Privacy policy

Back

Privacy Policy

With this Privacy Policy, we provide information about the processing of personal data in connection with our activities and operations, including our website under the domain name yuvoi.com. In particular, we provide information about which personal data we process, for what purpose, in what manner, and where. We also provide information about the rights of persons whose data we process.

We created this Privacy Policy in German. If this Privacy Policy is published in another language, the Privacy Policy in German remains legally binding.

For individual or additional activities and operations, we may publish further privacy policies or other information regarding data protection.

We are subject to Swiss law and, where applicable, foreign law, including in particular the European General Data Protection Regulation (GDPR).

The European Commission recognized, by its Decision of July 26, 2000, that Swiss data protection law ensures an adequate level of data protection. By its Report of January 15, 2024, the European Commission confirmed this adequacy decision.

1. Contact Addresses

The controller within the meaning of data protection law is:

Yuvoi Global AG
Murtenstrasse 116
3202 Frauenkappelen
Switzerland

[email protected]

In individual cases, third parties may be responsible for processing personal data, or joint responsibility with third parties may exist. Upon request, we will gladly provide data subjects with information about the respective responsibility.

Data Protection Representative in the European Economic Area (EEA)

We have appointed the following data protection representative pursuant to Art. 27 GDPR:

VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany

[email protected]

The data protection representative serves as an additional point of contact for data subjects and authorities in the European Union (EU) and the rest of the European Economic Area (EEA) for inquiries relating to the GDPR.

2. Terms and Legal Bases

2.1 Terms

Data subject: A natural person about whom we process personal data.

Personal data: Any information relating to an identified or identifiable natural person.

Sensitive personal data: Data concerning trade union-related, political, religious, or philosophical views and activities; data concerning health, the intimate sphere, or affiliation with an ethnic group or race; genetic data; biometric data that uniquely identifies a natural person; data concerning criminal and administrative sanctions or proceedings; and data concerning social assistance measures.

Processing: Any handling of personal data, regardless of the means and procedures used, for example, querying, comparing, adapting, archiving, retaining, reading out, disclosing, procuring, recording, collecting, deleting, revealing, sorting, organizing, storing, modifying, disseminating, linking, destroying, and using personal data.

European Economic Area (EEA): All member states of the European Union (EU), as well as the Principality of Liechtenstein, Iceland, and Norway.

2.2 Legal Bases

We process personal data in accordance with Swiss law, including in particular the Federal Act on Data Protection (Data Protection Act, FADP) and the Ordinance on Data Protection ( Data Protection Ordinance, DPO).

Where and to the extent the European General Data Protection Regulation (GDPR) applies, we process personal data on at least one of the following legal bases:

  • Art. 6(1)(b) GDPR for the processing of personal data necessary for the performance of a contract with the data subject and to take steps prior to entering into a contract.
  • Art. 6(1)(f) GDPR for the processing of personal data necessary to protect legitimate interests, including the legitimate interests of third parties, unless the data subject’s fundamental freedoms, fundamental rights, and interests override those interests. Such interests include, in particular, the permanent, user-friendly, secure, and reliable performance of our activities and operations, ensuring information security, protection against misuse, the enforcement of our own legal claims, and compliance with Swiss law.
  • Art. 6(1)(c) GDPR for the processing of personal data necessary for compliance with a legal obligation to which we are subject under any applicable law of Member States in the European Economic Area (EEA).
  • Art. 6(1)(e) GDPR for the processing of personal data necessary for the performance of a task carried out in the public interest.
  • Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6(1)(d) GDPR for the processing of personal data necessary to protect the vital interests of the data subject or of another natural person.
  • Art. 9(2) et seq. GDPR for the processing of special categories of personal data, in particular with the consent of the data subjects.

The European General Data Protection Regulation (GDPR) refers to the processing of personal data as «processing personal data» and to the processing of sensitive personal data as «processing special categories of personal data» (Art. 9 GDPR).

3. Nature, Scope, and Purpose of Processing Personal Data

We process personal data that is necessary to conduct our activities and operations permanently, in a user-friendly manner, securely, and reliably. The personal data processed may fall, in particular, into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data. The personal data may also constitute sensitive personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of conducting our activities and operations, to the extent such processing is permissible.

