Privacy Policy | Intwine

General: As the operator of this website and as a company, we come into contact with your personal data. This refers to all data that says something about you and with which you can be identified. In this privacy policy, we would like to explain in what way, for what purpose, and on what legal basis we process your data. The abbreviation GDPR stands for EU General Data Protection Regulation and concerns persons in the EU who visit our site (hereinafter “persons from the EU”). The abbreviation DSG stands for Swiss Data Protection Act and concerns persons in Switzerland who visit our site (hereinafter “persons from Switzerland”). Sections of this data protection declaration which only concern persons from the EU are marked graphically in italics.

Responsible for the data processing on this website and in our company is:

Intwine GmbH
Hegibachstr. 42
8032 Zürich
hello@intwine.ch

SSL or TLS encryption: When you enter your data on websites, place online orders or send e-mails over the Internet, you must always be prepared for unauthorized third parties to access your data. There is no complete protection against such access. However, we do everything in our power to protect your data as best we can and to close security gaps as far as we can. An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data that you transmit to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the internet address entered in your browser and by the fact that our internet address begins with https:// and not with http://.

How long do we store your data? At some points in this privacy policy, we inform you about how long we or the companies that process your data on our behalf will store your data. In the absence of such information, we store your data until the purpose of the data processing no longer applies, you object to the data processing or you revoke your consent to the data processing. However, in the event of an objection or revocation by persons from the EU, we may continue to process your data if at least one of the following conditions is met: We have compelling legitimate grounds for continuing data processing that override your interests, rights, and freedoms (only in the case of objection to data processing; if the objection is to direct marketing, we cannot provide legitimate grounds). The data processing is necessary to assert, exercise, or defend legal claims (does not apply if your objection is directed against direct marketing). We are required by law to retain your data. In this case, we delete your data as soon as the requirement(s) cease to apply.

Data transfer to the USA: We also use tools from companies on our website that transmit your data to the USA and store it there and process it if necessary. This is particularly important for you because your data does not enjoy the same protection in the USA as it does within the EU or in Switzerland, where the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (FADP) apply respectively. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It is, therefore, possible that US authorities (e.g. intelligence services) process, evaluate, and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.

Objection to data processing: If EU persons read in this privacy policy that we have legitimate interests for processing your data and therefore base this on Art. 6 (1) sentence 1 lit. f) GDPR, you have the right to object to this in accordance with Art. 21 GDPR. This also applies to profiling based on the aforementioned provision. The prerequisite is that you cite reasons for the objection that arise from your particular situation. A statement of reasons is not required if the objection is directed against the use of your data for direct marketing. The consequence of the objection is that we may no longer process your data. This only does not apply if one of the following conditions exists: We can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms. The processing serves as the assertion, exercise, or defense of legal claims. The exceptions do not apply if your objection is directed against direct marketing or related profiling.

Revocation of your consent to data processing: Many data processing operations are based on your consent. You give this consent, for example, by ticking the appropriate box on online forms before you send the form or by allowing certain cookies when you visit our website. You may revoke your consent at any time without giving reasons (Art. 7 (3) GDPR). From the time of revocation, we may then no longer process your data. The only exception: we are legally obliged to retain the data for a certain period of time. Such retention periods exist in particular in tax and commercial law.

Right to complain to the competent supervisory authority: If you are convinced that we are in breach of the General Data Protection Regulation (GDPR), EU persons have the right to complain to a supervisory authority in accordance with Art. 77 GDPR. You may contact a supervisory authority in the Member State of your residence, place of work, or the place where the alleged infringement took place. The right of appeal exists alongside administrative or judicial remedies.

Right to data portability: Data that we process automatically on the basis of your consent or in fulfillment of a contract must be handed over to you or a third party in a common machine-readable format if you request this. We can only transfer the data to another responsible party if this is technically possible.

Right to information, deletion, and correction of data: According to Art. 15 GDPR / Art. 25 DSG, you have the right to receive information free of charge about which of your personal data we have stored, where the data comes from, to whom we transmit the data, and for what purpose it is stored. If the data is incorrect, you have the right to rectification (Art. 16 GDPR / Art. 6 para. 5 DSG), under the conditions of Art. 17 GDPR / Art. 6 para. 4 DSG you may demand that we delete the data.

Right to restrict processing: In certain situations, persons from the EU may, in accordance with Art. 18 GDPR, require us to restrict the processing of your data. The data may then – apart from storage – only be processed as follows: with your permission, for the assertion, exercise or defense of legal claims, to protect the rights of another natural or legal person, on grounds of major public interest of the European Union or of a Member State.

