lit. d GDPR for the processing of personal data necessary to protect the vital interests of the data subject or of another natural person.
- Art. 9 para. 2 ff. GDPR for the processing of special categories of personal data, in particular with the consent of the data subjects.
- HubSpot: customer relationship management (CRM); providers: HubSpot Inc. (USA) / HubSpot Ireland Limited (Ireland) for users in the European Economic Area (EEA) and the United Kingdom; information on data protection: privacy policy, “Security, Privacy & Control Mechanisms”, “Trust Center”.
- Jira Service Management: customer service; providers: Atlassian Pty Ltd (Australia) / Atlassian Inc. (USA); information on data protection: privacy policy, cookie and tracking policy.
- Rectification and restriction: Data subjects can rectify inaccurate personal data, complete incomplete data and have the processing of their data restricted.
- Option for personal statement and human review: Data subjects may present their own point of view and request human review of decisions based solely on automated processing of personal data and associated with a legal consequence for them or significantly affecting them (automated individual decisions).
- Deletion and objection: Data subjects can have personal data deleted (“right to be forgotten”) and object to the processing of their data with effect for the future.
- Data disclosure and data transfer: Data subjects can request the disclosure of personal data or the transfer of their data to another controller.
We may postpone, restrict or refuse the exercise of the rights of data subjects to the extent permitted by law. We may draw the attention of data subjects to any conditions that may have to be fulfilled in order for them to exercise their data protection rights. For example, we may refuse to provide information in whole or in part with reference to confidentiality obligations, overriding interests or the protection of other persons. We may also refuse to delete personal data in whole or in part, in particular with reference to statutory retention obligations.
We may charge costs for exercising rights in exceptional cases. We will inform data subjects in advance of any costs.
We are obliged to take appropriate measures to identify data subjects who request information or assert other rights. Data subjects are obliged to cooperate.
10.2 Legal protection
Data subjects have the right to enforce their data protection claims through the courts or to file a report or complaint with a data protection supervisory authority.
The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some member states in the European Economic Area (EEA), the data protection supervisory authorities have a federal structure, particularly in Germany.
11. Use of the website
11.1 Cookies
We may use cookies. Cookies – our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data that are stored in the browser. Such stored data need not be limited to traditional cookies in text form.
Cookies can be stored in the browser temporarily as “session cookies” or for a certain period of time as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a certain storage duration. In particular, cookies enable us to recognize a browser the next time you visit our website and thus, for example, measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.
Cookies can be partially or completely disabled, restricted or deleted at any time in the browser settings. Browser settings often also allow for the automated deletion and other management of cookies. Without cookies, our website may no longer be fully available. We actively request – at least if and to the extent required by applicable law – express consent to the use of cookies.
For cookies used to measure success and reach or for advertising, a general opt-out is available for many services through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
11.2 Logging
We may log at least the following information for each access to our website and our other digital presence, provided that this information is transmitted to our digital infrastructure during such access: Date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-pages of our website accessed including the amount of data transferred, last website accessed in the same browser window (referrer or referrer).
We log such information, which may also constitute personal data, in log files. The information is necessary to provide our digital presence in a permanent, user-friendly and reliable manner. The information is also necessary to ensure data security – including by third parties or with the help of third parties.
11.3 Web beacons
We may embed web beacons into our digital presence. Web beacons are usually small, invisible images or scripts written in JavaScript that are automatically retrieved when you access our digital presence. Web beacons can collect at least the same information as is collected when log files are recorded.
12. Notifications and messages
12.1 Performance and reach measurement
Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links were clicked on. Such web links and tracking pixels may also record the use of notifications and messages on a personal basis. We need this statistical recording of use to measure success and reach in order to send notifications and messages effectively and in a user-friendly manner based on the needs and reading habits of recipients, as well as permanently, securely and reliably.
12.2 Consent and objection
You must generally always consent to the use of your e-mail address and other contact addresses, unless such use is permitted for other legal reasons. We may use the “double opt-in” procedure to obtain any consent that has been double-confirmed. In this case, you will receive a message with instructions for the double confirmation. We may log consent obtained, including IP address and time stamp for evidence and security reasons.