We process personal data with the consent of data subjects where required. In many cases, we may process personal data without consent, for example to comply with legal obligations or to protect overriding interests. We may also request data subjects’ consent even if their consent is not required.

We process personal data for the period required for the respective purpose. In particular, we anonymize or delete personal data depending on statutory retention and limitation periods.

4. Automation and Artificial Intelligence (AI)

We may process personal data by automated means or use artificial intelligence to process personal data.

We may use profiling to evaluate, by automated means, certain personal aspects relating to data subjects. Profiling is used, for example, to analyze or predict interests, behaviors, or personal preferences.

In individual cases, we provide information about decisions that are based exclusively on automated processing of personal data and that produce legal effects concerning data subjects or significantly affect them (automated individual decisions).

5. Disclosure of Personal Data

We may disclose personal data to third parties, have personal data processed by third parties, or process personal data jointly with third parties. Such third parties may include, for example, specialized providers whose services we use. Such third parties may in turn disclose personal data to third parties.

In connection with our activities and operations, we may disclose personal data in particular to banks and other financial service providers, public authorities, educational and research institutions, consultants and attorneys, accounting and fiduciary service providers, collection agencies, interest groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media, parent, sister, and subsidiary companies, organizations and associations, social institutions, telecommunications companies, insurance companies, and payment service providers.

6. Communication

We process personal data in order to communicate with individuals, as well as with public authorities, organizations, and companies. In doing so, we process in particular data that a data subject transmits to us when making contact, for example by postal mail or e-mail. We may store such data in an address book or with comparable tools.

Third parties who transmit to us data about other persons are legally obligated to ensure the data protection of those data subjects independently. In particular, they must ensure that they are permitted to transmit such data and must also ensure the accuracy of the transmitted data.

We use selected services from suitable providers to enable and improve communication with individuals and other communication partners. With such services, we may also manage and otherwise process data of data subjects beyond direct communication, for example in connection with orders, services, projects, and resource planning.

In particular, we use:

  • Google Forms: online form service; provider: Google; Google Forms-specific data protection information: «Security, Compliance, and Privacy».
  • Zoho CRM: customer relationship management (CRM); provider: Zoho Corporation (USA), together with group companies («Zoho Group»); data protection information: «Privacy», privacy policy, «Frequently Asked Questions on Privacy», «Security».

7. Data Security

We take appropriate technical and organizational measures to ensure a level of data security appropriate to the respective risk. Through these measures, we ensure in particular the confidentiality, availability, traceability, and integrity of the personal data processed, while absolute data security cannot be guaranteed.

Access to our website and our other digital presence takes place using transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn before visiting a website without transport encryption.

Our digital communication, like essentially any digital communication, is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, elsewhere in Europe, in the United States of America (USA), and in other countries. We have no direct influence over the corresponding processing of personal data by intelligence services, police agencies, and other security authorities. We also cannot rule out that a data subject may be subject to targeted surveillance.

8. Personal Data Abroad

We process personal data primarily in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular in order to process it there or have it processed there.

We may export personal data to all states on Earth and elsewhere in the universe, provided that the law there ensures adequate data protection according to a decision of the Swiss Federal Council and, where and to the extent the General Data Protection Regulation (GDPR) applies, also according to a decision of the European Commission.

We may transfer personal data to countries whose law does not ensure adequate data protection if data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or other appropriate safeguards. By way of exception, we may export personal data to countries without adequate or appropriate data protection if the special data protection law requirements for doing so are met, for example the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. Upon request, we will gladly provide data subjects with information about any safeguards or provide a copy of any safeguards.

9. Rights of Data Subjects

9.1 Data Protection Claims

We grant data subjects all claims under applicable law. In particular, data subjects have the following rights:

  • Access: Data subjects may request information as to whether we process personal data about them and, if so, what personal data is involved. Data subjects also receive the information required to assert their data protection claims and to ensure transparency. This includes the processed personal data itself, as well as, among other things, information about the purpose of processing, the duration of retention, any disclosure or export of data to other countries, and the origin of the personal data.
  • Rectification and restriction: Data subjects may have inaccurate personal data rectified, incomplete data completed, and the processing of their data restricted.
  • Opportunity to state one’s own position and human review: In the case of decisions that are based exclusively on automated processing of personal data and that produce legal effects concerning them or significantly affect them (automated individual decisions), data subjects may state their own position and request review by a human being.
  • Deletion and objection: Data subjects may have personal data deleted («right to be forgotten») and may object to the processing of their data with effect for the future.
  • Data release and data portability: Data subjects may request the release of personal data or the transfer of their data to another controller.

