Privacy Policy
The protection of your personal data, such as date of birth, name, phone number, address, etc., is a major concern for us.
The purpose of this privacy policy is to inform you about the processing of your personal data that we collect during your visit to our site. Our privacy practices are in compliance with the legal regulations of the Federal Act on Data Protection (FADP) of Switzerland and the General Data Protection Regulation (GDPR) of the EU. The following privacy policy serves to fulfill the information obligations from the FADP and the GDPR. These can be found, for example, in Art. 19 et seq. FADP and Art. 13 et seq. of the GDPR.
Owner or Responsible Entity
The responsible party within the meaning of Art. 5 lit. j FADP or Art. 4 No. 7 GDPR is the one who alone or together with others decides on the purposes and means of processing personal data. The responsible party according to Art. 4 No. 7 GDPR is also the recipient of the personal data in the sense of Art. 4 No. 9 GDPR. Any third-party recipient will be identified separately.
In regard to our website, the owner or responsible entity is:
Prolog AG
Hammerstrasse 44
4058 Basel
Switzerland
Email:
mail@prolog.work
Tel.: +41 61 563 11 55
Provision of the Website and Creation of Log Files
Each time our website is accessed, our system automatically collects data and information from the device accessing it (e.g., computer, mobile phone, tablet, etc.).
What personal data is collected and to what extent is it processed?
(1) Information about the browser type and version used;
(2) The operating system of the accessing device;
(3) Hostname of the accessing computer;
(4) The IP address of the accessing device;
(5) Date and time of access;
(6) Websites and resources (images, files, other page content) accessed
on our website;
(7) Websites from which the user's system reached our website (referrer
tracking);
(8) Notification of whether the access was successful;
(9) Amount of data transmitted
This data is stored in the log files of our system. This data is not stored together with personal data of a specific user, so individual site visitors are not identified.
Legal Basis for Processing Personal Data
The processing of personal data is based on the principle of legality (Art. 6 para. 1 FADP) and good faith (Art. 6 para. 2 FADP or Art. 2 CC) as well as Art. 6 para. 1 lit. f GDPR (legitimate interest).
Purpose of Data Processing
The temporary (automated) storage of data is necessary for the course of a website visit to enable delivery of the website. The storage and processing of personal data are also carried out to maintain the compatibility of our website for as many visitors as possible and for fraud prevention and troubleshooting. It is necessary to log the technical data of the accessing computer in order to be able to react as early as possible to display errors, attacks on our IT systems, and/or functionality errors of our website. Moreover, the data is used for optimizing the website and for general safeguarding of the security of our information technology systems.
Duration of Storage
The deletion of the aforementioned technical data occurs as soon as they are no longer needed to ensure the compatibility of the website for all visitors, but no later than 3 months after accessing our website.
Options for Restriction, Objection, Correction, and Deletion
You may request the restriction of processing according to Art. 18 GDPR at any time or object to processing according to Art. 21 GDPR, as well as request correction or deletion of data according to Art. 16 or 17 GDPR. You can find out what rights you have and how to assert them in the lower part of this privacy policy.
Special Features of the Website
Our site offers you various functions, during the use of which we collect, process, and store personal data. Below we explain what happens with these data:
Newsletter Subscription Form
What personal data is collected and to what extent is it processed?
By subscribing to the newsletter on our website, we receive the email address entered in the registration field and possibly other contact details if you provide them via the newsletter subscription form.
Legal Basis for Processing Personal Data
The processing of personal data is based on the principle of legality (Art. 6 para. 1 FADP) and good faith (Art. 6 para. 2 FADP or Art. 2 CC) as well as Art. 6 para. 1 lit. a GDPR (consent by a clear affirmative action or behavior).
Purpose of Data Processing
The data collected in the registration form of our newsletter is used exclusively for sending our newsletter, in which we inform about all our services and news. After registration, we will send you a confirmation email containing a link that you must click to complete the subscription to our newsletter (Double Opt-In). This gives your consent to data processing according to Art. 6 para. 6 FADP.
Duration of Storage
Our newsletter can be canceled at any time by clicking on the unsubscribe link included in every newsletter. Your data will be deleted immediately after unsubscribing, unless there are legal retention obligations. Likewise, your data will be deleted immediately by us in the event of an incomplete registration. We reserve the right to delete without stating reasons and without prior or subsequent information.
