Data protection

Protecting your privacy.

We protect your data

We, DeepCloud AG (“DeepCloud”) respect your privacy and protect your personal data according to the applicable data protection laws.
This is the DeepCloud Privacy Policy. It is valid for all our websites, including:

with the associated subpages, as well as for our corporate presence on LinkedIn.

Access to our website is free, although some of our online services are restricted to certain users and require registration. Our online offers are not aimed at children or the general public.

Our websites are structured so that you can visit them without having to disclose any personal data. When you visit our websites, we ask you for your consent to certain data processing, which you can accept or reject.
If you decide to provide us with personal data, we consider it our obligation to handle this personal data very carefully and within the framework of the legal requirements.

This Privacy Policy is intended to provide you with comprehensive information about the data pro-cessing performed by us and applies to all data processing by DeepCloud, regardless of whether we receive your personal data online or offline and regardless of the communication channel (such as company website, other company websites on the Internet, by telephone, email, post, or personal contact).

Responsible position
DeepCloud AG
Abacus-Platz 1
9300 Wittenbach – St. Gallen
Switzerland
T +41 58 854 14 14

info@deepcloud.swiss

We have appointed a data protection officer for DeepCloud. They are available at:

datenschutz@deepcloud.swiss

Insofar as DeepCloud processes personal data and the General Data Protection Regulation (“GDPR”) applies to such processing, we have designated as our representative in the EU:

Abacus Business Solutions GmbH
Mies-van-der-Rohe-Straße 6
Tower 1 – 10. OG
80807 Munich
datenschutz@abacus.eu

If you have any questions about data protection, please feel free to contact us at any time.

What is personal data?

Personal data is any information relating to the personal or material circumstances of an identified or identifiable natural person (“data”). This includes, for example, the name, address, telephone number, or email address. This term does not include anonymous data or information whose content does not indicate or suggest the identity or factual circumstances of an identifiable individual, such as the number of visitors to a website.

There are also so-called special categories of data (“sensitive data”). This includes data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data to uniquely identify you, health data, or data concerning your sex life or sexual orientation. We will only process such data – if at all – with your explicit consent, unless another legal basis makes such data processing necessary.

Our data processing and your data

The content and information presented on our websites serve to provide you with general information about us as a company and about our DeepCloud Services. In the course of using our websites, it is possible that data may be disclosed by you or collected by us for certain purposes. Furthermore, as a company, we process data that you disclose to us or transmit to us in other ways, for example by mail, email, telephone, during a business transaction, or personal contact.

Our data processing includes, for example, the collection, storage, transmission, deletion, and other processing of your data. Only data that is necessary and appropriate for the intended purpose will be processed.

Our data processing is carried out for the purposes stated by us or for the purposes requested by you. Data processing outside of the intended purposes will only take place if we inform you accordingly and if a change of purpose is lawful.

In the following, we inform you about the individual data processing, its purpose, and its legal basis for us as a company.

Your contact information

You can provide your contact information and interest in our products and services in a contact form, an inquiry, through a personal contact during an event or web demo, or contact us in other ways so that we or partners we select can contact you, inform you about DeepCloud Services, conduct a web demo with you, or fulfill other offers.

Furthermore, we store and process information that you select in lists and menus on our websites. When you send us an email we save the content of the email as such, and the data that is generated when inquiries are sent to our email servers, such as sender and recipient IDs, time stamps and, if necessary, reasons for errors or rejections if the transmission of an email fails. If you wish to receive information material, you can also provide us with your email address so that we can send you the requested information by email with your consent.

We use your data ourselves or provide it to the relevant companies. This is done within the framework of data protection and competition law requirements.

We process your data based on legitimate interests. Processing is done both in your interest – you have contacted us – and in ours, to establish the satisfaction of all inquirers, if necessary to fulfil a contract with you, or to carry out pre-contractual measures.
 We will only process your data for the purpose of contacting you.

Your data may be stored in our CRM system and in other technical systems. When using website forms, your data will be transmitted in encrypted form according to the current state of the art. You provide us with your data voluntarily, and only as much data as necessary is requested (mandatory data are marked with *). All other information is optional.

Transmission of data to selected partners

If we determine that we can only satisfactorily respond to your inquiry with the assistance of a selected partner, we may share your data based on legitimate interests or, if necessary, we will obtain your consent to share your data. Consent is given voluntarily and can be revoked at any time for the future.

Offers requiring registration and login

In the course of providing our services, visiting our websites or using our support, there is the possibility of using online offers that require you to register, authenticate, and log in.

This applies in particular to the opening of a deepbox account, the use of our deepbox Services, but also to the execution of a web demo so that you can get a better picture of our services in the context of an online presentation, remote access in a support case, the registration for events, or the scheduling of an appointment.

This involves providing and transmitting to us a variety of data resulting from the respective form or our queries. When using such a form, your data will be transmitted in encrypted form according to the current state of the art. You provide us with your data voluntarily, and only as much data as necessary is requested (mandatory data are marked with *). All other information is optional.

DeepCloud is free to choose their authentication methods. The data to be provided results directly from the specific procedure used. You are required to choose strong passwords when choosing login credentials. You are responsible for the security of your login data and must not pass it on to unauthorised third parties.

The processing of your data within the scope of our (registration and login required) offers is carried out with your consent when registering or logging in, based on our legitimate interest in providing you with the information necessary to use our services satisfactorily, in order to be able to contact us, and for the proper processing of an existing contractual relationship.

Registration and deepbox account login

To open a deepbox account, a successful registration is required. The link sent to the email address provided must be used for this purpose. Registration opens a deepbox account for the Owner, which offers certain functionalities. The registration form must be completed, indicating whether the deepbox account is to be used privately or for a company, foundation or association (“Organization”). Before completing the registration process, a choice can be made between the two options.

Depending on the choice, a “Private” deepbox account will be opened for the Registrant as a contractual partner with DeepCloud or, if the necessary requirements are met, an “Organization” deepbox account will be opened for the Organization as a contractual partner For a deepbox account of an Organization, the authorization of the Registrant to enter into the contractual relationship for the Organization is required.

When using certain deepbox Services or extended functionalities of the deepbox account, the unique identification of the Registrant and, if applicable, the verification of the Organization is required. For identification and verification purposes, the services of a third-party provider are integrated. The terms and conditions of the third-party provider apply. As part of these processes, relevant data about the Registrant and the Organization, as well as the results of the identification and verification, are transmitted between DeepCloud and the third-party provider. The identification and verification processes may take place within a reasonable period of time. If the relevant process is not successfully completed within this time period, the deepbox account will be deleted.

