Puzzle ITC
Privacy
General information
We take data protection very seriously and we only process your data in accordance with the applicable legal provisions. In this Privacy Policy, we will explain how we collect or otherwise process personal data. Personal data refers to all information relating to an identified or identifiable person.
This Privacy Policy is based on the EU General Data Protection Regulation (GDPR). Although the GDPR is a European Union (EU) regulation, it also affects Swiss companies in certain circumstances.
Responsible contacts
The following contacts are responsible for the data processing activities outlined in this Privacy Policy. You can use the addresses below for any data protection matters.
Puzzle ITC GmbH
Belpstrasse 37
3007 Bern
datenschutz@puzzle.ch
Tel. +41 31 370 22 00
Data protection officer
We have appointed a data protection officer in our company. You can reach him at the following email address:
EU representative
We have appointed a representative for data protection matters in the EU. You can reach this person at the following address:
Puzzle ITC Deutschland GmbH
Eisenbahnstrasse 1
DE-72072 Tübingen
General principles
Processing personal data
We primarily process personal data that we collect when operating our website or other applications or that we collect as part of our business relationships with our customers or other business partners from said parties and other persons involved.
We primarily collect your personal data directly from you. Under certain circumstances, we may also receive personal data concerning you from third parties. This data may include the following categories:
- Information from publicly accessible sources (e.g. media, internet)
- Information from public registers (e.g. commercial register, debt collection register, land register)
- information relating to official or judicial proceedings
- Information concerning your professional functions and activities
- Information about you in correspondence and discussions with third parties
- Credit rating information (where we are conducting personal business with you)
- Information about you that people in your circle give us so that we can conclude or process contracts with you (e.g. references, your address for deliveries, powers of attorney, information about compliance with legal requirements, bank details, insurance details, sales and other contractual partners)
- Information from media and the internet about your person (where necessary in a specific case, e.g. applications, press reviews, marketing, sales etc.)
- Information relating to website usage (e.g. IP address, MAC address of smartphone or computer, details about your device or settings, cookies, data and time of visit, pages and contents called up, functions used, referring websites, location details)
Purposes and legal bases of data processing
We process your data only for the purposes defined and only in legally permitted cases. Below, you will find the individual data processing activities on our website as well as the purposes and legal bases for processing the data.
The following reasons may apply as the legal basis:
- Your consent;
- Execution of a contract or pre-contractual measures;
- Fulfilment of legal provisions;
- Our legitimate interests, provided that your interests or basic rights do not override them;
- Safeguarding your vital interests or those of another person or performing a task in the public interest;
- Other relevant legal bases.
For each of the respective processing activities, you will find a reference to the legal bases.
If you have given us consent to process your personal data for specific purposes, we will process the data within the scope of this consent, provided that we do not have any other legal basis. You can revoke consent given previously at any time. This will not affect any data processing activities carried out in the past.
Disclosure of data
We may, under certain circumstances, require the services of third parties to provide our services and run our website. We may therefore outsource the processing of your personal data to third parties. In this case, we will ensure, contractually, that these third parties adhere to the data privacy requirements. We may also be obliged to disclose your data to authorities or other third parties.
We will only disclose your personal data if one of the following conditions applies:
You have given your consent;
A legal obligation applies;
- If necessary so that we can enforce our rights,
- in particular to enforce claims arising from the contractual relationship;
- If necessary to fulfil a contract or to carry out pre-contractual measures;
- If we have a legitimate interest and your contrary interests do not outweigh it;
- If some other legal permission applies.
In certain circumstances, your personal data may be also be transmitted to companies abroad for commissioned processing. These companies are under the same data privacy obligations as we are.
If the data privacy levels of the country to which the data is transmitted do not correspond to those of Switzerland or the European Union, we will contractually ensure that the same protection as in Switzerland or the European Union is guaranteed (e.g. using standard data protection clauses of a supervisory authority or other legally prescribed measures).
Retention period
We store personal data only for as long as is necessary to fulfil the individual purposes for which the data was collected in the first place. We store contractual data for a longer period because we are obliged to do so by law. These retention periods are set out by the legal provisions concerning the right to report suspicious activities, those concerning financial accounting and from applicable tax laws. Under these provisions, business communications, signed contracts and posting documents must be stored for up to 10 years. Provided that we no longer require your data to perform the services, that data will be blocked. In this case, we will only use the data for the purposes of financial accounting and taxes.
Data security
We take data security very seriously and apply appropriate technological and organisational security measures to protect your personal data from accidental or deliberate manipulation, loss, destruction or unauthorised access by third parties. We are continuously improving our security measures in line with technological developments.
Our website uses SSL (Secure Socket Layer) combined with the highest encryption level supported by your browser. You can tell if a particular page of our website is encrypted by a closed lock icon displayed on the status bar of your browser.
