Data protection app.smino.ch
Smino AG, Werkstrasse 20, 8645 Rapperswil-Jona, is the operator of the smino app and the services offered on it and is therefore responsible for the collection, processing and use of your personal data (“personal data” in this Privacy Policy) and the compliance of the data processing with the applicable data protection law.
Your trust is important to us, which is why we take the issue of data protection seriously and pay attention to appropriate security. depending on the processing (term in the GDPR) or processing (term in the FADP) (uniformly referred to as “processing” in this privacy policy) of your personal data, in addition to the applicable Swiss law (Federal Act on Data Protection of September 25, 2020, in force from September 1, 2023, hereinafter referred to as “FADP”). September 2023 (hereinafter FADP, SR 235.1), European data protection law (Regulation (EU) 2016/679 (hereinafter General Data Protection Regulation, GDPR)) may also or exclusively apply, in particular in the context of the use of our app and the monitoring of the behavior of data subjects residing in the EU (Art. 3 para. 2 lit. b GDPR).
I. Name and address of the controller
Responsible:
Smino AG
Werkstrasse 20
8645 Rapperswil-Jona
Switzerland
E-mail: info@smino.com
Tel: +41 55 552 12 50
II. How we process your personal data
1. use of our app
Data processing: When you use our app, your device automatically sends information to the server of our app.
This information is temporarily stored in a so-called log file.
Personal data: The following personal data is collected without any action on your part and stored until it is automatically deleted:
- the IP address of the requesting device
- the name of the owner of the IP address range (usually your Internet access provider)
- the date and time of access
- the app from which the access was made (referrer URL) with the search term used, if applicable
- the name and URL of the retrieved file
- the status code (e.g. error message)
- the operating system of your device
- the version of the app you are using
- If applicable, your user name from a registration/authentication
Purpose: The purpose of collecting and processing this data is to enable the use of our app (connection establishment), to ensure system security and stability in the long term, to enable the optimization of our offer and for internal statistical purposes.
Service provider: Our app is hosted by Microsoft Azure in Switzerland or Germany.
A service of Microsoft Ireland Operations Ltd. in South County Business Park, One Microsoft Place, Carmanhall and Leopardstown, Dublin, D18 P521, Ireland (“Microsoft“).
The hoster has access to the app and thus to your personal data in the event of support.
Microsoft is obliged by an agreed order processing contract and the current standard contractual clauses to process your personal data only in accordance with our instructions, to delete it irrevocably after the order and to comply with the relevant data protection regulations.more information on the handling of user data by this service provider can be found in the privacy policy at:
Microsoft: https://privacy.microsoft.com/de-de/privacystatement
Processing principles: We process your personal data in accordance with the processing principles set out in Art. 6 to 8 FADP.
In addition, the processing of your personal data with regard to the US services is carried out with your express consent in accordance with Art. 6 para.
1 sentence 1 lit.
f GDPR.
If you consent to the processing by Microsoft, you therefore also consent to your personal data being processed in accordance with Art. 17 FADP and Art. 49 para.
1 lit.
a GDPR to be transferred to the USA.
In addition, our legitimate interest in the processing of your personal data pursuant to Art. 6 para.
1 sentence 1 lit.
f GDPR would exist.
Necessity: This information is necessary for the app to function.
Retention period: The log files created for the purpose of using the app are stored in accordance with the relevant legal provisions for as long as is necessary to fulfill the aforementioned purposes.
2. contact
- E-mail address
- Salutation
- First name
- Last name
- IP address
- Device token (for push notifications)
Microsoft: https://privacy.microsoft.com/de-de/privacystatement
Slack: https://slack.com/intl/de-de/privacy-policy
Firebase/Google: https://firebase.google.com/support/privacy
Crisp: https://crisp.chat/en/privacy/
Processing principles: We process your personal data in accordance with the processing principles set out in Art. 6 to 8 FADP.
In addition, the processing of your personal data with regard to the US services is carried out with your express consent in accordance with Art. 6 para.
1 sentence 1 lit.
f GDPR.
If you consent to the processing by Microsoft, Firebase and Slack, you therefore also consent to your personal data being processed in accordance with Art. 17 FADP and Art. 49 para.
1 lit.
a GDPR to be transferred to the USA.
The processing of your personal data would also be necessary, at your request, for the performance of contractual measures pursuant to Art. 6 para.
1 sentence 1 lit.
b GDPR would be lawful.
In addition, in the case of a general request, our legitimate interest in the processing of your personal data pursuant to Art. 6 para.
1 sentence 1 lit.
f GDPR would exist.
Necessity: This processing activity is not necessary for the functionality of the app.
Retention period: The data stored for the purpose of establishing contact will be stored in accordance with the relevant legal provisions and for as long as is necessary to fulfill the aforementioned purposes.
3. use of external technologies for marketing and analysis purposes
We use cookies and pixel technologies on our websites for marketing and analysis purposes.
You can find the cookie and pixel policy here.
Cookies are small text files that are stored on your end device and can be read.
