1. General

Thingsy AG, Technoparkstrasse 1, 8005 Zurich, Switzerland (hereinafter referred to as the “Provider”, “we” or “us”), is the author of this Privacy Policy. This Privacy Policy applies to all users of the Provider’s services insofar as personal data is processed. This includes in particular customers who have entered into a service agreement with the Provider, their employees and customers, app users as well as visitors to the website. In addition, the Provider may declare this Privacy Policy applicable to further contractual partners on a contractual basis. For the sake of simplicity, all persons affected by data processing are hereinafter referred to as “Customers”. The term personal data or “data” refers to all information relating to an identified or identifiable natural person.

The Provider is committed to handling Customers’ personal information carefully and responsibly. The Provider is responsible for the collection, processing, disclosure, storage and protection of Customers’ personal information and ensures compliance with applicable data protection legislation.

If you provide us with personal data of other persons, please ensure that these persons are aware of this Privacy Policy and only provide us with their personal data if you are permitted to do so and if such personal data is accurate.

The data controller within the meaning of data protection law is:

Thingsy AG
Technoparkstrasse 1
CH-8005 Zurich

For all data protection related inquiries, Thingsy AG can be contacted at datenschutz@getloopia.ch.

2. Applicable Law

This Privacy Policy is designed to meet the requirements of the Swiss Federal Act on Data Protection (“FADP”) and the EU General Data Protection Regulation (“GDPR”). Whether and to what extent these laws are applicable depends on the individual case.

3. Type and Scope of the Collection of Personal Data

3.1 General

We primarily process personal data that we receive from our Customers and other business partners in the context of our business relationships, as well as from other persons involved therein, or that we collect from users when operating our websites, apps and other applications.

Where permitted, we also obtain certain data from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial registers, press, internet) or receive such data from other companies, authorities and other third parties (such as credit reference agencies or address providers). In addition to the data you provide to us directly, the categories of personal data we receive about you from third parties include, in particular, information from public registers; information obtained in connection with official and judicial proceedings; information related to your professional functions and activities (for example, to enable us to conclude and process business transactions with your employer); information about you contained in correspondence and meetings with third parties; creditworthiness information (insofar as we conduct personal business transactions with you); information about you provided by persons in your environment (family members, advisors, legal representatives, etc.) to enable us to conclude or process contracts with you or involving you (e.g. references, delivery addresses, powers of attorney); information required to comply with legal obligations such as anti-money laundering or export control regulations; information from banks, insurers, distributors and other contractual partners regarding the use or provision of services (e.g. payments made, purchases made); information about you from media and the internet (where appropriate in a specific case, for example in connection with an application, press monitoring, marketing or sales activities); your addresses and, where applicable, interests and other socio-demographic data (for marketing purposes); and data related to the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of access, pages and content accessed, functions used, referring website, and location data).

3.2 Website

When Customers visit the Provider’s online presence outside the login-protected area, the web server technology used automatically records general technical visit information. This includes, among other things, the IP address of the device used, which is anonymised by Google before being stored so that it can no longer be attributed to the Customer. Google uses the _anonymizeIp() method for this purpose. This also includes information on the browser type, internet service provider and operating system used.

4. Purposes of Data Processing and Legal Bases

We primarily use the personal data we collect to conclude and perform contracts with our Customers and business partners, to procure products and services from our suppliers and subcontractors, and to comply with our legal obligations in Switzerland and abroad. If you act for such a Customer or business partner or use systems implemented by us for them, your personal data will also be processed in this capacity.

In addition, we process personal data about you and other persons, insofar as permitted and where deemed appropriate, for the following purposes, in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

Offering and further developing our products, services, websites, apps and other platforms on which we are present;

Communication with third parties and handling of their inquiries (e.g. applications, media requests);

Reviewing and optimising needs analysis processes for direct customer outreach and collecting personal data from publicly accessible sources for customer acquisition purposes;

Advertising and marketing (including the organisation of events), provided that you have not objected to the use of your data (if we send advertising to you as an existing customer, you may object at any time and we will place you on a suppression list);

Market and opinion research, media monitoring;

Assertion of legal claims and defence in connection with legal disputes and administrative proceedings;

Prevention and investigation of criminal offences and other misconduct (e.g. internal investigations, data analysis for fraud prevention);

Ensuring the operation of our business, in particular our IT systems, websites, apps and other platforms;

Video surveillance to safeguard domiciliary rights and other measures to ensure IT, building and facility security, as well as to protect our employees, other persons and assets belonging to or entrusted to us (e.g. access controls, visitor lists, network and email scanners, telephone recordings);

The purchase and sale of business units, companies or parts thereof and other corporate transactions, including the transfer of personal data, as well as measures for business management and compliance with legal and regulatory obligations and internal policies of the Provider.

