Introduction

This data protection and privacy information applies to data processing by Pingen GmbH, Badenerstrasse 47, CH-8004 Zürich (Switzerland), phone: +41 44 508 09 09, e-mail: info@pingen.com (hereinafter we or Pingen), represented by Sandro Kunz and Graem Lourens.

As a Swiss company without branches abroad, we are obliged to the data protection regulations and laws of Switzerland. In order to enable customers from the European Union (EU) to use our services, we also comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC („General Data Protection Regulation“, hereinafter "GDPR"). In this context, we would like to point out that there is no obligation for Pingen to appoint a data protection officer in accordance with GDPR Art. 37.

Responsible according to Art. 4 para. 7 of the GDPR:
Pingen GmbH, Badenerstrasse 47, 8004 Zürich, Switzerland, info@pingen.com

Data protection representative in the European Union pursuant to Art. 27 para. 1 of the GDPR: Graem Lourens, c/o Lourens Systems Polska Sp. z o.o., Wincentego Rzymowskiego 31, 02-697 Warszawa, Poland, dsgvo@pingen.com

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data privacy policy. The use of our website is generally possible without providing personal data. When personal data (for example name, address, or e-mail addresses) is collected by us, this takes place, whenever possible, on voluntary basis. This data will only be forwarded to third parties without your express consent if this is necessary to ensure the services agreed upon with you. We would like to point out that data transmission over the Internet (e.g., communication by e-mail) may have security flaws. A perfect protection of the data against access by third parties is not possible.

Definitions

The data privacy policy of Pingen is based on the terms used by the European legislator when the General Data Protection Regulation (GDPR) was issued. Our data privacy policy should be easy to read and understand both for the public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance. We use the following terms, among others, in this data privacy policy:

  • Personal Data
    Personal data means any information relating to an identified or identifiable natural person (hereinafter „Data Subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  • Data Subject
    Data Subject is any identified or identifiable natural person whose personal data are processed by the controller.

  • Processing
    Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  • Restriction of Processing
    Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

  • Profiling
    Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, particularly to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

  • Pseudonymisation
    Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

  • Controller
    Controller means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

  • Processor
    Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.


  • Recipient
    Recipient means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be compliant with the applicable data protection rules according to the purposes of the processing.


  • Third Party
    Third party means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.


  • Consent
    Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him/her.


  • Service
    Service means the service offered via a website operated by Pingen. In connection with this, data is collected from the user of the service to be able to fulfil the described offering of the service.

Server-Log-Files

When you visit our websites, we or our provider automatically process information which your browser automatically transmits to us in so-called server log files. These are:


  • Browser type and browser version
  • Operating system used
  • Name of your access provider
  • Referring URL
  • Name and URL of the retrieved file(s)
  • Host name and/or IP address of the accessing device
  • Date and time of the server request
The mentioned data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website
  • Ensuring a comfortable use of the website
  • Evaluation of system security and stability
  • For further administrative purposes
The legal basis for data processing is Art. 6 Par. 1 S.1 lit. f GDPR. Our legitimate interest arises from the purposes listed above for data collection. The data cannot be assigned to specific persons. These data are not combined with other data sources. We reserve the right to check the data subsequently if we become aware of concrete indications of an illegal use.

Cookies

We use cookies on various pages. Cookies are used exclusively to make visiting our website more attractive and to enable certain functions. We do not use cookies for profiling or to evaluate user behavior. Cookies are small text files that are stored on your computer. Most of the cookies we use are deleted from your hard disk after the end of the browser session (so-called session cookies). In addition, we offer the option to store certain cookies, optionally and on a voluntary basis, for longer to further enhance the user experience. Cookies can also be blocked in the browser. However, we would like to point out that if cookies are blocked, parts of our website may no longer function correctly or may no longer function at all. The legal basis for the use of cookies is Art. 6 Par. 1 S.1 lit. f GDPR. Our legitimate interest arises from the described purposes and interests for which cookies are necessary. Cookies or their contents are not merged with other data sources.

Information Disclosure

Your personal data will not be disclosed to third parties for purposes other than those listed below. We will only disclose on your personal data to third parties if:


  • You have given your express consent pursuant to Art. 6 para. 1 section 1 lit. a GDPR,
  • the disclosure pursuant to Art. 6 para. 1 section 1 f GDPR is necessary to assert,
  • exercise or defend legal claims and there is no reason to assume that you have a predominant interest worthy of protection in not disclosing your data if a legal obligation exists for the transfer pursuant to Art. 6 para. 1 section 1 lit. c GDPR,
  • and this is legally permitted by Art. 6 para. 1 section 1 b GDPR and is required for the processing of contractual relationships with you.