A distinction is made between session cookies, which are deleted again as soon as you close your browser
, and permanent cookies, which are stored beyond the individual session.
Cookies can contain data that makes it possible to recognize the device used.
In some cases, however, cookies only contain information on certain settings that are not personally identifiable.
You can set your browser so that it informs you about the placement of cookies.
This makes the use of cookies transparent for you.
You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies.
Please note that our websites will then not be displayed optimally and numerous basic functions will no longer be technically available.
We use session cookies and permanent cookies on our websites.
We process your personal data with regard to cookies in accordance with the principles set out in Art. 6 to 8 FADP.
You can find detailed information in the following sections of this privacy policy.
a) Use of US technologies
(1) Use of social media plugins
Facebook, Instagram, YouTube, Linkedin plugin: We operate social media profiles on Facebook(https://www.facebook.com/sminocom/), Instagram (https://www.instagram.com/smino_culture/), Linkedin (https://www.linkedin.com/company/smino/) and YouTube (https://www.youtube.com/@sminoag/).
You can contact us via these profiles.
We have also placed social media buttons from Facebook, Instagram, Linkedin and YouTube on our website so that you can easily link to our Facebook, Instagram, Linkedin and YouTube profiles.
Your personal data will only be processed when you click on the Facebook, Instagram, Linkedin or YouTube social media button or embedded images or contact us on Facebook, Instagram, Linkedin or YouTube.
The data collected is also anonymized and then used in the form of statistics.
A recognizable marker is also set.
When you click on the YouTube social media button: We use the “extended data protection mode” option provided by YouTube.
According to YouTube, in “extended data protection mode” your data, in particular which of our websites you have visited and your IP address, will only be transmitted to the YouTube server in the USA when you watch the video.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile.
You can prevent this by logging out of your YouTube account.
Personal data: The following personal data is processed:
- User behavior
- IP address
- Connection data
- Devices and browser information
- Data about the content accessed when clicking on social media buttons
- User name or first and last name
- Possibly picture, data that you send us in the course of contacting us
Purpose:The Facebook, Instagram, Youtube, Linked plugin serve to structure our website and are used to place other web content on our website.The implementation of Youtube videos also serves to structure our website and is used to place other web content on our website.
By clicking on the respective video or social media button, you will be redirected to the website of the respective provider.
We have no influence on the processing of personal data on third-party websites and refer you to the information in section 2 of this privacy policy.
Service provider: The provider of the Facebook and Instagram plugins is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook“)
The provider of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (“YouTube“).
The provider of the Linkedin plugin is LinkedIn Corp, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA (“YouTube“).
You can find more information on how Facebook and Pinterest handle user data in the respective privacy policies:
Facebook:https://www.facebook.com/about/privacy/
Youtube:https://www.google.de/intl/de/policies/privacy
LinkedIn: https://www.linkedin.com/legal/privacy-policy
Processing principles:We process your personal data in accordance with the processing principles set out in Art. 6 to 8 FADP.
In addition, the processing of your personal data with regard to the US services is carried out with your express consent in accordance with Art. 6 para.
1 sentence 1 lit.
f GDPR.
If you consent to the processing by Facebook, YouTube and LinkedIn, you therefore also consent to your personal data being processed in accordance with Art. 17 FADP and Art. 49 para.
1 lit.
a GDPR are transmitted to the USA.
Necessity: This processing activity is not necessary for the functionality of the website.
Retention period: With regard to the Facebook, Instagram, YouTube and LinkedIn plugins, cookies can be stored on your end device for up to 10 years.
Data processed in connection with your contact via Facebook or Instagram or Linkedin will be deleted after 1 year, unless we have a retention obligation of 5 or 10 years for the communication.
3. use of external technologies
(1) Use of cookie and pixel technologies
We use cookies in our app for marketing and analysis purposes.
You can find the cookie policy here.
(2) Use of Mailjet newsletter technologies
Data processing: We use the newsletter to inform you about us and our offers and promotions.
The data stored when you register to receive the newsletter will be transmitted to Mailjet and stored.
Mailjet also has access to the above-mentioned personal data in the event of support.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and Mailjet’s servers after you unsubscribe from the newsletter.
Mailjet also offers various options for analyzing how the newsletters sent are opened and used, e.g. how many users an email was sent to, whether emails were rejected and whether users unsubscribed from the list after receiving an email.
These analyses are group-related and are not used by us for individual evaluation.
If you consent to the sending of the newsletter, you therefore also consent to the analysis by Mailjet.
Furthermore, we use Mailjet for transactional e-mails, e.g. to inform about the progress of certain processes (e.g. message regarding changes to a task, message regarding newly uploaded plans).
Personal data: The following personal data is processed:
- E-mail address
- Salutation
- First name
- Last name
- IP address
- Device token (for push notifications)
Purpose: The data in question is processed for the purpose of sending out newsletters and analyzing newsletters.
Service provider: We use the Mailjet service to send our newsletter.
The provider of Mailjet is Mailgun Technologies, Inc.112
E Pecan St. #1135, San Antonio, 78205 Texas, USA (“Mailjet”).
