Spectas AG is committed to the careful and conscientious handling of its customers’ personal information. Spectas AG is responsible for the collection, processing, disclosure, storage and protection of its customers’ personal information and ensures compliance with the Swiss Data Protection Act (“DPA”) as far as protected data of Swiss customers is concerned in this respect; and additionally for compliance with the EU General Data Protection Regulation (“GDPR”) as far as protected data of customers from the EU area is concerned in this respect.
A) Contact details
Responsible for data processing is: Spectas AG Chaltenbodenstrasse 6c, 8834 Schindellegi, Switzerland +41 44 515 21 70
The Data Protection Officer can be reached at email@example.com.
B) Applicable law
Data processing by Spectas AG shall be subject to the following law in each case: Data from Swiss customers The processing of data from Swiss customers shall be governed exclusively by Swiss law, in particular by the Federal Act on Data Protection (FADP, SR 235.1) and the associated Ordinance to the Federal Act on Data Protection (SR 235.11). The EU General Data Protection Regulation (GDPR) does not apply. The applicability of the GDPR remains reserved (i) to the extent that it is expressly provided for in this privacy statement for partial areas, and (ii) to the extent that the GDPR is also mandatorily applicable to Data of Swiss Customers due to special circumstances. Data of customers from the EU area In addition to Swiss law, Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (Data Protection Regulation, GDPR) is applicable to the processing of data of customers from the EU area. See also item 13 (additional regulations for customers from the EU area).
C) Type and scope of the collection of personal data when visiting our website (without login)
When customers visit Spectas AG’s online presence outside the login-protected area, the web server technology used automatically logs general technical visit information. This includes, among other things, the IP address of the device used, which is, however, anonymized at Google before it is stored so that it can no longer be assigned to the customer. Google uses the _anonymizeIp() method for this purpose. Furthermore, this includes information about the browser type, the Internet service provider and the operating system used. when using the Spectas Cloud software (with login).
During the free trial access as well as during the paid use of the Spectas software within the login-protected area, all data entered or submitted by the customer during the registration process as well as during the use of the software are additionally stored.
This is particularly the case if the customer registers, places orders, fills out online forms, participates in surveys or contests, corresponds with Spectas AG online or offline, or comes into contact with Spectas AG via social media, blogs or other interactive media.
By granting access rights, the client agrees that Spectas AG may provide third parties (e.g. the external auditor) with all data of the client in question or permit access to it.
The customer retains full control over the access rights of the third party to his data at all times and can restrict or deny access at any time.
App Marketplace / Third Party Add-ons Spectas AG may provide Customer with an interface (“API”) to communicate with third party software. This gives the customer the option of integrating various additional packages or offers from third-party providers (“add-ons”) in addition to the Spectas software.
The customer can order various add-ons in the Spectas AG App Marketplace. In addition, the customer may grant other third-party providers authorization to use the interface to his Spectas account. Unless expressly agreed otherwise, a contractual relationship concerning the use of third-party add-ons shall be established exclusively between the Customer and the third-party provider.
If access rights are required for the use of an add-on, the customer expressly agrees to grant all necessary access rights by ordering or integrating the add-on. Spectas AG shall then be entitled to provide or permit access to all data of the customer necessary for the use of the add-on.
The customer retains full control over the third-party provider’s access rights to his data at all times and can restrict or deny access at any time. The customer agrees that Spectas AG or the third party provider may exchange data with this third party provider when using further add-ons.
D) Data security
Spectas AG uses technical and organizational security measures in accordance with recognized market standards to protect stored personal data against accidental, unlawful or unauthorized manipulation, deletion, alteration, access, disclosure or use and against partial or total loss. The servers of Spectas AG are located in Switzerland. The connection to the servers is made using SSL encryption.
Spectas AG carries out regular backups of customer data (backup). To prevent data loss even in extreme cases (e.g. destruction of the data center by an earthquake), the backups are stored in parallel in several data centers in Germany on a geo-redundant medium. The requirements of the DSG and DSGVO are fully complied with at all times. The safety measures are continuously adapted and improved in line with technological developments. Spectas AG accepts no liability for the loss of data or for third parties gaining knowledge of it and using it. Spectas AG cannot otherwise guarantee the security of data transmission on the Internet; in particular, there is a risk of access by third parties when data is transmitted by e-mail. However, the access is protected by means of HTTPS. Dual authentication is required by Spectas for added protection.
E) Purpose of the processing of personal data / recipients of the data
Spectas AG processes the collected data in order to be able to continuously improve the desired products and services, to manage the use and the desired access to the applications, products and information, to maintain the business relationship with the customers, to monitor and improve the performance of the offer, to detect, prevent or clarify illegal activities or to send the customers offers, information or marketing material about products or services which Spectas AG, based on the data, assumes could be of interest to the customers.
The personal data of Spectas AG’s public website may also be disclosed to partner companies and service providers, selected third-party companies, institutes and/or legally authorized government authorities, in Switzerland and abroad, for processing, storage and use within the scope of the above-mentioned purposes.
