In this data protection declaration we, Poinz AG (CHE-454.711.179) (hereinafter Poinz, we or us), explain how we collect and process personal data. This is not a complete description; where applicable, other data protection declarations or general terms and conditions, conditions of participation and similar documents regulate specific facts. Personal data means all information that relates to an identified or identifiable person.This data protection declaration is based on the EU General Data Protection Regulation (GDPR). Although the GDPR is an EU regulation, it is important to us. The Swiss Data Protection Act (DPA) is heavily influenced by EU law and companies located outside the EU or EEA must comply with the GDPR in certain circumstances.

This data protection declaration, in its current version, is an integral part of the terms of use and general terms and conditions of Poinz AG.

The person responsible for the data processing described here is Poinz AG, Manessestrasse 170, 8045 Zurich, unless otherwise specified in the individual case. If you have any questions regarding data protection, you can contact us at the following address: Poinz AG, Manessestrasse 170, 8045 Zurich; e-mail: info@poinz.ch

We primarily process personal data that we receive from our customers, subscribers and other business partners in the course of our business relations with them and other persons involved or that we collect from their users during the operation of our websites, applications and other applications, such as in particular first name, surname, e-mail, address, gender, date of birth.In addition to the data that you provide directly to us, such as your contact details, the categories of personal data include in particular your addresses and, where applicable, your interests and other socio-demographic data (for marketing purposes) and data relating to the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and its settings, cookies, date and time of the visit, pages and content viewed, functions used, referring website, location data).

We use the personal data we collect primarily to conclude and fulfil our contracts with our customers, subscribers and other business partners, in particular in connection with access to our applications, and to fulfil our legal obligations in Switzerland and abroad. If you work for such a customer, subscriber or business partner, your personal data may naturally also be involved in this function.In addition, we process your personal data and that of other persons, insofar as this is permitted and we consider it appropriate, for the following purposes, in which we (and sometimes also third parties) have a legitimate interest corresponding to the purpose:Provision and development of our offers, services and websites, if applicable apps and other platforms on which we are present;Examination and optimisation of needs analysis procedures for the purpose of direct customer approach as well as collection of personal data from publicly available sources for the purpose of customer acquisition;Advertising and marketing (including the organisation of events), insofar as you have not objected to the use of your data (if we send you advertising as an existing customer, you may object at any time, in which case we will put you on an objection list for further advertising);To assert legal rights and defend ourselves in legal disputes and administrative proceedings;To ensure our operation, in particular the IT, our websites, applications and other platforms;the purchase and sale of business areas, companies or parts of companies and other transactions under company law and the related transfer of personal data, as well as business management measures and, to the extent necessary, compliance with legal and regulatory obligations.If you have given us your consent to process your personal data for specific purposes (e.g. by signing up to receive newsletters), we process your personal data in the context of and on the basis of that consent, insofar as we have no other legal basis and we need such a basis. A given consent can be revoked at any time, but this has no effect on data processing that has already taken place.

We may typically use "cookies" and similar techniques on our websites that identify your browser or device. A cookie is a small file sent to your computer or automatically saved on your computer or mobile device by the web browser you use when you visit our website. It allows us to recognise you when you return to the site, even if we do not know who you are. In addition to cookies that are only used during a session and are deleted after your visit to the website ("session cookies"), cookies can also be used to store user preferences and other information for a specific period of time (e.g. two years) ("permanent cookies"). However, you can set your browser to refuse cookies, to store them only for one session or to delete them prematurely. Most browsers are preset to accept cookies. Cookies help us to better understand how you use our offers and content so that we can provide you with offers and advertisements tailored to your needs. Some cookies are placed by us, others by contractual partners we work with. If you block cookies, some features (such as language selection, shopping cart, ordering processes) may not work. In our newsletters and other marketing e-mails, we also include visible and invisible visual elements in part and to the extent permitted, whose retrieval by our servers enables us to know if and when you have opened the e-mail, so that we can also measure and better understand how you use our offers and adapt them to you. You can block this in your email program; most are preset for you to do so.By using our websites and agreeing to receive newsletters and other marketing emails, you consent to the use of these techniques. If you do not wish to do so, you should configure your browser or email program accordingly.We sometimes use Google Analytics or comparable services on our websites. This is a service provided by third parties, who may be located in any country in the world (in the case of Google Analytics, this is Google LLC in the USA, www.google.com), which enables us to measure and evaluate the use of the website (in a non-personal way). For this purpose, permanent cookies are also used, which are placed by the service provider. The service provider does not receive any personal data from us (nor does it store IP addresses), but it can track your use of the website, combine this data with that of other websites you have visited which are also tracked by the service provider, and use this knowledge for its own purposes (e.g. advertising control). Insofar as you have registered with the service provider, the service provider also knows you. The processing of your personal data by the service provider takes place under the responsibility of the service provider in accordance with its data protection regulations. The service provider only informs us of how our website is used (no information about you personally).We also use plug-ins from social networks such as Facebook, Twitter or Instagram on our websites. You can see this (usually via corresponding symbols). We have configured these elements so that they are disabled by default. If you activate them (by clicking on them), the operators of the relevant social networks can register that you are on our website and where and can use this information for their own purposes. The processing of your personal data is then carried out under the responsibility of this operator in accordance with their data protection regulations. We do not receive any information about you from them.

