Data Privacy
Table of Content
1. What is the purpose of this Data Privacy Policy?
2. Who is responsible for processing your data?
3. What data do we process?
4. For what purposes do we process your data?
5. On what basis do we process your data?
6. What applies to profiling and automated individual decisions?
7. Who do we disclose your data to?
8. Does your personal data also end up abroad?
9. How long do we process your data?
10. How do we protect your data?
11. What rights do you have?
12. Do we use online tracking and online advertising techniques?
13. Can this privacy policy be changed?
1. What is the purpose of this Data Privacy Policy?
STARTUPS.CH Ltd. (hereinafter also "we", "us") obtains and processes personal data relating to you or also other persons (so-called "third parties"). We use the term "data" here synonymously with "personal data" or "personal-related data".
In this Data Privacy Policy, we describe what we do with your information when you use www.startups.ch, other of our websites or our apps (collectively, the "Website"), obtain our services or products, otherwise interact with us under a contract, communicate with us or otherwise deal with us. Where appropriate, we will provide you with timely written notice of additional pro-cessing activities not mentioned in this Data Privacy Policy. In addition, we may inform you separately about the processing of your data, e.g. in consent forms, contract terms, additional privacy statements, forms and notices.
This privacy policy is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR") and the Swiss Data Protection Act ( "DSG" ). However, whether and to what ex-tent these laws are applicable depends on the individual case.
2. Who is responsible for processing your data?
The STARTUPS.CH Ltd. Neuwiesenstrasse 15, 8400 Winterthur (the "[company]") is responsible for the data processing described in this Data Privacy Policy, unless otherwise communicated in individual cases.
You can contact us for your data privacy concerns and to exercise your rights in accordance with para. 11 you can reach us as follows:
By post
STARTUPS.CH AG
Postfach
8401 Winterthur
Schweiz
or via e-mail to :
info@startups.ch
3. What data do we process?
We process different categories of data about you. The main categories are as follows:
Technical data: When you use our website or other electronic offerings, we collect the IP address of your terminal device and other technical data to ensure the functionality and security of these offerings. This data also includes logs recording the use of our systems. We generally retain tech-nical data for 6 months. In order to ensure the functionality of these offers, we may also assign an individual code to you or your end device. The technical data in itself does not allow any conclu-sions to be drawn about your identity. However, in the context of user accounts, registrations, access controls or the processing of contracts, they can be linked to other data categories (and thus possibly to your person).
Registration data: Certain offers and services can only be used with a user account or registration, which can be done directly with us or via our external login service providers. In doing so, you must provide us with certain data and we collect data about the use of the offer or service. We generally retain registration data for 12 months after the end of the use of the service or the ter-mination of the user account.
Communication data: If you are in contact with us via the contact form, e-mail, phone, letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the marginal data of the communication. If we want or need to establish your identity, we collect data to identify you (e.g. a copy of an identity document). We usually keep this data for 12 months from the last exchange with you. This period may be longer where this is necessary for reasons of proof or to comply with legal or contractual requirements, or for technical reasons. E-mails in personal mailboxes and written correspondence are generally kept for at least 10 years.
Master data: We use the term master data to refer to the basic data that we need in addition to the contract data (see below) to process our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details and information e.g. about your role and function, your bank account(s), your date of birth or customer history. We process your master data if you are a customer or other business contact or are working for one (e.g. as a business partner contact), or because we want to contact you for our own purposes or the pur-poses of a contractual partner (e.g. as part of marketing and advertising). We receive master data from you yourself (e.g. when making a purchase or as part of a registration), from bodies for which you work or from third parties such as our contractual partners, associations and address dealers and from publicly accessible sources such as public registers or the Internet (websites, etc.). We generally keep this data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons . For pure marketing and advertising contacts, the period is usually much shorter, usually no more than 2 years since the last contact.
Contract data: This is data that arises in connection with the conclusion or processing of a con-tract, e.g. information about contracts and the services to be provided or provided, as well as data from the run-up to the conclusion of a contract, the information required or used for processing and information about reactions . We generally collect this data from you, from contractual part-ners and from third parties involved in the processing of the contract, but also from third party sources (e.g. providers of creditworthiness data) and from publicly accessible sources. We gener-ally keep this data for 10 years from the last contractual activity, but at least from the end of the contract. This period may be longer if this is necessary for reasons of evidence or to comply with legal or contractual requirements or for technical reasons.
