GTC & data protection policy for the website (exclusively according to Swiss DSG)

Protecting the privacy of our users is important to us. In this privacy policy, we inform users about what personal data is processed in connection with the use of this website. In addition, the nature, scope and purpose of the collection and use of personal data by Invethos AG of this website is explained.

By using our website and our services and products, users agree to this privacy policy.

Invethos AG (hereinafter referred to as the "Provider") undertakes to process all personal data collected via this website in accordance with the applicable data protection regulations and to implement appropriate security measures to protect such data from unauthorized access.

1. identity and contact details of the provider

The provider in the sense of the data protection legislation is:

Invethos AG, Taubenstrasse 8, 3001 Bern, Switzerland.

The provider determines the purposes and means of processing and is therefore responsible for the processing and use of personal data. Any questions or concerns regarding this privacy statement or the processing of personal data can be directed to info@invethos.ch at any time.

2. terms

a) personal data

The following statements refer to the processing of personal data of natural persons. Personal data is information that relates to an identified or identifiable natural person. Personal data includes all data that allows identification, such as name, e-mail address, date of birth or telephone number. Data about preferences, memberships or which websites have been viewed by users are also personal data.

b) data processing

The term "data processing" refers to any handling of personal data, regardless of the means and procedures used, in particular the acquisition, storage, retention, use, modification, disclosure, archiving, deletion and destruction of data.

The provider collects and processes personal data carefully and for the purposes described in this privacy policy. Personal data will only be collected, used and disclosed by the provider if this is permitted by law, if the user consents to the collection of data or if there is an overriding interest of third parties. The provider makes every reasonable effort to collect or process information in anonymous or pseudonymous form so that the identity of the user is not identifiable.

3. collection of personal data and purposes of data processing

a) Personal data provided by the user to the provider

When contacting the provider (e.g. via contact form or e-mail), the information provided by the user will be stored for the purpose of processing the request and in the event that follow-up questions arise.

The provision of this personal data is expressly on a voluntary basis.

The provider uses the personal data provided to the users for the following purposes:

•  to provide, maintain, protect and optimize the services and information offered;
•  to communicate with the users and to provide them with the best possible and personalized information that the user requires from the provider (e.g. about products and services);
•  to offer new services and information to Users and, based on the profile of Users, to propose customized services and information that may be of interest to Users;
•  to comply with legal and other regulatory requirements and internal rules;
•  to establish, exercise and/or defend actual or potential legal claims, investigations or similar proceedings; for other lawful purposes if such processing is evident from the circumstances or was indicated at the time of collection.

b) Access data/server log files

The provider collects data about each access to the website (so-called server log files).

The access data includes:

• name of the accessed website, file(s)
• date and time of access
• amount of data transferred
• message about successful retrieval
• browser type and version of the user's operating system
• referrer URL (the previously visited page) and exit pages
• IP address and the requesting provider
• location data (especially when using mobile devices)
• Information on interaction between pages (e.g. scrolling, clicking, mouseovers)

The provider uses the log data only for statistical analysis for the purpose of operation, security and stability of the system and optimization of the offer. This personal data is not merged with other personal data. They are stored separately from any other personal data transmitted by the user. However, the provider reserves the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete indications.

4. Recipients of personal data

The Provider shall take the necessary measures to ensure that only authorized employees or auxiliary persons who have the necessary knowledge have access to personal data in order to fulfill the purposes for which the personal data is collected.

The provider is entitled to disclose the User's personal data to the following possible recipients or categories of recipients in accordance with the purposes and basis of processing described above, insofar as this is intended for the intended data processing:

• experts and other service providers of the provider within the scope of an inquiry.
• service providers who process the personal data on behalf of and on the instructions of the provider (so-called contract processors, e.g. in the areas of IT, hosting and support)
• other business partners and auxiliary persons (e.g. lawyers)
• authorities, official agencies, courts or other state institutions
• social media
• other parties in potential or actual legal proceedings

The provider shall ensure that its business partners and contract processors have suitable organizational and technical measures in place to comply with the provisions of data protection law.

5. transfer of personal data abroad

The provider may disclose personal data abroad. In doing so, the countries concerned or the international body must guarantee an adequate level of data protection (so-called adequate level of data protection).

If personal data is transferred to countries that do not have an adequate level of data protection, the provider shall ensure adequate data protection by taking appropriate precautions to comply with data protection law (e.g. contractual guarantees through data protection clauses).

6. cookies

This website uses cookies. Cookies are small files that enable specific information related to the device to be stored on the user's access device (PC, smartphone or similar). On the one hand, they serve the user-friendliness of websites and thus the users (e.g. saving the selected language). On the other hand, they are used to collect statistical data on website usage and to be able to analyze this data for the purpose of improving the offer. Users can influence the use of cookies. Most browsers have an option that can be used to restrict or completely prevent the storage of cookies. However, it should be noted that the use and especially the comfort of use will be limited without cookies.

