Privacy Policy

1. Introduction

Mobatime AG maintains a business relationship with you and your company and looks forward to continuing to provide you with products, services and information in the future.

This privacy policy sets out how Mobatime AG (hereinafter Mobatime) collects and processes personal data. The information contained in this statement is not conclusive; other privacy policies or general terms and conditions may govern specific matters where applicable.

Protection of your personal data is important to us. We therefore process personal data solely in compliance with applicable data protection law, specifically the Swiss Federal Act on Data Protection (FADP) and, to the extent relevant, the European General Data Protection Regulation (GDPR).

2. Controller

In the absence of an alternative in the individual case, the responsible data controller for the processing of data detailed below is Mobatime AG, Stettbachstrasse 5, 8600 Dübendorf, Switzerland. Please contact us in respect of any data privacy issues (dataprotection@mobatime.ch).

3. Collection and processing of personal data

Personal data are data that we can use to identify you and which enable us to contact you. We primarily process personal data that we receive from our customers, business partners and other involved parties within the scope of our business relationship or which you provide to us voluntarily. Insofar as permissible, we also obtain certain data from publicly accessible sources (e.g. commercial register, press, internet, land register and debt collection register) or receive such from official authorities or other third parties. Personal data processed by us may include the surname, first name, business address, email address, telephone number and role of you or your employees.

In addition to the data that you provide to us directly, the categories of personal data that we receive concerning you from third parties specifically include information from public registers, information that we obtain in connection with official and legal proceedings, information in connection with your professional functions and activities (e.g. to enable us to conclude and process transactions with your employer in cooperation with you), information from correspondence and meetings with third parties, credit checks (insofar as we process transactions with you personally), information provided by people associated with you (family, advisors, legal representatives, etc.) to allow us to conclude or process contracts with you or with your involvement (e.g. references, your delivery address, powers of attorney, information on compliance with statutory requirements such as provisions to combat money laundering and export restrictions), information from banks, insurance companies, sales and other contractual partners of ours to facilitate your use or provision of services (e.g. payments made, purchases made), personal information from the media and internet (insofar as appropriate in the specific case, e.g. in the scope of a job application, press release, marketing/sales, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing), data in connection with website use (e.g. IP address, smartphone or computer MAC address, information about your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, location data).

4. Purpose and basis of data processing

Mobatime primarily uses personal data to communicate with you and conclude and perform contracts with you and our business partners. This includes the purchase and sale of products, provision of services and maintenance and the organisation of courses.

We also process personal data concerning you and other third parties to the extent permitted and deemed appropriate by us, including for the following purposes:

• Offering and further developing our products, services, websites, apps and other platforms on which we are present;
• Communication with third parties and processing of their enquiries (e.g. applications, media enquiries);
• Needs analysis processing for the purpose of direct customer contact and collection of personal data from publicly accessible sources to aid customer acquisition;
• Advertising and marketing insofar as you have not objected to commensurate use of your data;
• Assertion of legal claims and defence in connection with legal disputes and official procedures;
• Prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analyses to combat fraud);
• Safeguarding our company, particularly the IT, building, vehicle fleet, our website and other platforms;
• Purchase and sale of business segments, companies or parts of companies and other transactions regulated under company law and the associated transfer of personal data as well as measures for business management and compliance with legal and regulatory obligations.

In processing personal data for the purposes described in this privacy policy, we rely – amongst other things – on our legitimate interest in preserving, expanding and managing the business relationship and communication with you as a business partner for our products and services.

To the extent you have consented to the processing of your personal data for specific purposes (e.g. through your enquiries about Mobatime products and services, by way of an order, etc.), we will process your personal data within the scope of and in reliance upon this consent, insofar as we have no other legal basis and require such. Consent granted can be withdrawn at any time; such withdrawal will not, however, apply with regard to data processing already carried out.

5. Social Media

We may operate pages and other online presences on social networks and other platforms operated by third parties (e.g. fan pages, channels, profiles) and collect and process data concerning you (particularly contact and profile data) that you or the social networks provide to us. Such data is obtained when you communicate with us via our online service (e.g. viewing and commenting on posts). We receive aggregated or otherwise sufficiently anonymised data from the platforms for evaluation in order that we may further develop the posts and services we offer. Specifically, we process the data for communication and marketing purposes (including advertising on these platforms) and for market research. We may repost content published by you or delete or restrict content from or to you in accordance with the commensurate usage guidelines. Personal data may also be processed outside Switzerland and the European Economic Area (EEA), (particularly in the USA).

