Privacy Policy of Pexapark AG

Version 07 July 2020

This Privacy Policy (“the Privacy Policy”) describes how Pexapark AG (“Pexapark,” “we,” “our” or “us”) collects, processes and shares personal data.

The term “personal data” or “data” in this Privacy Policy shall mean any data that identifies, or could reasonably be used to identify any person.

If you provide us with personal data of other persons (such as work colleagues, family members), please make sure the respective persons are aware of this Privacy Policy and only provide us with their data if you are allowed to do so and such personal data is correct.

This Privacy Policy is in line with the EU General Data Protection Regulation (GDPR). Although the GDPR is a regulation of the European Union (EU), it may be relevant for us. The Swiss data protection legislation (FADP) is heavily influenced by the law of the European Union. In addition, companies outside of the European Union or the European Economic Area (EEA) must comply with the GDPR in certain cases.

1. CONTROLLER, DATA PROTECTION OFFICER AND REPRESENTATIVE

I. Controller . The “controller” of data processing as described in this Privacy Policy is Pexapark AG, Wiesenstrasse 5, 8952 Schlieren, Switzerland, registered under the company number CHE-217.794.473 in the Commercial Register Canton of Zurich/Switzerland.

II. Data Protection Officer. You can notify us of any data protection related concerns using the following contact details: Florian Müller, dpo@pexapark.com, who is our data protection officer pursuant to art. 37 GDPR.

III. Representative in the EU. Our representative in the EU according to art. 27 GDPR is: VGS Datenschutzpartner UG, Am Kaiserkai 69, 20457 Hamburg, Germany, info@datenschutzpartner.eu

2. COLLECTION AND PROCESSING OF PERSONAL DATA & CONTENT

A. Personal Data You Provide to Us

We collect, process and share personal data of in connection with the use of websites and web applications, operated by us (including pexapark.com) (“Websites”) concerning Websites’ users (“users,” “you,” or “your”) from various sources, including: (i) data you provide through your user account on the Websites (your “Account”) if you register for the Websites; (ii) your use of the Websites; and (iii) from third-party websites, our partners and other users.

I. Account Registration . When you register for an Account, we ask for your contact data, including name, company name, address, email address, and telephone number.

II. Payment Information . When you share your financial account data during an order on our Websites, that data is directed to our third-party payment processor. We do not store your financial account data on our systems; however, we have access to, and may retain, subscriber data through our third-party payment processor.

III. User Content . Our Websites may allow you to publicly post content on them, such as Blog Post comments. By registering for our Websites, you agree that your personal data of your profile and the content you post may be viewed and used by other users and third parties we do not control.

IV. Communications . If you contact us directly, for example through a contact form, an email, or by phone, we may receive additional personal data about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other data you may choose to provide. We may also receive a confirmation when you open an email from us.

B. Personal Data We Collect When You Use Our Websites / Cookies

We use third-party partners to monitor and analyze the use our Websites through cookies and similar techniques.

“Cookies” and similar techniques allow for an identification of your browser or device. A cookie is a small text file that is sent to your computer or mobile device and collects your internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, landing page, referring URL, data on your use of our Websites, frequency of visits and other personal data related to your interactions with the Websites. Thereby we recognize you, when you revisit our Websites. Further, your configurations are stored for your convenience, for our understanding how you use our Websites and to enable us to show you customized information and advertisement. Finally, we use this data to operate the Websites, maintain and improve the performance and utilization of the Websites, develop new features, protect the security and safety of our Websites and provide user support. We also use this data to develop aggregate analysis.

Notwithstanding the foregoing, you may configure your browser settings in a way that it rejects cookies. Most browsers are preset to accept cookies. If you block cookies, it is possible that certain functions are no longer available to you.

For this purpose we use various services of Google Inc., such as Google Tag Manager, Google Analytics, Google Ads, as well as LinkedIn (LinkedIn pixel), Intercom, Mailchimp, and ConvertKit, which are all located in the United States. Also, we use Hotjar.

Google Tag Manager is a solution operated by Google LLC. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) that allows marketed website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register personal data. The tool causes other tags to be activated which may, for their part, register data under certain circumstances. Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager.