7. integration of services and contents of third parties

Within this website, third-party content, such as videos from YouTube, maps from Google Maps, Google Web Fonts, RSS feeds, spam protection via reCAPTCHA or graphics from other websites may be integrated. This requires that the providers of this content (hereinafter referred to as "third-party providers") know the IP address of the user. Without an IP address, no connection would be possible and therefore the content could not be displayed in the browser of the respective user. The IP address is required for the display of this content. The provider endeavors to use only such content whose respective providers use the IP address only for the delivery of the content. However, the provider cannot influence if the third-party providers store the IP address and other information, e.g. for statistical purposes.

8. Google Maps

This website uses the product Google Maps from Google Inc. By using this website, the user agrees to the collection, processing and use of automatically collected data by Google Inc., its representatives and third parties. The terms of use can be found under "Terms of use of Google Maps".

9. Google Analytics

This website uses the service "Google Analytics", which is offered by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), to analyze website usage by users. The service uses "cookies" - text files that are stored on the end device of the user. The information collected by the cookies is usually sent to a Google server in the USA and stored there.

This website uses IP anonymization. The IP address of the user is shortened within the member states of the EU and the EEA. This shortening eliminates the personal reference of the IP address. As part of the agreement on order data, which the website operator has concluded with Google Inc., Google Inc. uses the collected information to evaluate website usage and website activity and provides services related to internet usage.

Users have the option of preventing the storage of cookies on their devices by making the appropriate settings in the browser. It is not guaranteed that users will be able to access all functions of this website without restrictions if their browser does not allow cookies.

Furthermore, users can use a browser plug-in to prevent the information collected by cookies (including the IP address) from being sent to and used by Google Inc. The following link leads to the corresponding plugin: tools.google.com/dlpage/gaoptout.

Here is more information on data usage by Google Inc.: support.google.com/analytics/answer/6004245

10. Microsoft Clarity

This website uses "Microsoft Clarity". Clarity makes it possible to analyze user behavior. A log of mouse movements and clicks is created in order to derive potential improvements for the offer. The information collected is transmitted to Clarity and stored there.

Further information about Clarity and the data collected with it is available per Clarity's data protection notice.

11. social media plug-ins

The Provider uses the social media plug-ins listed below on its website in order to share knowledge on the one hand and to make its company better known on the other. The responsibility for data protection-compliant operation is to be ensured by the respective external provider. Data processing in connection with these plug-ins takes place with the consent of the user when using the plug-ins.

If the users use the services of these social networks independently of or in connection with this website, they evaluate the use of the plug-in. In this case, information about the plug-in will be forwarded to the social networks.

LinkedIn

Plug-ins of the social network LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA, are installed on this website. The LinkedIn plug-in is recognizable to users by the LinkedIn logo.

When a page of the provider's homepage containing such a plug-in is called up, a direct connection is established between the user's browser and the LinkedIn server. LinkedIn thereby receives the information that the user has visited the provider's website with their IP address. By clicking on the LinkedIn button, users can link the provider's content to their LinkedIn profile while logged into their LinkedIn account. This allows LinkedIn to associate the visit to the provider's website with the user account of the user. The provider has no knowledge of the content of the transmitted data or its use by LinkedIn. Further information can be found here: www.linkedin.com/legal/privacy-policy.

12. e-mail and newsletter for advertising purposes

If Users register for the Provider's newsletter, the Provider uses the respective e-mail address to send information about its products and services as well as other commercial communications (e.g. announcements of events, competitions and surveys) that may be of interest to Users. Users may unsubscribe from such e-mails at any time by clicking on the highlighted "Unsubscribe" link or by sending an e-mail directly to the provider at the e-mail address listed in section 1.

13. retention period

In principle, personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. A longer retention period is permissible if this is necessary to fulfill legal, contractual or pre-contractual obligations or legitimate business interests of the provider (e.g. legal retention and documentation obligations, in connection with the assertion, exercise or defense of legal claims).

Specifically, personal data is retained on this basis as follows:

• The personal data transmitted by Users to the Provider in connection with the use of services and products such as contact forms or e-mails (cf. point 3a) are stored by the Provider until the purpose of the data storage no longer applies (e.g. after the processing of the request has been completed), the User requests the Provider to delete the data or revokes the consent to storage.
• The personal data automatically transmitted by users as a result of using this website (see point 3b)) will be deleted within 3 to 6 months.
• For contract-related personal data (including business documents and communications), the Provider shall store the business documents for as long as the contractual relationship exists, and thereafter for a further ten years after termination of the contractual relationship, unless in individual cases a shorter or longer statutory retention period applies, retention is required for reasons of evidence or for another valid reason under applicable law, or deletion of the data is required earlier (e.g. because the data is no longer required or the Provider must delete the relevant data).

14. rights of the users

Users may assert their claims against the Provider at any time based on the provisions of data protection law. In particular, users have the right to receive information from the provider free of charge about their personal data that has been processed. Users also have the right to have incorrect data corrected and to have their personal data deleted, provided that there is no legal or contractual obligation to retain the data.

Users are entitled to report violations of data protection regulations to the Federal Data Protection and Information Commissioner (FDPIC).

15. changes to the privacy policy

The provider reserves the right to adapt, supplement or otherwise change this data protection declaration at any time and without stating reasons. The current data protection statement as published on the portal shall apply.

Legal information

Invethos AG
Taubenstrasse 8
Postfach 3001 Bern
Tel: +41 (0)31 311 87 11
Mail  info@invethos.ch