- General data protection declaration of Availabill AG
- 1. Privacy Policy for “Purchase on Account” and “Purchase on Installments”
- 1.1 Who is responsible for processing the data?
- 1.2 What data is processed for what purpose and from what sources?
- 1.3 What is the data used for and how is it processed?
- 1.4 What applies to automated decision-making?
- 1.5 Who do we disclose data to?
- 1.6 How long does availabill store the data and when does it delete it?
- 1.7 How does availabill protect the data?
- 1.8 What rights do customers have in relation to their data?
- 1.9 Do customers have a right of withdrawal?
- 2. Provisions for visiting our websites
- 3. Cookie policy
- 3.1 What are cookies and similar technologies?
- 3.2 Which cookies do we use?
- 3.3 How can you control the use of cookies?
- 3.4 How and where is your data stored?
- 3.5 For what purposes do we use online data?
- 3.6 How do we obtain evaluations and statistics?
- 3.7 How do we integrate social media on our websites?
- 3.8 Contacting
- 3.8.1 How do we handle newsletters?
- 4. Privacy Policy for my.availabill
- 4.1 What data is processed?
- 4.1.1 Data disclosed by users
- 4.1.2 Information provided in my.availabill
- 4.2 What is the data used for and how is it processed?
- 4.2.1 Provision of digital services on my.availabill
- 4.2.2 Marketing
- 4.2.3 Market research and improvement of services
- 4.2.4 Security purposes and access controls
- 4.2.5 Communication
- 4.2.6 Further processing purposes
- 4.3 Who do we disclose data to?
- 4.4 What data is disclosed to other recipients?
- 4.5 How long does availabill store data and when does it delete it?
- 4.6 How does availabill protect the data in my.availabill?
- 4.7 What rights do users have in relation to their data?
- 4.8 How is business communicated?
- 4.1 What data is processed?
General data protection declaration of Availabill AG
1 September 2023
Availabill AG (“availabill” or “we“) attaches great importance to responsible and legally compliant handling of personal data. Personal data is processed exclusively on the basis of the applicable law. In this privacy policy, we inform our customers1) and visitors to our websites (“customers” or “you“) about the handling and processing of personal data.
The privacy policy addresses availabill’s entire clientele, irrespective of the grammatical phrases used herein, and includes the areas:
In addition to these terms and conditions, customers must also observe the following legal notices in connection with this privacy policy:
- General Terms and Conditions for Purchase on Account and Purchase on Installments https://availabill.ch/en/customer/general-terms-and-conditions-gtc
Availabill reserves the right to change this privacy policy at any time. The version published at www.availabill.ch/en is the currently valid version.
1. Privacy Policy for “Purchase on Account” and “Purchase on Installments”
Availabill processes personal data of customers who are in direct or indirect contact with it. We use the term “data” synonymously with the term “personal data“. Data refers to information that directly relates to customers or can be directly assigned to a customer by us. In section 1.2, availabill provides information on the categories of data that are processed in accordance with the information in this data protection declaration. Processing means any handling of data, e.g. obtaining, storing, using, disclosing or deleting.
This privacy policy describes how we process data when customers use services or products from us, are in contact with us as part of a contract or communicate with us in general. As such, this Privacy Policy applies to the processing of data that we have already collected or will collect in the future.
We provide separate information on certain data processing, e.g. in further data protection notices, in general terms and conditions, in conditions of participation for specific products or services, in product and service descriptions, on our websites and in declarations of consent, contracts and forms.
If data on other persons is communicated to us, the sender confirms that he/she is authorised to do so and that the data is correct. The sender must ensure that these third parties are aware of our processing of the data before communicating it to us.
1.1 Who is responsible for processing the data?
availabill AG is responsible for data processing in accordance with this data protection declaration and is the primary data protection authority, unless otherwise communicated in individual cases. You can contact us in writing (availabill AG Datenschutz, Hagenholzstrasse 85a, 8050 Zurich), by e-mail (datenschutz@availabill.ch) or by telephone on +41 (0)58 433 22 00 in order to exercise your rights and contact us with data protection concerns.
1.2 What data is processed for what purpose and from what sources?
We process different data from various sources depending on the situation and purpose. We primarily collect and receive this data directly from our customers when they use our products and services or as part of general customer communication. We may also obtain data from other sources, such as public registers or other publicly accessible sources, public authorities and other third parties. Availabill processes different categories of data in this context. The most important categories of data are described below:
- Master data: Master data refers to data relating to identity and personal characteristics and circumstances, e.g. name, address or date of birth. These data can also refer to third parties (authorised representatives) at the same time and also include signature authorisations, powers of attorney and declarations of consent.
- Contract data: When a contract is concluded with us, in addition to master data, we also process other data, such as information about the purchase and use of products and services. Such data includes information on the execution and enforcement of contracts as well as feedback from our customers on services.