Many of the measures described in this para. 3 you disclose to us yourself (e.g. via forms, in the course of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases n. If you wish to enter into contracts with us or claim services, you must also provide us with data, in particular master data, contract data and registration data, as part of your contractual obligation under the relevant contract. When using our website, the processing of technical data is unavoidable.
Insofar as this is not inadmissible, we also take data from publicly accessible sources or receive data from authorities and other third parties.
4. For what purposes do we process your data?
We process your data for the purposes we explain below. These purposes, or the purposes under-lying them, represent legitimate interests of us and, where applicable, of third parties.
We process your data for purposes related to communication with you, in particular to answer enquiries and assert your rights and to contact you in the event of queries. For this purpose, we use in particular communication data and master data and, in connection with offers and services used by you, also registration data. We retain this data to document our communication with you, for training purposes, for quality assurance and for follow-up enquiries.
We further process data for, among other things, the initiation, administration and processing of contractual relationships, for marketing purposes and to maintain relationships, for market re-search, to improve our services and our operations, for product development, to comply with laws, directives and recommendations from authorities and internal regulations (compliance) and for other purposes, e.g. as part of our internal processes and administration.
5. On what basis do we process your data?
Insofar as we ask for your consent for certain processing, we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time with effect for the future by written notification (by post) or, unless otherwise stated or agreed, by e-mail to us; you will find our contact details in section 2. 2. For the revocation of your consent in the case of online tracking, see para. 12. where you have a user account, revocation or contacting us may also be possible via the relevant website or other service. Once we have received notice of the revocation of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. The revocation of your con-sent will not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Where we do not ask for your consent to process your personal data, we base the processing of your personal data on the fact that the processing is necessary for the initiation or performance of a contract with you (or the entity you represent) or that we or third parties have a legitimate in-terest in doing so, in particular in order to fulfil the obligations set out in section 4 above. 4 and related objectives described above and to be able to take appropriate action. Our legitimate inter-ests also include compliance with legal regulations, insofar as this is not already recognised as a legal basis by the respective applicable data protection law.
In individual cases, other legal grounds may come into play, which we will communicate to you separately where necessary.
6. What applies to profiling and automated individual decisions?
We may add certain of your personal attributes to those listed in para. 4 using your data for the purposes set out in section 4. 3) ("profiling"), if we want to determine preference data , but also to determine abuse and security risks, to carry out statistical evaluations or for operational plan-ning purposes. For the same purposes, we can also create profiles, i.e. we can combine behav-ioural and preference data, but also master and contract data and technical data assigned to you, in order to better understand you as a person with your different interests and other characteris-tics.
In both cases, we pay attention to the proportionality and reliability of the results and take measures against misuse of these profiles or profiling. If these can have legal effects or significant disadvantages for you, we generally provide for a manual review.
7. Who do we disclose your data to?
In connection with our contracts, the website, our services and products, our legal obligations or otherwise in order to protect our legitimate interests and the other interests set out in section 4. 4 we also transfer your personal data to third parties, in particular to the following categories of recipients:
Service providers: We work with service providers in Switzerland and abroad who process data about you on our behalf or under joint responsibility with us, or who receive data about you from us under their own responsibility.
Authorities: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests.
Contractual partners including clients: First of all, this refers to our customers (e.g. service recipi-ents) and other contractual partners, because this data transfer results from these contracts. If you work for such a contractual partner yourself, we may also transfer data about you to them in this context. The recipients also include contractual partners with whom we cooperate. We share your data with our partners (third parties) in order to provide you with the best possible service. Where we work with banks, the disclosure of data allows conclusions to be drawn about a potential banking relationship. Partner banks may also notify us to confirm the successful conclusion of a new banking relationship. To this extent, you release the bank(s) concerned from the obligation to maintain bank customer confidentiality and data protection. If we pass on data to external service providers, technical and organizational measures will be taken to ensure that the data is passed on in compliance with the statutory provisions on data protection. If you voluntarily provide us with personal or company-related data, we will not use, process or pass on this data beyond the scope permitted by law or specified by you in a declaration of consent. Furthermore, we will only pass on your data to external service providers if this is necessary for the processing of the contract and they have agreed to the corresponding confidentiality and due diligence regulations. Furthermore, we will only pass on your data if we are obliged to do so by law or by official or court orders.