The right to restrict processing exists in the following situations: You have disputed the accuracy of your personal data stored by us and we need time to verify this. Here the right exists for the duration of the examination. The processing of your personal data is unlawful or was unlawful in the past. Here the right exists alternatively to the deletion of the data. We no longer need your personal data, but you need it to exercise, defend or assert legal claims. Here the right exists alternatively to the deletion of the data. You have filed an objection pursuant to Art. 21 (1) GDPR and now your and our interests must be weighed against each other. Here, the right exists as long as the result of the balancing has not yet been determined.

Hosting and Content Delivery Networks (CDN): Our website is located on a server of the following provider of internet services (hoster):

Hostpoint AG
Neue Jonastrasse 60
8640 Rapperswil-Jona

Has an order processing contract been concluded with the hoster? Yes

How do we process your data? The hoster stores all data of our website. This includes all personal data that is collected automatically or through your input. This can be in particular: Your IP address, pages accessed, names, contact details and inquiries, as well as meta and communication data. When processing data, Hostpoint AG complies with our instructions and always processes the data only to the extent that this is necessary in order to fulfill its obligation to provide services to us.

On what legal basis do we process your data? Since we address potential customers via our website and maintain contacts with existing customers, the data processing by our hoster serves to initiate and fulfill contracts and is therefore based on Art. 6 (1) lit. b) GDPR. In addition, it is our legitimate interest as a company to provide a professional Internet offering that meets the necessary requirements for security, speed, and efficiency. In this respect, we also process your data on the basis of Art. 6 (1) f) GDPR.

Use of cookies: Our website places cookies on your device. These are small text files that are used for different purposes. Some cookies are technically necessary for the website to function at all (necessary cookies). Others are needed to perform certain actions or functions on the site (functional cookies). For example, without cookies, it would not be possible to take advantage of a shopping cart in an online store. Still, other cookies are used to analyze user behavior or to optimize advertising measures. If we use third-party services on our website, e.g. to process payment transactions, these companies may also leave cookies on your device when you access the website (so-called third-party cookies).

How do we process your data? Session cookies are only stored on your device for the duration of a session. As soon as you close the browser, they disappear by themselves. Permanent cookies, on the other hand, remain on your device if you do not delete them yourself. This can, for example, lead to your user behavior being permanently analyzed. You can use the settings in your browser to influence how it handles cookies:

– Do you want to be informed when cookies are set?
– Do you want to exclude cookies in general or for certain cases?
– Do you want cookies to be automatically deleted when you close your browser?

If you disable or do not allow cookies, the functionality of the website may be limited.

If we use cookies from other companies or for analysis purposes, we will inform you about this within the framework of this data protection declaration. We also request your consent in this regard when you visit our website.

On what legal basis do we process your data? We have a legitimate interest in ensuring that our online offers can be used by visitors without technical problems and that all desired functions are available to them. The storage of necessary and functional cookies on your device is therefore based on Art. 6 para. 1 lit. f) GDPR. We use all other cookies on the basis of Art. 6 para. 1 lit. a) GDPR, provided you give us your consent. You can revoke this at any time with effect for the future. If you have consented to the placement of necessary and functional cookies when requesting consent, these cookies will also be stored exclusively on the basis of your consent.

Server log files: Server log files log all requests and accesses to our website and record error messages. They also include personal data, in particular your IP address. However, this is anonymized by the provider after a short time, so that we cannot assign the data to your person. The data is automatically transmitted to our provider by your browser.

How do we process your data? Our provider stores server log files in order to track the activity on our website and locate errors. The files contain the following data:

– Browser type and version
– operating system used
– Referrer URL
– Hostname of the accessing computer
– Time of the server request
– IP address (anonymized if necessary)

We do not combine this data with other data, but use it only for statistical analysis and to improve our website. On what legal basis do we process your data? We have a legitimate interest in ensuring that our website runs without errors. It is also our legitimate interest to obtain an anonymized overview of the accesses to our website. The data processing is therefore lawful according to Art. 6 para. 1 lit. f) GDPR.

Contact form: You can send us a message via the contact form on this website.

How do we process your data? We store your message and the information from the form to be able to process your request including follow-up questions. This also applies to the contact details provided. We will not pass on the data to other persons without your consent.

How long do we store your data? We will delete your data as soon as one of the following occurs:

– Your request has been finalized.
– You request us to delete the data.
– You revoke your consent to storage.

This only does not apply if we are legally obliged to retain the data.

On what legal basis do we process your data? If your request is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In all other cases, it is our legitimate interest to effectively process requests addressed to us. The legal basis for data processing is, therefore, Art. 6 (1) (f) GDPR. If you have consented to the storage of your data, Art. 6 (1) a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.

