Last updated: 26.10.2018
§ 1 General information
As a Swiss company, we are subject to the applicable data protection regulations and laws of Switzerland. In order to also provide our services lawfully for clients from the European Union (EU), we comply with Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive), hereinafter “GDPR”).
When operating our website and conducting legal transactions, eCollect AG acts as data controller within the meaning of the GDPR and processes personal data based on legal regulations or your voluntary consent to data collection.
When using this website, you voluntarily provide various data (e.g. when sending a contact form or registering online) or the data is collected automatically by our IT systems (e.g. Internet browser type, operating system or time of page visit). Personal data are all data with which you can be identified as a natural person and, if applicable, also as a legal entity according to the Swiss Federal Data Protection Act (hereinafter DSG (Switzerland)).
When collecting your personal data, we always endeavor to limit data processing as much as possible. To guarantee data protection, we have created a high security standard within our company and rely on modern technical solutions and comprehensible and secure organizational mechanisms.
Transparency is important to us, which is why we would like to inform you below about the type, scope and purpose of data processing.
§ 2 Collection and processing of your data
You can visit our website without providing any personal information. In cases in which the website user provides voluntary information, for example in the context of establishment of a contact, the settings of their browser, the online registration and creation of an eCollect account as well as the registration for our newsletter, further personal data is collected.
(1) Server Log Files
In the case of a simple visit to the website, we only store access data within a so-called server log file. This is data provided by your browser that is not personally identifiable, namely:
- Browser type and browser version, operating system
- Referrer URL (the previously visited page)
- Host name of the accessing computer (IP address)
- Time and date of the server request
This data cannot be assigned to any particular person. These data are not combined with other data sources.
We process the above-mentioned data for the purposes of ensuring a smooth and user-friendly connection of the website, for statistical evaluation and evaluation of system security and stability, for security reasons, e.g. to identify cases of abuse, as well as for other administrative purposes. For this purpose, user access to our website is stored in the server log files, including the IP address. These log files are processed monthly for statistical purposes with an analysis software and then deleted. A traceability to a certain person is not possible with the data used by us.
Data processing is based on Art. 6 para. 1 letter f GDPR, resp. on Art. 12 in conjunction with Art. 13 DSG (Switzerland), whereby our predominant legitimate interest follows from the above-mentioned purposes.
Cookies are used on the basis of Art. 6 para. 1 letter f GDPR, resp. Art. 12 in conjunction with Art. 13 DSG (Switzerland), whereby our predominant legitimate interest lies in providing our services in a technically error-free and optimized manner.
Our partner companies are not authorized to store cookies on your computer unless this is covered by this policy.
When cookies are saved on your computer, you have control over whether and when these cookies are deleted. Please use the corresponding function in your browser. You can set your browser so that you are informed about the setting of cookies, decide on acceptance on a case-by-case basis or generally disallow the acceptance of cookies. If cookies are not accepted, the functionality of our website may be limited. Please read the user manual of your browser or contact the manufacturer of the browser to find out how to set the programs accordingly.
(3) Contact / support form
For all matters and support requests, we offer you the opportunity to contact us via the contact / support form provided on the website. In addition to the actual message, you need to provide a valid e-mail address and your country so that we know who sent the request and what kind of information you require from us, and so that we can respond to it. Further information can be provided voluntarily. The data collected will be used for processing and responding to your enquiry and for initiation of business relationships.
In this case, the data will be processed on the one hand in accordance with Art. 6 para. 1 letter f GDPR for contacting you based on your own initiative. If, on the other hand, you contacted us to establish a future business relationship, your data will be processed in accordance with Art. 6 para. 1 letter b GDPR for the purpose of taking pre-contractual measures or the subsequent performance of the contract.
The processing of personal data for the initiation of business relationships or for their management as well as for the enforcement of our overriding interests is also justified pursuant to Art. 12 in conjunction with Art. 13 para. 1 and 2 letter a DSG (Switzerland).
Your data will be deleted after contact has been established, unless one of the legal reasons given above exists for its further processing.
(4) Online registration and creation of an eCollect account
You can register on our website to use the services we offer. All you have to do is enter a valid e-mail address and a password. Once your registration has been confirmed, you will receive our form for the actual creation of your eCollect account. For the purpose of your identification and the establishment of the business relationship, information about your person (e.g. name, postal address, telephone, if applicable representative data, information about the scope of business, bank details) is requested. Generally, all mandatory fields must be filled out. Missing information can lead to the rejection of the account creation.
The data gathered from you in this context will only be collected for specified, clear and legitimate purposes. We collect and use data only to the extent that is technically and contractually necessary in order to be able to offer you an optimal performance of our services.
We do not process special categories of data (i.e. sensitive, especially worthy of protection) as well as data of children. We do no profiling in the sense of the law.