We may defer, restrict, or refuse the exercise of data subjects’ rights to the extent permitted by law. We may inform data subjects of any requirements to be met for exercising their data protection claims. For example, we may refuse access, in whole or in part, by reference to confidentiality obligations, overriding interests, or the protection of other persons. For example, we may also refuse deletion of personal data, in whole or in part, in particular by reference to statutory retention obligations.

By way of exception, we may provide for costs for the exercise of rights. We inform data subjects in advance about any costs.

We are obligated to identify, by appropriate measures, data subjects who request access or assert other rights. Data subjects are obligated to cooperate.

9.2 Legal Remedies

Data subjects have the right to enforce their data protection claims through legal channels or to file a report or complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some Member States in the European Economic Area (EEA), data protection supervisory authorities are organized federally, in particular in Germany.

10. Use of the Website

10.1 Cookies

We may use cookies. Cookies, including our own cookies (first-party cookies) as well as cookies of third parties whose services we use (third-party cookies), are data stored in the browser. Such stored data need not be limited to traditional cookies in text form.

Cookies may be stored in the browser temporarily as «session cookies» or for a specified period as so-called permanent cookies. «Session cookies» are automatically deleted when the browser is closed. Permanent cookies have a specified retention period. Cookies make it possible, in particular, to recognize a browser the next time it visits our website and thereby, for example, measure the reach of our website. Permanent cookies may also be used, for example, for online marketing.

Cookies can be disabled, restricted, or deleted in whole or in part at any time in the browser settings. Browser settings often also enable automated deletion and other management of cookies. Without cookies, our website may no longer be available in full. We actively request express consent to the use of cookies, at least where and to the extent required under applicable law.

For cookies that are used for performance and reach measurement or for advertising, a general objection («opt-out») is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

10.2 Logging

For each access to our website and our other digital presence, we may log at least the following information, provided that it is determined or transmitted by default to our digital infrastructure during such access: date and time, including time zone; IP address; access status (HTTP status code); operating system, including user interface and version; browser, including language and version; individual subpage of our website accessed, including the amount of data transferred; and the webpage last accessed in the same browser window (referer or referrer).

We log such information, which may also constitute personal data, in log files. The information is necessary to provide our digital presence permanently, in a user-friendly manner, and reliably. The information is also necessary to ensure data security, including through third parties or with the help of third parties.

10.3 Tracking Pixels

We may embed tracking pixels in our digital presence. Tracking pixels are also referred to as web beacons. Tracking pixels, including those of third parties whose services we use, are usually small, invisible images or scripts written in JavaScript that are retrieved automatically when our digital presence is accessed. Tracking pixels can be used to collect at least the same information as in logging in log files.

11. Notifications and Communications

11.1 Performance and Reach Measurement

Notifications and communications may contain web links or tracking pixels that record whether an individual communication was opened and which web links were clicked. Such web links and tracking pixels may also record the use of notifications and communications on a personal basis. We require this statistical recording of use for performance and reach measurement in order to send notifications and communications effectively and in a user-friendly manner, as well as permanently, securely, and reliably, based on the needs and reading habits of recipients.

11.2 Consent and Objection

You must generally consent to the use of your e-mail address and your other contact addresses unless such use is permissible for other legal reasons. To obtain any double-confirmed consent, we may use the «double opt-in» procedure. In this case, you will receive a communication with instructions for double confirmation. We may log consents obtained, including IP address and timestamp, for evidentiary and security reasons.

You may generally object at any time to receiving notifications and communications, such as newsletters. With such an objection, you may at the same time object to the statistical recording of use for performance and reach measurement. This does not affect required notifications and communications in connection with our activities and operations.

11.3 Service Providers for Notifications and Communications

We send notifications and communications with the help of specialized service providers.

In particular, we use:

  • Mailgun: platform for transactional e-mails; providers: Mailgun Technologies Inc. (USA), together with subsidiaries («Mailgun Group»); data protection information: privacy policy.