Google Analytics is a web analytics service that tracks and reports Websites traffic. Google uses the data collected to track and monitor the use of our Website for us, but further combines this data with data from other websites you have visited and may use this data for its own purposes or for third parties (e.g. advertisements), and shares this data with other Google services. If you have registered with Google, Google will know your identity and conduct the processing of your personal data in accordance with its data protection regulations ( https://policies.google.com/privacy?hl=en ). You can opt-out by installing the Google Analytics opt-out browser add-on.

Google Ads (AdWords) is used for behavioral remarketing services to advertise on third party websites to you after you visited our Websites. You can opt-out and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads

Use of Intercom Services (provided by Intercom, 55 2nd Street, 4th Floor,San Francisco, CA 94105, USA): We use third-party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as sign-up date and some personal information like your email address) to Intercom, Inc. (“Intercom”) and utilize Intercom to collect data for analytics purposes when you visit our website or use our product. As a data processor acting on our behalf, Intercom analyzes your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you.

Mailchimp (operated by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA) and Convertkit (operated by ConvertKit LLCm PO Box 761, 8301 Boise Idaho, USA) are mail service providers that we use to send out promotional and non-promotional E-mails to our customers and visitors of our websites. E-mails are sent out only after customers and visitors have opted in to receive them.

The LinkedIn pixel (operated by LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA) is used to track page views and conversions, and helps us in targeting our online advertising.

Hotjar (operated by Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) is used for analytics of user behavior inside web applications.

Further, we use the remarketing services of Bing Ads (operated by Microsoft Inc, One Microsoft Way, Redmond, WA 98052, USA), which is also located in the United States. You can opt-out of Bing Ads interest-based ads by following their instructions: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads .

C. Personal Date We Receive from Third Parties

I. As publicly available. We obtain certain personal data from publicly accessible sources (such as public registers, press, internet) or we may receive such data from other third parties (such as e.g. our business partners and service providers as well as your connections and discussions with other users).

II. Third-Party Accounts . If you choose to link our Websites to a third-party account, we will receive data about that account, such as your authentication token from the third-party account, to authorize linking. If you wish to limit the data available to us, you should visit the privacy settings of your third-party accounts to learn about your options.

III. Third-Parties . We may also receive publicly available data about you from third-parties and combine it with data that we have about you, such as described in Section 2.B. of this Privacy Policy.

3. PURPOSE OF DATA PROCESSING AND LEGAL GROUNDS

Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it. However, we will normally collect personal data from you only (i) where we need the personal data to perform a contract with you, such as the services described for which you opened your Account; (ii) where the processing is in our legitimate interests; or (iii) where we have your consent to do so. We have a legitimate interest in operating our Websites, to provide the services described on the Websites and communicating with you as necessary to provide these Websites, for example when providing you information, connecting you with other users, responding to your queries, analyzing content, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities.

In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person. If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).

In particular, we process your personal data for the following purposes:

  • Provide, operate, and maintain our Websites;
  • Improve, personalize, and expand our Websites;
  • Understand and analyze how you use our Websites;
  • Develop new products, services, features, functionality and information;
  • Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other data relating to the Websites, and for marketing and promotional purposes;
  • Connecting you with other users;
  • Process your transactions;
  • Send you text messages and push notifications;
  • Find and prevent fraud;
  • For compliance purposes, including enforcing our Terms of Service, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

If you have given us your consent to process your personal data for certain purposes (for example when opening an Account on our Websites), we will process your personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.

4. HOW WE SHARE PERSONAL DATA AND DISCLOSURE ABROAD

In the context of our business activities and in line with the purposes of the data processing set out in Section 3 above, we may transfer data to third parties, insofar as such a transfer is permitted and we deem it appropriate, in order for them to process data for us or, as the case may be, their own purposes. In particular, the following categories of recipients may be concerned:

A. Vendors and Service Providers . We may share data with third-party vendors and service providers that provide services on our behalf, such as helping to provide our Websites, for promotional and/or marketing purposes, and to provide you with information relevant to you such as product announcements, software updates, special offers, or other information.

B. Aggregate Data . Where legally permissible, we may use and share data about users with our partners in aggregated or de-identified form that can’t reasonably be used to identify you.

C. Third-Party Partners . We may also share data about users with third-party partners in order to receive additional publicly available data about you.