The platforms in question also analyse your use of our online service and link this data with other data concerning you known to the platforms. These also process such data for their own purposes in their own right, in particular for marketing and market research purposes (e.g. to personalise advertising) and to manage their platforms (e.g. regarding which content is shown to you).

In addition to the commensurate privacy policies, other additional legal documents also apply for the use of such platforms (e.g. general terms and conditions and terms of use).
We currently use the following platforms:

• LinkedIn provided by LinkedIn Ireland, Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, whereby data may also be transferred to the USA. We bear joint responsibility with LinkedIn and have concluded the ‘Page Insights Joint Controller Addendum’ (https://legal.linkedin.com/pages-joint-controller-addendum). Further information regarding data processing is provided in the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy  .

6. Newsletter

We offer you the option of subscribing to our newsletter, in which we provide you with regular news updates. In order for us to email you the newsletter, you are required to give your consent by means of a double-opt-in process, i.e. we will send you a newsletter provided you have given prior express confirmation of such. You can unsubscribe from the newsletter at any time, e.g. by using the link at the end of each newsletter or by emailing your unsubscribe request to us.

To send out the newsletter we use the services of HubSpot, Inc., Two Canal Park, Cambridge, MA 02141 USA. Information regarding how HubSpot processes your data is provided in the HubSpot Inc. privacy policy, available under the following link: https://legal.hubspot.com/de/privacy-policy

Upon subscription to the newsletter, we collect your email address, first name and surname. Any further information is provided voluntarily.

Information on tracking/analysis is provided under Section 7 below.

7. Cookies / tracking and other technologies in connection with the use of our website and newsletters

We typically use ‘cookies’ and similar technologies on our websites to identify your browser or device. A cookie is a small file sent to your computer or automatically stored on your computer or mobile device by the web browser used to visit our website. This allows us to recognise you when you access this website again, even when we do not know who you are. In addition to cookies used solely during a single session that are deleted after your website visit (‘session cookies’), we may also use cookies to store user settings and other information for a specific period (‘permanent cookies’). You may, however, set your browser to reject cookies, store them only for a single session or otherwise prematurely delete them. The default setting on most browsers accepts cookies. Some cookies are set by us, others by contractual partners that we work with. If you block cookies, some functions (e.g. choice of language) may no longer work.

Other technologies include, for example, pixel tags (invisible images or program code that are loaded from a server and transmit certain information to the server operator), fingerprints (information on the terminal device and browser that is collected when a website is accessed and combined to distinguish the terminal device from others) and other technologies (e.g. ‘web storage’) to store data in the browser.

For technical reasons, certain information is logged and stored every time you connect to a web server. When you visit our website, information is automatically sent to our website server. Such information includes your computer IP address, the date and time of access, the name and URL of data accessed, the website from which access occurs (referrer URL), the browser type and version as well as other information transmitted by the browser (e.g. your computer operating system, geographical location, language setting). This information is temporarily stored in a log file and retained in accordance with legal requirements. We process the data to facilitate a smooth connection, ensure straightforward use of our website and to evaluate system security and stability.

Insofar as permissible, to some extent we install visible and invisible image elements within our newsletters and other marketing emails, which are retrieved from our servers to determine if and when you have opened the email; this enables us to measure and better understand how you use our offerings and tailor them to you. You can block this function in your email program; most programs do so by default.

By using our website and consenting to receive newsletters and other marketing emails, you agree to the application of these technical functions. If you wish to prevent such application, you must set your browser and/or email program accordingly.

7.1 Technically necessary cookies

We use permanent cookies to store your personal user settings (particularly with regard to cookies and the choice of language on our website). In this respect, we will not process any of your personal data. The purpose of processing is to reidentify your personal settings on our website. These cookies are necessary for the functionality of our website. After a period of six months at the latest, these cookies are automatically deleted from your system. You may also manually delete the cookies at any time. Please be aware that your user settings will be lost in the process.

