February 13, 2019
Our data processing activities can be divided into two application areas:
A. General Information on Data Protection and Data Subject‘s Rights
2. Who Determines the Purposes and Means of the Processing of Your Personal Data and Whom Can You Contact?
Responsible authority for the data processing:
42matters AG, Rötelstrasse 84, 8057 Zürich, Switzerland
Tel: +41 44 586 77 42
Contact person at 42matters: Andrea Girardello
If you have any question or inquiry relating to Our use of Your personal data or in case You want to issue a request for access, rectification, restriction on processing, portability, objection to processing, or deletion of personal information, or exercise any other data subject right available to you under the EU General Data Protection Regulation (GDPR), You may contact us as identified in Part E below.
3. What Rights Do You Have With Regard To Your Data?
You may have at any time the rights to information, correction, deletion or restriction of the processing of Your Data, a right to object to the processing as well as a right to data transfer and a right of complaint in accordance with the requirements of the applicable data protection laws. If You wish to exercise any of the above rights against Us, please contact Us at the address given under A.1. In case of doubt, We may request additional information to confirm Your identity.
3.1) Right To Information
You can request information from Us if and to what extent We process Your Data.
3.2) Right To Rectification
If we process Data that is incomplete or inaccurate, You may request that We correct or complete it, at any time.
3.3) Right To Erasure
You can demand that We delete your Data if We process it not in accordance with applicable laws, or if the processing disproportionately interferes with Your legitimate interests. Please note that there may be reasons that prevent an immediate deletion of Your Data, e.g. if We have to fulfill legally applicable storage obligations.
Irrespective of the exercise of Your right to deletion, We will delete Your Data immediately and completely, unless there is a legal or statutory retention period to the contrary.
3.4) Right To Restriction of Processing
In the following cases You can request Us to restrict the processing of Your Data:
If You have restricted the processing of Your Data, such Data may not be processed - apart from its storage - without Your consent or for the purpose of asserting, exercising or defending legal rights or protecting the rights of another natural or legal person or for reasons of an important public interest.
3.5) Right To Data Portability
You have the right to have Data, which We process automatically on the basis of Your consent or in fulfilment of a contract, handed over to You or to a third party, in a standard, machine-readable format. If You request the direct transfer of Data to another responsible person, this will only be possible as far as it is technically feasible.
3.6) Right To Object
If We process Your Data for a legitimate interest within the meaning of Art. 6 section 1 lit. f GDPR, You may object to this Data processing at any time for reasons arising from Your particular situation; this also applies to profiling based on these provisions. If You file an objection, We will no longer process Your Data concerned, unless We can prove important reasons justifying the further processing, which outweigh Your interests, rights, and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
If Your Data is processed for the purpose of direct advertising, You have the right to object at any time to the processing of your Data for the purpose of such advertising; this also applies to profiling in so far as it is connected with such direct advertising. If You object, Your Data will no longer be used for direct marketing purposes. You can object to the processing of Your Data for the purpose of direct marketing at any time without stating reasons.
3.7) Right To Withdraw Consent
Some data processing operations are only possible with Your express consent in the sense of Art. 6 section 1 lit. a GDPR. You can revoke an already given consent at any time with effect for the future. For this purpose, an informal notification by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
3.8) Right to Lodge a Complaint with a Supervisory Authority
If You are of the opinion that We violate national or European data protection laws when processing Your Data, please contact Us so that We can clarify any questions You may have. Of course, You also have the right to contact the responsible supervisory authority.
The right of complaint exists without prejudice to other possible administrative or judicial remedies.
4. Which Data is Processed and From Which Sources Does This Data Originate?
We process Data that We receive from You in the course of initiating and maintaining a business relationship. On the one hand, Your data is collected when You are communicating it to Us in direct contact.
On the other hand, We process Data that We have obtained from third parties like for example credit agencies, creditor protection associations, from publicly accessible sources, from companies with which We have a long-term business relationship or from authorities.
Via Our Website, We process Data that We receive during Your visit to the Website or that You actively communicate to us when using the Website, e.g. by entering a contact form. Other Data is automatically collected by Our IT systems when You visit the Website. This is mainly technical data (e.g. Internet browser, operating system or time of the page call). This data is collected automatically when You enter our Website.