Contact Forms and Support Forms

For questions of any kind, including support requests, we offer you the opportunity to contact us using the forms provided on the website. In addition to the actual message, we need your name and a valid e-mail address so that we know what kind of information you want from us, from whom the request originated and to be able to answer it. Further information can be provided voluntarily. The data will be processed for the purpose of contacting us in accordance with Art. 6 para. 1 section 1 lit. a GDPR based on your voluntary consent. The personal data collected by us for the use of the contact form will be used exclusively for processing your inquiry. To process your request, it may be necessary for data to be transferred to third parties. Whether, to whom, under which circumstances and what data are disclosed to third parties can be checked via the following link:

https://www.pingen.com/subcontractors/06_SubcontractorList_Pingen_en.pdf

If you do not agree with the processing and or the data protection and privacy provisions of one or more of these third parties, we recommend that you do not use our contact form or do not continue to use it and request any data already transmitted via the contact form to be deleted. If you do not explicitly revoke the data, it will remain stored as long as we consider it useful for the provision of our services.

Flyernator

At www.flyernator.ch as well as other country-specific top-level domains and application-specific subdomains, we operate the service "Flyernator". This service enables participants to place flyers and advertisements and have them distributed to letterboxes in geographically selected areas. The detailed features as well as the specific range of services can be viewed at www.flyernator.ch as well as other country-specific top-level domains. To be able to provide this service, data is collected and processed in accordance with Art. 6 Para. 1 S. 1 lit. A and b GDPR. For an order with Flyernator, your first and last name as well as your e-mail address and telephone number are stored in addition to your company name and postal address. Personal data is only collected by Flyernator to the extent contractually and technically necessary and is used to fulfil the service offered by the service. Under no circumstances will this data be sold or passed on to third parties for reasons other than those mentioned.

superpost

At www.superpost.com we operate the service "superpost". This enables participants to send texts or documents via postal mail to recipients at home and abroad. The detailed features as well as the specific range of services can be found at www.superpost.com. To be able to provide this service, data is collected and processed in accordance with Art. 6 para. 1 p. 1 lit. A and b GDPR. For an order placed with superpost, the postal address of the recipient, your first and last name, your billing address, your e-mail address, and the means of payment used, including validity and anonymised card number, are stored in addition to the content of the letter. Optionally, additional information can be provided when creating the letter, which will also be stored by superpost. Personal data is only collected by superpost to the extent contractually and technically necessary and is used to fulfil the service offered by the service. Under no circumstances will this data be sold or passed on to third parties for reasons other than those mentioned.

Pingen

At www.pingen.com and other country-specific top-level domains as well as application-specific subdomains we operate the service "Pingen". Pingen essentially enables participants to send letters and electronic documents as snail mail to recipients locally and abroad. The detailed features of Pingen as well as the specific range of services can be found at www.pingen.com and other country-specific top-level domains. To provide these services, data is collected and processed in accordance with Art. 6 para. 1 section 1 lit. a and b GDPR. When registering for Pingen, your company name and/or your first and last name as well as your e-mail address will be requested and saved. To complete your profile, your postal address, and the necessary information for sending letters and documents will also be recorded during the later course of use. You may voluntarily provide additional personal data. The scope of this data depends on how and for what purpose Pingen is to be used. Certain functions of Pingen can therefore only be used if the necessary data is collected. Personal data is only collected and used in Pingen to the extent contractually and technically necessary to provide you with an optimal user experience. This also applies to the personal data of the recipients, which is required to be able to provide the explicitly communicated service. Under no circumstances will this data be sold or passed on to third parties for reasons other than those mentioned.

Third Parties

To provide the best possible user experience and specific functions, we use third parties and have data processed by third parties for certain services provided by us.

Wherever possible, Pingen collaborates with third parties who are subject to the provisions of the GDPR and the Privacy Shield Framework between the USA and the EU or the USA and Switzerland or who have voluntarily committed themselves to comply with the GDPR. Further information regarding the processing steps and the data protection regulations of the third-party providers can be requested directly from the respective third-party providers.

A list of these third-party providers with a description of the data processed by them, the purpose of the processing, as well as the time when the disclosure takes place, can be viewed under this link:

https://www.pingen.com/subcontractors/06_SubcontractorList_Pingen_en.pdf

Pingen reserves the right to change this list as well as the cooperation with third parties at any time and to make use of additional third parties for the purpose of providing services. Relevant changes of the list as well as the cooperation with existing third parties or new third parties will be communicated to the participant by appropriate means.

If you do not agree with the processing and or the data protection provisions of one or more of these third-party providers, you can object to the use by terminating the business relationship with Pingen in writing and requesting any data already disclosed to Pingen to be deleted. The termination of the business relationship is the only way for you to object to the processing, or also to the changed processing, by Pingen or the third-party providers used.

