Last updated: 26.10.2018
§ 1 General information
As a Swiss company, we are subject to the applicable data protection regulations and laws of Switzerland. In order to also provide our services lawfully for clients from the European Union (EU), we comply with Regulation (EU) 2016⁄679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive), hereinafter “GDPR”).
When operating our website and conducting legal transactions, eCollect AG acts as data controller within the meaning of the GDPR and processes personal data based on legal regulations or your voluntary consent to data collection.
When using this website, you voluntarily provide various data (e.g. when sending a contact form or registering online) or the data is collected automatically by our IT systems (e.g. Internet browser type, operating system or time of page visit). Personal data are all data with which you can be identified as a natural person.
When collecting your personal data, we always endeavour to limit data processing as much as possible. To guarantee data protection, we have created a high security standard within our company and rely on modern technical solutions and comprehensible and secure organisational mechanisms.
Transparency is important to us, which is why we would like to inform you below about the type, scope and purpose of data processing.
§ 2 Collection and processing of your data
You can visit our website without providing any personal information. In cases in which the website user provides voluntary information, for example in the context of establishment of a contact, the settings of their browser, the online registration and creation of an eCollect account as well as the registration for our newsletter, further personal data is collected.
(1) Server Log Files
In the case of a simple visit to the website, we only store access data within a so-called server log file. This is data provided by your browser that is not personally identifiable, namely:
Browser type and browser version operating system Referrer URL (the previously visited page) Host name of the accessing computer (IP address) Time and date of the server request
This data cannot be assigned to any particular person. These data are not combined with other data sources.
We process the above-mentioned data for the purposes of ensuring a smooth and user-friendly connection of the website, for statistical evaluation and evaluation of system security and stability, for security reasons, e.g. to identify cases of abuse, as well as for other administrative purposes. For this purpose, user access to our website is stored in the server log files, including the IP address. These log files are processed monthly for statistical purposes with an analysis software and then deleted. A traceability to a certain person is not possible with the data used by us.
Data processing is based on Art. 6 para. 1 letter f GDPR, whereby our legitimate interest follows from the above-mentioned purposes.
Cookies are used on the basis of Art. 6 Para. 1 Letter f GDPR, whereby our legitimate interest lies in providing our services in a technically error-free and optimized manner.
Our partner companies are not authorized to store cookies on your computer unless this is covered by this policy.
When cookies are saved on your computer, you have control over whether and when these cookies are deleted. Please use the corresponding function in your browser. You can set your browser so that you are informed about the setting of cookies, decide on acceptance on a case-by-case basis or generally disallow the acceptance of cookies. If cookies are not accepted, the functionality of our website may be limited. Please read the user manual of your browser or contact the manufacturer of the browser to find out how to set the programs accordingly.
(3) Contact / support form
For all matters and support requests, we offer you the opportunity to contact us via the contact / support form provided on the website. In addition to the actual message, we need your name and a valid e-mail address so that we know who sent the request and what kind of information you require from us, and so that we can respond to it. Further informations can be provided voluntarily. The data collected will be used exclusively for processing and responding to your enquiry. In this case, the data will be processed in accordance with Art. 6 para. 1 letter a GDPR on the basis of your voluntary consent. You can revoke your consent at any time. All you need to do is send us an informal e-mail. The legality of the data processing processes already carried out remains unaffected by the revocation.
After contacting us, your data will be deleted immediately, provided there are no legal retention obligations. The data will not be used for any other purpose or passed on to third parties.
(4) Online registration and creation of an eCollect account
You can register on our website to use the services we offer. All you have to do is enter a valid e-mail address and a password. Once your registration has been confirmed, you will receive our form for the actual creation of your eCollect account. For the purpose of your identification and the establishment of the business relationship, information about your person (e.g. name, postal address, telephone, if applicable representative data, information about the scope of business, bank details) is requested. Generally, all mandatory fields must be filled out. Missing information can lead to the rejection of the account creation.
The data gathered from you in this context will only be collected for specified, clear and legitimate purposes. We collect and use data only to the extent that is technically and contractually necessary in order to be able to offer you an optimal performance of our services.