If the processing or storage of personal information takes place in countries that do not ensure adequate data protection compared to Swiss data protection law, Spectas AG shall require the Processor under contractual obligation to fully comply with the relevant provisions of the FADP or – insofar as data of customers from the EU area are concerned – the GDPR. Spectas AG may carry out individual of the aforementioned processes and services through service providers commissioned in accordance with data protection law, which are based within the EU or Switzerland.
These are, in particular, companies in the categories of IT services, payment transactions, printing service providers, billing, collection and consulting, as well as sales and marketing, and service providers used in the context of order processing relationships.
Cookies help to make visiting the Spectas AG website easier, more pleasant and more useful. Cookies are information files that the web browser automatically stores on the computer’s hard drive when the customer visits the Spectas AG website and uses offers. The customer can independently manage the security settings in the browser and thereby block or deactivate cookies used, in which case certain services of Spectas AG may no longer be able to be used (in full).
G) Tracking and analysis tools / social media
The use of Spectas AG’s digital offerings is measured and evaluated by means of various technical systems, predominantly from third-party providers such as Google Analytics. These measurements can be both anonymous and personal. In this context, it is possible that the collected data will be passed on by the provider or the third-party providers of such technical systems in turn to third parties in Germany and abroad for processing. The most commonly used and well-known analytics tool is Google Analytics, a service provided by Google Inc.
This means that the data collected may in principle be transmitted to a Google server in the USA (or a location specified by Google). The public website of Spectas AG uses Google Analytics, a web analytics service provided by Google, Inc. located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A. (“Google”). Google Analytics uses so-called cookies, text files that are stored on the customer’s computer and enable an analysis of their use of the website. The information generated by the cookies about the use of the website (including the IP address, which is, however, anonymized by Google before being stored so that it can no longer be assigned to the customer) is transmitted to a Google server in the USA (or a location specified by Google) and stored there.
Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for Spectas AG and providing other services relating to website activity and internet usage.
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will in no case associate the IP address of customers with other data from Google.
The Spectas AG website uses the “demographic characteristics” function of Google Analytics. This allows reports to be generated that include statements about the age, gender, and interests of customers. This data comes from interest-based advertising from Google as well as visitor data from third-party providers.
Data may still be sent to the website or other web analytics services. Finally, Spectas AG collects certain information about its website in so-called server log files, which are automatically transmitted by the customer’s Internet browser. These include, among others, the user agent (browser type and version, operating system used), http header information (referrer URL, IP address of the accessing computer), the time of the server request and the login status.
These server log files are merged with other data sources only for error analysis.
H) Technologies for advertising purposes
The Spectas AG website uses the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick.
In this way, interest-based, personalized advertising messages that have been adapted to the customer on one end device (e.g., cell phone) depending on the customer’s previous usage and surfing behavior can also be displayed on another end device (e.g., tablet or PC).
If the customer has given Google appropriate consent, Google will link the web and app browsing history to the customer’s Google account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which the customer logs in with his Google account.
To support this feature, Google Analytics collects Google-authenticated IDs of users, which are temporarily linked to Spectas AG’s Google Analytics data to define and create target groups for cross-device ad advertising.
Within the scope of Google AdWords, Spectas AG uses the so-called conversion tracking. When the customer clicks on an ad placed by Google, a cookie is set for conversion tracking.
Cookies are small text files that the Internet browser stores on the customer’s computer. These cookies lose their validity after 30 days at the latest and are not used for identification.
If the customer visits our website and the cookie has not yet expired, Google and Spectas AG can recognize that the customer clicked on the ad and was redirected to this page.
Spectas AG learns from Google the total number of users who clicked on its ad and were redirected to its website tagged with a conversion tracking tag. However, Spectas AG does not receive any information with which it can personally identify the customer.
The customer can prevent the storage of cookies by setting his browser software accordingly. However, Spectas AG points out to the customer that the customer may not be able to use all functions of this website to their full extent.
The customer can also prevent tracking by deactivating the Google conversion tracking cookie via his internet browser under user settings.
I) Integration of third-party offers / social media
The digital offerings of Spectas AG are networked with third-party functions and systems in a variety of ways, for example by integrating plug-ins of third-party social networks such as Facebook, Twitter, etc. in particular. If the customer has a user account with these third parties, it may also be possible for them to measure and evaluate the use of Spectas AG’s digital offerings.
In the process, further personal data, such as IP address, browser settings and other parameters may be transmitted to these third parties and stored there. Spectas AG has no control over the use of such personal data collected by third parties and assumes no responsibility or liability. Spectas AG has no detailed knowledge of what data is transmitted to the third-party providers, where it is transmitted to and whether it is anonymized.
J) Profiling / Automated decisions
Profiling is the automated processing of personal data to analyze or predict certain personal aspects or behavior. This means, for example, that customers can receive more individual support and advice or that offers can be better tailored to individual customer needs. An “automated individual decision” is defined as a decision that is fully automated, i.e., without relevant human influence, and that has negative legal effects or other similarly negative effects vis-à-vis the customer. As a rule, Spectas AG does not carry out automated individual decisions. Spectas AG will inform customers separately should it use automated individual decisions in individual cases. In such a case, the customer has the option to have this decision manually reviewed by an employee of Spectas AG.