You can in principle object to receiving notifications and messages such as newsletters at any time. By objecting, you can simultaneously object to the statistical recording of usage for measuring success and reach. We reserve the right to send necessary notifications and messages in connection with our activities and operations.
12.3 Service providers for notifications and messages
We send notifications and messages with the help of specialized service providers.
In particular, we use:
- MailerLite: email marketing platform; providers: MailerLite Limited (Ireland) for users in the European Economic Area (EEA), Switzerland and the United Kingdom / MailerLite Inc. (USA) for users in the rest of the world; information on data protection: privacy policy, “security statement”.
13. Social media
We are present on social media platforms and other online platforms in order to communicate with interested parties and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).
The general terms and conditions (GTC) and terms of use as well as data protection declarations and other provisions of the individual operators of such platforms also apply. These provisions provide information in particular about the rights of data subjects directly vis-à-vis the respective platform, which includes, for example, the right to information.
We are jointly responsible with Meta Platforms Ireland Limited (Ireland) for our social media presence on Facebook, including Page Insights, insofar as the General Data Protection Regulation (GDPR) is applicable. Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). Page Insights provide information about how visitors interact with our Facebook page. We use Page Insights to provide our social media presence on Facebook in an effective and user-friendly way.
Further information about the type, scope and purpose of data processing, information about the rights of data subjects and the contact details of Facebook and its data protection officer can be found in the data protection declaration of Facebook. We have concluded the so-called “addendum for controllers” with Facebook and thus agreed in particular that Facebook is responsible for guaranteeing the rights of data subjects. For the so-called Page Insights, the corresponding information can be found on the page “Information on Page Insights” including “Information on Page Insights Data”.
14. Third-party services
We use the services of specialized third parties to enable us to carry out our activities and operations in a sustainable, user-friendly, secure and reliable manner. Among other things, these services allow us to embed functions and content in our website. When this is done, the services used collect the users’ IP addresses at least temporarily for technical reasons.
For necessary security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymized or pseudonymized form. This may include, for example, performance or usage data in order to provide the respective service.
In particular, we use:
- Services from Google: providers: Google LLC (USA) / Google Ireland Limited (Ireland) partly for users in the European Economic Area (EEA) and Switzerland; General information on data protection: “Privacy and security principles”, “More information about how Google uses personal information”, Privacy Policy, “Google is committed to complying with applicable data protection laws”, “Guide to privacy in Google products”, “How we use data from websites or apps on or in which our services are used”, “Types of cookies and similar technologies that Google uses”, “Advertising that you control” (“Personalized advertising”)
- Services from Microsoft: providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; general information on data protection: “Data protection at Microsoft”, “Data protection and privacy”, data protection declaration, “Data and data protection settings”.
14.1 Digital infrastructure
We use the services of specialized third parties to provide the necessary digital infrastructure in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.
In particular, we use:
- Cyon: hosting; provider: cyon GmbH (Switzerland); information on data protection: “Privacy”, privacy policy.
- Google Cloud including Google Cloud Platform (GCP): storage and other infrastructure; Google Cloud-specific providers: national or regional Google companies depending on the country and region; Google Cloud-specific information: “Privacy Center”, “Google Cloud and general privacy principles”, “Google Cloud Privacy Notice”, “Privacy”.
- WordPress.com: blog hosting and website construction kit; providers: Automattic Inc. (USA) / Aut O’Mattic A8C Ireland Ltd. (Ireland) for users in Europe, among other places; data protection information: privacy policy, cookie policy.
14.2 Scheduling
We use the services of specialized third parties to be able to make appointments online, for example for meetings. In addition to this data protection declaration, any directly visible conditions of the services used, such as terms of use or data protection declarations, also apply.
In particular, we use:
- Google Calendar: online appointment scheduling; provider: Google; Google Calendar-specific information: “Appointment scheduling with Google Calendar”, “Data protection in Google Calendar”.
