As of January 2019
This Cynix data protection notice (hereinafter "we / us") informs customers and users (hereinafter "you / it / her" or "users") of our services, our offers and our products (hereinafter "services") regarding the acquisition and processing of their data (personal data, as well as non-personal data; hereinafter "data").
Below we inform you, among other things, of who is the data controller of your data, of what data we collect in relation to your use of our services, for what purposes we process such data and to whomever we may forward them. Furthermore, we inform you of the duration of the processing of your data, of the legal basis of the processing (should one be necessary), and of what rights you are entitled towards us with regard to the processing of your data. This information on data protection applies to all your data already in our possession or which will be in the future. Please note that from time to time the data protection notice may be changed. Personal data means all information relating to a specific or determinable person (hereinafter "personal data"). This includes, in particular, information such as name, address, telephone number, e-mail address, possibly even IP addresses and device identifiers. The generic term "data" includes, in this information on data protection, in addition to personal data also non-personal data and anonymized data. Treatment means any data management, regardless of the means and procedures used, in particular the collection, storage, use, modification, disclosure, archiving or deletion of data (hereinafter «treatment») . If you provide us with personal data of other parties, make sure that these individuals are aware of this information on data protection and communicate their data to us only if they are authorized to do so pursuant to the applicable data protection law.
2. Data controller
3. Categories of processed data
We collect certain data during the use of our services and in the contact (for example, if you visit our websites or another of our digital services, at the time of entering into a contract, during registration and login in the 'user account or in contact with our collaborators). As a rule we collect such data directly from you. In certain cases it may happen that we receive data from other people (eg if a third party sends a rating or a comment related to you, in case your employer gives us your contact details or if a company with which it has a contractual relationship forward your data to us). The personal data we process may include the following data: Data that is communicated to us when registering for one of our services (eg name, contact details, gender, marital status, date of birth, professional title, photo, relatives, collaborators, language, payment information, access data, information relating to advertising, opt-in and opt-out, etc.). Data relating to offers and contracts (eg date, type, content, product, parts, duration, value, contract adjustments, payment information, contact details, contacts, billing and correspondence addresses, customer feedback, cancellations), disputes, etc.). Data that are identified or communicated during the use of our services by registered and unregistered users. This includes, among other things, IP and MAC address or ID of the device used, cookies, pages called up by users and search terms entered by them, entries in text fields, reservations, evaluations, time and duration of visits, clicks, reactions to offers, employee / exit URL, information on the time of use, on the type of browser and device, on the operating system and Internet service provider used, as well as on the amount of data transmitted. It also includes data that is published or communicated through our services (including possibly integrated third-party services) (eg images, texts, comments, evaluations, reservations, videos, etc.). We can bring back personal data related to one of our services to data deriving from another service. Data that are exchanged during or in connection with contacts with us (eg communication by letter, telephone, fax, e-mail, text and multimedia messages (SMS / MMS), video messages or Instant Messaging, reactions to communications and offers, favorite communication channels, etc.). Data that you or third parties communicate / communicate during participation in games with prizes, surveys and the like. Certain services can collect and store data relating to the position if the geolocation function of the device used is active. Data that provide us with third parties with whom we have commercial relationships (eg list entries, address database, changes to database entries, data relating to solvency, information relating to contact persons within the company, etc.) . Data from public sources (eg registrations in the commercial register, other lists, etc.). The aforementioned data are not always personal data. As a rule, we are not able to attribute to individualized individuals nominally the data generated during the use of our services without registration (eg through a user account). In special cases, this may occur, however, in combination with other data. To use our services, you will need to provide certain personal data necessary or required by law for the initiation and management of the contractual relationship and for the fulfillment of the contractual obligations related to this. In the absence of such personal data we will not be able, in principle, to enter into the contract and to execute it or to provide a certain service. The report of access to our digital services and the related collection of connection data (such as the IP address) are also required; this feature is automatically activated at the time of use and cannot be suspended for individual users. Therefore, if you do not agree with the collection of such data, you will have to renounce the use of our services.