We do not process special categories of data (i.e. sensitive, especially worthy of protection) as well as data of children. We do no profiling in the sense of the law.
The processing of your data generally occurs in accordance with Art. 6 para. 1 letter b GDPR for the purpose of implementing pre-contractual measures that follow your request as a website user, i.e. for the establishment of business relationships and for the purpose of subsequent fulfilment of the contract or legal enforcement. In addition, data processing in accordance with Art. 6 Para. 1 Letter c GDPR may be necessary for the fulfilment of legal retention obligations as well as other legal obligations. Furthermore, data processing on our part is also justified pursuant to Art. 6 para. 1 letter f GDPR in cases where this is necessary to safeguard our legitimate interests in ensuring the smooth provision of our services, optimisation of business processes and evaluation of system security as well as in the achievement of other administrative purposes.
We reserve the right, to inform you after your corresponding consent, of news regarding our offer to the contact details you have provided, as long as you have not contradicted this use of your data to us in text form.
Due to legal requirements, we may be obliged to retain your data beyond the duration of your use of our website - in particular for tax purposes. However, we will only store such data to the extent necessary, taking into account the statutory provisions.
At the time of your online registration, you will receive further details on data processing in compliance with our duty to inform in accordance with Art. 13 GDPR.
It is possible to subscribe to our newsletter, in which you will be informed about current events and our services. To do this, you must enter a valid e-mail address. If you subscribe to the newsletter, you agree to receive it electronically. You can revoke your consent to receive the newsletter at any time by e-mail and cancel your newsletter subscription.
(6) Disclosure of data
Furthermore, we are entitled to provide third parties, e.g. database manufacturers or service providers, with the data necessary for the operation of the website or to collect and process this data through third parties in order to fulfil our obligations resulting from the user relationship. Persons and companies that we commission in order to fulfil our obligations are obliged to comply with these provisions.
We only work with third parties who are subject to the provisions of the GDPR and the Privacy Shield Framework between the USA and the EU or the USA and Switzerland and provide their services in compliance with data protection regulations.
From time to time, plugins of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA (“Facebook”), are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our page. An overview of the Facebook plugins can be found here: http://developers.facebook.com/docs/plugins/. Facebook is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
We use Facebook Social Plugin according to Art. 6 Para. 1 Letter f GDPR because of our legitimate interest in the analysis, optimization and management of our online presence.
If you want to prevent Facebook from linking this information to your Facebook account, please log out of Facebook before visiting this website and delete the stored cookies. You can use your Facebook profile to make further settings for data processing for advertising purposes or to object to the use of your data for advertising purposes. You can access the settings here: Profile settings on Facebook can be found at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
From time to time this website uses Google Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway Mountain View, California 94043, USA (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States of America. Google LLC is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
However, if IP anonymization is activated on this website, Google will shorten your IP address within the EU or in any other country that is party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. We would like to point out that IP anonymization has been added to Google Analytics on this website in order to ensure anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser in the framework of Google Analytics is not merged with other Google data.
Google will use this information within the scope of processing to evaluate the use of the website, to compile reports on the website activities for us, to provide further services associated with the use of the website and the internet.
Google Analytics is used on the basis of Art. 6 Par. 1 Letter f GDPR. We have a legitimate interest in analyzing and optimizing our online presence.
You can prevent the storage of cookies by setting up your browser software accordingly. In this case, however, we would like to point out that you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting data generated by cookies and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser add-on: https://tools.google.com/dlpage/gaoptout?hl=en.
This website may from time to time use Google AdSenses, a Google Inc advertising service. Google AdSense uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. Google AdSense also uses so-called web beacons (transparent graphic images). These web beacons can be used to evaluate information such as visitor traffic on these pages.
The informations generated by cookies and web beacons about the use of this website (including your IP address) and delivery of advertising formats will be transmitted to and stored by Google on servers in the United States of America. Google may disclose this collected information to third parties if required to do so by law or if Google outsources data processing to third parties. However, Google will not merge your IP address with other stored data.
