Skip to main content

Data Protection Declaration

 

1. What is the subject of this data protection declaration?

evalyse GmbH (LLC) (hereinafter also referred to as “we” or “us”) collects and processes personal data relating to you or other persons (so-called “third parties”). We use the term “data” in this data protection declaration for communication, contract and technical data (defined in Section 3).

In it, we describe what we do with your technical data when you use www.evalyse.ch, other of our websites or our apps (hereinafter collectively referred to as “website”), purchase our services or products, are otherwise connected with us under a contract, communicate with us or otherwise have dealings with us. We may, from time to time, provide you with written notice of additional processing activities not mentioned in this privacy policy. In addition, we may separately notify you about the processing of your information, e.g. in declarations of consent, contract terms, additional data protection declarations, forms and notices.

This data protection declaration is designed to meet the requirements of the EU General Data Protection Regulation (“GDPR”) and the Swiss Federal Act on Data Protection (“FADP”). However, whether and to what extent these laws are applicable depends on the individual case.

 

2. Who is responsible for processing your personal information?

For the processing of technical, communication and contract data of evalyse GmbH (LLC) described in this data protection declaration, the company itself is responsible under data protection law, unless otherwise is communicated in individual cases.

You can contact us regarding your data protection concerns and the exercise of your rights in accordance with Section 11 as follows:

evalyse GmbH
Trottenstrasse 98
8037 Zurich

vera.herrmann@evalyse.ch

 

3. What information about you do we process?

We process various categories of information about you. The most important categories are as follows:

Technical data: When you use our website or other electronic services, we collect the IP address of your device and other technical data to ensure the functionality and security of these services. This data also includes logs in which the use of our systems is recorded. We generally retain technical data for 6 months. To ensure the functionality of these offers, we may also assign you or your end device an individual code. The technical data in itself does not allow any conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls or the processing of contracts, they may be linked to other data categories (and thus possibly to you).

Communication data: If you are in contact with us via the contact form, by email, telephone, letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the marginal data of the communication. If we want or need to establish your identity, we collect data to identify you (e.g. a copy of an ID card). We usually keep this data for 12 months from the last exchange with you. This period may be longer if necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons. E-mails in personal mailboxes and written correspondence are usually kept for at least 10 years.

Contract data: This is data that is collected in connection with the conclusion or execution of a contract, e.g. information about contracts and the services to be provided or that have been provided, as well as data from the period prior to the conclusion of a contract, the information required or used for the execution and information about reactions. We generally collect this data from you, from contractual partners and from third parties involved in the execution of the contract, but also from third-party sources (e.g. providers of creditworthiness data) and from publicly accessible sources. We generally store this data for 10 years from the last contractual activity, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements, or for technical reasons.

Much of the data mentioned in this Section 3 is provided by you (e.g. via forms, in the context of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, except in certain cases. If you wish to conclude contracts with us or claim services, you must also provide us with data as part of your contractual obligation in accordance with the relevant contract, in particular master, contract and registration data. When using our website, the processing of technical data is unavoidable.

Where this is not impermissible, we also obtain data from publicly accessible sources or receive data from authorities and other third parties.

 

4. For what purposes do we process your data?

We process your personal, communication and technical data for the purposes explained below. These purposes and the underlying objectives represent our legitimate interests.

We process your communication data for purposes related to our communication with you, in particular to answer your questions and to assert your rights and to contact you in case of further inquiries. We store your data to document our communication with you, for training purposes, for quality assurance and for further inquiries.

 

5. On what basis do we process your data?

If we ask you for your consent to certain processing, we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time with effect for the future by written notification (by post) or, unless otherwise stated or agreed, by e-mail to us; you will find our contact details in Section 2.

Where we do not ask you for your consent to process your information, we base the processing of your information on the fact that the processing is necessary for the initiation or execution of a contract with you (or the entity you represent) or that we or third parties have a legitimate interest in doing so, in particular in order to pursue the purposes and related objectives described in Section 4 above and to be able to implement appropriate measures. Our legitimate interests also include compliance with legal requirements, insofar as this is not already recognized as a legal basis by the applicable data protection law.

In individual cases, other legal grounds may apply, which we will communicate to you separately if necessary.

 

6. What applies to profiling and automated individual decisions?

We may automatically evaluate certain of your personal characteristics for the purposes set out in Section 4 on the basis of your data (Section 3) (“profiling”) if we want to determine personal preferences, but also to identify abuse and security risks, to carry out statistical analyses or for operational planning purposes. We may also create profiles for the same purposes, i.e. we may combine information and contract data and technical data associated with you in order to better understand you as a person with your various interests and other characteristics.