The Data that we process regularly includes in particular your master/contact data such as:
In addition, We also process the following types of Data:
5. For What Purposes And On What Legal Basis Do We Process Data?
We process Your Data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the national regulations based thereon. For example:
5.1) To Fulfil (Pre-)Contractual Obligations (Art. 6 section 1lit.b GDPR)
Your Data is processed for the sale and distribution of Our goods and services and for customer administration purposes. The Data will be processed in particular during the initiation of business transactions and the execution of contracts with You, for example in the following cases:
5.2) To Fulfil Legal Obligations (Art. 6 section 1lit.c GDPR)
The processing of Your Data may be necessary in part for the purpose of fulfilling various legal obligations and requirements to which we are subject, e.g. from the commercial laws or tax regulations.
5.3) To Safeguard Legitimate Interests (Art. 6 Section 1 lit.f GDPR)
On the basis of a weighing of interests, data processing may take place beyond the actual fulfillment of a contract, in order to safeguard Our legitimate interests or the legitimate interests of third parties. Data processing to safeguard legitimate Our interests are carried out in the following cases, for example:
5.4) Within The Scope of Your Consent (Art. 6 section 1 lit.a GDPR)
If You have given Us Your consent to process Your Data, it will be processed in accordance with the purposes and to the extent agreed in the declaration of consent. A given consent, e.g. for the sending of our newsletter, can be revoked at any time with effect for the future. For this purpose, please contact the person named under A 2.
The Data collected from You will only be used for the purpose for which You provided Your Data to us or for the processing of which You have given Us Your consent. After the end of Our processing activities, your Data will only be stored as long as it is necessary due to tax and commercial law retention periods. After these periods have expired, however, the Data will be deleted unless You have expressly consented to their further or other use. You can also assert rights during the retention periods, such as blocking Your Data. See also A 3.
6. Who Receives My Data?
Your Data will not be transferred to third parties for purposes other than those listed below. We will only pass on Your Data to third parties if:
Your Data will be forwarded to other companies for the purpose of initiating or processing a contractual relationship (e.g. provision of a service or sale of goods) in accordance with Art. 6 Section 1 lit. b GDPR or - depending on the type of specific contractual relationship - and on the basis of our legitimate interests in accordance with Art. 6 Section 1 lit. f GDPR, in particular to companies which we regularly use to provide our Services or to process the contract, for example: Brokers, advertising partners, insurance companies, banks, IT service providers, payment service providers, shipping service providers, credit agencies, tax and legal advisors, translation agencies.
For example, therefore We share Your Information with business partners on an as needed basis to render the Services, i.e. our payment provider for collecting fees payable for our Commercial Services, Our accounting service provider, and Our mail provider We use to stay in contact with You. The Information We share with these business partners is limited to Your name and email address and, with respect to our payment solution providers and accounting provider, Your postal address.
If We use a service provider for the purpose of data processing to be carried out on behalf of 42matters, in accordance with Art. 28 GDPR, We shall nevertheless remain responsible for the protection of Your Data. Insofar as required by law, such service providers are contractually obliged by means of a Data Processing Agreement ("DPA") (Art. 28 GDPR) to treat Your Data confidentially and to process it only within the scope of providing the service. The processors contracted by Us will receive Your Data only insofar as they need the Data to perform their respective tasks.
Your Data will only be transferred to state institutions and authorities (foreigners authorities, residents' registration offices, health insurance funds, tax offices, embassies) or collected for this purpose within the framework of mandatory national legal provisions. For example, if We are required to respond to subpoenas, court orders or other legal processes your Information may be disclosed pursuant to such subpoena, court order or legal process, which may be without notice to You.
In the event that We sell our business, i.e. all or substantially all of our assets are sold or transferred to or merged with another party, all Information that has been collected and stored may be one of the business assets we transfer on the basis of our legitimate interests pursuant to Art. 6 Para. 1 S.1 lit. f GDPR.
7. How Long Will My Data Be Stored?
Your Data will be deleted or blocked by us as soon as the purpose of storage no longer applies. We process your Data in principle only until the end of the business relationship or until the expiry of the applicable guarantee, warranty, statute of limitations and statutory retention periods; furthermore until the end of any legal disputes in which the Data is required as evidence.
8. When Personal Data Are Transferred to a Third Country?
The Data of a user may be transferred to, and stored at, a destination outside the European Economic Area. It may also be processed by staff operating outside the EEA who works for 42matters or for one of its suppliers. A transfer of Data to a third country without an adequate level of protection of natural persons will only take place on a case-by-case basis and on the basis of a European Commission adequacy decision, standard contractual clauses, appropriate safeguards or your explicit consent.