After registration, an access-protected login can be used to log in to the deepbox account and use various deepbox Services. Two-factor authentication, possibly also from a third-party provider, can be activated for the login. The terms and conditions of the third party provider apply.

After successful registration, you have the option of using the services located there (some of which are subject to a fee), such as a deep, shared or special box, deepo, deepv, deeppay, or deeppoint.

Use of the deepbox account and the deepbox Services

We offer a deepbox account and various deepbox Services in the form of cloud-based software as a service. These are web-based software applications and applications (Apps) with various functionalities. The focus is on the storage, organization, and sharing of information and documents or on the optimization of internal company communication, processes and accounting, with the possibility of integrating employees and other third parties. The efficient analysis and use of information within the deepbox account is also possible.

If you have purchased subscriptions for certain deepbox Services within the deepbox account, these can also be used by your authorized users by releasing them in the deepbox account and after they have registered for a deepbox account. The person who opens a deepbox account is responsible for the use of the deepbox until an organization has been verified for the relevant deepbox account. The respective Owner of the deepbox account is responsible for the use and thereby processed data within the scope of the deepbox account and the deepbox Services, to maintain data protection if personal data is collected in the process. It is possible to collect, store, modify, or delete data with a deepbox.

For the use of the deepbox account and the deepbox Services, all data will be stored and processed that accrue upon registration as well as all data and documents that are collected and processed in deepbox and when using the deepbox Services. This includes data related to address entry, accounting, invoices and quotations, time recording, expense receipts, payroll accounting, and all content provided by the user in the process. Furthermore, this also includes content that can be processed by a fiduciary or by additional services such as those of payment providers, when using mobile Apps, and exchanged between the respective parties involved.

The data processed in the deepbox account and the deepbox Services include the following: personal master data such as name, address, date of birth, employer, contact data such as telephone and/or email address, time and wage recording data such as working hours, absences (sickness or holidays), overtime and extra hours, expense receipts, product master data, contractual relationship data and contractual data including delivery, payment and invoicing data, bank account and credit card data, and all data recorded within the deepbox account and deepbox Services. This data may come from current and former employees and job applicants, service providers, suppliers, banks and other payment providers, customers, business partners, prospective customers, and all the employees of the companies who act as contacts for these companies.

During the contractual relationship, DeepCloud shall back up the content stored in the Apps in accordance with standard backup procedures and shall endeavor to avoid data loss as far as possible. However, in general, the Owner of the deepbox account is responsible for the preservation and archiving of its data and documents and acknowledges that they are not archived by DeepCloud.

In the event of termination of the use of the deepbox account (e.g. ending the contractual relationship, termination) or the deepbox Services, the Owner of the deepbox account is responsible for scheduling the termination of the use of the deepbox account and the deepbox Services. The latter can instruct DeepCloud to make their data available in an export file before deletion of the data in deepbox takes place.

The Customer shall, autonomously and in due time prior to termination, ensure that its data files are backed up and delete corresponding data or authorise DeepCloud to delete the data upon termination of the contractual relationship, as the data will be deleted at the latest upon expiry of the backup periods. Access to the Owner’s data files is excluded after termination of the contractual relationship. Data that Abacus is legally or contractually obliged to store for a limited period of time, and data that is still needed for the settlement or collection of the services provided, shall be excluded from the deletion.

Your authorisation to use these services will end if you delete your account or lose your authorisation to use the services. Your login data will be deleted once you no longer have access authorisation.

Details on the use of Matomo

Within the deepbox account, the web analytics service Matomo is used. Matomo makes it possible to analyse the use of the deepbox account and the deepbox Services and to improve the respective functions. To do so, different data and information about the use of AbaNinja and its users is collected.

Matomo uses cookies, which are stored on the end device and allow the use of AbaNinja to be analyzed. The information collected and generated is then stored and analysed in Switzerland.

Matomo is used with the extension “AnonymizeIP”. This means that IP addresses are processed in abbreviated form, which means that they cannot be directly linked to a person. The IP address transmitted by the browser via Matomo is not merged with other data collected by DeepCloud. DeepCloud automatically deletes the data in Matomo 14 months after its collection, once a month.

The storage of all cookies can be disabled by changing the corresponding setting in the browser software. If the storage of all cookies is disabled, it may not be possible to use the full functionality of all of the features of the AbaNinja website or other websites. You can also prevent the transmission of the data generated by the cookies and related to the use of websites (including the IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link. This should then be done on all devices that are in use.

Please note that if all cookies are deleted, you will need to perform steps outlined above again to prevent the use of Matomo. Matomo is an open source project and is hosted on premise at DeepCloud. Matomo’s current Privacy Policy is available on their website.

Sending messages

To send messages via deepbox (invoices, offers, system notifications, etc.) we use the mail provider retarus GmbH (“retarus”), Aschauer Straße 30, 81549 Munich, Germany with a server solution in Switzerland.

The current Privacy Policy of retarus is available on their website.

Additional services activated by the user

If additional services are used as part of deepbox, the Owner agrees to their terms of use and data protection and authorises DeepCloud to enable the necessary data processing, data access, and data exchange so that these additional services can be integrated and used for deepbox.

Where the services of a fiduciary are used, the Owner shall grant the fiduciary access to the data in the application in order to carry out the necessary data processing and data synchronization. The deepbox account Owner is responsible for granting and restricting or revoking the fiduciary’s and also its other authorized users’ access rights to its data and whether they engage in lawful data processing activities within deepbox. The connection to the fiduciary’s deepbox account is made either by the deepbox account Owner themself or by the fiduciary.

AbaNinja contains the option of connecting to services of different payment providers such as banks or payment service providers.

When using deeppay, third-party services (such as payment initiation and account information services) are possible. DeepCloud merely provides the interface to these third-party providers for a data exchange so that the executed transactions can be displayed or triggered. For the execution of the transactions, an exchange of data takes place between the participants. For unique assignment, an application-relevant ID is used together with additional access data for the respective participant. This can be bank or payment-specific data such as account information, IBAN, or the credit card number. Each party involved is responsible for the data processing taking place in its area of responsibility and for the security of the data in accordance with the agreed provisions.

The responsibility for the provision and processing of the additional services and the processing of data when using said services (including the payment and account information processed via these services) does not lie with DeepCloud, but with these third-party providers.