- Behavioural and Preference Data: Behavioural data is data about certain actions and interactions of our customers with availabill. Behavioural data provides us with information about certain actions, e.g. logins, use of the payment methods “purchase on account” and “purchase on instalments”, payments, the purchase and use of products and services, contacting our customer service or participation in competitions, contests and events. Preference data tells us what your needs are, what products and services you might be interested in, and when and how you respond to availabill messages. We obtain this information from the analysis of existing data in order to get to know our customers better and to tailor and improve offers more precisely to them. Behavioural and preference data can either be evaluated on a person-related basis in order to provide tailored offers or display advertising, or for the purpose of market research or product development, also on a non-person-related basis.
- Communication data: Communication data is data related to communication with you in written correspondence, by telephone and via electronic channels (e.g. contact form on our websites, e-mail and SMS). When establishing your identity (e.g. in the case of a request for information), we also collect data to identify you (e.g. via a copy of an identification document).
- Technical data: Technical data is data that we collect when you use electronic services. This data includes the IP address of an end device and the logs in which we record the use of our systems. In order to ensure the functioning of these services, we may assign an individual code to end devices (e.g. in the form of a cookie). Technical data does not allow any conclusions to be drawn about the identity of a person. Together with data from user accounts, registrations, access controls or, for example, the processing of contracts, we may be able to link other data to specific individuals. In addition to the IP address and terminal device information, technical data also includes the date and time, the geographical region and the type of browser or device used by customers to access electronic services from us. This information helps us to display content in a browser or on a terminal device. Based on the IP address, we receive information about a telecommunication provider, but usually cannot infer identity unless customers are logged into a user account. Technical data are also log files that accumulate in our systems.
- Registration data: Registration data is data about customers that is transmitted during registration or activation in order to be able to use certain services (e.g. newsletters and competitions).
- Other data: We collect other data relating to customers in various contexts. For example, data is collected in connection with official or legal proceedings (e.g. files, evidence, etc.). We may also collect data for fraud prevention reasons.
1.3 What is the data used for and how is it processed?
We process data for the following purposes:
- Establishing, processing and terminating business relationships: We process data for the purpose of establishing, registering, processing and terminating business relationships. The type of data processed differs according to the type and scope of the customer relationship and may primarily include master data, financial and risk data, order and transaction data as well as registration and communication data. Order and transaction data are additionally processed within the framework of transaction automation.
- Provision of the means of payment “purchase on account” and “purchase on installments“: By choosing the payment method “purchase on account” or “purchase on installments”, the customer transmits data to us. In order to check the customer’s creditworthiness, we process the contact data (name and address, e-mail…), date of birth and creditworthiness data.
- Processing of the application for purchase on account and purchase on instalments: When applying for the means of payment purchase on account and purchase on instalments, the applicant transmits data to us. For the check, including the check of creditworthiness, we process in particular the contact data such as name, address, gender, date of birth as well as creditworthiness data and data for the purpose of combating money laundering. The applicant’s data may also be processed and linked together with other data which we receive from other sources or may collect ourselves. In particular, we receive and obtain this data from authorities, databases and credit agencies (CRIF, Post, Multisource), registers such as local.ch, commercial registers, the media and generally from the Internet.
- Use of purchase on account and purchase on instalments: When using the means of payment “purchase on account” and “purchase on instalments”, we process data that is communicated to us during the term of the contractual relationship or that we collect ourselves (e.g. name changes, changes in the economic entitlement, proof of income, data of additional persons in the event of an insurance claim). From the transaction data, we may draw far-reaching conclusions about the behaviour of customers, especially for fraud prevention (e.g. place of residence and work, financial circumstances and other information).
- Merchant credits and reversals: In the context of a chargeback, we regularly receive detailed information about the transaction from the merchants concerned.
- Compliance with laws, recommendations of authorities and internal regulations: We also process data to comply with laws, directives and recommendations from authorities as well as internal regulations (compliance). The data processed includes in particular master data, financial and risk data, communication data, order and transaction data and behavioural data (fraud prevention). This includes the legally regulated fight against money laundering and terrorist financing. We are obliged to carry out certain investigations or, under certain conditions, to report such cases. In addition, data processing requires the fulfilment of obligations to provide information or to report, the fulfilment of obligations to retain data and the prevention, detection and clarification of criminal offences and other violations. This includes receiving and processing complaints and other reports, monitoring communications, internal investigations or disclosing documents to an authority if we are obliged to do so or have legitimate interests in disclosure. Customer data may also be processed in the course of external investigations (e.g. by a regulatory or law enforcement authority or an appointed private body) and internal investigations. This purpose also includes the evaluation of order and transaction data as well as payment processes in order to identify unusual transactions.
- Risk management, prevention of fraud and other unauthorised activities: We also process data – in particular master data, order and transaction data, financial and risk data and behavioural data – for the purposes of risk management, fraud prevention and other unauthorised activities and in the context of prudent corporate governance, including business organisation and business development. In the area of business development, we may sell or acquire businesses, operations or companies and enter into partnerships, which may also result in the exchange and processing of data. Data may also be processed as part of the review and improvement of internal processes. To prevent fraud and other unauthorised activities, we may conduct internal investigations to detect irregularities.