Data Retention and Deletion

To be able to fulfil offers and contractually agreed services within a defined framework, data will be stored for as long as there is a business relationship between you and Pingen, unless otherwise stipulated by law for the storage of the processed data. Unless otherwise defined, a business relationship begins with your use of a service; in particular, with the collection of data through a service or the placing of an order via a service of Pingen and ends with the termination by you or by Pingen or 18 months after the conclusion of the order. Additionally, certain Pingen services offer the possibility to determine the storage period of certain data. The deletion of data may be requested by you within the scope of your business relationship with Pingen on the basis the rights of the data subject. For legal reasons, the right to delete data only extends to the data that was collected by Pingen or at the request of Pingen or the data that you have collected. Data which is delivered to us outside of a business relationship or outside the use of one of our offers will be deleted within the scope of the rights of the data subject, provided that they do not contradict applicable law. Pingen reserves the right to charge you expenses for data modifications which were requested by you based on rights of data subject and which exceed a reasonable and proportionate level, at a cost rate customary in the Swiss IT industry.

Use of Google reCaptcha

To protect forms that can be used without registration, for some of Pingen’s services use the service reCaptcha of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA: "Google") against unwanted use and misuse. This service makes it possible to distinguish whether the input is made by a human being or abusively and automatically by a machine (spambot). For this purpose, your IP address and any other data required by Google Inc. for the reCaptcha service will be transmitted to Google Inc. This information is governed by the different privacy policy of Google Inc, which can be found at: https://policies.google.com/privacy

Privacy Policy for the Use of Google Analytics

Some of Pingen’s services use Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA: "Google"). The use includes the "Universal Analytics" operating mode. This makes it possible to assign data, sessions, and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices.

Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will previously reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. On behalf of Pingen, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide Pingen with other services relating to website and Internet use. Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is Art. 6 Par. 1 lit. f GDPR. Sessions and campaigns are terminated after a certain period. By default, sessions are terminated after 30 minutes without activity and campaigns after six months. The time limit for campaigns may not exceed two years. Further information on terms of use and data protection can be found at: https://www.google.com/analytics/terms/us.html bzw. unter https://policies.google.com/?hl=en

You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt-out on all systems used.

Payment Processing via Stripe

For certain services, we offer the option of processing payment transactions via the payment service provider Stripe, ℅ Legal Process, 510, Townsend St., San Francisco, CA 94103 (Stripe). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR). In this context, the following data is particularly collected by Stripe to the extent necessary for the performance of the contract (Art. 6 para. 1 lit b. GDPR).

Name of the cardholder
E-mail address
Customer number
Order number
Credit card data
Period of validity of the credit card
Credit card verification number (CVC)
Date and time of transaction
Transaction amount
Name of the provider
Place

The processing of the data provided under this section is not required by law or contract. We cannot process a payment through Stripe without the submission of your personal data.

Stripe has a dual role as a controller and processor in data processing activities. As a controller, Stripe uses your submitted data to comply with regulatory obligations. This corresponds to Stripe's legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the execution of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). We have no influence on this process.

Stripe acts as a processor to be able to complete transactions within payment networks. Within the scope of the order processing relationship, Stripe acts exclusively according to our instructions and has been contractually obligated within the meaning of Art. 28 GDPR to comply with the provisions of data protection law.

Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

For more information on opt-out and redress options against Stripe, please visit: https://stripe.com/privacy-center/legal

Rights of the Data Subject

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
  • in accordance with Art. 16 GDPR, to demand without delay the correction of incorrect or complete personal data stored by us;
  • to request the deletion of your personal data stored with us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • in accordance with Art. 18 GDPR, to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but if you need it to assert, exercise or defend legal claims or if you have filed an objection against the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data, which you have provided to us, in a structured, established, and machine-readable format or to request the transfer to another person responsible;
  • in accordance with Art. 7 para. 3 GDPR, to revoke your consent to us at any time. As a result, we will no longer be allowed to continue processing data based on this consent in the future and
  • to complain to a supervisory authority pursuant to Art. 77 GDPR. You can either contact the supervisory authority of your usual place of residence, your workplace or our office location.


To exercise your rights as a data subject, you can either contact dsgvo@pingen.com or our data protection representative in the European Union.

Pingen reserves the right to bill you expenses incurred by you due to the exercise of the rights of the data subject and which exceed a reasonable and proportionate level based on a cost rate customary in the Swiss IT industry.

Right to Object

If your personal data is processed based on legitimate interests pursuant to Art. 6 para. 1 section 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided there are reasons for this which arise from your particular situation, or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without stating a particular situation; if you wish to make use of your right of revocation or objection, simply send an e-mail to dsgvo@pingen.com

Data Security

We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form can be seen from the closed representation of the key or lock symbol in the status bar of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

Validity and Amendment of this Data Privacy Policy

This privacy policy will become effective as of 20.01.2022. If individual parts or provisions of this policy should be ineffective, this does not affect the effectiveness of the policy in all other respects. You can access and print out the current data privacy policy at any time on this website.