Commissioned data processing and commissioned service providers

The content stored in deepbox is processed within the framework of the existing contractual relationship with the deepbox account holder. We process this data within the framework of commissioned data processing with the Owner of the deepbox account. A commissioned data processing agreement is entered into with us for the use of the deepbox account. The aim is that data processing in the context of the use of the deepbox account takes place mainly in Switzerland. If we engage contracted service providers in the EU (for example in Germany) for certain services, then we aim to arrange server solutions in Switzerland. Should it nevertheless become necessary for our commissioned service providers to process data in the EU (for example in a support case), the EU offers a level of data protection that is adequate for Switzerland.

If we ourselves, as the responsible party, use contracted service providers for our own purposes, we also try to ensure that data is processed in Switzerland. In special cases, we may require the services of service providers who provide their services outside Switzerland. In such cases, we try to commission service providers in a country that has a level of data protection appropriate for Switzerland. Otherwise, we ensure with suitable guarantees such as standard data protection clauses or upon your consent that a legally compliant data transfer can take place.

In any case, our contracted service providers are carefully selected and commissioned. They are bound to our instructions and are regularly monitored. Only such data is transmitted that is necessary for the provision of the respective service.

Data processing when using our mobile applications (Apps)

We also offer mobile applications (Apps). This includes the deepbox App .

Name of the App: deepbox (iOS / Android)

Function of the deepbox mobile App:

deepbox (iOS and Android) allows documents from different sources (via the camera, from the photo album, or from another cloud service) to be transferred to a deepbox.

Technical data and information that is processed and/or stored:

The App supports devices with iOS and Android (from Android version 5.0, exception: Huawei devices with their own operating system that do not support Google Services).

  • (Static) URL for access to the deepbox system
  • Authentication factors (Access & Refresh Token) for access to the deepbox Tokens are deleted after the user logs out within the App.
  • App Version
  • Model of the terminal device (iPhone/Android)
  • Version of the operating system
  • Indication of the countries/regions in which the App is used
  • Android: CrashReports and StackTrace (Sentry). In the case of event logs, these are active by default (Matomo). The user can set restrictions or deactivate this via the settings.
  • iOS: Logs are created by the Microsoft AppCenter for debugging purposes (CrashReports only). Information processed by the AppCenter can be found at https://docs.microsoft.com/en-us/appcenter/gdpr/faq .
  • Documents and content captured via App

“Privacy/ Data Protection”: Display of a window with selection

  • Required analysis data: CrashReports and StackTrace, specification of countries/regions, Microsoft AppCenter information (by default)
  • Complete analysis data: Event logs (Android)

Saving:

Data, information, and documents for uploading to a deepbox are (temporarily) stored in the App (storage also possible for offline use) or made available via access authorisation. DeepCloud only stores technical or statistical analysis data on the use of the App (such as crash reports, countries/regions) within the scope of App use, otherwise storage takes place in the user’s mobile device or after transfer of the data, information, and documents in the connected deepbox.

Third-party services used:

iOS: Microsoft AppCenter services to make the App more secure and to analyse crash reports.

Android: Sentry, to analyse crash reports and Matomo to analyse the use of the App.

including the libraries listed within the App settings “Licences”.

Access authorisation/s:

The App requires access to the camera function (to be able to scan, store, and read the documents), the photo album (where documents are stored to be used), the calendar (iOS only, so that expiry dates of the documents can be determined by means of the calendar) and the activation of the location services (where the locations are recorded by code). Furthermore, access to the “Internet” is required to enable a corresponding transfer connection to the connected deepbox.

The access authorisations are requested when the App is installed and the respective function is used for the first time. They only become active when the user has agreed and can be deactivated at any time, after which certain functions of the App can no longer be used.

Android: On older devices (older than Android 6), permission is requested when the App is installed.

Access protection:

Access protection can take place via the mobile terminal, in which the possible access restrictions are activated and the existing encryptions are used. No separate App access protection is implemented.

Network protocol:

As a network protocol, the App uses the HTTPS protocol with TLS encryption for communication.

Registration for a Webinar via LIVESTORM

Register for a Webinar via LIVESTORM
On some of our websites you can schedule an appointment with us on certain topics. To do this, select the topic that interests you from a variety of options and specify a date. To set up the appointment, the form asks for your email address, your name, and the location of the meeting. Your company name and whether you are interested in other topics are optional. Before you complete the appointment, you can check and adjust your data again.

We need this data to be able to plan and conduct the meeting with you. We use LIVESTORM SAS, 24 rue Rodier, 75009 Paris, France, for the registration and implementation of the Webinar. This is a service provider commissioned by us, to whom your data will be passed on for the purposes described above. For its services, it uses Amazon Web Services LLC, P.O. Box 81226. Seattle. This is an American company, so there is the possibility that data might also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is the possibility that U.S. companies are obliged to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. Abacus cannot therefore exclude that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavour to ensure that appropriate guarantees, such as standard data protection clauses, are in place or when using the service, you grant your consent for this in order to ensure legally compliant data transfer.

Events

Registration and participation in an event

You have the opportunity to register for an event such as a course, workshop, forum, webinar, seminar, consultation, (online) event, training, or trade fair (“Event”) on our website. You can send your registration for an Event in writing by post or fax to the contact address given in each case or book participation in the event directly on our websites on the Internet or by telephone. The data provided by you will be stored by us and processed for the planning and implementation of the Event as well as for the follow-up support of the participants and, if necessary, passed on to our commissioned service providers.

If you take part in an (online) event, a webinar or a survey, certain data such as your email address, name or the company you work for are required for the implementation of the (online) Event, the webinar or for the evaluation of the survey. In some cases, a survey is also conducted anonymously. Contracted service providers are used precisely for the implementation of such events. We are happy to provide information about our contracted service providers upon request. When participating in an Event, the General Terms and Conditions for Events apply.

We reserve the right to publish your name, company and, if applicable, photo and company logo after an event (e.g. website, flyers, reports, company appearances in social media, etc.). We reserve the right to delete these publications at any time without giving reasons.

Data processing due to legal requirements resulting from the Corona Virus

At events, we are obliged to comply with the legal requirements, for example by the Federal Office of Public Health (FOPH) (such as Safety Concept and Contact Tracing) and to collect corresponding data. These requirements can change constantly, which is why we reserve the right to adapt our safety concept at any time. You are required to follow this accordingly. For details on how we process data in such a case, please refer to the specific protection concept.