- Intermediation of products and services: We process master data as well as order and transaction data in connection with the brokerage of third-party products and services, e.g. insurance. When we broker products and services, these are offered via our infrastructure but are executed and processed in whole or in part by third parties.
- Marketing, profiling and customer care: We process data for marketing purposes and customer care in order to provide customers with personalised information and offers on products and services from us and third parties (e.g. partners). This may be in the form of a letter, as part of a newsletter or by email. We may also process data to tailor marketing content to better meet customer interests. For marketing purposes and customer care, we primarily use master, financial and risk data, order and transaction data, as well as behavioural and preference data and other details relating to the contractual relationship. In particular, you authorise us to create and evaluate customer, consumption and preference profiles in order to develop or evaluate products and services in which you might be interested and, if necessary, to offer or inform you about such products and services (also from third parties) and to deliver them to your postal address, e-mail address or telephone number (e.g. SMS). You have the option of revoking profiling for marketing purposes for the future by notifying us in writing (also by e-mail) (profiling block). This does not apply to non-promotional messages and automatically generated system and invoice texts. We also process data in connection with competitions, prize draws and events. Customer care includes the personalised addressing of existing customers. As part of customer care, we maintain a customer relationship management system (CRM) in which the data of our customers necessary for maintaining the relationship is stored. This includes data on contact persons, the relationship history (e.g. products and services purchased or supplied as well as interactions), interests or marketing measures. You have the option to object to the sending of information (advertising block) or to generally revoke the consent given to the processing of data for marketing purposes by corresponding written notification (also by e-mail) to availabill (general revocation). This does not apply to non-promotional messages and automatically generated system and invoice texts.
- Improvement of services and operations and product development: Data is also processed to improve services and operations and for product development. For these purposes, we use master data, behavioural and preference data and information from surveys. We continuously develop our own products and services, adapt them to the needs of our customers and find out how satisfied they are. We analyse which products are used by which groups of people and how new products and services could be designed and used. This gives us an indication of the market acceptance of existing products and services and the market potential of new ones.
- Security purposes and access control: availabill may also process master data, technical data, behavioural data and other data for security purposes and access control. We continually review and improve the security of our IT and infrastructure. However, data security breaches cannot be ruled out with complete certainty. This risk is countered at availabill with appropriate technical and organisational measures in accordance with the state of the art. Access controls include, on the one hand, controlling access to electronic systems and, on the other hand, physical access control.
- Communication: We process data in order to communicate with you, to provide you with information or to send you messages and to be able to process your requests. We use master data and communication data for this purpose. We generally keep this data in order to be able to document the communication that has taken place, but also for quality assurance purposes and for subsequent enquiries. Insofar as customers contact us by e-mail, we are expressly authorised to reply via the same channel to the sender’s address or to the address provided. E-mails are transmitted unencrypted via the open Internet and it cannot be ruled out that they may be accessible, viewable and manipulable by third parties. Thus, e-mail communication is not suitable for the transmission of confidential information.
- Other purposes: availabill may process data for other purposes, e.g. as part of internal processes and for administrative purposes. Administrative purposes include the administration of master data, accounting and data retention as well as the testing and administration of the IT infrastructure. We also use this data to protect and exercise our own rights, e.g. to enforce claims in or out of court and before authorities in Switzerland and abroad, to preserve evidence, to carry out legal clarifications and to participate in legal or official proceedings. Further purposes are the evaluation and improvement of internal processes and the preparation and processing of purchases and sales of companies and assets as well as training and educational purposes. The protection of other legitimate interests, which cannot be named exhaustively, are also included.
1.4 What applies to automated decision-making?
For the purposes mentioned in section 1.3, we may process and evaluate data in an automated and computer-assisted manner in order to determine preference data, identify risks of abuse and security risks, carry out statistical evaluations or plan company operations. We may also create risk profiles for the same purposes. In doing so, we combine behavioural and preference data, master data, order and transaction data, details of the contractual relationship and personalised technical data so that risks and characteristics are better recognised.
This also allows us to learn more about our customers and the products and services that might be of interest or are already being used. For reasons of efficiency and consistency in decision-making processes, availabill may make decisions in an automated manner. If these decisions have a legal effect on customers or affect them in any other way, we inform them immediately and take the legally required measures.
We inform you in each individual case if an automated decision leads to negative legal consequences or significant impairments. In this case, you have the rights mentioned in section 1.8 if you do not agree with the result of the decision.
1.5 Who do we disclose data to?
We are bound to confidentiality by the Data Protection Act and other regulatory provisions. Products and services are often developed, provided and processed in a division of labour. Data is therefore processed by different bodies. The agencies involved may each process data from you, but may only do so within the framework of legal and/or contractual requirements. We transmit data to the following categories of recipients.
- Availabill internal persons: Within availabill, individuals and their business units have access to data to the extent necessary for the purposes set forth in this Privacy Policy.