Other persons: This refers to other cases where the inclusion of third parties arises from the pur-poses set out in para. 4 results.
All these categories of recipients may in turn involve third parties, so that your data may also be-come accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
8. Does your personal data also end up abroad?
As described in para. 7 we also disclose data to other bodies. These are not only located in Swit-zerland. Your data may therefore be processed in Europe and in other countries.
If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj? ), insofar as it is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption pro-vision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented or if it is a matter of data that you have made generally accessible and you have not objected to its processing.
Please also note that data exchanged via the internet is often routed via third countries. Your data can therefore end up abroad even if the sender and recipient are in the same country.
Facebook may use this information for the purpose of advertising, market research and demand-oriented design of the Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.
You can find further information on this in the Facebook privacy policy at https://www.facebook.com/about/privacy/.
If you do not want Facebook to be able to assign visits to our pages to your Facebook user account, please log out of your Facebook user account before using our website.
9. How long do we process your data?
We process your data for as long as our processing purposes, the legal saving periods and our legitimate interests in processing for documentation and evidence purposes require or saving is technically necessary. Further information on the respective retention and processing duration can be found under the individual data categories in section 3. 3 or for the cookie categories in para. 12. If there are no legal or contractual obligations to the contrary, we will delete or anony-mise your data after the saving or processing period has expired as part of our normal processes.
10. How do we protect your data?
We take reasonable security measures to maintain the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing and to protect against the risks of loss, accidental alteration, unauthorised disclosure or access.
You can find this information at: http://www.linkedin.com/legal/privacy-policy.
11. What rights do you have?
To help you control the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:
- The right to request information from us as to whether and which of your data we are pro-cessing;
- the right to have us correct data if it is inaccurate;
- the right to request the deletion of data;
- the right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller;
- the right to revoke consent insofar as our processing is based on your consent;
- the right to obtain, on request, further information necessary for the exercise of these rights;
- the right to make individual decisions in the case of automated individual decisions (para. 6) to express your point of view and to request that the decision be reviewed by a natural person.
If you wish to exercise any of the above rights against us, please contact us in writing, at our premises or, unless otherwise stated or agreed, by email; our contact details are set out in para. 2. In order for us to be able to exclude abuse, we must identify you (e.g. with a copy of your identity card, unless otherwise possible).
Please note that conditions, exceptions or restrictions apply to these rights under applicable data protection law (e.g. to protect third parties or trade secrets). We will inform you accordingly if necessary.
If you do not agree with our handling of your rights or data protection, please let us know (para. 2). In particular, if you are in the EEA, the UK or Switzerland, you also have the right to complain to the data protection supervisory authority in your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de. You can reach the UK supervisory authority here: https://ico.org.uk/global/contact-us/. You can reach the Swiss super-visory authority here: https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/adresse.html.
12. Do we use online tracking and online advertising techniques?
We use various technologies on our website that enable us and third parties we have engaged to recognise you when you use our website and, in some circumstances, to track you across multiple visits. We inform you about this in this section.
In essence, this is so that we can distinguish accesses by you (via your system) from accesses by other users, so that we can ensure the functionality of the website and carry out evaluations and personalisation. In doing so, we do not want to infer your identity, even if we can do so insofar as we or third parties engaged by us can identify you through a combination with registration data. Even without registration data, however, the technologies used are designed in such a way that you are recognised as an individual visitor each time you access the site, for example by our server (or the servers of the third parties) assigning you or your browser a specific identification number (so-called "cookie").
We use such techniques on our website and allow certain third parties to do so as well. You can program your browser to block, deceive or delete existing cookies from certain cookies or alterna-tive techniques. You can also enhance your browser with software that blocks tracking by certain third parties. You can find more information about this on the help pages of your browser (usually under the keyword "data protection") or on the websites of the third parties that we list below.
A distinction is made between the following cookies (techniques with comparable functions such as fingerprinting are included here):
Necessary cookies: Some cookies are necessary for the website to function as such or for certain functions. For example, they ensure that you can switch between pages without losing infor-mation entered in a form. They also ensure that you remain logged in. These cookies are only temporary ("session cookies"). If you block them, the website may not work. Other cookies are necessary so that the server can save decisions or entries made by you beyond one session (i.e. one visit to the website) if you use this function (e.g. language selected, consent given, the func-tion for automatic login etc.). These cookies have an expiry date of up to 24 months.
