Data Protection Notice

WOMO Schweiz AG, c/o Fidinter Treuhand AG, Bellerivestrasse 203 - 8008 Zürich, Switzerland ("WOMO Schweiz AG", "we") attaches great importance to data protection, data security and the responsible handling of personal data. The processing of personal data carried out by us follows, in most cases, the provisions of the Swiss Federal Data Protection Act (DPA) and the respective Ordinance (DPA). For some occasional processing activities, the provisions of the European General Data Protection Regulation (GDPR) may also apply directly.

In this Data Protection Notice we describe how we collect and process personal data (information about an individual, which directly or indirectly identifies him or her) when you visit our website, use our applications, comment on our blog posts, enter into contracts with us, use our services or deal with us for any reason.

In some cases, we may process data on behalf of our customers (for example with links or use of third-party platforms). In this regard, we act exclusively as an intermediary for the processing of data for which the customers themselves are responsible as owners. If you have any questions about data processing or want to exercise your data protection rights, you can consult the respective information.
 

 

  1. What categories of data we process

We process different categories of personal data concerning you. The main categories are as follows:

Master data : This is basic data, e.g. name, contact data, personal data, photos, customer history, proxies, declarations of consent, your relationship with us (e.g. customer, supplier, partner) and information about third parties (e.g. contact persons).

Contractual data: This is data related to the provision of our services (e.g. for support or when purchasing our products in the online shop) and in general to the conclusion and performance of contracts (with customers, suppliers, service providers, partners, etc.), e.g. contractual services that we are obliged to offer you, or that you are obliged to offer us, data relating to the provision of services, data from the period prior to the conclusion of the contract (e.g. references), feedback information (e.g. satisfaction data) and financial data (e.g. payment information, but also creditworthiness data).

Communications data: This is data related to communications between us and you and with third parties (e.g. by e-mail, telephone, paper mail or other means of communication), e.g. the content of e-mails or letters or your comments on our blog posts, your contact details and communication metadata as well as audio recordings of phone calls.

Registration data: This is data that we collect as part of a registration (e.g. website, app, newsletter), competitions or the redemption of vouchers, or that you provide us with yourself (e.g. user name, e-mail). This also includes access data related to access controls.

Technical data: This is data related to the use of our electronic offers (e.g. website), e.g. IP address, information about the device's operating system, region and time of use. In principle, technical data does not allow the identity of users to be traced.

Behaviour and preference data: This is behaviour and preference data (e.g. reactions to electronic communications, website navigation, interactions with our social media profiles, participation in competitions or events, etc.); possibly supplemented with third-party data (also from publicly accessible sources). The tracking aspect is dealt with in the section 'How we use cookies, other tracking technologies and social media plug-ins'.

Other types of data: These are in particular data related to administrative or judicial proceedings (e.g. deeds, evidence, etc.), data collected as part of health protection measures (e.g. security solutions), data or access rights (e.g. visitor registers), participation in events.
 

 

  2. Where we collect your personal data

Users: You yourself provide us with much of the above data (e.g. in connection with services we provide to you or your employers or principals or communications with us). You are not obliged to disclose the data, with exceptions in individual cases (e.g. legal obligations). However, if you wish, for example, to enter into contracts with us or request our services, it is necessary for you to provide us with certain data.

Third parties: We may also extract data from publicly accessible sources (e.g. debt enforcement registers, land registers, business registers, media or the Internet, including social media) or receive them from third parties (e.g. credit agencies, address management companies, associations, contractual partners, Internet analysis services). This type of data includes in particular the following categories: master data, contractual data and other types of data, as well as all other data categories mentioned above and data from correspondence and meetings with third parties. If you cooperate with an employer, principal or other person who has a business or other relationship with us, it is also possible that your data will be accessed via this person.
 

 

   3. Purpose of collecting and processing your personal data

In principle, we collect and process your personal data for the following purposes in particular:

Operation of our website: You can visit our website and inform yourself about our services without sharing your identity with us. However, in order to ensure the secure and stable operation of our website, we collect technical data that at least allows us to identify you in the future. We also use cookies and similar technologies (see below).