Participation in a raffle at an event

If participation in a raffle is possible at an event, we process your data so that you can participate in the raffle and a winner can be determined and notified at the end. We use your data within the scope of the raffle on the basis of your consent to participate in the raffle. You can revoke this at any time with effect for the future. You can find more information on a possible revocation under “Your rights”.

Video and photo recordings when participating in an event

We reserve the right to take photos and videos during an event in which you may also be featured. These photos and videos will be used exclusively for our own purposes (e.g. use for company websites, flyers, reports or via newsletters, for company appearances in social media, information to participants via email, etc.) to report on, or document the event. If you are shown as part of a larger group of people or are merely an “accessory” to a building or location where you are not the focus of the shots, we may take these photos and videos based on our legitimate interests for the purposes described above. You can object to their use at any time. If you are portrayed as an individual or are the focus of any recording, we will seek your consent for such recording. You then have a right of withdrawal in relation to your consent.

If photos and videos (sound and image) are taken of you, e.g. for testimonials, for giving presentations or training, for your support in improving or developing our services, this will only be done with your consent. You can also revoke this consent at any time. Details can be found in the specific declaration of consent.

Online events and meetings

More and more events and meetings are being held online only to protect participants. This requires an invitation or registration, for which you will be sent an email with a participant link. There may be live presentations, video demonstrations and active information exchange.

It is possible that we record an online event with sound and video and that participants can be heard and/or seen. These recordings are used exclusively for the company’s own purposes (e.g. use within a lecture or training series, webinars, for the company’s own websites, flyers, reports, for company appearances in social media, newsletters, information to participants by email), to report on it, to document it or to replay it.

When participating in such an event, participants are set to “mute”, also, it is not necessary for the participant to activate their camera in order to send pictures of themselves. Sound and/or video activation is only carried out by the participant after their approval. By agreeing to this, the user gives their consent for sound and image recordings to be made of them in the event that the online event is recorded. No sound or images are edited out afterwards. If the participant does not want to be recorded, they should not activate their audio and video functions throughout the event. It will still be possible to send questions to the moderator(s) via the chat function. These will be answered by the moderator(s) as far as possible during the event or in person via the chat function.

For the planning and implementation of such events and meetings (including the sending invitations and confirmations of participation, the analysis of the event or surveys relating to it) we use evenito AG, Limmatquai 122, 8001 Zurich, Switzerland. This is a service provider commissioned by us which receives your data for the purposes described above and which itself uses commissioned service providers for this purpose. We also use software solutions from Zoom Video Communications (“Zoom”), Inc.,55 Almaden Blvd, Suite 600, 95113 San Jose, California/USA for meetings. These companies also process data in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is the possibility that U.S. companies are obliged to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. Abacus cannot therefore exclude that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will work to ensure that appropriate safeguards are in place in this regard, such as standard data protection clauses, or you give your consent to this when using the services or attending such an event or meeting, in order to ensure that data is transferred in accordance with the law.

Your application

On our website and our company presence on LinkedIn, as well as on various job portals, you have the opportunity to find out about current vacancies at DeepCloud and to apply for them.

If you would like to apply for a job at DeepCloud, you can find out about current vacancies and apply for them under “Jobs”. At the moment, applications, including unsolicited applications, are welcome to be sent by email to jobs@deepcloud.swiss. Note that unencrypted emails are not protected against unauthorised access when they are sent. You can encrypt your attachments to the application yourself, for example with a ZIP solution and communicate the corresponding password separately (by telephone).

If you apply for an advertised position by email, the data you provide (e.g. title, name, postal address, email address, telephone number, languages, earliest start date, your cover letter, and other data and documents you provide) will be stored in order to process your application. This is done in order to carry out pre-contractual measures with you in relation to possible employment as an employee.

Other data processing in the context of your application

If you provide references as part of the application process, we will assume that, where the data relates to an individual, you have obtained their consent for us to contact them and you consent to us obtaining the reference from that individual. If we ask for a reference, we will only contact them with your consent. Consent is given voluntarily and can be revoked at any time for the future.

To get a better picture of your professional history, we may visit your professional profiles on LinkedIn and Xing. We process this publicly available job-related data about you in our interest to find out whether you fit the advertised position and our company. If you do not want this, you can let us know. We do not look at or process data from social networks or other websites that do not have a company or employment-oriented context.

Quality of your data when applying

The data you provide should be accurate, complete, not misleading, and up-to-date. Failure to do so may result in your application not being considered or appropriate legal consequences being drawn after you have already been recruited.

Storage period of your application

If the application procedure does not lead to a position being filled, your application will be deleted at the latest four months after completion of the application procedure, unless the data is needed to defend legal claims asserted against us from the application procedure (this is done on the basis of our legitimate interests), unless a different period is provided for by law or you have expressly consented to further processing of your data. If your application leads to employment, all data required for this will be processed within the framework of your employment relationship in accordance with the statutory provisions.

Recommendations and references

With your consent, we publish on our websites and other places (such as in our Newsletter) personal recommendations from you or references by photo, video or written statements as a satisfied customer or how to use our services. In some cases we also use your company logo. This is done after you have given your consent. You can revoke your consent to this; details can be found in the specific declaration of consent.

Surveys about our services

We may conduct surveys on certain topics (e.g. to improve and expand our services). Your opinion is very important. A survey will help us determine customer satisfaction of current solutions and the needs of our customers. This is in our interest as well as yours when using our services. To do this, we send selected people an invitation email with the link to the survey, whereby we receive your name and email address as part of our contractual relationship with the company for which you work. Participation in a survey is always voluntary and only takes place with your consent. By closing the browser, it is possible to terminate the survey at any time without any adverse consequences for you. We store and analyse the results of the survey on the basis of legitimate interests in order to improve our services. We may also share the results of surveys with our business partners or prospects, but no personal information will be disclosed.

As part of a survey, you also provide us with data such as your name, email address or the company you work for, as well as data resulting from the survey that you can provide (in a free text) within the survey.

To conduct surveys, we use the survey tool LimeSurvey from LimeSurvey GmbH, Papenreye 63, 22453 Hamburg, Germany with an on premise solution at our premises in Switzerland.

Use of DeepCloud Support

In progress.

Use of our Help Centre

In progress.

Data processing when using our websites

We use the services of contracted service providers in Switzerland for the purpose of designing and operating our website. If data is also processed outside Switzerland as a result, it is contractually ensured that a level of data protection appropriate for Switzerland is established, either through existing guarantees or through corresponding regulations. We are happy to provide information about our contracted service providers upon request.

