Data Privacy Statement
The responsible entity in accordance with data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:
Flooat AG c/o Andreas Ackermann
Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Federal Act on Data Protection (FADP), every person has the right to privacy and protection against misuse of their personal data. The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the applicable data protection regulations and this privacy statement.
In cooperation with our hosting providers, we strive to protect the databases as effectively as possible against unauthorized access, loss, misuse, or falsification.
We would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.
By using this website, you agree to the collection, processing, and use of data as described below. This website can be visited without registration. Data such as pages accessed or names of the accessed file, date, and time are stored on the server for statistical purposes without these data being directly related to your person. Personal data, such as name, address, or email address, are collected on a voluntary basis as far as possible. Without your consent, no data will be disclosed to third parties.
Processing of Personal Data
Personal data refers to any information relating to a specific or identifiable person. A data subject is a person whose personal data is being processed. Processing includes any handling of personal data, regardless of the means and methods used, including collecting, disclosing, obtaining, deleting, storing, altering, destroying, and using personal data.
We process personal data in accordance with Swiss data protection law. In addition, we process personal data in accordance with the following legal bases under the EU General Data Protection Regulation (GDPR) to the extent applicable, in relation to Article 6(1) of the GDPR:
- Consent (Article 6(1)(a) of the GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
- Contractual performance and pre-contractual inquiries (Article 6(1)(b) of the GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures requested by the data subject.
- Legal obligation (Article 6(1)(c) of the GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Protection of vital interests (Article 6(1)(d) of the GDPR) – Processing is necessary to protect the vital interests of the data subject or another natural person.
- Legitimate interests (Article 6(1)(f) of the GDPR) – Processing is necessary for the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
- Application process as pre-contractual or contractual relationship (Article 9(2)(b) of the GDPR) – To the extent that special categories of personal data within the meaning of Article 9(1) of the GDPR (e.g. health data, such as disability status or ethnic origin) are requested from applicants during the application process, in order for the controller or the data subject to exercise their rights arising from labor law and social security and social protection law and to fulfill their respective obligations, the processing is carried out in accordance with Article 9(2)(b) of the GDPR, in the case of protecting the vital interests of the applicants or other persons pursuant to Article 9(2)(c) of the GDPR, or for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, for medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services pursuant to Article 9(2)(h) of the GDPR. In the case of voluntary consent-based disclosure of special categories of data, the processing is based on Article 9(2)(a) of the GDPR.
We process personal data for the duration necessary for the respective purpose or purposes. For longer retention obligations based on legal and other obligations to which we are subject, we restrict the processing accordingly.
Relevant Legal Bases
We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.
These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, the erasure of data, and responses to data breaches. Additionally, we consider data protection in the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and default privacy settings.
Transmission of Personal Data
As part of our processing of personal data, it may be necessary to transmit or disclose the data to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, IT service providers or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to ensure the protection of your data.
Data Processing in Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if the processing takes place as part of the use of services from third parties or the disclosure or transfer of data to other persons, entities or companies, this is done in accordance with legal requirements.
Unless there is explicit consent or contractual or legal obligation for data transfer, we process data in third countries only with a recognized level of data protection, contractual obligations through EU Commission’s standard contractual clauses, certification, or binding corporate rules (Art. 44 to 49 of the GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).
The following types of cookies and functions are distinguished:
- Temporary Cookies (also known as Session or Session Cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their browser.
- Permanent Cookies: Permanent cookies remain stored even after the browser has been closed. For example, the login status can be stored or preferred content can be displayed directly when the user visits a website again. Similarly, user interests that are used for measuring reach or marketing purposes can be stored in such a cookie.
- First-Party Cookies: First-party cookies are set by us ourselves.
- Third-Party Cookies: Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
- Necessary Cookies (also known as essential or strictly necessary cookies): Cookies may be strictly necessary for the operation of a website (e.g. to store logins or other user inputs, or for security reasons).
- Processed data types: Usage data (e.g., visited web pages, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
- Data subjects: Users (e.g., website visitors, users of online services).
- Legal bases: Consent (Art. 6 (1) sentence 1 lit. a GDPR), Legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR).
- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- More information from Hubspot regarding EU privacy regulations
- More information on cookies set by Hubspot in a visitor’s browser
- More information on cookies set on Hubspot websites
Storage duration: Unless we provide explicit information on the storage duration of permanent cookies (e.g. as part of a cookie opt-in), please assume that the storage duration can be up to two years.