The saving of AdSense cookies is justified according to art. 6 para. 1 letter f GDPR, whereby we as website provider have a legitimate interest in the analysis of user behaviour in order to optimize both our website and our advertising.
§ 6 Data security
In compliance with the provisions of the GDPR and the Swiss Federal Data Protection Act, we have taken a number of technical and organisational measures against the loss, destruction, access, modification and dissemination of your data by unauthorized persons, which are suitable for ensuring effective, legally compliant data protection in the area of general and automated processing of personal data and the use of network and telecommunications channels. The measures we have taken are state of the art, they are regularly updated, adapted to the latest developments in our system and periodically reviewed.
All data is processed centrally on servers of eCollect AG at a secure location in Switzerland and thus within the framework of the EU data protection standards. However, we would like to point out that there may be exceptions under §§ 3, 4 and 5, where personal data may be transferred to the USA under the Privacy Shield Framework between the USA and the EU or the USA and Switzerland on the basis of the adequacy decision of the European Commission.
The data center in which our servers are located meets the strictest standards for information security, storage, operation and security of computer servers and is equipped with state-of-the-art security mechanisms. Security personnel, locking and surveillance systems, surveillance cameras, extinguishing devices and redundant air conditioning ensure the necessary security. An uninterruptible power supply (UPS) with triple redundancy and 99.9 % network availability is provided.
Data protection risks are sufficiently minimized by developing and implementing our own system (eCollect system) with a secure system architecture. The personal data is logically separated from each other. There is an independent access management for the assignment of individual access authorizations. All public communication is encrypted using the HTTPS protocol. Encryption with digital certificates ensures that data is transmitted securely. All our SSL/TTL certificates are issued by DigiCert Inc.
We would like to point out that you should always treat your access information confidentially and close the browser window when you have finished using our website, especially if you share your computer with others in order to prevent misuse of your account.
§ 7 Duration of data retention
Personal data are recorded by us in a form that allows the identification of the data subjects only for as long as is necessary for the purposes for which they are processed. We limit the retention period for personal data to the absolutely necessary minimum. With regard to our international activities, we have to comply with various legal retention obligations depending on the individual case and the respective applicable national law. This also determines the criteria for specifying the retention period.
§ 8 Data subject’s rights
According to Art. 15 GDPR, you have the right to request free-of-charge information about which personal data is processed by us.
You also have the right to have false data corrected in accordance with Art. 16 GDPR, to have your personal data deleted (right to be forgotten) in accordance with Art. 17 GDPR and to have processing restricted in accordance with Art. 18 GDPR. If applicable, you can also assert your right to data portability in accordance with Art. 20 GDPR.
As a rule, you can exercise your right to be forgotten if the storage of your data is no longer necessary for the purposes for which it is collected or otherwise processed, or if there are no legal retention periods in conflict with the deletion.
If you believe that your data are being processed unlawfully, you may lodge a complaint with the competent supervisory authority pursuant to Art. 77 GDPR.
You can send your queries to us free of charge in written, electronic form to the e-mail address given below in § 10 or by post to our business address. Please note that we must sufficiently verify your identity on the basis of the request. In case of doubt, we can demand further information to confirm your identity. We will answer your request immediately, at the latest within one month after its receipt. In exceptional cases, an appropriate fee may be charged or the request may be rejected for a legal reason.
§ 9 Right of objection
Users of this website may exercise their right of objection and object to the processing of their personal data.
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 letter f GDPR, you have the right to object to the processing pursuant to Art. 21 GDPR, provided that there are reasons for this arising from the particular situation of the data subject or if the objection relates to direct advertising. In the event of a legal objection, we will no longer process the personal data concerned, unless there are overriding legitimate reasons for the processing of such data, which outweigh the interests, rights and freedoms of the data subject or the personal data are used to enforce, exercise or defend legal claims.
You can contact the persons responsible for data protection within eCollect AG at any time at the following e-mail address: email@example.com. We are committed to strictly adhering to our legal obligations to provide information, to respond in a timely manner to you as the data subject, and to make notifications, deletions, etc. in accordance with the law. We are happy to support our business partners with data-related queries within the framework of debt collection.
Last updated:October 26, 2018