7.2 Performance and reach management

We specifically use the following services to measure performance and reach:

• Google Analytics provided by Google Ireland Ltd., domiciled at Gordon House, Barrow Street, Dublin 4, Ireland. As its data processor, Google Ireland Ltd. uses USA-based Google LLC. This service monitors and records the way in which our website is used. For this purpose, Google Analytics uses permanent cookies to collect anonymous information (e.g. number of website users, user origin, duration of visit). We do not transmit any personal data or complete IP addresses to Google. Google sends the collected information to us in aggregated form. We are not able to identify individual users. Google may, however, use the additional data collected and insights gained from such for its own purposes. Google can identify you if you have registered with Google. Google then processes your personal data in its own right and in accordance with its own data privacy provisions. Further information regarding the data collected is provided in the privacy policy of Google Ireland Limited at: https://policies.google.com/privacy
• HubSpot provided by HubSpot Inc., Two Canal Park, Cambridge, MA 02141 USA. This service monitors and records the way in which our website is used. For this purpose, HubSpot uses permanent cookies to collect anonymous information (e.g. number of website users, user origin, duration of visit). We do not transmit any personal data or complete IP addresses to HubSpot. HubSpot sends the collected information to us in aggregated form. We are not able to identify individual users. Information regarding how HubSpot processes your data is provided in the HubSpot Inc. privacy policy, available under the following link: https://legal.hubspot.com/de/privacy-policy

7.3. Advertising and marketing

We specifically use the following services for advertising and marketing purposes. The technologies used enable us to retarget users who have previously accessed our website and online services and shown interest in the offering, through targeted advertising on partner network pages. Cookies are used to display advertising.

• Google Remarketing (incl. Google DoubleClick) provided by Google Ireland Ltd., domiciled at Gordon House, Barrow Street, Dublin 4, Ireland. As its data processor, Google Ireland Ltd. uses USA-based Google LLC. The privacy policy of Google Ireland Limited is available at: https://policies.google.com/privacy

8. Website plugins

Our website uses various third-party plugins to enable the use of additional functions. Specifically, we use plugins for the following functions:

8.1. Fonts

We use third-party services to embed fonts (including logos, icons and symbols) into our website. In particular, we use the following services:

• Google Fonts provided by Google Ireland Ltd., domiciled at Gordon House, Barrow Street, Dublin 4, Ireland. As its data processor Google Ireland Ltd. uses USA-based Google LLC. The privacy policy of Google Ireland Limited is available at: https://policies.google.com/privacy. Answers to frequently asked questions about data privacy are provided at: https://developers.google.com/fonts/faq/privacy
• Ionicons provided by Drifty Co. (d/b/a Ionic), 121 S. Pinckney St., Suite 300, Madison, WI, 53703 (USA). The Drifty Co. (d/b/a Ionic) privacy policy is available at: https://ionic.io/privacy

8.2. Video

We use third-party services to show you films on our website. In particular, we use the following services:

• YouTube provided by Google Ireland Ltd., domiciled at Gordon House, Barrow Street, Dublin 4, Ireland. As its data processor, Google Ireland Ltd. uses US-based Google LLC. The YouTube privacy policy is available at: https://support.google.com/youtube/topic/2803240?hl=de
• HubSpot provided by HubSpot Inc., Two Canal Park, Cambridge, MA 02141 USA. The HubSpot Inc. privacy policy is available under the following link: https://legal.hubspot.com/de/privacy-policy

8.3. Social media plugins

Our website uses social media plugins from social media networks such as Facebook, X (formerly Twitter) and LinkedIn. You can recognise the respective plugin by the logo/symbol that we have placed on our website. These plugins are configured to be deactivated by default. Click on the respective logo/symbol to activate it. Activating the element registers your use of our website and, if relevant, other information with the respective social network operator. The operator in question may use the information collected for its own purposes. We have no influence or access to cookies set by these operators. Your personal data will be processed by the respective operator according to its own data privacy provisions. We do not receive any information concerning you from these operators.