4. Purposes of processing and legal bases
The processing of personal data, to the extent permitted by applicable law, will be carried out in particular for the following purposes: initiation, conclusion, fulfillment and execution of contracts; offer, further development and improvement of our services, development of new services, management, maintenance, optimization and security of our services and our infrastructure; user management of our services, identity checks, logins and other authentications; care, administration and development of our relationships with customers, communication with customers and third parties, customer service and support, promotions, advertising and marketing, creation of user profiles, provision of personalized services and relevant content; management and publication of lists (on paper, on data carriers and / or on the Internet), database management, comparison and updating, including central directories of addresses and contact details relating to our company and to companies with which we have a contractual relationship; protection of users, our employees and third parties, as well as protection of our data, secrets and assets, security of our systems, buildings and other infrastructures; quality control, market research, calculation of statistics, reporting, development of information relevant to business management, administration and development of the company, our offer and our activities, acquisition and sale of business units, companies and parts of the same; compliance with legal and regulatory obligations and internal rules, application of the law, civil, administrative and criminal proceedings, complaints, fight against abuse, investigation and response to questions from authorities and administrative services. We can also process personal data for other purposes, to the extent that a legal obligation requires it to be processed or given information elsewhere or if processing, at the time of data collection, can be inferred from the circumstances. We use personal data for the aforementioned purposes on the basis of the following legal bases, to the extent necessary in accordance with the applicable data protection law: fulfillment of the contract; fulfillment of legal obligations; consent issued to us or to third parties; legitimate interests of ours and of third parties, in particular: offering and provision of services; advertising and marketing; care of contacts and communication with users and third parties; repeatability of behavior, preferences and user needs, market studies; further development and improvement of our services, development of new services; user management, identity checks, logins, authentications; protection of users, our employees and third parties, our data, secrets, infrastructure and assets; maintenance and safety, efficiency and effectiveness of the organization of business management, including safe, efficient and effective management as well as further development of digital services and other IT systems, elimination of failures; appropriate business management and development, sale or purchase of business units, companies or parts of companies and other commercial law transactions; compliance with legal and regulatory obligations and internal rules, application of the law, civil, administrative and criminal proceedings, complaints, fight against abuse, investigation and response to questions of authority.
5. Transmission to authorities and other transmissions for legal reasons
In certain situations, we may disclose data to authorities, services and other third parties (eg in relation to requests from authorities or officials, investigations and investigations, administrative, criminal, civil and / or criminal trials). We do this in cases where we are required to do so in an official capacity or by the authorities or if, in our opinion, we are obliged to you or where we have cases of fraud or defects related to security or to protect the rights and property.
Where the applicable law regarding data protection provides, you can receive a copy of the contractual guarantees from our data protection service, with respect to your personal data, or know where to request it. We reserve the right to obscure these copies for reasons arising from data protection legislation or to protect privacy.
6. Duration of storage
We store personal data as long as it is necessary for the purposes for which we have collected them. Furthermore, certain personal data are subject to ten or more years of legally binding conservation obligations to which we comply. We can also store personal data for at least the duration of the applicable statute of limitations, equal in several cases to five or ten years. The personal data that are generated in the context of the use of our services (eg records, logs, analyzes, etc.) and which are not subject to such storage or prescription terms, are generally canceled before , as soon as the interest in their treatment fails. Data can be stored even longer in anonymized form. Unless otherwise expressly agreed, we are not obliged to keep the data for a specific period.
7. Rights of the persons concerned
Every interested person has a right to information concerning personal data concerning them. The person concerned also has the right to demand from us the correction, deletion and containment of the data concerning him, as well as to oppose such processing of personal data. The exercise of these rights usually presupposes that the person concerned can unequivocally demonstrate his identity. In the event that the processing of personal data is based on consent, the latter can be revoked at any time by the person concerned. In EU or EEA states, the data subject has the right, in certain cases, to receive the data generated while using online services in a structured, commonly used and machine-readable format that allows the further use and transmission. We reserve the right to limit the rights of the data subject within the limits of the currently applicable legislation and, for example, not to release complete information or to delete data. We also draw your attention to the fact that with the cancellation of your personal data, some or all of the services may no longer be usable or available. If we automatically make a decision regarding a single person who has legal effects with the person concerned or substantially affects her in a similar way, the person concerned can talk to a competent person in our company asking her to reconsider the decision taken automatically or request immediately the judgment of a person, to the extent that the applicable law provides for it. In this case, the person concerned can no longer use certain automated services. The person will be informed separately. Every interested person has the right to file a complaint with the competent data protection authority. In the case of a data controller in Switzerland, it will be the Federal Data Protection and Transparency Commissioner (https://www.edoeb.admin.ch).