Privacy Policy

Effective February 05, 2024

1.Purpose of this privacy policy
This privacy policy explains the nature, scope, and purpose of the collection, processing, and use of personal data by vidby AG (hereinafter also referred to as "we" or "us") and provides information about your rights.

If you transmit or disclose data about other persons, such as family members, work colleagues, etc., we assume that you are authorized to do so and that this data is correct. By transmitting data about third parties, you confirm this. Please also ensure that these third parties have been informed about this data protection declaration.

This Privacy Policy is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Data Protection Act ("DPA"), and the revised Swiss Data Protection Act ("revDSG"). However, whether and to what extent these laws are applicable depends on the individual case.

In addition, we process personal data in accordance with the following legal bases in connection with Art. 6 para. 1 GDPR, insofar as the EU GDPR is applicable:

Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR) - The data subject has given their consent to the processing of their personal data for one or more specific purposes.
Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.

Protection of vital interests (Art. 6 para. 1 sentence 1 lit. d. GDPR) - Processing is necessary in order to protect the vital interests of the data subject or of another natural person.

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Application procedure as a pre-contractual or contractual relationship (Art. 9 para. 2 lit. b GDPR) - Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants as part of the application procedure (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants so that the controller or the data subject can exercise their rights under labor law and social security and social protection law and fulfill their obligations in this regard, their processing is carried out in accordance with Art. 9 para. 2 lit. b. GDPR. GDPR, in the case of the protection of vital interests of applicants or other persons pursuant to Art. 9 para. 2 lit. c. GDPR or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnosis, care, or treatment in the health or social sector, or for the management of systems and services in the health or social sector pursuant to Art. 9 para. 2 lit. h. GDPR. In the case of communication of special categories of data based on voluntary consent, their processing is carried out on the basis of Art. 9 para. 2 lit. a. GDPR.

This privacy policy is not part of any contract with you. We may amend this privacy policy at any time. The version published on this website is the current version.

2. Who is responsible for processing your data?
The data controller responsible for the data processing described in this privacy policy is:

vidby AG
Suurstoffi 18B
8343 Rotkreuz
Phone: +41 41 729 01 10
Mail: legal@vidby.com
Website: www.vidby.com

3. What data do we process?
The most important categories of data are as follows:

Technical data: When you use or visit our website, we collect technical data (e.g. your IP address, information about your browser and operating system, date and time of access, pages accessed, or names of the file(s) accessed) in order to ensure the functionality and security of these offers. For this purpose, we can also assign an individual code to your end device (in the form of a cookie, cf. 12). The technical data itself does not allow any conclusions to be drawn about your identity or your person. However, in the context of user accounts, registrations, access controls or the processing of contracts, this technical data may be linked to other categories (and thus possibly to your identity).

Registration data: Certain offers and services (e.g. vidby login area of our application, newsletter dispatch, etc.) can only be used with a user account or registration, which can be done directly with vidby or via external login service providers. You must provide us with certain data (e.g. user name, password, name, e-mail, telephone number, address), and we collect data on the use of the offer or service.

Communication data: If you contact us via the contact form on the website or application, by email, telephone, letter, or other means of communication, we collect the data exchanged between you and us. If you send us inquiries via our contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not disclose this data without your permission.
Master data: We refer to basic data, such as name, contact details, function, bank details, date of birth, etc. as master data. We receive master data from you (e.g. as part of a registration), from third parties and/or from publicly accessible sources such as public registers or the internet (websites, social media, etc.).

Contract data: This is data that arises in connection with the conclusion of a contract. We collect this data from you, from contractual partners and from third parties involved in the execution of the contract, from third-party sources (e.g. providers of creditworthiness data) and/or from publicly accessible sources.

Behavioral and preference data: Depending on the relationship we have with you, we try to get to know you and better tailor our offers to you. To do this, we collect and use data about your behavior and preferences. We may also supplement this information with data from third parties, including from publicly accessible sources. Some of this data is already known to us (e.g. when you use our services), or we obtain this data by recording your behavior (e.g. how you navigate our website). We describe how tracking works on our website in section 12.