12. Social Media

We maintain a presence on social media platforms and other online platforms in order to communicate with interested individuals and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The general terms and conditions, terms of use, privacy policies, and other provisions of the individual operators of such platforms also apply in each case. These provisions provide information in particular about the rights of data subjects directly against the respective platform, including, for example, the right of access.

13. Third-Party Services

We use services from specialized third parties in order to carry out our activities and operations permanently, in a user-friendly manner, securely, and reliably. With such services, we may, among other things, embed functions and content into our website. When such embedding occurs, the services used collect, for unavoidable technical reasons, at least temporarily, the IP addresses of users.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data in order to provide the respective service.

In particular, we use:

  • Google services: providers: Google LLC (USA) / Google Ireland Limited (Ireland), partly for users in the European Economic Area (EEA) and Switzerland; general data protection information: «Privacy & Security Principles», privacy policy, «Learn more about how Google processes personal information», «Commited to keeping data safe», «Guide to privacy in Google products», «How Google uses information from sites or apps that use our services», cookie policy, «Ads you can control» (settings for personalized advertising).

13.1 Digital Infrastructure

We use services from specialized third parties in order to make use of required digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.

In particular, we use:

  • Cloudflare: Content Delivery Network (CDN); Cloudflare Inc. (USA); data protection information: «Privacy &Data Protection», privacy policy, cookie policy.

13.2 Advertising

We use the ability to display targeted advertising with third parties, such as social media platforms and search engines, for our activities and operations.

With such advertising, we seek in particular to reach persons who are already interested or may be interested in our activities and operations (remarketing and targeting). For this purpose, we may transmit corresponding information, which may also be personal, to third parties that enable such advertising. We may also determine whether our advertising is successful, meaning in particular whether it leads to visits to our website (conversion tracking).

Third parties with whom we advertise and with whom you are logged in as a user may be able to associate the use of our website with your profile there.

We use the ability to embed advertising by third parties into our website, or otherwise display it on our website, generally in exchange for compensation. Third parties whose advertising is embedded in our website and with whom you are logged in as a user may be able to associate the use of our website with your profile there.

14. Website Extensions

We use extensions for our website in order to use additional functions. We may use selected services from suitable providers or use such extensions on our own digital infrastructure.

In particular, we use:

  • Cloudflare Turnstile: bot protection (distinguishing between desired activities by humans and undesired activities by bots); Cloudflare Inc. (USA); data protection information: «Privacy &Data Protection», privacy policy.

15. Performance and Reach Measurement

We attempt to measure the performance and reach of our activities and operations. In this context, we may also measure the effect of references by third parties or examine how different parts or versions of our digital presence are used («A/B testing» method). Based on the results of performance and reach measurement, we may in particular correct errors, strengthen popular content, or make improvements.

For performance and reach measurement, the IP addresses of individual users are collected in most cases. In this case, IP addresses are generally truncated («IP masking») in order to comply with the principle of data minimization through corresponding pseudonymization.

In performance and reach measurement, cookies may be used and user profiles may be created. Any user profiles created may include, for example, the individual pages visited or content viewed on our digital presence, information about the size of the screen or browser window, and the at least approximate location. Generally, any user profiles are created exclusively in pseudonymized form and are not used to identify individual users. Individual third-party services with which users are logged in may be able to associate the use of our online offering with the user account or user profile at the respective service.

In particular, we use:

  • Google Marketing Platform: performance and reach measurement, in particular with Google Analytics; provider: Google; Google Marketing Platform-specific information: measurement also across different browsers and devices (cross-device tracking) with pseudonymized IP addresses that are transferred in full to Google in the USA only by way of exception, privacy policy for Google Analytics, «Google Analytics Opt-out Browser Add-on».
  • Google Tag Manager: integration and management of Google and third-party services, in particular for performance and reach measurement; provider: Google; Google Tag Manager-specific information: privacy policy for Google Tag Manager; further data protection information can be found with the individual integrated and managed services.

16. Final Notes

We created this Privacy Policy using the privacy policy generator by Datenschutzpartner .

We may update this Privacy Policy at any time. We provide information about updates by publishing the current Privacy Policy on our website.