Options for Restriction, Objection, Correction, and Deletion
You may request the restriction of processing according to Art. 18 GDPR at any time or object to processing according to Art. 21 GDPR, as well as request correction or deletion of data according to Art. 16 or 17 GDPR. You can find out what rights you have and how to assert them in the lower part of this privacy policy.
Necessity of Providing Personal Data
If you wish to use our newsletter, you must fill in the fields marked as mandatory and confirm your email address by clicking the Double Opt-In link. The information for the newsletter registration is necessary to be able to use the newsletter offer. The information is used exclusively for sending our newsletter. If you do not fill in the mandatory fields, we cannot provide you with our newsletter service.
Disclosure of Information to Third Parties
The processing of personal data is based on the principle of legality (Art. 6 para. 1 FADP) and good faith (Art. 6 para. 2 FADP or Art. 2 CC).
The disclosure of information to third parties is based on the extent of activities or offers on our website or our business model described below.
In general, we retain your information only as long as necessary and treat it confidentially. Exceptions include the transfer of personal data to debt collection service providers, public authorities and bodies, and private individuals who have a claim under statutory provisions, judicial decisions, or administrative orders, as well as the transfer to authorities for the purpose of initiating legal proceedings or for law enforcement purposes if our legally protected rights are attacked.
Statistical Analysis of Visits to this Website - Web Trackers
When accessing this website or individual files of the website, we collect, process, and store the following data: IP address, website from which the file was retrieved, name of the file, date and time of access, amount of data transferred, and notification of the success of the retrieval (web log). We use these access data exclusively in non-personalized form for the continuous improvement of our internet offer and for statistical purposes.
The processing of any personal data is based on the principle of legality (Art. 6 para. 1 FADP) and good faith (Art. 6 para. 2 FADP or Art. 2 CC). We also use the following web trackers for evaluating visits to this website:
Google Analytics
Scope of Processing Personal Data
On our website, we use the web tracking service of Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/ (hereinafter: Google Analytics). Google Analytics uses cookies stored on your computer to enable the analysis of your use of our website and your browsing behavior (tracking). We conduct this analysis based on Google Analytics' tracking service to continually optimize and make our internet offer more accessible. When using our website, data, such as your IP address and user activities, are transmitted to the servers of Google Ireland Limited. We conduct this analysis based on Google's tracking service for the continuous optimization and accessibility of our internet offer. We also need web tracking for security reasons. Web tracking allows us to track whether third parties attack our website. The web tracker's information helps us take effective countermeasures and protect the personal data we process from these cyber attacks. By activating IP anonymization within the Google Analytics tracking code of this website, your IP address is anonymized by Google Analytics before transmission. This website uses a Google Analytics tracking code extended by the operator gat._anonymizeIp(); to allow only an anonymized collection of IP addresses (so-called IP masking).
Legal Basis for Processing Personal Data
The legal basis for data processing is according to Art. 13 para. 1 FADP or Art. 6 para. 1 lit. a GDPR your consent in our cookie and web tracking notice banner (consent by a clear affirmative action or behavior).
Purpose of Data Processing
On our behalf, Google will use this information to evaluate your visit to this website, compile reports on website activities, and provide other services related to website usage and internet usage to us. We also need web tracking for security reasons. Web tracking allows us to track whether third parties attack our website. The web tracker's information helps us take effective countermeasures and protect the personal data we process from these cyber attacks.
Duration of Storage
Google will store the data relevant to providing the web tracking service as long as necessary to fulfill the booked web service. Data collection and storage are anonymized. If there should be a personal reference, the data will be deleted immediately, unless they are subject to legal retention obligations. In any case, deletion will take place after the retention period has expired.
Options for Objection and Deletion
You can prevent the collection and forwarding of personal data to Google (especially your IP address) and the processing of this data by Google by deactivating the execution of script code in your browser or activating the "Do Not Track" setting of your browser. You can also prevent the collection of data generated by the Google cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link http://tools.google.com/dlpage/gaoptout?hl=de. Google's security and privacy policies can be found at https://policies.google.com/privacy.
Google Tag Manager
What Personal Data is Collected and to What Extent is it Processed?
