Privacy Policy

What it is about

We process various personal data in our business. Here we, the hearts100 association, inform you as required by the Data Protection Act.

Personal data is any information relating to an identified or identifiable natural person.

„Processing“ means any handling of personal data, regardless of the means and procedures used, in particular obtaining, storing, retaining, using, modifying, disclosing, archiving, deleting or destroying data.

If you provide us with personal data of other persons (e.g. family members, data of work colleagues), please make sure that these persons are aware of this Privacy Policy and only share their personal data with us if you are allowed to do so and if this personal data is correct.

This Privacy Policy is designed to comply with the requirements of the EU General Data Protection Regulation („GDPR“), the Swiss Data Protection Act („DPA“) and the revised Swiss Data Protection Act („revDSG“). However, whether and to what extent these laws are applicable depends on the individual case.

Our contact details

hearts100
Alderstrasse 21
8008 Zurich
tel. +41 79 429 68 86

Data protection guidelines

Based on Article 13 of the Swiss Federal Constitution and the federal data protection regulations (Data Protection Act, DSG), every person has the right to protection and privacy as well as protection against misuse of their personal data. Personal data is treated as strictly confidential and will not be sold to third parties. In cooperation with our hosting providers, we strive to protect the databases as well as possible against unauthorized access, loss, misuse or falsification.

This privacy policy provides you with information about the nature, scope and purpose of the collection and use of your data by the responsible provider.

Collection and processing of personal data

We primarily process the personal data that we receive from our customers and other business partners in the course of our business relationship with them and other persons involved in it, or that we collect from their users when operating our websites, apps and other applications.

In addition to the information that you yourself provide to us (through what you say and write to us and what you do with us), we may also obtain information about you from third-party sources, namely:

To the extent permitted, we also obtain certain data from public authorities and other third parties (such as address traders) from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, Internet). These include the categories of personal data that we receive about you from third parties, in particular information from public registers, information that we learn in connection with official and legal proceedings, information in connection with their professional functions and activities (so that we can, e.g. (so that we can, for example, conclude and process transactions with your employer with your help), information about you in correspondence and meetings with third parties, recommendations/references about you from third parties, information about you from a customer or your employer with whom we deal (e.g. your contact details), orders about you which we receive from third parties (e.g. if we are to deliver something to you or do something for you), creditworthiness information (insofar as we process transactions with you personally), information about you which we receive from people close to you (family, advisors, legal representatives, etc.). We may use this data to conclude or process contracts with you or involving you (e.g. references, your address for deliveries, powers of attorney, information on compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners of ours on the use or provision of services by you (e.g. payments made, purchases made), information from the media, social media/online activities and the Internet about you (where this is appropriate in the specific case, e.g. as part of a job application, press review, marketing/sales, etc.), your addresses and, where applicable, interests and other socio-demographic data (for marketing). e.g. as part of an application, press review, marketing/sales, etc.), your addresses and, if applicable, interests and other sociodemographic data (for marketing), publications in which you appear, data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, location information).

Do personal data go abroad?

Yes, this is possible, to the EEA, but exceptionally to any country in the world (conceivable in particular for online services that we use). If it is a country without sufficient data protection, we conclude in particular the EU standard contractual clauses, but may also rely on consent in some cases or transfer data abroad because it is necessary for the execution of a contract, where it concerns data published by you or it is necessary for legal proceedings abroad.

Purposes of data processing and legal basis

We use the personal data we collect primarily to communicate with our customers and business partners and to conclude and process our contracts with them, as well as to comply with our legal obligations in Switzerland and abroad. If you work for such a customer or business partner, your personal data may of course also be affected in this capacity.