Through this data processing, contact data, content data, usage data, meta data, and communication data are processed by us or our service providers on our behalf when you use our website. This is done on the basis of our legitimate interests in the efficient and secure provision of our website, to protect against misuse and other unauthorised use, on the basis of a service requested by you or a contract to be concluded with you following an order by you or, in certain cases, following your consent.

Automatic collection of access data and server log files

Access data and server log files are collected for each access to the server on which a service used by us is located (so-called server log files). These include:

  • the domain visited and the files accessed
  • the IP address of the terminal device used
  • date and time and duration of the visit
  • website from which the access was made
  • operating system of the end device used
  • the browser used for access as well as all information from the ‘user-agent’, which the browser transmits to the server
  • extent of the transmitted data volume

We use this information based on the following legitimate interests:

  • to view our website
  • to ensure the stability and security of our website
  • for statistical evaluations of our websites
  • to improve our web presence
  • with clarification work of support cases
  • for the analysis of technical problems
  • for safety-relevant clarifications
  • in suspected cases of unlawful use (e.g. to clarify acts of abuse or fraud)

This information is stored for a maximum of 90 days and then deleted, unless its retention beyond this period is necessary for evidential purposes, such as for use as evidence before authorities or courts for unlawful use of our website. We will then exempt them from deletion until the respective incident has been finally clarified and may keep them until a legally binding decision or judgement has been reached. This information is stored in such a way that, as a rule, it cannot be assigned to any specific person by us, except if you register for a special offer on the website.

As a matter of principle, the above-mentioned data will not be passed on to third parties, unless it is necessary for the pursuit of our claims, for the fulfilment of the intended purposes, after your consent or there is a legal obligation to do so.

Cookies and other technical means

Here we would like to inform you which cookies or other technical means such as web beacons, pixels, other tracking technologies (hereinafter “cookies”) are used when using our website. Cookies are small text files that are stored on your terminal device. They do not cause any damage to your end device and do not contain viruses. The data obtained in this way may subsequently be evaluated by us or third parties and merged with other data. As a rule, they serve to make the internet offer as a whole secure, more user-friendly and more effective, which is in both your and our interest.

For some cookies that are not essential for technical storage or access to our website, or that are not only used to enable the use of a service you have explicitly requested, we will ask for your consent by means of a so-called cookie consent banner.

What are the basic cookies?

Our websites may use cookies from us or third parties to fulfil certain purposes (such as displaying our website, improving functionality, statistical web analysis, product optimisation, personalisation of content).

The cookies we use are either session cookies (they are automatically deleted after you close your browser) or so-called persistent cookies (these remain stored on your end device until a specified expiry date).

The following cookies are generally possible:

Necessary including preferences

Necessary cookies are required for the secure operation of our website, to enable us to transmit and display our website content to you, to enable you to navigate the website or to enable us to quickly identify and rectify technical problems.

Preference cookies allow you to use the website more comfortably by remembering options you have chosen (such as a language choice) or providing functionality you have requested (such as remembering a choice or performing a function).

These cookies do not require your consent, but their use is based on justifiable interests.

Statistics

These cookies allow statistics and analyses to be created, whereby pseudonymized or anonymized data is collected in order to gain knowledge about website usage, to improve the our service or to quickly identify and solve technical problems.

Marketing

Enable the display of personalized content by recording and analyzing your usage behavior. This is also performed outside of our websites, as these cookies can follow you. Cookies from third-party providers are also used and (pseudonymised) data about your surfing habits are given to them for evaluation and further use.

Which cookies do our websites use?

You can find out which specific cookies are used on our websites by means of informative banners on the respective websites. If only functional cookies are used, we will inform you accordingly by means of a cookie info banner. If cookies, possibly also from third parties, are used that require your consent, we will obtain your consent in advance by means of a cookie consent banner before activating these cookies.

For information on the data processing of possible third-party providers whose cookies you can consent to when using our websites, please refer to their data protection declarations.

Please note that you can set the common browsers in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages cookie settings. The help menu of each browser explains how you can change your cookie settings. We cannot guarantee that you will be able to access all functions of our websites without restriction if you do not allow cookies. We recommend that you regularly delete your cookies and browser history manually.

reCAPTCHA from Google

To protect our systems from bots and possible spam, we have integrated reCAPTCHA from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 5, Ireland) on certain registration and login forms. This allows us to distinguish whether we are receiving a registration or login from a human or whether there is improper processing by an automated, machine program (e.g. a bot). For this purpose, certain entries are required before registration or login so that verification is possible. In addition, your IP address and, if applicable, other data such as the website that you visit with us and on which reCAPTCHA is integrated, the date and the time spent on our website, the identification data of the browser and operating system type, your Google account if you are logged into Google, mouse movements on the reCAPTCHA areas as well as the tasks in which you identify images are also required by Google for reCAPTCHA. They are sent to Google and processed by them. The analysis starts automatically as soon as you open the website with reCAPTCHA. We use reCAPTCHA from Google to ensure the security of our systems. Data and documents uploaded via a form are stored directly in our systems. If we did not install such a security tool, bots would be able to log on to our systems unhindered. This is how we protect ourselves from unwanted and dangerous automated calls. It is in our legitimate interest to protect our system security.

If you would like to know more about reCAPTCHA or how Google processes data, you can find out more directly from Google on their website.

Newsletter and promotional approach

In the following, we will show you how we would like to address you in terms of advertising.

Newsletter

With us you have the possibility to subscribe to a newsletter. In the following we explain the procedure involving newsletters.

  • Content of the individual newsletter: We only send emails with promotional information (hereinafter “newsletter”) with your consent. Our newsletters contain information on our services and benefits, also those of the companies of the Abacus Group.

Automated processing: Web beacons are used in our newsletters. These are small, unrecognisable embedded images or objects (such as clear GIF, pixel tags and single pixel GIFs) that return information from you after you open the email you receive. In this way, we can measure success in order to compile statistics for the popularity of our offer. It also allows us to evaluate your user behaviour accordingly. We also store information about the browser you are using and the settings you have made in the operating system you are using, as well as information about the internet connection you are using to access our website. Through the newsletter sent to you, we receive, among other things, receipt and read confirmations as well as information about the links you have clicked on in our newsletter. Through this data processing (performance measurement), we aim to align our advertising approach to your interests and optimise our offers on our website.