On our website, we use the service Google Tag Manager from Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/ (hereinafter: Google Tag Manager). Google Tag Manager provides a technical platform to execute and control other web services and web tracking programs using so-called "tags". In this context, Google Tag Manager stores cookies on your computer and analyzes, if web tracking tools are executed via Google Tag Manager, your browsing behavior (tracking). The data sent by the individual tags integrated into Google Tag Manager are combined, stored, and processed by Google Tag Manager under a unified user interface. All integrated "tags" are listed again separately in this privacy policy. Further information on the privacy of tools integrated into Google Tag Manager can be found in the respective section of this privacy policy. When using our website with active integration of tags from Google Tag Manager, data, such as your IP address and user activities, are transmitted to the servers of Google Ireland Limited. The regulations for the web services integrated via Google Tag Manager apply in the respective section of this privacy policy. The tracking tools used in Google Tag Manager ensure by IP anonymization of the source code that the IP address is anonymized by Google Tag Manager before transmission. Google Tag Manager only allows the anonymized collection of IP addresses (so-called IP masking).
Legal Basis for Processing Personal Data
The legal basis for data processing is according to Art. 13 para. 1 FADP or Art. 6 para. 1 lit. a GDPR your consent in our cookie and web tracking notice banner (consent by a clear affirmative action or behavior).
Purpose of Data Processing
On our behalf, Google will use the information obtained through Google Tag Manager to evaluate your visit to this website, compile reports on website activities, and provide other services related to website and internet usage to us.
Duration of Storage
Google will store the data relevant for the function of Google Tag Manager as long as necessary to fulfill the booked web service. Data collection and storage are anonymized. If there should be a personal reference, the data will be deleted immediately, unless they are subject to legal retention obligations. In any case, deletion will take place after the retention period has expired.
Options for Objection and Deletion
You can prevent the collection and forwarding of personal data to Google (especially your IP address) as well as the processing of this data by Google by deactivating the execution of script code in your browser, installing a script blocker in your browser, or activating the "Do Not Track" setting of your browser. Additionally, you can prevent the collection of data generated by the Google cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link http://tools.google.com/dlpage/gaoptout?hl=de. Google's security and privacy principles can be found at https://policies.google.com/privacy.
Integration of External Web Services and Processing of Data Outside the EU
On our website, we use active content from external providers, known as web services. By accessing our website, these external providers may receive personal information about your visit to our website. It is possible that data processing may occur outside of Switzerland and the EU. You can prevent this by installing an appropriate browser plugin or disabling the execution of scripts in your browser, which may lead to functional restrictions on websites you visit.
We use the following external web services:
Amazon
On our site, we use the Amazon service of Amazon Digital Germany GmbH (Domagkstr. 28, 80807 München), as well as the following companies: Amazon Europe Core S.à.r.l., Amazon EU S.à.r.l, Amazon Services Europe S.à.r.l., and Amazon Media EU S.à.r.l., all located at: 38, avenue John F. Kennedy, L-1855 Luxembourg, Luxembourg, Email: privacyshield@amazon.com, Website: https://amazon.com/. According to the assessment of Swiss authorities, processing takes place in secure third countries. You can find the list of states of Switzerland and further information under the following link: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html. The transmission and processing of personal data take place exclusively on servers in the European Union.
The legal basis for the transmission of personal data is your consent according to Art. 6 para. 6 FADP or Art. 31 para. 2 FADP and according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.
Data from our Amazon account is loaded onto our website via the Amazon REST API.
You can revoke your consent at any time. Further information on withdrawing your consent can be found either with the consent itself or at the end of this privacy policy.
For more information on the handling of transferred data, please refer to the provider's privacy policy at https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=201909010.
Amazon AWS
On our site, we use the Amazon AWS service of Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg, Luxembourg, Email: privacyshield@amazon.com, Website: http://aws.amazon.com/. According to the assessment of Swiss authorities, processing takes place in secure third countries. You can find the list of states of Switzerland and further information under the following link: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html. The transmission of personal data also occurs in the USA. Regarding the transmission of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission according to Art. 45 GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service operator is certified under the DPF, ensuring the standard level of protection of the GDPR for the transmission.
The legal basis for the transmission of personal data is our legitimate interest in processing according to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in achieving the purpose described below.