Performance cookies: In order to optimise our website and corresponding offers and to better adapt them to the needs of users, we use cookies to record and analyse the use of our website, possibly even beyond the session. We do this through the use of third-party analytics services. We have listed these below. Performance cookies also have an expiry date of up to 24 months. Details can be found on the websites of the third-party providers.
Marketing cookies: We and our advertising partners have an interest in targeting advertising, i.e. displaying it only to those we want to target. We have listed our advertising partners below. For this purpose, we and our advertising partners also use cookies - if you consent - which can be used to record the content accessed or contracts concluded. This allows us and our advertising partners to display advertisements that we think you may be interested in on our website, but also on other websites that display advertisements from us or our advertising partners. These cookies have an expiry date of between a few days and 12 months depending on the situation. If you consent to the use of these cookies, you will be shown appropriate advertising. If you do not consent to these cookies, you will not see less advertising, but simply any other advertising.
In addition to marketing cookies, we use other techniques to control online advertising on other websites and thereby reduce wastage. For example, we can transmit the email addresses of our users, customers and other persons to whom we want to display advertising to the operators of advertising platforms (e.g. social media). If these persons are registered there with the same e-mail address (which the advertising platforms determine through a comparison), the operators show the advertising placed by us to these persons in a targeted manner. The operators do not receive personal e-mail addresses of persons who are not already known. In the case of known email addresses, however, they learn that these persons are in contact with us and which content they have accessed.
We may also integrate further third-party offers on our website, in particular from social media providers. These offers are deactivated by default. As soon as you activate them (e.g. by clicking a button), the corresponding providers can determine that you are on our website. If you have an account with the social media provider, they can assign this information to you and thus track your use of online offers. These social media providers process this data on their own responsibility.
We currently use offers from the following service providers and advertising contract partners (insofar as they use data from you or cookies set on your computer for advertising purposes):
Google Analytics: Google Ireland (based in Ireland) is the provider of the "Google Analytics" service and acts as our order processor. Google Ireland relies on Google LLC (based in the USA) as its order processor (both "Google"). Google uses performance cookies (see above) to track the be-haviour of visitors to our website (duration, frequency of pages viewed, geographical origin of access, etc.) and compiles reports for us on the use of our website on this basis. We have config-ured the service in such a way that the IP addresses of visitors are shortened by Google in Europe before being forwarded to the USA and thus cannot be traced. We have switched off the "Data sharing" and "Signals" settings. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can draw conclusions about the identity of visitors from this data for its own purposes, create personal profiles and link this data to the Google accounts of these individuals. If you consent to the use of Google Analytics, you explicitly agree to such processing, which also includes the transfer of personal data (in particular usage data for the website and app, device information and individual IDs) to the USA and other countries. Information on the data protection of Google Analytics can be found here [https://support.google.com/analytics/answer/6004245] and if you have a Google account, you can find further details on processing by Google here [https://policies.google.com/technologies/partner-sites?hl=de].
Google AdSense: Our website uses Google AdSense, an advertising integration service provided by Google Inc ("Google"). For this ad integration service, Google AdSense uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. In ad-dition, Google AdSense also uses web beacons (invisible graphics). Based on the web beacons, information such as visitor traffic on websites can be evaluated. Cookies and web beacons are used to generate information about the use of our website, including your IP address. The delivery of advertising formats is then transmitted to a Google server in the USA and stored there, as with Google Analytics. The stored information may then be passed on by Google to their contrac-tual partners. Nevertheless, the information collected by Google about your IP address will not be merged with other data stored by you. If this collection of information based on your visit to our site is not in your interest, you can prevent the storage or installation of cookies by selecting the appropriate settings in your browser software. At the same time, we would like to inform you that in this case you will not be able to use all the functions of this website to their full extent. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
X: Plug-ins of the short message network X Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA are integrated on our website. You can recognise the X plug-ins (Tweet button) by the X logo on our site. You can find an overview of the Tweet button at https://dev.X.com/. When you call up a page of our website that contains such a plug-in, a direct connection is established between your browser and the X server. X thereby receives the information that you have visited our site with your IP address. If you click the "Tweet button" while you are logged into your X ac-count, you can link the content of our pages on your X profile. This enables X to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by X. You can find more information on this in X's privacy policy. If you do not want X to be able to associate your visit to our pages, please log out of your X user account.