Conclusion, processing and execution of contracts: We process personal data as part of the provision of our services (e.g. if you fill in registration, order or contact forms on our website, place an order via our online shop, request information about our offers and services via telephone or communication app or contact our support, via the communication services of WOMO Schweiz AG or third-party providers). This processing relates not only to the conclusion and execution of contracts with our customers, but also with our suppliers, service providers, project partners and other parties. This includes, among other things, processing for the purpose of verifying creditworthiness, consultancy, customer care and the provision and requesting of contractual services (which also includes third parties), as well as the assertion of legal claims arising from contracts (debt collection, legal proceedings, etc.), accounting, contract termination and public communications.

Communications: We process your data for the purpose of being able to communicate with you (e.g. to answer questions, in the context of advice and contract performance). We collect additional data (e.g. a copy of an identity document) if we need to establish your identity or are required to do so.

Marketing and relationship management purposes: We process data for marketing and relationship management purposes, e.g. to send personalised advertisements about our products and services and other news to our customers, other contractual partners and other interested parties (e.g. by e-mail or other electronic channels), in connection with free services (e.g. trial access, invitations, vouchers) or as part of individual marketing campaigns. You may refuse such contact, or refuse or revoke your consent to contact for advertising purposes, at any time by sending a message to the address below.

Market research, improvement of our services and activities and product development: In order to continuously improve our products and services (including our website and other electronic offers), we analyse e.g. how you navigate our website or which products are used by which groups of people and in what way.

Registration: In order to be able to take advantage of certain offers and services (e.g. login areas, newsletters), you must register (directly with us or via our external providers). We process your data for this purpose. In addition, further personal data may be collected about you during the use of the offer or service.

Security purposes and technical and physical access controls: We process your data in order to continuously improve the appropriate level of security of our IT infrastructure and other infrastructures we own (e.g. buildings). For example, for monitoring, analysis and testing of our IT infrastructure, for system and error checks, for documentation purposes and to make backup copies. Access controls include on the one hand access control to electronic systems (e.g. logins to user accounts) and on the other hand also physical access controls. For security reasons (accident prevention and resolution) we keep logs of access and visitors, in which we record the name of the person in question and the time of the visit.

Compliance with laws, provisions and recommendations of authorities and internal regulations ('compliance') : We may process personal data in order to comply with laws (e.g. to combat money laundering, to comply with tax obligations or to implement health and safety solutions). Data processing may also take place in the course of internal and external investigations (e.g. by a law enforcement or supervisory authority or a designated private body). Legal obligations may relate to Swiss law, but also to regulations of foreign countries to which we are subject, as well as to self-regulation, industry standards, our corporate governance and official regulations and requirements.

Risk and company management: We may process personal data within the scope of risk management (e.g. for protection against criminal activities) and company management, which also includes our company organisation (e.g. resource planning) and company development (e.g. purchase and sale of plants or the company).

Further purposes: Further other purposes include, for example, training and education purposes, administrative purposes (e.g. accounting), protection of our rights and evaluation and improvement of internal processes. Telephone calls may be recorded for training and quality control purposes. In these cases, the data processing will be specifically notified (e.g. by means of a notice at the beginning of the phone call) and you will have the opportunity to stop the communication. Generally, such records may only be made and used in accordance with our internal guidelines. The protection of other legitimate interests is also a further purpose that cannot be listed exhaustively.
 

 

  4. The legal bases of our processing of your personal data

If the GDPR applies, the basis for processing is as follows, depending on the situation and the purpose of processing:

Contract: Insofar as we process data for the conclusion and execution of contracts that we enter into or have entered into for you, with you or with your employer, principal or other parties with whom you cooperate, such a contract is the legal basis for the relevant data processing.

Legal obligations: We are also permitted to process your data according to applicable legal, regulatory and ethical requirements that we are required to comply with.

Legitimate interest: We are permitted to process your data on the basis of our legitimate interest or the legitimate interest of third parties. This applies in particular with regard to the achievement of the purposes and objectives set out in the section "Purposes of the collection and processing of your personal data" and the implementation of related measures. Among other things, we have a legitimate (and overriding) interest in the marketing of our products and services and in gaining a better understanding of the markets relevant to us and of our activities (in particular, for the efficient and safe operation of our processes and the further development of our business), in the efficient and effective management of our company, in maintaining the security of our systems and in protecting our interests vis-à-vis third parties.

