Data protection is a matter of trust, and your trust is important to us. In this Policy, we describe what we do with your data when you use our Services, communicate with us or otherwise deal with us, and how you can exercise your data protection rights. We use the term "data" here as equivalent to "personal data". Personal data is any information relating to an identified or identifiable natural person.
Any term beginning with a capital letter has the meaning attributed to it in the Terms of Use or the GTC.
When you provide us with data about other people (e.g. members of your family), we assume that you are authorized to do so, and that this data is correct. Please ensure that they have been informed of this Policy.
This Policy is aligned with the current and revised Swiss Federal Data Protection Act ("DPA") and the EU General Data Protection Regulation ("GDPR"). However, the application of these laws depends on each individual case.
Bearmind SA, Bâtiment EPFL Innovation Park C, c/o Fondation EPFL Innovation Park, 1015 Lausanne, is responsible for processing your personal data in accordance with this Policy.
If you have any questions about this Policy or the processing of your personal data or if you wish to exercise your rights under Section 13, please write to us at the following e-mail address: privacy@bearmind.tech.
We process various categories of personal data about you. The main categories are as follows:
Basic data: Basic data are the basic data about you, such as your name, first name and contact details. It also includes registration data (e.g. user name, pseudonym and password), information on your subscription to our newsletter, as well as information on third parties involved (e.g. contact persons, service recipients or representatives). We collect basic data in particular when you create an account, place an order through the Services or subscribe to our newsletter.
Contract data: Contract data is personal data collected in the context of the conclusion and performance of contracts, such as information on the relevant contracts (e.g., type and duration), information on the administration of contracts (e.g., contact details and information about payment methods), information about acquired claims and receivables, information about financial matters (e.g., reminders), information about defects and complaints, and information about customer satisfaction. We primarily conclude contracts with users of the Services, contractual partners and business partners.
Medical data: Medical data is personal data related to your health and well-being, collected in the context of the use of the Services by you, and provided exclusively by you.
Communication data: When you communicate with us, such as when you write to us, contact our representatives, or call us, we process the content of the communication (e.g., the content of emails, written correspondence, and telephone conversations), as well as the metadata of those communications (e.g., the type, time, and place of the communication). This data may also include information about third parties. In some situations, we may also ask you to provide proof of your identity.
Technical data: When you use our Services, we collect certain technical data, e.g. the IP address of your device, protocols in which we record the use of our systems (log files), information about your device and its configuration (e.g., operating systems and language settings), information about the browser with which you access our offerings and its configuration, your approximate location and time of use of our Services, information about your actions on our Services, and information about your Internet service provider. In some cases, we may also assign your device (PC, tablet, smartphone, etc.) a unique identifier (ID), for example by using cookies or similar technologies, so that we can recognize it. You can find more information on cookies and similar technologies in Section 11. Technical data generally does not allow us to infer who you are. However, technical data may be linked to other categories of data (and potentially to you), for example when you create an account.
Behavioral and preference data: Depending on our relationship with you, we try to get to know you better and tailor our products and services to your needs. We therefore also process behavioral and preference data, for example information relating to your behavior when using our Services, information relating to your use of electronic communications (e.g. if and when you opened an e-mail or clicked on a link) and your interactions on our social networking pages. You can find out more about how we process your data on our social networking pages in Section 12 and on how tracking works on our Services in Section 11.
Other data: We also collect data about you in other situations. For example, we process data that may relate to you in administrative or judicial proceedings (e.g., evidence).
Most of the data mentioned in this Section 2 is provided to us directly by you (e.g., when you contact us or use our Services). We may also collect data ourselves (e.g., technical data when you use our Services). To the extent permitted, we may also collect data from publicly available sources (e.g., debt collection registers) or obtain data from authorities or other third parties (e.g., other Services users).
As far as it is not unlawful, we also collect data from public sources (for example debt collection registers, land registers, commercial registers, the media, or the internet including social media) or receive data from public authorities and from other third parties (such as credit agencies, contractual partners, internet analytics services, etc.).
For what purposes do we process your data?
Communication: We process your data for the purpose of communicating with you, e.g., to respond to your requests, to contact you in case of questions and to perform our activities. For this purpose, we use, among other things, communication data and basic data. Our communication with you usually takes place in connection with other processing purposes, for example so that we can perform our activities or perform a contract.