Amazon AWS is a cloud computing offering from Amazon, through which our site or individual elements of our site are downloaded. The separate AWS cloud enables us to download our website and its services from faster servers.
Regarding the processing, you have the right to object as stated in Art. 21 GDPR. Further information can be found at the end of this privacy policy.
For more information on the handling of transferred data, please refer to the provider's privacy policy at https://aws.amazon.com/de/privacy/?nc1=f_pr.
Information on the Use of Cookies
Scope of Personal Data Processing
On various pages, we integrate and use cookies to enable certain functions of our website and to integrate external web services. "Cookies" are small text files that your browser can store on your access device. These text files contain a characteristic string that uniquely identifies the browser when you return to our website. The process of storing a cookie file is also known as "setting a cookie". Cookies can be set both by the website itself and by external web services.
Legal Basis for Processing Personal Data
Relevant are Art. 6 et seq. DSG (Principles) as well as Art. 6 para. 1 lit. f GDPR (legitimate interest) or Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR (consent).
The applicable legal basis is indicated in the cookie table listed later in this section.
Generally, for cookies collected based on legitimate interest, our legitimate interest is to ensure the functionality of our website and the services integrated into it (technically necessary cookies). Moreover, cookies may enhance user-friendliness and allow a more personalized approach. Here, we have balanced your interests against ours.
With the help of cookie technology, we can only identify, analyze, and track individual website visitors if the website visitor has consented to the use of the cookie according to Art. 6 para. 6 DSG or Art. 6 para. 1 lit. a GDPR.
Purpose of Data Processing
Cookies set by our website or external web services are used to maintain the full functionality of our website, to improve user-friendliness, or to pursue the purpose indicated with your consent. Cookie technology also allows us to recognize individual visitors by pseudonyms, such as an individual or random ID, so that we can offer more personalized services. Details are listed in the following table.
Duration of Storage
The cookies listed below are stored in your browser until they are deleted or, in the case of a session cookie, until the session expires. Details are listed in the following table:
Cookie Name | Server | Provider | Purpose | Legal Basis | Storage Duration | Type |
---|---|---|---|---|---|---|
_ga | prolog.work | Google Analytics | This cookie assigns a user an ID so that the web tracker can aggregate the user's actions under this ID. | Consent | approx. 24 months | Analytics |
_ga_* | prolog.work | Google Analytics | This cookie stores a unique ID associated with Google Analytics or Google Tag Manager for a website visitor and tracks how the visitor uses the website. | Consent | approx. 24 months | Analytics |
Options for Objection, Withdrawal of Consent, and Deletion
You can configure your browser according to your preferences to generally prevent the setting of cookies. You can then decide on a case-by-case basis about accepting cookies or accept cookies in general. Cookies can be used for various purposes, e.g., to recognize that your access device is already connected to our website (permanent cookies) or to save recently viewed offers (session cookies). If you have expressly granted us permission to process your personal data, you can revoke this consent at any time. Please note that the legality of the processing based on the consent until the revocation is not affected by this.
Data Security and Privacy, Communication via Email
Your personal data are protected by technical and organizational measures during collection, storage, and processing, making them inaccessible to third parties. In the case of unencrypted communication via email, complete data security on the transmission path to our IT systems cannot be guaranteed, so we recommend encrypted communication or postal mail for information with a high need for confidentiality.
Duration of Data Storage and Rights of the Data Subject
Duration of Storage
We store personal data only to the extent and for as long as it is necessary for the purposes for which the personal data were collected, we have a legitimate overriding interest in their retention, or we are legally obligated to do so.
Right to Access
You have the right to request confirmation as to whether we are processing personal data concerning you. If this is the case, you have a right to information about the information named in 25 ff. DSG or Art. 15 para. 1 GDPR, provided that the provision of information by the data collection owner cannot be refused, restricted, or postponed (see Art. 26 f. DSG or Art. 15 para. 4 GDPR). We are also happy to provide you with a copy of the data.
Right to Rectification
According to Art. 32 para. 1 DSG or Art. 16 GDPR, you have the right to request the correction of incorrectly stored personal data (such as address, name, etc.), unless a legal obligation stands in the way. You can also request the completion of the data stored with us at any time. An appropriate adjustment will be made immediately.