Other data: We also collect data from you in other situations, e.g. who enters our office premises (in the form of visitor lists), who takes part in events or promotions (e.g. competitions, prize draws) and when, or who uses our infrastructure and systems and when.

Insofar as this is not prohibited, we also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the internet, including social media) or receive data from authorities and other third parties (such as credit agencies, address dealers, associations, contractual partners, internet analysis services, etc.).

4. For what purposes do we process your data?
We process your data for the following purposes:

to communicate with you, in particular to respond to inquiries and assert your rights(Section 11) and to contact you in the event of queries.
for entering into, managing and processing contractual relationships.
for marketing purposes and to maintain relationships, e.g. in the form of newsletters and/or as part of marketing campaigns.
for market research, to improve our services and/or for product development.
for security purposes and for access control.
to comply with laws, directives and recommendations from authorities and internal regulations ("compliance").
for other purposes, e.g. for training and quality assurance purposes.

5. On what basis do we process your data?
If we ask for your consent for certain processing (e.g. for marketing mailings), we will inform you separately about the corresponding purposes of the processing.

You can withdraw your consent at any time by notifying us in writing. You will find our contact details in Section 2. For the revocation of your consent to online tracking, see Section 12.

Once we have received notification of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented unless we have another legal basis for doing so. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

Where we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or execution of a contract with you (or the entity you represent) or that we or third parties have a legitimate interest in it, in particular in order to pursue the purposes and associated objectives described above under
Section 4 and to be able to carry out corresponding measures. Our legitimate interests also include compliance with statutory provisions, insofar as this is not already recognized as a legal basis by the applicable data protection law (e.g. in the case of the GDPR, the law in the EU or EEA and in Switzerland).

If we receive sensitive data (e.g. health data, information on political, religious or ideological views or biometric data for identification purposes), we may also process your data based on other legal grounds, e.g. in the event of disputes due to the necessity of processing for any legal proceedings or the enforcement of or defense against legal claims. In individual cases, other
legal grounds may apply, which we will communicate to you separately if necessary.

6. What applies to profiling and automated individual decisions?
It is possible for us to automatically evaluate some of your personal characteristics for the purposes mentioned in Section 4 using your data (Section 3) ("profiling") - for example, if we want to determine preference data in order to identify abuse and security risks, but also to carry out internal statistical evaluations (e.g. analyze click and opening rates). For the same purposes, we can also create profiles, i.e. we can compile behavioral and preference data, but also master and contract data and technical data assigned to you in order to better understand you as a person with your interests and characteristics. It is also possible for us to create anonymous and - with your consent - personalized movement profiles of you. These profiles can be used for marketing or security purposes, for example.

In both cases, we pay attention to the proportionality and reliability of the results and take measures to prevent misuse of these profiles or profiling.

7. To whom do we disclose your data?

As stated in section 4, we also transfer these purposes (your personal data) to third parties:

Service providers: We work with various service providers in Switzerland and abroad who process data about you on our behalf or receive data from us under their own responsibility. We process your personal data in Switzerland and in the EU or EEA.
Contractual partners, including customers: They receive, for example, registration data for vouchers issued and redeemed, invitations, etc. The recipients also include contractual partners who place advertisements for us and to whom we therefore transmit data about you for analysis and marketing purposes. We require these partners to only send you advertising or create advertising based on your data if you have expressly consented to this (for the online area, see para. 12).
Public authorities: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this is deemed necessary to protect our interests. The authorities process data about you that they receive from us under their own responsibility.
Other persons: This refers to other cases where the involvement of third parties arises from the purposes set out in section 4, e.g. service recipients, media and associations in which we participate or if you are part of one of our publications. If it is necessary to pass on data in other cases, the persons concerned will be informed in advance.