Contract performance: We process your data in connection with the conclusion, administration and performance of contracts, e.g., to decide whether and how we conclude a contract with you, to deliver services and, if necessary, to assert claims arising from the contracts (debt collection, legal proceedings, etc.). For this purpose, we use basic data, contract data, communication data, and behavioral and preference data, among others.
Market research, service improvement and product development: We seek to continually improve our Services and to respond quickly to changing needs. We therefore process personal data to carry out market research and improve our Services. To this end, we process in particular basic data, behavioral and preference data, communication data, as well as information from customer surveys or studies. Wherever possible, we use pseudonymized or anonymized data for these purposes.
Marketing and relationship management: We process your data for marketing and relationship management purposes, for example to send you written or electronic communications, and to conduct marketing campaigns. This may include our own offers or offers from our advertising partners. We personalize communications so that we can provide you with information and offers that are tailored to your needs and interests. For this purpose, we use in particular basic data, contract data, communication data, and behavioral and preference data.
Compliance with legal requirements: We want to lay the foundations for compliance with legal requirements. We therefore also process personal data to comply with legal requirements, and to prevent and detect violations. This includes, for example, receiving and processing complaints, complying with judicial or administrative decisions, and detecting and investigating abuse. This may involve all categories of personal data mentioned in Section 2.
Other purposes: We may process your data for other purposes, for example for security and prevention purposes (e.g., to ensure IT security, prevent theft, fraud and abuse) and for quality assurance and training purposes. We may also process your data to protect our rights and defend ourselves against third parties claims. This may involve all categories of personal data mentioned in Section 2.
To the extent that the GDPR applies and we need a legal basis to process personal data, we generally rely on one or more of the following legal bases depending on the purpose of the processing:
Initiation or performance of a contract: Processing is necessary to initiate or perform a contract with you or the entity you represent.
Legitimate interests: Processing is necessary for our or a third party's legitimate interests, including to carry out processing for the purposes described in Section 3 and to disclose data in accordance with Sections 7 and 8, as well as to carry out the purposes related to them. Our legitimate interests also include compliance with legal regulations, insofar as this is not already recognized as a legal basis by applicable data protection legislation (e.g., laws in the EEA). This also includes the marketing of our activities, the desire to better understand our markets and to manage and develop our business, including its operations, safely and efficiently.
Consent: The processing is based on your consent. In these cases, we will inform you separately about the purposes of the processing at issue. You may withdraw your consent at any time with effect for the future by sending us written notice; you will find our contact details in Section 1. To withdraw your consent to online tracking, please see Section 11. Once we receive notice of withdrawal of consent, we will no longer process your information for the purpose(s) to which you consented, unless we have another legal basis for doing so. Withdrawal of consent does not, however, affect the lawfulness of the processing based on the consent prior to the withdrawal.
In some cases, other legal bases may apply and, if so, we will inform you separately.
"Profiling" refers to a procedure in which personal data is processed in an automated way to analyze personal aspects or make predictions (e.g., to analyze personal interests, preferences, and affinities or to predict likely behavior). We generally do not do this, but we will inform you separately if we are required to conduct profiling in individual cases. In such cases, we ensure the proportionality and reliability of the results and take measures against misuse of these profiles or profiling.
"Automated individual decision-making" involves decisions made on a fully automated basis, i.e., without relevant human influence, that have legal consequences for data subjects or otherwise significantly affect them. We generally do not do this, but we will inform you separately if we are required to make automated individual decisions in individual cases. In such cases, you have the opportunity to have the decision reviewed by a human being if you do not agree with it.
In the context of our processing activities, we may disclose your personal data to third parties, in particular to the following categories of recipients:
Service providers: We work with service providers in Switzerland and abroad. These service providers generally process your personal data on our behalf as "processors". Our processors are obliged to process personal data in accordance with our instructions and to take appropriate measures for data security. Some service providers are also responsible jointly with us or independently (e.g., collection agencies).