Consent: When we request your consent to the processing of data, this consent constitutes the legal basis on which we process it. When you give your consent, we inform you about the purpose of the processing. You may withdraw your consent at any time by sending us a written notice (by post or, unless otherwise specified or agreed, by e-mail) with effect for the future. Once we have received and processed your notice of withdrawal of consent, we will no longer process the data for the purposes to which you originally consented (unless another legal basis allows processing instead).

Other legal bases: In specific cases, we are also permitted to process your data on other legal bases. If this circumstance arises, we will inform you about this on a case-by-case basis.
 

 

   5. How profiling is regulated

We automatically evaluate ('profile') some of your personal characteristics for the purposes set out in the chapter 'Purposes of collecting and processing your personal data' on the basis of your data if we want to derive preference data and carry out statistical evaluations. Profiles may also be created for the same purposes.
 

 

   6. How we process and protect your personal data, how long we keep them

We collect and process your personal data reliably and responsibly. To this end, we take appropriate security measures to maintain the confidentiality, integrity and availability of your personal data, to protect it from unauthorised or unlawful processing and to counter the risks of loss, unintentional modification, unwanted disclosure or unauthorised access. In general, however, security risks cannot be completely excluded and some degree of residual risk is unavoidable.

We only retain personal data for as long as is necessary to fulfil the purposes for which it was collected, where we have a legitimate interest in retaining it, are required to do so by law or where retention is necessary for technical reasons. Unless there is a legal or contractual obligation to the contrary, we will delete or anonymise your data at the end of the storage or processing period as part of our usual processes.

In order to guarantee the confidentiality, integrity and availability resulting from the personal data contract, we take appropriate technological and organisational measures. We implement, in accordance with our risk assessment, access controls and procedures for evaluating, weighting and periodically verifying the effectiveness of these measures.

If there are no legal storage provisions in the specific case, we usually process personal data for the duration of the business relationship or contractual period and thereafter, depending on the applicable legal basis, for a further five or ten years or for an even longer period. This corresponds to the period within which we can assert legal rights against third parties or third parties can assert them against us. Ongoing or planned legal proceedings may result in processing exceeding this period.
 

 

   7. To whom we pass on your personal data

For the purpose of the fulfilment of the contract, for the protection of our interests or in order to comply with legal requirements, it may be necessary for us to pass on your personal data to the following categories of recipients: group companies, contractual partners, registration organisations, third-party service providers, information agencies, address management companies, debt collection agencies, communication service providers or authorities and judicial bodies as well as other parties, insofar as this is necessary for the fulfilment of the purposes described above, e.g. third parties in connection with representative relationships (e.g. your lawyer or your bank).

For the above-mentioned purposes, it is also possible that your personal data may be passed on to our third-party service providers, who process your data on our behalf or under shared responsibility with us, or receive data about you from us under their own responsibility.

For the purposes of address verification, creditworthiness or debt collection, your personal data may, to the extent necessary for this purpose and in the manner described above, be passed on to information agencies, address management companies or debt collection companies.

If we are requested to do so by judicial bodies or authorities, we will share your personal data with them or with third parties.
 

 

   8. When we disclose your personal data abroad

We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but in exceptional cases - e.g. through subcontractors of our service providers - potentially in all countries of the world.

If a recipient is located in a country where data protection is inadequate, we contractually oblige the recipient to comply with an adequate level of data protection (we use the new version of the European Commission's standard contractual clauses for this purpose, available at eur-lex.europa.eu including the necessary additions for Switzerland), insofar as the recipient is not already obliged to comply with a legally recognised data protection regulation and we cannot rely on an exception provision. Such an exception may, for example, be given in the case of legal proceedings abroad, as well as in cases of overriding public interest, if the performance of a contract that is in your interest requires such disclosure (e.g. if we share the data with our offices), if you have given your consent or it is not possible to obtain your consent within a reasonable period of time and disclosure is necessary to protect your life or physical safety or that of third parties, or if it concerns data that you have made generally accessible and to the processing of which you have not objected.
 

 

   9. Your rights over your personal data

You have certain rights in relation to our data processing. Depending on the applicable legislation, you can, in particular, request information on the processing of your personal data, the correction of incorrect personal data, the deletion of your personal data, object to the processing of your personal data (although this right to object applies in particular, but not exclusively, to the processing of data for direct marketing purposes), request the release of certain personal data in a commonly used electronic format or its transmission to other data controllers, or withdraw your consent, insofar as our processing is based on your consent.