The processing of your data generally occurs in accordance with Art. 6 para. 1 letter b GDPR for the purpose of implementing pre-contractual measures that follow your request as a website user, i.e. for the establishment of business relationships and for the purpose of subsequent fulfillment of the contract or legal enforcement. In addition, data processing in accordance with Art. 6 para. 1 letter c GDPR may be necessary for the fulfillment of legal retention obligations as well as other legal obligations. Furthermore, data processing on our part is also justified pursuant to Art. 6 para. 1 letter f GDPR in cases where this is necessary to safeguard our legitimate interests in ensuring the smooth provision of our services, optimization of business processes and evaluation of system security as well as in the achievement of other administrative purposes.
The processing of personal data for the purpose of concluding or processing a contract as well as for the enforcement of our predominant interests is also justified in accordance with Art. 12 in conjunction with Art. 13 para 1 and 2 letter a DSG (Switzerland).
We reserve the right, to inform you after your corresponding consent, of news regarding our offer to the contact details you have provided, as long as you have not contradicted this use of your data to us in text form.
Due to legal requirements, we may be obliged to retain your data beyond the duration of your use of our website – in particular for tax purposes. However,we will only store such data to the extent necessary, taking into account the statutory provisions.
At the time of your online registration, you will receive further details on data processing in compliance with our duty to inform in accordance with Art. 13 GDPR.
(5) Online customer portal
In the event of a debt collection procedure against you, you can log into our online customer portal at any time and obtain more detailed information, in particular details about the current status of the procedure, the owner of the claim, the exact nature and reason of the claim, the amount of the claim, etc. For this purpose, you only need to enter our file number and your e-mail address which already exists in our system. Other personal data than the access data mentioned under point (1) will not be collected. In the context of debt collection, we do not process any special categories of data (i.e. sensitive data particularly worthy of protection) or data relating to children, nor do we carry out any profiling within the meaning of the law.
Your data will be processed for the purpose of fulfilling the contract or enforcing claims and for our own receivables management. According to Art. 6 para. 1 letter b GDPR, data processing is necessary for the execution of the contract, which also includes the payment obligation. In addition, data processing in accordance with Art. 6 para. 1 letter c GDPR may be necessary for the fulfillment of our legal obligations to retain data and other legal obligations. In addition, your data is processed in accordance with Art. 6 para. 1 letter f GDPR to protect our legitimate interests and those of our clients. The legitimate interests exist in connection with the collection of receivables.
The processing of personal data to enforce our predominant interest and that of our clients in debt collection is also justified pursuant to Art. 12 in conjunction with Art. 13 DSG (Switzerland).
You will receive further details on data processing in fulfillment of our information obligations pursuant to Art. 14 or Art. 13 GDPR at the time of the first contact.
It is possible to subscribe to our newsletter, in which you will be informed about current events and our services. To do this, you must enter a valid e-mail address. If you subscribe to the newsletter, you agree to receive it electronically. You can revoke your consent to receive the newsletter at any time by e-mail and cancel your newsletter subscription.
(7) Disclosure of data
Your data will only be disclosed to third parties for the performance of contracts with you, for the fulfillment of legal obligations or for safeguarding our legitimate interests in the establishment, exercise or defense of legal claims.
Furthermore, we are entitled to provide third parties, e.g. database manufacturers or service providers, with the data necessary for the operation of the website or to collect and process this data through third parties in order to fulfill our obligations resulting from the user relationship. Persons and companies that we commission in order to fulfill our obligations are obliged to comply with these provisions.
We only work with third parties who are subject to the provisions of the GDPR and the Privacy Shield Framework between the USA and the EU or the USA and Switzerland and provide their services in compliance with data protection regulations.
From time to time, plugins of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA (“Facebook”), are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our page. An overview of the Facebook plugins can be found here: http://developers.facebook.com/docs/plugins/. Facebook is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
We use Facebook Social Plugin according to Art. 6 para. 1 letter f GDPR or Art. 12 in conjunction with Art. 13 DSG (Switzerland) to ensure our legitimate interest in the analysis, optimisation and management of our online presence.
If you want to prevent Facebook from linking this information to your Facebook account, please log out of Facebook before visiting this website and delete the stored cookies. You can use your Facebook profile to make further settings for data processing for advertising purposes or to object to the use of your data for advertising purposes. You can access the settings here: Profile settings on Facebook can be found at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
From time to time this website uses Google Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway Mountain View, California 94043, USA (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States of America. Google LLC is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
However, if IP anonymization is activated on this website, Google will shorten your IP address within the EU or in any other country that is party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. We would like to point out that IP anonymization has been added to Google Analytics on this website in order to ensure anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser in the framework of Google Analytics is not merged with other Google data. Google will use this information within the scope of processing to evaluate the use of the website, to compile reports on the website activities for us, to provide further services associated with the use of the website and the internet.
Google Analytics is used on the basis of Art. 6 para. 1 letter f GDPR or Art. 12 in conjunction with Art. 13 DSG (Switzerland). We have a predominant legitimate interest in analyzing and optimizing our online presence.