Inquiry by e-mail, telephone? You can send us a message by e-mail or call us.

How do we process your data? We store your message as well as your self-made contact details or the transmitted phone number to be able to process your request including follow-up questions. We do not pass on the data to other persons without your consent.

How long do we store your data? We will delete your data as soon as one of the following occurs:

– Your request has been finalized.
– You request us to delete the data.
– You revoke your consent to storage.

However, this only applies if we are not legally obliged to retain the data.

Analysis tools and advertising: We use the following tools to analyze the behavior of our website visitors and show them advertisements.

What is Google Tag Manager? Tag management system for the integration of tracking codes and conversion pixels of Google Ireland. Ltd.

Who processes your data? Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about Google Tag Manager privacy? https://policies.google.com/privacy

On what basis do we transfer your data to the USA? On the basis of the standard contractual clauses of the European Commission (https://privacy.google.com/businesses/compliance)

How do we process your data? We use the Google Tag Manager. The tool helps us to integrate tracking codes and conversion pixels into our website, manage them and play them out. The Google Tag Manager itself does not create user profiles, does not place cookies on your device, and does not analyze your behavior as a user. However, it records your IP address and transmits it to Google servers in the USA.

On what legal basis do we process your data? We have a legitimate interest in a fast and uncomplicated integration and management of various tools on our website. The use of the Google Tag Manager is therefore lawful according to Art. 6 (1) f) GDPR. If you have consented to the transfer of your IP address, we process your data exclusively on the basis of Art. 6 (1) a) GDPR. You can revoke your consent at any time with effect for the future.

What is Google Analytics? Tool for the analysis of user behavior by Google Ireland Ltd.

Who processes your data? Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

Has an order processing contract been concluded with Google Analytics? Yes

Where can you find more information about Google Analytics privacy?https://support.google.com/analytics/answer/6004245?hl=de

On what basis do we transfer your data to the USA? Based on the European Commission’s standard contractual clauses (https://privacy.google.com/businesses/compliance).

How can you prevent data collection? Among others with a browser plugin: https://tools.google.com/dlpage/gaoptout?hl=de

How do we process your data? We are always interested in optimizing our web offer for the visitors of our website and placing advertising optimally. Google Analytics, a tool that analyzes the behavior of users and thus provides us with the necessary database for adjustments, helps us to do this. The tool provides us with information about the origin of our visitors, their page views and the time they spend on the pages, as well as the operating system they use.

Standard processing: To collect the data, Google Analytics uses cookies, device fingerprinting, or other technologies to recognize users. The data is transmitted to Google servers in the USA and, with the help of the IP address that is also collected, summarized in a profile that can be assigned to you or your device.

You can prevent Google from processing your data by installing a browser plugin provided by Google itself: https://tools.google.com/dlpage/gaoptout?hl=de.

IP anonymization: We have activated the “IP anonymization” function within Google Analytics. For you, this means that Google truncates your IP address (from the EU or EEA) before transmitting it to the USA. Only in exceptional cases does Google transmit the full IP address to servers in the USA and shorten it only there.

How long do we store your data? According to Google, data stored at user and event-level that is linked to cookies, user identifiers (e.g. user IDs), or advertising IDs is deleted or anonymized after 14 months (cf. https://support.google.com/analytics/answer/7667196?hl=de).

On what legal basis do we process your data? As a website operator, we have a legitimate interest in analyzing user behavior for the purpose of optimizing our website and the advertising placed there. The data processing is therefore lawful according to Art. 6 para. 1 lit. f) GDPR. In the event that you have consented, for example, to the storage of cookies or have otherwise consented to data processing by Google Analytics, the legal basis is exclusively Art. 6 (1) a) GDPR. You can revoke the consent at any time with effect for the future.

What is Newsletter Mailchimp? Service for sending newsletters and analyzing recipient behavior.

Who processes your data? Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA

Has an order processing contract been concluded with Mailchimp? Yes

Where can you find more information about privacy at Mailchimp? https://mailchimp.com/legal/privacy and https://mailchimp.com/de/gdpr/

On what basis do we transfer your data to the USA? Mailchimp has so-called standard contractual clauses that permit the transfer of data to the USA: https://mailchimp.com/legal/data-processing-addendum/#9._Jurisdiction-Specific_Terms.