Data Privacy Statement for SSL/TLS Encryption
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as the website operator. You can recognize an encrypted connection by the change of the browser’s address bar from “http://” to “https://” and by the lock symbol in your browser’s address bar.
When SSL/TLS encryption is enabled, the data you transmit to us cannot be read by third parties.
Data Privacy Statement for Server Log Files
The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:
These data cannot be attributed to specific individuals. We do not merge this data with other data sources. We reserve the right to retrospectively check this data if we become aware of specific indications of illegal use.
This website may use Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam, and YouTube for embedding videos.
Google has committed to ensuring adequate data privacy in accordance with the American-European and American-Swiss Privacy Shield frameworks.
If you submit inquiries to us via a contact form, the information provided in the inquiry form, including the contact details you provide, will be stored by us for the purpose of processing the inquiry and for any follow-up questions. We will not disclose this data to third parties without your consent.
If you subscribe to the newsletter offered on this website, we will need your email address and information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. No other data will be collected. We use this data exclusively for sending the requested information and do not disclose it to third parties.
You can revoke your consent to the storage of the data, the email address, and its use for sending the newsletter at any time, for example by using the “unsubscribe” link in the newsletter.
The use of contact data published in accordance with the imprint obligation for sending unsolicited advertising and information materials is hereby objected to. The operators of the website expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.
Use of Google Maps
This website uses the services of Google Maps, which allows us to display interactive maps directly on our website and enables you to use the map function conveniently. By visiting our website, Google receives information that you have accessed the corresponding subpage of our website, regardless of whether you have a Google account and are logged in or if you do not have an account. If you are logged in to your Google account, your data will be directly associated with your account. If you do not wish for this association with your Google profile, you must log out before activating the Google Maps feature. Google stores your data as usage profiles and uses them for advertising, market research, and/or to customize its website. Such evaluation is carried out, in particular (even for users who are not logged in), to provide targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. For more information on the purpose and scope of data collection and processing by Google, as well as your rights and privacy settings, please visit: www.google.com/intl/en/policies/privacy.
This website uses Google Conversion Tracking. If you have arrived at our website via an advertisement placed by Google Ads, a cookie will be placed on your computer by Google Ads. The cookie for conversion tracking is set when a user clicks on an advertisement placed by Google Ads. These cookies expire after 30 days and do not serve for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the advertisement and was redirected to that page. Each Google Ads customer receives a different cookie, so cookies cannot be tracked across the websites of Ads customers. The information obtained with the help of the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that personally identifies users.
If you do not wish to participate in tracking, you can refuse the setting of a cookie required for this purpose – for example, by configuring your browser to generally disable the automatic setting of cookies or by setting your browser to block cookies from the domain “googleleadservices.com”.
Please note that you must not delete the opt-out cookies as long as you do not wish to record measurement data. If you have deleted all your cookies in your browser, you must set the respective opt-out cookie again.
Use of Google Remarketing
This website uses the remarketing function of Google Inc. The function is used to present interest-based advertisements to website visitors within the Google advertising network. A so-called “cookie” is stored in the browser of the website visitor, which allows the visitor to be recognized when they visit websites that belong to the Google advertising network. On these pages, advertisements may be presented to the visitor that relate to content that the visitor has previously viewed on websites that use Google’s remarketing function.
Use of Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”. reCAPTCHA is used to determine whether data input on our websites (e.g., in a contact form) is done by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, duration of website visit, or mouse movements made by the user). The data collected during the analysis is transmitted to Google. The reCAPTCHA analysis runs completely in the background. Website visitors are not notified that an analysis is taking place.
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the data controller for data processing on this website is located outside the European Economic Area or Switzerland, then Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are collectively referred to as “Google” hereinafter.
The statistics obtained through Google Analytics allow us to improve our offering and make it more interesting for you as a user. This website also uses Google Analytics for cross-device analysis of visitor traffic, which is carried out via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your usage in the settings under “My Data” and “Personal Data” in your Google account.
The legal basis for the use of Google Analytics is Art. 6(1)(f) of the EU General Data Protection Regulation (GDPR). The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google. We would like to point out that this website has been extended with the code “_anonymizeIp();” for Google Analytics in order to ensure anonymized collection of IP addresses. This means that IP addresses are truncated and further processed, ruling out the possibility of identifying individuals. Therefore, if any data collected about you contains personal information, it will be immediately excluded, and the personal data will be deleted promptly.