Obligation to provide certain personal data
In some instances, you may be obliged to disclose personal data to us in order to enter into a business relationship with us. This includes personal data that is required to enter into and conduct a business relationship and to fulfil the respective contractual obligations. Without such data, we are normally not in a position to enter into a contract with you (or the organisation or person you represent).
In addition, the website is usually not available for use unless certain details are disclosed to secure the data connection (such as the IP address).
Profiling
Some of your personal data is automatically processed in order to evaluate certain personal aspects (known as “profiling”). We use profiling in particular to provide targeted information or advice on certain services or products. To do so, we use evaluation instruments which enable us to communicate as required and to adopt appropriate advertising measures including market and opinion polls.
Your rights
You have the right to receive information from us about the specific personal data concerning you that has been collected and stored. You can also request that we correct any inaccurate information or that we delete personal data unless such requests are prevented by statutory retention obligations or a legal permission exists allowing such processing. Furthermore, in some cases, you can seek to restrict or object to the processing of your personal data. You also have the right to request that we return the data that you provided to us (right to data portability). You have the right to receive this data in a commonly used file format. We have already informed you above and in the corresponding data processing activities about your right to revoke your consent.
Please note that legal restrictions may, under certain circumstances, apply to the exercise of your rights. We reserve the right to assert these rights, e.g. when we are obliged to store or process certain data, have an overriding interest in this (provided we are permitted to assert it) or if we require them to fulfil legal claims. Please note that the exercise of your rights may conflict with contractual agreements and may affect contractual performance (e.g. early contract termination or cost implications). Where this is not already contractually regulated, we will notify you in advance.
The exercise of your rights requires that you prove your identity (e.g. with a copy of your ID if your identity cannot be determined in any other way). Should this result in any costs for you, we will notify you in advance.
If you are affected by the processing of your personal data, you are entitled to enforce your rights through a court or to submit a complaint to the relevant supervisory authority. The relevant supervisory authority in Switzerland is the Swiss Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
Amendments
We are entitled to make amendments to this Privacy Policy at any time without prior notice. The version currently displayed on our website applies.
Individual data processing activities
Provision of website and creation of log files
When you visit our website, the provider of the pages automatically collects and saves information in so-called service log files which your browser transmits to us. This information includes:
- Server name
- IP address
- Operating system
- Device type
- Browser name and version
- Date and time of server request
This data cannot be assigned to an identified person, nor is it merged with other data sources. Log files are stored in order to guarantee the functionality of the website and to ensure the security of our IT systems. This constitutes our legitimate interest pursuant to Art. 6 (1) (f) GDPR.
Data is only stored for as long as is necessary to fulfil the purpose of being collected. It is deleted accordingly once you close the session. Storing log files is essential for the operation of the website, and you therefore do not have the option to contest this.
Use of cookies
Our website uses cookies. Cookies are text files that are stored in your device’s operating system via your browser whenever you visit our website. Cookies are not harmful to your computer and do not contain any viruses.
Most of the cookies that we use are so-called “session cookies”. These are automatically deleted after your visit has concluded. Other cookies remain stored on your device until you delete them. These cookies allow us to identify your browser the next time you pay a visit. This allows us to save certain settings (e.g. language settings or location details) so that you do not have to enter these again the next time you visit our website.
We use cookies to ensure that our website is user-friendly, effective and secure. The use of cookies and the processing of your data in this regard take place on the legal basis of our legitimate interest in fulfilling the above purposes pursuant to Art. 6 (1) (f) GDPR.
Right to object
The cookies are stored on your computer. You therefore have full control over the use of the cookies. You can delete them completely or you can disable or limit them by changing your browser settings. If you disable cookies for our website, you may not be able to enjoy the website’s full functionality.
Use of Matomo
We use the web analysis software Matomo (www.matomo.org) on our website; this is a service provided by InnoCraft Ltd., 150 Willis Street, 6011 Wellington, New Zealand (“Matomo”). Pseudonymised user profiles can be created and evaluated with Matomo. Cookies can be used in this instance (see cookie information above). Among other things, the cookies enable the internet browser to be recognised again in the future. The data collected using Matomo technology (including your pseudonymised IP address) is processed on our servers.
The information generated by the cookie in the pseudonymous user profile will not be used to personally identify the visitor of this website and will not be merged with personal data relating to the bearer of the pseudonym.
Matomo is used for the statistical analysis of user behaviour for optimisation and marketing purposes. In this case, too, these are our legitimate interests pursuant to Art. 6 (1) (f) GDPR which serve as the legal basis for data processing.
Right to object
You can prevent the storage of cookies and therefore the analysis by Matomo by adjusting your browser settings.