How do we process your data? We use Mailchimp for our newsletter distribution. The service manages the data of the newsletter subscribers for us, sends our newsletter, and analyzes our newsletter campaigns.
If you would like to receive our newsletter, we need your e-mail address. We will also check by means of a confirmation email (double opt-in procedure) whether you are really the owner of this email address. We do not collect any further data or only on a voluntary basis. We use your data exclusively for sending the newsletter. They are stored on a Mailchimp server in the USA. If we send a newsletter via Mailchimp and you open it, a file contained in the newsletter automatically connects to Mailchimp’s servers. Thus, the service learns that the newsletter has been opened and registers all clicks on the links contained therein. In addition, Mailchimp collects technical information, such as the time of the retrieval, the IP address, browser type, and operating system. You can unsubscribe from the newsletter at any time.

How long do we store your data? After you have unsubscribed, the data will be deleted from the newsletter distribution list. Under certain circumstances, we may also blacklist your email address; this is necessary, for example, if we receive an objection to advertising from you. In this case, the legal basis for the storage is Art. 6 para. 1 lit. f) GDPR. Furthermore, we reserve the right to delete the data at any time after the purpose for which it was collected has ceased to exist or at our own discretion.

On what legal basis do we process your data? By entering the subscriber list, you consent to the data processing by Mailchimp. This is done lawfully on the basis of Art. 6 para. 1 lit. a) GDPR. You can revoke your consent by unsubscribing from the newsletter or by sending us an informal message. For us, this means that we may no longer send you newsletters from this point on.

Google Web Fonts: We use Google Web Fonts to display our website. This is a collection of fonts from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, which can be used in particular for websites. When the font used by our website is called up by your browser, the public IP address of the computer you are using is transmitted. The IP address is a unique numeric address under which this computer sends or retrieves data to the Internet.

On what basis do we transfer your data to the USA? Based on the European Commission’s standard contractual clauses (https://privacy.google.com/businesses/compliance).

How do we process your data? When you access our website, your browser loads the fonts needed to display them correctly as we intended. If your browser does not support web fonts, a standard font from your computer will be used to display our website.

On what legal basis do we process your data? The legal basis for the processing is Art. 6 para. 1 f. DSGVO. Our legitimate interest in using Google Web Fonts is to ensure a uniform appearance of the website and thus its functionality on all end devices.

Audio and video conferencing: As a company, we are in contact with many people: Customers, business partners, service providers, etc. In addition to other means of communication, we also use online conference tools for this exchange. Information relevant to data protection law on the provider(s) of the tools we use can be found at the end of this section. If you communicate with us via such a tool, not only do we, but in particular, the provider of the respective tool, process your personal data.

How do we process your data? Online conferencing tools collect and store various personal data to enable participation in an online conference and its smooth execution. In addition to registration, conference, and technical data, this also concerns certain communication content.

Registration data: Your email address and/or phone number and, if applicable, other data you provide when registering for the conference.

Conference data: Start, end, and duration of your participation in the conference, the number of participants, and other metadata about the conference.

Technical data: IP address, MAC address, device ID, device type, operating system and version, client version, camera type, microphone or speaker, and connection type.

Communication Content: Cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards, and other information shared while using the service.

For details on data processing, please refer to the data protection policies of the respective conference tool provider.

How long do we store your data? As your communication partner, we will delete your data from our systems as soon as one of the following occurs:

– The purpose of the data processing is not applicable.
– You request us to delete the data.
– You revoke your consent to storage.

This only does not apply if we are legally obliged to retain the data.

Cookies remain on your terminal device until you delete them.

The providers of conference tools also store your data for their own purposes. Please ask the providers directly what this means for the duration of the storage of your data.

On what legal basis do we process your data? If we are already contractually connected or if you would like to conclude a contract with us, we use conference tools to fulfill the contract or to inform you about our services or products. In this respect, the data processing takes place on the basis of Art. 6 paras. 1 lit. b) GDPR. Otherwise, the use of conferencing tools serves the purpose of simple and quick communication, without which we would not be able to run our business efficiently. We therefore also have a legitimate interest in the data processing pursuant to Art. 6 (1) f) GDPR. A further legal basis may be your consent. Relevant in this case is Art. 6 para. 1 lit. a) GDPR. This basis ceases to apply for the future if you revoke your consent.

What online conferencing tools do we use? Zoom

What is Zoom? Communication platform for video meetings, voice communication, webinars as well as chats via desktop computers, telephones, mobile devices, and conference room systems.

Who processes your data? Zoom Communications Inc, 55 Almaden Boulevard, Suite 600, San Jose, CA 95113, USA

Has an order processing contract been concluded with Zoom? Yes

Where can you find more information about privacy at Zoom? https://zoom.us/de-de/privacy.html

On what basis do we transfer your data to the USA? Zoom Communications Inc. adheres to the standard contractual clauses of the European Commission (see https://zoom.us/de-de/privacy.html#_Toc44414846).