In addition, we process personal data of you and other persons, to the extent permitted and deemed appropriate, also for the following purposes, in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

– Offering and further developing our offers, services and websites, apps and other platforms on which we are present;

– Communicating with third parties and processing their requests (e.g. applications, media inquiries);

– Examination and optimization of procedures for needs analysis for the purpose of direct customer contact as well as collection of personal data from publicly accessible sources for the purpose of customer acquisition;

– Relationship management, press relations, advertising and marketing (including the organization of events), insofar as you have not objected to the use of your data (if we send you advertising as an existing customer of ours, you can object to this at any time; we will then place you on a blocking list against further advertising mailings);

– Market and opinion research, media monitoring for planning, development of products and services;

– Assertion of legal claims and defense in connection with legal disputes and official proceedings;

– Maintenance of security;

– Exercise of business management and risk management;

– Prevention and investigation of crime and other misconduct (e.g., conducting internal investigations, data analysis to combat fraud);

– Guarantees of our operations, in particular IT, our websites, apps and other platforms;

Insofar as you have given us consent to process your personal data for certain purposes (for example, when you register to receive newsletters), we process your personal data within the scope of and based on this consent, insofar as we have no other legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.

Hosting & collection of general information

The hosting services we use are used to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offer.

With each access to this offer, information is automatically collected by us or the provider domainfactory GmbH, Oskar-Messter-Str. 33, DE-85737 Ismaning (visitor statistics). This information, also referred to as server log files, is of a general nature and does not allow any conclusions to be drawn about your person.

The information collected includes: Name of the website, file, date, amount of data, web browser and web browser version, operating system, the domain name of your Internet provider, the so-called referrer URL (the page from which you accessed our offer) and the IP address.

To deliver and display the contents of the website would not be technically possible in part without this data. Therefore, the collection of the data is mandatory. In addition, we use the anonymous information for statistical purposes. This allows us to optimize our offers and technology.

Newsletter

If you register for our newsletter, we use the data you enter exclusively for this purpose or to inform you about circumstances relevant to this service or registration. The newsletters are sent by the association. We do not pass on this data to third parties.

A valid e-mail address is required to receive the newsletter. Also stored are the IP address used to register for the newsletter and the date on which you order the newsletter, as well as the postal address, if provided. This data serves us as proof in case of abuse, if a foreign e-mail address is registered for the newsletter and/or for the deletion of the entry.

You have the option at any time to revoke your consent to the storage of the data, your e-mail address and its use for the newsletter dispatch. For the revocation, we will provide you with a notice in each newsletter informing you how to notify us of your revocation request via the contact options mentioned in this document.

E-mail

If you contact us by email, we will store the information you provide in order to respond to your inquiry and provide possible follow-up questions. Our e-mails are hosted by domainfactory GmbH, Oskar-Messter-Str. 33, DE-85737 Ismaning.

Integration of third-party services and content

Our offer sometimes includes content, services and performances of other providers. These are, for example, maps provided by Google Maps or videos from YouTube. In order for this data to be called up and displayed in the user’s browser, the transmission of the IP address is mandatory. The providers („third-party providers“) therefore perceive the IP address of the respective user.

Even though we strive to use only third-party providers that only need the IP address to deliver content, we have no influence on whether the IP address may be stored. In that case, this process serves statistical purposes, among other things.

YouTube

On our websites we embed videos of the platform „YouTube“ of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy, Opt-Out: https://adssettings.google.com/authenticated.



Google Maps

We integrate the maps of the service „Google Maps“ of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In particular, IP addresses and location data of users may be among the data processed, but not without their consent (usually executed in the context of the settings of their mobile devices). The data may be processed in the USA. Privacy policy: https://www.google.com/policies/privacy, Opt-Out: https://adssettings.google.com/authenticated.

Social media plug-ins

This is apparent to you in each case (typically via corresponding icons).We have configured these elements so that they are deactivated by default. If you activate them (by clicking on them), the operators of the respective social networks can register that you are on our website and where and can use this information for their purposes. The processing of your personal data is then the responsibility of this operator according to its data protection regulations.We do not receive any information about you from him. We do not receive any information about you from him.

Cookies

This website uses so-called cookies. These are text files that are stored on your computer from the server. They contain information about the browser, IP address, operating system and Internet connection. We do not pass this data on to third parties or link it to personal data without your consent.

Cookies help us to make it easier for you to navigate through our offer, and they enable the website to be displayed correctly. They are not used to introduce viruses or to launch programs.