Where you have given us your consent to process your personal data for specific purposes (e.g. when subscribing to newsletters or undergoing a background check), we process your personal data within the scope of and based on such consent, unless another legal basis applies. Consent may be withdrawn at any time; however, this does not affect processing already carried out.

5. Disclosure of Personal Data

In the course of our business activities and for the purposes set out in Section 4, we may disclose personal data to third parties where permitted and deemed appropriate, either because they process such data on our behalf or because they wish to use it for their own purposes. This includes in particular:

Our service providers (internal and external, such as payment processors), including processors (e.g. IT providers);

Customers, merchants, suppliers, subcontractors and other business partners;

Domestic and foreign authorities, public offices or courts;

Media;

The public, including visitors to websites and social media platforms;

Competitors, industry organisations, associations and other bodies;

Acquirers or parties interested in acquiring business units, companies or other parts of the Provider;

Other parties in potential or actual legal proceedings; collectively referred to as “Recipients”.

Recipients may be located in Switzerland or abroad. In particular, your data may be transferred to countries within Europe and to the United States, where service providers used by us are located (e.g. Microsoft Teams, SendGrid).

If a Recipient is located in a country without an adequate level of statutory data protection, we contractually oblige the Recipient to comply with applicable data protection standards (using the revised standard contractual clauses of the European Commission), unless the Recipient is already subject to a legally recognised data protection framework or an exception applies. Exceptions may apply in particular in the context of foreign legal proceedings, overriding public interests, where contractual performance requires such disclosure, where you have given your consent, or where the data concerned has been made publicly accessible by you without objection.

5. Cookies

We typically use cookies and comparable technologies on our websites that allow your browser or device to be identified. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our website. When you revisit the website, we can recognise you even if we do not know who you are. In addition to cookies that are used only during a session and deleted after your visit (“session cookies”), cookies may also be used to store user preferences and other information for a certain period of time (e.g. two years) (“persistent cookies”). You can configure your browser to reject cookies, store them only for one session or delete them prematurely. Most browsers are set to accept cookies by default. We use persistent cookies to better understand how our offers and content are used. If you block cookies, certain functionalities (such as language selection) may no longer be available.

6. Duration of Storage of Personal Data

We process and store your personal data for as long as required to fulfil our contractual and legal obligations or otherwise for the purposes pursued by the processing, i.e. for the entire duration of the business relationship (from initiation through performance to termination of a contract) and beyond in accordance with statutory retention and documentation obligations. Personal data may also be retained for the period during which claims may be asserted against our company or where we are otherwise legally obliged to do so or where legitimate business interests require it (e.g. for evidentiary and documentation purposes). Once your personal data is no longer required for the above purposes, it will generally be deleted or anonymised where possible. Operational data (e.g. system logs) is generally subject to shorter retention periods of twelve months or less.

7. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access and misuse. These include internal policies, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, monitoring measures and similar safeguards.

8. Your Rights in Relation to Your Personal Data

You have the following rights with regard to personal data concerning you:

The right to obtain information about which personal data we store about you and how we process it;

The right to receive or transfer a copy of your personal data in a commonly used format;

The right to rectification of your personal data;

The right to erasure of your personal data; and

The right to object to the processing of your personal data.

Please note that these rights are subject to statutory conditions and exceptions. Where legally permissible, we may refuse requests to exercise these rights. You also have the right to lodge a complaint with the competent data protection supervisory authority.

9. How We May Amend This Privacy Policy

We may amend this Privacy Policy at any time without prior notice, in particular if we change our data processing activities or if new legal requirements become applicable. The version published at https://www.getloopia.ch/datenschutz shall apply.

Data Processing Agreement