  • Consent: The dispatch of the newsletter and the associated performance measurement is based on your consent when registering for the newsletter.
  • Registration procedure and logging: To ensure that no one can register with other people’s email addresses, you will receive an email asking you to confirm your registration. This confirmation is necessary to receive the newsletter. If the registration is not confirmed within 4 days, the information will subsequently be deleted. Registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements and to clarify any possible misuse of your data. This includes the storage of the login and confirmation time as well as the IP address. Changes to your stored data are also logged.
  • Login data: To subscribe to the newsletter, all you need to do is enter your email address. Optionally, you can enter a name for the purpose of a personal address in the newsletter.
  • Recall: You can stop receiving a newsletter at any time, i.e. withdraw your consent, by sending an email to marketing@deepcloud.swiss clicking on the unsubscribe link in the newsletter or by contacting the address given in the Impressum contact details given in the imprint. You will not incur any costs other than the transmission costs according to the basic rates. You will find a corresponding link for revocation at the end of each newsletter.
  • Storage after revocation: We may store unsubscribed email addresses for up to three years to prove consent was previously given. The processing of this data is limited to the purpose of a possible defence against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. Your data will only be used for other purposes after you have withdrawn your consent if you have expressly consented to this or if further processing is justified, about which we will inform you.

Marketing measures by email to existing customers

If we have received your email address from you in connection with the provision of a service and you have not objected to its subsequent use, we reserve the right to use your email address for direct advertising for our own similar services already purchased. After considering our interests, these marketing measures serve our legitimate interests in addressing our existing customers in an advertising manner.

The prerequisite is that we inform you when collecting the email address and each time it is used so that you can object to its use at any time (this does not incur any costs other than the transmission costs according to the basic rates).

Commissioned service providers for marketing measures

Marketing measures by email can be carried out by commissioned service providers. For this purpose, your data such as name and email address will be passed on. For sending Newsletters, we use, among others, the Mailchimpservice of The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30318, USA. The data required for this is transferred to a server at The Rocket Science Group in the U.S. Newsletters are sent with your consent or on the basis of our legitimate interests in addressing our existing customers in an advertising manner.

Further information and the Privacy Policy of The Rocket Science Group LLC can be found on their website.

The Rocket Science Group LLC is an American company, so there is the possibility that data might also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is the possibility that U.S. companies are obliged to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. Abacus cannot therefore exclude that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

We are happy to provide information about our other contracted service providers upon request. You can object to marketing measures at any time by sending an email to marketing@deepcloud.swiss , by clicking on the unsubscribe link in the email or by contacting the contact details given in the imprint. You will not incur any costs other than the transmission costs according to the basic rates. You will find a corresponding link for the objection at the end of each such email.

Telephone and postal advertising

We reserve the right to use your first and last name as well as your telephone number and postal address for our own advertising purposes in order to be able to send you interesting offers about us, our products, services or events organised by us by telephone or by post. Telephone advertising is only carried out with your presumed consent. After weighing up our interests, the advertising approach by letter serves our justified interests in addressing our customers and potential interested parties. We will check and respect a possible advertising objection (e.g. through a star entry in public telephone directories) in advance.

Promotional letter mail can be processed and sent by a commissioned service provider. For this purpose we will pass on name and address data to them. We are happy to provide information about our contracted service provider upon request.

Objection to advertising and revocation of consent

You can revoke your consent to be contacted for advertising purposes or object to the storage and use of your data for the above-mentioned purposes at any time by sending a message to marketing@deepcloud.swiss or by contacting the contact details given in the imprint. You will not incur any costs other than the transmission costs according to the basic rates. After that, your contact details (e.g. from the newsletter) will be deleted.  Further processing of your data remains possible insofar as its use is further permitted or permitted by law.

Passing on data for advertising purposes

Your contact details may be passed on to another company of the Abacus Group in Switzerland or Germany as well as to our solution partners. Promotional advertising will be carried out within the framework of legal requirements. If you have given your consent, if necessary, to a promotional approach (e.g. by newsletter), and also to a transfer of personal data for this purpose to a company of the Abacus Group or one of our solution partners, this may be used for the corresponding promotional approach by the authorised party.

Our company presence on LinkedIn

We maintain a company presence on LinkedIn and there are links to our LinkedIn company presence on our websites.

There we can see all the information that visitors voluntarily provide to our corporate presence on this platform by either liking one of our posts or posting a comment. Your data will also be processed if you communicate with us within this platform, e.g. write articles on the various online presences or send messages.

In addition, we are provided with statistical data of the visitors to our company website in our administrator account. This includes data evaluating visitors’ interactions with our respective posts, a follower demographic and its origin, as well as web traffic and activity on our corporate presence on the platform. We are not able to view any personal data of the visitors, but only general data without any personal reference.

Further data processing carried out by the platform operator during your visit to the platform is not subject to this Privacy Policy, but to its own Privacy Policy. Nevertheless, we check our company presence on this platform at regular intervals for possible violations of the law in order to be able to take immediate action.

We have no influence on the data collected and data processing operations by a platform operator. It stores the data collected about you as a usage profile and uses this for the purposes of advertising, market research, and/or designing the website to meet your needs. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the network about your activities on our website. You have a right to object to the creation of these user profiles, whereby you must contact the platform operator directly to exercise this right.

Data processing by the platform operator after use of a link on our website takes place regardless of whether you have a user account there and are logged in there. If you are logged in, your data will be directly assigned to your user account. We recommend that you log out regularly after using such a platform, as this allows you to avoid being assigned to your profile.

For further information on the purpose and scope of data collection and processing, please refer to LinkedIn’s Privacy Policy. There you will also find further information on your rights and setting options to protect your privacy.

LinkedIn:
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA
http://www.linkedin.com/legal/privacy-policy

Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

LinkedIn is an American company, so there is the possibility that data might also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is the possibility that U.S. companies are obliged to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. Abacus cannot therefore exclude that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

Vimeo videos

We use the services of Vimeo, Inc. 555 West 18th Street, 10011 New York, USA (“Vimeo”) to host online events. In addition, we have integrated the Vimeo video player on some of our web pages in order to offer videos for the presentation of editorial content. These are stored on Vimeo so that they can be played on our websites. This is done for the optimal provision of our services, which is in our legitimate interest.

When you call up such a video, a connection is established to the Vimeo servers. Vimeo receives the information that you have accessed the corresponding subpage of our website with the embedded video as well as the IP address. Vimeo is set so that your user activity is not tracked and no cookies are set.

For more information on the purpose and scope of data collection, its processing and your rights and settings options to protect your privacy, please refer to the Vimeo Privacy Policy.