All these categories of recipients may in turn involve third parties, so that your data may also be made accessible to them. We can restrict the processing by certain third parties (e.g. by IT providers), but not by other third parties (e.g. authorities, banks, etc.).

We also allow certain third parties to collect personal data from you on our website and at our events (e.g. providers of tools that we have integrated on our website). If you have any concerns and wish to assert your personal data protection rights, please contact these third parties directly. Cf. para. 11 for the website.

8. Is your personal data also sent abroad?
As explained in section 7, we also disclose data to other bodies. These are located not only in Switzerland, but also abroad (EU/EEA).

If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection (we use the revised standard contractual clauses of the European Commission, which are available here: (https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.

Please also note that data exchanged via the Internet is often routed via third countries. Your data may therefore be sent abroad even if the sender and recipient are located in the same country.

9. How long do we process your data?
We process your data for as long as required by our processing purposes, the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes or for as long as storage is technically necessary.

10. How do we protect your data?
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to
protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risks of loss, unintentional alteration, unwanted disclosure or unauthorized access.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, safeguarding of availability and its separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to
data threats. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly
default settings.

11. What rights do you have?
To make it easier for you to control the processing of your personal data, you have the following
rights in this context:

the right to request information from us about which of your data we process;
the right to have us change, correct, delete or block your data;
the right to demand that we hand over your data;
the right to withdraw consent where our processing is based on your consent;
the right to receive, upon request, further information necessary for the exercise of these rights;

If you wish to exercise the above rights against us, please contact us in writing; you will find our contact details in Section 2.

You also have these rights vis-à-vis other bodies that work with us on their own responsibility - please contact them directly if you wish to exercise rights in connection with their processing. You will find details of our key cooperation partners and service providers in Section 7, and further details in Sections 12-14.

Please note that these rights are subject to conditions, exceptions or restrictions under the applicable data protection law (e.g. to protect third parties or business secrets). We will inform you accordingly if necessary.
You have the right to lodge a complaint if you do not agree with our handling of your rights or data protection. To do so, please contact our Data Protection Officer (Section 2) or refer to your right to lodge a complaint with a competent data protection authority (in Switzerland, your point of contact is the Federal Data Protection and Information Commissioner, FDPIC).

12. Do we use online tracking?
When using our website, data may be generated that is stored in logs (in particular technical data). In addition, we may use cookies and similar technologies (e.g. pixel tags or fingerprints) to recognize website visitors, evaluate their behavior and identify preferences. A cookie is a small file that is transmitted between the server and your system and makes it possible to recognize a specific device or browser.

You can set your browser so that it automatically rejects, accepts or deletes cookies. You can also deactivate or delete cookies in individual cases. You can find out how to manage cookies in your browser in the help menu of your browser.

Neither the technical data collected by us nor cookies generally contain any personal data. However, personal data that we or third-party providers commissioned by us store about you (e.g. if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.

We also use our own tools and third-party services (which may themselves use cookies) on our website, in particular to improve the functionality or content of our website (e.g. integration of videos or maps), to compile statistics and to place advertisements.

We use the following services and tools:

12.1 Privacy policy for Google Analytics:
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the controller responsible for data processing on this website is located outside the European Economic Area or Switzerland, Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as "Google".

We can use the statistics obtained to improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID.

Further information can be found in Google's privacy policy (https://policies.google.com/privacy).

12.2 Privacy policy for the use of Microsoft Clarity
This website uses the Microsoft Clarity service to improve user-friendliness. Clarity is a service provided by Microsoft Ireland Operations Limited. The company is based in Dublin, Ireland, Europe. Clarity can be used to record mouse clicks as well as mouse and scroll movements.
Clarity gives us an insight into how much time users spend on certain pages, which links are clicked, etc. Personalized information is not recorded.