Use of Google Web Fonts
For the standardised display of fonts, we use what are known as web fonts provided by Google (Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website. When you access one of our web pages, your browser loads the necessary web fonts to your browser cache in order to correctly display texts and fonts.
To this end, the browser you are using establishes a connection to the Google servers. This alerts Google to the fact that your IP address is connected to our website. Google Web Fonts are used in the interest of maintaining a standardised and attractive website. These are our legitimate interests which serve as the legal basis for data processing pursuant to Art. 6 (1) (f) GDPR.
If your browser does not support web fonts, a standard font will be used by your computer.
More information on Google Web Fonts is available at https://developers.google.com/fonts/faq. You can also read Google’s privacy policy here as well as the standard contractual clauses used by Google for transmitting data to a third country.
reCAPTCHA
We use the “reCAPTCHA” service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA on our website in order to establish whether a form provided on the website has been completed by a natural person or fraudulently by an automated machine-operated process.
The following data is provided to Google for this purpose:
- Referrer URL (address of the site previously accessed by the visitor)
- IP address
- Information about the operating system
- Cookies
- Mouse and keyboard behaviour
- Date and language settings
- All JavaScript objects
- Screen resolution
We use reCAPTCHA to prevent functions on our website from being fraudulently used for spam, by a bot or in some other way. These are our legitimate interests pursuant to Art. 6 (1) (f) GDPR which serve as the legal basis for data processing. More information about reCAPTCHA is available at https://developers.google.com/recaptcha/. An overview of how Google uses data is available at https://policies.google.com/privacy?hl=de&tid=231560237376.
If you wish to prevent data about your behaviour from being sent to Google, you must log out of Google before you visit our website and delete all Google cookies. You can request that Google delete the data on their side by contacting Google Support at https://support.google.com/?hl=de&tid=231560237376.
More information: You can read Google’s privacy policy here as well as the standard contractual clauses used by Google for transmitting data to a third country.
Comment function
You can comment on certain contributions on our website. If you use this function, we will save your IP address. We do this so that we can, if applicable, identify you at a later stage. If your comment violates the applicable law, this could have legal ramifications for us. We therefore have an interest in storing the IP address. Accordingly, our legitimate interests pursuant to Art. 6 (1) (f) GDPR serve as the legal basis.
Contact form
You can use the electronic contact form on our website to contact us. The data you specify in the input mask, e.g. name, email address etc., is transmitted to us and stored.
The sole purpose of the data you provide is to process your request. The implementation of pre-contractual measures pursuant to Art. 6 (1) (b) GDPR and our legitimate interests in processing the request pursuant to Art. 6 (1) (f) GDPR serve as the legal basis.
We will only store your data for as long as is necessary to process your request or for as long as we are required to do so by law.
Contact by email
You can also contact us by email. If you contact us by email, the following data will be processed:
- Email address
- Content of your email
- Subject of your email
- Date
- Contact details specified by you (e.g. first/last name, phone number, address)
The information you provide is stored in order to respond to your query and any follow-up questions. Pre-contractual measures pursuant to Art. 6 (1) (b) GDPR and/or our legitimate interests in processing the request pursuant to Art. 6 (1) (f) GDPR serve as the legal basis.
We will only store your data for as long as is necessary to process your request or for as long as we are required to do so by law.
Please note that unauthorised parties may intercept and alter emails before they reach their intended recipient. The spam filter can reject emails if they are identified as spam based on certain characteristics.
Newsletter subscription
You can subscribe to our free Puzzle ITC newsletter via our website. The newsletter provides you with information about the latest news, events and offers relating to Puzzle ITC and Puzzle Mobility. When you subscribe to the newsletter, the data you specify in the input mask, e.g. email address, is transmitted to us and stored.
You will only be subscribed to our newsletter after receiving an email containing a link to confirm your email address. This is required to ensure that no one else subscribes with a different email address.
Your email address is collected in order to add you to the newsletter distribution list. Additional personal data may be collected for the purpose of preventing misuse of the services or the email address provided. By subscribing to our newsletter, you give your consent to data processing in the context of distributing the newsletter. You hereby agree that a newsletter may be sent to the specified email address on a regular basis and that usage behaviour may be statistically evaluated in order to optimise the newsletter. Your consent pursuant to Art. 6 (1) (a) GDPR therefore serves as the legal basis. We are entitled to share your data with third parties for the purpose of technically processing the newsletter.
The data you communicated to us when registering for our newsletter will be stored for the period in which you remain a subscriber to said newsletter. If you decide to unsubscribe from our newsletter, your data will be stored for as long as is necessary to confirm this request.
Right to object
You can revoke your consent to receive the newsletter at any time with future effect and unsubscribe by clicking on a link in the newsletter. As a result, you will no longer receive newsletter emails in the future.
Privacy Policy of Puzzle Mobility – version from January 2022'