8.4. Additional extensions for website provision

We use third-party services to provide you with our website and to offer additional functions. In particular, we use the following services:

• HubSpot provided by HubSpot Inc., Two Canal Park, Cambridge, MA 02141 USA. We use HubSpot as a content management system in order to provide our website. Information regarding how HubSpot processes your data is provided in the HubSpot Inc. privacy policy, available under the following link: https://legal.hubspot.com/de/privacy-policy
• jsDeliver provided by Prospect One, Królewska 65A/1, 30-081, Krakow, Poland. We use jsdelivr.com to deliver our website content quickly and correctly on all devices. The jsDelivr privacy policy is available at: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net
• Google APIs provided by Google Ireland Ltd., domiciled at Gordon House, Barrow Street, Dublin 4, Ireland. As its data processor, Google Ireland Ltd. uses USA-based Google LLC. We use Google APIs to deliver our website content quickly and correctly on all devices. The Google privacy policy is available at: https://policies.google.com/privacy
• Cloudflare provided by Cloudflare, Inc., 101 Townsend Street, San Francisco, California 94107, USA. We use Cloudflare to deliver our website content quickly and correctly on all devices. The Cloudflare privacy policy is available at: https://www.cloudflare.com/privacypolicy/.

9. Data transfer and data transmission

Insofar as permitted, deemed appropriate and to the extent necessary to process a business transaction, Mobatime also discloses personal data to third parties within the scope of its business activities in accordance with Section 4. This involves the following third parties, collectively referred to as recipients:

• Mobatime service providers (such as banks, insurance companies, IT providers, installation companies, forwarding agents etc.);
• Dealers, manufacturers, suppliers, subcontractors and other business partners;
• Domestic and foreign authorities, government bodies or courts;
• Other parties in potential or actual legal proceedings;
• Other Mobatime Group companies.

Recipients are located domestically and abroad (particularly in the European Economic Area (EEA) and the USA). Specifically, you should expect your data to be transmitted to all countries in which manufacturers, suppliers, service providers or Mobatime Group companies are represented. Should Mobatime transfer data to a country that has no adequate legal data protection, we will conclude commensurately appropriate contracts to ensure an adequate level of protection. In doing so, we specifically rely on the so-called standard contractual clauses of the European Commission, available here , or so-called Binding Corporate Rules for an adequate level of protection or rely on the statutory exceptions pertaining to consent, contract processing, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or the need to protect the integrity of data subjects..

10. Personal data retention period

Mobatime will retain your personal data for as long as necessary to perform contractual and legal obligations or for other purposes pursuant to processing and, additionally, in accordance with statutory reten-tion and documentation obligations. To this end, personal data may potentially be retained for the period in which claims can be asserted against our company and insofar as we are otherwise legally obliged or legitimate business interests require us to do so (e.g. for evidence and documentation purposes). Insofar as possible, your personal data will be promptly deleted or anonymised once no longer required for the above-stated purposes.

11. Measures to protect your data

Mobatime takes appropriate technical and organisational security precautions to protect your personal data from unauthorised access and misuse, such as controlling access to the building, network security, employee training, data carrier encryption etc.

Security guidelines and procedures are regularly reviewed to determine the effectiveness of technical and operational measures.

12. Rights of the data subject

Within the scope of data protection law applicable to you and to the extent provided for therein (such as under FADP and GDPR provisions), you have the right of access, rectification, erasure and restriction of data processing and also the right to object to data processing on our part and the disclosure of certain personal data for the purpose of transfer to a third party (so-called data portability). Please note, however, that we reserve the right to assert commensurate statutory restrictions, for example, if we are obliged to store or process certain data, have an overriding interest in such data (insofar as applicable) or require such for the assertion of claims. We will notify you in advance of any costs that may be incurred by you. You have already been informed of the option to withdraw your consent in Section 4. Please note that exercising these rights may conflict with contractual agreements and can, for example, result in premature contract termination or incur costs. We will notify you of such in advance, insofar as not otherwise regulated under contract.

Exercise of such rights generally requires explicit proof of identity (e.g. a copy of your ID where your identity is otherwise unclear or cannot be verified). To assert your rights please contact us at the address stated in Section 1.

Any data subject may also assert their claims in a court of law or lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch).

13. Changes

We may amend this privacy policy at any time without notice. The version of this policy published on our website applies. Insofar as this privacy policy forms part of an agreement with you, we will notify you of any amendment updates by email or other suitable means.

Dübendorf, August 2023
Mobatime AG