Vimeo, Inc. is an American company, so there is the possibility that data might also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is the possibility that U.S. companies are obliged to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. Abacus cannot therefore exclude that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we work to ensure that appropriate guarantees are in place in this regard, such as standard data protection clauses, or you give your consent when using these services to ensure that data is transferred in accordance with the law.

Links

Our websites may contain links to external websites of other companies outside DeepCloud. This Privacy Policy does not extend to the websites of these other companies. When using these websites, the data protection declarations of these companies must be observed as far as their data processing is concerned. Nevertheless, we check these websites at regular intervals in order to remove the link immediately in the event of possible infringements. If you have any indications of possible legal violations on the pages linked by us, we ask you to inform us so that we can stop a possible connection.

If you click on such links, your data may be transferred to companies in countries outside Switzerland, the EU or the EEA that do not ensure an adequate level of protection for the processing of personal data. Please remember this before clicking on a link and thereby triggering a possible transfer of data.

Data processing within the scope of our business operations, its purposes and its legal basis

In the following, we would like to inform you about the data processing that we carry out as a company within the scope of our business operations.

What data is processed and where does it come from?

We process data from our employees, customers, suppliers, applicants, interested parties, other business partners, or third parties and their employees. This data is either provided by the data subject or the respective company itself or we receive it from another company of the Abacus Group, from third parties such as other business partners (e.g. customers, suppliers or other service providers), public authorities or from publicly accessible sources (e.g. public telephone, address and trade directories, public notices or databases, the Internet, trade, cooperative or association registers).

The data provided by you or the relevant company, for example when making an enquiry, registering, obtaining a quote, entering into a contract, completing a questionnaire or otherwise communicating with us, may be as follows:

  • Contact details including full name, position, company, address, telephone, email address
  • Contractual data arising from pre-contractual measures or the fulfilment of a contract, including delivery data
  • Payment data, including bank details, payment history, credit card data, debit card data, access data, as well as other data for smooth payment transactions
  • Content data including entries in our CRM or project system, in contact forms, data of a conducted communication via email or another form of communication
  • Registration data (such as user name and password) when using offers requiring registration or login
  • Data for the prevention of fraud, money laundering or other criminal offences
  • All data in connection with an application or employment as an employee with regard to the profession, the previous employer, the professional career including certificates and further training, all data that are provided or may be legitimately collected and processed in the context of an application procedure or employment relationship
  • Sensitive data such as health data, which is only collected by us with the explicit, prior consent of the data subject, which can be revoked at any time, or where there is a legal obligation to process it
  • Data on the company for which a person works
  • Data as described above when using one of our websites

Data obtained through other companies, public authorities or publicly available sources, such as:

  • Credit information
  • Contact data (name, company, postal addresses, email addresses, telephone numbers, publicly accessible data as can be seen in the commercial register) from credit agencies that are used within the legal framework for an advertising approach
  • Data from banks or insurance companies in connection with the fulfilment of a legal or contractual obligation
  • Data from judicial or official proceedings
  • References from previous employers or business partners
  • Data related to fraud and money laundering prevention or screening related to export restrictions
  • Data from publicly accessible sources such as the internet, the press or public registers such as the commercial register

For what purposes is data processed and on what legal basis?

Data is processed for different purposes and on the basis of different legal bases:

  • Carrying out pre-contractual measures in the context of an application or in connection with the conclusion of contracts with customers or other business partners, such as when preparing an offer. Due to their function at the contractual partner, data of their employees is also processed, in which we have the legitimate interest of a successful business development
  • Processing of employee data based on contract, legal obligation, given consent or legitimate interests
  • Provision of contractual services and customer care in the fulfilment of contracts, implementation of contractual measures, payments and accounting, guarantee of contractual claims. Due to their function at the contractual partner, data of their employees is also processed, in which we have the legitimate interest of a successful business development
  • Processing of contact requests based on the legitimate interest of customer satisfaction or pre-contractual measures
  • Communication with the media based on a legitimate interest in successful business development
  • Sending personalised newsletters, carrying out other marketing measures, sending Christmas mail/gifts as well as internal market and opinion research to address customers in an advertising manner with regard to our companies and services in order to increase sales after consent has been granted or in special cases due to justified interests in direct marketing within the framework of existing legal requirements
  • Exchange information and maintain contact with the press on the basis of legitimate interests of successful business development
  • Improvement of our online offers, products, and services due to legitimate interests of a successful business development
  • Collection of data from publicly accessible sources on the basis of legitimate interests for customer acquisition
  • To establish, maintain and protect the operation and security of our IT, online offering, products, services and other offerings, based on legitimate interests to prevent potential security threats, criminal offences, or other adverse activities
  • Video surveillance to safeguard domiciliary rights and damage prevention and other IT security measures to protect persons, intangible assets and tangible assets
  • Compliance with internal policies or industry standards due to legitimate interests to comply with specified regulations
  • Enforcing contracts, settling, asserting or defending legal claims in judicial or official proceedings based on our legitimate business interests
  • Mergers, transfers, and acquisitions of companies, parts thereof or business divisions, as well as other transactions under company law, including the transfer of data on the basis of legitimate interests of successful business development or after consent has been granted
  • Provision of certain online services for the management of customers and business partners and communication in the context of the use of online services requiring registration (including orders, payments, document management, other information) on the basis of legitimate business interests
  • Enabling participation in interactive functions of our online offer due to legitimate interests upon request
  • Obtaining references as part of an application procedure after consent has been given
  • Verification of identity in order to be able to fulfil rights and obligations under data protection law, due to legal obligation
  • Credit assessments based on (pre-) contractual relationships or after consent has been given
  • Other data processing after consent has been given
  • Fulfilment of legal obligations and due diligence for the prevention or investigation of criminal offences, economic crime or money laundering
  • To fulfil the purposes you specified when you provided the data or that we notified you of when we collected the data
  • In addition, data from different sources are brought together, which can also be processed for the purposes listed above. This allows us to compare, match and use customer or sales partner data from the individual companies within the Abacus Group and manage it in a central system. For current and correct delivery and address data, we may match existing data with other sources, correct it if necessary and use it; this is due to legitimate business interests
Data transfers to the U.S. or to third countries without an adequate level of data protection

As a company, we use various tools from companies in the U.S., whereby we take care to contractually agree storage locations in Switzerland or the EU with these companies wherever possible. Nevertheless, it is possible that data will be transmitted to their servers in the U.S. during use or in support cases. If you are resident in Switzerland or in a member state of the EU/EEA, we expressly point out that the U.S. does not have an adequate level of data protection from the point of view of Switzerland and the EU and EEA. In the case of data transfers to a company in the U.S., there is a possibility that data could also be processed in the U.S. In this regard, we inform you that companies in the U.S. may be obliged to hand over data to security authorities due to regulations in force there. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out the possibility that U.S. authorities (such as intelligence services) may process, evaluate or store such data in the U.S. for monitoring purposes without us being able to influence

For data processed in a third country that does not have an adequate level of data protection, DeepCloud provides appropriate safeguards such as the conclusion of standard data protection clauses (adapting necessary contractual and technical measures) to ensure legally compliant data transfer abroad. Only in individual cases is recourse made to the legally possible exceptions, such as the explicit consent of the data subject for a data transfer to a third country without an adequate level of data protection.