14.3 Audio and video conferencing
We use specialized audio and video conferencing services to communicate online. For example, we can use them to hold virtual meetings or conduct online lessons and webinars. When participating in audio and video conferences, the legal texts of the individual services, such as data protection declarations and terms of use, also apply.
Depending on your personal circumstances, we recommend that you mute your microphone by default when participating in audio or video conferences and that you blur your background or use a virtual background.
We use in particular:
- Google Meet: video conferencing; provider: Google; Google Meet-specific information: “Google Meet – User security and privacy”.
- Zoom: platform for collaborative work, especially with video conferencing; provider: Zoom Video Communications Inc. (USA); data protection information: “Privacy at Zoom”, privacy policy, “Legal compliance”.
14.4 Online collaboration
We use third-party services to enable online collaboration. In addition to this privacy policy, the terms and conditions of the services used, such as terms of use or privacy policies, also apply.
In particular, we use:
- Asana: platform for collaboration in companies; provider: Asana Inc. (USA); information on data protection: “Trust at Asana”, privacy policy, bug bounty program.
- Microsoft Teams: platform for productive collaboration, particularly with audio and video conferencing; provider: Microsoft; Teams-specific information: “Security and Compliance in Microsoft Teams”, particularly “Data Protection”.
- Miro: whiteboard platform; provider: RealtimeBoard Inc. (USA); information on data protection: privacy policy, “Miro Trust Center”.
- Slack: platform for productive collaboration, particularly via chat; providers: Slack Technologies LLC (USA) for users in Canada and the USA / Slack Technologies Limited (Ireland) for users in the rest of the world; data protection information: privacy policy, “trust center”, “frequently asked questions about data protection”, “data management: transparency and clarity”, cookie policy.
14.5 Social media features and social media content
We use third-party services and plug-ins to embed features and content from social media platforms and to enable sharing of content on social media platforms and other methods.
In particular, we use:
- Facebook (social plugins): embedding of Facebook features and content, e.g. Facebook “Like” or “Share” buttons; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the US); information on data protection: data protection declaration.
- Instagram platform: embedding of Instagram content; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the US); information on data protection: privacy policy (Instagram), privacy policy (Facebook).
- LinkedIn Consumer Solutions Platform: embedding LinkedIn features and content, for example using plugins such as the “Share Plugin”; provider: Microsoft; LinkedIn-specific information: “Privacy”, privacy policy, cookie policy, cookie management / opt-out of email and SMS communication from LinkedIn, opt-out of interest-based advertising.
14.6 Maps
We use third-party services to embed maps into our website.
In particular, we use:
- Google Maps including Google Maps Platform: map service; provider: Google; Google Maps-specific information: “How Google uses location information”.
14.7 Digital content
We use the services of specialized third parties to integrate digital content into our website. In particular, digital content includes image and video material, music and podcasts.
In particular, we use:
- YouTube: video platform; provider: Google; YouTube-specific information: “Privacy and security center”, “My data on YouTube”.
14.8 Fonts
We use third-party services to embed selected fonts, icons, logos and symbols in our website.
In particular, we use:
- Font Awesome: icons and logos; provider: Fonticons Inc. (USA); information on data protection: privacy policy.
- Google Fonts: fonts; provider: Google; Google Fonts-specific information: “Your Privacy and Google Fonts”, “Privacy and Data Collection” (Google Fonts).
14.9 Advertising
We use the option of displaying targeted advertising for our activities and operations on third-party sites, such as social media platforms and search engines.
In particular, we want to use such advertising to reach people who are already interested in our activities and services or who might be interested in them (remarketing and targeting). To do this, we may transfer the relevant information – which may also be personal – to third parties who enable such advertising. We can also determine whether our advertising is successful, in particular whether it leads to visits to our website (conversion tracking).
Third parties with whom we advertise and with whom you are registered as a user may be able to associate your use of our website with your profile there.