In exceptional cases, the full IP address may be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website usage and internet usage to the website operator.
In addition, you can also prevent the use of Google Analytics by clicking on this link: Google Analytics Opt-out. This will store an opt-out cookie on your device, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your device, these opt-out cookies will also be deleted, which means that you will need to set the opt-out cookies again if you wish to continue preventing this form of data collection. The opt-out cookies are set per browser and device, so they need to be activated separately for each browser, device, or computer.
Google Tag Manager
Google Tag Manager is a solution that allows us to manage website tags, including integrating Google Analytics and other Google marketing services, through a user interface. The Tag Manager itself, which implements the tags, does not process any personal data of users. With regard to the processing of personal data of users, please refer to the information provided for the Google services. Usage policies: https://www.google.com/intl/de/tagmanager/use-policy.html.
Data Privacy Statement for Hubspot
Our website uses Hubspot, a marketing automation software provided by HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. HubSpot is a software company based in the USA with a European subsidiary in Ireland. Hubspot helps us analyze the usage of our portal by using cookies.
Certain usage data may be associated with your personal information (for example, after filling out a registration form) and stored in our CRM. This allows us to send you information and offers tailored to your interests.
Your personal data may also be transferred to servers of Hubspot in the United States (USA). The appropriate level of protection is ensured by HubSpot, Inc.’s participation in the EU-US Privacy Shield framework and its certification for compliance with its principles.
As part of our use of Hubspot, we have a legitimate interest pursuant to Art. 6(1)(f) of the General Data Protection Regulation (GDPR) in processing your personal data to provide you with customized information and offers. The legal basis for the processing of your personal data by us in connection with the use of Hubspot is Art. 6(1)(f) of the GDPR.
We store your personal data as long as it is necessary to provide you with customized information and offers.
The provision of personal data collected through Hubspot is not legally or contractually required or necessary for the conclusion of a contract. If you do not provide us with this data, we will not be able to provide you with customized information and offers.
Hubspot is certified under the EU-U.S. Privacy Shield Frameworks and is subject to TRUSTe’s Privacy Seal and the U.S.-Swiss Safe Harbor Framework.
This website uses features of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When you visit our pages with Facebook plug-ins, a connection is established between your browser and Facebook’s servers, and data is already transmitted to Facebook. If you have a Facebook account, this data can be linked to it. If you do not wish for this data to be associated with your Facebook account, please log out of Facebook before visiting our site. Interactions, such as using a commenting function or clicking on a “Like” or “Share” button, are also transmitted to Facebook. You can learn more at https://de-de.facebook.com/about/privacy.
Our website includes features of the Instagram service provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
We use the marketing services of the social network LinkedIn, provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”) within our online offering.
The information collected may include operating system information, browser information, the previously visited website (referrer URL), web pages visited by the user, offers clicked on by the user, and the date and time of your visit to our website.
The information generated by the cookie about your use of this website is pseudonymized and transmitted to a server of LinkedIn in the USA, where it is stored. LinkedIn does not store the name or email address of the respective user. The above-mentioned data is only associated with the user who generated the cookie. This does not apply if the user has allowed LinkedIn to process the data without pseudonymization or has a LinkedIn account.
You can prevent the storage of cookies by adjusting your browser settings accordingly; however, please note that in this case, you may not be able to fully utilize all the functions of this website. You can also directly object to the use of your data by LinkedIn at: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
We use LinkedIn Analytics to analyze the usage of our website and regularly improve it. The statistics obtained allow us to enhance our offerings and make them more interesting for you as a user. All LinkedIn companies have adopted standard contractual clauses to ensure that the necessary data traffic for the development, implementation, and maintenance of the services takes place lawfully to the United States and Singapore. If we ask users for consent, the legal basis for processing is Art. 6(1)(a) of the General Data Protection Regulation (GDPR). Otherwise, the legal basis for the use of LinkedIn Analytics is Art. 6(1)(f) GDPR.
For payment transactions, the terms and conditions and privacy policies of the respective payment service providers apply, which can be accessed within the respective website or transaction applications. We refer to these for further information and the exercise of revocation, information, and other data subject rights.
Newsletter – Mailchimp:
This website includes features of the service “YouTube”. “YouTube” is owned by Google Ireland Limited, a company registered and operated under Irish law, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the services in the European Economic Area and Switzerland.