You can prevent the storage of cookies by setting up your browser software accordingly. In this case, however, we would like to point out that you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting data generated by cookies and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser add-on: https://tools.google.com/dlpage/gaoptout?hl=en.
This website may from time to time use Google AdSenses, a Google Inc advertising service. Google AdSense uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. Google AdSense also uses so-called web beacons (transparent graphic images). These web beacons can be used to evaluate information such as visitor traffic on these pages.
The informations generated by cookies and web beacons about the use of this website (including your IP address) and delivery of advertising formats will be transmitted to and stored by Google on servers in the United States of America. Google may disclose this collected information to third parties if required to do so by law or if Google outsources data processing to third parties. However, Google will not merge your IP address with other stored data.
The saving of AdSense cookies is justified according to Art. 6 para. 1 letter f GDPR or Art. 12 in conjuntion with Art. 13 DSG (Switzerland), whereby we as website provider have a legitimate interest in the analysis of user behavior in order to optimize both our website and our advertising.
§ 6 Data security
In compliance with the provisions of the GDPR and the Swiss Federal Data Protection Act, we have taken a number of technical and organizational measures against the loss, destruction, access, modification and dissemination of your data by unauthorized persons, which are suitable for ensuring effective, legally compliant data protection in the area of general and automated processing of personal data and the use of network and telecommunications channels. The measures we have taken are state of the art, they are regularly updated, adapted to the latest developments in our system and periodically reviewed.
All data is processed centrally on servers of eCollect AG at a secure location in Switzerland and thus within the framework of the EU data protection standards. However, we would like to point out that there may be exceptions under §§ 3, 4 and 5, where personal data may be transferred to the USA under the Privacy Shield Framework between the USA and the EU or the USA and Switzerland on the basis of the adequacy decision of the European Commission.
The data center in which our servers are located meets the strictest standards for information security, storage, operation and security of computer servers and is equipped with state-of-the-art security mechanisms. Security personnel, locking and surveillance systems, surveillance cameras, extinguishing devices and redundant air conditioning ensure the necessary security. An uninterruptible power supply (UPS) with triple redundancy and 99.9 % network availability is provided.
Data protection risks are sufficiently minimized by developing and implementing our own system (eCollect system) with a secure system architecture. The personal data is logically separated from each other. There is an independent access management for the assignment of individual access authorizations. All public communication is encrypted using the HTTPS protocol. Encryption with digital certificates ensures that data is transmitted securely. All our SSL/TTL certificates are issued by DigiCert Inc.
We would like to point out that you should always treat your access information confidentially and close the browser window when you have finished using our website, especially if you share your computer with others in order to prevent misuse of your account.
§ 7 Duration of data retention
Personal data are recorded by us in a form that allows the identification of the data subjects only for as long as is necessary for the purposes for which they are processed. We limit the retention period for personal data to the absolutely necessary minimum. With regard to our international activities, we have to comply with various legal retention obligations depending on the individual case and the respective applicable national law. This also determines the criteria for specifying the retention period.
§ 8 Data subject’s rights
According to Art. 15 GDPR, you have the right to request free-of-charge information about which personal data is processed by us.
You also have the right to have false data corrected in accordance with Art. 16 GDPR, to have your personal data deleted (right to be forgotten) in accordance with Art. 17 GDPR and to have processing restricted in accordance with Art. 18 GDPR. If applicable, you can also assert your right to data portability in accordance with Art. 20 GDPR.
As a rule, you can exercise your right to be forgotten if the storage of your data is no longer necessary for the purposes for which it is collected or otherwise processed, or if there are no legal retention periods in conflict with the deletion.
If you believe that your data are being processed unlawfully, you may lodge a complaint with the competent supervisory authority pursuant to Art. 77 GDPR.
You can send your queries to us free of charge in written, electronic form to the e-mail address given below in § 10 or by post to our business address. Please note that we must sufficiently verify your identity on the basis of the request. In case of doubt, we can demand further information to confirm your identity. We will answer your request immediately, at the latest within one month after its receipt. In exceptional cases, an appropriate fee may be charged or the request may be rejected for a legal reason.
§ 9 Right of objection
Users of this website may exercise their right of objection and object to the processing of their personal data.
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 letter f GDPR, you have the right to object to the processing pursuant to Art. 21 GDPR, provided that there are reasons for this arising from the particular situation of the data subject or if the objection relates to direct advertising. In the event of a legal objection, we will no longer process the personal data concerned, unless there are overriding legitimate reasons for the processing of such data, which outweigh the interests, rights and freedoms of the data subject or the personal data are used to enforce, exercise or defend legal claims.
You can contact the persons responsible for data protection within eCollect AG at any time at the following e-mail address: firstname.lastname@example.org. We are committed to strictly adhering to our legal obligations to provide information, to respond in a timely manner to you as the data subject, and to make notifications, deletions, etc. in accordance with the law. We are happy to support our business partners with data-related queries within the framework of debt collection.
Last updated:October 26, 2018