We use in particular:
- Google Ads: search engine advertising; provider: Google; Google Ads-specific information: Advertising based, among other things, on search queries, using various domain names – in particular doubleclick.net, googleadservices.com and googlesyndication.com – for Google Ads, Privacy Policy for Advertising, “Manage display advertising directly through Ads”.
- LinkedIn Ads: social media advertising; providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); data protection information: remarketing and targeting, in particular with the LinkedIn Insight tag, ‘data protection’, privacy policy, cookie policy, objection to personalized advertising.
- Meta ads: social media advertising on Facebook and Instagram; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the US); data protection information: targeting, including retargeting, in particular with the Meta pixel and with custom audiences including lookalike audiences, privacy policy, ‘advertising preferences’ (user registration required).
15. Extensions for the website
We use extensions for our website to be able to use additional functions. We can use selected services from suitable providers or use such extensions on our own digital infrastructure.
- Jetpack: Various functions for the free blog software WordPress in the form of modules; providers: Automattic Inc. (USA) / Aut O’Mattic A8C Ireland Ltd. (Ireland) for users in Europe, among other places; information on data protection: Privacy Notice for Visitors to Our Users’ Sites, Privacy Policy (by Automattic), “Jetpack Privacy Center”, Cookie Policy (Jetpack), Cookie Policy (Automattic).
16. Performance and reach measurement
We try to measure the success and reach of our activities and operations. In doing so, we may also measure the effectiveness of third-party notices or test how different parts or versions of our digital presence are used (“A/B testing” method). Based on the results of the success and reach measurement, we can in particular correct errors, strengthen popular content or make improvements.
In most cases, the IP addresses of individual users are recorded to measure performance and reach. In this case, IP addresses are always truncated (“IP masking”) in order to follow the principle of data economy through the corresponding pseudonymization.
Cookies may be used and user profiles created to measure performance and reach. Any user profiles created include, for example, the individual pages visited or content viewed on our digital presence, information on the size of the screen or browser window and the – at least approximate – location. As a general rule, any user profiles created are exclusively pseudonymized and are not used to identify individual users. Individual third-party services for which users are registered may associate the use of our online services with the user account or user profile for the respective service.
In particular, we use:
- Clarity: Recording and evaluation of user behavior on websites; provider: Microsoft; Clarity-specific information on data protection: “What data does Clarity collect?”, “Data Retention”, Cookie Policy.
- Google Marketing Platform: Performance and reach measurement, in particular with Google Analytics; Provider: Google; Google Marketing Platform-specific information: Measurement also across different browsers and devices (cross-device tracking) with pseudonymized IP addresses, which are only in exceptional cases transmitted in full to Google in the USA, Privacy Policy for Google Analytics, “Browser Add-on to disable Google Analytics”.
- Google Tag Manager: integration and administration of Google and third-party services, in particular for measuring success and reach; provider: Google; Google Tag Manager-specific information: Privacy Policy for Google Tag Manager; further information on data protection can be found in the individual integrated and managed services.
- Hotjar: Recording of user behavior; provider: Hotjar Ltd. (Malta); data protection information: recording without reference to individual website visitors, for example in relation to movements and clicks with a mouse or with another input option, ‘Data protection and Hotjar’, ‘Data protection’, data protection declaration, cookie guidelines, ‘Security’.
- Jetpack Stats: Performance and reach measurement; providers: Automattic Inc. (USA) / Aut O’Mattic A8C Ireland Ltd. (Ireland) for users in Europe, among other places; data protection information: Jetpack extension module for the free blog software WordPress, Privacy Notice for Visitors to Our Users’ Sites, data protection declaration (by Automattic), “Jetpack Privacy Center”, cookie policy.
- Leadfeeder: Identification of companies for possible pre-contractual measures (“Lead Generation”); Provider: Liidio Oy (Finland); Information on data protection: Privacy Policy, Privacy Policy for “Leadfeeder Contacts”, Cookie Policy.
17. Final notes on the data protection declaration
We have created this data protection declaration with the data protection generator from data protection partners.
We can update this privacy policy at any time. We will provide information about updates in a suitable form, in particular by publishing the current data protection declaration on our website.