- Service providers: We work with service providers at home and abroad. To enable us to provide their products and services efficiently, safely and cost-effectively, we procure services from third parties in various areas. These services consist, for example, of IT services, the dispatch of information, marketing, sales, communication, market research or printing services, debt collection, anti-fraud measures and services from consulting firms and law firms. We only disclose data to service providers that is necessary and required for the provision of the services.
- Employees of contractual partners: If persons work for a contractual partner who have a contractual relationship with availabill, we may collect data about this person. We may pass on the data collected to persons and other bodies involved in the processing of the contractual relationship.
- Third parties: Third parties are persons or companies that process data about you for their own purposes. Third parties are not commissioned service providers of availabill. In connection with purchase on account and purchase on instalments, we generally do not pass on any data to third parties for their own purposes; this applies in particular to transaction data or customer and consumption data. An exception to this principle is the transfer of data that has been expressly requested by customers or to which they have expressly consented.
- Authorities and other official bodies: We may disclose data to government agencies, courts and other authorities or official bodies if we are legally obliged or entitled to do so, or if we represent our own rights and legitimate interests.
- Other persons: We also pass on data to the Consumer Credit Information Office (IKO/ZEK) within the scope of legal obligations.
- Electronic data transmission: Data can be transmitted electronically to third parties at home and abroad without any action on our part. Especially when using mobile devices, manufacturers of devices or software (such as Apple or Google) may receive data. These third parties may process and also pass on this data in accordance with their own terms of use or data protection notices. This can lead to these third parties being able to infer a relationship between customers, availabill as well as merchants.
1.6 How long does availabill store the data and when does it delete it?
We store data for as long as required by the applicable legal requirements or the purpose of the processing. The duration of storage therefore depends on the legal and internal regulations. Availabill also takes into account retention obligations and processing purposes and the need to protect its own interests (e.g. to enforce or defend claims and to ensure IT security). If these purposes are achieved or no longer apply and there is no longer a duty to retain data, availabill therefore deletes or anonymises this data as part of the usual processes. Depending on the legal basis, this may be after more than ten years.
Documentation and evidence purposes include availabill’s interest in documenting processes, interactions and other facts in case of legal claims and discrepancies for IT and infrastructure security purposes as well as for evidence of good corporate governance and compliance. Retention may be technically necessary because certain data cannot be separated from others and must continue to be retained with them (e.g. in the case of backup or document management system).
1.7 How does availabill protect the data?
Availabill takes appropriate security measures of a personnel, technical and organisational nature to maintain the security of data, to protect it against unauthorised or unlawful processing and to protect against the risk of loss, accidental alteration, unauthorised disclosure or access.
These security measures include the encryption and pseudonymisation of data, logging, access restrictions, the storage of backup copies, instructions to employees, confidentiality agreements and controls. In addition, availabill also obliges third parties to take appropriate, state-of-the-art security measures. However, security risks cannot be completely ruled out. Residual risks are unavoidable.
1.8 What rights do customers have in relation to their data?
Customers have the right to request certain information about data and processing by us (right of access). Clients also have various rights that help to control the processing of data by us. They can demand that we correct or complete incorrect or incomplete data (rectification). It may also be requested that we delete certain data. When we provide information about an automated decision, customers have the right to express their point of view and to request that the decision be taken by a natural person.
If rights are exercised, customers must contact availabill with a signed letter and a legible copy of their ID. Revocation can be made by other means, provided we make these available. It should be noted that these rights are subject to legal requirements and restrictions and therefore cannot be exercised in full in every case. We will inform you when exceptions apply. These rights can also be exercised vis-à-vis other entities that cooperate with availabill on their own responsibility. Insofar as the requirements of the applicable law are met, customers and other data subjects thus have the following rights:
- Access to information on own data;
- Correction of incorrect or incomplete data;
- Deletion of own data;
- Restriction of data processing of own data;
- Submitting a complaint against the way data is processed.
1.9 Do customers have a right of withdrawal?
Customers have the right to revoke their consent at any time with effect for the future. In certain cases, clients may also object to data processing (for example, in the case of data processing in connection with advertising). However, processing activities carried out in the past on the basis of consent do not become unlawful as a result of the client’s revocation.
In cases where data processing is absolutely necessary to provide the service or to fulfil the contract for the payment methods “purchase on account” and “purchase on instalments” (e.g. data processing for risk purposes), revocation is not possible. In such cases, waiver of this data processing is only possible through termination of the contractual relationship.
2. Provisions for visiting our websites
The information published on our websites does not constitute a recommendation to enter into transactions, other legal transactions or offers. Products and services presented by third parties may not be available for purchase by persons residing in certain countries. If any problems arise in a contractual relationship between you and a third party, you, as the injured party, must deal with the third party. We are not liable for any damages arising from contractual relationships with third parties.
Although we take all reasonable care to ensure that the information published on our websites is correct at the time of publication, no representation or warranty, express or implied, is made as to the accuracy, reliability, timeliness or completeness of the information.