B. Use of Our Website
1) What Information We Collect When You Visit Our Website
1.1) We collect the following Information by using cookies (a small text file that is stored on a user's computer or mobile device for record-keeping purposes) and web beacons (electronic images that deliver cookies and help to count visits): browser type and browser language, Your Internet Protocol ("IP") address, and the actions you take on the Website (such as the Web pages viewed and the links clicked).
1.2) We use both session ID cookies and persistent cookies on the Website. We use session cookies to make it easier for you to navigate the Website. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive or mobile device for an extended period of time. Most web browsers (including mobile web browsers) are set to accept first-party cookies by default. However, some web browsers (including mobile web browsers) are set to not accept third-party cookies by default. You can typically remove or reject cookies by following directions provided in your Internet browser's help file or in the "Settings" of your mobile device. However, removing cookies may not allow you to take full advantage of all features on the Website.
1.3) The Website may also contain third party tracking tools from third party service providers, which may enable these third parties to analyze User information. While these third parties may have access to your personal information in connection with the performance of services for 42matters, they will not be permitted to use such information for any purpose other than providing their services.
2) Information You Submit to Register an Account
2.1) If you register an Account on our Website which is a prerequisite to subscribe to Our Services, We request you sign in with your Facebook account. We collect this Information to be able to verify your account and contact you and to send you information relating to the use of our Services.
We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers on behalf of other businesses, or email you about your use of the Services. Also, we may receive a confirmation when you open an email from us. This confirmation helps us make our communications with you more interesting and improve our services. If you do not want to receive communications from us, please indicate your preference by writing to email@example.com or using the unsubscribe link in each email.
2.2) We may share and disclose information (including Your personal information) to third party services in order to help operate our Services. With these third party services we share the minimum amount of Information (as mentioned in Paragraph 2.1) required to provide you with our Services, offer you support and other business activities related to our Services. We provide your information to such third party service providers to enable us to fulfill our contractual duties as per Art. 6 para 1. A a), on the basis of our legitimate interests according to Art. 6 para. 1 f) GDPR and, where necessary, subject to the conclusion of data processing agreements according to Art. 28 Para. 3 S. 1 GDPR. The primary third party services we use are:
3) Information You Submit to Subscribe to Our Commercial Services
3.1) If you wish to subscribe to one or more of our Commercial Services, we request your billing address as well as your VAT ID (optional) in order to be able to invoice You correctly. Your payment records will be stored for the term requested by mandatory law applicable to us.
4) Information Collected Automatically
We neither rent nor sell your Personal Information in personally identifiable form to anyone. However, we may share your Personal Information with third parties as described in this section: Information that’s no longer personally identifiable. We may anonymize your Personal Information so that you are not individually identified, and provide that information to our partners. We may also provide aggregate usage information to our partners, who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal online experience. However, we never disclose aggregate usage information to a partner in a manner that would identify you personally, as an individual.
4.1) Google Adwords
4.2) LinkedIn Plugins
Based on Our legitimate interests (Art. 6 section 1 lit. f GDPR) or for the fulfillment of a contractual relationship (Art. 6 section 1 lit. b GDPR) or on the basis of Art. 28 GDPR We allow advertisers and/or merchant partners (“Advertisers”) to choose the demographic information of users who will see their advertisements and/or promotional offers and you agree that we may provide any of the information we have collected from you in non-personally identifiable form to an Advertiser, in order for that Advertiser to select the appropriate audience for those advertisements and/or offers. For example, we might use the fact you are located in San Francisco to show you ads or offers for San Francisco businesses, but we will not tell such businesses who you are. Or, we might allow Advertisers to display their ads to users with similar usage patterns to yours, but we will not disclose usage information to Advertisers except in aggregate form, and not in a manner that would identify you personally. Note that if an advertiser asks us to show an ad to a certain audience or audience segment and you respond to that ad, the advertiser may conclude that you fit the description of the audience they were trying to reach.
4.4) Affiliated Businesses
In certain situations, businesses or third party websites we’re affiliated with may sell or provide products or services to you through or in connection with the Services (either alone or jointly with us). You can recognize when an affiliated business is associated with such a transaction or service, and we will share your Personal Information with that affiliated business only to the extent that it is related to such transaction or service based on our legitimate interests (Art. 6 section 1 lit. f GDPR) or for the fulfillment of a contractual relationship (Art. 6 section 1 lit. b GDPR) or on the basis of Art. 28 GDPR. One such service may include the ability for you to automatically transmit Third Party Account Information to your Services profile or to automatically transmit information in your Services profile to your third party account; for example, the list of your Facebook advertising account, your name, and country. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to an affiliated website or business, please review all such business’ or websites’ policies.