Please note that exceptions or limitations apply to these rights. In particular, we must in some cases process and store your personal data in order to fulfil our contractual obligations to you, to protect legitimate interests of our own, such as the appeal, exercise or defence of rights, or to comply with legal obligations. Where permitted by law, in particular in the context of protecting the rights and freedoms of other data subjects, as well as for the protection of our own legitimate interests (e.g. interests of confidentiality and security and the consideration of our business possibilities and resources), we may therefore also reject your requests regarding the protection of your data, e.g. requests for access and deletion, or honour them only to a limited extent. However, you have the right to lodge a complaint with the competent supervisory authority.
 

 

   10. How we use cookies, other tracking technologies and social media plug-ins

With the use of our website (including the newsletter and other digital offers), data is generated and stored in log files (in particular technical data). Cookies and similar technologies (e.g. pixel tags or fingerprinting) may be used to recognise visitors to the website, assess their behaviour and identify their preferences. A cookie is a small file, which is shared between the server and the user's system and makes it possible to recognise a specific device or browser.

You can set your browser to automatically reject, accept or delete cookies. You can also disable or delete cookies in specific cases. To understand how to manage cookies in your browser, you can consult the relevant help menu of your browser.

Usually, neither the technical data we collect nor the cookies contain personal data. However, personal data stored by us or by third-party providers commissioned by us (e.g. if you have a user account with us or with such providers) can be linked to the technical data or information stored and obtained by cookies and thus possibly to your person.

We also use social media plug-ins, which are small software modules that establish a link between your visit to our website and a third-party provider. The social media plug-in tells the third-party provider about your visit to our website and may transmit cookies to it, which it has previously placed on your web browser. For more information on how these third-party providers use your personal data collected via the social media plug-ins, you can refer to their respective data protection notices.

On our website we also make use of personal tools and services of third-party providers (who in turn may use cookies), in particular to improve the functionality or content of our website (e.g. integration of videos or maps), to produce statistics and to show advertisements.

At present, we may use the offers of the following service providers and advertising partners, so you can find their contact details and further information on the individual data processing activities in the respective data protection notice:

Google Analytics
Supplier: Google Ireland Ltd.
Data Protection Policy

Some of the third-party providers we rely on may be located outside Switzerland. Information on the disclosure of data abroad can be found in the section 'If we disclose personal data abroad'. Within the meaning of data protection regulations, they are partly "only" order processors on our part and partly responsible bodies. Further information on this can be found in the data protection notices.
 

 

   11. How we process personal data on our social network pages

We operate pages and online presences in other forms on social networks and other platforms operated by third parties and, in this context, process data about you. In this context, we receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). Platform providers may analyse your usage and process this data together with other data held about you. They also process this data for their own purposes (e.g. for marketing and market research purposes and for the operation of their own platforms) and act as their own data controllers in this respect. For further information on data processing by the platform operators, please refer to the data protection declarations of the respective platforms.

We currently use the following platforms, for which you can find the identity and contact details of the platform operator in the respective data protection notice:
Facebook | www.facebook.com | Data Protection Policy
Twitter | www.twitter.com | Data Protection Policy
Instagram | www.instagram.com | Data Protection Policy
Tiktok | www.tiktok.com | Data Protection Policy
LinkedIn | www.linkedin.com | Data Protection Policy
 

 

   12. How you can contact us

If you have any questions about the data processing described in this Data Protection Notice, you can contact us using the e-mail: dpo.bullfrog@percassi.com

If you wish to assert your applicable data protection rights against us or, in general, if you have any questions regarding data protection operated by WOMO Schweiz AG, please contact dpo.bullfrog@percassi.com.

WOMO Schweiz AG
c/o Fidinter Treuhand AG, Bellerivestrasse 203
8008 Zürich, Switzerland
VAT ID: CHE-245.681.673

Owner contact e-mail: privacy@percassi.com
 

 

   13. How we can make changes to this data protection notice

We reserve the right to amend this Data Protection Notice at any time. The valid version is the one published on our website.

Latest update: August 2023