Right to Erasure
According to Art. 17 para. 1 GDPR, you have the right to have us delete the personal data collected about you if
- the data are no longer needed;
- the legal basis for processing has ceased to exist due to the withdrawal of your consent;
- there are no legitimate reasons for processing;
- your data have been unlawfully processed;
- a legal obligation requires it.
The right does not apply according to Art. 17 para. 3 GDPR if
- processing is necessary for exercising the right to freedom of expression and information;
- your data have been collected based on a legal obligation;
- processing is necessary for reasons of public interest;
- the data are required for the establishment, exercise, or defense of legal claims.
Right to Restrict Processing
According to Art. 18 para. 1 GDPR, you have the right in certain cases to request the restriction of the processing of your personal data.
This is the case when
- you dispute the accuracy of the personal data;
- the processing is unlawful, and you oppose the deletion;
- the data are no longer needed for the purposes of processing but are required for the establishment, exercise, or defense of legal claims;
- an objection to processing has been lodged according to Art. 21 para. 1 GDPR, and it is not yet clear which interests prevail.
Right to Withdraw Consent
If you have given us express consent to process your personal data (Art. 6 para. 6 DSG and Art. 31 para. 1 DSG; Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR), you can revoke this at any time. Please note that the legality of processing based on consent until revocation is not affected by this. Information for which we are legally obligated to retain will be deleted after the retention period.
Right to Object
According to Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you, which has been collected based on Art. 6 para. 1 lit. f GDPR (within the scope of a legitimate interest). If you have given us express consent to process your personal data (Art. 6 para. 6 DSG and Art. 31 para. 1 DSG), you can revoke this at any time. Please note that the legality of processing based on consent until revocation is not affected by this. The right applies only if special circumstances speak against the storage and processing. Information for which we are legally obligated to retain will be deleted after the retention period.
How Do You Exercise Your Rights?
You can exercise your rights at any time by contacting the following details:
Prolog AG
Hammerstrasse 44
4058 Basel
Switzerland
Email:
mail@prolog.work
Tel.: +41 61 563 11 55
Right to Data Portability
According to Art. 20 GDPR, you have the right to have personal data concerning you transferred. We provide the data in a structured, common, and machine-readable format. The data can be transmitted either to yourself or to a controller designated by you.
We provide the following data upon request:
- Data collected based on consent (Art. 31 para. 1 DSG and Art. 6 para. 1 lit. a GDPR);
- Data we have received from you in the context of existing contracts (Art. 31 para. 2 lit. a DSG and Art. 6 para. 1 lit. b GDPR and Art. 9 para. 2 lit. a GDPR);
- Data processed in an automated procedure.
We will transfer the personal data directly to a controller of your choice, as far as technically feasible. Please note that we may not or only partially transfer data that interferes with predominant interests of third parties according to Art. 26 para. 1 lit. b DSG or Art. 20 para. 4 GDPR.
Notifications to the FDPIC and Right to Lodge a Complaint
Affected persons can make a report to the supervisory authority according to Art. 49 DSG if there are sufficient indications that a data processing might violate data protection regulations. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Further information can be found on the contact form of the FDPIC: https://www.edoeb.admin.ch/edoeb/de/home/deredoeb/kontakt.html
If you suspect that your data is being processed unlawfully on our site, you can, according to Art. 32 DSG, bring about a judicial clarification of the issue. Typically, this would involve a lawsuit according to Art. 28 et seq. ZGB. If you are affected by data processing by federal bodies, the procedure is governed by Art. 41 DSG. You can also contact the FDPIC in this case (see the note on the contact form above).
Right to Lodge a Complaint with the Supervisory Authority According to Art. 77 Para. 1 GDPR
If you suspect that your data is being processed unlawfully on our site, you can of course bring about a judicial clarification of the issue at any time. Any other legal recourse is also open to you. In addition, according to Art. 77 para. 1 GDPR, you have the option to complain to a supervisory authority. The right to complain according to Art. 77 GDPR is available to you in the EU Member State of your residence, your workplace, and/or the place of the alleged infringement, i.e., you can choose the supervisory authority to which you turn from the above-mentioned locations. The supervisory authority with which the complaint was filed will then inform you of the status and results of your submission, including the possibility of a judicial remedy according to Art. 78 GDPR.