Contractual partners: We disclose your data to our contractual partners insofar as the disclosure of your data is based on the relevant contracts. These recipients also include the partners with whom we cooperate (e.g., providers of solutions on the Services) or who advertise on our behalf and to whom we may therefore disclose your data for analysis and marketing purposes. You will find more information on this subject in Section 11.
Authorities: We may disclose your personal data to authorities when we are legally required to do so or when it appears necessary to protect our interests. These authorities act as separate controllers.
Other persons: We may also share your data with other persons, such as service recipients and third-party debtors specified by you.
We process and store personal data primarily in Switzerland and the European Economic Area (EEA). In some cases, however, we may also disclose personal data to service providers and other recipients (see Section 7) who are located outside this area or who process personal data outside this area, in principle in any country in the world. These countries may not have laws that protect your personal data to the same extent as in Switzerland or the EEA, such as in the United States (see Section 11). If we transfer your personal data to such a country, we will ensure the protection of your personal data in an appropriate manner. In particular, we use the European Commission's standard contractual clauses for this purpose, unless the recipient is already subject to a legally accepted set of rules to ensure data protection or we can invoke an exception. We would like to emphasize that these contractual measures partly compensate for less or no legal protection, but do not completely exclude all risks (e.g. the risk of data being accessed by governments abroad). In exceptional cases, we may allow the transfer of your personal data to countries without adequate protection in other cases, for example if you consent, in the context of legal proceedings abroad or if it is necessary for the performance of a contract.
Please note that data exchanged via the internet is often routed through third countries. Your data may therefore be sent abroad even if the sender and recipient are in the same country.
We process your data for as long as our processing purposes (see Section 3), legal retention periods and our legitimate interests in documentation and keeping evidence require it or storage is a technical requirement. After the expiration of these periods, we will delete or anonymize your data insofar as there are no legal or contractual obligations to the contrary.
For example, we adhere to the following retention periods, which we may waive on a case-by-case basis:
Account: Personal data associated with your account is retained for as long as your account exists. If you request deletion of your account, we will delete your data within 90 days.
Basic and contract data: We generally store basic and contract data for ten years from the last contractual activity or the end of the contract. However, this period may be longer if necessary for evidential purposes, due to legal or contractual provisions, or for technical reasons. Transaction data relating to contracts (e.g., invoices) is generally stored for ten years.
Communication data: E-mails and written correspondence are generally kept for ten years. However, this period may be longer if necessary for evidentiary purposes, due to legal or contractual provisions or for technical reasons.
Technical data: We generally retain technical data between six months and one year. The retention period for cookies and similar technologies (see Section 11) is generally between a few days and three years if they are not deleted immediately at the end of the session.
Medical data: In accordance with the principle of proportionality, we retain medical data until it is no longer required, after which it is deleted.
Other data: The retention period for other data depends on the purpose of the processing and is limited to what is necessary. It ranges from a few days to several years.
We take appropriate technical and organizational security measures to maintain the required security of your data and to ensure the confidentiality, integrity and availability of your data, to protect it against unjustified or unlawful processing and to mitigate the risk of loss, accidental alteration, unauthorized disclosure or access. Like all companies, however, we cannot exclude with certainty any data protection breach; some residual risks are unavoidable.
We use various techniques on our Services that allow us or third parties we hire to recognize you when you visit our Website and potentially track you over multiple visits. This section informs you about these techniques.
"Cookies" are files that your browser automatically stores on your device when you visit our Services. Cookies contain a unique identifier (ID) that allows us to distinguish individual visitors from others, generally without identifying them. Depending on their intended use, cookies may contain further information, such as the pages visited and the time spent on the pages. We use both session cookies, which are deleted as soon as the browser is closed, and persistent cookies, which remain stored for a certain period of time after the browser is closed (usually from a few days to three years) and are used to recognize visitors on subsequent visits.
We may also use similar technologies such as pixel tags, fingerprints and other technologies to store data in the browser. "Pixel tags" are small, usually invisible images or program codes uploaded by a server that provide the server operator with specific information such as whether and when a website was visited. "Fingerprints" are information about the configuration of your device or browser that are collected when you visit a website and that can be used to differentiate your device from other devices. Most browsers also use other data storage technologies in browsers that are similar to cookies and that we may also use (e.g. web storage).