We assume no responsibility and make no representation that the functions will be uninterrupted or that the relevant server is free from viruses or other harmful components.
availabill accepts no liability, even in the event of negligence, for direct or indirect, consequential or incidental damages and losses of any kind that may arise from the following:
- from access to services;
- from the inability to access or use services;
- from linking or accessing links to other third party websites;
- due to manipulation of IT systems of the Internet user by unauthorised persons;
- from contact via internet or e-mail with availabill.
availabill websites are not intended for visitors who are subject to a jurisdiction that prohibits or otherwise restricts access to or dissemination, publication, provision or use of the information contained therein. Persons subject to such restrictions are not permitted access and must refrain from access.
By accessing availabill websites, you agree to these terms.
3. Cookie policy
We use the term “cookies” for cookies and similar technologies that are used in the context of electronic communication. With the following information, we inform you about the most important aspects of processing your data in the context of using our websites and social media channels. As a rule, you can also use our websites and social media channels without providing us with personal data such as your name or e-mail address. In this case, we can clearly assign the data collected in connection with the corresponding use to specific visitors, but not to persons known by name. In this sense, online data is generally not personal. However, if you provide us with your name, an e-mail address or other personal data in this context, we will process this data. In addition to this processing, we can thereby also establish a connection between you and otherwise non-personal data.
This cookie policy applies to all websites for which we are responsible. Our websites may contain links to third party websites. These websites are not subject to this Cookie Policy. We are not responsible for their content or their handling of personal data. We recommend that you read the privacy statements of the respective website providers.
3.1 What are cookies and similar technologies?
- Cookies are small files that are transmitted to your end device and stored there when you visit a website. A cookie contains, in particular, information about the origin of the website as well as the lifetime of the cookie (i.e. how long it remains stored on your end device). Some cookies are deleted again after the end of the browser session (session cookies). Other cookies remain on your terminal device (permanent cookies).
- If you visit these websites again, we can record your revisit, even if we do not know your identity. Cookies can also be used to collect information about your usage behaviour.
3.2 Which cookies do we use?
We use cookies for the operation of our websites insofar as they are technically necessary, furthermore for statistical purposes and to improve user-friendliness.
- Technically necessary cookies are required for the technical operation of the websites, enable security-relevant functionalities and serve user-friendliness. Technically necessary cookies cannot be switched off in our systems. However, you can set your browser in such a way that these cookies are blocked or reported to you; however, this may then result in parts of our websites not functioning properly.
- Analysis and statistics cookies are used to improve our websites and the placement of offers. For this purpose, we use cookies to collect data on the use and behaviour of visitors to our websites. This enables us to record traffic and usage and to determine the impact of our websites and optimise content accordingly. They help us to know which pages are most popular least popular and to track how a visitor moves around the websites. You can reject analysis and statistics cookies in the settings.
The use of cookies is based on our legitimate interest in providing user-friendly and attractive websites and ensuring contract fulfilment.
3.3 How can you control the use of cookies?
- If you do not want to allow or deactivate cookies, the functionality of our websites may be restricted. If you do not wish to receive cookies, you can set your web browser so that it informs you about the setting of cookies and you only allow this in individual cases. In addition, you can set your web browser so that cookies are automatically deactivated.
- Please note that most web browsers offer options to protect your privacy. While most web browsers automatically accept cookies, they offer the option to block or delete them. The instructions for managing cookies on your browser can usually be found under the help function of the browser or in the operating instructions of your mobile device.
3.4 How and where is your data stored?
- We would like to point out that the IP address of the end device is stored by the website operator when visiting our websites. For technical reasons, further log data is collected, e.g. information about the internet service provider, information about the operating system of the end device and the browser used, information about the referring URL (origin), date and time of access and accessed content. Under certain circumstances, personal data such as the name and address of the visitor may also be collected, e.g. if you register on a website. In this case, we may also process log data on a personal basis.
- We process personal data that is necessary for the fulfilment of the contract or in the context of business initiation or for which you have given us your separate consent. Consent can be revoked at any time with effect for the future. Personal data that is communicated to us via our websites is only stored until the purpose has been fulfilled or until statutory retention periods require this.
- However, for the processing of data in connection with our websites and social media channels, we may involve service providers who carry out evaluations for us on the basis of this data. In this case, your data may also end up abroad, including in countries outside the EU or the European Economic Area. These third countries may not have laws that protect your data to the same extent as in Switzerland or in the EU or EEA. In this case, we ensure data protection through data transfer agreements. In certain cases, we may also transfer data without such contracts in accordance with data protection requirements, e.g. if you have consented to the relevant disclosure or if the disclosure is necessary for the performance of the contract, for the establishment, exercise or enforcement of legal claims or for overriding public interests.
Regardless of the measures taken to protect your data, data protection and confidentiality may be limited when processing data via universally accessible media. When using the Internet as a transmission medium with a computer, smartphone or other end device, it cannot be ruled out due to its design that third parties may gain access to your data. Any liability for direct and indirect damage arising as a result of such data transmission in connection with the use of our websites is rejected in its entirety.