For more information, please refer to Microsoft's privacy policy:
(https://privacy.microsoft.com/de-de/privacystatemet)

12.3 Privacy policy for Google Tag Manager
Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus, for example, integrate Google Analytics and other Google marketing services into our online offering. The Tag Manager itself, which implements the tags, does not process any personal user data. With regard to the processing of users' personal data, please refer to the following information on Google services. (Source: SwissAnwalt)

Further information can be found in Google's privacy policy and at:
(https://www.google.com/intl/de/tagmanager/use-policy.html)

12.4 Privacy policy for Google Ads:
This website uses Google Conversion Tracking. If you have reached our website via an advertisement placed by Google, Google Ads will place a cookie on your computer.
Further information can be found here in Google's privacy policy
(https://policies.google.com/privacy) and at: (https://ads.google.com/home)

12.5 Use of Google Remarketing
This website uses the remarketing function of Google Inc. This function is used to present interest-based advertisements to website visitors within the Google advertising network.

Further information can be found in Google's privacy policy (https://policies.google.com/privacy).

12.6 Privacy policy for SendGrid
The third-party provider Sendgrid is used to send newsletters. Further information about SendGrid and SendGrid's privacy policy can be found here (https:// https://sendgrid.com) and (https://sendgrid.com/resource/general-data-protection-regulation-2/)

12.7 Privacy policy for Google Web Fonts:
This website uses so-called web fonts provided by Google for the uniform display of fonts.

When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font will be used by your computer. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy:
(https://www.google.com/policies/privacy)

12.8 This website uses Hotjar:
A web analytics service provided by Hotjar Ltd. Hotjar is used to better understand our users' needs and to optimize this service. Hotjar may record mouse clicks, mouse movements and scrolling activity. Hotjar may also collect other information about your device and browser (device type, screen size, country, etc.) in a non-personally identifiable way. The information is collected by Hotjar Ltd. and stored on its servers in Ireland. For more information, please refer to Hotjar's privacy policy: https://www.hotjar.com/legal/policies/privacy/

12.9 Privacy policy for MailChimp and eSputnik
We use the email marketing services MailChimp and eSputnik to send our newsletters and other marketing emails. MailChimp is provided by Rocket Science Group LLC, and eSputnik is provided by eSputnik LLC. These services allow us to manage email subscriber lists, send emails, and track metrics like open and click rates. For more information, please refer to MailChimp's privacy policy (https://mailchimp.com/legal/privacy/) and eSputnik's privacy policy
(https://esputnik.com/en/privacy-policy.html).

13. What data do we process on our pages in social networks?
We may publish online content on social networks and other platforms operated by third parties websites and collect data about you there.

We receive this data from you and the platforms when you come into contact with us via our online presence. At the same time, the platforms evaluate your use of our online presence and link this data with other data about you known to the platforms. They also process this data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g. to personalize advertising) and to control their platforms (e.g. which content they display to you).
We currently use the following platforms, whereby the identity and contact details of the platform operator can be found in the privacy policy:

LinkedIn (https://de.linkedin.com/legal/privacy-policy)
YouTube (https://www.youtube.com/static?gl=de&template=terms&hl=de)
the right to have us change, correct, delete or block your data;

14. External payment service providers
This website uses external payment service providers through whose platforms users and we
can carry out payment transactions. For example via
Visas (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)
Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
Stripe (https://stripe.com/ch/privacy)
PayPal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
Wise (https://wise.com/privacy-policy/)
Swift (https://www.swift.com/about-us/privacy-and-security)

As part of the fulfillment of contracts, we use payment service providers on the basis of the Swiss Data Protection Ordinance and, if necessary, Art. 6 para. 1 lit. b. EU-DSGVO. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with the Swiss Data Protection Ordinance and, if necessary, in accordance with Art. 6 para. 1 lit. f. EU GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, totals and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. As the operator, we do not receive any information about the (bank) account or credit card, but only information to confirm (accept) or reject the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the general terms and conditions and data protection notices of the aforementioned payment service providers.

Payment transactions are subject to the terms and conditions and the data protection notices of the respective payment service providers, which can be accessed on the respective websites or transaction applications. We also refer to these for further information and the assertion of rights of revocation, information and other rights of data subjects.