In both cases, we pay attention to the proportionality and reliability of the results and take measures against the improper use of these profiles or profiling. If these could have legal consequences or significant disadvantages for you, we generally provide for a manual review.

 

7. To whom do we disclose your information?

We do not disclose information about you to third parties in connection with our contracts, website, services and products, our legal obligations or otherwise to protect our legitimate interests and the other purposes listed in Section 4.

 

8. How long do we process information about you?

We process your information for as long as required for our processing purposes, the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes, or if storage is necessary for technical reasons. Further information on the respective storage and processing periods can be found in the individual data categories in Section 3 and in the cookie categories in Section 12. If there are no legal or contractual obligations to the contrary, we will delete or anonymize your information after the storage or processing period has expired as part of our usual processes.

 

9. How do we protect your data?

We take appropriate security measures to maintain the confidentiality, integrity and availability of your personal information, to protect it against unauthorized or unlawful processing and to counter the risks of loss, unintentional alteration, unintentional disclosure or unauthorized access.

 

10. What rights do you have?

To make it easier for you to control the processing of your personal, communication and technical data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:

  • The right to request information from us as to whether and which of your data we process;
  • the right to request that we correct information if it is incorrect;
  • the right to request the deletion of information;
  • the right to demand that we provide certain information in a commonly used electronic format or transfer it to another controller;
  • the right to revoke consent insofar as our processing is based on your consent;
  • the right to request further information necessary to exercise these rights;
  • the right to express your point of view in the case of automated individual decisions (Section 6) and to request that the decision be reviewed by a natural person.

If you wish to exercise the above rights vis-à-vis us, please contact us in writing or by e-mail; you will find our contact details in Section 2. In order to prevent any misuse, we must identify you (e.g. with a copy of your ID, unless there is no other way).

Please note that the applicable data protection law may provide for conditions, exceptions or restrictions with respect to these rights (e.g. to protect third parties or business secrets). We will inform you accordingly if necessary.

If you do not agree with our handling of your rights or data protection, please let us know (section 2). In particular, if you are located in the EEA, the United Kingdom or Switzerland, you also have the right to complain to the data protection supervisory authority in your country.

A list of authorities in the EEA can be found here:

https://edpb.europa.eu/about-edpb/board/members_de.

The UK supervisory authority can be reached here:

https://ico.org.uk/global/contact-us/.

The Swiss supervisory authority can be reached here: https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/adresse.html.

 

11. Do we use online tracking and online advertising techniques?

We use various techniques on our website that allow us and third parties we have engaged to recognize you when you use our website and, under certain circumstances, to track you over several visits. This section provides you with information about this.

Essentially, this is so that we can distinguish your access (via your system) from that of other users, thus ensuring the functionality of the website and enabling us to carry out evaluations and personalizations. We do not want to draw any conclusions about your identity, even if we are able to do so, insofar as we or third parties engaged by us can identify you by combining the data with registration data. However, even without registration data, the techniques used are designed in such a way that you are recognized as an individual visitor each time you access a page, for example by our server (or the servers of third parties) assigning you or your browser a specific identification number (so-called “cookie”).

We use such techniques on our website and allow certain third parties to do so as well. You can program your browser to block or deceive certain cookies or alternative techniques or to delete existing cookies. You can also expand your browser with software that blocks tracking by certain third parties. Further information can be found on the help pages of your browser (usually under the keyword “data protection”) or on the websites of the third parties that we list below.

Evalyse GmbH (LLC) only uses cookies that are necessary for your website.

This means the following:

Some cookies are necessary for the website to function as such or for certain functions. For example, they ensure that you can switch between pages without losing information entered in a form. They also ensure that you remain logged in. These cookies only exist temporarily (“session cookies”). If you block them, the website may not work properly. Other cookies are necessary so that the server can store your decisions or entries beyond a session (i.e. a visit to the website) if you use the corresponding function (e.g. selected language, consent given, the function for automatic login, etc.). These cookies have an expiry date of up to 24 months.

 

12. Can this data protection declaration be changed?

This data protection declaration is not part of a contract with you. We may amend this data protection declaration at any time. The version published on this website is the current version.

The data protection declaration written in German is legally binding. The translations are intended only to aid comprehension and may contain discrepancies.

Last update: 28/11/24