D. Analytics . We use analytics providers such as described in Section 2.B. of this Privacy Policy.

E. Business Transfers . Data may be disclosed and otherwise transferred to any potential acquirer, successor, or assignee as part of any proposed merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of insolvency, bankruptcy, or receivership in which data is transferred to one or more third parties as one of our business assets.

F. As Required By Law and Similar Disclosures . We may also share data to (i) satisfy any applicable law, regulation, legal process, or governmental request; (ii) enforce this Privacy Policy and our Terms of Service, including investigation of potential violations hereof; (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) respond to your requests; or (v) protect our rights, property or safety, our users and the public. This includes exchanging data with other companies and organizations for fraud protection and spam/malware prevention.

G. Other Users. Apart from the provision of information, we provide a networking platform, correspondingly, your personal data that you enter there as part of your profile is shared with other users of our Websites.

H. With Your Consent . We may share data with your consent.

The recipients may be located in any country worldwide. In particular, you must anticipate your data to be transmitted to any country, including countries without adequate data protection legislation. If we transfer data to a countries without adequate legal data protection, we ensure an appropriate level of protection as legally required by way of using appropriate contracts or we rely on the statutory exceptions of consent, performance of contracts, provision of described services, overriding public interests or published personal data.

5. THIRD-PARTY SERVICES

You may access other third-party services through the Websites, for example by clicking on links to those third-party services from within the Websites. We are not responsible for the privacy policies and/or practices of these third-party services, and we encourage you to carefully review their privacy policies.

6. DATA SECURITY

We are committed to protecting your personal data. To do so, we employ a variety of security technologies and measures designed to protect data from unauthorized access, use, or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.

7. DATA RETENTION

We retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, as long as you have an Account with us and we provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

8. ACCESS

If you have opened an Account, you may access certain personal associated with your Account by logging into our Websites or emailing our data protection officer at the email address provided in Section 1.II. of this Privacy Policy. If you terminate your Account, any public activity on your Account prior to deletion may remain stored on our servers and may remain accessible to the public.

To protect your privacy and security, we may also take reasonable steps to verify your identity before updating or removing your data. The data you provide us may be archived or stored periodically by us according to backup processes conducted in the ordinary course of business for disaster recovery purposes. Your ability to access and correct your data may be temporarily limited where access and correction could: inhibit Pexapark’s ability to comply with a legal obligation; inhibit Pexapark’s ability to investigate, make or defend legal claims; result in disclosure of personal data about a third party; or result in breach of a contract or disclosure of trade secrets or other proprietary business data belonging to Pexapark or a third party.

9. PROFILING

We may partially process your personal data automatically with the aim of evaluating certain personal aspects (profiling). In particular, profiling allows us to inform, connect and advise you more accurately.

10. YOUR DATA PROTECTION RIGHTS

You have the following rights:

  • to access, correct, update or to request deletion of your personal data.
  • to object to the processing of your personal data, to restrict the processing of your personal data.
  • to request portability of your personal data.
  • to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt- out of other forms of marketing, please contact us by email.
  • to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal data conducted in reliance on lawful processing grounds other than consent.
  • to complain to the competent data protection authority about our collection and use of your personal data. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner ( http://www.edoeb.admin.ch).

Exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents where your identity is not evident otherwise or can be verified in another way). In order to assert these rights, please contact our data protection officer at the email address provided in Section 1.II. of this Privacy Policy.

Further, please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims. If exercising certain rights will incur costs on you, we will notify you thereof in advance. Please further note that the exercise of these rights may be in conflict with your contractual obligations and this may result in consequences such as premature termination of your Account or involve costs. If this is the case, we will inform you in advance unless it has already been contractually agreed upon.

11. CHILDREN’S PRIVACY

Pexapark does not knowingly collect personal data from children under the age of 13. If you learn that a child has provided us with personal data in violation of this Privacy Policy, please alert us via email.

12. CHANGES TO THIS PRIVACY POLICY

We may amend this Privacy Policy at any time without prior notice. The current version published on our Websites shall apply.

If this Privacy Policy is part of an agreement with you, we will notify you by e-mail or other appropriate means in case of an amendment. If you are a paying customer under a contract with us and do not agree with such changes, you must object within 14 days of receiving such notification by email. In case you object, the contract shall terminate as per the next termination date. In case you do not object, the changes are considered to be accepted by you after the expiry of the 14 days from the notification.