Order Processing in Online Shop with Customer Account
We process our customers’ data in accordance with the data protection regulations of the Federal Government (Data Protection Act, DSG) and the EU General Data Protection Regulation (GDPR) as part of the order process in our online shop, in order to enable them to select and order the chosen products and services, as well as to process payment and delivery or execution.
The processed data includes master data (inventory data), communication data, contract data, payment data, and the data subjects affected by the processing are our customers, prospects, and other business partners. The processing is carried out for the purpose of providing contractual services within the scope of operating an online shop, billing, delivery, and customer services. For this purpose, we use session cookies, for example, for storing the contents of the shopping cart, and permanent cookies, for example, for storing the login status.
The processing is carried out on the basis of Art. 6(1)(b) (performance of contract) and Art. 6(1)(c) (legal obligation to archive) of the GDPR. The data marked as required for establishing and fulfilling the contract are necessary. We only disclose the data to third parties as part of delivery, payment, or in accordance with legal permissions and obligations. The data is only processed in third countries if necessary for contract fulfillment (e.g., at the customer’s request for delivery or payment).
Users can optionally create a user account, which allows them to view their orders. During registration, the users are informed about the required mandatory information. User accounts are not public and cannot be indexed by search engines such as Google. If users have terminated their user account, their data related to the user account will be deleted, subject to retention for commercial or tax law reasons in accordance with Art. 6(1)(c) of the GDPR. Information in the customer account will be retained until deletion with subsequent archiving in the case of a legal obligation. It is the users’ responsibility to secure their data before the end of the contract in case of termination.
As part of registration and re-login as well as the use of our online services, we store the IP address and the timestamp of the respective user action. The storage is based on our legitimate interests, as well as the users’ interest in protection against misuse and other unauthorized use. Generally, these data are not disclosed to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6(1)(c) of the GDPR.
Deletion takes place after the expiration of statutory warranty and similar obligations, and the necessity of data retention is reviewed at irregular intervals. In the case of legal archiving obligations, deletion takes place after their expiration.
Administration, Financial Accounting, Office Organization, Contact Management
We process data in accordance with the data protection regulations of the Federal Government (Data Protection Act, DSG) and the EU General Data Protection Regulation (GDPR) in the context of administrative tasks and the organization of our business, financial accounting, and compliance with legal obligations such as archiving. In this process, we process the same data that we process in the context of providing our contractual services. The legal bases for processing are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Customers, prospects, business partners, and website visitors are affected by the processing. The purpose and our interest in processing lie in the administration, financial accounting, office organization, and archiving of data, which are tasks that serve the maintenance of our business activities, the performance of our tasks, and the provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.
We disclose or transmit data to the tax authorities, consultants such as tax consultants or auditors, as well as other fee offices and payment service providers, based on our legitimate business interests.
Furthermore, based on our business interests, we store information about suppliers, event organizers, and other business partners, for example, for later contact. These predominantly business-related data are generally stored permanently.
Notice regarding data transfer to the USA
On our website, tools from companies based in the USA are integrated, among others. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to inform you that the USA is not considered a safe third country under EU data protection law. US companies are obliged to disclose personal data to security authorities without the possibility of legal recourse for affected individuals. It cannot be ruled out that US authorities (e.g. intelligence agencies) may process, analyze, and permanently store your data located on US servers for surveillance purposes. We have no control over these processing activities.
All information on our website has been carefully reviewed. We strive to offer up-to-date, accurate, and complete information in our content. However, the occurrence of errors cannot be completely ruled out, and therefore we cannot guarantee the completeness, accuracy, and timeliness of information, including journalistic and editorial content. Claims for damages of a material or non-material nature resulting from the use of the information provided are excluded, unless there is proven intentional or grossly negligent misconduct.
The publisher reserves the right to change or delete texts at its own discretion without prior notice and is not obligated to update the content of this website. The use or access of this website is at the visitor’s own risk. The publisher, its contractors, or partners are not responsible for damages, including direct, indirect, incidental, specifically determinable, or consequential damages, allegedly caused by visiting this website, and therefore assume no liability for such damages.
The publisher also assumes no responsibility or liability for the content and availability of third-party websites accessible via external links on this website. The operators of the linked pages are solely responsible for their content. The publisher expressly distances itself from all third-party content that may be illegal or liable to prosecution, or that violates good morals.
Contacting the Data Protection Officer