In the course of our business activities and for the purposes mentioned in point 3, we also pass on data to third parties, insofar as this is permitted and seems appropriate to us, either because they process it for us or because they wish to use it for their own purposes. This includes in particular the following entities:Our customers with whom subscribers wish to make contact;our service providers, including subcontractors (such as IT service providers) (hereinafter the recipients).These recipients are partly located within the country, but may be located anywhere in the world. In particular, you should expect your data to be transferred to all countries where the service providers we use are located. If we transfer data to a country that does not have adequate legal data protection, we will, as required by law, ensure an appropriate level of protection through the use of adequate contracts (e.g. on the basis of the European Commission's standard contractual clauses) or rely on legal exceptions such as consent, contractual performance, the establishment, exercise or defence of legal claims, overriding public interests, published personal data, or because it is necessary to protect the integrity of data subjects. You can obtain a copy of the contractual guarantees mentioned at any time from the contact person mentioned in point 1. However, we reserve the right to black out copies or to provide only extracts for reasons of data protection or confidentiality.

We process and store your personal data for as long as is necessary to fulfil our contractual and legal obligations or to achieve the purposes of the processing, i.e. for the duration of the entire business relationship (from the initiation, course and termination of a contract) as well as beyond that, in accordance with legal retention and documentation obligations. In this context, personal data may be retained for the period during which claims can be made against our company and insofar as we are otherwise obliged to do so by law or if legitimate business interests so require (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or made anonymous as far as possible. For operational data (e.g. system protocols, logs), shorter storage periods of twelve months or less apply in principle.

We take appropriate technical and organisational security measures to protect your personal data against unauthorised access and misuse, such as computer and network security solutions, access controls and restrictions, and encryption of data carriers and transmissions.

We take appropriate technical and organisational security measures to protect your personal data against unauthorised access and misuse, such as computer and network security solutions, access controls and restrictions, and encryption of data carriers and transmissions.

As part of our business relationship, you are required to provide the personal data necessary to establish and perform a business relationship and to fulfil the contractual obligations associated with it (you are generally not legally obliged to provide data to us). Without this data, we will generally not be able to enter into or perform a contract with you (or the organisation or person you represent). Similarly, the website cannot be used if certain data that enables data traffic to be monitored (such as the IP address) is not disclosed.

Within the framework of the data protection legislation applicable to you and insofar as it so provides (such as in the case of the RGPD), you have the right to obtain information, rectify, delete, restrict the processing of data and object to our data processing, as well as to request the handover of certain personal data for transfer to another organisation (so-called data portability). Please note, however, that we reserve the right to assert legal restrictions on our part, for example if we are obliged to store or process certain data, if we have an overriding interest in doing so (insofar as we are able to invoke it) or if we need to assert rights. We will inform you in advance if there are costs involved. We have already informed you in section 3 about the possibility of revoking your consent. Please note that the exercise of these rights may conflict with contractual agreements and that this may have consequences such as early termination of the contract or costs. In this case, we will inform you in advance if this is not already provided for in the contract.The exercise of such rights generally requires that you clearly prove your identity (e.g. by a copy of an identity document, if your identity is not clear or cannot be verified otherwise). To assert your rights, you can contact us at the address given in point 1.In addition, every data subject has the right to assert his or her rights in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

We may amend this data protection declaration at any time and without prior notice. The current version published on our website is authoritative. If the data protection declaration is part of an agreement with you, we will inform you of the change by e-mail or other appropriate means in the event of an update.Valid from 13.08.2018