3.5 For what purposes do we use online data?
We use cookies and the data collected through cookies as well as the data contained in the log files mentioned (log data; together hereinafter referred to as “online data”) in particular for the purposes stated below.
- Operation of the online service: Log data is automatically generated when using the online service, which is why it is necessary for the operation of the online service. We also require other online data, in particular data collected via cookies, so that certain functions of the online service can be offered or so that we can ask you for your consent to the use of cookies and other technologies.
- Provision of certain content and functions: If you use content and functions of our offer and provide us with data in the process, e.g. if you register for a newsletter, we process the online data you provide in the process in accordance with the respective purpose of the function or content.
- Security and stability: We use online data to improve the security and stability of our online services. For this purpose, we generally do not need any directly personal data. As far as we can assign cookies to you personally, we can use them for security and stability purposes as far as necessary, but also on a personal basis.
- Statistics: We use personal and not directly personal online data for statistical purposes, i.e. for evaluations with the aim of obtaining certain information, e.g. information on variations in the use of the online offer. This information is aggregated, i.e. no longer personal.
- Improvement of offers: We use online data to continuously improve our online offers. However, we only use online data for this purpose in aggregated form.
- Communication: We use online data to communicate with you via electronic channels. For this purpose, we process the content of the communication, but also log data about the type and time of the communication.
- Compliance with legal and regulatory requirements: We may process Online Data to comply with laws, directives and recommendations of public authorities and internal regulations. This includes the prevention, detection and investigation of criminal offences and other violations, internal and external investigations and the disclosure of online data to a public authority.
- Defence and enforcement of claims: We may use online data for civil and criminal legal action or defence in such proceedings.
3.6 How do we obtain evaluations and statistics?
We use service providers to analyse the behaviour of visitors. They may receive log data and other online data from us and use cookies and similar technologies themselves to collect online data about our online offering. However, we do not provide them with any directly personal data such as your name or email address.
Three of the main service providers are “Google, Complianz and Clarity“. You will find further details on these below:
Google Analytics: We use the “Google Analytics” analysis service operated by a Google company in Ireland (Google). Cookies are used to record data on the behaviour of our online offering (duration and frequency of page views, content accessed, geographical origin of access, etc.), and on this basis Google creates evaluations of the use of our online offering for us. Google uses Google LLC in the USA as an order processor, whereby IP addresses (which are the most likely way to identify individual persons) are shortened before being forwarded to Google LLC. We have deactivated the settings “Data transfer” and “Signals”. Nevertheless, we cannot rule out the possibility that Google may draw conclusions about the identity of visitors from the collected online data for its own purposes, create personal profiles and link this data to Google accounts. Information on Google’s data protection policy is available at www.google.com/privacy.html. Information on Google Analytics’ privacy policy is available at https://support.google.com/analytics/answer/6004245?hl=en and if you have a Google account, you can find information on Google’s processing at https://policies.google.com/technologies/partner-sites?hl=en. You can disable Google Analytics by installing a browser extension at the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Complianz.io: With complianz.io we manage and store the consent status on the websites. Complianz is a cookie consent tool with which we can check whether you have accepted the cookie settings box in our cookie banner. These cookies are categorised as functional cookies and cannot be disabled via the cookie settings. However, information collected and stored through the use of these cookies will not be stored for more than one year and will not be processed outside of Switzerland or the European Union. We do not transmit any data to Complianz.io that can be linked to you.
Clarity: Another example of a service for the statistical evaluation of our users’ needs is Clarity, a service from Microsoft Corporation. Clarity works with cookies and other technologies to collect data about the behaviour of the users of our online offer and their end devices, in particular the IP address of the end device (which is only recorded anonymously), screen size, device type, information about the browser used and the location (only the country) and language setting of the browser. Clarity stores this information in a pseudonymised user profile and uses it for evaluations with which we can better understand the needs of the users of the online offer and improve the online offer and better align it to our users. You can find further information at https://clarity.microsoft.com/lang/en-gb
3.7 How do we integrate social media on our websites?
- Instagram link: Our website uses a link to the social media platform Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA. The link is marked with an Instagram logo in the form of an “Instagram camera”. When you click on the Instagram button, you will be redirected to your user account in a separate browser window – provided you are logged into your user account on Instagram. This establishes a direct link between your browser and the Instagram server. This information (including your IP address) is transmitted from your browser directly to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website. You can find more information on this in Instagram’s privacy policy (https://help.instagram.com/155833707900388?cms_id=155833707900388)
- LinkedIn Link: Our website uses a link to the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. If you click on the “LinkedIn button”, you will be redirected to your user account in a separate browser window – provided you are logged into your user account at LinkedIn. This establishes a direct connection between your browser and the LinkedIn server. LinkedIn thereby receives the information that you have visited our website with your IP address. In addition, it is then possible for LinkedIn to assign your visit to our website to you and your user account. We would like to point out that we have no knowledge of the content of the transmitted (personal) data or its use by LinkedIn. You can find more information on this in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy
- Embedded Youtube videos: We embed YouTube videos on some of our websites. The operator is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. This tells Youtube which pages you are visiting. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your Youtube account first. If a Youtube video is started, the provider uses cookies that collect information about user behaviour. If you have deactivated the saving of cookies for the Google Ad programme, you will not have to expect any such cookies when watching Youtube videos. However, Youtube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser. Further information on data protection at “Youtube” can be found in the provider’s data protection declaration at: https://policies.google.com/privacy?hl=en&gl=de
3.8 Contacting
When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user’s details are processed for the purpose of handling the contact request and its processing. The user’s details may be stored in a customer relationship management system (“CRM system”) or comparable enquiry organisation. We delete the enquiries if they are no longer necessary. We review the necessity every six months; furthermore, the statutory archiving obligations apply.