K) Communication by e-mail and/or newsletter
If the customer wishes to receive a newsletter offered on the Spectas AG website, Spectas AG requires an e-mail address and other information that allows it to verify that the e-mail address provided is correct and that the customer agrees to receive the newsletter (“double-opt-in” procedure). With the newsletter, the customer regularly receives recommendations and offers that may interest him. For this purpose, Spectas AG collects and processes personal data concerning the customer’s usage behavior on the website, in the Spextas software and in relation to the use of the newsletter (e.g. whether the customer opens the newsletter or on which web URL links he clicks). Spectas AG evaluates this data for statistical purposes in order to better tailor the content of the newsletters to the interests of the customers. The processing of the personal data entered in the newsletter registration form is based on the customer’s consent, which he can revoke at any time for the future. The revocation takes place via the “unsubscribe” link in the newsletter. The personal data collected is used for the design of the content and the dispatch of the newsletter. Spectas AG stores the personal data deposited by customers for the purpose of newsletter subscription until the customer unsubscribes from the newsletter.
L) Duration of storage
Spectas AG processes and stores personal data as long as the customer uses the service. It should be noted that the contractual relationship between Spectas AG and the customer is a continuing obligation that is intended to last for years. After termination of the contractual relationship, Spectas AG is generally not obligated to store the customer’s data. For this reason, data that is no longer required is regularly deleted. This does not apply to data that is required for further processing on the basis of legal regulations or for mandatory internal purposes.
M) Information, correction, deletion, blocking, consent
With regard to the personal data, the customers have the following rights according to DSG, respectively DSGVO. In principle, Spectas AG also grants the rights contained in the GDPR to Swiss customers. However, Spectas AG reserves the right to make a different assessment in individual cases.
- the right to information (Art. 8 DSG, Art. 15 DSGVO);
- the right to rectification (Art. 5 para. 2 DSG, Art. 16 DSGVO);
- the right to erasure (Art. 17 DSGVO);
- the right to restriction of processing (Art. 18 DSGVO);
- the right to data portability (Art. 20 DSGVO);
- as well as the right to object (Art. 21 DSGVO).
Any restrictions of the GDPR as well as the respective applicable national data protection laws or other national laws apply to the rights mentioned above. Insofar as the customer is asked to give consent in connection with the services of Spectas AG, the customer gives this consent by clicking on the corresponding checkbox. Subsequently, Spectas AG is entitled to collect, process, use and pass on the customer’s personal data accordingly.
The customer can, of course, revoke his consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up to the revocation. The revocation can be sent in writing to the address of Spectas AG mentioned at the beginning. However, it is also sufficient to send an e-mail to the address firstname.lastname@example.org. However, some of the services and functions will no longer be available to the customer thereafter.
N) Links to other websites
The Spectas AG website contains hyperlinks to third-party websites that are not operated or controlled by Spectas AG. Spectas AG is not responsible for their content or data protection practices.
O) Additional regulations for customers from the EU area
The following provisions are only applicable to customers from the EU area, they do not apply to Swiss customers.
P) Legal bases of the processing
The processing of data for the purposes mentioned in point 5 is carried out in accordance with Article 6 para. 1 letter b DSGVO for the performance of the contract. The subject of the contract are the above mentioned services. Likewise, the processing of data, as described above, is carried out to protect the legitimate interests of Spectas AG (Article 6 (1) (f) DSGVO). These are to improve products and services (including delivery of direct mail), to monitor and improve the performance of the service, and to detect, prevent or detect illegal activities. Furthermore, the data will be processed in accordance with article 6 para. 1 letter c DSGVO for the fulfillment of legal obligations (e.g. storage and documentation obligations of Spectas AG).
This includes in particular the personal master data. If the Customer is of the opinion that one or more of the purposes mentioned in Section 5 is/are not covered by the legal bases mentioned above, the Customer may request the Provider to stop processing its personal data for certain individual purposes (opt-out). Such opt-out does not prevent the customer from further use of the SaaS services of Spectas AG, provided that such use does not necessarily require the corresponding data processing.
The customer can send such an opt-out in writing to the address of Spectas AG mentioned at the beginning. However, it is also sufficient to send an e-mail to the address email@example.com.
Q) Right of appeal
If the customer is of the opinion that the processing of personal data concerning him violates the GDPR, he has the right to lodge a complaint with a competent supervisory authority pursuant to Article 77 GDPR. Spectas AG will, of course, be pleased to receive customer questions and requests in advance of a complaint. For this purpose, the customer may contact Spectas AG in writing or by e-mail (firstname.lastname@example.org). This document is a machine translation of the original document written in German. This translation is provided for convenience and informational purposes only. It is not a certified or official translation. Users of this document are advised to refer to the original German version for legal or official purposes.
Last version: July 2023