Time limits for the deletion or blocking of data

In principle, we process and store your data for as long as is necessary and permissible for the purposes for which we received the data. Specifically, this means that we will retain your data for as long as we have a (business) relationship with you or the company for which you work, when you use our website, when you are employed, when you send us newsletters, when we perform a contract or a continuing obligation, for as long as you have given us permission to store the data, for as long as any obligations exist or are owed to us, for as long as a particular legal situation requires, such as with regard to legal disputes, limitation periods or official investigations, or for as long as you were notified when the data was collected.

In addition, legislation has provided for a variety of documentation and retention obligations and periods, so that if such a legal obligation for retention or documentation exists, we also store data – possibly limited – for a correspondingly long period of time. In Switzerland, for example, there are retention obligations under tax or commercial law of up to 10 years, as well as possible retention obligations of 30 years due to existing statutes of limitation, plus obligations under special laws. For this reason, an examination of the respective storage period takes place in each individual case for the corresponding data processing.

After exercising your right of revocation or objection, after the stated purposes have been achieved or after the expiry of existing tax or commercial law, other legal or contractual documentation and storage obligations and periods, we will delete your data or, if permissible, restrict its processing, unless you have consented to further use of your data or we have expressly reserved the right to use data beyond this, as permitted by law or contract, about which we will inform you accordingly.

Data security

If you use areas that require registration or login, you should store the login data carefully and protect it from access by third parties. If you log in from computers or other devices that are used by multiple people, please remember to properly log out after each session and close the browser window you are using.

We take data security very seriously and treat your data confidentially and in accordance with the statutory regulations. To this end, we have taken technical and organisational measures to ensure a level of protection appropriate to the risk. These measures may include the pseudonymisation and encryption of data, security measures relating to the confidentiality, integrity, availability and resilience of systems, the ability to rapidly restore the availability of and access to data in the event of a physical or technical incident, and the regular review, assessment and evaluation of the effectiveness of technical and organisational measures to ensure the security of processing. We want to protect your data from loss, misuse, alteration or destruction and unauthorised access in accordance with the state of the art. The safety standard is continuously adapted to the latest technological developments. Our employees and contracted service providers are bound to confidentiality and act within the framework of our instructions.

It is possible that emails are sent in unencrypted form (i.e. that they are immediately readable without any required prior decryption), especially if you cannot access encrypted emails yourself. Such unencrypted emails are exposed to a greater risk than encrypted emails, which is why we hereby expressly advise you not to send any confidential information such as application documents without encryption.

When using website forms or in the context of email communication with us, your data will be transmitted encrypted according to the current state of the art when it is sent. Our website including the areas requiring registration and login are secured (https). Keep in mind that security gaps can never be completely ruled out when transmitting data on the Internet. We cannot guarantee 100% security of all systems, especially when using our websites. We accept no liability for unauthorised actions by unauthorised third parties.

Decisions based solely on automated processing, including profiling

In the application procedure, data is used in the context of partially automated processing according to certain criteria in order to evaluate personal aspects of an applicant (profiling). We use these assessments to make a prediction of suitability for employment. However, the decision on employment is made by the respective line managers and employees in the HR department.

As a matter of principle, when concluding a contract or executing it, no decisions are made exclusively on the basis of automated processing which would produce legal effects against you or which would significantly affect you in a similar way. We will inform you in advance if this should take place in individual cases and ensure that data processing is lawful.

Applicable law

It is possible that different law applies to certain data processing. Thus, it must be examined in each individual case whether the Federal Act on Data Protection (FADP) und Ordinance to the Federal Act on Data Protection (DPO) as well as national law of Switzerland or another, foreign law such as the General Data Protection Regulation and in each case national law of another state is applicable to data subjects. DeepCloud will review this on a case-by-case basis and will carry out the data processing that takes place within the framework of the respective legal requirements.

Your rights

You are entitled to the following rights with regard to your data, insofar as we have been able to duly establish your identity and the respective conditions for this are met:

  • Right to access
  • Right of rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to object
  • Right to data portability

Furthermore, you have the right to assert your claims in court and to complain to a data protection supervisory authority about the processing of your data by us.

We will comply with your request for deletion unless it conflicts with an obligation to retain data or we need the data to assert, exercise or defend our legal claims.

You can revoke your consent to the processing of your data at any time for the future. Such a revocation shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

If we base the processing of your data on our legitimate interests or those of a third party following a balancing of interests, you may object to such processing. In such a case, we will review your objection and either stop or adapt the data processing or show you our compelling interests worthy of protection why we want to continue the processing. These must override your interests, rights and freedoms or the processing must serve the assertion, exercise or defence of legal claims.

Should we process your data in order to conduct direct advertising with it, you have the right to object to this processing of your data for the purpose of direct advertising at any time. This also applies to any profiling that may take place if it is connected with such direct advertising. In such a case, we will stop this data processing.

You are not obliged to provide us with your data. However, it is possible that certain functions of our website will not be available or will only be available to a limited extent if you do not provide any data. Furthermore, it is possible that no contractual relationship can be entered into with you without the corresponding data.

If you have any questions about data protection or if you wish to exercise your rights, withdraw consent or object to data processing, please contact us using the contact details provided above under “Responsible party”.

We have appointed a data protection officer for DeepCloud. They are available at:

datenschutz@deepcloud.swiss

If you have any questions about data protection, please feel free to contact us at any time.

Amendment to this Privacy Policy, as of July 2021

This Privacy Policy is subject to periodic review and may be amended, if necessary, in the event of legal or technical changes or due to new or revised services, at any time with effect for the future without prior notice. For this reason, we ask you to read this Privacy Policy at regular intervals in order to be aware of possible changes.