3.8.1 How do we handle newsletters?
The following information explains the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.
We only send newsletters, e-mails and other electronic notifications with promotional information with the consent of the recipients or with legal permission. If the contents of the newsletter are specifically described in the course of registration, they are decisive for the consent of the users. Furthermore, our newsletters contain information about digital education, teaching materials for teachers as well as interesting events for teachers and other persons from the education sector.
Registration for our newsletter takes place in a so-called double opt-in process. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with other people’s email addresses.
Registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored with MailChimp are also logged.
The newsletter is sent using “MailChimp”, a newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on MailChimp servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, MailChimp may use this data to optimise or improve its own services, e.g. for the technical optimisation of the dispatch and the presentation of the newsletters or for economic purposes in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties.
We trust in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement “Privacy Shield” and thus undertakes to comply with the EU data protection regulations. Furthermore, we have concluded a “Data Processing Agreement” with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties. You can view MailChimp’s privacy policy here.
To register for the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to enter your first and last name. This is only for the personalisation of the newsletter.
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information on the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times.
The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor that of MailChimp to observe individual users. The analyses serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
There are cases where we direct newsletter recipients to MailChimp’s websites. For example, our newsletters contain a link with which the newsletter recipients can call up the newsletter online (e.g. in the event of display problems in the email programme). In addition, newsletter recipients can subsequently correct their data, such as the email address. Likewise, MailChimp’s privacy policy is only available on their site.
In this context, we would like to point out that cookies are used on the websites of MailChimp and that personal data is thus processed by MailChimp, its partners and service providers used (e.g. Google Analytics). We have no influence on this data collection. For further information, please refer to MailChimp’s privacy policy.
You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. Your consent to the sending of the newsletter via MailChimp and the statistical analyses will then expire at the same time. Unfortunately, it is not possible to separately revoke the sending via MailChimp or the statistical analysis. You will find a link to cancel the newsletter at the end of each newsletter.
4. Privacy Policy for my.availabill
The data protection declaration for my.availabill informs users and visitors to the my.availabill.ch website (“users” or “you“) about the processing of data in connection with the use of my.availabill.
4.1 What data is processed?
In particular, we process the following categories of data
4.1.1 Data disclosed by users
When registering and logging in to my.availabill.ch, as well as in the context of managing the user account, users may be requested to disclose, among other things, their title, name, date of birth, e-mail address, mobile phone number, card number and activation code.
4.1.2 Information provided in my.availabill
Information on users, their invoices for purchases from merchants associated with availabill and on cards registered on my.availabill.ch, which are stored in the user account.
4.2 What is the data used for and how is it processed?
4.2.1 Provision of digital services on my.availabill
- Enable registration, login to and use of my.availabill Digital Services;
- Authentication of users when performing actions. Mobile devices used are uniquely assigned to users during registration on my.availabill. Availabill can thus ensure that the confirmation actions are carried out on the website or with the registered mobile devices;
- Communication with users and transmission of information in connection with fraud alerts and fraud monitoring, on behalf of the merchant and the card issuer, and as operator of my.availabill (e.g. the provision of invoices) via my.availabill and the mobile device;
- Receipt of messages from users, such as via the contact form;
- Display of transactions and invoices
- Transmission of confirmation requests, such as by push message or by SMS code;
- Establishing a secure connection between my.availabill and the users’ mobile devices.
4.2.2 Marketing
- Transmission of information via my.availabill on existing or new products and services (also from third parties) to users;
- Users may withdraw consent to the processing of data for marketing purposes at any time by notifying availabill.
4.2.3 Market research and improvement of services
- Availabill also processes user data for market research purposes and to improve its services. For this purpose, availabill uses in particular master data, behavioural data and preference data;
- Availabill analyses which services are used by which user groups and in what way in order to elicit indications of the market acceptance of existing products and services and the market potential of new ones.
4.2.4 Security purposes and access controls
- Availabill also uses user data – in particular master data, technical data, behavioural data and other data – for security purposes and for access control;
- This also includes controlling access to my.availabill (e.g. login data and user accounts).
4.2.5 Communication
- Communication with users and third parties in order to provide information or send messages. For this purpose, availabill uses master data and communication data and generally keeps this data to document the communication with users;
- Insofar as users contact availabill by e-mail – whether by using a published e-mail address or a contact form – users expressly authorise availabill to reply via the same channel to the sender address or to the address provided.