Based on Our legitimate interests (Art. 6 section 1 lit. f GDPR) or for the fulfillment of a contractual relationship (Art. 6 section 1 lit. b GDPR) or on the basis of Art. 28 GDPR We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you; for example, we currently use a payment processing company called Stripe to receive and process your credit card transactions for us. Unless we tell you differently, our agents do not have any right to use the Personal Information we share with them beyond what is necessary to assist us.
4.6) User Profiles and Submissions
Certain user profile information, including your name and any video or image content that such user has uploaded to the Services, may be displayed to other users to facilitate user interaction within the Services or address your request for our services (For example, the team administrator can see other team members’ names when using the team management page). Your account privacy settings may allow you to limit the other users who can see the Personal Information in your user profile and/or what information in your user profile is visible to others. Please remember that any content you upload to your public user profile, along with any Personal Information or content that you voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by anyone. Your user name may also be displayed to other users if and when you send messages or comments or upload images or videos through the Services and other users can contact you through messages and comments.
5) Hosting, Data Rentention and Security
5.1) We use, on the basis of our legitimate interests according to Art. 6 para. 1 f) GDPR and, where necessary, subject to the conclusion of data processing agreements according to Art. 28 Para. 3 S. 1 GDPR, the following third party services to host Our Websites, Services, data (including Personal Information) and files:
5.2) We only retain Personal Information for as long as the related account is active or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, security, and enforce our agreements as follows:
5.3) We use reasonable organizational, technical and administrative measures to protect Personal Information within our organization (for example: data transfer encryption over HTTPS, and account authentication and data rest encryption for our computer and databases storing Personal Information). Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If You have reason to believe that Your interaction with us is no longer secure (for example, if You feel that the security of Your account has been compromised), please contact us immediately by way of e-mail to the following address: firstname.lastname@example.org.
6. Business Transfers
Based on our legitimate interests (Art. 6 section 1 lit. f GDPR), We may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that would be transferred. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.
7. Protection of 42matters and Others
Based on our legitimate interests (Art. 6 section 1 lit. f GDPR) We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our Terms of Service https://audience.42matters.com/terms and other agreements; or protect the rights, property, or safety of 42matters, our employees, our users, or others.
C. Contract Relationships with Business Partners
1. Am I Obliged to Provide Data?
If You contact Us with questions about Our Services and products, enter into contract negotiations with Us, place orders and/or have contractual agreements with Us, We process Data You provide in this context. Which Data is processed in detail, depends decisively on the relevant services and products which You obtain from Us or which You request.
The processing of Your Data is necessary to conclude or fulfill your contract with Us. If You do not provide Us with this Data, we will generally have to refuse the conclusion of the contract or the performance of the order or will no longer be able to perform an existing contract and will therefore have to terminate it. However, You are not obliged to give your consent to Data processing with regard to Data which is not relevant for the performance of the contract or which is not required by law.
In general, We obtain the necessary data from You ourselves. In some cases it may be necessary from time to time to process Data that originates from other companies, authorities, public bodies or institutions or other third parties (e.g. credit agencies, tax offices).
You can contact Us either by telephone, post or alternatively via our e-mail address or via the personal e-mail addresses of Our employees provided to You. In this case, Data transmitted with the e-mail will be stored. Please note that e-mail communication usually is not encrypted, due to technical reasons.
In this context, Data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 Section 1 lit. c GDPR. Your Data will be used exclusively for the processing of the conversation. The processing of Data from the input mask of a contact form or an email sent to us will be used only to process the establishment of contact. In the event of a contact being established, this also constitutes the necessary legitimate interest in the processing of Data in accordance with Art. 6 section 1 lit. f GDPR. On that basis, also other Data processed during the sending process will be used to prevent misuse of the contact form and to ensure the security of our information technology systems.
3. Data Processing Within the Framework of the Fulfilment of Contracts
The processing of Data is carried out in order to provide our contractually owed services and related services, in particular to execute our contracts or pre-contractual measures with you and the execution of your orders, as well as all activities required in this connection with the operation and administration of our company.
Further details for the purpose of data processing can be found in the respective contract documents and terms and conditions.
If necessary, We process Your Data in connection with the sale of our Services beyond the actual performance of the contract to protect Our legitimate interests (Art. 6 section 1 lit. f GDPR) such as in the following cases:
E. Contact Us