You can find more information on how Mailjet handles user data in the respective privacy policy: https://www.mailjet.com/legal/privacy-policy/
Processing principles: We process your personal data in accordance with the processing principles set out in Art. 6 to 8 FADP.
In addition, your personal data is processed with your consent.
If you consent to the processing by Mailjet, you therefore also consent to your personal data being processed in accordance with Art. 17 FADP and Art. 49 para.
1 lit.
a GDPR to be transmitted to the USA.
You can revoke your consent to the storage of your data and email address and their use for sending the newsletter at any time, for example via the “Unsubscribe” link in the newsletter or by sending an email to hc.onims@ofni.
The legality of the data processing operations that have already taken place remains unaffected by the revocation.
Necessity: This processing activity is not necessary for the functionality of the app
Retention period: The data stored for the purpose of sending newsletters, analysis and transactional e-mails will be stored in accordance with the relevant legal provisions and for as long as is necessary to fulfill the aforementioned purposes or you withdraw your consent to the processing of this personal data.
- IP address
- Project data
III Disclosure to third parties
Your personal data will not be transferred to third parties for purposes other than those listed or to contractors other than those listed and their subcontractors.
Third parties are, for example, technology providers for the optimal operation of the app and social media presences as well as for the provision of the services listed above.
An order processing contract has been concluded with third parties who are subject to the FADP or the GDPR and process your personal data on our behalf.
Third parties will only process your personal data on our instructions and will irrevocably delete your personal data after the order and comply with the relevant data protection regulations.
IV. Personal data transfers to third countries without an adequate level of data protection
No disclosure is made to third countries without an adequate level of data protection or only under the contractual obligation to comply with an adequate level of data protection (EU standard clauses).
Personal data is only transferred to third countries if the data protection requirements of Art. 6 FADP or Art. 44 et seq. GDPR are met.
A third country is a country outside Switzerland or the European Economic Area (EEA) in which Swiss data protection law or the European GDPR is not directly applicable.
A third country is considered unsafe if, according to the FDPIC or the EU Commission, the country does not have an adequate level of data protection.
With the ECJ ruling of July 16, 2020 (C-311/18), the adequacy decision for the USA was declared invalid.
The FDPIC has also withdrawn adequacy from the USA.
The USA is therefore a so-called unsafe third country.
If personal data is transferred to the USA, there is a risk that US authorities could gain access to the personal data.
Swiss citizens have no effective legal protection against such access in the USA.
In this data protection information, we inform you when and how we transfer personal data to the USA or other insecure third countries.
V. Data security
We take appropriate measures to ensure that your personal data cannot be viewed or stolen by third parties without authorization.
In particular, we take appropriate technical (e.g. firewall, password protection, SSL encryption, etc.) and organizational (e.g. restriction of authorized persons, training of authorized persons, etc.) measures to ensure that only authorized persons have access to this data.
Our data processing and security measures are continuously improved in line with technological developments.
Personal data is any information relating to an identified or identifiable natural person, including name, address, telephone number or e-mail or IP address.
We use SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator.
You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
VI Retention period
We will retain your personal data for as long as we consider it necessary or appropriate to comply with applicable laws or for as long as it is necessary for the purposes for which it was collected.
We delete your personal data as soon as it is no longer required and in any case after expiry of the maximum statutory retention period of five or ten years.
Data that is no longer required and for which there is no legal obligation to retain it will be destroyed once the purpose and justification no longer apply.
In detail, we store your data for the following period:
We retain data that we process by law for the statutory retention period, for example if this is required by labor, social security or tax law or the Business Records Ordinance;
We retain data that we require for the performance of a contract for at least the duration of the contract and for a maximum of 10 years thereafter, unless we require the data to assert our rights;
We retain data that we process to protect our legitimate interests for a maximum of ten years after the end of the contractual relationship, unless we need the data to assert our rights.
VII. Your rights
- to request information about your personal data processed by us.
In particular, information pursuant to Art. 8 FADP or Art. 15 GDPR may contain information:
- on the purposes of processing
- the category of personal data
- the categories of recipients to whom your data has been or will be disclosed
- the planned storage period
- the existence of a right to rectification, erasure, restriction of processing or objection
- the existence of a right of appeal
- the origin of your data, if it was not collected by us
- the existence of automated decision-making, including profiling and, where applicable, meaningful information about its details
- to immediately request the correction of incorrect or incomplete personal data stored by us (Art. 5 para. 2 FADP and Art. 16 GDPR);
- to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR (Art. 15 FADP or Art. 18 GDPR);
- to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request the transmission to another controller (Art. 20 GDPR)
- to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims (Art. 15 FADP or Art. 17 GDPR);
- to withdraw your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future (Art. 7 para. 3 GDPR);
- object to the processing if your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR (Art. 21 GDPR) and insofar as there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation;
- to lodge a complaint with a supervisory authority (see above) (Art. 77 GDPR).
VIII. Up-to-dateness and amendment of this privacy policy
We reserve the right to change this privacy policy at any time or to adapt it to new processing methods.