Linkedin: Plug-ins of the social network LinkedIn of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter "LinkedIn") are integrated on our website. You can recognise the LinkedIn plug-ins by the LinkedIn logo or the "Recommend" button on our site. When you visit our pages, a direct connection is established between your browser and the LinkedIn server via the plug-in. LinkedIn thereby receives the information that you have visited our site with your IP address. If you click the LinkedIn "Recommend Button" while logged into your LinkedIn account, you can link the content of our pages on your LinkedIn profile. This enables LinkedIn to assign the visit to our pages to your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. Details on data collection (purpose, scope, further processing, use) as well as your rights and setting options can be found in LinkedIn's privacy policy. You can find this information at: http://www.linkedin.com/legal/privacy-policy..
Instagram: So-called social plug-ins from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"), are used on our website. The plug-ins are marked with an Instagram logo, for example in the form of an "Instagram camera". You can find an overview of the Instagram plug-ins and their appearance here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges. When you call up a page of our website that contains such a plug-in, your browser establishes a direct connec-tion to the servers of Instagram. The content of the plug-in is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the in-formation that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (in-cluding your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you interact with the plug-ins, for example by clicking the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed there to your contacts. For the purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your rights in this regard and setting options for protecting your privacy, please refer to Instagram's privacy policy: https://help.instagram.com/155833707900388/. If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram be-fore visiting our website. You can also completely prevent the loading of Instagram plug-ins with add-ons for your browser, e.g. with the script blocker "NoScript" (http://noscript.net/).
Facebook: Plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our pages. You can recognise these by the Facebook logo or the "Like" button on our site. You can find an overview of possible Facebook plugins at the following link: http://developers.facebook.com/docs/plugins/. Due to these Facebook plugins (Like button), a direct connection is established between your browser and the Facebook server if you visit our pages. Through your visit, Facebook receives information that you have visited our pages with your IP address. If you click on the Facebook "Like" button on our pages while you are logged into your Facebook account, the content of our pages will be linked to your Facebook profile. Conse-quently, Facebook can associate your visit to our site with your user account. We, as the service provider, point out that we, as the website provider, have no knowledge of the content of the transmitted data or its use by Facebook. Therefore, we refer to the following link to obtain further information regarding Facebook's privacy policy: http://de-de.facebook.com/policy.php. If you do not want Facebook to associate your visit to our website with your Facebook user account, we ask you to log out of your Facebook user account when you visit our website.
Pinterest: We use the pinterest.com service on our website. Pinterest.com is a service of Pinter-est, Inc., 808 Brannan St, San Francisco, CA 94103, USA. Through the integrated "Pin it" button on our site, Pinterest receives the information that you have accessed the corresponding page of our website. If you are logged in to Pinterest, Pinterest can assign this visit to our site to your Pin-terest account and thus link the data. The data transmitted by clicking the "Pin it" button is stored by Pinterest. For more information on the purpose and scope of data collection, its processing and use, as well as your rights in this regard and setting options for protecting your privacy, please refer to the Pinterest privacy policy, which you can access at http://pinterest.com/about/privacy/. To prevent Pinterest from associating your visit to our website with your Pinterest account, you must log out of your Pinterest account before visiting our website.
YouTube: Our Internet pages contain at least one plug-in from YouTube, which belongs to Google Inc. San Bruno, CA 94066 USA. As soon as you visit a page of our website that is equipped with a YouTube plug-in, a connection to the YouTube servers is established. In the process, the YouTube server is informed which particular page of our website you have visited. If, on top of this, you are logged into your YouTube account, you would enable YouTube to assign your surfing behaviour directly to your personal profile. You can negate this possibility of association if you log out of your account beforehand. For further information on the collection and use of your data by YouTube, please refer to the information on data protection at http://www.youtube.com/t/privacy.
13. Can this Data Privacy Policy be changed?
This Data Privacy Policy does not form part of any contract with you. We may amend this privacy policy at any time. The version published on this website is the current version.
Last update: September 1st 2023