4.2.6 Further processing purposes
- Evidence of actions and defence of claims against availabill;
- Compliance with legal and regulatory requirements;
- Training and educational purposes;
- Administrative purposes, such as master data management, accounting and data retention, as well as IT infrastructure management.
4.3 Who do we disclose data to?
4.3.1 Availabill internal persons
Within availabill, persons and company units have access to user data to the extent necessary for the purposes set out in this privacy policy and for my.availabill use.
4.3.2 Service provider
In order to provide the services and data processing indicated in this data protection declaration, availabill works together with service providers and subcontracted auxiliary persons (so-called order processors) in Germany and abroad (e.g. consulting, software and maintenance work, customer service, IT services, the dispatch of information, marketing, sales and market research services). In the process, data is forwarded to service providers and order processors where necessary. Availabill ensures that data protection is maintained during the processing of data by service providers and order processors through the selection of order processors and through appropriate contractual agreements.
4.3.3 Third party
Third parties are persons or companies that process user data for their own purposes. Third parties are not commissioned service providers of availabill. In connection with my.availabill, availabill does not pass on any data to third parties for their own purposes; this applies in particular to transaction data or customer, consumption and preference profiles. An exception to this principle is the forwarding of my.availabill data that has been expressly requested by users or to which they have expressly consented.
4.3.4 Authorities and other official bodies
Availabill may disclose data to offices, courts and other authorities or official bodies if availabill is legally obliged or entitled to do so or in order to protect its own rights and legitimate interests.
4.3.5 Electronic data transmission
User data can also reach third parties in Switzerland and abroad during electronic data transmission without availabill’s intervention. In particular, when using the my.availabill website and/or mobile devices, manufacturers of devices or software (such as Apple or Google) may receive data. Third parties may process and also pass on this data in accordance with their own terms of use or data protection notices. As a result, these third parties may be able to infer a relationship between users, availabill, merchants from the availabill partner network and the card issuer.
4.4 What data is disclosed to other recipients?
The transmission of information between availabill and the web and/or mobile devices of users is encrypted – with the exception of sending SMS. However, communication with users takes place via the public communication networks. In principle, this data can be viewed by third parties, can be lost during transmission or can be intercepted by unauthorised third parties. Therefore, it cannot be ruled out that third parties may gain access to communication with users when using my.availabill despite all security measures.
When using the internet, data may also be transmitted via third countries even if the users are located in Switzerland. These third countries may not offer the same level of data protection as Switzerland.
4.5 How long does availabill store data and when does it delete it?
Availabill only stores data for as long as it is necessary for the purpose for which it was collected. Furthermore, availabill stores data if a legitimate interest in the storage is justified, e.g. if availabill needs data to enforce or defend claims, to ensure IT security or if limitation periods are affected. Finally, availabill stores data in order to comply with regulatory and legal obligations.
If users no longer make use of my.availabill and deactivate their access, availabill deletes all data stored on my.availabill.ch (e.g. access data) that does not have to be retained due to legal retention obligations or contractual obligations.
Data for which there is no legal basis for processing or retention may be further processed anonymously. Data that must be retained for a longer period of time due to legal retention obligations is excluded from deletion or anonymisation.
4.6 How does availabill protect the data in my.availabill?
By using modern security software, availabill’s IT infrastructure complies with international security standards. Furthermore, availabill takes additional security precautions for access to user accounts via the Internet as well as technical and organisational measures to protect data from loss, unauthorised access or misuse.
Notwithstanding the measures, when using the Internet as a transmission medium via computer, smartphone or other terminal device, it cannot be ruled out that third parties gain access to users’ data.
Any liability for direct and indirect damage arising in connection with the use of my.availabill is rejected in full by availabill. This also applies to damages due to viruses and targeted hacker attacks.
4.7 What rights do users have in relation to their data?
To the extent that the requirements of applicable law are met, users have the following rights:
- Information about their own data, how availabill processes it and copies of it;
- Correction of incorrect or incomplete data;
- Deletion of own data;
- Restricting the processing of own data;
- Filing a complaint against the way data is processed with a competent data protection authority;
- Revocation of a given consent to data processing, whereby the data may continue to be processed by availabill to the extent permitted by law in the event of a revocation.
When availabill informs users of an automated decision, users have the right to make a complaint and have the decision reviewed by a natural person. To exercise these rights, users must make their claims in writing and with a copy of their ID attached. Revocation may be made by other means, provided availabill makes them available (e.g. in my.availabill). These rights may be subject to legal requirements and restrictions, which is why they cannot always be exercised in full. For example, there are legal obligations to retain data.
Furthermore, users acknowledge in accordance with section 1.4 that data may also be held by other data controllers. In order to protect the rights of data subjects under data protection law, users must contact these directly.
4.8 How is business communicated?
By using my.availabill, users expressly agree that availabill may contact them for business, administrative communication via the registered and verified e-mail address (so-called primary e-mail address).
This privacy policy is a machine translation from German.