We use the following types of cookies and similar technologies:
Strictly necessary cookies: Some cookies are essential for using the Services and its functions. These cookies ensure the essential functionality of the Services, for example, to be able to navigate from page to page. These cookies have an expiration period of up to 12 months.
Performance cookies: Performance cookies collect information about how our Website is used and allow us to perform analyses of its use, such as which pages are viewed most often and how visitors navigate our Services. These cookies are used to make visiting the Services easier and faster and, in general, to improve the user experience and comfort. We use third-party analytics services for this purpose. These cookies have an expiration period of up to 24 months.
Marketing cookies: Marketing cookies help us and our advertising partners to provide you with advertisements on our Services for offers or services that may be of interest to you or to display our advertisements when you continue to browse the Internet after leaving our Services, i.e., to provide you with targeted advertising. These cookies have an expiration period ranging from a few days to three years, depending on the circumstances.
Details about our third-party vendors and advertising partners can be found in the privacy settings. In these privacy settings, you also have the option to disable certain categories of cookies by making the appropriate settings.
When you consent to the use of cookies, you accept that your data may be transferred to a country that does not have adequate level of data protection and accept the risks that your data may potentially be subject to government lawful access in the recipient's country, despite the safeguards we put in place. You can withdraw your consent to cookies at any time, as explained above.
In addition, you can configure your browser settings so that it blocks certain cookies or similar technologies or deletes existing cookies and other data it has stored. You can also integrate software ("plugins") into your browser that blocks the tracking of certain third parties. You can find further information on this subject on the help pages of your browser (usually with the keyword "data protection"). Please note that the functioning of our Services may be restricted if you block cookies and similar technologies.
We manage our own pages on social networks and similar third-party platforms (e.g. LinkedIn) If you communicate with us through these pages or comment on or share our content, we collect the relevant information and process it for the purposes set out in Section 3, in particular for communication, marketing and market research purposes.
When you visit our pages on social networks, data (e.g., about your user behavior) may also be transmitted directly to the respective service provider or collected by the latter and processed together with other data already known to it, in particular for its own marketing and market research purposes and to customize its platform. In some cases, some of your data will be transferred to the United States. You can find more information about the processing of data by social network providers in the privacy policies of the respective social networks.
Applicable data protection laws give you the right to object to the processing of your data in certain circumstances, including processing for direct marketing purposes, profiling for direct marketing purposes, and other legitimate interests in processing.
To help you control the processing of your personal data, you have the following rights with respect to our processing of your data in accordance with data protection laws:
The right to request access to your personal data stored by us;
The right to have inaccurate or incomplete personal data corrected;
The right to request the deletion of your data;
The right to receive the personal data you have made available to us in a structured, commonly used and machine-readable format or to have this data transferred to another controller;
The right to withdraw your consent with effect for the future, to the extent that our processing is based on your consent;
The right to receive, upon request, other information relevant to the exercise of these rights;
The right to express your point of view in the case of automated individual decisions (Section 6) and to request that the decision be reviewed by a human being.
If you wish to exercise your rights, you may contact us in writing at the e-mail address given in Section 1. In order to prevent misuse, we need to identify you (e.g. by means of a copy of your identity card, if identification is not otherwise possible).
Please note that these rights may in some cases be limited, excluded or subject to the fulfilment of certain conditions. We will inform you accordingly where applicable.
You may also file a complaint with the competent supervisory authority if you have any doubts about the lawfulness of the processing of your personal data. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC), who can be contacted here: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html. The competent supervisory authority in the Principality of Liechtenstein is the Data Protection Author-ity of the Principality of Liechtenstein, which can be contacted here: https://www.datenschutzstelle.li/datenschutz. You can find a list of authorities in the EEA here: https://edpb.europa.eu/about-edpb/board/members_en. You can reach the UK supervisory authority here: https://ico.org.uk/global/contact-us/.
This Policy does not form part of any contract with you. We may change this Policy at any time without notice. The version published on our Services is the current version.
Policy updated on 26.08.2024.
All rights to the Policy belong to their authors. Any reproduction, without prior license, is strictly prohibited and will be prosecuted.
Bearmind Ltd, EPFL Innovation Park, Bat. C, 1015 Lausanne © 2024
Site created by
wavemind.ch