Users have the option of accessing our offer without cookies. To do this, the corresponding settings must be changed in the browser. You can use the help function of your browser to find out how to disable cookies.This may impair some of the functions of this website and limit user comfort.The http://www.aboutads.info/choices (USA) and http://www.youronlinechoices.com/uk/your-ad-choices (Europe) sites allow you to manage online ad cookies.

Data sharing and data transfer abroad

Within the scope of our business activities and purposes, we also disclose data to third parties to the extent permitted and deemed appropriate, either because they process it for us or because they want to use it for their own purposes. In particular, this concerns the following entities:

– Service providers of us (within the hearts100 association as well as externally, such as banks, insurance companies), including order processors (such as IT providers);

– Marketing and project partners, subcontractors and other business partners;

– Customers;

– Domestic and foreign authorities, official agencies or courts;

– Media;

– The public, including visitors to websites and social media;

– Competitors, industry organizations, associations, organizations and other bodies;

– Acquirers or parties interested in acquiring divisions, companies or other parts of hearts100;

– other parties in potential or actual legal proceedings;

– to rüffer&rub Sachbuchverlag GmbH, 8008 Zurich;

– all joint recipients.

These recipients are partly domestic, but may be anywhere on the planet. In particular, you should expect your data to be transferred to all countries, as well as to other countries in Europe and the United States, where the service providers we use are located (such as Microsoft, Amazon).

If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless it is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have given your consent or if it is a matter of data that you have made generally accessible and you have not objected to its processing.

Duration of retention of personal data

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise the purposes pursued with the processing, i.e., for example, for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) as well as beyond that in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against our company and insofar as we are otherwise legally obligated to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as a matter of principle and to the extent possible. For operational data (e.g. system logs, logs), shorter retention periods of twelve months or less generally apply.

Data security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access restrictions, controls.

Obligation to provide personal data

In the context of our business relationship, you must provide those personal data that are necessary for the establishment and performance of a business relationship and the fulfillment of the associated contractual obligations (you do not generally have a legal obligation to provide us with data). Without this data, we will generally not be able to enter into or perform a contract with you (or the entity or person you represent). Also, the website cannot be used if certain information to ensure data traffic (such as IP address) is not disclosed.

Profiling

For the establishment and implementation of the business relationship and also otherwise, we generally do not use fully automated automatic decision-making (as regulated, for example, in Art. 22 DSGVO). Should we use such procedures in individual cases, we will inform you separately about this, provided that this is required by law, and inform you about the associated rights.

Data economy

In accordance with the principles of data avoidance and data economy, we store personal data only for as long as is necessary or required by law (statutory storage period). If the purpose of the information collected no longer applies or the storage period ends, we block or delete the data.

Business-related processing

We additionally process contractual data (e.g., subject matter of contract, term, customer category) and payment data (e.g., bank details, payment history) of our customers, prospective customers and business partners for the purpose of providing contractual services, service and customer care, advertising, press relations, marketing and market research.

Your rights to information, correction, blocking, deletion and objection

You have the right, upon request and free of charge, to request information about the personal data stored by us and/or to request correction, blocking or deletion. Exceptions: It is the mandatory data storage for business processing or the data is subject to the legal obligation to retain.

In order to be able to consider a data block at any time, it is necessary to keep the data in a blocking file for control purposes. If there is no legal archiving obligation, you can also request the deletion of the data. Otherwise, we will block the data if you so wish.

Liability for the content of our website

The hearts100 association assumes no responsibility for the correctness, completeness, accuracy, timeliness and reliability of the information. Liability claims regarding damage caused by the use of any information provided, including any kind of information which is incomplete or incorrect, will therefore be rejected. All our offers are non-binding. Parts of the pages or the complete publication including all offers and information might be extended, changed or partly or completely deleted by the author without separate announcement.

Liability for links to other websites

We decline any responsibility for references and links to third party websites. These are outside our area of responsibility. Access and use of such websites is at the user’s own risk.

Change of our privacy policy

In order to ensure that the data protection declaration always complies with the current legal requirements, we reserve the right to make unannounced changes at any time.